Description
memcached is a high-performance, distributed memory object caching system, generic in nature, but intended for use in speeding up dynamic web applications by alleviating database load.
Affected Package
Related
{"id": "FEDORA:DD75510F85C", "vendorId": null, "type": "fedora", "bulletinFamily": "unix", "title": "[SECURITY] Fedora 11 Update: memcached-1.2.8-2.fc11", "description": "memcached is a high-performance, distributed memory object caching system, generic in nature, but intended for use in speeding up dynamic web applications by alleviating database load. ", "published": "2009-12-11T18:27:21", "modified": "2009-12-11T18:27:21", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cvss2": {"cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": true, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": false}, "cvss3": {}, "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/5NJARNH2OO2CXVUM7DTD6OZUECG6CQL2/", "reporter": "Fedora", "references": [], "cvelist": ["CVE-2009-1255", "CVE-2009-2415"], "immutableFields": [], "lastseen": "2020-12-21T08:17:49", "viewCount": 2, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2009-1255", "CVE-2009-2415"]}, {"type": "debian", "idList": ["DEBIAN:DSA-1853-1:FFBE6"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2009-1255", "DEBIANCVE:CVE-2009-2415"]}, {"type": "fedora", "idList": ["FEDORA:575A010F8AA", "FEDORA:C123610F87F"]}, {"type": "freebsd", "idList": ["86ADA694-8B30-11DE-B9D0-000C6E274733"]}, {"type": "gentoo", "idList": ["GLSA-201406-13"]}, {"type": "nessus", "idList": ["DEBIAN_DSA-1853.NASL", "FEDORA_2009-12552.NASL", "FEDORA_2009-4199.NASL", "FEDORA_2009-4542.NASL", "FREEBSD_PKG_86ADA6948B3011DEB9D0000C6E274733.NASL", "GENTOO_GLSA-201406-13.NASL", "MANDRIVA_MDVSA-2009-105.NASL", "MANDRIVA_MDVSA-2009-202.NASL", "MEMCACHED_ASLR_BYPASS.NASL", "SUSE_11_0_MEMCACHED-090806.NASL", "SUSE_11_1_MEMCACHED-090806.NASL", "SUSE_MEMCACHED-6397.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310121216", "OPENVAS:136141256231064029", "OPENVAS:136141256231064088", "OPENVAS:136141256231064137", "OPENVAS:136141256231064630", "OPENVAS:136141256231064643", "OPENVAS:136141256231064674", "OPENVAS:136141256231064787", "OPENVAS:136141256231066513", "OPENVAS:1361412562310800715", "OPENVAS:1361412562310800717", "OPENVAS:1361412562310900914", "OPENVAS:64029", "OPENVAS:64088", "OPENVAS:64137", "OPENVAS:64630", "OPENVAS:64643", "OPENVAS:64674", "OPENVAS:64787", "OPENVAS:66513", "OPENVAS:800715", "OPENVAS:800717", "OPENVAS:900914"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:21753", "SECURITYVULNS:DOC:22269", "SECURITYVULNS:VULN:10126", "SECURITYVULNS:VULN:9881"]}, {"type": "seebug", "idList": ["SSV:11168", "SSV:12021"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2009-1255", "UB:CVE-2009-2415"]}]}, "score": {"value": 5.5, "vector": "NONE"}, "backreferences": {"references": [{"type": "cve", "idList": ["CVE-2009-1255"]}, {"type": "debian", "idList": ["DEBIAN:DSA-1853-1:FFBE6"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2009-2415"]}, {"type": "fedora", "idList": ["FEDORA:575A010F8AA"]}, {"type": "freebsd", "idList": ["86ADA694-8B30-11DE-B9D0-000C6E274733"]}, {"type": "gentoo", "idList": ["GLSA-201406-13"]}, {"type": "nessus", "idList": ["FEDORA_2009-12552.NASL", "MANDRIVA_MDVSA-2009-202.NASL", "SUSE_MEMCACHED-6397.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:66513", "OPENVAS:900914"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:21753"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2009-2415"]}]}, "exploitation": null, "vulnersScore": 5.5}, "_state": {"dependencies": 0, "score": 0}, "_internal": {}, "affectedPackage": [{"OS": "Fedora", "OSVersion": "11", "arch": "any", "packageName": "memcached", "packageVersion": "1.2.8", "packageFilename": "UNKNOWN", "operator": "lt"}]}
{"openvas": [{"lastseen": "2017-07-25T10:56:41", "description": "The remote host is missing an update to memcached\nannounced via advisory FEDORA-2009-12552.", "cvss3": {}, "published": "2009-12-14T00:00:00", "type": "openvas", "title": "Fedora Core 11 FEDORA-2009-12552 (memcached)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1255", "CVE-2009-2415"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:66513", "href": "http://plugins.openvas.org/nasl.php?oid=66513", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: fcore_2009_12552.nasl 6624 2017-07-10 06:11:55Z cfischer $\n# Description: Auto-generated from advisory FEDORA-2009-12552 (memcached)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Update Information:\n\nAddresses CVE-2009-2415\n\nChangeLog:\n\n* Tue Dec 1 2009 Paul Lindner - 1.2.8-2\n- Apply patch memcached-1.2.8_proper_vlen_fix.patch\n- Addresses CVE-2009-2415\n- Resolves 542058\";\ntag_solution = \"Apply the appropriate updates.\n\nThis update can be installed with the yum update program. Use \nsu -c 'yum update memcached' at the command line.\nFor more information, refer to Managing Software with yum,\navailable at http://docs.fedoraproject.org/yum/.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2009-12552\";\ntag_summary = \"The remote host is missing an update to memcached\nannounced via advisory FEDORA-2009-12552.\";\n\n\n\nif(description)\n{\n script_id(66513);\n script_version(\"$Revision: 6624 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:11:55 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-12-14 23:06:43 +0100 (Mon, 14 Dec 2009)\");\n script_cve_id(\"CVE-2009-2415\", \"CVE-2009-1255\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Fedora Core 11 FEDORA-2009-12552 (memcached)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=516489\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"memcached\", rpm:\"memcached~1.2.8~2.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"memcached-selinux\", rpm:\"memcached-selinux~1.2.8~2.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"memcached-debuginfo\", rpm:\"memcached-debuginfo~1.2.8~2.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-06T11:39:05", "description": "The remote host is missing an update to memcached\nannounced via advisory FEDORA-2009-12552.", "cvss3": {}, "published": "2009-12-14T00:00:00", "type": "openvas", "title": "Fedora Core 11 FEDORA-2009-12552 (memcached)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1255", "CVE-2009-2415"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:136141256231066513", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231066513", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: fcore_2009_12552.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory FEDORA-2009-12552 (memcached)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Update Information:\n\nAddresses CVE-2009-2415\n\nChangeLog:\n\n* Tue Dec 1 2009 Paul Lindner - 1.2.8-2\n- Apply patch memcached-1.2.8_proper_vlen_fix.patch\n- Addresses CVE-2009-2415\n- Resolves 542058\";\ntag_solution = \"Apply the appropriate updates.\n\nThis update can be installed with the yum update program. Use \nsu -c 'yum update memcached' at the command line.\nFor more information, refer to Managing Software with yum,\navailable at http://docs.fedoraproject.org/yum/.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2009-12552\";\ntag_summary = \"The remote host is missing an update to memcached\nannounced via advisory FEDORA-2009-12552.\";\n\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.66513\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-12-14 23:06:43 +0100 (Mon, 14 Dec 2009)\");\n script_cve_id(\"CVE-2009-2415\", \"CVE-2009-1255\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Fedora Core 11 FEDORA-2009-12552 (memcached)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=516489\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"memcached\", rpm:\"memcached~1.2.8~2.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"memcached-selinux\", rpm:\"memcached-selinux~1.2.8~2.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"memcached-debuginfo\", rpm:\"memcached-debuginfo~1.2.8~2.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-25T10:56:14", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-1255"], "description": "The remote host is missing an update to memcached\nannounced via advisory FEDORA-2009-4199.", "modified": "2017-07-10T00:00:00", "published": "2009-05-25T00:00:00", "id": "OPENVAS:64029", "href": "http://plugins.openvas.org/nasl.php?oid=64029", "type": "openvas", "title": "Fedora Core 10 FEDORA-2009-4199 (memcached)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: fcore_2009_4199.nasl 6624 2017-07-10 06:11:55Z cfischer $\n# Description: Auto-generated from advisory FEDORA-2009-4199 (memcached)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"memcached is a high-performance, distributed memory object caching\nsystem, generic in nature, but intended for use in speeding up dynamic\nweb applications by alleviating database load.\n\nChangeLog:\n\n* Wed Apr 29 2009 Paul Lindner - 1.2.8-1\n- Upgrade to memcached-1.2.8\n- Addresses CVE-2009-1255\";\ntag_solution = \"Apply the appropriate updates.\n\nThis update can be installed with the yum update program. Use \nsu -c 'yum update memcached' at the command line.\nFor more information, refer to Managing Software with yum,\navailable at http://docs.fedoraproject.org/yum/.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2009-4199\";\ntag_summary = \"The remote host is missing an update to memcached\nannounced via advisory FEDORA-2009-4199.\";\n\n\n\nif(description)\n{\n script_id(64029);\n script_version(\"$Revision: 6624 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:11:55 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-05-25 20:59:33 +0200 (Mon, 25 May 2009)\");\n script_cve_id(\"CVE-2009-1255\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_name(\"Fedora Core 10 FEDORA-2009-4199 (memcached)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=498271\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"memcached\", rpm:\"memcached~1.2.8~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"memcached-selinux\", rpm:\"memcached-selinux~1.2.8~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"memcached-debuginfo\", rpm:\"memcached-debuginfo~1.2.8~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2017-07-25T10:56:36", "description": "The remote host is missing an update to memcached\nannounced via advisory FEDORA-2009-4542.", "cvss3": {}, "published": "2009-06-05T00:00:00", "type": "openvas", "title": "Fedora Core 11 FEDORA-2009-4542 (memcached)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1255"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:64088", "href": "http://plugins.openvas.org/nasl.php?oid=64088", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: fcore_2009_4542.nasl 6624 2017-07-10 06:11:55Z cfischer $\n# Description: Auto-generated from advisory FEDORA-2009-4542 (memcached)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"ChangeLog:\n\n* Wed Apr 29 2009 Paul Lindner - 1.2.8-1\n- Upgrade to memcached-1.2.8\n- Addresses CVE-2009-1255\";\ntag_solution = \"Apply the appropriate updates.\n\nThis update can be installed with the yum update program. Use \nsu -c 'yum update memcached' at the command line.\nFor more information, refer to Managing Software with yum,\navailable at http://docs.fedoraproject.org/yum/.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2009-4542\";\ntag_summary = \"The remote host is missing an update to memcached\nannounced via advisory FEDORA-2009-4542.\";\n\n\n\nif(description)\n{\n script_id(64088);\n script_version(\"$Revision: 6624 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:11:55 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-06-05 18:04:08 +0200 (Fri, 05 Jun 2009)\");\n script_cve_id(\"CVE-2009-1255\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_name(\"Fedora Core 11 FEDORA-2009-4542 (memcached)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=498271\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"memcached\", rpm:\"memcached~1.2.8~1.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"memcached-selinux\", rpm:\"memcached-selinux~1.2.8~1.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"memcached-debuginfo\", rpm:\"memcached-debuginfo~1.2.8~1.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2018-04-06T11:38:49", "description": "The remote host is missing an update to memcached\nannounced via advisory FEDORA-2009-4542.", "cvss3": {}, "published": "2009-06-05T00:00:00", "type": "openvas", "title": "Fedora Core 11 FEDORA-2009-4542 (memcached)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1255"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:136141256231064088", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231064088", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: fcore_2009_4542.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory FEDORA-2009-4542 (memcached)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"ChangeLog:\n\n* Wed Apr 29 2009 Paul Lindner - 1.2.8-1\n- Upgrade to memcached-1.2.8\n- Addresses CVE-2009-1255\";\ntag_solution = \"Apply the appropriate updates.\n\nThis update can be installed with the yum update program. Use \nsu -c 'yum update memcached' at the command line.\nFor more information, refer to Managing Software with yum,\navailable at http://docs.fedoraproject.org/yum/.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2009-4542\";\ntag_summary = \"The remote host is missing an update to memcached\nannounced via advisory FEDORA-2009-4542.\";\n\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.64088\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-06-05 18:04:08 +0200 (Fri, 05 Jun 2009)\");\n script_cve_id(\"CVE-2009-1255\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_name(\"Fedora Core 11 FEDORA-2009-4542 (memcached)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=498271\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"memcached\", rpm:\"memcached~1.2.8~1.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"memcached-selinux\", rpm:\"memcached-selinux~1.2.8~1.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"memcached-debuginfo\", rpm:\"memcached-debuginfo~1.2.8~1.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2018-04-06T11:37:53", "description": "The remote host is missing an update to the system\nas announced in the referenced advisory.", "cvss3": {}, "published": "2009-09-02T00:00:00", "type": "openvas", "title": "FreeBSD Ports: memcached", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1255"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:136141256231064787", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231064787", "sourceData": "#\n#VID 86ada694-8b30-11de-b9d0-000c6e274733\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from VID 86ada694-8b30-11de-b9d0-000c6e274733\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The following package is affected: memcached\n\nCVE-2009-1255\nThe process_stat function in (1) Memcached before 1.2.8 and (2)\nMemcacheDB 1.2.0 discloses (a) the contents of /proc/self/maps in\nresponse to a stats maps command and (b) memory-allocation statistics\nin response to a stats malloc command, which allows remote attackers\nto obtain sensitive information such as the locations of memory\nregions, and defeat ASLR protection, by sending a command to the\ndaemon's TCP port.\";\ntag_solution = \"Update your system with the appropriate patches or\nsoftware upgrades.\n\nhttp://secunia.com/advisories/34915/\nhttp://www.vuxml.org/freebsd/86ada694-8b30-11de-b9d0-000c6e274733.html\";\ntag_summary = \"The remote host is missing an update to the system\nas announced in the referenced advisory.\";\n\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.64787\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-09-02 04:58:39 +0200 (Wed, 02 Sep 2009)\");\n script_cve_id(\"CVE-2009-1255\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_name(\"FreeBSD Ports: memcached\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"FreeBSD Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/freebsdrel\", \"login/SSH/success\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-bsd.inc\");\n\ntxt = \"\";\nvuln = 0;\nbver = portver(pkg:\"memcached\");\nif(!isnull(bver) && revcomp(a:bver, b:\"1.2.8\")<0) {\n txt += 'Package memcached version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\n\nif(vuln) {\n security_message(data:string(txt));\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2018-04-06T11:37:47", "description": "The remote host is missing an update to memcached\nannounced via advisory FEDORA-2009-4199.", "cvss3": {}, "published": "2009-05-25T00:00:00", "type": "openvas", "title": "Fedora Core 10 FEDORA-2009-4199 (memcached)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1255"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:136141256231064029", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231064029", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: fcore_2009_4199.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory FEDORA-2009-4199 (memcached)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"memcached is a high-performance, distributed memory object caching\nsystem, generic in nature, but intended for use in speeding up dynamic\nweb applications by alleviating database load.\n\nChangeLog:\n\n* Wed Apr 29 2009 Paul Lindner - 1.2.8-1\n- Upgrade to memcached-1.2.8\n- Addresses CVE-2009-1255\";\ntag_solution = \"Apply the appropriate updates.\n\nThis update can be installed with the yum update program. Use \nsu -c 'yum update memcached' at the command line.\nFor more information, refer to Managing Software with yum,\navailable at http://docs.fedoraproject.org/yum/.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2009-4199\";\ntag_summary = \"The remote host is missing an update to memcached\nannounced via advisory FEDORA-2009-4199.\";\n\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.64029\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-05-25 20:59:33 +0200 (Mon, 25 May 2009)\");\n script_cve_id(\"CVE-2009-1255\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_name(\"Fedora Core 10 FEDORA-2009-4199 (memcached)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=498271\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"memcached\", rpm:\"memcached~1.2.8~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"memcached-selinux\", rpm:\"memcached-selinux~1.2.8~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"memcached-debuginfo\", rpm:\"memcached-debuginfo~1.2.8~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2017-10-30T10:56:15", "description": "The host is running MemcacheDB and is prone to Information\nDisclosure Vulnerabilities.", "cvss3": {}, "published": "2009-05-18T00:00:00", "type": "openvas", "title": "MemcacheDB Information Disclosure Vulnerability", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1255"], "modified": "2017-10-26T00:00:00", "id": "OPENVAS:800717", "href": "http://plugins.openvas.org/nasl.php?oid=800717", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_memcachedb_info_disclosure_vuln.nasl 7573 2017-10-26 09:18:50Z cfischer $\n#\n# MemcacheDB Information Disclosure Vulnerability\n#\n# Authors:\n# Sujit Ghosal <sghosal@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_solution = \"Upgrade to memcached 1.2.8 or later,\nFor updates refer to http://memcached.googlecode.com/files/memcached-1.2.8.tar.gz\";\n\ntag_impact = \"Successful exploitation will let the attacker craft execute\nmalicious commands and pass it to the vulnerable functions to gain sensitive\ninformation about the application.\";\n\ntag_affected = \"MemcacheDB version 1.2.0 and prior\";\n\ntag_insight = \"Error in process_stat function discloses the contents of\n/proc/self/maps in response to a stats maps command.\";\n\ntag_summary = \"The host is running MemcacheDB and is prone to Information\nDisclosure Vulnerabilities.\";\n\nif(description)\n{\n script_id(800717);\n script_version(\"$Revision: 7573 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-10-26 11:18:50 +0200 (Thu, 26 Oct 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-05-18 09:37:31 +0200 (Mon, 18 May 2009)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_cve_id(\"CVE-2009-1255\");\n script_bugtraq_id(34756);\n script_name(\"MemcacheDB Information Disclosure Vulnerability\");\n\n script_xref(name : \"URL\" , value : \"http://secunia.com/advisories/34932\");\n script_xref(name : \"URL\" , value : \"http://www.vupen.com/english/advisories/2009/1197\");\n\n script_tag(name:\"qod_type\", value:\"remote_banner\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_memcachedb_detect.nasl\");\n script_require_keys(\"MemCacheDB/Ver\");\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"solution\" , value : tag_solution);\n exit(0);\n}\n\n\ninclude(\"version_func.inc\");\n\nmemcachedbVer = get_kb_item(\"MemCacheDB/Ver\");\nif(memcachedbVer == NULL){\n exit(0);\n}\n\n# Grep for MemcacheDB version 1.2.0 and prior\nif(version_is_less_equal(version:memcachedbVer, test_version:\"1.2.0\")){\n security_message(port:0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2017-07-02T21:13:53", "description": "The remote host is missing an update to the system\nas announced in the referenced advisory.", "cvss3": {}, "published": "2009-09-02T00:00:00", "type": "openvas", "title": "FreeBSD Ports: memcached", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1255"], "modified": "2016-12-23T00:00:00", "id": "OPENVAS:64787", "href": "http://plugins.openvas.org/nasl.php?oid=64787", "sourceData": "#\n#VID 86ada694-8b30-11de-b9d0-000c6e274733\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from VID 86ada694-8b30-11de-b9d0-000c6e274733\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The following package is affected: memcached\n\nCVE-2009-1255\nThe process_stat function in (1) Memcached before 1.2.8 and (2)\nMemcacheDB 1.2.0 discloses (a) the contents of /proc/self/maps in\nresponse to a stats maps command and (b) memory-allocation statistics\nin response to a stats malloc command, which allows remote attackers\nto obtain sensitive information such as the locations of memory\nregions, and defeat ASLR protection, by sending a command to the\ndaemon's TCP port.\";\ntag_solution = \"Update your system with the appropriate patches or\nsoftware upgrades.\n\nhttp://secunia.com/advisories/34915/\nhttp://www.vuxml.org/freebsd/86ada694-8b30-11de-b9d0-000c6e274733.html\";\ntag_summary = \"The remote host is missing an update to the system\nas announced in the referenced advisory.\";\n\n\n\nif(description)\n{\n script_id(64787);\n script_version(\"$Revision: 4847 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2016-12-23 10:33:16 +0100 (Fri, 23 Dec 2016) $\");\n script_tag(name:\"creation_date\", value:\"2009-09-02 04:58:39 +0200 (Wed, 02 Sep 2009)\");\n script_cve_id(\"CVE-2009-1255\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_name(\"FreeBSD Ports: memcached\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"FreeBSD Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/freebsdrel\", \"login/SSH/success\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-bsd.inc\");\n\ntxt = \"\";\nvuln = 0;\nbver = portver(pkg:\"memcached\");\nif(!isnull(bver) && revcomp(a:bver, b:\"1.2.8\")<0) {\n txt += 'Package memcached version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\n\nif(vuln) {\n security_message(data:string(txt));\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2019-05-29T18:40:19", "description": "The host is running MemcacheDB and is prone to Information\n Disclosure Vulnerabilities.", "cvss3": {}, "published": "2009-05-18T00:00:00", "type": "openvas", "title": "MemcacheDB Information Disclosure Vulnerability", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1255"], "modified": "2019-03-07T00:00:00", "id": "OPENVAS:1361412562310800717", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310800717", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_memcachedb_info_disclosure_vuln.nasl 14031 2019-03-07 10:47:29Z cfischer $\n#\n# MemcacheDB Information Disclosure Vulnerability\n#\n# Authors:\n# Sujit Ghosal <sghosal@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:memcachedb:memcached\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.800717\");\n script_version(\"$Revision: 14031 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-07 11:47:29 +0100 (Thu, 07 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2009-05-18 09:37:31 +0200 (Mon, 18 May 2009)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_cve_id(\"CVE-2009-1255\");\n script_bugtraq_id(34756);\n script_name(\"MemcacheDB Information Disclosure Vulnerability\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_memcachedb_detect.nasl\");\n script_mandatory_keys(\"MemcacheDB/installed\");\n\n script_xref(name:\"URL\", value:\"http://secunia.com/advisories/34932\");\n script_xref(name:\"URL\", value:\"http://www.vupen.com/english/advisories/2009/1197\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will let the attacker craft execute\n malicious commands and pass it to the vulnerable functions to gain sensitive\n information about the application.\");\n\n script_tag(name:\"affected\", value:\"MemcacheDB version 1.2.0 and prior.\");\n\n script_tag(name:\"insight\", value:\"Error in process_stat function discloses the contents of\n /proc/self/maps in response to a stats maps command.\");\n\n script_tag(name:\"summary\", value:\"The host is running MemcacheDB and is prone to Information\n Disclosure Vulnerabilities.\");\n\n script_tag(name:\"solution\", value:\"No known solution was made available for at least one year since the disclosure\n of this vulnerability. Likely none will be provided anymore. General solution options are to upgrade to a newer\n release, disable respective features, remove the product or replace the product by another one.\");\n\n script_tag(name:\"qod_type\", value:\"remote_banner\");\n script_tag(name:\"solution_type\", value:\"WillNotFix\");\n\n exit(0);\n}\n\ninclude(\"version_func.inc\");\ninclude(\"host_details.inc\");\n\nif( ! port = get_app_port( cpe:CPE ) )\n exit( 0 );\n\nif( ! vers = get_app_version( cpe:CPE, port:port ) )\n exit(0);\n\nif( version_is_less_equal( version:vers, test_version:\"1.2.0\" ) ) {\n report = report_fixed_ver( installed_version:vers, fixed_version:\"None\" );\n security_message( port:port, data:report );\n exit( 0 );\n}\n\nexit( 99 );", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2017-07-02T21:14:03", "description": "The host is running Memcached and is prone to multiple Buffer\n Overflow vulnerabilities.", "cvss3": {}, "published": "2009-08-20T00:00:00", "type": "openvas", "title": "Memcached Multiple Buffer Overflow Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-2415"], "modified": "2017-01-20T00:00:00", "id": "OPENVAS:900914", "href": "http://plugins.openvas.org/nasl.php?oid=900914", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: secpod_memcached_mult_bof_vuln.nasl 5055 2017-01-20 14:08:39Z teissa $\n#\n# Memcached Multiple Buffer Overflow Vulnerabilities\n#\n# Authors:\n# Nikita MR <rnikita@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2009 SecPod, http://www.secpod.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_solution = \"Apply the patch for Debian\n http://www.debian.org/security/2009/dsa-1853\n\n *****\n NOTE: Please ignore this warning if the patch is applied.\n *****\";\n\ntag_impact = \"Successful exploitation will let the attacker execute arbitrary code on the\n affected system via readily available network utilities.\";\ntag_affected = \"Memcached version 1.1.12 and 1.2.2\";\ntag_insight = \"Heap overflow errors occur due to integer conversions when parsing certain\n length attributes.\";\ntag_summary = \"The host is running Memcached and is prone to multiple Buffer\n Overflow vulnerabilities.\";\n\nif(description)\n{\n script_id(900914);\n script_version(\"$Revision: 5055 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-01-20 15:08:39 +0100 (Fri, 20 Jan 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-08-20 09:27:17 +0200 (Thu, 20 Aug 2009)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_cve_id(\"CVE-2009-2415\");\n script_bugtraq_id(35989);\n script_name(\"Memcached Multiple Buffer Overflow Vulnerabilities\");\n\n script_xref(name : \"URL\" , value : \"http://seclists.org/bugtraq/2009/Aug/0055.html\");\n\n script_tag(name:\"qod_type\", value:\"remote_banner\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 SecPod\");\n script_family(\"Buffer overflow\");\n script_dependencies(\"gb_memcached_detect.nasl\");\n script_require_keys(\"MemCached/Ver\");\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"solution\" , value : tag_solution);\n exit(0);\n}\n\n\ninclude(\"version_func.inc\");\n\nmemPort = 11211;\nif(!get_port_state(memPort)){\n exit(0);\n}\n\nmemVer = get_kb_item(\"MemCached/Ver\");\nif(memVer == NULL){\n exit(0);\n}\n\n# Grep for Memcached version 1.1.12 and 1.2.2\nif(version_is_equal(version:memVer, test_version:\"1.1.12\") ||\n version_is_equal(version:memVer, test_version:\"1.2.2\")){\n security_message(memPort);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-24T12:57:05", "description": "The remote host is missing an update to memcached\nannounced via advisory MDVSA-2009:202.", "cvss3": {}, "published": "2009-09-02T00:00:00", "type": "openvas", "title": "Mandrake Security Advisory MDVSA-2009:202 (memcached)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-2415"], "modified": "2017-07-06T00:00:00", "id": "OPENVAS:64674", "href": "http://plugins.openvas.org/nasl.php?oid=64674", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: mdksa_2009_202.nasl 6573 2017-07-06 13:10:50Z cfischer $\n# Description: Auto-generated from advisory MDVSA-2009:202 (memcached)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"A vulnerability has been found and corrected in memcached:\n\nMultiple integer overflows in memcached 1.1.12 and 1.2.2 allow remote\nattackers to execute arbitrary code via vectors involving length\nattributes that trigger heap-based buffer overflows (CVE-2009-2415).\n\nThis update provides a solution to this vulnerability. Additionally\nmemcached-1.2.x has been upgraded to 1.2.8 for 2009.0/2009.1 and MES\n5 that contains a number of upstream fixes, the repcached patch has\nbeen upgraded to 2.2 as well.\n\nAffected: 2009.0, 2009.1, Corporate 4.0, Enterprise Server 5.0\";\ntag_solution = \"To upgrade automatically use MandrakeUpdate or urpmi. The verification\nof md5 checksums and GPG signatures is performed automatically for you.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=MDVSA-2009:202\";\ntag_summary = \"The remote host is missing an update to memcached\nannounced via advisory MDVSA-2009:202.\";\n\n \n\nif(description)\n{\n script_id(64674);\n script_version(\"$Revision: 6573 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-06 15:10:50 +0200 (Thu, 06 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-09-02 04:58:39 +0200 (Wed, 02 Sep 2009)\");\n script_cve_id(\"CVE-2009-2415\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Mandrake Security Advisory MDVSA-2009:202 (memcached)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"memcached\", rpm:\"memcached~1.2.8~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"memcached\", rpm:\"memcached~1.2.8~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"memcached\", rpm:\"memcached~1.1.12~4.2.20060mlcs4\", rls:\"MNDK_4.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"memcached\", rpm:\"memcached~1.2.8~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-06T11:40:28", "description": "The remote host is missing an update to memcached\nannounced via advisory DSA 1853-1.", "cvss3": {}, "published": "2009-08-17T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 1853-1 (memcached)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-2415"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:136141256231064630", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231064630", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_1853_1.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory DSA 1853-1 (memcached)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Ronald Volgers discovered that memcached, a high-performance memory object\ncaching system, is vulnerable to several heap-based buffer overflows due\nto integer conversions when parsing certain length attributes. An\nattacker can use this to execute arbitrary code on the system running\nmemcached (on etch with root privileges).\n\nFor the oldstable distribution (etch), this problem has been fixed in\nversion 1.1.12-1+etch1.\n\nFor the stable distribution (lenny), this problem has been fixed in\nversion 1.2.2-1+lenny1.\n\nFor the testing (squeeze) and unstable (sid) distribution , this problem\nwill be fixed soon.\n\n\nWe recommend that you upgrade your memcached packages.\";\ntag_summary = \"The remote host is missing an update to memcached\nannounced via advisory DSA 1853-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201853-1\";\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.64630\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-08-17 16:54:45 +0200 (Mon, 17 Aug 2009)\");\n script_cve_id(\"CVE-2009-2415\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Debian Security Advisory DSA 1853-1 (memcached)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"memcached\", ver:\"1.1.12-1+etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"memcached\", ver:\"1.2.2-1+lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-24T12:57:10", "description": "The remote host is missing an update to memcached\nannounced via advisory DSA 1853-1.", "cvss3": {}, "published": "2009-08-17T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 1853-1 (memcached)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-2415"], "modified": "2017-07-07T00:00:00", "id": "OPENVAS:64630", "href": "http://plugins.openvas.org/nasl.php?oid=64630", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_1853_1.nasl 6615 2017-07-07 12:09:52Z cfischer $\n# Description: Auto-generated from advisory DSA 1853-1 (memcached)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Ronald Volgers discovered that memcached, a high-performance memory object\ncaching system, is vulnerable to several heap-based buffer overflows due\nto integer conversions when parsing certain length attributes. An\nattacker can use this to execute arbitrary code on the system running\nmemcached (on etch with root privileges).\n\nFor the oldstable distribution (etch), this problem has been fixed in\nversion 1.1.12-1+etch1.\n\nFor the stable distribution (lenny), this problem has been fixed in\nversion 1.2.2-1+lenny1.\n\nFor the testing (squeeze) and unstable (sid) distribution , this problem\nwill be fixed soon.\n\n\nWe recommend that you upgrade your memcached packages.\";\ntag_summary = \"The remote host is missing an update to memcached\nannounced via advisory DSA 1853-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201853-1\";\n\n\nif(description)\n{\n script_id(64630);\n script_version(\"$Revision: 6615 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:09:52 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-08-17 16:54:45 +0200 (Mon, 17 Aug 2009)\");\n script_cve_id(\"CVE-2009-2415\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Debian Security Advisory DSA 1853-1 (memcached)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"memcached\", ver:\"1.1.12-1+etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"memcached\", ver:\"1.2.2-1+lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:40:16", "description": "The host is running Memcached and is prone to multiple Buffer\n Overflow vulnerabilities.", "cvss3": {}, "published": "2009-08-20T00:00:00", "type": "openvas", "title": "Memcached 'CVE-2009-2415' Multiple Buffer Overflow Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-2415"], "modified": "2019-03-07T00:00:00", "id": "OPENVAS:1361412562310900914", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310900914", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: secpod_memcached_mult_bof_vuln.nasl 14031 2019-03-07 10:47:29Z cfischer $\n#\n# Memcached 'CVE-2009-2415' Multiple Buffer Overflow Vulnerabilities\n#\n# Authors:\n# Nikita MR <rnikita@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2009 SecPod, http://www.secpod.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:memcached:memcached\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.900914\");\n script_version(\"$Revision: 14031 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-07 11:47:29 +0100 (Thu, 07 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2009-08-20 09:27:17 +0200 (Thu, 20 Aug 2009)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_cve_id(\"CVE-2009-2415\");\n script_bugtraq_id(35989);\n script_name(\"Memcached 'CVE-2009-2415' Multiple Buffer Overflow Vulnerabilities\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 SecPod\");\n script_family(\"Buffer overflow\");\n script_dependencies(\"gb_memcached_detect.nasl\");\n script_mandatory_keys(\"Memcached/detected\");\n\n script_xref(name:\"URL\", value:\"http://seclists.org/bugtraq/2009/Aug/0055.html\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will let the attacker execute arbitrary code on the\n affected system via readily available network utilities.\");\n\n script_tag(name:\"affected\", value:\"Memcached version 1.1.12 and 1.2.2.\");\n\n script_tag(name:\"insight\", value:\"Heap overflow errors occur due to integer conversions when parsing certain\n length attributes.\");\n\n script_tag(name:\"summary\", value:\"The host is running Memcached and is prone to multiple Buffer\n Overflow vulnerabilities.\");\n\n script_tag(name:\"solution\", value:\"Update to a later version.\");\n\n script_tag(name:\"qod_type\", value:\"remote_banner_unreliable\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"version_func.inc\");\ninclude(\"host_details.inc\");\n\nif( ! port = get_app_port( cpe:CPE ) )\n exit( 0 );\n\nif( ! infos = get_app_version_and_proto( cpe:CPE, port:port ) )\n exit( 0 );\n\nvers = infos[\"version\"];\nproto = infos[\"proto\"];\n\nif( version_is_equal( version:vers, test_version:\"1.1.12\" ) ||\n version_is_equal( version:vers, test_version:\"1.2.2\" ) ) {\n report = report_fixed_ver( installed_version:vers, fixed_version:\"See references\" );\n security_message( port:port, proto:proto, data:report );\n exit( 0 );\n}\n\nexit( 99 );", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2018-04-06T11:40:13", "description": "The remote host is missing an update to memcached\nannounced via advisory MDVSA-2009:202.", "cvss3": {}, "published": "2009-09-02T00:00:00", "type": "openvas", "title": "Mandrake Security Advisory MDVSA-2009:202 (memcached)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-2415"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:136141256231064674", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231064674", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: mdksa_2009_202.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory MDVSA-2009:202 (memcached)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"A vulnerability has been found and corrected in memcached:\n\nMultiple integer overflows in memcached 1.1.12 and 1.2.2 allow remote\nattackers to execute arbitrary code via vectors involving length\nattributes that trigger heap-based buffer overflows (CVE-2009-2415).\n\nThis update provides a solution to this vulnerability. Additionally\nmemcached-1.2.x has been upgraded to 1.2.8 for 2009.0/2009.1 and MES\n5 that contains a number of upstream fixes, the repcached patch has\nbeen upgraded to 2.2 as well.\n\nAffected: 2009.0, 2009.1, Corporate 4.0, Enterprise Server 5.0\";\ntag_solution = \"To upgrade automatically use MandrakeUpdate or urpmi. The verification\nof md5 checksums and GPG signatures is performed automatically for you.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=MDVSA-2009:202\";\ntag_summary = \"The remote host is missing an update to memcached\nannounced via advisory MDVSA-2009:202.\";\n\n \n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.64674\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-09-02 04:58:39 +0200 (Wed, 02 Sep 2009)\");\n script_cve_id(\"CVE-2009-2415\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Mandrake Security Advisory MDVSA-2009:202 (memcached)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"memcached\", rpm:\"memcached~1.2.8~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"memcached\", rpm:\"memcached~1.2.8~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"memcached\", rpm:\"memcached~1.1.12~4.2.20060mlcs4\", rls:\"MNDK_4.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"memcached\", rpm:\"memcached~1.2.8~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:40:25", "description": "The host is running Memcached and is prone to Information Disclosure\n Vulnerabilities.", "cvss3": {}, "published": "2009-05-18T00:00:00", "type": "openvas", "title": "Memcached < 1.2.8 Information Disclosure Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1494", "CVE-2009-1255"], "modified": "2019-03-07T00:00:00", "id": "OPENVAS:1361412562310800715", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310800715", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_memcached_info_disclosure_vuln.nasl 14031 2019-03-07 10:47:29Z cfischer $\n#\n# Memcached < 1.2.8 Information Disclosure Vulnerabilities\n#\n# Authors:\n# Sujit Ghosal <sghosal@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:memcached:memcached\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.800715\");\n script_version(\"$Revision: 14031 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-07 11:47:29 +0100 (Thu, 07 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2009-05-18 09:37:31 +0200 (Mon, 18 May 2009)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_cve_id(\"CVE-2009-1255\", \"CVE-2009-1494\");\n script_bugtraq_id(34756);\n script_name(\"Memcached < 1.2.8 Information Disclosure Vulnerabilities\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_memcached_detect.nasl\");\n script_mandatory_keys(\"Memcached/detected\");\n\n script_xref(name:\"URL\", value:\"http://secunia.com/advisories/34915\");\n script_xref(name:\"URL\", value:\"http://www.vupen.com/english/advisories/2009/1196\");\n script_xref(name:\"URL\", value:\"http://www.positronsecurity.com/advisories/2009-001.html\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will let the attacker craft malicious commands and\n pass it to the vulnerable functions to gain sensitive information about the application i.e. disclosure of\n locations of memory regions and defeat ASLR protections, by sending a command to the daemon's TCP port.\");\n\n script_tag(name:\"affected\", value:\"Memcached version prior to 1.2.8.\");\n\n script_tag(name:\"insight\", value:\"- Error in process_stat function discloses the contents of /proc/self/maps in\n response to a stats maps command.\n\n - Error in process_stat function which discloses memory allocation statistics\n in response to a stats malloc command.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to the latest version 1.2.8.\");\n\n script_tag(name:\"summary\", value:\"The host is running Memcached and is prone to Information Disclosure\n Vulnerabilities.\");\n\n script_tag(name:\"qod_type\", value:\"remote_banner_unreliable\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"version_func.inc\");\ninclude(\"host_details.inc\");\n\nif( ! port = get_app_port( cpe:CPE ) )\n exit( 0 );\n\nif( ! infos = get_app_version_and_proto( cpe:CPE, port:port ) )\n exit( 0 );\n\nvers = infos[\"version\"];\nproto = infos[\"proto\"];\n\nif( version_is_less( version:vers, test_version:\"1.2.8\" ) ) {\n report = report_fixed_ver( installed_version:vers, fixed_version:\"1.2.8\" );\n security_message( port:port, proto:proto, data:report );\n exit( 0 );\n}\n\nexit( 99 );", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2017-10-30T10:55:06", "description": "The host is running Memcached and is prone to Information Disclosure\n Vulnerabilities.", "cvss3": {}, "published": "2009-05-18T00:00:00", "type": "openvas", "title": "Memcached Information Disclosure Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1494", "CVE-2009-1255"], "modified": "2017-10-26T00:00:00", "id": "OPENVAS:800715", "href": "http://plugins.openvas.org/nasl.php?oid=800715", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_memcached_info_disclosure_vuln.nasl 7573 2017-10-26 09:18:50Z cfischer $\n#\n# Memcached Information Disclosure Vulnerabilities\n#\n# Authors:\n# Sujit Ghosal <sghosal@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_impact = \"Successful exploitation will let the attacker craft malicious commands and\n pass it to the vulnerable functions to gain sensitive information about the\n application i.e. disclosure of locations of memory regions and defeat ASLR\n protections, by sending a command to the daemon's TCP port.\";\ntag_affected = \"Memcached version prior to 1.2.8\";\ntag_insight = \"- Error in process_stat function discloses the contents of /proc/self/maps in\n response to a stats maps command.\n - Error in process_stat function which discloses memory allocation statistics\n in response to a stats malloc command.\";\ntag_solution = \"Upgrade to the latest version 1.2.8\n http://www.danga.com/memcached\";\ntag_summary = \"The host is running Memcached and is prone to Information Disclosure\n Vulnerabilities.\";\n\nif(description)\n{\n script_id(800715);\n script_version(\"$Revision: 7573 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-10-26 11:18:50 +0200 (Thu, 26 Oct 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-05-18 09:37:31 +0200 (Mon, 18 May 2009)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_cve_id(\"CVE-2009-1255\", \"CVE-2009-1494\");\n script_bugtraq_id(34756);\n script_name(\"Memcached Information Disclosure Vulnerabilities\");\n script_xref(name : \"URL\" , value : \"http://secunia.com/advisories/34915\");\n script_xref(name : \"URL\" , value : \"http://www.vupen.com/english/advisories/2009/1196\");\n script_xref(name : \"URL\" , value : \"http://www.positronsecurity.com/advisories/2009-001.html\");\n\n script_tag(name:\"qod_type\", value:\"remote_banner\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_memcached_detect.nasl\");\n script_require_keys(\"MemCached/Ver\");\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n exit(0);\n}\n\n\ninclude(\"version_func.inc\");\n\nmemcachedVer = get_kb_item(\"MemCached/Ver\");\nif(memcachedVer == NULL){\n exit(0);\n}\n\n# Grep for Memcached version prior to 1.2.8\nif(version_is_less(version:memcachedVer, test_version:\"1.2.8\")){\n security_message(port:0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2017-07-24T12:56:38", "description": "The remote host is missing an update to memcached\nannounced via advisory MDVSA-2009:105.", "cvss3": {}, "published": "2009-06-05T00:00:00", "type": "openvas", "title": "Mandrake Security Advisory MDVSA-2009:105 (memcached)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1494", "CVE-2009-1255"], "modified": "2017-07-06T00:00:00", "id": "OPENVAS:64137", "href": "http://plugins.openvas.org/nasl.php?oid=64137", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: mdksa_2009_105.nasl 6573 2017-07-06 13:10:50Z cfischer $\n# Description: Auto-generated from advisory MDVSA-2009:105 (memcached)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The process_stat function in Memcached prior 1.2.8 discloses\nmemory-allocation statistics in response to a stats malloc command,\nwhich allows remote attackers to obtain potentially sensitive\ninformation by sending this command to the daemon's TCP port\n(CVE-2009-1255, CVE-2009-1494).\n\nThe updated packages have been patched to prevent this.\n\nAffected: 2009.0, 2009.1, Corporate 4.0\";\ntag_solution = \"To upgrade automatically use MandrakeUpdate or urpmi. The verification\nof md5 checksums and GPG signatures is performed automatically for you.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=MDVSA-2009:105\";\ntag_summary = \"The remote host is missing an update to memcached\nannounced via advisory MDVSA-2009:105.\";\n\n \n\nif(description)\n{\n script_id(64137);\n script_version(\"$Revision: 6573 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-06 15:10:50 +0200 (Thu, 06 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-06-05 18:04:08 +0200 (Fri, 05 Jun 2009)\");\n script_cve_id(\"CVE-2009-1255\", \"CVE-2009-1494\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_name(\"Mandrake Security Advisory MDVSA-2009:105 (memcached)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"memcached\", rpm:\"memcached~1.2.6~2.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"memcached\", rpm:\"memcached~1.2.6~4.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"memcached\", rpm:\"memcached~1.1.12~4.1.20060mlcs4\", rls:\"MNDK_4.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2018-04-06T11:38:51", "description": "The remote host is missing an update to memcached\nannounced via advisory MDVSA-2009:105.", "cvss3": {}, "published": "2009-06-05T00:00:00", "type": "openvas", "title": "Mandrake Security Advisory MDVSA-2009:105 (memcached)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1494", "CVE-2009-1255"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:136141256231064137", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231064137", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: mdksa_2009_105.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory MDVSA-2009:105 (memcached)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The process_stat function in Memcached prior 1.2.8 discloses\nmemory-allocation statistics in response to a stats malloc command,\nwhich allows remote attackers to obtain potentially sensitive\ninformation by sending this command to the daemon's TCP port\n(CVE-2009-1255, CVE-2009-1494).\n\nThe updated packages have been patched to prevent this.\n\nAffected: 2009.0, 2009.1, Corporate 4.0\";\ntag_solution = \"To upgrade automatically use MandrakeUpdate or urpmi. The verification\nof md5 checksums and GPG signatures is performed automatically for you.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=MDVSA-2009:105\";\ntag_summary = \"The remote host is missing an update to memcached\nannounced via advisory MDVSA-2009:105.\";\n\n \n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.64137\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-06-05 18:04:08 +0200 (Fri, 05 Jun 2009)\");\n script_cve_id(\"CVE-2009-1255\", \"CVE-2009-1494\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_name(\"Mandrake Security Advisory MDVSA-2009:105 (memcached)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"memcached\", rpm:\"memcached~1.2.6~2.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"memcached\", rpm:\"memcached~1.2.6~4.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"memcached\", rpm:\"memcached~1.1.12~4.1.20060mlcs4\", rls:\"MNDK_4.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2019-05-29T18:37:02", "description": "Gentoo Linux Local Security Checks GLSA 201406-13", "cvss3": {}, "published": "2015-09-29T00:00:00", "type": "openvas", "title": "Gentoo Security Advisory GLSA 201406-13", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-7291", "CVE-2013-0179", "CVE-2011-4971", "CVE-2013-7290", "CVE-2013-7239", "CVE-2009-2415"], "modified": "2018-10-26T00:00:00", "id": "OPENVAS:1361412562310121216", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310121216", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: glsa-201406-13.nasl 12128 2018-10-26 13:35:25Z cfischer $\n#\n# Gentoo Linux security check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.121216\");\n script_version(\"$Revision: 12128 $\");\n script_tag(name:\"creation_date\", value:\"2015-09-29 11:27:22 +0300 (Tue, 29 Sep 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-26 15:35:25 +0200 (Fri, 26 Oct 2018) $\");\n script_name(\"Gentoo Security Advisory GLSA 201406-13\");\n script_tag(name:\"insight\", value:\"memcached authentication could be bypassed when using SASL due to a flaw related to SASL authentication state. Also several heap-based buffer overflows due to integer conversions when parsing certain length attributes were discovered.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://security.gentoo.org/glsa/201406-13\");\n script_cve_id(\"CVE-2009-2415\", \"CVE-2013-7239\", \"CVE-2011-4971\", \"CVE-2013-0179\", \"CVE-2013-7290\", \"CVE-2013-7291\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"summary\", value:\"Gentoo Linux Local Security Checks GLSA 201406-13\");\n script_copyright(\"Eero Volotinen\");\n script_family(\"Gentoo Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-gentoo.inc\");\n\nres = \"\";\nreport = \"\";\n\nif((res=ispkgvuln(pkg:\"net-misc/memcached\", unaffected: make_list(\"ge 1.4.17\"), vulnerable: make_list(\"lt 1.4.17\"))) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2017-07-26T08:56:15", "description": "The remote host is missing updates announced in\nadvisory SUSE-SR:2009:013. SuSE Security Summaries are short\non detail when it comes to the names of packages affected by\na particular bug. Because of this, while this test will detect\nout of date packages, it cannot tell you what bugs impact\nwhich packages, or vice versa.", "cvss3": {}, "published": "2009-08-17T00:00:00", "type": "openvas", "title": "SuSE Security Summary SUSE-SR:2009:013", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1955", "CVE-2008-5518", "CVE-2009-1791", "CVE-2009-0039", "CVE-2009-2416", "CVE-2009-1376", "CVE-2009-1788", "CVE-2009-0038", "CVE-2009-1375", "CVE-2009-0781", "CVE-2009-2285", "CVE-2009-1494", "CVE-2009-2185", "CVE-2009-1889", "CVE-2009-0023", "CVE-2009-1255", "CVE-2009-1373", "CVE-2009-1956", "CVE-2009-2415", "CVE-2009-2288"], "modified": "2017-07-11T00:00:00", "id": "OPENVAS:64643", "href": "http://plugins.openvas.org/nasl.php?oid=64643", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: suse_sr_2009_013.nasl 6668 2017-07-11 13:34:29Z cfischer $\n# Description: Auto-generated from advisory SUSE-SR:2009:013\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates announced in\nadvisory SUSE-SR:2009:013. SuSE Security Summaries are short\non detail when it comes to the names of packages affected by\na particular bug. Because of this, while this test will detect\nout of date packages, it cannot tell you what bugs impact\nwhich packages, or vice versa.\";\n\ntag_solution = \"Update all out of date packages.\";\n \nif(description)\n{\n script_id(64643);\n script_version(\"$Revision: 6668 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-11 15:34:29 +0200 (Tue, 11 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-08-17 16:54:45 +0200 (Mon, 17 Aug 2009)\");\n script_cve_id(\"CVE-2008-5518\", \"CVE-2009-0023\", \"CVE-2009-0038\", \"CVE-2009-0039\", \"CVE-2009-0781\", \"CVE-2009-1255\", \"CVE-2009-1373\", \"CVE-2009-1375\", \"CVE-2009-1376\", \"CVE-2009-1494\", \"CVE-2009-1788\", \"CVE-2009-1791\", \"CVE-2009-1889\", \"CVE-2009-1955\", \"CVE-2009-1956\", \"CVE-2009-2185\", \"CVE-2009-2285\", \"CVE-2009-2288\", \"CVE-2009-2415\", \"CVE-2009-2416\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"SuSE Security Summary SUSE-SR:2009:013\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"ConsoleKit\", rpm:\"ConsoleKit~0.2.10~60.27.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"ConsoleKit-devel\", rpm:\"ConsoleKit-devel~0.2.10~60.27.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"ConsoleKit-x11\", rpm:\"ConsoleKit-x11~0.2.10~60.27.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"ImageMagick\", rpm:\"ImageMagick~6.4.3.6~5.5.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"ImageMagick-devel\", rpm:\"ImageMagick-devel~6.4.3.6~5.5.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"ImageMagick-extra\", rpm:\"ImageMagick-extra~6.4.3.6~5.5.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"Mesa\", rpm:\"Mesa~7.2~10.3.6\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"Mesa-devel\", rpm:\"Mesa-devel~7.2~10.3.6\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"Mesa-devel-static\", rpm:\"Mesa-devel-static~7.2~10.3.6\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"MozillaFirefox\", rpm:\"MozillaFirefox~3.0.12~0.1.2\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"MozillaFirefox-branding-upstream\", rpm:\"MozillaFirefox-branding-upstream~3.0.12~0.1.2\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"MozillaFirefox-translations\", rpm:\"MozillaFirefox-translations~3.0.12~0.1.2\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"MozillaThunderbird\", rpm:\"MozillaThunderbird~2.0.0.22~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"MozillaThunderbird-devel\", rpm:\"MozillaThunderbird-devel~2.0.0.22~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"MozillaThunderbird-translations\", rpm:\"MozillaThunderbird-translations~2.0.0.22~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"anjuta\", rpm:\"anjuta~2.24.1~2.8.3\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"anjuta-devel\", rpm:\"anjuta-devel~2.24.1~2.8.3\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"anjuta-doc\", rpm:\"anjuta-doc~2.24.1~2.8.3\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"anjuta-lang\", rpm:\"anjuta-lang~2.24.1~2.8.3\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"aufs-kmp-debug\", rpm:\"aufs-kmp-debug~cvs20081020_2.6.27.25_0.1~1.32.13\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"aufs-kmp-trace\", rpm:\"aufs-kmp-trace~cvs20081020_2.6.27.25_0.1~1.32.13\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"bind\", rpm:\"bind~9.5.0P2~18.7.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"bind-chrootenv\", rpm:\"bind-chrootenv~9.5.0P2~18.7.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"bind-devel\", rpm:\"bind-devel~9.5.0P2~18.7.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"bind-doc\", rpm:\"bind-doc~9.5.0P2~18.7.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"bind-libs\", rpm:\"bind-libs~9.5.0P2~18.7.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"bind-utils\", rpm:\"bind-utils~9.5.0P2~18.7.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"brocade-bfa-kmp-debug\", rpm:\"brocade-bfa-kmp-debug~1.1.0.2_2.6.27.25_0.1~1.8.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"brocade-bfa-kmp-trace\", rpm:\"brocade-bfa-kmp-trace~1.1.0.2_2.6.27.25_0.1~1.8.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"cifs-mount\", rpm:\"cifs-mount~3.2.7~11.3.2\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"compiz\", rpm:\"compiz~0.7.8~9.2.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"compiz-branding-openSUSE\", rpm:\"compiz-branding-openSUSE~0.7.8~9.2.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"compiz-devel\", rpm:\"compiz-devel~0.7.8~9.2.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"compiz-gnome\", rpm:\"compiz-gnome~0.7.8~9.2.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"compiz-kde\", rpm:\"compiz-kde~0.7.8~9.2.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"compiz-kde4\", rpm:\"compiz-kde4~0.7.8~9.2.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"dazuko-kmp-debug\", rpm:\"dazuko-kmp-debug~2.3.6_2.6.27.25_0.1~1.49.11\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"dazuko-kmp-trace\", rpm:\"dazuko-kmp-trace~2.3.6_2.6.27.25_0.1~1.49.11\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"dhcp\", rpm:\"dhcp~3.1.1~6.5.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"dhcp-client\", rpm:\"dhcp-client~3.1.1~6.5.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"dhcp-devel\", rpm:\"dhcp-devel~3.1.1~6.5.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"dhcp-relay\", rpm:\"dhcp-relay~3.1.1~6.5.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"dhcp-server\", rpm:\"dhcp-server~3.1.1~6.5.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"drbd-kmp-debug\", rpm:\"drbd-kmp-debug~8.2.7_2.6.27.25_0.1~1.19.21\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"drbd-kmp-trace\", rpm:\"drbd-kmp-trace~8.2.7_2.6.27.25_0.1~1.19.21\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"evolution\", rpm:\"evolution~2.24.1.1~4.15.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"evolution-devel\", rpm:\"evolution-devel~2.24.1.1~4.15.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"evolution-lang\", rpm:\"evolution-lang~2.24.1.1~4.15.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"evolution-pilot\", rpm:\"evolution-pilot~2.24.1.1~4.15.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"expect\", rpm:\"expect~5.44.1.11~1.61.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"expect-devel\", rpm:\"expect-devel~5.44.1.11~1.61.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"fetchmail\", rpm:\"fetchmail~6.3.8.90~12.11.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"fetchmailconf\", rpm:\"fetchmailconf~6.3.8.90~12.11.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"finch\", rpm:\"finch~2.5.1~3.12.2\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"finch-devel\", rpm:\"finch-devel~2.5.1~3.12.2\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"flash-player\", rpm:\"flash-player~10.0.32.18~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"gnome-applets-brightness\", rpm:\"gnome-applets-brightness~2.24.1~6.9.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"gnome-applets-inhibit-powersave\", rpm:\"gnome-applets-inhibit-powersave~2.24.1~6.9.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"gnome-power-manager\", rpm:\"gnome-power-manager~2.24.1~6.9.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"gnome-power-manager-lang\", rpm:\"gnome-power-manager-lang~2.24.1~6.9.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"icu\", rpm:\"icu~4.0~7.2.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"icu-data\", rpm:\"icu-data~4.0~7.2.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"intel-iamt-heci-kmp-debug\", rpm:\"intel-iamt-heci-kmp-debug~3.1.0.31_2.6.27.25_0.1~2.40.11\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"intel-iamt-heci-kmp-trace\", rpm:\"intel-iamt-heci-kmp-trace~3.1.0.31_2.6.27.25_0.1~2.40.11\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"iscsitarget-kmp-debug\", rpm:\"iscsitarget-kmp-debug~0.4.15_2.6.27.25_0.1~89.11.17\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"iscsitarget-kmp-trace\", rpm:\"iscsitarget-kmp-trace~0.4.15_2.6.27.25_0.1~89.11.17\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_5_0-sun\", rpm:\"java-1_5_0-sun~1.5.0_update20~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_5_0-sun-alsa\", rpm:\"java-1_5_0-sun-alsa~1.5.0_update20~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_5_0-sun-devel\", rpm:\"java-1_5_0-sun-devel~1.5.0_update20~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_5_0-sun-jdbc\", rpm:\"java-1_5_0-sun-jdbc~1.5.0_update20~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_5_0-sun-plugin\", rpm:\"java-1_5_0-sun-plugin~1.5.0_update20~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_5_0-sun-src\", rpm:\"java-1_5_0-sun-src~1.5.0_update20~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_6_0-sun\", rpm:\"java-1_6_0-sun~1.6.0.u15~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_6_0-sun-alsa\", rpm:\"java-1_6_0-sun-alsa~1.6.0.u15~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_6_0-sun-devel\", rpm:\"java-1_6_0-sun-devel~1.6.0.u15~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_6_0-sun-jdbc\", rpm:\"java-1_6_0-sun-jdbc~1.6.0.u15~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_6_0-sun-plugin\", rpm:\"java-1_6_0-sun-plugin~1.6.0.u15~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_6_0-sun-src\", rpm:\"java-1_6_0-sun-src~1.6.0.u15~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-debug\", rpm:\"kernel-debug~2.6.27.25~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-debug-base\", rpm:\"kernel-debug-base~2.6.27.25~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-debug-extra\", rpm:\"kernel-debug-extra~2.6.27.25~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-default\", rpm:\"kernel-default~2.6.27.25~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-default-base\", rpm:\"kernel-default-base~2.6.27.25~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-default-extra\", rpm:\"kernel-default-extra~2.6.27.25~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-pae\", rpm:\"kernel-pae~2.6.27.25~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-pae-base\", rpm:\"kernel-pae-base~2.6.27.25~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-pae-extra\", rpm:\"kernel-pae-extra~2.6.27.25~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-source\", rpm:\"kernel-source~2.6.27.25~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-syms\", rpm:\"kernel-syms~2.6.27.25~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-trace\", rpm:\"kernel-trace~2.6.27.25~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-trace-base\", rpm:\"kernel-trace-base~2.6.27.25~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-trace-extra\", rpm:\"kernel-trace-extra~2.6.27.25~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-vanilla\", rpm:\"kernel-vanilla~2.6.27.25~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-xen\", rpm:\"kernel-xen~2.6.27.25~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-xen-base\", rpm:\"kernel-xen-base~2.6.27.25~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-xen-extra\", rpm:\"kernel-xen-extra~2.6.27.25~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kompozer\", rpm:\"kompozer~0.7.99.0.4~1.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kqemu-kmp-debug\", rpm:\"kqemu-kmp-debug~1.4.0pre1_2.6.27.25_0.1~2.1.11\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kqemu-kmp-trace\", rpm:\"kqemu-kmp-trace~1.4.0pre1_2.6.27.25_0.1~2.1.11\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kvm-kmp-trace\", rpm:\"kvm-kmp-trace~78_2.6.27.25_0.1~6.7.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"ldapsmb\", rpm:\"ldapsmb~1.34b~6.3.2\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libMagick++-devel\", rpm:\"libMagick++-devel~6.4.3.6~5.5.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libMagick++1\", rpm:\"libMagick++1~6.4.3.6~5.5.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libMagickCore1\", rpm:\"libMagickCore1~6.4.3.6~5.5.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libMagickWand1\", rpm:\"libMagickWand1~6.4.3.6~5.5.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libapr-util1\", rpm:\"libapr-util1~1.3.4~13.2.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libapr-util1-dbd-mysql\", rpm:\"libapr-util1-dbd-mysql~1.3.4~13.2.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libapr-util1-dbd-pgsql\", rpm:\"libapr-util1-dbd-pgsql~1.3.4~13.2.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libapr-util1-dbd-sqlite3\", rpm:\"libapr-util1-dbd-sqlite3~1.3.4~13.2.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libapr-util1-devel\", rpm:\"libapr-util1-devel~1.3.4~13.2.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libgphoto2\", rpm:\"libgphoto2~2.4.3~3.2.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libgphoto2-devel\", rpm:\"libgphoto2-devel~2.4.3~3.2.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libgphoto2-lang\", rpm:\"libgphoto2-lang~2.4.3~3.2.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libicu\", rpm:\"libicu~4.0~7.2.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libicu-devel\", rpm:\"libicu-devel~4.0~7.2.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libicu-doc\", rpm:\"libicu-doc~4.0~7.2.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libnetapi-devel\", rpm:\"libnetapi-devel~3.2.7~11.3.2\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libnetapi0\", rpm:\"libnetapi0~3.2.7~11.3.2\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libpng-devel\", rpm:\"libpng-devel~1.2.31~4.38.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libpng3\", rpm:\"libpng3~1.2.31~4.38.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libpng12-0\", rpm:\"libpng12-0~1.2.31~4.38.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libpurple\", rpm:\"libpurple~2.5.1~3.12.2\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libpurple-devel\", rpm:\"libpurple-devel~2.5.1~3.12.2\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libpurple-lang\", rpm:\"libpurple-lang~2.5.1~3.12.2\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libpurple-meanwhile\", rpm:\"libpurple-meanwhile~2.5.1~3.12.2\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libpurple-mono\", rpm:\"libpurple-mono~2.5.1~3.12.2\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libsmbclient-devel\", rpm:\"libsmbclient-devel~3.2.7~11.3.2\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libsmbclient0\", rpm:\"libsmbclient0~3.2.7~11.3.2\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libsmbsharemodes-devel\", rpm:\"libsmbsharemodes-devel~3.2.7~11.3.2\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libsmbsharemodes0\", rpm:\"libsmbsharemodes0~3.2.7~11.3.2\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libsndfile\", rpm:\"libsndfile~1.0.17~171.9.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libsndfile-devel\", rpm:\"libsndfile-devel~1.0.17~171.9.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libsndfile-octave\", rpm:\"libsndfile-octave~1.0.17~171.9.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libsndfile-progs\", rpm:\"libsndfile-progs~1.0.17~171.9.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libssh2-1\", rpm:\"libssh2-1~0.19.0+20080814~2.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libtalloc-devel\", rpm:\"libtalloc-devel~3.2.7~11.3.2\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libtalloc1\", rpm:\"libtalloc1~3.2.7~11.3.2\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libtdb-devel\", rpm:\"libtdb-devel~3.2.7~11.3.2\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libtdb1\", rpm:\"libtdb1~3.2.7~11.3.2\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libtiff3\", rpm:\"libtiff3~3.8.2~133.36.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libwbclient-devel\", rpm:\"libwbclient-devel~3.2.7~11.3.2\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libwbclient0\", rpm:\"libwbclient0~3.2.7~11.3.2\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libxml2\", rpm:\"libxml2~2.7.1~9.8.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libxml2-devel\", rpm:\"libxml2-devel~2.7.1~9.8.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libxml2-doc\", rpm:\"libxml2-doc~2.7.1~9.8.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lirc-kmp-trace\", rpm:\"lirc-kmp-trace~0.8.4_2.6.27.25_0.1~0.1.13\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"memcached\", rpm:\"memcached~1.2.6~5.7.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-xulrunner190\", rpm:\"mozilla-xulrunner190~1.9.0.12~1.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-xulrunner190-devel\", rpm:\"mozilla-xulrunner190-devel~1.9.0.12~1.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-xulrunner190-gnomevfs\", rpm:\"mozilla-xulrunner190-gnomevfs~1.9.0.12~1.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-xulrunner190-translations\", rpm:\"mozilla-xulrunner190-translations~1.9.0.12~1.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"nagios\", rpm:\"nagios~3.0.6~1.2.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"nagios-devel\", rpm:\"nagios-devel~3.0.6~1.2.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"nagios-www\", rpm:\"nagios-www~3.0.6~1.2.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"ofed-kmp-debug\", rpm:\"ofed-kmp-debug~1.4_2.6.27.25_0.1~21.16.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"ofed-kmp-trace\", rpm:\"ofed-kmp-trace~1.4_2.6.27.25_0.1~21.16.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"openswan\", rpm:\"openswan~2.6.16~1.48.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"openswan-doc\", rpm:\"openswan-doc~2.6.16~1.48.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"oracleasm-kmp-debug\", rpm:\"oracleasm-kmp-debug~2.0.5_2.6.27.25_0.1~2.36.13\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"oracleasm-kmp-trace\", rpm:\"oracleasm-kmp-trace~2.0.5_2.6.27.25_0.1~2.36.13\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"pcfclock-kmp-debug\", rpm:\"pcfclock-kmp-debug~0.44_2.6.27.25_0.1~227.56.13\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"pcfclock-kmp-trace\", rpm:\"pcfclock-kmp-trace~0.44_2.6.27.25_0.1~227.56.13\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"perl-PerlMagick\", rpm:\"perl-PerlMagick~6.4.3.6~5.5.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"pidgin\", rpm:\"pidgin~2.5.1~3.12.2\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"pidgin-devel\", rpm:\"pidgin-devel~2.5.1~3.12.2\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"python-xpcom190\", rpm:\"python-xpcom190~1.9.0.12~1.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"ruby\", rpm:\"ruby~1.8.7.p72~5.4.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"ruby-devel\", rpm:\"ruby-devel~1.8.7.p72~5.4.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"ruby-doc-html\", rpm:\"ruby-doc-html~1.8.7.p72~5.4.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"ruby-doc-ri\", rpm:\"ruby-doc-ri~1.8.7.p72~5.4.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"ruby-examples\", rpm:\"ruby-examples~1.8.7.p72~5.4.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"ruby-test-suite\", rpm:\"ruby-test-suite~1.8.7.p72~5.4.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"ruby-tk\", rpm:\"ruby-tk~1.8.7.p72~5.4.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"samba\", rpm:\"samba~3.2.7~11.3.2\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"samba-client\", rpm:\"samba-client~3.2.7~11.3.2\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"samba-devel\", rpm:\"samba-devel~3.2.7~11.3.2\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"samba-krb-printing\", rpm:\"samba-krb-printing~3.2.7~11.3.2\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"samba-vscan\", rpm:\"samba-vscan~0.3.6b~6.3.2\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"samba-winbind\", rpm:\"samba-winbind~3.2.7~11.3.2\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"sax2\", rpm:\"sax2~8.1~542.11.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"sax2-gui\", rpm:\"sax2-gui~8.1~542.11.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"sax2-ident\", rpm:\"sax2-ident~8.1~542.11.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"sax2-libsax\", rpm:\"sax2-libsax~8.1~542.11.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"sax2-libsax-devel\", rpm:\"sax2-libsax-devel~8.1~542.11.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"sax2-libsax-perl\", rpm:\"sax2-libsax-perl~8.1~542.11.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"sax2-libsax-python\", rpm:\"sax2-libsax-python~8.1~542.11.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"sax2-tools\", rpm:\"sax2-tools~8.1~542.11.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"scons\", rpm:\"scons~1.0.1~1.32.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"strongswan\", rpm:\"strongswan~4.2.8~1.26.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"strongswan-doc\", rpm:\"strongswan-doc~4.2.8~1.26.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"subversion\", rpm:\"subversion~1.5.7~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"subversion-devel\", rpm:\"subversion-devel~1.5.7~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"subversion-perl\", rpm:\"subversion-perl~1.5.7~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"subversion-python\", rpm:\"subversion-python~1.5.7~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"subversion-server\", rpm:\"subversion-server~1.5.7~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"subversion-tools\", rpm:\"subversion-tools~1.5.7~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"virtualbox-ose-kmp-debug\", rpm:\"virtualbox-ose-kmp-debug~2.0.6_2.6.27.25_0.1~2.8.50\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"virtualbox-ose-kmp-trace\", rpm:\"virtualbox-ose-kmp-trace~2.0.6_2.6.27.25_0.1~2.8.50\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"vmware-kmp-debug\", rpm:\"vmware-kmp-debug~2008.09.03_2.6.27.25_0.1~5.50.35\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"vmware-kmp-trace\", rpm:\"vmware-kmp-trace~2008.09.03_2.6.27.25_0.1~5.50.35\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"wget\", rpm:\"wget~1.11.4~1.28.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xfig\", rpm:\"xfig~3.2.5~92.59.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xorg-x11\", rpm:\"xorg-x11~7.4~8.19.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xorg-x11-Xvnc\", rpm:\"xorg-x11-Xvnc~7.4~17.6.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xorg-x11-driver-video\", rpm:\"xorg-x11-driver-video~7.4~19.8.2\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xorg-x11-libxcb\", rpm:\"xorg-x11-libxcb~7.4~1.29.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xorg-x11-libxcb-devel\", rpm:\"xorg-x11-libxcb-devel~7.4~1.29.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xorg-x11-server\", rpm:\"xorg-x11-server~7.4~17.6.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xorg-x11-server-extra\", rpm:\"xorg-x11-server-extra~7.4~17.6.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xorg-x11-server-sdk\", rpm:\"xorg-x11-server-sdk~7.4~17.6.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xorg-x11-xauth\", rpm:\"xorg-x11-xauth~7.4~8.19.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"MozillaFirefox\", rpm:\"MozillaFirefox~3.0.12~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"MozillaFirefox-translations\", rpm:\"MozillaFirefox-translations~3.0.12~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"MozillaThunderbird\", rpm:\"MozillaThunderbird~2.0.0.22~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"MozillaThunderbird-devel\", rpm:\"MozillaThunderbird-devel~2.0.0.22~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"MozillaThunderbird-translations\", rpm:\"MozillaThunderbird-translations~2.0.0.22~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"bind\", rpm:\"bind~9.4.2~39.6\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"bind-chrootenv\", rpm:\"bind-chrootenv~9.4.2~39.6\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"bind-devel\", rpm:\"bind-devel~9.4.2~39.6\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"bind-doc\", rpm:\"bind-doc~9.4.2~39.6\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"bind-libs\", rpm:\"bind-libs~9.4.2~39.6\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"bind-utils\", rpm:\"bind-utils~9.4.2~39.6\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"cifs-mount\", rpm:\"cifs-mount~3.2.4~4.5\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"dhcp\", rpm:\"dhcp~3.0.6~86.4\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"dhcp-client\", rpm:\"dhcp-client~3.0.6~86.4\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"dhcp-devel\", rpm:\"dhcp-devel~3.0.6~86.4\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"dhcp-relay\", rpm:\"dhcp-relay~3.0.6~86.4\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"dhcp-server\", rpm:\"dhcp-server~3.0.6~86.4\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"fetchmail\", rpm:\"fetchmail~6.3.8~134.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"fetchmailconf\", rpm:\"fetchmailconf~6.3.8~134.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"finch\", rpm:\"finch~2.4.1~28.9\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"finch-devel\", rpm:\"finch-devel~2.4.1~28.9\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"flash-player\", rpm:\"flash-player~9.0.246.0~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"gconf2\", rpm:\"gconf2~2.22.0~28.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"gconf2-devel\", rpm:\"gconf2-devel~2.22.0~28.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"gconf2-doc\", rpm:\"gconf2-doc~2.22.0~28.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"icu\", rpm:\"icu~3.8.1~21.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"icu-data\", rpm:\"icu-data~3.8.1~21.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_5_0-sun\", rpm:\"java-1_5_0-sun~1.5.0_update20~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_5_0-sun-alsa\", rpm:\"java-1_5_0-sun-alsa~1.5.0_update20~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_5_0-sun-demo\", rpm:\"java-1_5_0-sun-demo~1.5.0_update20~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_5_0-sun-devel\", rpm:\"java-1_5_0-sun-devel~1.5.0_update20~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_5_0-sun-jdbc\", rpm:\"java-1_5_0-sun-jdbc~1.5.0_update20~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_5_0-sun-plugin\", rpm:\"java-1_5_0-sun-plugin~1.5.0_update20~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_5_0-sun-src\", rpm:\"java-1_5_0-sun-src~1.5.0_update20~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_6_0-sun\", rpm:\"java-1_6_0-sun~1.6.0.u15~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_6_0-sun-alsa\", rpm:\"java-1_6_0-sun-alsa~1.6.0.u15~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_6_0-sun-demo\", rpm:\"java-1_6_0-sun-demo~1.6.0.u15~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_6_0-sun-devel\", rpm:\"java-1_6_0-sun-devel~1.6.0.u15~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_6_0-sun-jdbc\", rpm:\"java-1_6_0-sun-jdbc~1.6.0.u15~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_6_0-sun-plugin\", rpm:\"java-1_6_0-sun-plugin~1.6.0.u15~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_6_0-sun-src\", rpm:\"java-1_6_0-sun-src~1.6.0.u15~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"jpackage-utils\", rpm:\"jpackage-utils~1.7.4~31.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"ldapsmb\", rpm:\"ldapsmb~1.34b~195.10\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libapr-util1\", rpm:\"libapr-util1~1.2.12~43.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libapr-util1-dbd-mysql\", rpm:\"libapr-util1-dbd-mysql~1.2.12~43.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libapr-util1-dbd-pgsql\", rpm:\"libapr-util1-dbd-pgsql~1.2.12~43.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libapr-util1-dbd-sqlite3\", rpm:\"libapr-util1-dbd-sqlite3~1.2.12~43.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libapr-util1-devel\", rpm:\"libapr-util1-devel~1.2.12~43.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libicu\", rpm:\"libicu~3.8.1~21.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libicu-devel\", rpm:\"libicu-devel~3.8.1~21.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libicu-doc\", rpm:\"libicu-doc~3.8.1~21.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libnetapi-devel\", rpm:\"libnetapi-devel~3.2.4~4.5\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libnetapi0\", rpm:\"libnetapi0~3.2.4~4.5\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libpng-devel\", rpm:\"libpng-devel~1.2.26~14.10\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libpng3\", rpm:\"libpng3~1.2.26~14.10\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libpng12-0\", rpm:\"libpng12-0~1.2.26~14.10\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libpurple\", rpm:\"libpurple~2.4.1~28.9\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libpurple-devel\", rpm:\"libpurple-devel~2.4.1~28.9\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libpurple-lang\", rpm:\"libpurple-lang~2.4.1~28.9\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libpurple-meanwhile\", rpm:\"libpurple-meanwhile~2.4.1~28.9\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libpurple-mono\", rpm:\"libpurple-mono~2.4.1~28.9\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libsmbclient-devel\", rpm:\"libsmbclient-devel~3.2.4~4.5\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libsmbclient0\", rpm:\"libsmbclient0~3.2.4~4.5\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libsmbsharemodes-devel\", rpm:\"libsmbsharemodes-devel~3.2.4~4.5\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libsmbsharemodes0\", rpm:\"libsmbsharemodes0~3.2.4~4.5\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libsndfile\", rpm:\"libsndfile~1.0.17~141.4\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libsndfile-devel\", rpm:\"libsndfile-devel~1.0.17~141.4\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libsndfile-octave\", rpm:\"libsndfile-octave~1.0.17~141.4\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libsndfile-progs\", rpm:\"libsndfile-progs~1.0.17~141.4\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libtalloc-devel\", rpm:\"libtalloc-devel~3.2.4~4.5\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libtalloc1\", rpm:\"libtalloc1~3.2.4~4.5\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libtdb-devel\", rpm:\"libtdb-devel~3.2.4~4.5\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libtdb1\", rpm:\"libtdb1~3.2.4~4.5\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libtiff3\", rpm:\"libtiff3~3.8.2~108.6\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libwbclient-devel\", rpm:\"libwbclient-devel~3.2.4~4.5\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libwbclient0\", rpm:\"libwbclient0~3.2.4~4.5\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libxml2\", rpm:\"libxml2~2.6.32~11.10\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libxml2-devel\", rpm:\"libxml2-devel~2.6.32~11.10\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libxml2-doc\", rpm:\"libxml2-doc~2.6.32~11.10\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"memcached\", rpm:\"memcached~1.2.2~49.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-xulrunner190\", rpm:\"mozilla-xulrunner190~1.9.0.12~1.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-xulrunner190-devel\", rpm:\"mozilla-xulrunner190-devel~1.9.0.12~1.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-xulrunner190-gnomevfs\", rpm:\"mozilla-xulrunner190-gnomevfs~1.9.0.12~1.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-xulrunner190-translations\", rpm:\"mozilla-xulrunner190-translations~1.9.0.12~1.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"nagios\", rpm:\"nagios~3.0.6~1.3\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"nagios-devel\", rpm:\"nagios-devel~3.0.6~1.3\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"nagios-www\", rpm:\"nagios-www~3.0.6~1.3\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"openswan\", rpm:\"openswan~2.4.7~130.4\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"openswan-doc\", rpm:\"openswan-doc~2.4.7~130.4\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"pidgin\", rpm:\"pidgin~2.4.1~28.9\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"pidgin-devel\", rpm:\"pidgin-devel~2.4.1~28.9\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"ruby\", rpm:\"ruby~1.8.6.p369~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"ruby-devel\", rpm:\"ruby-devel~1.8.6.p369~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"ruby-doc-html\", rpm:\"ruby-doc-html~1.8.6.p369~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"ruby-doc-ri\", rpm:\"ruby-doc-ri~1.8.6.p369~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"ruby-examples\", rpm:\"ruby-examples~1.8.6.p369~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"ruby-test-suite\", rpm:\"ruby-test-suite~1.8.6.p369~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"ruby-tk\", rpm:\"ruby-tk~1.8.6.p369~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"samba\", rpm:\"samba~3.2.4~4.5\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"samba-client\", rpm:\"samba-client~3.2.4~4.5\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"samba-devel\", rpm:\"samba-devel~3.2.4~4.5\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"samba-krb-printing\", rpm:\"samba-krb-printing~3.2.4~4.5\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"samba-winbind\", rpm:\"samba-winbind~3.2.4~4.5\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"strongswan\", rpm:\"strongswan~4.2.1~11.10\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"strongswan-doc\", rpm:\"strongswan-doc~4.2.1~11.10\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"subversion\", rpm:\"subversion~1.5.7~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"subversion-devel\", rpm:\"subversion-devel~1.5.7~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"subversion-perl\", rpm:\"subversion-perl~1.5.7~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"subversion-python\", rpm:\"subversion-python~1.5.7~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"subversion-server\", rpm:\"subversion-server~1.5.7~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"subversion-tools\", rpm:\"subversion-tools~1.5.7~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"wget\", rpm:\"wget~1.11.1~11.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xfig\", rpm:\"xfig~3.2.5~96.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"MozillaFirefox\", rpm:\"MozillaFirefox~3.0.12~0.1\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"MozillaFirefox-translations\", rpm:\"MozillaFirefox-translations~3.0.12~0.1\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"MozillaThunderbird\", rpm:\"MozillaThunderbird~2.0.0.22~0.1\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"MozillaThunderbird-devel\", rpm:\"MozillaThunderbird-devel~2.0.0.22~0.1\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"MozillaThunderbird-translations\", rpm:\"MozillaThunderbird-translations~2.0.0.22~0.1\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"bind\", rpm:\"bind~9.4.1.P1~12.9\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"bind-chrootenv\", rpm:\"bind-chrootenv~9.4.1.P1~12.9\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"bind-devel\", rpm:\"bind-devel~9.4.1.P1~12.9\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"bind-doc\", rpm:\"bind-doc~9.4.1.P1~12.9\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"bind-libs\", rpm:\"bind-libs~9.4.1.P1~12.9\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"bind-utils\", rpm:\"bind-utils~9.4.1.P1~12.9\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"dhcp\", rpm:\"dhcp~3.0.6~24.4\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"dhcp-client\", rpm:\"dhcp-client~3.0.6~24.4\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"dhcp-devel\", rpm:\"dhcp-devel~3.0.6~24.4\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"dhcp-relay\", rpm:\"dhcp-relay~3.0.6~24.4\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"dhcp-server\", rpm:\"dhcp-server~3.0.6~24.4\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"fetchmail\", rpm:\"fetchmail~6.3.8~57.4\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"fetchmailconf\", rpm:\"fetchmailconf~6.3.8~57.4\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"finch\", rpm:\"finch~2.3.1~26.8\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"finch-devel\", rpm:\"finch-devel~2.3.1~26.8\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"flash-player\", rpm:\"flash-player~9.0.246.0~0.1\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"icu\", rpm:\"icu~3.6~13.4\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"icu-data\", rpm:\"icu-data~3.6~13.4\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_5_0-sun\", rpm:\"java-1_5_0-sun~1.5.0_update20~0.1\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_5_0-sun-alsa\", rpm:\"java-1_5_0-sun-alsa~1.5.0_update20~0.1\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_5_0-sun-demo\", rpm:\"java-1_5_0-sun-demo~1.5.0_update20~0.1\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_5_0-sun-devel\", rpm:\"java-1_5_0-sun-devel~1.5.0_update20~0.1\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_5_0-sun-jdbc\", rpm:\"java-1_5_0-sun-jdbc~1.5.0_update20~0.1\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_5_0-sun-plugin\", rpm:\"java-1_5_0-sun-plugin~1.5.0_update20~0.1\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_5_0-sun-src\", rpm:\"java-1_5_0-sun-src~1.5.0_update20~0.1\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_6_0-sun\", rpm:\"java-1_6_0-sun~1.6.0.u15~0.1\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_6_0-sun-alsa\", rpm:\"java-1_6_0-sun-alsa~1.6.0.u15~0.1\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_6_0-sun-debuginfo\", rpm:\"java-1_6_0-sun-debuginfo~1.6.0.u15~0.1\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_6_0-sun-demo\", rpm:\"java-1_6_0-sun-demo~1.6.0.u15~0.1\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_6_0-sun-devel\", rpm:\"java-1_6_0-sun-devel~1.6.0.u15~0.1\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_6_0-sun-jdbc\", rpm:\"java-1_6_0-sun-jdbc~1.6.0.u15~0.1\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_6_0-sun-plugin\", rpm:\"java-1_6_0-sun-plugin~1.6.0.u15~0.1\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_6_0-sun-src\", rpm:\"java-1_6_0-sun-src~1.6.0.u15~0.1\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libapr-util1\", rpm:\"libapr-util1~1.2.8~68.2\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libapr-util1-dbd-mysql\", rpm:\"libapr-util1-dbd-mysql~1.2.8~68.2\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libapr-util1-dbd-pgsql\", rpm:\"libapr-util1-dbd-pgsql~1.2.8~68.2\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libapr-util1-dbd-sqlite3\", rpm:\"libapr-util1-dbd-sqlite3~1.2.8~68.2\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libapr-util1-devel\", rpm:\"libapr-util1-devel~1.2.8~68.2\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libicu\", rpm:\"libicu~3.6~13.4\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libicu-devel\", rpm:\"libicu-devel~3.6~13.4\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libicu-doc\", rpm:\"libicu-doc~3.6~13.4\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libpng\", rpm:\"libpng~1.2.18~15.12\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libpng-devel\", rpm:\"libpng-devel~1.2.18~15.12\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libpurple\", rpm:\"libpurple~2.3.1~26.8\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libpurple-devel\", rpm:\"libpurple-devel~2.3.1~26.8\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libpurple-meanwhile\", rpm:\"libpurple-meanwhile~2.3.1~26.8\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libpurple-mono\", rpm:\"libpurple-mono~2.3.1~26.8\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libsndfile\", rpm:\"libsndfile~1.0.17~81.4\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libsndfile-devel\", rpm:\"libsndfile-devel~1.0.17~81.4\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libsndfile-octave\", rpm:\"libsndfile-octave~1.0.17~81.4\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libsndfile-progs\", rpm:\"libsndfile-progs~1.0.17~81.4\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libtiff3\", rpm:\"libtiff3~3.8.2~68.6\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libxml2\", rpm:\"libxml2~2.6.30~4.13\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libxml2-devel\", rpm:\"libxml2-devel~2.6.30~4.13\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"memcached\", rpm:\"memcached~1.2.2~11.2\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-xulrunner190\", rpm:\"mozilla-xulrunner190~1.9.0.12~1.1\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-xulrunner190-devel\", rpm:\"mozilla-xulrunner190-devel~1.9.0.12~1.1\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-xulrunner190-gnomevfs\", rpm:\"mozilla-xulrunner190-gnomevfs~1.9.0.12~1.1\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-xulrunner190-translations\", rpm:\"mozilla-xulrunner190-translations~1.9.0.12~1.1\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"nagios\", rpm:\"nagios~2.9~48.6\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"nagios-www\", rpm:\"nagios-www~2.9~48.6\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"openswan\", rpm:\"openswan~2.4.7~64.4\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"openswan-doc\", rpm:\"openswan-doc~2.4.7~64.4\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"pidgin\", rpm:\"pidgin~2.3.1~26.8\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"pidgin-devel\", rpm:\"pidgin-devel~2.3.1~26.8\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"python-xpcom190\", rpm:\"python-xpcom190~1.9.0.12~1.1\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"ruby\", rpm:\"ruby~1.8.6.p369~0.1\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"ruby-devel\", rpm:\"ruby-devel~1.8.6.p369~0.1\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"ruby-doc-html\", rpm:\"ruby-doc-html~1.8.6.p369~0.1\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"ruby-doc-ri\", rpm:\"ruby-doc-ri~1.8.6.p369~0.1\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"ruby-examples\", rpm:\"ruby-examples~1.8.6.p369~0.1\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"ruby-test-suite\", rpm:\"ruby-test-suite~1.8.6.p369~0.1\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"ruby-tk\", rpm:\"ruby-tk~1.8.6.p369~0.1\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"subversion\", rpm:\"subversion~1.4.4~30.2\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"subversion-devel\", rpm:\"subversion-devel~1.4.4~30.2\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"subversion-perl\", rpm:\"subversion-perl~1.4.4~30.2\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"subversion-python\", rpm:\"subversion-python~1.4.4~30.2\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"subversion-server\", rpm:\"subversion-server~1.4.4~30.2\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"subversion-tools\", rpm:\"subversion-tools~1.4.4~30.2\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"wget\", rpm:\"wget~1.10.2~78.2\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xfig\", rpm:\"xfig~3.2.5~25.2\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-06T11:40:23", "description": "The remote host is missing updates announced in\nadvisory SUSE-SR:2009:013. SuSE Security Summaries are short\non detail when it comes to the names of packages affected by\na particular bug. Because of this, while this test will detect\nout of date packages, it cannot tell you what bugs impact\nwhich packages, or vice versa.", "cvss3": {}, "published": "2009-08-17T00:00:00", "type": "openvas", "title": "SuSE Security Summary SUSE-SR:2009:013", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1955", "CVE-2008-5518", "CVE-2009-1791", "CVE-2009-0039", "CVE-2009-2416", "CVE-2009-1376", "CVE-2009-1788", "CVE-2009-0038", "CVE-2009-1375", "CVE-2009-0781", "CVE-2009-2285", "CVE-2009-1494", "CVE-2009-2185", "CVE-2009-1889", "CVE-2009-0023", "CVE-2009-1255", "CVE-2009-1373", "CVE-2009-1956", "CVE-2009-2415", "CVE-2009-2288"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:136141256231064643", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231064643", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: suse_sr_2009_013.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory SUSE-SR:2009:013\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates announced in\nadvisory SUSE-SR:2009:013. SuSE Security Summaries are short\non detail when it comes to the names of packages affected by\na particular bug. Because of this, while this test will detect\nout of date packages, it cannot tell you what bugs impact\nwhich packages, or vice versa.\";\n\ntag_solution = \"Update all out of date packages.\";\n \nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.64643\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-08-17 16:54:45 +0200 (Mon, 17 Aug 2009)\");\n script_cve_id(\"CVE-2008-5518\", \"CVE-2009-0023\", \"CVE-2009-0038\", \"CVE-2009-0039\", \"CVE-2009-0781\", \"CVE-2009-1255\", \"CVE-2009-1373\", \"CVE-2009-1375\", \"CVE-2009-1376\", \"CVE-2009-1494\", \"CVE-2009-1788\", \"CVE-2009-1791\", \"CVE-2009-1889\", \"CVE-2009-1955\", \"CVE-2009-1956\", \"CVE-2009-2185\", \"CVE-2009-2285\", \"CVE-2009-2288\", \"CVE-2009-2415\", \"CVE-2009-2416\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"SuSE Security Summary SUSE-SR:2009:013\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"ConsoleKit\", rpm:\"ConsoleKit~0.2.10~60.27.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"ConsoleKit-devel\", rpm:\"ConsoleKit-devel~0.2.10~60.27.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"ConsoleKit-x11\", rpm:\"ConsoleKit-x11~0.2.10~60.27.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"ImageMagick\", rpm:\"ImageMagick~6.4.3.6~5.5.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"ImageMagick-devel\", rpm:\"ImageMagick-devel~6.4.3.6~5.5.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"ImageMagick-extra\", rpm:\"ImageMagick-extra~6.4.3.6~5.5.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"Mesa\", rpm:\"Mesa~7.2~10.3.6\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"Mesa-devel\", rpm:\"Mesa-devel~7.2~10.3.6\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"Mesa-devel-static\", rpm:\"Mesa-devel-static~7.2~10.3.6\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"MozillaFirefox\", rpm:\"MozillaFirefox~3.0.12~0.1.2\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"MozillaFirefox-branding-upstream\", rpm:\"MozillaFirefox-branding-upstream~3.0.12~0.1.2\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"MozillaFirefox-translations\", rpm:\"MozillaFirefox-translations~3.0.12~0.1.2\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"MozillaThunderbird\", rpm:\"MozillaThunderbird~2.0.0.22~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"MozillaThunderbird-devel\", rpm:\"MozillaThunderbird-devel~2.0.0.22~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"MozillaThunderbird-translations\", rpm:\"MozillaThunderbird-translations~2.0.0.22~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"anjuta\", rpm:\"anjuta~2.24.1~2.8.3\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"anjuta-devel\", rpm:\"anjuta-devel~2.24.1~2.8.3\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"anjuta-doc\", rpm:\"anjuta-doc~2.24.1~2.8.3\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"anjuta-lang\", rpm:\"anjuta-lang~2.24.1~2.8.3\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"aufs-kmp-debug\", rpm:\"aufs-kmp-debug~cvs20081020_2.6.27.25_0.1~1.32.13\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"aufs-kmp-trace\", rpm:\"aufs-kmp-trace~cvs20081020_2.6.27.25_0.1~1.32.13\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"bind\", rpm:\"bind~9.5.0P2~18.7.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"bind-chrootenv\", rpm:\"bind-chrootenv~9.5.0P2~18.7.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"bind-devel\", rpm:\"bind-devel~9.5.0P2~18.7.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"bind-doc\", rpm:\"bind-doc~9.5.0P2~18.7.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"bind-libs\", rpm:\"bind-libs~9.5.0P2~18.7.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"bind-utils\", rpm:\"bind-utils~9.5.0P2~18.7.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"brocade-bfa-kmp-debug\", rpm:\"brocade-bfa-kmp-debug~1.1.0.2_2.6.27.25_0.1~1.8.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"brocade-bfa-kmp-trace\", rpm:\"brocade-bfa-kmp-trace~1.1.0.2_2.6.27.25_0.1~1.8.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"cifs-mount\", rpm:\"cifs-mount~3.2.7~11.3.2\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"compiz\", rpm:\"compiz~0.7.8~9.2.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"compiz-branding-openSUSE\", rpm:\"compiz-branding-openSUSE~0.7.8~9.2.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"compiz-devel\", rpm:\"compiz-devel~0.7.8~9.2.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"compiz-gnome\", rpm:\"compiz-gnome~0.7.8~9.2.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"compiz-kde\", rpm:\"compiz-kde~0.7.8~9.2.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"compiz-kde4\", rpm:\"compiz-kde4~0.7.8~9.2.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"dazuko-kmp-debug\", rpm:\"dazuko-kmp-debug~2.3.6_2.6.27.25_0.1~1.49.11\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"dazuko-kmp-trace\", rpm:\"dazuko-kmp-trace~2.3.6_2.6.27.25_0.1~1.49.11\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"dhcp\", rpm:\"dhcp~3.1.1~6.5.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"dhcp-client\", rpm:\"dhcp-client~3.1.1~6.5.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"dhcp-devel\", rpm:\"dhcp-devel~3.1.1~6.5.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"dhcp-relay\", rpm:\"dhcp-relay~3.1.1~6.5.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"dhcp-server\", rpm:\"dhcp-server~3.1.1~6.5.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"drbd-kmp-debug\", rpm:\"drbd-kmp-debug~8.2.7_2.6.27.25_0.1~1.19.21\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"drbd-kmp-trace\", rpm:\"drbd-kmp-trace~8.2.7_2.6.27.25_0.1~1.19.21\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"evolution\", rpm:\"evolution~2.24.1.1~4.15.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"evolution-devel\", rpm:\"evolution-devel~2.24.1.1~4.15.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"evolution-lang\", rpm:\"evolution-lang~2.24.1.1~4.15.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"evolution-pilot\", rpm:\"evolution-pilot~2.24.1.1~4.15.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"expect\", rpm:\"expect~5.44.1.11~1.61.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"expect-devel\", rpm:\"expect-devel~5.44.1.11~1.61.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"fetchmail\", rpm:\"fetchmail~6.3.8.90~12.11.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"fetchmailconf\", rpm:\"fetchmailconf~6.3.8.90~12.11.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"finch\", rpm:\"finch~2.5.1~3.12.2\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"finch-devel\", rpm:\"finch-devel~2.5.1~3.12.2\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"flash-player\", rpm:\"flash-player~10.0.32.18~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"gnome-applets-brightness\", rpm:\"gnome-applets-brightness~2.24.1~6.9.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"gnome-applets-inhibit-powersave\", rpm:\"gnome-applets-inhibit-powersave~2.24.1~6.9.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"gnome-power-manager\", rpm:\"gnome-power-manager~2.24.1~6.9.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"gnome-power-manager-lang\", rpm:\"gnome-power-manager-lang~2.24.1~6.9.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"icu\", rpm:\"icu~4.0~7.2.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"icu-data\", rpm:\"icu-data~4.0~7.2.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"intel-iamt-heci-kmp-debug\", rpm:\"intel-iamt-heci-kmp-debug~3.1.0.31_2.6.27.25_0.1~2.40.11\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"intel-iamt-heci-kmp-trace\", rpm:\"intel-iamt-heci-kmp-trace~3.1.0.31_2.6.27.25_0.1~2.40.11\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"iscsitarget-kmp-debug\", rpm:\"iscsitarget-kmp-debug~0.4.15_2.6.27.25_0.1~89.11.17\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"iscsitarget-kmp-trace\", rpm:\"iscsitarget-kmp-trace~0.4.15_2.6.27.25_0.1~89.11.17\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_5_0-sun\", rpm:\"java-1_5_0-sun~1.5.0_update20~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_5_0-sun-alsa\", rpm:\"java-1_5_0-sun-alsa~1.5.0_update20~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_5_0-sun-devel\", rpm:\"java-1_5_0-sun-devel~1.5.0_update20~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_5_0-sun-jdbc\", rpm:\"java-1_5_0-sun-jdbc~1.5.0_update20~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_5_0-sun-plugin\", rpm:\"java-1_5_0-sun-plugin~1.5.0_update20~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_5_0-sun-src\", rpm:\"java-1_5_0-sun-src~1.5.0_update20~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_6_0-sun\", rpm:\"java-1_6_0-sun~1.6.0.u15~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_6_0-sun-alsa\", rpm:\"java-1_6_0-sun-alsa~1.6.0.u15~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_6_0-sun-devel\", rpm:\"java-1_6_0-sun-devel~1.6.0.u15~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_6_0-sun-jdbc\", rpm:\"java-1_6_0-sun-jdbc~1.6.0.u15~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_6_0-sun-plugin\", rpm:\"java-1_6_0-sun-plugin~1.6.0.u15~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_6_0-sun-src\", rpm:\"java-1_6_0-sun-src~1.6.0.u15~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-debug\", rpm:\"kernel-debug~2.6.27.25~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-debug-base\", rpm:\"kernel-debug-base~2.6.27.25~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-debug-extra\", rpm:\"kernel-debug-extra~2.6.27.25~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-default\", rpm:\"kernel-default~2.6.27.25~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-default-base\", rpm:\"kernel-default-base~2.6.27.25~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-default-extra\", rpm:\"kernel-default-extra~2.6.27.25~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-pae\", rpm:\"kernel-pae~2.6.27.25~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-pae-base\", rpm:\"kernel-pae-base~2.6.27.25~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-pae-extra\", rpm:\"kernel-pae-extra~2.6.27.25~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-source\", rpm:\"kernel-source~2.6.27.25~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-syms\", rpm:\"kernel-syms~2.6.27.25~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-trace\", rpm:\"kernel-trace~2.6.27.25~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-trace-base\", rpm:\"kernel-trace-base~2.6.27.25~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-trace-extra\", rpm:\"kernel-trace-extra~2.6.27.25~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-vanilla\", rpm:\"kernel-vanilla~2.6.27.25~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-xen\", rpm:\"kernel-xen~2.6.27.25~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-xen-base\", rpm:\"kernel-xen-base~2.6.27.25~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-xen-extra\", rpm:\"kernel-xen-extra~2.6.27.25~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kompozer\", rpm:\"kompozer~0.7.99.0.4~1.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kqemu-kmp-debug\", rpm:\"kqemu-kmp-debug~1.4.0pre1_2.6.27.25_0.1~2.1.11\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kqemu-kmp-trace\", rpm:\"kqemu-kmp-trace~1.4.0pre1_2.6.27.25_0.1~2.1.11\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kvm-kmp-trace\", rpm:\"kvm-kmp-trace~78_2.6.27.25_0.1~6.7.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"ldapsmb\", rpm:\"ldapsmb~1.34b~6.3.2\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libMagick++-devel\", rpm:\"libMagick++-devel~6.4.3.6~5.5.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libMagick++1\", rpm:\"libMagick++1~6.4.3.6~5.5.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libMagickCore1\", rpm:\"libMagickCore1~6.4.3.6~5.5.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libMagickWand1\", rpm:\"libMagickWand1~6.4.3.6~5.5.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libapr-util1\", rpm:\"libapr-util1~1.3.4~13.2.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libapr-util1-dbd-mysql\", rpm:\"libapr-util1-dbd-mysql~1.3.4~13.2.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libapr-util1-dbd-pgsql\", rpm:\"libapr-util1-dbd-pgsql~1.3.4~13.2.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libapr-util1-dbd-sqlite3\", rpm:\"libapr-util1-dbd-sqlite3~1.3.4~13.2.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libapr-util1-devel\", rpm:\"libapr-util1-devel~1.3.4~13.2.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libgphoto2\", rpm:\"libgphoto2~2.4.3~3.2.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libgphoto2-devel\", rpm:\"libgphoto2-devel~2.4.3~3.2.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libgphoto2-lang\", rpm:\"libgphoto2-lang~2.4.3~3.2.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libicu\", rpm:\"libicu~4.0~7.2.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libicu-devel\", rpm:\"libicu-devel~4.0~7.2.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libicu-doc\", rpm:\"libicu-doc~4.0~7.2.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libnetapi-devel\", rpm:\"libnetapi-devel~3.2.7~11.3.2\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libnetapi0\", rpm:\"libnetapi0~3.2.7~11.3.2\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libpng-devel\", rpm:\"libpng-devel~1.2.31~4.38.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libpng3\", rpm:\"libpng3~1.2.31~4.38.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libpng12-0\", rpm:\"libpng12-0~1.2.31~4.38.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libpurple\", rpm:\"libpurple~2.5.1~3.12.2\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libpurple-devel\", rpm:\"libpurple-devel~2.5.1~3.12.2\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libpurple-lang\", rpm:\"libpurple-lang~2.5.1~3.12.2\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libpurple-meanwhile\", rpm:\"libpurple-meanwhile~2.5.1~3.12.2\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libpurple-mono\", rpm:\"libpurple-mono~2.5.1~3.12.2\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libsmbclient-devel\", rpm:\"libsmbclient-devel~3.2.7~11.3.2\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libsmbclient0\", rpm:\"libsmbclient0~3.2.7~11.3.2\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libsmbsharemodes-devel\", rpm:\"libsmbsharemodes-devel~3.2.7~11.3.2\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libsmbsharemodes0\", rpm:\"libsmbsharemodes0~3.2.7~11.3.2\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libsndfile\", rpm:\"libsndfile~1.0.17~171.9.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libsndfile-devel\", rpm:\"libsndfile-devel~1.0.17~171.9.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libsndfile-octave\", rpm:\"libsndfile-octave~1.0.17~171.9.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libsndfile-progs\", rpm:\"libsndfile-progs~1.0.17~171.9.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libssh2-1\", rpm:\"libssh2-1~0.19.0+20080814~2.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libtalloc-devel\", rpm:\"libtalloc-devel~3.2.7~11.3.2\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libtalloc1\", rpm:\"libtalloc1~3.2.7~11.3.2\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libtdb-devel\", rpm:\"libtdb-devel~3.2.7~11.3.2\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libtdb1\", rpm:\"libtdb1~3.2.7~11.3.2\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libtiff3\", rpm:\"libtiff3~3.8.2~133.36.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libwbclient-devel\", rpm:\"libwbclient-devel~3.2.7~11.3.2\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libwbclient0\", rpm:\"libwbclient0~3.2.7~11.3.2\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libxml2\", rpm:\"libxml2~2.7.1~9.8.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libxml2-devel\", rpm:\"libxml2-devel~2.7.1~9.8.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libxml2-doc\", rpm:\"libxml2-doc~2.7.1~9.8.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lirc-kmp-trace\", rpm:\"lirc-kmp-trace~0.8.4_2.6.27.25_0.1~0.1.13\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"memcached\", rpm:\"memcached~1.2.6~5.7.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-xulrunner190\", rpm:\"mozilla-xulrunner190~1.9.0.12~1.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-xulrunner190-devel\", rpm:\"mozilla-xulrunner190-devel~1.9.0.12~1.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-xulrunner190-gnomevfs\", rpm:\"mozilla-xulrunner190-gnomevfs~1.9.0.12~1.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-xulrunner190-translations\", rpm:\"mozilla-xulrunner190-translations~1.9.0.12~1.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"nagios\", rpm:\"nagios~3.0.6~1.2.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"nagios-devel\", rpm:\"nagios-devel~3.0.6~1.2.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"nagios-www\", rpm:\"nagios-www~3.0.6~1.2.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"ofed-kmp-debug\", rpm:\"ofed-kmp-debug~1.4_2.6.27.25_0.1~21.16.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"ofed-kmp-trace\", rpm:\"ofed-kmp-trace~1.4_2.6.27.25_0.1~21.16.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"openswan\", rpm:\"openswan~2.6.16~1.48.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"openswan-doc\", rpm:\"openswan-doc~2.6.16~1.48.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"oracleasm-kmp-debug\", rpm:\"oracleasm-kmp-debug~2.0.5_2.6.27.25_0.1~2.36.13\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"oracleasm-kmp-trace\", rpm:\"oracleasm-kmp-trace~2.0.5_2.6.27.25_0.1~2.36.13\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"pcfclock-kmp-debug\", rpm:\"pcfclock-kmp-debug~0.44_2.6.27.25_0.1~227.56.13\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"pcfclock-kmp-trace\", rpm:\"pcfclock-kmp-trace~0.44_2.6.27.25_0.1~227.56.13\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"perl-PerlMagick\", rpm:\"perl-PerlMagick~6.4.3.6~5.5.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"pidgin\", rpm:\"pidgin~2.5.1~3.12.2\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"pidgin-devel\", rpm:\"pidgin-devel~2.5.1~3.12.2\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"python-xpcom190\", rpm:\"python-xpcom190~1.9.0.12~1.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"ruby\", rpm:\"ruby~1.8.7.p72~5.4.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"ruby-devel\", rpm:\"ruby-devel~1.8.7.p72~5.4.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"ruby-doc-html\", rpm:\"ruby-doc-html~1.8.7.p72~5.4.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"ruby-doc-ri\", rpm:\"ruby-doc-ri~1.8.7.p72~5.4.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"ruby-examples\", rpm:\"ruby-examples~1.8.7.p72~5.4.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"ruby-test-suite\", rpm:\"ruby-test-suite~1.8.7.p72~5.4.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"ruby-tk\", rpm:\"ruby-tk~1.8.7.p72~5.4.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"samba\", rpm:\"samba~3.2.7~11.3.2\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"samba-client\", rpm:\"samba-client~3.2.7~11.3.2\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"samba-devel\", rpm:\"samba-devel~3.2.7~11.3.2\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"samba-krb-printing\", rpm:\"samba-krb-printing~3.2.7~11.3.2\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"samba-vscan\", rpm:\"samba-vscan~0.3.6b~6.3.2\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"samba-winbind\", rpm:\"samba-winbind~3.2.7~11.3.2\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"sax2\", rpm:\"sax2~8.1~542.11.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"sax2-gui\", rpm:\"sax2-gui~8.1~542.11.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"sax2-ident\", rpm:\"sax2-ident~8.1~542.11.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"sax2-libsax\", rpm:\"sax2-libsax~8.1~542.11.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"sax2-libsax-devel\", rpm:\"sax2-libsax-devel~8.1~542.11.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"sax2-libsax-perl\", rpm:\"sax2-libsax-perl~8.1~542.11.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"sax2-libsax-python\", rpm:\"sax2-libsax-python~8.1~542.11.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"sax2-tools\", rpm:\"sax2-tools~8.1~542.11.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"scons\", rpm:\"scons~1.0.1~1.32.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"strongswan\", rpm:\"strongswan~4.2.8~1.26.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"strongswan-doc\", rpm:\"strongswan-doc~4.2.8~1.26.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"subversion\", rpm:\"subversion~1.5.7~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"subversion-devel\", rpm:\"subversion-devel~1.5.7~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"subversion-perl\", rpm:\"subversion-perl~1.5.7~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"subversion-python\", rpm:\"subversion-python~1.5.7~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"subversion-server\", rpm:\"subversion-server~1.5.7~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"subversion-tools\", rpm:\"subversion-tools~1.5.7~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"virtualbox-ose-kmp-debug\", rpm:\"virtualbox-ose-kmp-debug~2.0.6_2.6.27.25_0.1~2.8.50\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"virtualbox-ose-kmp-trace\", rpm:\"virtualbox-ose-kmp-trace~2.0.6_2.6.27.25_0.1~2.8.50\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"vmware-kmp-debug\", rpm:\"vmware-kmp-debug~2008.09.03_2.6.27.25_0.1~5.50.35\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"vmware-kmp-trace\", rpm:\"vmware-kmp-trace~2008.09.03_2.6.27.25_0.1~5.50.35\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"wget\", rpm:\"wget~1.11.4~1.28.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xfig\", rpm:\"xfig~3.2.5~92.59.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xorg-x11\", rpm:\"xorg-x11~7.4~8.19.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xorg-x11-Xvnc\", rpm:\"xorg-x11-Xvnc~7.4~17.6.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xorg-x11-driver-video\", rpm:\"xorg-x11-driver-video~7.4~19.8.2\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xorg-x11-libxcb\", rpm:\"xorg-x11-libxcb~7.4~1.29.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xorg-x11-libxcb-devel\", rpm:\"xorg-x11-libxcb-devel~7.4~1.29.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xorg-x11-server\", rpm:\"xorg-x11-server~7.4~17.6.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xorg-x11-server-extra\", rpm:\"xorg-x11-server-extra~7.4~17.6.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xorg-x11-server-sdk\", rpm:\"xorg-x11-server-sdk~7.4~17.6.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xorg-x11-xauth\", rpm:\"xorg-x11-xauth~7.4~8.19.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"MozillaFirefox\", rpm:\"MozillaFirefox~3.0.12~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"MozillaFirefox-translations\", rpm:\"MozillaFirefox-translations~3.0.12~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"MozillaThunderbird\", rpm:\"MozillaThunderbird~2.0.0.22~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"MozillaThunderbird-devel\", rpm:\"MozillaThunderbird-devel~2.0.0.22~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"MozillaThunderbird-translations\", rpm:\"MozillaThunderbird-translations~2.0.0.22~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"bind\", rpm:\"bind~9.4.2~39.6\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"bind-chrootenv\", rpm:\"bind-chrootenv~9.4.2~39.6\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"bind-devel\", rpm:\"bind-devel~9.4.2~39.6\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"bind-doc\", rpm:\"bind-doc~9.4.2~39.6\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"bind-libs\", rpm:\"bind-libs~9.4.2~39.6\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"bind-utils\", rpm:\"bind-utils~9.4.2~39.6\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"cifs-mount\", rpm:\"cifs-mount~3.2.4~4.5\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"dhcp\", rpm:\"dhcp~3.0.6~86.4\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"dhcp-client\", rpm:\"dhcp-client~3.0.6~86.4\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"dhcp-devel\", rpm:\"dhcp-devel~3.0.6~86.4\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"dhcp-relay\", rpm:\"dhcp-relay~3.0.6~86.4\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"dhcp-server\", rpm:\"dhcp-server~3.0.6~86.4\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"fetchmail\", rpm:\"fetchmail~6.3.8~134.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"fetchmailconf\", rpm:\"fetchmailconf~6.3.8~134.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"finch\", rpm:\"finch~2.4.1~28.9\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"finch-devel\", rpm:\"finch-devel~2.4.1~28.9\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"flash-player\", rpm:\"flash-player~9.0.246.0~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"gconf2\", rpm:\"gconf2~2.22.0~28.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"gconf2-devel\", rpm:\"gconf2-devel~2.22.0~28.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"gconf2-doc\", rpm:\"gconf2-doc~2.22.0~28.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"icu\", rpm:\"icu~3.8.1~21.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"icu-data\", rpm:\"icu-data~3.8.1~21.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_5_0-sun\", rpm:\"java-1_5_0-sun~1.5.0_update20~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_5_0-sun-alsa\", rpm:\"java-1_5_0-sun-alsa~1.5.0_update20~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_5_0-sun-demo\", rpm:\"java-1_5_0-sun-demo~1.5.0_update20~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_5_0-sun-devel\", rpm:\"java-1_5_0-sun-devel~1.5.0_update20~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_5_0-sun-jdbc\", rpm:\"java-1_5_0-sun-jdbc~1.5.0_update20~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_5_0-sun-plugin\", rpm:\"java-1_5_0-sun-plugin~1.5.0_update20~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_5_0-sun-src\", rpm:\"java-1_5_0-sun-src~1.5.0_update20~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_6_0-sun\", rpm:\"java-1_6_0-sun~1.6.0.u15~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_6_0-sun-alsa\", rpm:\"java-1_6_0-sun-alsa~1.6.0.u15~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_6_0-sun-demo\", rpm:\"java-1_6_0-sun-demo~1.6.0.u15~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_6_0-sun-devel\", rpm:\"java-1_6_0-sun-devel~1.6.0.u15~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_6_0-sun-jdbc\", rpm:\"java-1_6_0-sun-jdbc~1.6.0.u15~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_6_0-sun-plugin\", rpm:\"java-1_6_0-sun-plugin~1.6.0.u15~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_6_0-sun-src\", rpm:\"java-1_6_0-sun-src~1.6.0.u15~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"jpackage-utils\", rpm:\"jpackage-utils~1.7.4~31.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"ldapsmb\", rpm:\"ldapsmb~1.34b~195.10\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libapr-util1\", rpm:\"libapr-util1~1.2.12~43.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libapr-util1-dbd-mysql\", rpm:\"libapr-util1-dbd-mysql~1.2.12~43.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libapr-util1-dbd-pgsql\", rpm:\"libapr-util1-dbd-pgsql~1.2.12~43.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libapr-util1-dbd-sqlite3\", rpm:\"libapr-util1-dbd-sqlite3~1.2.12~43.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libapr-util1-devel\", rpm:\"libapr-util1-devel~1.2.12~43.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libicu\", rpm:\"libicu~3.8.1~21.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libicu-devel\", rpm:\"libicu-devel~3.8.1~21.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libicu-doc\", rpm:\"libicu-doc~3.8.1~21.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libnetapi-devel\", rpm:\"libnetapi-devel~3.2.4~4.5\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libnetapi0\", rpm:\"libnetapi0~3.2.4~4.5\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libpng-devel\", rpm:\"libpng-devel~1.2.26~14.10\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libpng3\", rpm:\"libpng3~1.2.26~14.10\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libpng12-0\", rpm:\"libpng12-0~1.2.26~14.10\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libpurple\", rpm:\"libpurple~2.4.1~28.9\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libpurple-devel\", rpm:\"libpurple-devel~2.4.1~28.9\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libpurple-lang\", rpm:\"libpurple-lang~2.4.1~28.9\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libpurple-meanwhile\", rpm:\"libpurple-meanwhile~2.4.1~28.9\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libpurple-mono\", rpm:\"libpurple-mono~2.4.1~28.9\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libsmbclient-devel\", rpm:\"libsmbclient-devel~3.2.4~4.5\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libsmbclient0\", rpm:\"libsmbclient0~3.2.4~4.5\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libsmbsharemodes-devel\", rpm:\"libsmbsharemodes-devel~3.2.4~4.5\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libsmbsharemodes0\", rpm:\"libsmbsharemodes0~3.2.4~4.5\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libsndfile\", rpm:\"libsndfile~1.0.17~141.4\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libsndfile-devel\", rpm:\"libsndfile-devel~1.0.17~141.4\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libsndfile-octave\", rpm:\"libsndfile-octave~1.0.17~141.4\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libsndfile-progs\", rpm:\"libsndfile-progs~1.0.17~141.4\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libtalloc-devel\", rpm:\"libtalloc-devel~3.2.4~4.5\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libtalloc1\", rpm:\"libtalloc1~3.2.4~4.5\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libtdb-devel\", rpm:\"libtdb-devel~3.2.4~4.5\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libtdb1\", rpm:\"libtdb1~3.2.4~4.5\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libtiff3\", rpm:\"libtiff3~3.8.2~108.6\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libwbclient-devel\", rpm:\"libwbclient-devel~3.2.4~4.5\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libwbclient0\", rpm:\"libwbclient0~3.2.4~4.5\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libxml2\", rpm:\"libxml2~2.6.32~11.10\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libxml2-devel\", rpm:\"libxml2-devel~2.6.32~11.10\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libxml2-doc\", rpm:\"libxml2-doc~2.6.32~11.10\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"memcached\", rpm:\"memcached~1.2.2~49.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-xulrunner190\", rpm:\"mozilla-xulrunner190~1.9.0.12~1.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-xulrunner190-devel\", rpm:\"mozilla-xulrunner190-devel~1.9.0.12~1.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-xulrunner190-gnomevfs\", rpm:\"mozilla-xulrunner190-gnomevfs~1.9.0.12~1.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-xulrunner190-translations\", rpm:\"mozilla-xulrunner190-translations~1.9.0.12~1.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"nagios\", rpm:\"nagios~3.0.6~1.3\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"nagios-devel\", rpm:\"nagios-devel~3.0.6~1.3\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"nagios-www\", rpm:\"nagios-www~3.0.6~1.3\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"openswan\", rpm:\"openswan~2.4.7~130.4\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"openswan-doc\", rpm:\"openswan-doc~2.4.7~130.4\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"pidgin\", rpm:\"pidgin~2.4.1~28.9\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"pidgin-devel\", rpm:\"pidgin-devel~2.4.1~28.9\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"ruby\", rpm:\"ruby~1.8.6.p369~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"ruby-devel\", rpm:\"ruby-devel~1.8.6.p369~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"ruby-doc-html\", rpm:\"ruby-doc-html~1.8.6.p369~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"ruby-doc-ri\", rpm:\"ruby-doc-ri~1.8.6.p369~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"ruby-examples\", rpm:\"ruby-examples~1.8.6.p369~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"ruby-test-suite\", rpm:\"ruby-test-suite~1.8.6.p369~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"ruby-tk\", rpm:\"ruby-tk~1.8.6.p369~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"samba\", rpm:\"samba~3.2.4~4.5\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"samba-client\", rpm:\"samba-client~3.2.4~4.5\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"samba-devel\", rpm:\"samba-devel~3.2.4~4.5\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"samba-krb-printing\", rpm:\"samba-krb-printing~3.2.4~4.5\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"samba-winbind\", rpm:\"samba-winbind~3.2.4~4.5\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"strongswan\", rpm:\"strongswan~4.2.1~11.10\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"strongswan-doc\", rpm:\"strongswan-doc~4.2.1~11.10\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"subversion\", rpm:\"subversion~1.5.7~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"subversion-devel\", rpm:\"subversion-devel~1.5.7~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"subversion-perl\", rpm:\"subversion-perl~1.5.7~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"subversion-python\", rpm:\"subversion-python~1.5.7~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"subversion-server\", rpm:\"subversion-server~1.5.7~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"subversion-tools\", rpm:\"subversion-tools~1.5.7~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"wget\", rpm:\"wget~1.11.1~11.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xfig\", rpm:\"xfig~3.2.5~96.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"MozillaFirefox\", rpm:\"MozillaFirefox~3.0.12~0.1\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"MozillaFirefox-translations\", rpm:\"MozillaFirefox-translations~3.0.12~0.1\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"MozillaThunderbird\", rpm:\"MozillaThunderbird~2.0.0.22~0.1\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"MozillaThunderbird-devel\", rpm:\"MozillaThunderbird-devel~2.0.0.22~0.1\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"MozillaThunderbird-translations\", rpm:\"MozillaThunderbird-translations~2.0.0.22~0.1\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"bind\", rpm:\"bind~9.4.1.P1~12.9\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"bind-chrootenv\", rpm:\"bind-chrootenv~9.4.1.P1~12.9\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"bind-devel\", rpm:\"bind-devel~9.4.1.P1~12.9\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"bind-doc\", rpm:\"bind-doc~9.4.1.P1~12.9\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"bind-libs\", rpm:\"bind-libs~9.4.1.P1~12.9\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"bind-utils\", rpm:\"bind-utils~9.4.1.P1~12.9\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"dhcp\", rpm:\"dhcp~3.0.6~24.4\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"dhcp-client\", rpm:\"dhcp-client~3.0.6~24.4\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"dhcp-devel\", rpm:\"dhcp-devel~3.0.6~24.4\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"dhcp-relay\", rpm:\"dhcp-relay~3.0.6~24.4\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"dhcp-server\", rpm:\"dhcp-server~3.0.6~24.4\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"fetchmail\", rpm:\"fetchmail~6.3.8~57.4\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"fetchmailconf\", rpm:\"fetchmailconf~6.3.8~57.4\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"finch\", rpm:\"finch~2.3.1~26.8\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"finch-devel\", rpm:\"finch-devel~2.3.1~26.8\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"flash-player\", rpm:\"flash-player~9.0.246.0~0.1\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"icu\", rpm:\"icu~3.6~13.4\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"icu-data\", rpm:\"icu-data~3.6~13.4\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_5_0-sun\", rpm:\"java-1_5_0-sun~1.5.0_update20~0.1\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_5_0-sun-alsa\", rpm:\"java-1_5_0-sun-alsa~1.5.0_update20~0.1\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_5_0-sun-demo\", rpm:\"java-1_5_0-sun-demo~1.5.0_update20~0.1\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_5_0-sun-devel\", rpm:\"java-1_5_0-sun-devel~1.5.0_update20~0.1\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_5_0-sun-jdbc\", rpm:\"java-1_5_0-sun-jdbc~1.5.0_update20~0.1\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_5_0-sun-plugin\", rpm:\"java-1_5_0-sun-plugin~1.5.0_update20~0.1\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_5_0-sun-src\", rpm:\"java-1_5_0-sun-src~1.5.0_update20~0.1\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_6_0-sun\", rpm:\"java-1_6_0-sun~1.6.0.u15~0.1\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_6_0-sun-alsa\", rpm:\"java-1_6_0-sun-alsa~1.6.0.u15~0.1\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_6_0-sun-debuginfo\", rpm:\"java-1_6_0-sun-debuginfo~1.6.0.u15~0.1\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_6_0-sun-demo\", rpm:\"java-1_6_0-sun-demo~1.6.0.u15~0.1\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_6_0-sun-devel\", rpm:\"java-1_6_0-sun-devel~1.6.0.u15~0.1\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_6_0-sun-jdbc\", rpm:\"java-1_6_0-sun-jdbc~1.6.0.u15~0.1\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_6_0-sun-plugin\", rpm:\"java-1_6_0-sun-plugin~1.6.0.u15~0.1\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_6_0-sun-src\", rpm:\"java-1_6_0-sun-src~1.6.0.u15~0.1\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libapr-util1\", rpm:\"libapr-util1~1.2.8~68.2\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libapr-util1-dbd-mysql\", rpm:\"libapr-util1-dbd-mysql~1.2.8~68.2\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libapr-util1-dbd-pgsql\", rpm:\"libapr-util1-dbd-pgsql~1.2.8~68.2\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libapr-util1-dbd-sqlite3\", rpm:\"libapr-util1-dbd-sqlite3~1.2.8~68.2\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libapr-util1-devel\", rpm:\"libapr-util1-devel~1.2.8~68.2\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libicu\", rpm:\"libicu~3.6~13.4\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libicu-devel\", rpm:\"libicu-devel~3.6~13.4\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libicu-doc\", rpm:\"libicu-doc~3.6~13.4\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libpng\", rpm:\"libpng~1.2.18~15.12\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libpng-devel\", rpm:\"libpng-devel~1.2.18~15.12\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libpurple\", rpm:\"libpurple~2.3.1~26.8\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libpurple-devel\", rpm:\"libpurple-devel~2.3.1~26.8\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libpurple-meanwhile\", rpm:\"libpurple-meanwhile~2.3.1~26.8\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libpurple-mono\", rpm:\"libpurple-mono~2.3.1~26.8\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libsndfile\", rpm:\"libsndfile~1.0.17~81.4\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libsndfile-devel\", rpm:\"libsndfile-devel~1.0.17~81.4\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libsndfile-octave\", rpm:\"libsndfile-octave~1.0.17~81.4\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libsndfile-progs\", rpm:\"libsndfile-progs~1.0.17~81.4\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libtiff3\", rpm:\"libtiff3~3.8.2~68.6\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libxml2\", rpm:\"libxml2~2.6.30~4.13\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libxml2-devel\", rpm:\"libxml2-devel~2.6.30~4.13\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"memcached\", rpm:\"memcached~1.2.2~11.2\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-xulrunner190\", rpm:\"mozilla-xulrunner190~1.9.0.12~1.1\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-xulrunner190-devel\", rpm:\"mozilla-xulrunner190-devel~1.9.0.12~1.1\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-xulrunner190-gnomevfs\", rpm:\"mozilla-xulrunner190-gnomevfs~1.9.0.12~1.1\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-xulrunner190-translations\", rpm:\"mozilla-xulrunner190-translations~1.9.0.12~1.1\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"nagios\", rpm:\"nagios~2.9~48.6\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"nagios-www\", rpm:\"nagios-www~2.9~48.6\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"openswan\", rpm:\"openswan~2.4.7~64.4\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"openswan-doc\", rpm:\"openswan-doc~2.4.7~64.4\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"pidgin\", rpm:\"pidgin~2.3.1~26.8\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"pidgin-devel\", rpm:\"pidgin-devel~2.3.1~26.8\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"python-xpcom190\", rpm:\"python-xpcom190~1.9.0.12~1.1\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"ruby\", rpm:\"ruby~1.8.6.p369~0.1\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"ruby-devel\", rpm:\"ruby-devel~1.8.6.p369~0.1\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"ruby-doc-html\", rpm:\"ruby-doc-html~1.8.6.p369~0.1\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"ruby-doc-ri\", rpm:\"ruby-doc-ri~1.8.6.p369~0.1\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"ruby-examples\", rpm:\"ruby-examples~1.8.6.p369~0.1\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"ruby-test-suite\", rpm:\"ruby-test-suite~1.8.6.p369~0.1\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"ruby-tk\", rpm:\"ruby-tk~1.8.6.p369~0.1\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"subversion\", rpm:\"subversion~1.4.4~30.2\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"subversion-devel\", rpm:\"subversion-devel~1.4.4~30.2\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"subversion-perl\", rpm:\"subversion-perl~1.4.4~30.2\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"subversion-python\", rpm:\"subversion-python~1.4.4~30.2\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"subversion-server\", rpm:\"subversion-server~1.4.4~30.2\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"subversion-tools\", rpm:\"subversion-tools~1.4.4~30.2\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"wget\", rpm:\"wget~1.10.2~78.2\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xfig\", rpm:\"xfig~3.2.5~25.2\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "nessus": [{"lastseen": "2021-08-19T13:07:01", "description": "This update of memcached fixes a signedness problem which may lead to a buffer too small to hold all data received from the network, this may allow arbitrary remote code execution. (CVE-2009-2415) Additionally an information leak was fixed (CVE-2009-1494, CVE-2009-1255 )", "cvss3": {"score": null, "vector": null}, "published": "2009-08-11T00:00:00", "type": "nessus", "title": "openSUSE Security Update : memcached (memcached-1165)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1255", "CVE-2009-1494", "CVE-2009-2415"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:memcached", "cpe:/o:novell:opensuse:11.1"], "id": "SUSE_11_1_MEMCACHED-090806.NASL", "href": "https://www.tenable.com/plugins/nessus/40546", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update memcached-1165.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(40546);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2009-1255\", \"CVE-2009-1494\", \"CVE-2009-2415\");\n\n script_name(english:\"openSUSE Security Update : memcached (memcached-1165)\");\n script_summary(english:\"Check for the memcached-1165 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update of memcached fixes a signedness problem which may lead to\na buffer too small to hold all data received from the network, this\nmay allow arbitrary remote code execution. (CVE-2009-2415)\nAdditionally an information leak was fixed (CVE-2009-1494,\nCVE-2009-1255 )\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=527875\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected memcached package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_cwe_id(189, 200);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:memcached\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/08/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/08/11\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.1\", reference:\"memcached-1.2.6-5.7.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"memcached\");\n}\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T13:06:22", "description": "This update of memcached fixes a signedness problem which may lead to a buffer too small to hold all data received from the network, this may allow arbitrary remote code execution. (CVE-2009-2415) Additionally an information leak was fixed (CVE-2009-1494, CVE-2009-1255 )", "cvss3": {"score": null, "vector": null}, "published": "2009-10-06T00:00:00", "type": "nessus", "title": "openSUSE 10 Security Update : memcached (memcached-6397)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1255", "CVE-2009-1494", "CVE-2009-2415"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:memcached", "cpe:/o:novell:opensuse:10.3"], "id": "SUSE_MEMCACHED-6397.NASL", "href": "https://www.tenable.com/plugins/nessus/42022", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update memcached-6397.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(42022);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2009-1255\", \"CVE-2009-1494\", \"CVE-2009-2415\");\n\n script_name(english:\"openSUSE 10 Security Update : memcached (memcached-6397)\");\n script_summary(english:\"Check for the memcached-6397 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update of memcached fixes a signedness problem which may lead to\na buffer too small to hold all data received from the network, this\nmay allow arbitrary remote code execution. (CVE-2009-2415)\nAdditionally an information leak was fixed (CVE-2009-1494,\nCVE-2009-1255 )\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected memcached package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_cwe_id(189, 200);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:memcached\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:10.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/08/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/10/06\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE10\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"10.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE10.3\", reference:\"memcached-1.2.2-11.2\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"memcached\");\n}\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T13:06:54", "description": "This update of memcached fixes a signedness problem which may lead to a buffer too small to hold all data received from the network, this may allow arbitrary remote code execution. (CVE-2009-2415) Additionally an information leak was fixed (CVE-2009-1494, CVE-2009-1255 )", "cvss3": {"score": null, "vector": null}, "published": "2009-08-11T00:00:00", "type": "nessus", "title": "openSUSE Security Update : memcached (memcached-1165)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1255", "CVE-2009-1494", "CVE-2009-2415"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:memcached", "cpe:/o:novell:opensuse:11.0"], "id": "SUSE_11_0_MEMCACHED-090806.NASL", "href": "https://www.tenable.com/plugins/nessus/40545", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update memcached-1165.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(40545);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2009-1255\", \"CVE-2009-1494\", \"CVE-2009-2415\");\n\n script_name(english:\"openSUSE Security Update : memcached (memcached-1165)\");\n script_summary(english:\"Check for the memcached-1165 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update of memcached fixes a signedness problem which may lead to\na buffer too small to hold all data received from the network, this\nmay allow arbitrary remote code execution. (CVE-2009-2415)\nAdditionally an information leak was fixed (CVE-2009-1494,\nCVE-2009-1255 )\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=527875\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected memcached package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_cwe_id(189, 200);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:memcached\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/08/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/08/11\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.0)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.0\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.0\", reference:\"memcached-1.2.2-49.2\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"memcached\");\n}\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T13:07:55", "description": "- Wed Apr 29 2009 Paul Lindner <lindner at inuus.com> - 1.2.8-1\n\n - Upgrade to memcached-1.2.8\n\n - Addresses CVE-2009-1255\n\n - Wed Feb 25 2009 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 1.2.6-2\n\n - Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild\n\n - Tue Jul 29 2008 Paul Lindner <lindner at inuus.com> - 1.2.6-1\n\n - Upgrade to memcached-1.2.6\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": null, "vector": null}, "published": "2009-05-20T00:00:00", "type": "nessus", "title": "Fedora 10 : memcached-1.2.8-1.fc10 (2009-4199)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1255"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:memcached", "cpe:/o:fedoraproject:fedora:10"], "id": "FEDORA_2009-4199.NASL", "href": "https://www.tenable.com/plugins/nessus/38835", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2009-4199.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(38835);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2009-1255\");\n script_xref(name:\"FEDORA\", value:\"2009-4199\");\n\n script_name(english:\"Fedora 10 : memcached-1.2.8-1.fc10 (2009-4199)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - Wed Apr 29 2009 Paul Lindner <lindner at inuus.com> -\n 1.2.8-1\n\n - Upgrade to memcached-1.2.8\n\n - Addresses CVE-2009-1255\n\n - Wed Feb 25 2009 Fedora Release Engineering <rel-eng at\n lists.fedoraproject.org> - 1.2.6-2\n\n - Rebuilt for\n https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild\n\n - Tue Jul 29 2008 Paul Lindner <lindner at inuus.com> -\n 1.2.6-1\n\n - Upgrade to memcached-1.2.6\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=498271\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2009-May/023752.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?d5e7c1ab\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected memcached package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_cwe_id(200);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:memcached\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:10\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/05/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/05/20\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^10([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 10.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC10\", reference:\"memcached-1.2.8-1.fc10\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"memcached\");\n}\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-10-16T15:42:16", "description": "The version of memcached / MemcacheDB running on the remote host reveals information about the stack, heap, and shared library memory locations it uses. An unauthenticated remote attacker may be able to leverage this weakness to defeat any address space layout randomization (ASLR) protection on the remote host, thereby making buffer overflows easier to exploit.", "cvss3": {"score": null, "vector": null}, "published": "2009-04-29T00:00:00", "type": "nessus", "title": "Memcached / MemcacheDB ASLR Bypass Weakness", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1255"], "modified": "2018-11-15T00:00:00", "cpe": [], "id": "MEMCACHED_ASLR_BYPASS.NASL", "href": "https://www.tenable.com/plugins/nessus/38207", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\ninclude(\"compat.inc\");\n\n\nif (description)\n{\n script_id(38207);\n script_version(\"1.10\");\n\n script_cve_id(\"CVE-2009-1255\");\n script_bugtraq_id(34756);\n script_xref(name:\"Secunia\", value:\"34915\");\n script_xref(name:\"Secunia\", value:\"34932\");\n\n script_name(english:\"Memcached / MemcacheDB ASLR Bypass Weakness\");\n script_summary(english:\"Sends a 'stats maps' command\");\n \n script_set_attribute( attribute:\"synopsis\", value:\n\"The remote object store suffers from a weakness that may make buffer\noverflows easier to exploit.\" );\n script_set_attribute( attribute:\"description\", value:\n\"The version of memcached / MemcacheDB running on the remote host\nreveals information about the stack, heap, and shared library memory\nlocations it uses. An unauthenticated remote attacker may be able to\nleverage this weakness to defeat any address space layout\nrandomization (ASLR) protection on the remote host, thereby making\nbuffer overflows easier to exploit.\" );\n script_set_attribute(\n attribute:\"see_also\", \n value:\"https://www.positronsecurity.com/advisories/2009-001.html\"\n );\n script_set_attribute(\n attribute:\"see_also\", \n value:\"https://seclists.org/fulldisclosure/2009/Apr/281\"\n );\n script_set_attribute(\n attribute:\"see_also\", \n value:\"http://www.nessus.org/u?97546674\"\n );\n script_set_attribute(\n attribute:\"see_also\", \n value:\"http://www.nessus.org/u?24b11223\"\n );\n script_set_attribute( attribute:\"solution\", value:\n\"If using memcached, upgrade to version 1.2.8.\n\nIf using MemcacheDB, upgrade to revision r98 or later from the code\nrepository.\" );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(200);\n script_set_attribute(attribute:\"plugin_publication_date\", value: \"2009/04/29\");\n script_cvs_date(\"Date: 2018/11/15 20:50:23\");\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_end_attributes();\n \n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2009-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"memcached_detect.nasl\");\n script_require_ports(\"Services/memcached\", 11211, 21201);\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\n\nports = add_port_in_list(list:get_kb_list(\"Services/memcached\"), port:11211);\nports = add_port_in_list(list:ports, port:21201);\n\nforeach port (ports)\n{\n if (!get_port_state(port)) continue;\n\n soc = open_sock_tcp(port);\n if (soc)\n {\n req = \"stats maps\";\n send(socket:soc, data:string(req, \"\\r\\n\"));\n res = recv(socket:soc, length:8192);\n\n # There's a problem if...\n if (\n # we get a response and...\n !isnull(res) && \n (\n # either there's an error or...\n stridx(res, 'SERVER_ERROR ') == 0 ||\n # we see a map\n egrep(pattern:\"^[0-9a-f]+-[0-9a-f]+[ \t][-r][-w][-x]p[ \t]\", string:res)\n )\n )\n {\n if (report_verbosity > 0)\n {\n max_lines = 10;\n n = 0;\n output = \"\";\n\n foreach line (split(res, keep:TRUE))\n {\n output += line;\n if (n++ > max_lines) break;\n }\n report = string(\n \"\\n\",\n \"Here is the output of sending a '\", req, \"' command to the remote\\n\",\n \"service :\\n\",\n \"\\n\",\n crap(data:\"-\", length:30), \" snip \", crap(data:\"-\", length:30), \"\\n\",\n output,\n crap(data:\"-\", length:30), \" snip \", crap(data:\"-\", length:30), \"\\n\"\n );\n if (n < max_index(split(res)))\n {\n report = string(\n report,\n \"\\n\",\n \"Note that only the first \", max_lines, \" lines of output are reported.\\n\"\n );\n }\n if (stridx(res, 'SERVER_ERROR ') == 0)\n {\n report = string(\n report,\n \"\\n\",\n \"Note that while the server responded with an error, the error itself\\n\",\n \"indicates the weakness in the code is still present.\\n\"\n );\n }\n\n security_warning(port:port, extra:report);\n }\n else security_warning(port);\n }\n\n close(soc);\n }\n}\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-08-19T13:07:53", "description": "- Wed Apr 29 2009 Paul Lindner <lindner at inuus.com> - 1.2.8-1\n\n - Upgrade to memcached-1.2.8\n\n - Addresses CVE-2009-1255\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": null, "vector": null}, "published": "2009-05-27T00:00:00", "type": "nessus", "title": "Fedora 11 : memcached-1.2.8-1.fc11 (2009-4542)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1255"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:memcached", "cpe:/o:fedoraproject:fedora:11"], "id": "FEDORA_2009-4542.NASL", "href": "https://www.tenable.com/plugins/nessus/38916", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2009-4542.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(38916);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2009-1255\");\n script_xref(name:\"FEDORA\", value:\"2009-4542\");\n\n script_name(english:\"Fedora 11 : memcached-1.2.8-1.fc11 (2009-4542)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - Wed Apr 29 2009 Paul Lindner <lindner at inuus.com> -\n 1.2.8-1\n\n - Upgrade to memcached-1.2.8\n\n - Addresses CVE-2009-1255\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=498271\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2009-May/024157.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?caf22dcc\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected memcached package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_cwe_id(200);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:memcached\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/05/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/05/27\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^11([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 11.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC11\", reference:\"memcached-1.2.8-1.fc11\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"memcached\");\n}\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-08-19T13:07:00", "description": "Secunia reports :\n\nA weakness has been reported in memcached, which can be exploited by malicious people to disclose system information.\n\nThe weakness is caused due to the application disclosing the content of /proc/self/maps if a stats maps command is received. This can be exploited to disclose e.g. the addresses of allocated memory regions.", "cvss3": {"score": null, "vector": null}, "published": "2009-08-20T00:00:00", "type": "nessus", "title": "FreeBSD : memcached -- memcached stats maps Information Disclosure Weakness (86ada694-8b30-11de-b9d0-000c6e274733)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1255"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:memcached", "cpe:/o:freebsd:freebsd"], "id": "FREEBSD_PKG_86ADA6948B3011DEB9D0000C6E274733.NASL", "href": "https://www.tenable.com/plugins/nessus/40660", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(40660);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2009-1255\");\n script_xref(name:\"Secunia\", value:\"34915\");\n\n script_name(english:\"FreeBSD : memcached -- memcached stats maps Information Disclosure Weakness (86ada694-8b30-11de-b9d0-000c6e274733)\");\n script_summary(english:\"Checks for updated package in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote FreeBSD host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Secunia reports :\n\nA weakness has been reported in memcached, which can be exploited by\nmalicious people to disclose system information.\n\nThe weakness is caused due to the application disclosing the content\nof /proc/self/maps if a stats maps command is received. This can be\nexploited to disclose e.g. the addresses of allocated memory regions.\"\n );\n # https://vuxml.freebsd.org/freebsd/86ada694-8b30-11de-b9d0-000c6e274733.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?9aea2ead\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_cwe_id(200);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:memcached\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2009/04/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/08/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/08/20\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"memcached<1.2.8\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-08-19T13:07:01", "description": "A vulnerability has been found and corrected in memcached :\n\nMultiple integer overflows in memcached 1.1.12 and 1.2.2 allow remote attackers to execute arbitrary code via vectors involving length attributes that trigger heap-based buffer overflows (CVE-2009-2415).\n\nThis update provides a solution to this vulnerability. Additionally memcached-1.2.x has been upgraded to 1.2.8 for 2009.0/2009.1 and MES 5 that contains a number of upstream fixes, the repcached patch has been upgraded to 2.2 as well.", "cvss3": {"score": null, "vector": null}, "published": "2009-08-17T00:00:00", "type": "nessus", "title": "Mandriva Linux Security Advisory : memcached (MDVSA-2009:202)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-2415"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:mandriva:linux:memcached", "cpe:/o:mandriva:linux:2009.0", "cpe:/o:mandriva:linux:2009.1"], "id": "MANDRIVA_MDVSA-2009-202.NASL", "href": "https://www.tenable.com/plugins/nessus/40596", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2009:202. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(40596);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2009-2415\");\n script_bugtraq_id(35989);\n script_xref(name:\"MDVSA\", value:\"2009:202\");\n\n script_name(english:\"Mandriva Linux Security Advisory : memcached (MDVSA-2009:202)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Mandriva Linux host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A vulnerability has been found and corrected in memcached :\n\nMultiple integer overflows in memcached 1.1.12 and 1.2.2 allow remote\nattackers to execute arbitrary code via vectors involving length\nattributes that trigger heap-based buffer overflows (CVE-2009-2415).\n\nThis update provides a solution to this vulnerability. Additionally\nmemcached-1.2.x has been upgraded to 1.2.8 for 2009.0/2009.1 and MES 5\nthat contains a number of upstream fixes, the repcached patch has been\nupgraded to 2.2 as well.\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected memcached package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:ND\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:memcached\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2009.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2009.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/08/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/08/17\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK2009.0\", reference:\"memcached-1.2.8-0.1mdv2009.0\", yank:\"mdv\")) flag++;\n\nif (rpm_check(release:\"MDK2009.1\", reference:\"memcached-1.2.8-0.1mdv2009.1\", yank:\"mdv\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T13:05:52", "description": "Addresses CVE-2009-2415\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": null, "vector": null}, "published": "2009-12-14T00:00:00", "type": "nessus", "title": "Fedora 11 : memcached-1.2.8-2.fc11 (2009-12552)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-2415"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:memcached", "cpe:/o:fedoraproject:fedora:11"], "id": "FEDORA_2009-12552.NASL", "href": "https://www.tenable.com/plugins/nessus/43115", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2009-12552.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(43115);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2009-2415\");\n script_bugtraq_id(35989);\n script_xref(name:\"FEDORA\", value:\"2009-12552\");\n\n script_name(english:\"Fedora 11 : memcached-1.2.8-2.fc11 (2009-12552)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Addresses CVE-2009-2415\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=516489\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2009-December/032645.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?910914e4\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected memcached package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:ND\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:memcached\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/12/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/12/14\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^11([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 11.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC11\", reference:\"memcached-1.2.8-2.fc11\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"memcached\");\n}\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T13:05:16", "description": "Ronald Volgers discovered that memcached, a high-performance memory object caching system, is vulnerable to several heap-based buffer overflows due to integer conversions when parsing certain length attributes. An attacker can use this to execute arbitrary code on the system running memcached (on etch with root privileges).", "cvss3": {"score": null, "vector": null}, "published": "2010-02-24T00:00:00", "type": "nessus", "title": "Debian DSA-1853-1 : memcached - heap-based buffer overflow", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-2415"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:memcached", "cpe:/o:debian:debian_linux:4.0", "cpe:/o:debian:debian_linux:5.0"], "id": "DEBIAN_DSA-1853.NASL", "href": "https://www.tenable.com/plugins/nessus/44718", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-1853. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(44718);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2009-2415\");\n script_xref(name:\"DSA\", value:\"1853\");\n\n script_name(english:\"Debian DSA-1853-1 : memcached - heap-based buffer overflow\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Ronald Volgers discovered that memcached, a high-performance memory\nobject caching system, is vulnerable to several heap-based buffer\noverflows due to integer conversions when parsing certain length\nattributes. An attacker can use this to execute arbitrary code on the\nsystem running memcached (on etch with root privileges).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2009/dsa-1853\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the memcached packages.\n\nFor the oldstable distribution (etch), this problem has been fixed in\nversion 1.1.12-1+etch1.\n\nFor the stable distribution (lenny), this problem has been fixed in\nversion 1.2.2-1+lenny1.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_cwe_id(189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:memcached\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:4.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:5.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/08/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/02/24\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"4.0\", prefix:\"memcached\", reference:\"1.1.12-1+etch1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"memcached\", reference:\"1.2.2-1+lenny1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T13:07:50", "description": "The process_stat function in Memcached prior 1.2.8 discloses memory-allocation statistics in response to a stats malloc command, which allows remote attackers to obtain potentially sensitive information by sending this command to the daemon's TCP port (CVE-2009-1255, CVE-2009-1494).\n\nThe updated packages have been patched to prevent this.", "cvss3": {"score": null, "vector": null}, "published": "2009-05-05T00:00:00", "type": "nessus", "title": "Mandriva Linux Security Advisory : memcached (MDVSA-2009:105)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1255", "CVE-2009-1494"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:mandriva:linux:memcached", "cpe:/o:mandriva:linux:2009.0", "cpe:/o:mandriva:linux:2009.1"], "id": "MANDRIVA_MDVSA-2009-105.NASL", "href": "https://www.tenable.com/plugins/nessus/38683", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2009:105. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(38683);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2009-1255\", \"CVE-2009-1494\");\n script_xref(name:\"MDVSA\", value:\"2009:105\");\n\n script_name(english:\"Mandriva Linux Security Advisory : memcached (MDVSA-2009:105)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Mandriva Linux host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The process_stat function in Memcached prior 1.2.8 discloses\nmemory-allocation statistics in response to a stats malloc command,\nwhich allows remote attackers to obtain potentially sensitive\ninformation by sending this command to the daemon's TCP port\n(CVE-2009-1255, CVE-2009-1494).\n\nThe updated packages have been patched to prevent this.\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected memcached package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_cwe_id(200);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:memcached\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2009.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2009.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/05/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/05/05\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK2009.0\", reference:\"memcached-1.2.6-2.1mdv2009.0\", yank:\"mdv\")) flag++;\n\nif (rpm_check(release:\"MDK2009.1\", reference:\"memcached-1.2.6-4.1mdv2009.1\", yank:\"mdv\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-08-19T12:49:34", "description": "The remote host is affected by the vulnerability described in GLSA-201406-13 (memcached: Multiple vulnerabilities)\n\n memcached authentication could be bypassed when using SASL due to a flaw related to SASL authentication state. Also several heap-based buffer overflows due to integer conversions when parsing certain length attributes were discovered.\n Impact :\n\n A remote attacker could possibly execute arbitrary code with the privileges of the process, cause a Denial of Service condition or authenticate with invalid SASL credentials, bypassing memcached authentication completely.\n Workaround :\n\n There is no known workaround at this time.", "cvss3": {"score": null, "vector": null}, "published": "2014-06-16T00:00:00", "type": "nessus", "title": "GLSA-201406-13 : memcached: Multiple vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-2415", "CVE-2011-4971", "CVE-2013-0179", "CVE-2013-7239", "CVE-2013-7290", "CVE-2013-7291"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:gentoo:linux:memcached", "cpe:/o:gentoo:linux"], "id": "GENTOO_GLSA-201406-13.NASL", "href": "https://www.tenable.com/plugins/nessus/76064", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 201406-13.\n#\n# The advisory text is Copyright (C) 2001-2016 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(76064);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2009-2415\", \"CVE-2011-4971\", \"CVE-2013-0179\", \"CVE-2013-7239\", \"CVE-2013-7290\", \"CVE-2013-7291\");\n script_bugtraq_id(35989, 59567, 64559, 64978, 64988, 64989);\n script_xref(name:\"GLSA\", value:\"201406-13\");\n\n script_name(english:\"GLSA-201406-13 : memcached: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-201406-13\n(memcached: Multiple vulnerabilities)\n\n memcached authentication could be bypassed when using SASL due to a flaw\n related to SASL authentication state. Also several heap-based buffer\n overflows due to integer conversions when parsing certain length\n attributes were discovered.\n \nImpact :\n\n A remote attacker could possibly execute\n arbitrary code with the privileges of the process, cause a Denial of\n Service condition or authenticate with invalid SASL credentials,\n bypassing memcached authentication completely.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/201406-13\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All memcached users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=net-misc/memcached-1.4.17'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:memcached\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/06/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/16\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"net-misc/memcached\", unaffected:make_list(\"ge 1.4.17\"), vulnerable:make_list(\"lt 1.4.17\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"memcached\");\n}\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "securityvulns": [{"lastseen": "2021-06-08T19:18:21", "bulletinFamily": "software", "cvelist": ["CVE-2009-1255"], "description": "Unauthorized user can obtain information about process memory layout, making code execution protection techniques ineffective.", "edition": 2, "modified": "2009-05-01T00:00:00", "published": "2009-05-01T00:00:00", "id": "SECURITYVULNS:VULN:9881", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:9881", "title": "Memcached / MemcacheDB information leak", "type": "securityvulns", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2018-08-31T11:10:30", "description": "-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n\r\n\r\n POSITRON SECURITY LLC\r\n <http://www.positronsecurity.com/>\r\n\r\n\r\n Security Advisory #2009-001\r\n Memcached and MemcacheDB ASLR Bypass Weakness\r\n\r\n\r\n\r\nAuthor: Joe Testa <jt _at_sign_ positronsecurity_dot_com>\r\nDate: April 28th, 2009\r\nURL: <http://www.positronsecurity.com/advisories/2009-001.html>\r\n\r\n\r\n\r\nI. Executive Summary\r\n\r\n Memcached [1] is a popular open-source, multi-platform database-\r\ncaching software program used to alleviate repetitive database\r\noperations. It was originally developed by Danga Interactive [2].\r\nMemcacheDB [3] is a fork of the memcached project which adds\r\npersistent storage using the BerkeleyDB database engine [4].\r\n\r\n An implementation weakness that impacts security was identified\r\nin memcached v1.2.7 and MemcacheDB v1.2.0. Users in high-security\r\nenvironments should consider upgrading to memcached v1.2.8 and/or\r\na fixed version of MemcacheDB to protect against potential attacks.\r\n\r\n\r\n\r\nII. Overview\r\n\r\n During an audit of the memcached v1.2.7 source code, it was\r\nfound that the software divulges its stack, heap, and shared library\r\nmemory locations. This effectively disables address space layout\r\nrandomization (ASLR) [5] protection, making potential buffer overflow\r\nvulnerabilities much easier to exploit. The same behavior exists in\r\nMemcacheDB v1.2.0.\r\n\r\n\r\n\r\nIII. Detailed Description\r\n\r\n By simply connecting to the memcached TCP port (default: 11211)\r\nor MemcacheDB's TCP port (default: 21201) and issuing a 'stats maps'\r\ncommand, the software will directly pipe the output of\r\n/proc/self/maps to the client (see memcached.c:1153 and\r\nmemcachedb.c:946).\r\n\r\n\r\n jdog@thegibson:~$ telnet 192.168.x.x 11211\r\n Trying 192.168.x.x...\r\n Connected to localhost.\r\n Escape character is '^]'.\r\n stats maps\r\n 08048000-08053000 r-xp 00000000 fe:01 5934920 /home/jdog/ \\r\n sources/memcached-1.2.7/memcached\r\n 08053000-08054000 rw-p 0000b000 fe:01 5934920 /home/jdog/ \\r\n sources/memcached-1.2.7/memcached\r\n 08054000-080a4000 rw-p 08054000 00:00 0 [heap]\r\n b7d0a000-b7d4d000 rw-p b7d0a000 00:00 0\r\n b7d4d000-b7d61000 r-xp 00000000 fe:01 2555942 /lib/tls/i686/ \\r\n cmov/libpthread-2.7.so\r\n b7d61000-b7d63000 rw-p 00013000 fe:01 2555942 /lib/tls/i686/ \\r\n cmov/libpthread-2.7.so\r\n b7d63000-b7d65000 rw-p b7d63000 00:00 0\r\n b7d65000-b7d74000 r-xp 00000000 fe:01 2555943 /lib/tls/i686/ \\r\n cmov/libresolv-2.7.so\r\n b7d74000-b7d76000 rw-p 0000f000 fe:01 2555943 /lib/tls/i686/ \\r\n cmov/libresolv-2.7.so\r\n b7d76000-b7d78000 rw-p b7d76000 00:00 0\r\n b7d78000-b7d7f000 r-xp 00000000 fe:01 2555944 /lib/tls/i686/ \\r\n cmov/librt-2.7.so\r\n b7d7f000-b7d81000 rw-p 00006000 fe:01 2555944 /lib/tls/i686/ \\r\n cmov/librt-2.7.so\r\n b7d81000-b7d95000 r-xp 00000000 fe:01 2555934 /lib/tls/i686/ \\r\n cmov/libnsl-2.7.so\r\n b7d95000-b7d97000 rw-p 00013000 fe:01 2555934 /lib/tls/i686/ \\r\n cmov/libnsl-2.7.so\r\n b7d97000-b7d9a000 rw-p b7d97000 00:00 0\r\n b7d9a000-b7ee3000 r-xp 00000000 fe:01 2555928 /lib/tls/i686/ \\r\n cmov/libc-2.7.so\r\n b7ee3000-b7ee4000 r--p 00149000 fe:01 2555928 /lib/tls/i686/ \\r\n cmov/libc-2.7.so\r\n b7ee4000-b7ee6000 rw-p 0014a000 fe:01 2555928 /lib/tls/i686/ \\r\n cmov/libc-2.7.so\r\n b7ee6000-b7ee9000 rw-p b7ee6000 00:00 0\r\n b7ee9000-b7efc000 r-xp 00000000 fe:01 614755 /usr/lib/ \\r\n libevent-1.3e.so.1.0.3\r\n b7efc000-b7efd000 rw-p 00013000 fe:01 614755 /usr/lib/ \\r\n libevent-1.3e.so.1.0.3\r\n b7efd000-b7efe000 rw-p b7efd000 00:00 0\r\n b7f0e000-b7f10000 rw-p b7f0e000 00:00 0\r\n b7f10000-b7f11000 r-xp b7f10000 00:00 0 [vdso]\r\n b7f11000-b7f2b000 r-xp 00000000 fe:01 2557432 /lib/ld-2.7.so\r\n b7f2b000-b7f2d000 rw-p 00019000 fe:01 2557432 /lib/ld-2.7.so\r\n bfce7000-bfcfc000 rw-p bffeb000 00:00 0 [stack]\r\n END\r\n\r\n\r\n Since neither memcached nor MemcacheDB do any authentication, a\r\nwell-known requirement is that the services must never be accessible\r\nby untrusted machines. If an untrusted machine were to access the\r\nservices, then any contents of the cache could be read and/or\r\nmodified; arbitrary data could be inserted as well.\r\n\r\n Even in light of this requirement, it remains reasonable for an\r\nadministrator to expect that using these pieces of software would\r\nnot allow a trusted machine to execute arbitrary code. By extension,\r\nit remains reasonable for an administrator to rely on ASLR protections\r\nto thwart any potential buffer overflow attacks. Because of these\r\nreasonable assumptions, and because no explicit documentation warns\r\nusers of this non-obvious feature and its non-obvious impact, this\r\nissue qualifies as a security weakness.\r\n\r\n This issue has been assigned the following CVE ID: CVE-2009-1255.\r\n\r\n\r\n\r\nIV. Solution\r\n\r\n The offending functionality was removed from the software, thus\r\nreinstating ASLR protection. Users in high-security environments may\r\nconsider upgrading to better protect against potential buffer\r\noverflow vulnerabilities.\r\n\r\n memcached v1.2.8 was released to address this issue and can be\r\ndownloaded at\r\n<http://memcached.googlecode.com/files/memcached-1.2.8.tar.gz>. The\r\nofficial release announcement can be viewed at\r\n<http://groups.google.com/group/memcached/browse_thread/thread/ \\r\nff96a9b88fb5d40e>.\r\n\r\n The maintainer of MemcacheDB claimed to fix the issue in the\r\ncode repository, but unfortunately, has not released a stable\r\npackage containing it (see section V below for details). In the\r\nmeantime, the following unofficial patch can be applied to the\r\nsource tree of MemcacheDB v1.2.0:\r\n\r\n- ----\r\ndiff -ru memcachedb.c memcachedb.c.fixed\r\n- --- memcachedb.c 2008-10-14 01:40:58.000000000 -0400\r\n+++ memcachedb.c.fixed 2009-04-28 12:15:12.000000000 -0400\r\n@@ -931,43 +931,6 @@\r\n #endif /* HAVE_STRUCT_MALLINFO */\r\n #endif /* HAVE_MALLOC_H */\r\n\r\n- -#if !defined(WIN32) || !defined(__APPLE__)\r\n- - if (strcmp(subcommand, "maps") == 0) {\r\n- - char *wbuf;\r\n- - int wsize = 8192; /* should be enough */\r\n- - int fd;\r\n- - int res;\r\n- -\r\n- - if ((wbuf = (char *)malloc(wsize)) == NULL) {\r\n- - out_string(c, "SERVER_ERROR out of memory writing\r\nstats maps");\r\n- - return;\r\n- - }\r\n- -\r\n- - fd = open("/proc/self/maps", O_RDONLY);\r\n- - if (fd == -1) {\r\n- - out_string(c, "SERVER_ERROR cannot open the maps file");\r\n- - free(wbuf);\r\n- - return;\r\n- - }\r\n- -\r\n- - res = read(fd, wbuf, wsize - 6); /* 6 = END\r\n\0 */\r\n- - if (res == wsize - 6) {\r\n- - out_string(c, "SERVER_ERROR buffer overflow");\r\n- - free(wbuf); close(fd);\r\n- - return;\r\n- - }\r\n- - if (res == 0 || res == -1) {\r\n- - out_string(c, "SERVER_ERROR can't read the maps file");\r\n- - free(wbuf); close(fd);\r\n- - return;\r\n- - }\r\n- - memcpy(wbuf + res, "END\r\n", 5);\r\n- - write_and_free(c, wbuf, res + 5);\r\n- - close(fd);\r\n- - return;\r\n- - }\r\n- -#endif\r\n- -\r\n out_string(c, "ERROR");\r\n }\r\n\r\n\r\n- ----\r\n\r\n The above patch can be applied to the MemcacheDB v1.2.0\r\nsources with:\r\n\r\n $ cd memcachedb-1.2.0\r\n $ patch < ../memcachedb.patch\r\n\r\n The source tree must then be re-compiled and the existing\r\nvulnerable 'memcachedb' binary replaced with the fixed result.\r\n\r\n\r\n\r\nV. Vendor Timeline\r\n\r\n Contacting the vendor of memcached proved difficult at first\r\nbecause the contents of the packaged AUTHORS file was apparently\r\nout of date. Once the proper maintainer was located (Dormando),\r\nthe issue was fixed quickly.\r\n\r\n The maintainer of MemcacheDB fixed the problem quickly in the\r\nsource code repository, but never released a fixed stable version\r\nafter claiming one was on the way; subsequent attempts to contact\r\nthe maintainer have been ignored.\r\n\r\n\r\n March 31st, 2009: Using the contents of the packaged AUTHORS\r\n file, Brad Fitzpatrick and Anatoly Vorobey\r\n were notified via e-mail.\r\n\r\n April 7th, 2009: After receiving no reply from the official\r\n maintainers, a request to contact any\r\n acting maintainer(s) was made to the memcached\r\n mailing list at <http://groups.google.com/ \\r\n group/memcached/browse_thread/thread/ \\r\n ff92b3d1a6191e4d#>. Dormando identified\r\n himself as a maintainer via e-mail, and was\r\n notified of the issue.\r\n\r\n April 10th, 2009: Dormando released v1.2.8 to resolve the issue.\r\n\r\n April 13th, 2009: Steve Chu, the maintainer of MemcacheDB, was\r\n notified of the issue. He replied that he\r\n would fix it.\r\n\r\n April 14th, 2009: Steve Chu sent notification that the issue\r\n was fixed in the code repository and provided\r\n the following link: <http://code.google.com/ \\r\n p/memcachedb/source/detail?r=98>.\r\n\r\n April 15th, 2009: Steve Chu was asked when a stable release would\r\n be available.\r\n\r\n April 17th, 2009: Steve Chu was again asked when a stable release\r\n would be available.\r\n\r\n April 18th, 2009: Steve Chu indicated that a stable release\r\n containing the fix would be available "a couple\r\n of days later."\r\n\r\n April 24th, 2009: An update was requested from Steve Chu regarding\r\n the release date for the fixed stable version\r\n of MemcacheDB. As of April 28th, 2009, no reply\r\n was received.\r\n\r\n\r\n\r\nVI. References\r\n\r\n[1] "memcached: a distributed memory object caching system",\r\n <http://www.danga.com/memcached/>, Retrieved April 13th, 2009.\r\n\r\n[2] No title, <http://www.danga.com/>, Retrieved April 13th, 2009.\r\n\r\n[3] "MemcacheDB: A distributed key-value storage system designed\r\n for persistent", <http://memcachedb.org/>, Retrieved April\r\n 13th, 2009.\r\n\r\n[4] "Oracle Berkeley DB", <http://www.oracle.com/technology/ \\r\n products/berkeley-db/db/index.html>, Retrieved April 13th, 2009.\r\n\r\n[5] "Address space layout randomization - Wikipedia, the free\r\n encyclopedia",\r\n <http://en.wikipedia.org/wiki/Address_space_layout_randomization>,\r\n Retrieved April 13th, 2009.\r\n\r\n\r\n- ----\r\n\r\nKey: <http://www.positronsecurity.com/keys/positron_security_2009.key.asc>\r\nFingerprint: F567 5BEF 3450 A521 C00D 2690 D7BD 2A5C 9644 9804\r\n\r\nTwitter: therealjoetesta\r\n\r\nCopyright 2009, Positron Security LLC. All rights reserved.\r\n\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.6 (GNU/Linux)\r\n\r\niD8DBQFJ92Ag170qXJZEmAQRAgxpAKCEi+fo6p7YSMDVliMcvULCB+d/eACgiSAh\r\nSRm5HmTlQ/0DOJfaw8KXug8=\r\n=XvSh\r\n-----END PGP SIGNATURE-----", "edition": 1, "cvss3": {}, "published": "2009-05-01T00:00:00", "title": "Positron Security Advisory #2009-001: Memcached and MemcacheDB ASLR Bypass Weakness", "type": "securityvulns", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2009-1255"], "modified": "2009-05-01T00:00:00", "id": "SECURITYVULNS:DOC:21753", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:21753", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2018-08-31T11:10:31", "description": "-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n- --------------------------------------------------------------------------\r\nDebian Security Advisory DSA-1853-1 security@debian.org\r\nhttp://www.debian.org/security/ Nico Golde\r\nAugust 7th, 2009 http://www.debian.org/security/faq\r\n- --------------------------------------------------------------------------\r\n\r\nPackage : memcached\r\nVulnerability : heap-based buffer overflow\r\nProblem type : remote\r\nDebian-specific: no\r\nCVE ID : CVE-2009-2415\r\n\r\nRonald Volgers discovered that memcached, a high-performance memory object\r\ncaching system, is vulnerable to several heap-based buffer overflows due\r\nto integer conversions when parsing certain length attributes. An\r\nattacker can use this to execute arbitrary code on the system running\r\nmemcached (on etch with root privileges).\r\n\r\n\r\nFor the oldstable distribution (etch), this problem has been fixed in\r\nversion 1.1.12-1+etch1.\r\n\r\nFor the stable distribution (lenny), this problem has been fixed in\r\nversion 1.2.2-1+lenny1.\r\n\r\nFor the testing (squeeze) and unstable (sid) distribution , this problem\r\nwill be fixed soon.\r\n\r\n\r\nWe recommend that you upgrade your memcached packages.\r\n\r\nUpgrade instructions\r\n- --------------------\r\n\r\nwget url\r\n will fetch the file for you\r\ndpkg -i file.deb\r\n will install the referenced file.\r\n\r\nIf you are using the apt-get package manager, use the line for\r\nsources.list as given below:\r\n\r\napt-get update\r\n will update the internal database\r\napt-get upgrade\r\n will install corrected packages\r\n\r\nYou may use an automated update by adding the resources from the\r\nfooter to the proper configuration.\r\n\r\n\r\nDebian GNU/Linux 4.0 alias etch\r\n- -------------------------------\r\n\r\nDebian (oldstable)\r\n- ------------------\r\n\r\nOldstable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390\r\nand sparc.\r\n\r\nSource archives:\r\n\r\n http://security.debian.org/pool/updates/main/m/memcached/memcached_1.1.12-1+etch1.dsc\r\n Size/MD5 checksum: 606 9a63482efb7bfb3191151a0b10b35555\r\n http://security.debian.org/pool/updates/main/m/memcached/memcached_1.1.12.orig.tar.gz\r\n Size/MD5 checksum: 114103 a1236dad33e9ac6c36d53faa8da61780\r\n http://security.debian.org/pool/updates/main/m/memcached/memcached_1.1.12-1+etch1.diff.gz\r\n Size/MD5 checksum: 5036 ed868d7fe781857da5521be8e7990dcf\r\n\r\nalpha architecture (DEC Alpha)\r\n\r\n http://security.debian.org/pool/updates/main/m/memcached/memcached_1.1.12-1+etch1_alpha.deb\r\n Size/MD5 checksum: 37136 12da02a8e31acb33ca3fd15ed3753d3d\r\n\r\namd64 architecture (AMD x86_64 (AMD64))\r\n\r\n http://security.debian.org/pool/updates/main/m/memcached/memcached_1.1.12-1+etch1_amd64.deb\r\n Size/MD5 checksum: 35120 22ca27f910d20339f8c8eebf86a2993c\r\n\r\narm architecture (ARM)\r\n\r\n http://security.debian.org/pool/updates/main/m/memcached/memcached_1.1.12-1+etch1_arm.deb\r\n Size/MD5 checksum: 34078 2ef29a9d59010d5bd632b77c5b3cb19e\r\n\r\nhppa architecture (HP PA RISC)\r\n\r\n http://security.debian.org/pool/updates/main/m/memcached/memcached_1.1.12-1+etch1_hppa.deb\r\n Size/MD5 checksum: 36180 e7f189a8888aabd4098d08ea45d968df\r\n\r\ni386 architecture (Intel ia32)\r\n\r\n http://security.debian.org/pool/updates/main/m/memcached/memcached_1.1.12-1+etch1_i386.deb\r\n Size/MD5 checksum: 33578 92577cf894c3cb5ea31c5afe46ea29e1\r\n\r\nia64 architecture (Intel ia64)\r\n\r\n http://security.debian.org/pool/updates/main/m/memcached/memcached_1.1.12-1+etch1_ia64.deb\r\n Size/MD5 checksum: 42662 f32d322349e596606f256680b8f4df77\r\n\r\nmips architecture (MIPS (Big Endian))\r\n\r\n http://security.debian.org/pool/updates/main/m/memcached/memcached_1.1.12-1+etch1_mips.deb\r\n Size/MD5 checksum: 36228 7f3ea92644ea51084d7c0fdb0fd2c058\r\n\r\nmipsel architecture (MIPS (Little Endian))\r\n\r\n http://security.debian.org/pool/updates/main/m/memcached/memcached_1.1.12-1+etch1_mipsel.deb\r\n Size/MD5 checksum: 36250 a3b97ae608eddf08378fe497f3a2077c\r\n\r\npowerpc architecture (PowerPC)\r\n\r\n http://security.debian.org/pool/updates/main/m/memcached/memcached_1.1.12-1+etch1_powerpc.deb\r\n Size/MD5 checksum: 36314 0bc6427cdfb2ebb3a468bb50169c255a\r\n\r\ns390 architecture (IBM S/390)\r\n\r\n http://security.debian.org/pool/updates/main/m/memcached/memcached_1.1.12-1+etch1_s390.deb\r\n Size/MD5 checksum: 35380 c9b8cb353dd7cc6230fb6feac27f5802\r\n\r\nsparc architecture (Sun SPARC/UltraSPARC)\r\n\r\n http://security.debian.org/pool/updates/main/m/memcached/memcached_1.1.12-1+etch1_sparc.deb\r\n Size/MD5 checksum: 33348 1230f81f8c821e829fcdc59ce2b4841b\r\n\r\n\r\nDebian GNU/Linux 5.0 alias lenny\r\n- --------------------------------\r\n\r\nDebian (stable)\r\n- ---------------\r\n\r\nStable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc,\r\ns390 and sparc.\r\n\r\nSource archives:\r\n\r\n http://security.debian.org/pool/updates/main/m/memcached/memcached_1.2.2-1+lenny1.dsc\r\n Size/MD5 checksum: 1003 e2c6982872f043ecaa826889bddbffa7\r\n http://security.debian.org/pool/updates/main/m/memcached/memcached_1.2.2.orig.tar.gz\r\n Size/MD5 checksum: 166201 a08851f7fa7b15e92ee6320b7a79c321\r\n http://security.debian.org/pool/updates/main/m/memcached/memcached_1.2.2-1+lenny1.diff.gz\r\n Size/MD5 checksum: 4624 54f919c679fbb376f2883819e3d67ada\r\n\r\nalpha architecture (DEC Alpha)\r\n\r\n http://security.debian.org/pool/updates/main/m/memcached/memcached_1.2.2-1+lenny1_alpha.deb\r\n Size/MD5 checksum: 50870 fad5be29b7231adc04161fea3557046a\r\n\r\namd64 architecture (AMD x86_64 (AMD64))\r\n\r\n http://security.debian.org/pool/updates/main/m/memcached/memcached_1.2.2-1+lenny1_amd64.deb\r\n Size/MD5 checksum: 47416 4b488a56ddddc43037f8788a3af944de\r\n\r\narm architecture (ARM)\r\n\r\n http://security.debian.org/pool/updates/main/m/memcached/memcached_1.2.2-1+lenny1_arm.deb\r\n Size/MD5 checksum: 45876 ee8373eb90be8d4c7ab96be7075330ec\r\n\r\narmel architecture (ARM EABI)\r\n\r\n http://security.debian.org/pool/updates/main/m/memcached/memcached_1.2.2-1+lenny1_armel.deb\r\n Size/MD5 checksum: 47516 c73b57ac18a20dbad1b58887ae598c49\r\n\r\nhppa architecture (HP PA RISC)\r\n\r\n http://security.debian.org/pool/updates/main/m/memcached/memcached_1.2.2-1+lenny1_hppa.deb\r\n Size/MD5 checksum: 47974 3fbd7a57bf48a6decda69b0fdc81ccfc\r\n\r\ni386 architecture (Intel ia32)\r\n\r\n http://security.debian.org/pool/updates/main/m/memcached/memcached_1.2.2-1+lenny1_i386.deb\r\n Size/MD5 checksum: 45042 a1f4534c8649d73e55a31d043133e23c\r\n\r\nia64 architecture (Intel ia64)\r\n\r\n http://security.debian.org/pool/updates/main/m/memcached/memcached_1.2.2-1+lenny1_ia64.deb\r\n Size/MD5 checksum: 59314 feb4dd69d62a290921fc1205ed10a6f0\r\n\r\nmips architecture (MIPS (Big Endian))\r\n\r\n http://security.debian.org/pool/updates/main/m/memcached/memcached_1.2.2-1+lenny1_mips.deb\r\n Size/MD5 checksum: 47760 a94db07e8fbcd0d2124b32ab22fb448f\r\n\r\nmipsel architecture (MIPS (Little Endian))\r\n\r\n http://security.debian.org/pool/updates/main/m/memcached/memcached_1.2.2-1+lenny1_mipsel.deb\r\n Size/MD5 checksum: 48264 fbe37552809c4c85e87b74df0c1a2628\r\n\r\npowerpc architecture (PowerPC)\r\n\r\n http://security.debian.org/pool/updates/main/m/memcached/memcached_1.2.2-1+lenny1_powerpc.deb\r\n Size/MD5 checksum: 50058 2b1acee838d74e7f99d7a07b0442beba\r\n\r\ns390 architecture (IBM S/390)\r\n\r\n http://security.debian.org/pool/updates/main/m/memcached/memcached_1.2.2-1+lenny1_s390.deb\r\n Size/MD5 checksum: 47950 fd34aa8828a11fa62ce68898b3f257e5\r\n\r\nsparc architecture (Sun SPARC/UltraSPARC)\r\n\r\n http://security.debian.org/pool/updates/main/m/memcached/memcached_1.2.2-1+lenny1_sparc.deb\r\n Size/MD5 checksum: 45460 23e259ea06101d22d14b725fea3b3b39\r\n\r\n\r\n These files will probably be moved into the stable distribution on\r\n its next update.\r\n\r\n- ---------------------------------------------------------------------------------\r\nFor apt-get: deb http://security.debian.org/ stable/updates main\r\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\r\nMailing list: debian-security-announce@lists.debian.org\r\nPackage info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.9 (GNU/Linux)\r\n\r\niEYEARECAAYFAkp8SUwACgkQHYflSXNkfP/JdACcDT2MvR9+ehWdCnW74hUqM5u+\r\nK1sAn2jeynQj/niSJQS8f0956oHajrPx\r\n=tcXU\r\n-----END PGP SIGNATURE-----", "edition": 1, "cvss3": {}, "published": "2009-08-08T00:00:00", "title": "[SECURITY] [DSA 1853-1] New memcached packages fix arbitrary code execution", "type": "securityvulns", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2009-2415"], "modified": "2009-08-08T00:00:00", "id": "SECURITYVULNS:DOC:22269", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:22269", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:09:33", "description": "Integer overflow leading to heap buffer overflows.", "edition": 1, "cvss3": {}, "published": "2009-08-08T00:00:00", "title": "Memcached buffer overflow", "type": "securityvulns", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2009-2415"], "modified": "2009-08-08T00:00:00", "id": "SECURITYVULNS:VULN:10126", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:10126", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "seebug": [{"lastseen": "2017-11-19T18:51:53", "description": "BUGTRAQ ID: 34756\r\nCVE(CAN) ID: CVE-2009-1255\r\n\r\nMemcached\u662f\u4e00\u4e2a\u5f00\u6e90\u7684\u591a\u5e73\u53f0\u6570\u636e\u5e93\u7f13\u5b58\u8f6f\u4ef6\u3002\r\n\r\n\u5982\u679c\u8fdc\u7a0b\u653b\u51fb\u8005\u8fde\u63a5\u5230\u4e86memcached\u7684TCP\u7aef\u53e3\uff08\u9ed8\u8ba411211\uff09\u5e76\u53d1\u5e03\u4e86stats maps\u547d\u4ee4\uff0cMemcached\u5c31\u4f1a\u76f4\u63a5\u5c06/proc/self/maps\u7684\u8f93\u51fa\u7ba1\u9053\u4f20\u8f93\u7ed9\u5ba2\u6237\u7aef\u3002\u8fd9\u53ef\u80fd\u5bfc\u81f4\u6cc4\u6f0f\u6240\u5206\u914d\u5185\u5b58\u533a\u57df\u7684\u5730\u5740\u3002\r\n\n\nDanga Interactive memcached 1.2.7\r\nMemcacheDB MemcacheDB 1.2\n Danga Interactive\r\n-----------------\r\n\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u8fd9\u4e2a\u5b89\u5168\u95ee\u9898\uff0c\u8bf7\u5230\u5382\u5546\u7684\u4e3b\u9875\u4e0b\u8f7d\uff1a\r\n\r\n<a href=http://memcached.googlecode.com/files/memcached-1.2.8.tar.gz target=_blank rel=external nofollow>http://memcached.googlecode.com/files/memcached-1.2.8.tar.gz</a>", "cvss3": {}, "published": "2009-05-01T00:00:00", "title": "Memcached stats maps\u547d\u4ee4\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e", "type": "seebug", "bulletinFamily": "exploit", "cvss2": {}, "cvelist": ["CVE-2009-1255"], "modified": "2009-05-01T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-11168", "id": "SSV:11168", "sourceData": "", "sourceHref": "", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2017-11-19T18:52:10", "description": "Bugraq ID: 35989\r\nCVE ID\uff1aCVE-2009-2415\r\n\r\nDanga Interactive memcached\u662f\u4e00\u6b3e\u9ad8\u6027\u80fd\u7684\u5206\u5e03\u5f0f\u5185\u5b58\u7f13\u5b58\u89e3\u51b3\u65b9\u6848\u3002\r\nmemcached\u5728\u89e3\u6790\u90e8\u5206\u957f\u5ea6\u5c5e\u6027\u65f6\u5b58\u5728\u7531\u6574\u6570\u8f6c\u6362\u800c\u9020\u6210\u57fa\u4e8e\u5806\u7684\u7f13\u51b2\u533a\u6ea2\u51fa\uff0c\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u4ee5\u5229\u7528\u6f0f\u6d1e\u4ee5memcached\u8fd0\u884c\u8fdb\u7a0b\u6743\u9650\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002\r\n\u76ee\u524d\u6ca1\u6709\u66f4\u591a\u8be6\u7ec6\u4fe1\u606f\u7cfb\u7edf\u3002\n\nDanga Interactive memcached 1.2.8\r\nDanga Interactive memcached 1.2.7\nDebian Linux\u7528\u6237\u53ef\u53c2\u8003\u5982\u4e0b\u5347\u7ea7\u7a0b\u5e8f\uff1a\r\nDebian GNU/Linux 4.0 (etch)\r\nDebian (oldstable)\r\nSource:\r\nhttp://security.debian.org/pool/updates/main/m/memcached/memcached_1.1.12-1+etch1.dsc\r\nhttp://security.debian.org/pool/updates/main/m/memcached/memcached_1.1.12.orig.tar.gz\r\nhttp://security.debian.org/pool/updates/main/m/memcached/memcached_1.1.12-1+etch1.diff.gz\r\nAlpha:\r\nhttp://security.debian.org/pool/updates/main/m/memcached/memcached_1.1.12-1+etch1_alpha.deb\r\nAMD64:\r\nhttp://security.debian.org/pool/updates/main/m/memcached/memcached_1.1.12-1+etch1_amd64.deb\r\nARM:\r\nhttp://security.debian.org/pool/updates/main/m/memcached/memcached_1.1.12-1+etch1_arm.deb\r\nHP Precision:\r\nhttp://security.debian.org/pool/updates/main/m/memcached/memcached_1.1.12-1+etch1_hppa.deb\r\nIntel IA-32:\r\nhttp://security.debian.org/pool/updates/main/m/memcached/memcached_1.1.12-1+etch1_i386.deb\r\nIntel IA-64:\r\nhttp://security.debian.org/pool/updates/main/m/memcached/memcached_1.1.12-1+etch1_ia64.deb\r\nBig-endian MIPS:\r\nhttp://security.debian.org/pool/updates/main/m/memcached/memcached_1.1.12-1+etch1_mips.deb\r\nLittle-endian MIPS:\r\nhttp://security.debian.org/pool/updates/main/m/memcached/memcached_1.1.12-1+etch1_mipsel.deb\r\nPowerPC:\r\nhttp://security.debian.org/pool/updates/main/m/memcached/memcached_1.1.12-1+etch1_powerpc.deb\r\nIBM S/390:\r\nhttp://security.debian.org/pool/updates/main/m/memcached/memcached_1.1.12-1+etch1_s390.deb\r\nSun Sparc:\r\nhttp://security.debian.org/pool/updates/main/m/memcached/memcached_1.1.12-1+etch1_sparc.deb\r\nDebian GNU/Linux 5.0 (lenny)\r\nDebian (stable)\r\nSource:\r\nhttp://security.debian.org/pool/updates/main/m/memcached/memcached_1.2.2-1+lenny1.dsc\r\nhttp://security.debian.org/pool/updates/main/m/memcached/memcached_1.2.2.orig.tar.gz\r\nhttp://security.debian.org/pool/updates/main/m/memcached/memcached_1.2.2-1+lenny1.diff.gz\r\nAlpha:\r\nhttp://security.debian.org/pool/updates/main/m/memcached/memcached_1.2.2-1+lenny1_alpha.deb\r\nAMD64:\r\nhttp://security.debian.org/pool/updates/main/m/memcached/memcached_1.2.2-1+lenny1_amd64.deb\r\nARM:\r\nhttp://security.debian.org/pool/updates/main/m/memcached/memcached_1.2.2-1+lenny1_arm.deb\r\nARM EABI:\r\nhttp://security.debian.org/pool/updates/main/m/memcached/memcached_1.2.2-1+lenny1_armel.deb\r\nHP Precision:\r\nhttp://security.debian.org/pool/updates/main/m/memcached/memcached_1.2.2-1+lenny1_hppa.deb\r\nIntel IA-32:\r\nhttp://security.debian.org/pool/updates/main/m/memcached/memcached_1.2.2-1+lenny1_i386.deb\r\nIntel IA-64:\r\nhttp://security.debian.org/pool/updates/main/m/memcached/memcached_1.2.2-1+lenny1_ia64.deb\r\nBig-endian MIPS:\r\nhttp://security.debian.org/pool/updates/main/m/memcached/memcached_1.2.2-1+lenny1_mips.deb\r\nLittle-endian MIPS:\r\nhttp://security.debian.org/pool/updates/main/m/memcached/memcached_1.2.2-1+lenny1_mipsel.deb\r\nPowerPC:\r\nhttp://security.debian.org/pool/updates/main/m/memcached/memcached_1.2.2-1+lenny1_powerpc.deb\r\nIBM S/390:\r\nhttp://security.debian.org/pool/updates/main/m/memcached/memcached_1.2.2-1+lenny1_s390.deb\r\nSun Sparc:\r\nhttp://security.debian.org/pool/updates/main/m/memcached/memcached_1.2.2-1+lenny1_sparc.deb", "cvss3": {}, "published": "2009-08-10T00:00:00", "title": "Memcached\u591a\u4e2a\u57fa\u4e8e\u5806\u7684\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e", "type": "seebug", "bulletinFamily": "exploit", "cvss2": {}, "cvelist": ["CVE-2009-2415"], "modified": "2009-08-10T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-12021", "id": "SSV:12021", "sourceData": "", "sourceHref": "", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "debiancve": [{"lastseen": "2022-04-05T07:33:22", "description": "The process_stat function in (1) Memcached before 1.2.8 and (2) MemcacheDB 1.2.0 discloses (a) the contents of /proc/self/maps in response to a stats maps command and (b) memory-allocation statistics in response to a stats malloc command, which allows remote attackers to obtain sensitive information such as the locations of memory regions, and defeat ASLR protection, by sending a command to the daemon's TCP port.", "cvss3": {}, "published": "2009-04-30T20:30:00", "type": "debiancve", "title": "CVE-2009-1255", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2009-1255"], "modified": "2009-04-30T20:30:00", "id": "DEBIANCVE:CVE-2009-1255", "href": "https://security-tracker.debian.org/tracker/CVE-2009-1255", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2022-04-05T07:33:22", "description": "Multiple integer overflows in memcached 1.1.12 and 1.2.2 allow remote attackers to execute arbitrary code via vectors involving length attributes that trigger heap-based buffer overflows.", "cvss3": {}, "published": "2009-08-10T18:30:00", "type": "debiancve", "title": "CVE-2009-2415", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": true, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2009-2415"], "modified": "2009-08-10T18:30:00", "id": "DEBIANCVE:CVE-2009-2415", "href": "https://security-tracker.debian.org/tracker/CVE-2009-2415", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "fedora": [{"lastseen": "2020-12-21T08:17:49", "description": "memcached is a high-performance, distributed memory object caching system, generic in nature, but intended for use in speeding up dynamic web applications by alleviating database load. ", "cvss3": {}, "published": "2009-05-20T00:51:28", "type": "fedora", "title": "[SECURITY] Fedora 10 Update: memcached-1.2.8-1.fc10", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2009-1255"], "modified": "2009-05-20T00:51:28", "id": "FEDORA:575A010F8AA", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/UWOOSFUXG3NNO274GK57HF42PGUTEI2E/", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2020-12-21T08:17:49", "description": "memcached is a high-performance, distributed memory object caching system, generic in nature, but intended for use in speeding up dynamic web applications by alleviating database load. ", "cvss3": {}, "published": "2009-05-26T07:55:38", "type": "fedora", "title": "[SECURITY] Fedora 11 Update: memcached-1.2.8-1.fc11", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2009-1255"], "modified": "2009-05-26T07:55:38", "id": "FEDORA:C123610F87F", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/ZXZDCMID2XVAL7LUP2WF3NDARDMO3CEZ/", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}], "ubuntucve": [{"lastseen": "2021-11-22T21:59:47", "description": "The process_stat function in (1) Memcached before 1.2.8 and (2) MemcacheDB\n1.2.0 discloses (a) the contents of /proc/self/maps in response to a stats\nmaps command and (b) memory-allocation statistics in response to a stats\nmalloc command, which allows remote attackers to obtain sensitive\ninformation such as the locations of memory regions, and defeat ASLR\nprotection, by sending a command to the daemon's TCP port.", "cvss3": {}, "published": "2009-04-30T00:00:00", "type": "ubuntucve", "title": "CVE-2009-1255", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2009-1255"], "modified": "2009-04-30T00:00:00", "id": "UB:CVE-2009-1255", "href": "https://ubuntu.com/security/CVE-2009-1255", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-11-22T21:59:34", "description": "Multiple integer overflows in memcached 1.1.12 and 1.2.2 allow remote\nattackers to execute arbitrary code via vectors involving length attributes\nthat trigger heap-based buffer overflows.\n\n#### Bugs\n\n * <http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=540379>\n * <http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=540381>\n", "cvss3": {}, "published": "2009-08-10T00:00:00", "type": "ubuntucve", "title": "CVE-2009-2415", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": true, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2009-2415"], "modified": "2009-08-10T00:00:00", "id": "UB:CVE-2009-2415", "href": "https://ubuntu.com/security/CVE-2009-2415", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "cve": [{"lastseen": "2022-03-23T21:25:27", "description": "The process_stat function in (1) Memcached before 1.2.8 and (2) MemcacheDB 1.2.0 discloses (a) the contents of /proc/self/maps in response to a stats maps command and (b) memory-allocation statistics in response to a stats malloc command, which allows remote attackers to obtain sensitive information such as the locations of memory regions, and defeat ASLR protection, by sending a command to the daemon's TCP port.", "cvss3": {}, "published": "2009-04-30T20:30:00", "type": "cve", "title": "CVE-2009-1255", "cwe": ["CWE-200"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2009-1255"], "modified": "2018-10-10T19:35:00", "cpe": ["cpe:/a:memcachedb:memcached:1.2.1", "cpe:/a:memcachedb:memcached:1.0.1", "cpe:/a:memcachedb:memcached:1.0.3", "cpe:/a:memcachedb:memcached:1.0.4", "cpe:/a:memcachedb:memcached:1.2.0", "cpe:/a:memcachedb:memcached:1.0.2", "cpe:/a:memcachedb:memcached:0.1.1", "cpe:/a:memcachedb:memcached:0.1.0", "cpe:/a:memcachedb:memcached:0.0.3", "cpe:/a:memcachedb:memcached:0.0.4", "cpe:/a:memcachedb:memcached:0.0.1", "cpe:/a:memcachedb:memcached:0.0.2", "cpe:/a:memcachedb:memcached:1.0.0", "cpe:/a:memcachedb:memcached:1.1.0"], "id": "CVE-2009-1255", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1255", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:a:memcachedb:memcached:0.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:memcachedb:memcached:1.0.1:beta:*:*:*:*:*:*", "cpe:2.3:a:memcachedb:memcached:0.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:memcachedb:memcached:0.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:memcachedb:memcached:1.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:memcachedb:memcached:1.1.0:beta:*:*:*:*:*:*", "cpe:2.3:a:memcachedb:memcached:1.2.1:beta:*:*:*:*:*:*", "cpe:2.3:a:memcachedb:memcached:1.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:memcachedb:memcached:1.0.2:beta:*:*:*:*:*:*", "cpe:2.3:a:memcachedb:memcached:0.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:memcachedb:memcached:1.2.0:beta:*:*:*:*:*:*", "cpe:2.3:a:memcachedb:memcached:1.0.0:beta:*:*:*:*:*:*", "cpe:2.3:a:memcachedb:memcached:0.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:memcachedb:memcached:0.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:memcachedb:memcached:1.2.0:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T21:30:24", "description": "Multiple integer overflows in memcached 1.1.12 and 1.2.2 allow remote attackers to execute arbitrary code via vectors involving length attributes that trigger heap-based buffer overflows.", "cvss3": {}, "published": "2009-08-10T18:30:00", "type": "cve", "title": "CVE-2009-2415", "cwe": ["CWE-189"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": true, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2009-2415"], "modified": "2009-12-19T06:56:00", "cpe": ["cpe:/a:memcachedb:memcached:1.1.12", "cpe:/a:memcachedb:memcached:1.2.2"], "id": "CVE-2009-2415", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-2415", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:memcachedb:memcached:1.2.2:*:*:*:*:*:*:*", "cpe:2.3:a:memcachedb:memcached:1.1.12:*:*:*:*:*:*:*"]}], "freebsd": [{"lastseen": "2022-01-19T16:03:50", "description": "\n\nSecunia reports:\n\nA weakness has been reported in memcached, which can be exploited\n\t by malicious people to disclose system information.\nThe weakness is caused due to the application disclosing the\n\t content of /proc/self/maps if a stats maps command is received.\n\t This can be exploited to disclose e.g. the addresses of allocated\n\t memory regions.\n\n\n", "cvss3": {}, "published": "2009-04-29T00:00:00", "type": "freebsd", "title": "memcached -- memcached stats maps Information Disclosure Weakness", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2009-1255"], "modified": "2009-04-29T00:00:00", "id": "86ADA694-8B30-11DE-B9D0-000C6E274733", "href": "https://vuxml.freebsd.org/freebsd/86ada694-8b30-11de-b9d0-000c6e274733.html", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}], "debian": [{"lastseen": "2021-10-22T01:02:38", "description": "- --------------------------------------------------------------------------\nDebian Security Advisory DSA-1853-1 security@debian.org\nhttp://www.debian.org/security/ Nico Golde\nAugust 7th, 2009 http://www.debian.org/security/faq\n- --------------------------------------------------------------------------\n\nPackage : memcached\nVulnerability : heap-based buffer overflow\nProblem type : remote\nDebian-specific: no\nCVE ID : CVE-2009-2415\n\nRonald Volgers discovered that memcached, a high-performance memory object\ncaching system, is vulnerable to several heap-based buffer overflows due\nto integer conversions when parsing certain length attributes. An\nattacker can use this to execute arbitrary code on the system running\nmemcached (on etch with root privileges).\n\n\nFor the oldstable distribution (etch), this problem has been fixed in\nversion 1.1.12-1+etch1.\n\nFor the stable distribution (lenny), this problem has been fixed in\nversion 1.2.2-1+lenny1.\n\nFor the testing (squeeze) and unstable (sid) distribution , this problem\nwill be fixed soon.\n\n\nWe recommend that you upgrade your memcached packages.\n\nUpgrade instructions\n- --------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file.\n\nIf you are using the apt-get package manager, use the line for\nsources.list as given below:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration.\n\n\nDebian GNU/Linux 4.0 alias etch\n- -------------------------------\n\nDebian (oldstable)\n- ------------------\n\nOldstable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.\n\nSource archives:\n\n http://security.debian.org/pool/updates/main/m/memcached/memcached_1.1.12-1+etch1.dsc\n Size/MD5 checksum: 606 9a63482efb7bfb3191151a0b10b35555\n http://security.debian.org/pool/updates/main/m/memcached/memcached_1.1.12.orig.tar.gz\n Size/MD5 checksum: 114103 a1236dad33e9ac6c36d53faa8da61780\n http://security.debian.org/pool/updates/main/m/memcached/memcached_1.1.12-1+etch1.diff.gz\n Size/MD5 checksum: 5036 ed868d7fe781857da5521be8e7990dcf\n\nalpha architecture (DEC Alpha)\n\n http://security.debian.org/pool/updates/main/m/memcached/memcached_1.1.12-1+etch1_alpha.deb\n Size/MD5 checksum: 37136 12da02a8e31acb33ca3fd15ed3753d3d\n\namd64 architecture (AMD x86_64 (AMD64))\n\n http://security.debian.org/pool/updates/main/m/memcached/memcached_1.1.12-1+etch1_amd64.deb\n Size/MD5 checksum: 35120 22ca27f910d20339f8c8eebf86a2993c\n\narm architecture (ARM)\n\n http://security.debian.org/pool/updates/main/m/memcached/memcached_1.1.12-1+etch1_arm.deb\n Size/MD5 checksum: 34078 2ef29a9d59010d5bd632b77c5b3cb19e\n\nhppa architecture (HP PA RISC)\n\n http://security.debian.org/pool/updates/main/m/memcached/memcached_1.1.12-1+etch1_hppa.deb\n Size/MD5 checksum: 36180 e7f189a8888aabd4098d08ea45d968df\n\ni386 architecture (Intel ia32)\n\n http://security.debian.org/pool/updates/main/m/memcached/memcached_1.1.12-1+etch1_i386.deb\n Size/MD5 checksum: 33578 92577cf894c3cb5ea31c5afe46ea29e1\n\nia64 architecture (Intel ia64)\n\n http://security.debian.org/pool/updates/main/m/memcached/memcached_1.1.12-1+etch1_ia64.deb\n Size/MD5 checksum: 42662 f32d322349e596606f256680b8f4df77\n\nmips architecture (MIPS (Big Endian))\n\n http://security.debian.org/pool/updates/main/m/memcached/memcached_1.1.12-1+etch1_mips.deb\n Size/MD5 checksum: 36228 7f3ea92644ea51084d7c0fdb0fd2c058\n\nmipsel architecture (MIPS (Little Endian))\n\n http://security.debian.org/pool/updates/main/m/memcached/memcached_1.1.12-1+etch1_mipsel.deb\n Size/MD5 checksum: 36250 a3b97ae608eddf08378fe497f3a2077c\n\npowerpc architecture (PowerPC)\n\n http://security.debian.org/pool/updates/main/m/memcached/memcached_1.1.12-1+etch1_powerpc.deb\n Size/MD5 checksum: 36314 0bc6427cdfb2ebb3a468bb50169c255a\n\ns390 architecture (IBM S/390)\n\n http://security.debian.org/pool/updates/main/m/memcached/memcached_1.1.12-1+etch1_s390.deb\n Size/MD5 checksum: 35380 c9b8cb353dd7cc6230fb6feac27f5802\n\nsparc architecture (Sun SPARC/UltraSPARC)\n\n http://security.debian.org/pool/updates/main/m/memcached/memcached_1.1.12-1+etch1_sparc.deb\n Size/MD5 checksum: 33348 1230f81f8c821e829fcdc59ce2b4841b\n\n\nDebian GNU/Linux 5.0 alias lenny\n- --------------------------------\n\nDebian (stable)\n- ---------------\n\nStable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.\n\nSource archives:\n\n http://security.debian.org/pool/updates/main/m/memcached/memcached_1.2.2-1+lenny1.dsc\n Size/MD5 checksum: 1003 e2c6982872f043ecaa826889bddbffa7\n http://security.debian.org/pool/updates/main/m/memcached/memcached_1.2.2.orig.tar.gz\n Size/MD5 checksum: 166201 a08851f7fa7b15e92ee6320b7a79c321\n http://security.debian.org/pool/updates/main/m/memcached/memcached_1.2.2-1+lenny1.diff.gz\n Size/MD5 checksum: 4624 54f919c679fbb376f2883819e3d67ada\n\nalpha architecture (DEC Alpha)\n\n http://security.debian.org/pool/updates/main/m/memcached/memcached_1.2.2-1+lenny1_alpha.deb\n Size/MD5 checksum: 50870 fad5be29b7231adc04161fea3557046a\n\namd64 architecture (AMD x86_64 (AMD64))\n\n http://security.debian.org/pool/updates/main/m/memcached/memcached_1.2.2-1+lenny1_amd64.deb\n Size/MD5 checksum: 47416 4b488a56ddddc43037f8788a3af944de\n\narm architecture (ARM)\n\n http://security.debian.org/pool/updates/main/m/memcached/memcached_1.2.2-1+lenny1_arm.deb\n Size/MD5 checksum: 45876 ee8373eb90be8d4c7ab96be7075330ec\n\narmel architecture (ARM EABI)\n\n http://security.debian.org/pool/updates/main/m/memcached/memcached_1.2.2-1+lenny1_armel.deb\n Size/MD5 checksum: 47516 c73b57ac18a20dbad1b58887ae598c49\n\nhppa architecture (HP PA RISC)\n\n http://security.debian.org/pool/updates/main/m/memcached/memcached_1.2.2-1+lenny1_hppa.deb\n Size/MD5 checksum: 47974 3fbd7a57bf48a6decda69b0fdc81ccfc\n\ni386 architecture (Intel ia32)\n\n http://security.debian.org/pool/updates/main/m/memcached/memcached_1.2.2-1+lenny1_i386.deb\n Size/MD5 checksum: 45042 a1f4534c8649d73e55a31d043133e23c\n\nia64 architecture (Intel ia64)\n\n http://security.debian.org/pool/updates/main/m/memcached/memcached_1.2.2-1+lenny1_ia64.deb\n Size/MD5 checksum: 59314 feb4dd69d62a290921fc1205ed10a6f0\n\nmips architecture (MIPS (Big Endian))\n\n http://security.debian.org/pool/updates/main/m/memcached/memcached_1.2.2-1+lenny1_mips.deb\n Size/MD5 checksum: 47760 a94db07e8fbcd0d2124b32ab22fb448f\n\nmipsel architecture (MIPS (Little Endian))\n\n http://security.debian.org/pool/updates/main/m/memcached/memcached_1.2.2-1+lenny1_mipsel.deb\n Size/MD5 checksum: 48264 fbe37552809c4c85e87b74df0c1a2628\n\npowerpc architecture (PowerPC)\n\n http://security.debian.org/pool/updates/main/m/memcached/memcached_1.2.2-1+lenny1_powerpc.deb\n Size/MD5 checksum: 50058 2b1acee838d74e7f99d7a07b0442beba\n\ns390 architecture (IBM S/390)\n\n http://security.debian.org/pool/updates/main/m/memcached/memcached_1.2.2-1+lenny1_s390.deb\n Size/MD5 checksum: 47950 fd34aa8828a11fa62ce68898b3f257e5\n\nsparc architecture (Sun SPARC/UltraSPARC)\n\n http://security.debian.org/pool/updates/main/m/memcached/memcached_1.2.2-1+lenny1_sparc.deb\n Size/MD5 checksum: 45460 23e259ea06101d22d14b725fea3b3b39\n\n\n These files will probably be moved into the stable distribution on\n its next update.\n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>", "cvss3": {}, "published": "2009-08-07T15:33:32", "type": "debian", "title": "[SECURITY] [DSA 1853-1] New memcached packages fix arbitrary code execution", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": true, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2009-2415"], "modified": "2009-08-07T15:33:32", "id": "DEBIAN:DSA-1853-1:FFBE6", "href": "https://lists.debian.org/debian-security-announce/2009/msg00169.html", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "gentoo": [{"lastseen": "2022-01-17T19:08:39", "description": "### Background\n\nmemcached is a high-performance, distributed memory object caching system \n\n### Description\n\nmemcached authentication could be bypassed when using SASL due to a flaw related to SASL authentication state. Also several heap-based buffer overflows due to integer conversions when parsing certain length attributes were discovered. \n\n### Impact\n\nA remote attacker could possibly execute arbitrary code with the privileges of the process, cause a Denial of Service condition or authenticate with invalid SASL credentials, bypassing memcached authentication completely. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll memcached users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=net-misc/memcached-1.4.17\"", "cvss3": {}, "published": "2014-06-15T00:00:00", "type": "gentoo", "title": "memcached: Multiple vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": true, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2009-2415", "CVE-2011-4971", "CVE-2013-0179", "CVE-2013-7239", "CVE-2013-7290", "CVE-2013-7291"], "modified": "2014-06-15T00:00:00", "id": "GLSA-201406-13", "href": "https://security.gentoo.org/glsa/201406-13", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}]}
[SECURITY] Fedora 11 Update: memcached-1.2.8-2.fc11
