SLiM (Simple Login Manager) is a graphical login manager for X11. It aims to be simple, fast and independent from the various desktop environments. SLiM is based on latest stable release of Login.app by Per Lid=C3=A9n. In the distribution, slim may be called through a wrapper, slim-dynwm, which determines the available window managers using the freedesktop information and modifies the slim configuration file accordingly, before launching slim.
{"id": "FEDORA:9E69511060D", "vendorId": null, "type": "fedora", "bulletinFamily": "unix", "title": "[SECURITY] Fedora 12 Update: slim-1.3.2-2.fc12", "description": "SLiM (Simple Login Manager) is a graphical login manager for X11. It aims to be simple, fast and independent from the various desktop environments. SLiM is based on latest stable release of Login.app by Per Lid=C3=A9n. In the distribution, slim may be called through a wrapper, slim-dynwm, which determines the available window managers using the freedesktop information and modifies the slim configuration file accordingly, before launching slim. ", "published": "2010-09-09T01:15:33", "modified": "2010-09-09T01:15:33", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}, "cvss2": {"cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 6.9, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 3.4, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {}, "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/NW6V57ZNEWH4U6WL7RKP56IGSNHJFOTO/", "reporter": "Fedora", "references": [], "cvelist": ["CVE-2009-1756", "CVE-2010-2945"], "immutableFields": [], "lastseen": "2020-12-21T08:17:50", "viewCount": 1, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2009-1756", "CVE-2010-2945"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2009-1756", "DEBIANCVE:CVE-2010-2945"]}, {"type": "fedora", "idList": ["FEDORA:16B68110F96", "FEDORA:3191E10F862", "FEDORA:724E61114C2", "FEDORA:ECA9F10F862"]}, {"type": "freebsd", "idList": ["68C7187A-ABD2-11DF-9BE6-0015587E2CC1", "80F13884-4D4C-11DE-8811-0030843D3802"]}, {"type": "gentoo", "idList": ["GLSA-201412-08"]}, {"type": "nessus", "idList": ["FEDORA_2009-13551.NASL", "FEDORA_2009-13552.NASL", "FEDORA_2010-13843.NASL", "FEDORA_2010-13890.NASL", "FEDORA_2010-13897.NASL", "FREEBSD_PKG_68C7187AABD211DF9BE60015587E2CC1.NASL", "FREEBSD_PKG_80F138844D4C11DE88110030843D3802.NASL", "GENTOO_GLSA-201412-08.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310121294", "OPENVAS:136141256231064122", "OPENVAS:136141256231067859", "OPENVAS:1361412562310861602", "OPENVAS:1361412562310861605", "OPENVAS:1361412562310862381", "OPENVAS:1361412562310862395", "OPENVAS:1361412562310862634", "OPENVAS:64122", "OPENVAS:67859", "OPENVAS:861602", "OPENVAS:861605", "OPENVAS:862381", "OPENVAS:862395", "OPENVAS:862634"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2009-1756", "UB:CVE-2010-2945"]}]}, "score": {"value": 5.4, "vector": "NONE"}, "backreferences": {"references": [{"type": "cve", "idList": ["CVE-2009-1756"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2010-2945"]}, {"type": "fedora", "idList": ["FEDORA:ECA9F10F862"]}, {"type": "freebsd", "idList": ["68C7187A-ABD2-11DF-9BE6-0015587E2CC1", "80F13884-4D4C-11DE-8811-0030843D3802"]}, {"type": "nessus", "idList": ["FEDORA_2010-13897.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:862381"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2009-1756"]}]}, "exploitation": null, "vulnersScore": 5.4}, "_state": {"dependencies": 0}, "_internal": {}, "affectedPackage": [{"OS": "Fedora", "OSVersion": "12", "arch": "any", "packageName": "slim", "packageVersion": "1.3.2", "packageFilename": "UNKNOWN", "operator": "lt"}]}
{"openvas": [{"lastseen": "2017-12-14T11:48:35", "description": "Check for the Version of slim", "cvss3": {}, "published": "2010-09-10T00:00:00", "type": "openvas", "title": "Fedora Update for slim FEDORA-2010-13897", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-2945", "CVE-2009-1756"], "modified": "2017-12-13T00:00:00", "id": "OPENVAS:862395", "href": "http://plugins.openvas.org/nasl.php?oid=862395", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for slim FEDORA-2010-13897\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"SLiM (Simple Login Manager) is a graphical login manager for X11.\n It aims to be simple, fast and independent from the various\n desktop environments.\n SLiM is based on latest stable release of Login.app by Per Lidén.\n\n In the distribution, slim may be called through a wrapper, slim-dynwm,\n which determines the available window managers using the freedesktop\n information and modifies the slim configuration file accordingly,\n before launching slim.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"slim on Fedora 12\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2010-September/047248.html\");\n script_id(862395);\n script_version(\"$Revision: 8092 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-13 07:31:16 +0100 (Wed, 13 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-09-10 14:21:00 +0200 (Fri, 10 Sep 2010)\");\n script_tag(name:\"cvss_base\", value:\"6.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"FEDORA\", value: \"2010-13897\");\n script_cve_id(\"CVE-2009-1756\", \"CVE-2010-2945\");\n script_name(\"Fedora Update for slim FEDORA-2010-13897\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of slim\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC12\")\n{\n\n if ((res = isrpmvuln(pkg:\"slim\", rpm:\"slim~1.3.2~2.fc12\", rls:\"FC12\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-12-14T11:48:41", "description": "Check for the Version of slim", "cvss3": {}, "published": "2010-09-10T00:00:00", "type": "openvas", "title": "Fedora Update for slim FEDORA-2010-13890", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-2945", "CVE-2009-1756"], "modified": "2017-12-14T00:00:00", "id": "OPENVAS:862381", "href": "http://plugins.openvas.org/nasl.php?oid=862381", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for slim FEDORA-2010-13890\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"SLiM (Simple Login Manager) is a graphical login manager for X11.\n It aims to be simple, fast and independent from the various\n desktop environments.\n SLiM is based on latest stable release of Login.app by Per Lidén.\n\n In the distribution, slim may be called through a wrapper, slim-dynwm,\n which determines the available window managers using the freedesktop\n information and modifies the slim configuration file accordingly,\n before launching slim.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"slim on Fedora 13\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2010-September/047297.html\");\n script_id(862381);\n script_version(\"$Revision: 8109 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-14 07:31:15 +0100 (Thu, 14 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-09-10 14:21:00 +0200 (Fri, 10 Sep 2010)\");\n script_tag(name:\"cvss_base\", value:\"6.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"FEDORA\", value: \"2010-13890\");\n script_cve_id(\"CVE-2009-1756\", \"CVE-2010-2945\");\n script_name(\"Fedora Update for slim FEDORA-2010-13890\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of slim\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC13\")\n{\n\n if ((res = isrpmvuln(pkg:\"slim\", rpm:\"slim~1.3.2~2.fc13\", rls:\"FC13\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-01-02T10:54:27", "description": "Check for the Version of slim", "cvss3": {}, "published": "2010-09-10T00:00:00", "type": "openvas", "title": "Fedora Update for slim FEDORA-2010-13890", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-2945", "CVE-2009-1756"], "modified": "2017-12-29T00:00:00", "id": "OPENVAS:1361412562310862381", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310862381", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for slim FEDORA-2010-13890\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"SLiM (Simple Login Manager) is a graphical login manager for X11.\n It aims to be simple, fast and independent from the various\n desktop environments.\n SLiM is based on latest stable release of Login.app by Per Lidén.\n\n In the distribution, slim may be called through a wrapper, slim-dynwm,\n which determines the available window managers using the freedesktop\n information and modifies the slim configuration file accordingly,\n before launching slim.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"slim on Fedora 13\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2010-September/047297.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.862381\");\n script_version(\"$Revision: 8258 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-29 08:28:57 +0100 (Fri, 29 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-09-10 14:21:00 +0200 (Fri, 10 Sep 2010)\");\n script_tag(name:\"cvss_base\", value:\"6.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"FEDORA\", value: \"2010-13890\");\n script_cve_id(\"CVE-2009-1756\", \"CVE-2010-2945\");\n script_name(\"Fedora Update for slim FEDORA-2010-13890\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of slim\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC13\")\n{\n\n if ((res = isrpmvuln(pkg:\"slim\", rpm:\"slim~1.3.2~2.fc13\", rls:\"FC13\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-01-02T10:54:18", "description": "Check for the Version of slim", "cvss3": {}, "published": "2010-09-10T00:00:00", "type": "openvas", "title": "Fedora Update for slim FEDORA-2010-13897", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-2945", "CVE-2009-1756"], "modified": "2017-12-26T00:00:00", "id": "OPENVAS:1361412562310862395", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310862395", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for slim FEDORA-2010-13897\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"SLiM (Simple Login Manager) is a graphical login manager for X11.\n It aims to be simple, fast and independent from the various\n desktop environments.\n SLiM is based on latest stable release of Login.app by Per Lidén.\n\n In the distribution, slim may be called through a wrapper, slim-dynwm,\n which determines the available window managers using the freedesktop\n information and modifies the slim configuration file accordingly,\n before launching slim.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"slim on Fedora 12\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2010-September/047248.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.862395\");\n script_version(\"$Revision: 8246 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-26 08:29:20 +0100 (Tue, 26 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-09-10 14:21:00 +0200 (Fri, 10 Sep 2010)\");\n script_tag(name:\"cvss_base\", value:\"6.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"FEDORA\", value: \"2010-13897\");\n script_cve_id(\"CVE-2009-1756\", \"CVE-2010-2945\");\n script_name(\"Fedora Update for slim FEDORA-2010-13897\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of slim\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC12\")\n{\n\n if ((res = isrpmvuln(pkg:\"slim\", rpm:\"slim~1.3.2~2.fc12\", rls:\"FC12\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-12-18T10:57:48", "description": "Check for the Version of slim", "cvss3": {}, "published": "2010-01-15T00:00:00", "type": "openvas", "title": "Fedora Update for slim FEDORA-2009-13552", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1756"], "modified": "2017-12-18T00:00:00", "id": "OPENVAS:861605", "href": "http://plugins.openvas.org/nasl.php?oid=861605", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for slim FEDORA-2009-13552\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"SLiM (Simple Login Manager) is a graphical login manager for X11.\n It aims to be simple, fast and independent from the various\n desktop environments.\n SLiM is based on latest stable release of Login.app by Per Lid\u00e9n.\n\n In the distribution, slim may be called through a wrapper, slim-dynwm,\n which determines the available window managers using the freedesktop\n information and modifies the slim configuration file accordingly,\n before launching slim.\";\n\ntag_affected = \"slim on Fedora 12\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/fedora-package-announce/2010-January/msg00009.html\");\n script_id(861605);\n script_version(\"$Revision: 8153 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-18 07:30:39 +0100 (Mon, 18 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-01-15 10:29:41 +0100 (Fri, 15 Jan 2010)\");\n script_tag(name:\"cvss_base\", value:\"2.1\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:P/I:N/A:N\");\n script_xref(name: \"FEDORA\", value: \"2009-13552\");\n script_cve_id(\"CVE-2009-1756\");\n script_name(\"Fedora Update for slim FEDORA-2009-13552\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of slim\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC12\")\n{\n\n if ((res = isrpmvuln(pkg:\"slim\", rpm:\"slim~1.3.1~9.fc12\", rls:\"FC12\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 2.1, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2017-07-02T21:14:21", "description": "The remote host is missing an update to the system\nas announced in the referenced advisory.", "cvss3": {}, "published": "2009-06-05T00:00:00", "type": "openvas", "title": "FreeBSD Ports: slim", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1756"], "modified": "2016-12-28T00:00:00", "id": "OPENVAS:64122", "href": "http://plugins.openvas.org/nasl.php?oid=64122", "sourceData": "#\n#VID 80f13884-4d4c-11de-8811-0030843d3802\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from VID 80f13884-4d4c-11de-8811-0030843d3802\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The following package is affected: slim\n\nCVE-2009-1756\nSLiM Simple Login Manager 1.3.0 places the X authority magic cookie\n(mcookie) on the command line when invoking xauth from (1) app.cpp and\n(2) switchuser.cpp, which allows local users to access the X session\nby listing the process and its arguments.\";\ntag_solution = \"Update your system with the appropriate patches or\nsoftware upgrades.\n\nhttp://bugs.debian.org/cgi-bin/bugreport.cgi?bug=529306\nhttp://www.vuxml.org/freebsd/80f13884-4d4c-11de-8811-0030843d3802.html\";\ntag_summary = \"The remote host is missing an update to the system\nas announced in the referenced advisory.\";\n\n\n\nif(description)\n{\n script_id(64122);\n script_version(\"$Revision: 4865 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2016-12-28 17:16:43 +0100 (Wed, 28 Dec 2016) $\");\n script_tag(name:\"creation_date\", value:\"2009-06-05 18:04:08 +0200 (Fri, 05 Jun 2009)\");\n script_cve_id(\"CVE-2009-1756\");\n script_bugtraq_id(35015);\n script_tag(name:\"cvss_base\", value:\"2.1\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:P/I:N/A:N\");\n script_name(\"FreeBSD Ports: slim\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"FreeBSD Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/freebsdrel\", \"login/SSH/success\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-bsd.inc\");\n\ntxt = \"\";\nvuln = 0;\nbver = portver(pkg:\"slim\");\nif(!isnull(bver) && revcomp(a:bver, b:\"1.3.1_3\")<0) {\n txt += 'Package slim version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\n\nif(vuln) {\n security_message(data:string(txt));\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 2.1, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2018-04-06T11:40:44", "description": "The remote host is missing an update to the system\nas announced in the referenced advisory.", "cvss3": {}, "published": "2009-06-05T00:00:00", "type": "openvas", "title": "FreeBSD Ports: slim", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1756"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:136141256231064122", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231064122", "sourceData": "#\n#VID 80f13884-4d4c-11de-8811-0030843d3802\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from VID 80f13884-4d4c-11de-8811-0030843d3802\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The following package is affected: slim\n\nCVE-2009-1756\nSLiM Simple Login Manager 1.3.0 places the X authority magic cookie\n(mcookie) on the command line when invoking xauth from (1) app.cpp and\n(2) switchuser.cpp, which allows local users to access the X session\nby listing the process and its arguments.\";\ntag_solution = \"Update your system with the appropriate patches or\nsoftware upgrades.\n\nhttp://bugs.debian.org/cgi-bin/bugreport.cgi?bug=529306\nhttp://www.vuxml.org/freebsd/80f13884-4d4c-11de-8811-0030843d3802.html\";\ntag_summary = \"The remote host is missing an update to the system\nas announced in the referenced advisory.\";\n\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.64122\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-06-05 18:04:08 +0200 (Fri, 05 Jun 2009)\");\n script_cve_id(\"CVE-2009-1756\");\n script_bugtraq_id(35015);\n script_tag(name:\"cvss_base\", value:\"2.1\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:P/I:N/A:N\");\n script_name(\"FreeBSD Ports: slim\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"FreeBSD Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/freebsdrel\", \"login/SSH/success\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-bsd.inc\");\n\ntxt = \"\";\nvuln = 0;\nbver = portver(pkg:\"slim\");\nif(!isnull(bver) && revcomp(a:bver, b:\"1.3.1_3\")<0) {\n txt += 'Package slim version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\n\nif(vuln) {\n security_message(data:string(txt));\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 2.1, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2018-01-08T12:53:35", "description": "Check for the Version of slim", "cvss3": {}, "published": "2010-01-15T00:00:00", "type": "openvas", "title": "Fedora Update for slim FEDORA-2009-13552", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1756"], "modified": "2018-01-08T00:00:00", "id": "OPENVAS:1361412562310861605", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310861605", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for slim FEDORA-2009-13552\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"SLiM (Simple Login Manager) is a graphical login manager for X11.\n It aims to be simple, fast and independent from the various\n desktop environments.\n SLiM is based on latest stable release of Login.app by Per Lid\u00e9n.\n\n In the distribution, slim may be called through a wrapper, slim-dynwm,\n which determines the available window managers using the freedesktop\n information and modifies the slim configuration file accordingly,\n before launching slim.\";\n\ntag_affected = \"slim on Fedora 12\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/fedora-package-announce/2010-January/msg00009.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.861605\");\n script_version(\"$Revision: 8314 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-08 09:01:01 +0100 (Mon, 08 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2010-01-15 10:29:41 +0100 (Fri, 15 Jan 2010)\");\n script_tag(name:\"cvss_base\", value:\"2.1\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:P/I:N/A:N\");\n script_xref(name: \"FEDORA\", value: \"2009-13552\");\n script_cve_id(\"CVE-2009-1756\");\n script_name(\"Fedora Update for slim FEDORA-2009-13552\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of slim\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC12\")\n{\n\n if ((res = isrpmvuln(pkg:\"slim\", rpm:\"slim~1.3.1~9.fc12\", rls:\"FC12\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 2.1, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2018-01-23T13:05:24", "description": "Check for the Version of slim", "cvss3": {}, "published": "2010-01-15T00:00:00", "type": "openvas", "title": "Fedora Update for slim FEDORA-2009-13551", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1756"], "modified": "2018-01-23T00:00:00", "id": "OPENVAS:1361412562310861602", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310861602", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for slim FEDORA-2009-13551\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"SLiM (Simple Login Manager) is a graphical login manager for X11.\n It aims to be simple, fast and independent from the various\n desktop environments.\n SLiM is based on latest stable release of Login.app by Per Lid\u00e9n.\n\n In the distribution, slim may be called through a wrapper, slim-dynwm,\n which determines the available window managers using the freedesktop\n information and modifies the slim configuration file accordingly,\n before launching slim.\";\n\ntag_affected = \"slim on Fedora 11\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/fedora-package-announce/2010-January/msg00000.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.861602\");\n script_version(\"$Revision: 8495 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-23 08:57:49 +0100 (Tue, 23 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2010-01-15 10:29:41 +0100 (Fri, 15 Jan 2010)\");\n script_tag(name:\"cvss_base\", value:\"2.1\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:P/I:N/A:N\");\n script_xref(name: \"FEDORA\", value: \"2009-13551\");\n script_cve_id(\"CVE-2009-1756\");\n script_name(\"Fedora Update for slim FEDORA-2009-13551\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of slim\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC11\")\n{\n\n if ((res = isrpmvuln(pkg:\"slim\", rpm:\"slim~1.3.1~9.fc11\", rls:\"FC11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 2.1, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2018-01-02T10:54:16", "description": "Check for the Version of slim", "cvss3": {}, "published": "2010-01-15T00:00:00", "type": "openvas", "title": "Fedora Update for slim FEDORA-2009-13551", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1756"], "modified": "2017-12-22T00:00:00", "id": "OPENVAS:861602", "href": "http://plugins.openvas.org/nasl.php?oid=861602", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for slim FEDORA-2009-13551\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"SLiM (Simple Login Manager) is a graphical login manager for X11.\n It aims to be simple, fast and independent from the various\n desktop environments.\n SLiM is based on latest stable release of Login.app by Per Lid\u00e9n.\n\n In the distribution, slim may be called through a wrapper, slim-dynwm,\n which determines the available window managers using the freedesktop\n information and modifies the slim configuration file accordingly,\n before launching slim.\";\n\ntag_affected = \"slim on Fedora 11\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/fedora-package-announce/2010-January/msg00000.html\");\n script_id(861602);\n script_version(\"$Revision: 8226 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-22 07:30:26 +0100 (Fri, 22 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-01-15 10:29:41 +0100 (Fri, 15 Jan 2010)\");\n script_tag(name:\"cvss_base\", value:\"2.1\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:P/I:N/A:N\");\n script_xref(name: \"FEDORA\", value: \"2009-13551\");\n script_cve_id(\"CVE-2009-1756\");\n script_name(\"Fedora Update for slim FEDORA-2009-13551\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of slim\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC11\")\n{\n\n if ((res = isrpmvuln(pkg:\"slim\", rpm:\"slim~1.3.1~9.fc11\", rls:\"FC11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 2.1, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2017-07-02T21:09:54", "description": "The remote host is missing an update to the system\nas announced in the referenced advisory.", "cvss3": {}, "published": "2010-08-21T00:00:00", "type": "openvas", "title": "FreeBSD Ports: slim", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-2945"], "modified": "2017-02-10T00:00:00", "id": "OPENVAS:67859", "href": "http://plugins.openvas.org/nasl.php?oid=67859", "sourceData": "#\n#VID 68c7187a-abd2-11df-9be6-0015587e2cc1\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from VID 68c7187a-abd2-11df-9be6-0015587e2cc1\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The following package is affected: slim\";\ntag_solution = \"Update your system with the appropriate patches or\nsoftware upgrades.\n\nhttp://seclists.org/oss-sec/2010/q3/198\nhttp://www.vuxml.org/freebsd/68c7187a-abd2-11df-9be6-0015587e2cc1.html\";\ntag_summary = \"The remote host is missing an update to the system\nas announced in the referenced advisory.\";\n\n\n\nif(description)\n{\n script_id(67859);\n script_tag(name:\"cvss_base\", value:\"6.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_version(\"$Revision: 5263 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-02-10 14:45:51 +0100 (Fri, 10 Feb 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-08-21 08:54:16 +0200 (Sat, 21 Aug 2010)\");\n script_cve_id(\"CVE-2010-2945\");\n script_name(\"FreeBSD Ports: slim\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"FreeBSD Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/freebsdrel\", \"login/SSH/success\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-bsd.inc\");\n\ntxt = \"\";\nvuln = 0;\nbver = portver(pkg:\"slim\");\nif(!isnull(bver) && revcomp(a:bver, b:\"1.3.2\")<0) {\n txt += 'Package slim version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\n\nif(vuln) {\n security_message(data:string(txt));\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-01-08T12:54:10", "description": "Check for the Version of slim", "cvss3": {}, "published": "2010-12-02T00:00:00", "type": "openvas", "title": "Fedora Update for slim FEDORA-2010-13843", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-2945"], "modified": "2018-01-05T00:00:00", "id": "OPENVAS:1361412562310862634", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310862634", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for slim FEDORA-2010-13843\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"SLiM (Simple Login Manager) is a graphical login manager for X11.\n It aims to be simple, fast and independent from the various\n desktop environments.\n SLiM is based on latest stable release of Login.app by Per Lidén.\n\n In the distribution, slim may be called through a wrapper, slim-dynwm,\n which determines the available window managers using the freedesktop\n information and modifies the slim configuration file accordingly,\n before launching slim.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"slim on Fedora 14\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2010-September/047349.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.862634\");\n script_version(\"$Revision: 8296 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-05 08:28:01 +0100 (Fri, 05 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2010-12-02 08:39:14 +0100 (Thu, 02 Dec 2010)\");\n script_tag(name:\"cvss_base\", value:\"6.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"FEDORA\", value: \"2010-13843\");\n script_cve_id(\"CVE-2010-2945\");\n script_name(\"Fedora Update for slim FEDORA-2010-13843\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of slim\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC14\")\n{\n\n if ((res = isrpmvuln(pkg:\"slim\", rpm:\"slim~1.3.2~2.fc14\", rls:\"FC14\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-12-18T10:58:12", "description": "Check for the Version of slim", "cvss3": {}, "published": "2010-12-02T00:00:00", "type": "openvas", "title": "Fedora Update for slim FEDORA-2010-13843", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-2945"], "modified": "2017-12-18T00:00:00", "id": "OPENVAS:862634", "href": "http://plugins.openvas.org/nasl.php?oid=862634", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for slim FEDORA-2010-13843\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"SLiM (Simple Login Manager) is a graphical login manager for X11.\n It aims to be simple, fast and independent from the various\n desktop environments.\n SLiM is based on latest stable release of Login.app by Per Lidén.\n\n In the distribution, slim may be called through a wrapper, slim-dynwm,\n which determines the available window managers using the freedesktop\n information and modifies the slim configuration file accordingly,\n before launching slim.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"slim on Fedora 14\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2010-September/047349.html\");\n script_id(862634);\n script_version(\"$Revision: 8153 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-18 07:30:39 +0100 (Mon, 18 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-12-02 08:39:14 +0100 (Thu, 02 Dec 2010)\");\n script_tag(name:\"cvss_base\", value:\"6.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"FEDORA\", value: \"2010-13843\");\n script_cve_id(\"CVE-2010-2945\");\n script_name(\"Fedora Update for slim FEDORA-2010-13843\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of slim\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC14\")\n{\n\n if ((res = isrpmvuln(pkg:\"slim\", rpm:\"slim~1.3.2~2.fc14\", rls:\"FC14\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-01-11T11:04:20", "description": "The remote host is missing an update to the system\nas announced in the referenced advisory.", "cvss3": {}, "published": "2010-08-21T00:00:00", "type": "openvas", "title": "FreeBSD Ports: slim", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-2945"], "modified": "2018-01-09T00:00:00", "id": "OPENVAS:136141256231067859", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231067859", "sourceData": "#\n#VID 68c7187a-abd2-11df-9be6-0015587e2cc1\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from VID 68c7187a-abd2-11df-9be6-0015587e2cc1\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The following package is affected: slim\";\ntag_solution = \"Update your system with the appropriate patches or\nsoftware upgrades.\n\nhttp://seclists.org/oss-sec/2010/q3/198\nhttp://www.vuxml.org/freebsd/68c7187a-abd2-11df-9be6-0015587e2cc1.html\";\ntag_summary = \"The remote host is missing an update to the system\nas announced in the referenced advisory.\";\n\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.67859\");\n script_tag(name:\"cvss_base\", value:\"6.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_version(\"$Revision: 8338 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-09 09:00:38 +0100 (Tue, 09 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2010-08-21 08:54:16 +0200 (Sat, 21 Aug 2010)\");\n script_cve_id(\"CVE-2010-2945\");\n script_name(\"FreeBSD Ports: slim\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"FreeBSD Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/freebsdrel\", \"login/SSH/success\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-bsd.inc\");\n\ntxt = \"\";\nvuln = 0;\nbver = portver(pkg:\"slim\");\nif(!isnull(bver) && revcomp(a:bver, b:\"1.3.2\")<0) {\n txt += 'Package slim version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\n\nif(vuln) {\n security_message(data:string(txt));\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:36:35", "description": "Gentoo Linux Local Security Checks GLSA 201412-08", "cvss3": {}, "published": "2015-09-29T00:00:00", "type": "openvas", "title": "Gentoo Security Advisory GLSA 201412-08", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-2060", "CVE-2009-4411", "CVE-2008-0553", "CVE-2009-0946", "CVE-2010-1511", "CVE-2009-0361", "CVE-2008-6218", "CVE-2008-5907", "CVE-2010-0436", "CVE-2010-1205", "CVE-2007-2741", "CVE-2010-0829", "CVE-2009-4896", "CVE-2010-2945", "CVE-2010-2809", "CVE-2009-0040", "CVE-2010-2192", "CVE-2010-2056", "CVE-2009-2042", "CVE-2010-0001", "CVE-2008-6661", "CVE-2010-2529", "CVE-2009-4029", "CVE-2006-3005", "CVE-2010-2251", "CVE-2009-0360", "CVE-2010-0732", "CVE-2008-1382", "CVE-2009-3736", "CVE-2010-1000", "CVE-2009-2624"], "modified": "2018-10-26T00:00:00", "id": "OPENVAS:1361412562310121294", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310121294", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: glsa-201412-08.nasl 12128 2018-10-26 13:35:25Z cfischer $\n#\n# Gentoo Linux security check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.121294\");\n script_version(\"$Revision: 12128 $\");\n script_tag(name:\"creation_date\", value:\"2015-09-29 11:28:04 +0300 (Tue, 29 Sep 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-26 15:35:25 +0200 (Fri, 26 Oct 2018) $\");\n script_name(\"Gentoo Security Advisory GLSA 201412-08\");\n script_tag(name:\"insight\", value:\"Vulnerabilities have been discovered in the packages listed below. Please review the CVE identifiers in the Reference section for details.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://security.gentoo.org/glsa/201412-08\");\n script_cve_id(\"CVE-2006-3005\", \"CVE-2007-2741\", \"CVE-2008-0553\", \"CVE-2008-1382\", \"CVE-2008-5907\", \"CVE-2008-6218\", \"CVE-2008-6661\", \"CVE-2009-0040\", \"CVE-2009-0360\", \"CVE-2009-0361\", \"CVE-2009-0946\", \"CVE-2009-2042\", \"CVE-2009-2624\", \"CVE-2009-3736\", \"CVE-2009-4029\", \"CVE-2009-4411\", \"CVE-2009-4896\", \"CVE-2010-0001\", \"CVE-2010-0436\", \"CVE-2010-0732\", \"CVE-2010-0829\", \"CVE-2010-1000\", \"CVE-2010-1205\", \"CVE-2010-1511\", \"CVE-2010-2056\", \"CVE-2010-2060\", \"CVE-2010-2192\", \"CVE-2010-2251\", \"CVE-2010-2529\", \"CVE-2010-2809\", \"CVE-2010-2945\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"summary\", value:\"Gentoo Linux Local Security Checks GLSA 201412-08\");\n script_copyright(\"Eero Volotinen\");\n script_family(\"Gentoo Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-gentoo.inc\");\n\nres = \"\";\nreport = \"\";\n\nif((res=ispkgvuln(pkg:\"dev-util/insight\", unaffected: make_list(\"ge 6.7.1-r1\"), vulnerable: make_list(\"lt 6.7.1-r1\"))) != NULL) {\n\n report += res;\n}\nif((res=ispkgvuln(pkg:\"dev-perl/perl-tk\", unaffected: make_list(\"ge 804.028-r2\"), vulnerable: make_list(\"lt 804.028-r2\"))) != NULL) {\n\n report += res;\n}\nif((res=ispkgvuln(pkg:\"dev-util/sourcenav\", unaffected: make_list(\"ge 5.1.4\"), vulnerable: make_list(\"lt 5.1.4\"))) != NULL) {\n\n report += res;\n}\nif((res=ispkgvuln(pkg:\"dev-lang/tk\", unaffected: make_list(\"ge 8.4.18-r1\"), vulnerable: make_list(\"lt 8.4.18-r1\"))) != NULL) {\n\n report += res;\n}\nif((res=ispkgvuln(pkg:\"sys-block/partimage\", unaffected: make_list(\"ge 0.6.8\"), vulnerable: make_list(\"lt 0.6.8\"))) != NULL) {\n\n report += res;\n}\nif((res=ispkgvuln(pkg:\"app-antivirus/bitdefender-console\", unaffected: make_list(), vulnerable: make_list(\"lt 7.1\"))) != NULL) {\n\n report += res;\n}\nif((res=ispkgvuln(pkg:\"net-mail/mlmmj\", unaffected: make_list(\"ge 1.2.17.1\"), vulnerable: make_list(\"lt 1.2.17.1\"))) != NULL) {\n\n report += res;\n}\nif((res=ispkgvuln(pkg:\"sys-apps/acl\", unaffected: make_list(\"ge 2.2.49\"), vulnerable: make_list(\"lt 2.2.49\"))) != NULL) {\n\n report += res;\n}\nif((res=ispkgvuln(pkg:\"x11-apps/xinit\", unaffected: make_list(\"ge 1.2.0-r4\"), vulnerable: make_list(\"lt 1.2.0-r4\"))) != NULL) {\n\n report += res;\n}\nif((res=ispkgvuln(pkg:\"app-arch/gzip\", unaffected: make_list(\"ge 1.4\"), vulnerable: make_list(\"lt 1.4\"))) != NULL) {\n\n report += res;\n}\nif((res=ispkgvuln(pkg:\"app-arch/ncompress\", unaffected: make_list(\"ge 4.2.4.3\"), vulnerable: make_list(\"lt 4.2.4.3\"))) != NULL) {\n\n report += res;\n}\nif((res=ispkgvuln(pkg:\"dev-libs/liblzw\", unaffected: make_list(\"ge 0.2\"), vulnerable: make_list(\"lt 0.2\"))) != NULL) {\n\n report += res;\n}\nif((res=ispkgvuln(pkg:\"media-gfx/splashutils\", unaffected: make_list(\"ge 1.5.4.3-r3\"), vulnerable: make_list(\"lt 1.5.4.3-r3\"))) != NULL) {\n\n report += res;\n}\nif((res=ispkgvuln(pkg:\"sys-devel/m4\", unaffected: make_list(\"ge 1.4.14-r1\"), vulnerable: make_list(\"lt 1.4.14-r1\"))) != NULL) {\n\n report += res;\n}\nif((res=ispkgvuln(pkg:\"kde-base/kdm\", unaffected: make_list(\"ge 4.3.5-r1\"), vulnerable: make_list(\"lt 4.3.5-r1\"))) != NULL) {\n\n report += res;\n}\nif((res=ispkgvuln(pkg:\"x11-libs/gtk+\", unaffected: make_list(\"ge 2.18.7\"), vulnerable: make_list(\"lt 2.18.7\"))) != NULL) {\n\n report += res;\n}\nif((res=ispkgvuln(pkg:\"kde-base/kget\", unaffected: make_list(\"ge 4.3.5-r1\"), vulnerable: make_list(\"lt 4.3.5-r1\"))) != NULL) {\n\n report += res;\n}\nif((res=ispkgvuln(pkg:\"app-text/dvipng\", unaffected: make_list(\"ge 1.13\"), vulnerable: make_list(\"lt 1.13\"))) != NULL) {\n\n report += res;\n}\nif((res=ispkgvuln(pkg:\"app-misc/beanstalkd\", unaffected: make_list(\"ge 1.4.6\"), vulnerable: make_list(\"lt 1.4.6\"))) != NULL) {\n\n report += res;\n}\nif((res=ispkgvuln(pkg:\"sys-apps/pmount\", unaffected: make_list(\"ge 0.9.23\"), vulnerable: make_list(\"lt 0.9.23\"))) != NULL) {\n\n report += res;\n}\nif((res=ispkgvuln(pkg:\"sys-auth/pam_krb5\", unaffected: make_list(\"ge 4.3\"), vulnerable: make_list(\"lt 4.3\"))) != NULL) {\n\n report += res;\n}\nif((res=ispkgvuln(pkg:\"app-text/gv\", unaffected: make_list(\"ge 3.7.1\"), vulnerable: make_list(\"lt 3.7.1\"))) != NULL) {\n\n report += res;\n}\nif((res=ispkgvuln(pkg:\"net-ftp/lftp\", unaffected: make_list(\"ge 4.0.6\"), vulnerable: make_list(\"lt 4.0.6\"))) != NULL) {\n\n report += res;\n}\nif((res=ispkgvuln(pkg:\"www-client/uzbl\", unaffected: make_list(\"ge 2010.08.05\"), vulnerable: make_list(\"lt 2010.08.05\"))) != NULL) {\n\n report += res;\n}\nif((res=ispkgvuln(pkg:\"x11-misc/slim\", unaffected: make_list(\"ge 1.3.2\"), vulnerable: make_list(\"lt 1.3.2\"))) != NULL) {\n\n report += res;\n}\nif((res=ispkgvuln(pkg:\"net-misc/iputils\", unaffected: make_list(\"ge 20100418\"), vulnerable: make_list(\"lt 20100418\"))) != NULL) {\n\n report += res;\n}\nif((res=ispkgvuln(pkg:\"media-tv/dvbstreamer\", unaffected: make_list(\"ge 1.1-r1\"), vulnerable: make_list(\"lt 1.1-r1\"))) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "fedora": [{"lastseen": "2020-12-21T08:17:50", "description": "SLiM (Simple Login Manager) is a graphical login manager for X11. It aims to be simple, fast and independent from the various desktop environments. SLiM is based on latest stable release of Login.app by Per Lid=C3=A9n. In the distribution, slim may be called through a wrapper, slim-dynwm, which determines the available window managers using the freedesktop information and modifies the slim configuration file accordingly, before launching slim. ", "cvss3": {}, "published": "2010-09-09T01:25:39", "type": "fedora", "title": "[SECURITY] Fedora 13 Update: slim-1.3.2-2.fc13", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 6.9, "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2009-1756", "CVE-2010-2945"], "modified": "2010-09-09T01:25:39", "id": "FEDORA:724E61114C2", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/UQFPMGFVBSSKUGPK2KVUF76ISAPQYWDO/", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:49", "description": "SLiM (Simple Login Manager) is a graphical login manager for X11. It aims to be simple, fast and independent from the various desktop environments. SLiM is based on latest stable release of Login.app by Per Lid=C3=A9n. In the distribution, slim may be called through a wrapper, slim-dynwm, which determines the available window managers using the freedesktop information and modifies the slim configuration file accordingly, before launching slim. ", "cvss3": {}, "published": "2010-01-02T03:28:15", "type": "fedora", "title": "[SECURITY] Fedora 11 Update: slim-1.3.1-9.fc11", "bulletinFamily": "unix", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2009-1756"], "modified": "2010-01-02T03:28:15", "id": "FEDORA:3191E10F862", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/42U4OOZIK5JWCZURSQXOQEI4YJM5CEQB/", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2020-12-21T08:17:49", "description": "SLiM (Simple Login Manager) is a graphical login manager for X11. It aims to be simple, fast and independent from the various desktop environments. SLiM is based on latest stable release of Login.app by Per Lid=C3=A9n. In the distribution, slim may be called through a wrapper, slim-dynwm, which determines the available window managers using the freedesktop information and modifies the slim configuration file accordingly, before launching slim. ", "cvss3": {}, "published": "2010-01-02T03:29:37", "type": "fedora", "title": "[SECURITY] Fedora 12 Update: slim-1.3.1-9.fc12", "bulletinFamily": "unix", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2009-1756"], "modified": "2010-01-02T03:29:37", "id": "FEDORA:ECA9F10F862", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/FOF7L6GM5BXM4GCOIW6I2V6M76NKDJNN/", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2020-12-21T08:17:50", "description": "SLiM (Simple Login Manager) is a graphical login manager for X11. It aims to be simple, fast and independent from the various desktop environments. SLiM is based on latest stable release of Login.app by Per Lid=C3=A9n. In the distribution, slim may be called through a wrapper, slim-dynwm, which determines the available window managers using the freedesktop information and modifies the slim configuration file accordingly, before launching slim. ", "cvss3": {}, "published": "2010-09-09T04:35:36", "type": "fedora", "title": "[SECURITY] Fedora 14 Update: slim-1.3.2-2.fc14", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 6.9, "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-2945"], "modified": "2010-09-09T04:35:36", "id": "FEDORA:16B68110F96", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/YHY6KVDZQPFAVZFLQUY77GKANEXBOTEN/", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}], "nessus": [{"lastseen": "2021-08-19T13:07:28", "description": "Secunia reports :\n\nA security issue has been reported in SLiM, which can be exploited by malicious, local users to disclose sensitive information.\n\nThe security issue is caused due to the application generating the X authority file by passing the X authority cookie via the command line to 'xauth'. This can be exploited to disclose the X authority cookie by consulting the process list and e.g. gain access the user's display.", "cvss3": {"score": null, "vector": null}, "published": "2009-06-01T00:00:00", "type": "nessus", "title": "FreeBSD : slim -- local disclosure of X authority magic cookie (80f13884-4d4c-11de-8811-0030843d3802)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1756"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:slim", "cpe:/o:freebsd:freebsd"], "id": "FREEBSD_PKG_80F138844D4C11DE88110030843D3802.NASL", "href": "https://www.tenable.com/plugins/nessus/38965", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(38965);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2009-1756\");\n script_bugtraq_id(35015);\n\n script_name(english:\"FreeBSD : slim -- local disclosure of X authority magic cookie (80f13884-4d4c-11de-8811-0030843d3802)\");\n script_summary(english:\"Checks for updated package in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote FreeBSD host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Secunia reports :\n\nA security issue has been reported in SLiM, which can be exploited by\nmalicious, local users to disclose sensitive information.\n\nThe security issue is caused due to the application generating the X\nauthority file by passing the X authority cookie via the command line\nto 'xauth'. This can be exploited to disclose the X authority cookie\nby consulting the process list and e.g. gain access the user's\ndisplay.\"\n );\n # http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=529306\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=529306\"\n );\n # https://vuxml.freebsd.org/freebsd/80f13884-4d4c-11de-8811-0030843d3802.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?0b2b676b\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:U/RC:ND\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(200);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:slim\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2009/05/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/05/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/06/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"slim<1.3.1_3\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_note(port:0, extra:pkg_report_get());\n else security_note(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-08-19T13:05:06", "description": "- Tue Dec 22 2009 Lorenzo Villani <lvillani at binaryhelix.net> - 1.3.1-9\n\n - Fix CVE-2009-1756 (bugzilla: 544024)\n\n - Fix MIT insecure cookie generation (patch from Debian)\n\n - Fix build with GCC 4.4\n\n - Sat Oct 10 2009 Lorenzo Villani <lvillani at binaryhelix.net> - 1.3.1-8\n\n - Fix BZ #518068\n\n - Sun Jul 26 2009 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 1.3.1-7\n\n - Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild\n\n - Sun Jun 21 2009 Anders F Bjorklund <afb at users.sourceforge.net> 1.3.1-6\n\n - exclude current directory from default_path in slim.conf (#505359)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": null, "vector": null}, "published": "2010-02-25T00:00:00", "type": "nessus", "title": "Fedora 11 : slim-1.3.1-9.fc11 (2009-13551)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1756"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:slim", "cpe:/o:fedoraproject:fedora:11"], "id": "FEDORA_2009-13551.NASL", "href": "https://www.tenable.com/plugins/nessus/44881", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2009-13551.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(44881);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2009-1756\");\n script_xref(name:\"FEDORA\", value:\"2009-13551\");\n\n script_name(english:\"Fedora 11 : slim-1.3.1-9.fc11 (2009-13551)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - Tue Dec 22 2009 Lorenzo Villani <lvillani at\n binaryhelix.net> - 1.3.1-9\n\n - Fix CVE-2009-1756 (bugzilla: 544024)\n\n - Fix MIT insecure cookie generation (patch from Debian)\n\n - Fix build with GCC 4.4\n\n - Sat Oct 10 2009 Lorenzo Villani <lvillani at\n binaryhelix.net> - 1.3.1-8\n\n - Fix BZ #518068\n\n - Sun Jul 26 2009 Fedora Release Engineering <rel-eng at\n lists.fedoraproject.org> - 1.3.1-7\n\n - Rebuilt for\n https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild\n\n - Sun Jun 21 2009 Anders F Bjorklund <afb at\n users.sourceforge.net> 1.3.1-6\n\n - exclude current directory from default_path in\n slim.conf (#505359)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=501562\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2010-January/033323.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?82c010db\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected slim package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N\");\n script_cwe_id(200);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:slim\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/12/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/02/25\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^11([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 11.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC11\", reference:\"slim-1.3.1-9.fc11\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_note(port:0, extra:rpm_report_get());\n else security_note(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"slim\");\n}\n", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-08-19T13:05:11", "description": "- Tue Dec 22 2009 Lorenzo Villani <lvillani at binaryhelix.net> - 1.3.1-9\n\n - Fix CVE-2009-1756 (bugzilla: 544024)\n\n - Fix MIT insecure cookie generation (patch from Debian)\n\n - Fix build with GCC 4.4\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": null, "vector": null}, "published": "2010-02-25T00:00:00", "type": "nessus", "title": "Fedora 12 : slim-1.3.1-9.fc12 (2009-13552)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1756"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:slim", "cpe:/o:fedoraproject:fedora:12"], "id": "FEDORA_2009-13552.NASL", "href": "https://www.tenable.com/plugins/nessus/44882", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2009-13552.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(44882);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2009-1756\");\n script_xref(name:\"FEDORA\", value:\"2009-13552\");\n\n script_name(english:\"Fedora 12 : slim-1.3.1-9.fc12 (2009-13552)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - Tue Dec 22 2009 Lorenzo Villani <lvillani at\n binaryhelix.net> - 1.3.1-9\n\n - Fix CVE-2009-1756 (bugzilla: 544024)\n\n - Fix MIT insecure cookie generation (patch from Debian)\n\n - Fix build with GCC 4.4\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=501562\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2010-January/033332.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?9cbc37fe\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected slim package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N\");\n script_cwe_id(200);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:slim\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:12\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/12/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/02/25\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^12([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 12.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC12\", reference:\"slim-1.3.1-9.fc12\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_note(port:0, extra:rpm_report_get());\n else security_note(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"slim\");\n}\n", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-08-19T13:03:17", "description": "SLiM assigns logged on users a PATH in which the current working directory ('./') is included. This PATH can allow unintentional code execution through planted binaries and has therefore been fixed SLiM version 1.3.2.", "cvss3": {"score": null, "vector": null}, "published": "2010-08-20T00:00:00", "type": "nessus", "title": "FreeBSD : slim -- insecure PATH assignment (68c7187a-abd2-11df-9be6-0015587e2cc1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-2945"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:slim", "cpe:/o:freebsd:freebsd"], "id": "FREEBSD_PKG_68C7187AABD211DF9BE60015587E2CC1.NASL", "href": "https://www.tenable.com/plugins/nessus/48380", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(48380);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2010-2945\");\n\n script_name(english:\"FreeBSD : slim -- insecure PATH assignment (68c7187a-abd2-11df-9be6-0015587e2cc1)\");\n script_summary(english:\"Checks for updated package in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote FreeBSD host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"SLiM assigns logged on users a PATH in which the current working\ndirectory ('./') is included. This PATH can allow unintentional code\nexecution through planted binaries and has therefore been fixed SLiM\nversion 1.3.2.\"\n );\n # http://seclists.org/oss-sec/2010/q3/198\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://seclists.org/oss-sec/2010/q3/198\"\n );\n # https://vuxml.freebsd.org/freebsd/68c7187a-abd2-11df-9be6-0015587e2cc1.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?048bc8e8\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:slim\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2010/05/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/08/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/08/20\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"slim<1.3.2\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T13:02:51", "description": "update_slim_wmlist RE fix\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": null, "vector": null}, "published": "2010-09-09T00:00:00", "type": "nessus", "title": "Fedora 14 : slim-1.3.2-2.fc14 (2010-13843)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-2945"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:slim", "cpe:/o:fedoraproject:fedora:14"], "id": "FEDORA_2010-13843.NASL", "href": "https://www.tenable.com/plugins/nessus/49158", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2010-13843.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(49158);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2010-2945\");\n script_xref(name:\"FEDORA\", value:\"2010-13843\");\n\n script_name(english:\"Fedora 14 : slim-1.3.2-2.fc14 (2010-13843)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"update_slim_wmlist RE fix\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=625942\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2010-September/047349.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?d5260541\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected slim package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:slim\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:14\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/08/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/09/09\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^14([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 14.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC14\", reference:\"slim-1.3.2-2.fc14\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"slim\");\n}\n", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T13:03:02", "description": "update_slim_wmlist RE fix\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": null, "vector": null}, "published": "2010-09-09T00:00:00", "type": "nessus", "title": "Fedora 13 : slim-1.3.2-2.fc13 (2010-13890)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-2945"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:slim", "cpe:/o:fedoraproject:fedora:13"], "id": "FEDORA_2010-13890.NASL", "href": "https://www.tenable.com/plugins/nessus/49159", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2010-13890.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(49159);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2010-2945\");\n script_xref(name:\"FEDORA\", value:\"2010-13890\");\n\n script_name(english:\"Fedora 13 : slim-1.3.2-2.fc13 (2010-13890)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"update_slim_wmlist RE fix\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=625942\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2010-September/047297.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?9d9efaf6\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected slim package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:slim\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:13\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/09/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/09/09\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^13([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 13.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC13\", reference:\"slim-1.3.2-2.fc13\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"slim\");\n}\n", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T13:02:59", "description": "update_slim_wmlist RE fix\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": null, "vector": null}, "published": "2010-09-09T00:00:00", "type": "nessus", "title": "Fedora 12 : slim-1.3.2-2.fc12 (2010-13897)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-2945"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:slim", "cpe:/o:fedoraproject:fedora:12"], "id": "FEDORA_2010-13897.NASL", "href": "https://www.tenable.com/plugins/nessus/49160", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2010-13897.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(49160);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2010-2945\");\n script_xref(name:\"FEDORA\", value:\"2010-13897\");\n\n script_name(english:\"Fedora 12 : slim-1.3.2-2.fc12 (2010-13897)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"update_slim_wmlist RE fix\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=625942\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2010-September/047248.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?3883fcfa\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected slim package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:slim\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:12\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/09/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/09/09\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^12([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 12.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC12\", reference:\"slim-1.3.2-2.fc12\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"slim\");\n}\n", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T12:47:29", "description": "The remote host is affected by the vulnerability described in GLSA-201412-08 (Multiple packages, Multiple vulnerabilities fixed in 2010)\n\n Vulnerabilities have been discovered in the packages listed below.\n Please review the CVE identifiers in the Reference section for details.\n Insight Perl Tk Module Source-Navigator Tk Partimage Mlmmj acl Xinit gzip ncompress liblzw splashutils GNU M4 KDE Display Manager GTK+ KGet dvipng Beanstalk Policy Mount pam_krb5 GNU gv LFTP Uzbl Slim Bitdefender Console iputils DVBStreamer Impact :\n\n A context-dependent attacker may be able to gain escalated privileges, execute arbitrary code, cause Denial of Service, obtain sensitive information, or otherwise bypass security restrictions.\n Workaround :\n\n There are no known workarounds at this time.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2014-12-15T00:00:00", "type": "nessus", "title": "GLSA-201412-08 : Multiple packages, Multiple vulnerabilities fixed in 2010", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2006-3005", "CVE-2007-2741", "CVE-2008-0553", "CVE-2008-1382", "CVE-2008-5907", "CVE-2008-6218", "CVE-2008-6661", "CVE-2009-0040", "CVE-2009-0360", "CVE-2009-0361", "CVE-2009-0946", "CVE-2009-2042", "CVE-2009-2624", "CVE-2009-3736", "CVE-2009-4029", "CVE-2009-4411", "CVE-2009-4896", "CVE-2010-0001", "CVE-2010-0436", "CVE-2010-0732", "CVE-2010-0829", "CVE-2010-1000", "CVE-2010-1205", "CVE-2010-1511", "CVE-2010-2056", "CVE-2010-2060", "CVE-2010-2192", "CVE-2010-2251", "CVE-2010-2529", "CVE-2010-2809", "CVE-2010-2945"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:gentoo:linux:acl", "p-cpe:/a:gentoo:linux:beanstalkd", "p-cpe:/a:gentoo:linux:bitdefender-console", "p-cpe:/a:gentoo:linux:dvbstreamer", "p-cpe:/a:gentoo:linux:dvipng", "p-cpe:/a:gentoo:linux:gtk%2b", "p-cpe:/a:gentoo:linux:gv", "p-cpe:/a:gentoo:linux:gzip", "p-cpe:/a:gentoo:linux:insight", "p-cpe:/a:gentoo:linux:iputils", "p-cpe:/a:gentoo:linux:kdm", "p-cpe:/a:gentoo:linux:kget", "p-cpe:/a:gentoo:linux:lftp", "p-cpe:/a:gentoo:linux:liblzw", "p-cpe:/a:gentoo:linux:m4", "p-cpe:/a:gentoo:linux:mlmmj", "p-cpe:/a:gentoo:linux:ncompress", "p-cpe:/a:gentoo:linux:pam_krb5", "p-cpe:/a:gentoo:linux:partimage", "p-cpe:/a:gentoo:linux:perl-tk", "p-cpe:/a:gentoo:linux:pmount", "p-cpe:/a:gentoo:linux:slim", "p-cpe:/a:gentoo:linux:sourcenav", "p-cpe:/a:gentoo:linux:splashutils", "p-cpe:/a:gentoo:linux:tk", "p-cpe:/a:gentoo:linux:uzbl", "p-cpe:/a:gentoo:linux:xinit", "cpe:/o:gentoo:linux"], "id": "GENTOO_GLSA-201412-08.NASL", "href": "https://www.tenable.com/plugins/nessus/79961", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 201412-08.\n#\n# The advisory text is Copyright (C) 2001-2020 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(79961);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2006-3005\", \"CVE-2007-2741\", \"CVE-2008-0553\", \"CVE-2008-1382\", \"CVE-2008-5907\", \"CVE-2008-6218\", \"CVE-2008-6661\", \"CVE-2009-0040\", \"CVE-2009-0360\", \"CVE-2009-0361\", \"CVE-2009-0946\", \"CVE-2009-2042\", \"CVE-2009-2624\", \"CVE-2009-3736\", \"CVE-2009-4029\", \"CVE-2009-4411\", \"CVE-2009-4896\", \"CVE-2010-0001\", \"CVE-2010-0436\", \"CVE-2010-0732\", \"CVE-2010-0829\", \"CVE-2010-1000\", \"CVE-2010-1205\", \"CVE-2010-1511\", \"CVE-2010-2056\", \"CVE-2010-2060\", \"CVE-2010-2192\", \"CVE-2010-2251\", \"CVE-2010-2529\", \"CVE-2010-2809\", \"CVE-2010-2945\");\n script_bugtraq_id(24001, 27655, 28770, 31920, 32751, 33740, 33741, 33827, 33990, 34550, 35233, 37128, 37378, 37455, 37886, 37888, 38211, 39467, 39969, 40141, 40426, 40516, 40939, 41174, 41841, 41911, 42297, 43728);\n script_xref(name:\"GLSA\", value:\"201412-08\");\n\n script_name(english:\"GLSA-201412-08 : Multiple packages, Multiple vulnerabilities fixed in 2010\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"The remote host is affected by the vulnerability described in GLSA-201412-08\n(Multiple packages, Multiple vulnerabilities fixed in 2010)\n\n Vulnerabilities have been discovered in the packages listed below.\n Please review the CVE identifiers in the Reference section for details.\n Insight\n Perl Tk Module\n Source-Navigator\n Tk\n Partimage\n Mlmmj\n acl\n Xinit\n gzip\n ncompress\n liblzw\n splashutils\n GNU M4\n KDE Display Manager\n GTK+\n KGet\n dvipng\n Beanstalk\n Policy Mount\n pam_krb5\n GNU gv\n LFTP\n Uzbl\n Slim\n Bitdefender Console\n iputils\n DVBStreamer\n \nImpact :\n\n A context-dependent attacker may be able to gain escalated privileges,\n execute arbitrary code, cause Denial of Service, obtain sensitive\n information, or otherwise bypass security restrictions.\n \nWorkaround :\n\n There are no known workarounds at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/201412-08\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"All Insight users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=dev-util/insight-6.7.1-r1'\n All Perl Tk Module users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=dev-perl/perl-tk-804.028-r2'\n All Source-Navigator users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=dev-util/sourcenav-5.1.4'\n All Tk users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=dev-lang/tk-8.4.18-r1'\n All Partimage users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=sys-block/partimage-0.6.8'\n All Mlmmj users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=net-mail/mlmmj-1.2.17.1'\n All acl users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=sys-apps/acl-2.2.49'\n All Xinit users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=x11-apps/xinit-1.2.0-r4'\n All gzip users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=app-arch/gzip-1.4'\n All ncompress users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=app-arch/ncompress-4.2.4.3'\n All liblzw users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=dev-libs/liblzw-0.2'\n All splashutils users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose\n '>=media-gfx/splashutils-1.5.4.3-r3'\n All GNU M4 users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=sys-devel/m4-1.4.14-r1'\n All KDE Display Manager users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=kde-base/kdm-4.3.5-r1'\n All GTK+ users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=x11-libs/gtk+-2.18.7'\n All KGet 4.3 users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=kde-base/kget-4.3.5-r1'\n All dvipng users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=app-text/dvipng-1.13'\n All Beanstalk users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=app-misc/beanstalkd-1.4.6'\n All Policy Mount users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=sys-apps/pmount-0.9.23'\n All pam_krb5 users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=sys-auth/pam_krb5-4.3'\n All GNU gv users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=app-text/gv-3.7.1'\n All LFTP users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=net-ftp/lftp-4.0.6'\n All Uzbl users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=www-client/uzbl-2010.08.05'\n All Slim users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=x11-misc/slim-1.3.2'\n All iputils users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=net-misc/iputils-20100418'\n All DVBStreamer users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=media-tv/dvbstreamer-1.1-r1'\n Gentoo has discontinued support for Bitdefender Console. We recommend\n that users unmerge Bitdefender Console:\n # emerge --unmerge 'app-antivirus/bitdefender-console'\n NOTE: This is a legacy GLSA. Updates for all affected architectures have\n been available since 2011. It is likely that your system is already no\n longer affected by these issues.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(20, 94, 119, 189, 200, 264, 287, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:acl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:beanstalkd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:bitdefender-console\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:dvbstreamer\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:dvipng\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:gtk+\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:gv\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:gzip\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:insight\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:iputils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:kdm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:kget\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:lftp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:liblzw\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:m4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:mlmmj\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:ncompress\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:pam_krb5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:partimage\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:perl-tk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:pmount\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:slim\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:sourcenav\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:splashutils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:tk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:uzbl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:xinit\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2006/06/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/12/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/12/15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"app-arch/gzip\", unaffected:make_list(\"ge 1.4\"), vulnerable:make_list(\"lt 1.4\"))) flag++;\nif (qpkg_check(package:\"kde-base/kget\", unaffected:make_list(\"ge 4.3.5-r1\"), vulnerable:make_list(\"lt 4.3.5-r1\"))) flag++;\nif (qpkg_check(package:\"dev-libs/liblzw\", unaffected:make_list(\"ge 0.2\"), vulnerable:make_list(\"lt 0.2\"))) flag++;\nif (qpkg_check(package:\"kde-base/kdm\", unaffected:make_list(\"ge 4.3.5-r1\"), vulnerable:make_list(\"lt 4.3.5-r1\"))) flag++;\nif (qpkg_check(package:\"app-text/dvipng\", unaffected:make_list(\"ge 1.13\"), vulnerable:make_list(\"lt 1.13\"))) flag++;\nif (qpkg_check(package:\"x11-apps/xinit\", unaffected:make_list(\"ge 1.2.0-r4\"), vulnerable:make_list(\"lt 1.2.0-r4\"))) flag++;\nif (qpkg_check(package:\"net-ftp/lftp\", unaffected:make_list(\"ge 4.0.6\"), vulnerable:make_list(\"lt 4.0.6\"))) flag++;\nif (qpkg_check(package:\"net-mail/mlmmj\", unaffected:make_list(\"ge 1.2.17.1\"), vulnerable:make_list(\"lt 1.2.17.1\"))) flag++;\nif (qpkg_check(package:\"sys-apps/pmount\", unaffected:make_list(\"ge 0.9.23\"), vulnerable:make_list(\"lt 0.9.23\"))) flag++;\nif (qpkg_check(package:\"sys-block/partimage\", unaffected:make_list(\"ge 0.6.8\"), vulnerable:make_list(\"lt 0.6.8\"))) flag++;\nif (qpkg_check(package:\"sys-apps/acl\", unaffected:make_list(\"ge 2.2.49\"), vulnerable:make_list(\"lt 2.2.49\"))) flag++;\nif (qpkg_check(package:\"app-arch/ncompress\", unaffected:make_list(\"ge 4.2.4.3\"), vulnerable:make_list(\"lt 4.2.4.3\"))) flag++;\nif (qpkg_check(package:\"media-gfx/splashutils\", unaffected:make_list(\"ge 1.5.4.3-r3\"), vulnerable:make_list(\"lt 1.5.4.3-r3\"))) flag++;\nif (qpkg_check(package:\"www-client/uzbl\", unaffected:make_list(\"ge 2010.08.05\"), vulnerable:make_list(\"lt 2010.08.05\"))) flag++;\nif (qpkg_check(package:\"dev-util/insight\", unaffected:make_list(\"ge 6.7.1-r1\"), vulnerable:make_list(\"lt 6.7.1-r1\"))) flag++;\nif (qpkg_check(package:\"sys-devel/m4\", unaffected:make_list(\"ge 1.4.14-r1\"), vulnerable:make_list(\"lt 1.4.14-r1\"))) flag++;\nif (qpkg_check(package:\"app-antivirus/bitdefender-console\", unaffected:make_list(), vulnerable:make_list(\"le 7.1\"))) flag++;\nif (qpkg_check(package:\"app-text/gv\", unaffected:make_list(\"ge 3.7.1\"), vulnerable:make_list(\"lt 3.7.1\"))) flag++;\nif (qpkg_check(package:\"media-tv/dvbstreamer\", unaffected:make_list(\"ge 1.1-r1\"), vulnerable:make_list(\"lt 1.1-r1\"))) flag++;\nif (qpkg_check(package:\"app-misc/beanstalkd\", unaffected:make_list(\"ge 1.4.6\"), vulnerable:make_list(\"lt 1.4.6\"))) flag++;\nif (qpkg_check(package:\"net-misc/iputils\", unaffected:make_list(\"ge 20100418\"), vulnerable:make_list(\"lt 20100418\"))) flag++;\nif (qpkg_check(package:\"dev-util/sourcenav\", unaffected:make_list(\"ge 5.1.4\"), vulnerable:make_list(\"lt 5.1.4\"))) flag++;\nif (qpkg_check(package:\"x11-libs/gtk+\", unaffected:make_list(\"ge 2.18.7\"), vulnerable:make_list(\"lt 2.18.7\"))) flag++;\nif (qpkg_check(package:\"sys-auth/pam_krb5\", unaffected:make_list(\"ge 4.3\"), vulnerable:make_list(\"lt 4.3\"))) flag++;\nif (qpkg_check(package:\"dev-lang/tk\", unaffected:make_list(\"ge 8.4.18-r1\"), vulnerable:make_list(\"lt 8.4.18-r1\"))) flag++;\nif (qpkg_check(package:\"x11-misc/slim\", unaffected:make_list(\"ge 1.3.2\"), vulnerable:make_list(\"lt 1.3.2\"))) flag++;\nif (qpkg_check(package:\"dev-perl/perl-tk\", unaffected:make_list(\"ge 804.028-r2\"), vulnerable:make_list(\"lt 804.028-r2\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"app-arch/gzip / kde-base/kget / dev-libs/liblzw / kde-base/kdm / etc\");\n}\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "cve": [{"lastseen": "2022-03-23T21:27:28", "description": "SLiM Simple Login Manager 1.3.0 places the X authority magic cookie (mcookie) on the command line when invoking xauth from (1) app.cpp and (2) switchuser.cpp, which allows local users to access the X session by listing the process and its arguments.", "cvss3": {}, "published": "2009-05-22T11:52:00", "type": "cve", "title": "CVE-2009-1756", "cwe": ["CWE-200"], "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2009-1756"], "modified": "2017-08-17T01:30:00", "cpe": ["cpe:/a:simone_rota:slim_simple_login_manager:1.3.0"], "id": "CVE-2009-1756", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1756", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:a:simone_rota:slim_simple_login_manager:1.3.0:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T12:21:50", "description": "The default configuration of SLiM before 1.3.2 places ./ (dot slash) at the beginning of the default_path option, which might allow local users to gain privileges via a Trojan horse program in the current working directory, related to slim.conf and cfg.cpp.", "cvss3": {}, "published": "2010-08-30T20:00:00", "type": "cve", "title": "CVE-2010-2945", "cwe": ["CWE-16"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 6.9, "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-2945"], "modified": "2010-08-31T04:00:00", "cpe": ["cpe:/a:simone_rota:slim_simple_login_manager:1.3.0", "cpe:/a:simone_rota:slim_simple_login_manager:1.2.5", "cpe:/a:simone_rota:slim_simple_login_manager:1.2.6", "cpe:/a:simone_rota:slim_simple_login_manager:1.1.0", "cpe:/a:simone_rota:slim_simple_login_manager:1.2.4", "cpe:/a:simone_rota:slim_simple_login_manager:1.2.3", "cpe:/a:simone_rota:slim_simple_login_manager:1.3.1", "cpe:/a:simone_rota:slim_simple_login_manager:1.2.0", "cpe:/a:simone_rota:slim_simple_login_manager:1.0.0", "cpe:/a:simone_rota:slim_simple_login_manager:1.2.2", "cpe:/a:simone_rota:slim_simple_login_manager:1.2.1"], "id": "CVE-2010-2945", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2945", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:simone_rota:slim_simple_login_manager:1.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:simone_rota:slim_simple_login_manager:1.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:simone_rota:slim_simple_login_manager:1.2.3:*:*:*:*:*:*:*", "cpe:2.3:a:simone_rota:slim_simple_login_manager:1.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:simone_rota:slim_simple_login_manager:1.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:simone_rota:slim_simple_login_manager:1.3.0:*:*:*:*:*:*:*", "cpe:2.3:a:simone_rota:slim_simple_login_manager:1.2.4:*:*:*:*:*:*:*", "cpe:2.3:a:simone_rota:slim_simple_login_manager:1.2.6:*:*:*:*:*:*:*", "cpe:2.3:a:simone_rota:slim_simple_login_manager:1.2.5:*:*:*:*:*:*:*", "cpe:2.3:a:simone_rota:slim_simple_login_manager:1.2.2:*:*:*:*:*:*:*", "cpe:2.3:a:simone_rota:slim_simple_login_manager:1.3.1:*:*:*:*:*:*:*"]}], "debiancve": [{"lastseen": "2022-01-11T13:26:35", "description": "SLiM Simple Login Manager 1.3.0 places the X authority magic cookie (mcookie) on the command line when invoking xauth from (1) app.cpp and (2) switchuser.cpp, which allows local users to access the X session by listing the process and its arguments.", "cvss3": {}, "published": "2009-05-22T11:52:00", "type": "debiancve", "title": "CVE-2009-1756", "bulletinFamily": "info", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2009-1756"], "modified": "2009-05-22T11:52:00", "id": "DEBIANCVE:CVE-2009-1756", "href": "https://security-tracker.debian.org/tracker/CVE-2009-1756", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2022-01-11T13:26:35", "description": "The default configuration of SLiM before 1.3.2 places ./ (dot slash) at the beginning of the default_path option, which might allow local users to gain privileges via a Trojan horse program in the current working directory, related to slim.conf and cfg.cpp.", "cvss3": {}, "published": "2010-08-30T20:00:00", "type": "debiancve", "title": "CVE-2010-2945", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 6.9, "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-2945"], "modified": "2010-08-30T20:00:00", "id": "DEBIANCVE:CVE-2010-2945", "href": "https://security-tracker.debian.org/tracker/CVE-2010-2945", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}], "ubuntucve": [{"lastseen": "2021-11-22T21:59:45", "description": "SLiM Simple Login Manager 1.3.0 places the X authority magic cookie\n(mcookie) on the command line when invoking xauth from (1) app.cpp and (2)\nswitchuser.cpp, which allows local users to access the X session by listing\nthe process and its arguments.\n\n#### Bugs\n\n * <http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=529306>\n", "cvss3": {}, "published": "2009-05-22T00:00:00", "type": "ubuntucve", "title": "CVE-2009-1756", "bulletinFamily": "info", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2009-1756"], "modified": "2009-05-22T00:00:00", "id": "UB:CVE-2009-1756", "href": "https://ubuntu.com/security/CVE-2009-1756", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-11-22T21:58:15", "description": "The default configuration of SLiM before 1.3.2 places ./ (dot slash) at the\nbeginning of the default_path option, which might allow local users to gain\nprivileges via a Trojan horse program in the current working directory,\nrelated to slim.conf and cfg.cpp.", "cvss3": {}, "published": "2010-08-30T00:00:00", "type": "ubuntucve", "title": "CVE-2010-2945", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 6.9, "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-2945"], "modified": "2010-08-30T00:00:00", "id": "UB:CVE-2010-2945", "href": "https://ubuntu.com/security/CVE-2010-2945", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}], "freebsd": [{"lastseen": "2022-01-19T16:03:50", "description": "\n\nSecunia reports:\n\nA security issue has been reported in SLiM, which can be\n\t exploited by malicious, local users to disclose sensitive\n\t information.\nThe security issue is caused due to the application\n\t generating the X authority file by passing the X authority\n\t cookie via the command line to \"xauth\". This can be exploited\n\t to disclose the X authority cookie by consulting the process\n\t list and e.g. gain access the user's display.\n\n\n", "cvss3": {}, "published": "2009-05-20T00:00:00", "type": "freebsd", "title": "slim -- local disclosure of X authority magic cookie", "bulletinFamily": "unix", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2009-1756"], "modified": "2009-05-20T00:00:00", "id": "80F13884-4D4C-11DE-8811-0030843D3802", "href": "https://vuxml.freebsd.org/freebsd/80f13884-4d4c-11de-8811-0030843d3802.html", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2022-01-19T16:03:50", "description": "\n\nSLiM assigns logged on users a PATH in which the current\n\t working directory (\"./\") is included. This PATH can allow\n\t unintentional code execution through planted binaries and\n\t has therefore been fixed SLiM version 1.3.2.\n\n", "cvss3": {}, "published": "2010-05-12T00:00:00", "type": "freebsd", "title": "slim -- insecure PATH assignment", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 6.9, "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-2945"], "modified": "2010-08-20T00:00:00", "id": "68C7187A-ABD2-11DF-9BE6-0015587E2CC1", "href": "https://vuxml.freebsd.org/freebsd/68c7187a-abd2-11df-9be6-0015587e2cc1.html", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}], "gentoo": [{"lastseen": "2022-01-17T19:07:29", "description": "### Background\n\nFor more information on the packages listed in this GLSA, please see their homepage referenced in the ebuild. \n\n### Description\n\nVulnerabilities have been discovered in the packages listed below. Please review the CVE identifiers in the Reference section for details. \n\n * Insight\n * Perl Tk Module\n * Source-Navigator\n * Tk\n * Partimage\n * Mlmmj\n * acl\n * Xinit\n * gzip\n * ncompress\n * liblzw\n * splashutils\n * GNU M4\n * KDE Display Manager\n * GTK+\n * KGet\n * dvipng\n * Beanstalk\n * Policy Mount\n * pam_krb5\n * GNU gv\n * LFTP\n * Uzbl\n * Slim\n * Bitdefender Console\n * iputils\n * DVBStreamer\n\n### Impact\n\nA context-dependent attacker may be able to gain escalated privileges, execute arbitrary code, cause Denial of Service, obtain sensitive information, or otherwise bypass security restrictions. \n\n### Workaround\n\nThere are no known workarounds at this time.\n\n### Resolution\n\nAll Insight users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev-util/insight-6.7.1-r1\"\n \n\nAll Perl Tk Module users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev-perl/perl-tk-804.028-r2\"\n \n\nAll Source-Navigator users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev-util/sourcenav-5.1.4\"\n \n\nAll Tk users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev-lang/tk-8.4.18-r1\"\n \n\nAll Partimage users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=sys-block/partimage-0.6.8\"\n \n\nAll Mlmmj users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=net-mail/mlmmj-1.2.17.1\"\n \n\nAll acl users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=sys-apps/acl-2.2.49\"\n \n\nAll Xinit users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=x11-apps/xinit-1.2.0-r4\"\n \n\nAll gzip users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=app-arch/gzip-1.4\"\n \n\nAll ncompress users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=app-arch/ncompress-4.2.4.3\"\n \n\nAll liblzw users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev-libs/liblzw-0.2\"\n \n\nAll splashutils users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose\n \">=media-gfx/splashutils-1.5.4.3-r3\"\n \n\nAll GNU M4 users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=sys-devel/m4-1.4.14-r1\"\n \n\nAll KDE Display Manager users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=kde-base/kdm-4.3.5-r1\"\n \n\nAll GTK+ users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=x11-libs/gtk+-2.18.7\"\n \n\nAll KGet 4.3 users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=kde-base/kget-4.3.5-r1\"\n \n\nAll dvipng users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=app-text/dvipng-1.13\"\n \n\nAll Beanstalk users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=app-misc/beanstalkd-1.4.6\"\n \n\nAll Policy Mount users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=sys-apps/pmount-0.9.23\"\n \n\nAll pam_krb5 users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=sys-auth/pam_krb5-4.3\"\n \n\nAll GNU gv users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=app-text/gv-3.7.1\"\n \n\nAll LFTP users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=net-ftp/lftp-4.0.6\"\n \n\nAll Uzbl users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=www-client/uzbl-2010.08.05\"\n \n\nAll Slim users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=x11-misc/slim-1.3.2\"\n \n\nAll iputils users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=net-misc/iputils-20100418\"\n \n\nAll DVBStreamer users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=media-tv/dvbstreamer-1.1-r1\"\n \n\nGentoo has discontinued support for Bitdefender Console. We recommend that users unmerge Bitdefender Console: \n \n \n # emerge --unmerge \"app-antivirus/bitdefender-console\"\n \n\nNOTE: This is a legacy GLSA. Updates for all affected architectures have been available since 2011. It is likely that your system is already no longer affected by these issues.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2014-12-11T00:00:00", "type": "gentoo", "title": "Multiple packages, Multiple vulnerabilities fixed in 2010", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2006-3005", "CVE-2007-2741", "CVE-2008-0553", "CVE-2008-1382", "CVE-2008-5907", "CVE-2008-6218", "CVE-2008-6661", "CVE-2009-0040", "CVE-2009-0360", "CVE-2009-0361", "CVE-2009-0946", "CVE-2009-2042", "CVE-2009-2624", "CVE-2009-3736", "CVE-2009-4029", "CVE-2009-4411", "CVE-2009-4896", "CVE-2010-0001", "CVE-2010-0436", "CVE-2010-0732", "CVE-2010-0829", "CVE-2010-1000", "CVE-2010-1205", "CVE-2010-1511", "CVE-2010-2056", "CVE-2010-2060", "CVE-2010-2192", "CVE-2010-2251", "CVE-2010-2529", "CVE-2010-2809", "CVE-2010-2945"], "modified": "2014-12-11T00:00:00", "id": "GLSA-201412-08", "href": "https://security.gentoo.org/glsa/201412-08", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}]}
[SECURITY] Fedora 12 Update: slim-1.3.2-2.fc12
