{"id": "4E95EB4E-B737-11E3-87CD-F0DEF10DCA57", "bulletinFamily": "unix", "title": "Icinga -- buffer overflow in classic web interface", "description": "\nThe Icinga Team reports:\n\nWrong strlen check against MAX_INPUT_BUFFER without taking '\\0' into account [...]\n\n", "published": "2014-02-18T00:00:00", "modified": "2014-02-18T00:00:00", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "href": "https://vuxml.freebsd.org/freebsd/4e95eb4e-b737-11e3-87cd-f0def10dca57.html", "reporter": "FreeBSD", "references": ["http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2386"], "cvelist": ["CVE-2014-2386"], "type": "freebsd", "lastseen": "2021-07-28T14:48:17", "edition": 5, "viewCount": 2, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2014-2386"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2014-2386"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2014-2386"]}, {"type": "seebug", "idList": ["SSV:62102"]}, {"type": "nessus", "idList": ["OPENSUSE-2014-237.NASL", "FREEBSD_PKG_4E95EB4EB73711E387CDF0DEF10DCA57.NASL", "DEBIAN_DSA-2956.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:702956", "OPENVAS:1361412562310702956"]}, {"type": "debian", "idList": ["DEBIAN:DSA-2956-1:6D0D0"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:30828", "SECURITYVULNS:VULN:13836"]}], "modified": "2021-07-28T14:48:17", "rev": 2}, "score": {"value": 7.1, "vector": "NONE", "modified": "2021-07-28T14:48:17", "rev": 2}, "vulnersScore": 7.1}, "affectedPackage": [{"OS": "FreeBSD", "OSVersion": "any", "arch": "noarch", "operator": "lt", "packageFilename": "UNKNOWN", "packageName": "icinga", "packageVersion": "1.11.1"}], "scheme": null, "immutableFields": [], "cvss2": {"cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {}}

{"cve": [{"id": "CVE-2014-2386", "bulletinFamily": "NVD", "title": "CVE-2014-2386", "description": "Multiple off-by-one errors in Icinga, possibly 1.10.2 and earlier, allow remote attackers to cause a denial of service (crash) via unspecified vectors to the (1) display_nav_table, (2) print_export_link, (3) page_num_selector, or (4) page_limit_selector function in cgi/cgiutils.c or (5) status_page_num_selector function in cgi/status.c, which triggers a stack-based buffer overflow.", "published": "2014-03-25T16:55:00", "modified": "2018-10-30T16:27:00", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2386", "reporter": "cve@mitre.org", "references": ["https://dev.icinga.org/issues/5663", "http://lists.opensuse.org/opensuse-updates/2014-03/msg00072.html", "http://comments.gmane.org/gmane.comp.security.oss.general/12355", "https://git.icinga.org/?p=icinga-core.git;a=commitdiff;h=73285093b71a5551abdaab0a042d3d6bae093b0d"], "cvelist": ["CVE-2014-2386"], "type": "cve", "lastseen": "2021-04-22T23:44:06", "history": [{"bulletin": {"affectedConfiguration": [], "affectedSoftware": [{"cpeName": "icinga:icinga", "name": "icinga", "operator": "eq", "version": "1.10.0"}, {"cpeName": "opensuse:opensuse", "name": "opensuse", "operator": "eq", "version": "12.3"}, {"cpeName": "icinga:icinga", "name": "icinga", "operator": "eq", "version": "1.10.1"}, {"cpeName": "icinga:icinga", "name": "icinga", "operator": "le", "version": "1.10.2"}, {"cpeName": "opensuse:opensuse", "name": "opensuse", "operator": "eq", "version": "13.1"}], "bulletinFamily": "NVD", "cpe": ["cpe:/o:opensuse:opensuse:13.1", "cpe:/a:icinga:icinga:1.10.0", "cpe:/a:icinga:icinga:1.10.2", "cpe:/a:icinga:icinga:1.10.1", "cpe:/o:opensuse:opensuse:12.3"], "cpe23": ["cpe:2.3:o:opensuse:opensuse:12.3:*:*:*:*:*:*:*", "cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*", "cpe:2.3:a:icinga:icinga:1.10.2:*:*:*:*:*:*:*", "cpe:2.3:a:icinga:icinga:1.10.1:*:*:*:*:*:*:*", "cpe:2.3:a:icinga:icinga:1.10.0:*:*:*:*:*:*:*"], "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"cpe_match": [{"cpe23Uri": "cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:icinga:icinga:1.10.0:*:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:icinga:icinga:1.10.2:*:*:*:*:*:*:*", "versionEndIncluding": "1.10.2", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:opensuse:opensuse:12.3:*:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:icinga:icinga:1.10.1:*:*:*:*:*:*:*", "vulnerable": true}], "operator": "OR"}]}, "cvelist": ["CVE-2014-2386"], "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "cvss2": {"cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {}, "cwe": ["CWE-189"], "description": "Multiple off-by-one errors in Icinga, possibly 1.10.2 and earlier, allow remote attackers to cause a denial of service (crash) via unspecified vectors to the (1) display_nav_table, (2) print_export_link, (3) page_num_selector, or (4) page_limit_selector function in cgi/cgiutils.c or (5) status_page_num_selector function in cgi/status.c, which triggers a stack-based buffer overflow.", "edition": 5, "enchantments": {"dependencies": {"modified": "2020-12-09T19:58:22", "references": [{"idList": ["SECURITYVULNS:DOC:30828", "SECURITYVULNS:VULN:13836"], "type": "securityvulns"}, {"idList": ["SSV:62102"], "type": "seebug"}, {"idList": ["OPENSUSE-2014-237.NASL", "DEBIAN_DSA-2956.NASL", "FREEBSD_PKG_4E95EB4EB73711E387CDF0DEF10DCA57.NASL"], "type": "nessus"}, {"idList": ["4E95EB4E-B737-11E3-87CD-F0DEF10DCA57"], "type": "freebsd"}, {"idList": ["OPENVAS:1361412562310702956", "OPENVAS:702956"], "type": "openvas"}, {"idList": ["DEBIAN:DSA-2956-1:6D0D0"], "type": "debian"}], "rev": 2}, "score": {"modified": "2020-12-09T19:58:22", "rev": 2, "value": 6.5, "vector": "NONE"}}, "extraReferences": [], "hash": "b1de4aba16830994738eada6ae1b010de8dabbf221a846efdb4e9d5f8f419a11", "hashmap": [{"hash": "e064bfb50e73387376dcd19766930b42", "key": "title"}, {"hash": "6339e817ea69d0144092a0eb5e83e8aa", "key": "cpe"}, {"hash": "612afa990206288a9939595cc21836a3", "key": "cpeConfiguration"}, {"hash": "a709851fa09bac5e00723b3a9f3c8341", "key": "href"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "affectedConfiguration"}, {"hash": "7d7c5f35269532e6785117964a2cc28a", "key": "cwe"}, {"hash": "aeee5e40f5bb37572a8c2a76c427fc2f", "key": "published"}, {"hash": "82dad85afa54bbc6ca464f13af64cb89", "key": "affectedSoftware"}, {"hash": "66bb3ed41ab1c1d4a01cb45dff364aeb", "key": "description"}, {"hash": "cc7142fe617e6f66bd29ebd9a858b948", "key": "cvelist"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "fd717ad1064d16c8f2da2ff609afc05e", "key": "modified"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvss3"}, {"hash": "cc0a6f36a5e1ec80834eb14267237d52", "key": "cpe23"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "extraReferences"}, {"hash": "85fc9715d07b57d9e72056856b007c7b", "key": "cvss2"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "7ce30c95cfa19812c20da68f97c4b3a4", "key": "references"}, {"hash": "41b62a8aa1ee5c40897717cadc30784a", "key": "cvss"}, {"hash": "444c2b4dda4a55437faa8bef1a141e84", "key": "reporter"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2386", "id": "CVE-2014-2386", "lastseen": "2020-12-09T19:58:22", "modified": "2018-10-30T16:27:00", "objectVersion": "1.3", "published": "2014-03-25T16:55:00", "references": ["https://dev.icinga.org/issues/5663", "http://lists.opensuse.org/opensuse-updates/2014-03/msg00072.html", "http://comments.gmane.org/gmane.comp.security.oss.general/12355", "https://git.icinga.org/?p=icinga-core.git;a=commitdiff;h=73285093b71a5551abdaab0a042d3d6bae093b0d"], "reporter": "cve@mitre.org", "title": "CVE-2014-2386", "type": "cve", "viewCount": 2}, "differentElements": ["extraReferences"], "edition": 5, "lastseen": "2020-12-09T19:58:22"}, {"bulletin": {"affectedConfiguration": [], "affectedSoftware": [{"cpeName": "icinga:icinga", "name": "icinga", "operator": "le", "version": "*"}, {"cpeName": "icinga:icinga", "name": "icinga", "operator": "eq", "version": "1.10.0"}, {"cpeName": "opensuse:opensuse", "name": "opensuse", "operator": "eq", "version": "12.3"}, {"cpeName": "icinga:icinga", "name": "icinga", "operator": "eq", "version": "1.10.1"}, {"cpeName": "opensuse:opensuse", "name": "opensuse", "operator": "eq", "version": "13.1"}], "bulletinFamily": "NVD", "cpe": ["cpe:/o:opensuse:opensuse:13.1", "cpe:/a:icinga:icinga:1.10.0", "cpe:/a:icinga:icinga:1.10.2", "cpe:/a:icinga:icinga:1.10.1", "cpe:/o:opensuse:opensuse:12.3"], "cpe23": ["cpe:2.3:o:opensuse:opensuse:12.3:*:*:*:*:*:*:*", "cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*", "cpe:2.3:a:icinga:icinga:1.10.2:*:*:*:*:*:*:*", "cpe:2.3:a:icinga:icinga:1.10.1:*:*:*:*:*:*:*", "cpe:2.3:a:icinga:icinga:1.10.0:*:*:*:*:*:*:*"], "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"cpe_match": [{"cpe23Uri": "cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:icinga:icinga:1.10.0:*:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:icinga:icinga:1.10.2:*:*:*:*:*:*:*", "versionEndIncluding": "1.10.2", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:opensuse:opensuse:12.3:*:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:icinga:icinga:1.10.1:*:*:*:*:*:*:*", "vulnerable": true}], "operator": "OR"}]}, "cvelist": ["CVE-2014-2386"], "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "cvss2": {"cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {}, "cwe": ["CWE-189"], "description": "Multiple off-by-one errors in Icinga, possibly 1.10.2 and earlier, allow remote attackers to cause a denial of service (crash) via unspecified vectors to the (1) display_nav_table, (2) print_export_link, (3) page_num_selector, or (4) page_limit_selector function in cgi/cgiutils.c or (5) status_page_num_selector function in cgi/status.c, which triggers a stack-based buffer overflow.", "edition": 4, "enchantments": {"dependencies": {"modified": "2020-11-29T23:21:55", "references": [{"idList": ["SECURITYVULNS:DOC:30828", "SECURITYVULNS:VULN:13836"], "type": "securityvulns"}, {"idList": ["SSV:62102"], "type": "seebug"}, {"idList": ["OPENSUSE-2014-237.NASL", "DEBIAN_DSA-2956.NASL", "FREEBSD_PKG_4E95EB4EB73711E387CDF0DEF10DCA57.NASL"], "type": "nessus"}, {"idList": ["4E95EB4E-B737-11E3-87CD-F0DEF10DCA57"], "type": "freebsd"}, {"idList": ["OPENVAS:1361412562310702956", "OPENVAS:702956"], "type": "openvas"}, {"idList": ["DEBIAN:DSA-2956-1:6D0D0"], "type": "debian"}], "rev": 2}, "score": {"modified": "2020-11-29T23:21:55", "rev": 2, "value": 6.5, "vector": "NONE"}}, "hash": "25d2f9d37cc2eb3318d10d7d593a6e3a06d17b0647fddb2f300d2d6e6ec4d907", "hashmap": [{"hash": "e064bfb50e73387376dcd19766930b42", "key": "title"}, {"hash": "6339e817ea69d0144092a0eb5e83e8aa", "key": "cpe"}, {"hash": "612afa990206288a9939595cc21836a3", "key": "cpeConfiguration"}, {"hash": "eb03ca6dec1116abddd4b03bc190e23d", "key": "affectedSoftware"}, {"hash": "a709851fa09bac5e00723b3a9f3c8341", "key": "href"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "affectedConfiguration"}, {"hash": "7d7c5f35269532e6785117964a2cc28a", "key": "cwe"}, {"hash": "aeee5e40f5bb37572a8c2a76c427fc2f", "key": "published"}, {"hash": "66bb3ed41ab1c1d4a01cb45dff364aeb", "key": "description"}, {"hash": "cc7142fe617e6f66bd29ebd9a858b948", "key": "cvelist"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "fd717ad1064d16c8f2da2ff609afc05e", "key": "modified"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvss3"}, {"hash": "cc0a6f36a5e1ec80834eb14267237d52", "key": "cpe23"}, {"hash": "85fc9715d07b57d9e72056856b007c7b", "key": "cvss2"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "7ce30c95cfa19812c20da68f97c4b3a4", "key": "references"}, {"hash": "41b62a8aa1ee5c40897717cadc30784a", "key": "cvss"}, {"hash": "444c2b4dda4a55437faa8bef1a141e84", "key": "reporter"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2386", "id": "CVE-2014-2386", "lastseen": "2020-11-29T23:21:55", "modified": "2018-10-30T16:27:00", "objectVersion": "1.3", "published": "2014-03-25T16:55:00", "references": ["https://dev.icinga.org/issues/5663", "http://lists.opensuse.org/opensuse-updates/2014-03/msg00072.html", "http://comments.gmane.org/gmane.comp.security.oss.general/12355", "https://git.icinga.org/?p=icinga-core.git;a=commitdiff;h=73285093b71a5551abdaab0a042d3d6bae093b0d"], "reporter": "cve@mitre.org", "title": "CVE-2014-2386", "type": "cve", "viewCount": 2}, "differentElements": ["affectedSoftware"], "edition": 4, "lastseen": "2020-11-29T23:21:55"}, {"bulletin": {"affectedConfiguration": [], "affectedSoftware": [{"cpeName": "icinga:icinga", "name": "icinga", "operator": "eq", "version": "1.10.0"}, {"cpeName": "opensuse:opensuse", "name": "opensuse", "operator": "eq", "version": "12.3"}, {"cpeName": "icinga:icinga", "name": "icinga", "operator": "eq", "version": "1.10.1"}, {"cpeName": "icinga:icinga", "name": "icinga", "operator": "le", "version": "1.10.2"}, {"cpeName": "opensuse:opensuse", "name": "opensuse", "operator": "eq", "version": "13.1"}], "bulletinFamily": "NVD", "cpe": ["cpe:/o:opensuse:opensuse:13.1", "cpe:/a:icinga:icinga:1.10.0", "cpe:/a:icinga:icinga:1.10.2", "cpe:/a:icinga:icinga:1.10.1", "cpe:/o:opensuse:opensuse:12.3"], "cpe23": ["cpe:2.3:o:opensuse:opensuse:12.3:*:*:*:*:*:*:*", "cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*", "cpe:2.3:a:icinga:icinga:1.10.2:*:*:*:*:*:*:*", "cpe:2.3:a:icinga:icinga:1.10.1:*:*:*:*:*:*:*", "cpe:2.3:a:icinga:icinga:1.10.0:*:*:*:*:*:*:*"], "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"cpe_match": [{"cpe23Uri": "cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:icinga:icinga:1.10.0:*:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:icinga:icinga:1.10.2:*:*:*:*:*:*:*", "versionEndIncluding": "1.10.2", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:opensuse:opensuse:12.3:*:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:icinga:icinga:1.10.1:*:*:*:*:*:*:*", "vulnerable": true}], "operator": "OR"}]}, "cvelist": ["CVE-2014-2386"], "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "cvss2": {"cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {}, "cwe": ["CWE-189"], "description": "Multiple off-by-one errors in Icinga, possibly 1.10.2 and earlier, allow remote attackers to cause a denial of service (crash) via unspecified vectors to the (1) display_nav_table, (2) print_export_link, (3) page_num_selector, or (4) page_limit_selector function in cgi/cgiutils.c or (5) status_page_num_selector function in cgi/status.c, which triggers a stack-based buffer overflow.", "edition": 3, "enchantments": {"dependencies": {"modified": "2020-10-03T12:01:15", "references": [{"idList": ["SECURITYVULNS:DOC:30828", "SECURITYVULNS:VULN:13836"], "type": "securityvulns"}, {"idList": ["SSV:62102"], "type": "seebug"}, {"idList": ["OPENSUSE-2014-237.NASL", "DEBIAN_DSA-2956.NASL", "FREEBSD_PKG_4E95EB4EB73711E387CDF0DEF10DCA57.NASL"], "type": "nessus"}, {"idList": ["4E95EB4E-B737-11E3-87CD-F0DEF10DCA57"], "type": "freebsd"}, {"idList": ["OPENVAS:1361412562310702956", "OPENVAS:702956"], "type": "openvas"}, {"idList": ["DEBIAN:DSA-2956-1:6D0D0"], "type": "debian"}], "rev": 2}, "exploitation": {"modified": "2020-10-03T12:01:15", "wildExploited": false, "wildExploitedSources": []}, "score": {"modified": "2020-10-03T12:01:15", "rev": 2, "value": 6.5, "vector": "NONE"}}, "hash": "dec7a7c14ba3c0ac50e6c05265d2f62eae7cd75f2edcc1ad096c5e3fad475456", "hashmap": [{"hash": "e064bfb50e73387376dcd19766930b42", "key": "title"}, {"hash": "6339e817ea69d0144092a0eb5e83e8aa", "key": "cpe"}, {"hash": "612afa990206288a9939595cc21836a3", "key": "cpeConfiguration"}, {"hash": "a709851fa09bac5e00723b3a9f3c8341", "key": "href"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "affectedConfiguration"}, {"hash": "7d7c5f35269532e6785117964a2cc28a", "key": "cwe"}, {"hash": "aeee5e40f5bb37572a8c2a76c427fc2f", "key": "published"}, {"hash": "82dad85afa54bbc6ca464f13af64cb89", "key": "affectedSoftware"}, {"hash": "66bb3ed41ab1c1d4a01cb45dff364aeb", "key": "description"}, {"hash": "cc7142fe617e6f66bd29ebd9a858b948", "key": "cvelist"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "fd717ad1064d16c8f2da2ff609afc05e", "key": "modified"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvss3"}, {"hash": "cc0a6f36a5e1ec80834eb14267237d52", "key": "cpe23"}, {"hash": "85fc9715d07b57d9e72056856b007c7b", "key": "cvss2"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "7ce30c95cfa19812c20da68f97c4b3a4", "key": "references"}, {"hash": "41b62a8aa1ee5c40897717cadc30784a", "key": "cvss"}, {"hash": "444c2b4dda4a55437faa8bef1a141e84", "key": "reporter"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2386", "id": "CVE-2014-2386", "lastseen": "2020-10-03T12:01:15", "modified": "2018-10-30T16:27:00", "objectVersion": "1.3", "published": "2014-03-25T16:55:00", "references": ["https://dev.icinga.org/issues/5663", "http://lists.opensuse.org/opensuse-updates/2014-03/msg00072.html", "http://comments.gmane.org/gmane.comp.security.oss.general/12355", "https://git.icinga.org/?p=icinga-core.git;a=commitdiff;h=73285093b71a5551abdaab0a042d3d6bae093b0d"], "reporter": "cve@mitre.org", "title": "CVE-2014-2386", "type": "cve", "viewCount": 2}, "differentElements": ["affectedSoftware"], "edition": 3, "lastseen": "2020-10-03T12:01:15"}, {"bulletin": {"affectedConfiguration": [], "affectedSoftware": [{"cpeName": "icinga:icinga", "name": "icinga", "operator": "eq", "version": "1.10.0"}, {"cpeName": "opensuse:opensuse", "name": "opensuse", "operator": "eq", "version": "12.3"}, {"cpeName": "icinga:icinga", "name": "icinga", "operator": "eq", "version": "1.10.1"}, {"cpeName": "icinga:icinga", "name": "icinga", "operator": "le", "version": "1.10.2"}, {"cpeName": "opensuse:opensuse", "name": "opensuse", "operator": "eq", "version": "13.1"}], "bulletinFamily": "NVD", "cpe": ["cpe:/o:opensuse:opensuse:13.1", "cpe:/a:icinga:icinga:1.10.0", "cpe:/a:icinga:icinga:1.10.2", "cpe:/a:icinga:icinga:1.10.1", "cpe:/o:opensuse:opensuse:12.3"], "cpe23": ["cpe:2.3:o:opensuse:opensuse:12.3:*:*:*:*:*:*:*", "cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*", "cpe:2.3:a:icinga:icinga:1.10.2:*:*:*:*:*:*:*", "cpe:2.3:a:icinga:icinga:1.10.1:*:*:*:*:*:*:*", "cpe:2.3:a:icinga:icinga:1.10.0:*:*:*:*:*:*:*"], "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"cpe_match": [{"cpe23Uri": "cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:icinga:icinga:1.10.0:*:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:icinga:icinga:1.10.2:*:*:*:*:*:*:*", "versionEndIncluding": "1.10.2", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:opensuse:opensuse:12.3:*:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:icinga:icinga:1.10.1:*:*:*:*:*:*:*", "vulnerable": true}], "operator": "OR"}]}, "cvelist": ["CVE-2014-2386"], "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "cvss2": {"cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {}, "cwe": ["CWE-189"], "description": "Multiple off-by-one errors in Icinga, possibly 1.10.2 and earlier, allow remote attackers to cause a denial of service (crash) via unspecified vectors to the (1) display_nav_table, (2) print_export_link, (3) page_num_selector, or (4) page_limit_selector function in cgi/cgiutils.c or (5) status_page_num_selector function in cgi/status.c, which triggers a stack-based buffer overflow.", "edition": 6, "enchantments": {"dependencies": {"modified": "2021-02-02T06:14:28", "references": [{"idList": ["SECURITYVULNS:DOC:30828", "SECURITYVULNS:VULN:13836"], "type": "securityvulns"}, {"idList": ["SSV:62102"], "type": "seebug"}, {"idList": ["OPENSUSE-2014-237.NASL", "DEBIAN_DSA-2956.NASL", "FREEBSD_PKG_4E95EB4EB73711E387CDF0DEF10DCA57.NASL"], "type": "nessus"}, {"idList": ["4E95EB4E-B737-11E3-87CD-F0DEF10DCA57"], "type": "freebsd"}, {"idList": ["OPENVAS:1361412562310702956", "OPENVAS:702956"], "type": "openvas"}, {"idList": ["DEBIAN:DSA-2956-1:6D0D0"], "type": "debian"}], "rev": 2}, "score": {"modified": "2021-02-02T06:14:28", "rev": 2, "value": 6.5, "vector": "NONE"}}, "extraReferences": [{"name": "https://git.icinga.org/?p=icinga-core.git;a=commitdiff;h=73285093b71a5551abdaab0a042d3d6bae093b0d", "refsource": "CONFIRM", "tags": ["Patch", "Exploit"], "url": "https://git.icinga.org/?p=icinga-core.git;a=commitdiff;h=73285093b71a5551abdaab0a042d3d6bae093b0d"}, {"name": "openSUSE-SU-2014:0420", "refsource": "SUSE", "tags": [], "url": "http://lists.opensuse.org/opensuse-updates/2014-03/msg00072.html"}, {"name": "[oss-security] 20140313 CVE request for icinga 1 byte \\0 overflows", "refsource": "MLIST", "tags": [], "url": "http://comments.gmane.org/gmane.comp.security.oss.general/12355"}, {"name": "https://dev.icinga.org/issues/5663", "refsource": "CONFIRM", "tags": [], "url": "https://dev.icinga.org/issues/5663"}], "hash": "bfd70f40326180f8f35269c5b7d75042fa76b7d1d8bc354bdaeed4253773fbc0", "hashmap": [{"hash": "e064bfb50e73387376dcd19766930b42", "key": "title"}, {"hash": "6339e817ea69d0144092a0eb5e83e8aa", "key": "cpe"}, {"hash": "612afa990206288a9939595cc21836a3", "key": "cpeConfiguration"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "immutableFields"}, {"hash": "a709851fa09bac5e00723b3a9f3c8341", "key": "href"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "affectedConfiguration"}, {"hash": "7c516ac47d2b4bebdccf8cce6feb25f0", "key": "extraReferences"}, {"hash": "7d7c5f35269532e6785117964a2cc28a", "key": "cwe"}, {"hash": "aeee5e40f5bb37572a8c2a76c427fc2f", "key": "published"}, {"hash": "82dad85afa54bbc6ca464f13af64cb89", "key": "affectedSoftware"}, {"hash": "66bb3ed41ab1c1d4a01cb45dff364aeb", "key": "description"}, {"hash": "cc7142fe617e6f66bd29ebd9a858b948", "key": "cvelist"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "fd717ad1064d16c8f2da2ff609afc05e", "key": "modified"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvss3"}, {"hash": "cc0a6f36a5e1ec80834eb14267237d52", "key": "cpe23"}, {"hash": "85fc9715d07b57d9e72056856b007c7b", "key": "cvss2"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "7ce30c95cfa19812c20da68f97c4b3a4", "key": "references"}, {"hash": "41b62a8aa1ee5c40897717cadc30784a", "key": "cvss"}, {"hash": "444c2b4dda4a55437faa8bef1a141e84", "key": "reporter"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2386", "id": "CVE-2014-2386", "immutableFields": [], "lastseen": "2021-02-02T06:14:28", "modified": "2018-10-30T16:27:00", "objectVersion": "1.5", "published": "2014-03-25T16:55:00", "references": ["https://dev.icinga.org/issues/5663", "http://lists.opensuse.org/opensuse-updates/2014-03/msg00072.html", "http://comments.gmane.org/gmane.comp.security.oss.general/12355", "https://git.icinga.org/?p=icinga-core.git;a=commitdiff;h=73285093b71a5551abdaab0a042d3d6bae093b0d"], "reporter": "cve@mitre.org", "title": "CVE-2014-2386", "type": "cve", "viewCount": 3}, "different_elements": ["cpeConfiguration"], "edition": 6, "lastseen": "2021-02-02T06:14:28"}, {"bulletin": {"affectedConfiguration": [], "affectedSoftware": [{"cpeName": "icinga:icinga", "name": "icinga", "operator": "eq", "version": "1.10.0"}, {"cpeName": "opensuse:opensuse", "name": "opensuse", "operator": "eq", "version": "12.3"}, {"cpeName": "icinga:icinga", "name": "icinga", "operator": "eq", "version": "1.10.1"}, {"cpeName": "icinga:icinga", "name": "icinga", "operator": "le", "version": "1.10.2"}, {"cpeName": "opensuse:opensuse", "name": "opensuse", "operator": "eq", "version": "13.1"}], "bulletinFamily": "NVD", "cpe": ["cpe:/o:opensuse:opensuse:13.1", "cpe:/a:icinga:icinga:1.10.0", "cpe:/a:icinga:icinga:1.10.2", "cpe:/a:icinga:icinga:1.10.1", "cpe:/o:opensuse:opensuse:12.3"], "cpe23": ["cpe:2.3:o:opensuse:opensuse:12.3:*:*:*:*:*:*:*", "cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*", "cpe:2.3:a:icinga:icinga:1.10.2:*:*:*:*:*:*:*", "cpe:2.3:a:icinga:icinga:1.10.1:*:*:*:*:*:*:*", "cpe:2.3:a:icinga:icinga:1.10.0:*:*:*:*:*:*:*"], "cpeConfiguration": {}, "cvelist": ["CVE-2014-2386"], "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "cvss2": {"cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {}, "cwe": ["CWE-189"], "description": "Multiple off-by-one errors in Icinga, possibly 1.10.2 and earlier, allow remote attackers to cause a denial of service (crash) via unspecified vectors to the (1) display_nav_table, (2) print_export_link, (3) page_num_selector, or (4) page_limit_selector function in cgi/cgiutils.c or (5) status_page_num_selector function in cgi/status.c, which triggers a stack-based buffer overflow.", "edition": 2, "enchantments": {"dependencies": {"modified": "2020-09-21T14:15:40", "references": [{"idList": ["SECURITYVULNS:DOC:30828", "SECURITYVULNS:VULN:13836"], "type": "securityvulns"}, {"idList": ["SSV:62102"], "type": "seebug"}, {"idList": ["OPENSUSE-2014-237.NASL", "DEBIAN_DSA-2956.NASL", "FREEBSD_PKG_4E95EB4EB73711E387CDF0DEF10DCA57.NASL"], "type": "nessus"}, {"idList": ["4E95EB4E-B737-11E3-87CD-F0DEF10DCA57"], "type": "freebsd"}, {"idList": ["OPENVAS:1361412562310702956", "OPENVAS:702956"], "type": "openvas"}, {"idList": ["DEBIAN:DSA-2956-1:6D0D0"], "type": "debian"}], "rev": 2}, "score": {"modified": "2020-09-21T14:15:40", "rev": 2, "value": 6.5, "vector": "NONE"}}, "hash": "e4db76ad456da12779543f4b36b31824317fdcfc46dc528fa813099a9fe0a7ef", "hashmap": [{"hash": "e064bfb50e73387376dcd19766930b42", "key": "title"}, {"hash": "6339e817ea69d0144092a0eb5e83e8aa", "key": "cpe"}, {"hash": "a709851fa09bac5e00723b3a9f3c8341", "key": "href"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "affectedConfiguration"}, {"hash": "7d7c5f35269532e6785117964a2cc28a", "key": "cwe"}, {"hash": "aeee5e40f5bb37572a8c2a76c427fc2f", "key": "published"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpeConfiguration"}, {"hash": "82dad85afa54bbc6ca464f13af64cb89", "key": "affectedSoftware"}, {"hash": "66bb3ed41ab1c1d4a01cb45dff364aeb", "key": "description"}, {"hash": "cc7142fe617e6f66bd29ebd9a858b948", "key": "cvelist"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "fd717ad1064d16c8f2da2ff609afc05e", "key": "modified"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvss3"}, {"hash": "cc0a6f36a5e1ec80834eb14267237d52", "key": "cpe23"}, {"hash": "85fc9715d07b57d9e72056856b007c7b", "key": "cvss2"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "7ce30c95cfa19812c20da68f97c4b3a4", "key": "references"}, {"hash": "41b62a8aa1ee5c40897717cadc30784a", "key": "cvss"}, {"hash": "444c2b4dda4a55437faa8bef1a141e84", "key": "reporter"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2386", "id": "CVE-2014-2386", "lastseen": "2020-09-21T14:15:40", "modified": "2018-10-30T16:27:00", "objectVersion": "1.3", "published": "2014-03-25T16:55:00", "references": ["https://dev.icinga.org/issues/5663", "http://lists.opensuse.org/opensuse-updates/2014-03/msg00072.html", "http://comments.gmane.org/gmane.comp.security.oss.general/12355", "https://git.icinga.org/?p=icinga-core.git;a=commitdiff;h=73285093b71a5551abdaab0a042d3d6bae093b0d"], "reporter": "cve@mitre.org", "title": "CVE-2014-2386", "type": "cve", "viewCount": 1}, "differentElements": ["cpeConfiguration"], "edition": 2, "lastseen": "2020-09-21T14:15:40"}], "edition": 7, "hashmap": [{"key": "affectedConfiguration", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "affectedSoftware", "hash": "82dad85afa54bbc6ca464f13af64cb89"}, {"key": "bulletinFamily", "hash": "601892ece72be3be2f57266ca2354792"}, {"key": "cpe", "hash": "6339e817ea69d0144092a0eb5e83e8aa"}, {"key": "cpe23", "hash": "cc0a6f36a5e1ec80834eb14267237d52"}, {"key": "cpeConfiguration", "hash": "27f401b0374c6980a5a5bf609dbb66f8"}, {"key": "cvelist", "hash": "cc7142fe617e6f66bd29ebd9a858b948"}, {"key": "cvss", "hash": "41b62a8aa1ee5c40897717cadc30784a"}, {"key": "cvss2", "hash": "85fc9715d07b57d9e72056856b007c7b"}, {"key": "cvss3", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cwe", "hash": "7d7c5f35269532e6785117964a2cc28a"}, {"key": "description", "hash": "66bb3ed41ab1c1d4a01cb45dff364aeb"}, {"key": "extraReferences", "hash": "7c516ac47d2b4bebdccf8cce6feb25f0"}, {"key": "href", "hash": "a709851fa09bac5e00723b3a9f3c8341"}, {"key": "immutableFields", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "modified", "hash": "fd717ad1064d16c8f2da2ff609afc05e"}, {"key": "published", "hash": "aeee5e40f5bb37572a8c2a76c427fc2f"}, {"key": "references", "hash": "7ce30c95cfa19812c20da68f97c4b3a4"}, {"key": "reporter", "hash": "444c2b4dda4a55437faa8bef1a141e84"}, {"key": "title", "hash": "e064bfb50e73387376dcd19766930b42"}, {"key": "type", "hash": "1716b5fcbb7121af74efdc153d0166c5"}], "hash": "dd2877236af22b7b2c137354a12624f4c7062200f3db510948aafa4a41f80baf", "viewCount": 14, "enchantments": {"dependencies": {"references": [{"type": "ubuntucve", "idList": ["UB:CVE-2014-2386"]}, {"type": "freebsd", "idList": ["4E95EB4E-B737-11E3-87CD-F0DEF10DCA57"]}, {"type": "nessus", "idList": ["DEBIAN_DSA-2956.NASL", "OPENSUSE-2014-237.NASL", "FREEBSD_PKG_4E95EB4EB73711E387CDF0DEF10DCA57.NASL"]}, {"type": "seebug", "idList": ["SSV:62102"]}, {"type": "openvas", "idList": ["OPENVAS:702956", "OPENVAS:1361412562310702956"]}, {"type": "debian", "idList": ["DEBIAN:DSA-2956-1:6D0D0"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:13836", "SECURITYVULNS:DOC:30828"]}], "modified": "2021-04-22T23:44:06", "rev": 2}, "score": {"value": 6.5, "vector": "NONE", "modified": "2021-04-22T23:44:06", "rev": 2}}, "objectVersion": "1.5", "cpe": ["cpe:/o:opensuse:opensuse:13.1", "cpe:/a:icinga:icinga:1.10.0", "cpe:/a:icinga:icinga:1.10.2", "cpe:/a:icinga:icinga:1.10.1", "cpe:/o:opensuse:opensuse:12.3"], "affectedSoftware": [{"cpeName": "icinga:icinga", "name": "icinga", "operator": "eq", "version": "1.10.0"}, {"cpeName": "opensuse:opensuse", "name": "opensuse", "operator": "eq", "version": "12.3"}, {"cpeName": "icinga:icinga", "name": "icinga", "operator": "eq", "version": "1.10.1"}, {"cpeName": "icinga:icinga", "name": "icinga", "operator": "le", "version": "1.10.2"}, {"cpeName": "opensuse:opensuse", "name": "opensuse", "operator": "eq", "version": "13.1"}], "cvss2": {"cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {}, "cpe23": ["cpe:2.3:o:opensuse:opensuse:12.3:*:*:*:*:*:*:*", "cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*", "cpe:2.3:a:icinga:icinga:1.10.2:*:*:*:*:*:*:*", "cpe:2.3:a:icinga:icinga:1.10.1:*:*:*:*:*:*:*", "cpe:2.3:a:icinga:icinga:1.10.0:*:*:*:*:*:*:*"], "cwe": ["CWE-189"], "scheme": null, "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:a:icinga:icinga:1.10.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:icinga:icinga:1.10.2:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "1.10.2", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:opensuse:opensuse:12.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:icinga:icinga:1.10.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}], "operator": "OR"}]}, "extraReferences": [{"name": "https://git.icinga.org/?p=icinga-core.git;a=commitdiff;h=73285093b71a5551abdaab0a042d3d6bae093b0d", "refsource": "CONFIRM", "tags": ["Patch", "Exploit"], "url": "https://git.icinga.org/?p=icinga-core.git;a=commitdiff;h=73285093b71a5551abdaab0a042d3d6bae093b0d"}, {"name": "openSUSE-SU-2014:0420", "refsource": "SUSE", "tags": [], "url": "http://lists.opensuse.org/opensuse-updates/2014-03/msg00072.html"}, {"name": "[oss-security] 20140313 CVE request for icinga 1 byte \\0 overflows", "refsource": "MLIST", "tags": [], "url": "http://comments.gmane.org/gmane.comp.security.oss.general/12355"}, {"name": "https://dev.icinga.org/issues/5663", "refsource": "CONFIRM", "tags": [], "url": "https://dev.icinga.org/issues/5663"}], "immutableFields": []}], "ubuntucve": [{"id": "UB:CVE-2014-2386", "vendorId": null, "hash": "bab8dfcb23142e676a90c8b1d46d55dc", "type": "ubuntucve", "bulletinFamily": "info", "title": "CVE-2014-2386", "description": "Multiple off-by-one errors in Icinga, possibly 1.10.2 and earlier, allow\nremote attackers to cause a denial of service (crash) via unspecified\nvectors to the (1) display_nav_table, (2) print_export_link, (3)\npage_num_selector, or (4) page_limit_selector function in cgi/cgiutils.c or\n(5) status_page_num_selector function in cgi/status.c, which triggers a\nstack-based buffer overflow.\n\n#### Notes\n\nAuthor| Note \n---|--- \n[seth-arnold](<https://launchpad.net/~seth-arnold>) | One-byte overflows of ascii NUL might not normally get a 'medium' but there's so many of them fixed that perhaps one might be useful enough in an exploit.\n", "published": "2014-03-25T00:00:00", "modified": "2014-03-25T00:00:00", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "cvss2": {"cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {}, "href": "https://ubuntu.com/security/CVE-2014-2386", "reporter": "ubuntu.com", "references": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2386", "https://nvd.nist.gov/vuln/detail/CVE-2014-2386", "https://launchpad.net/bugs/cve/CVE-2014-2386", "https://security-tracker.debian.org/tracker/CVE-2014-2386"], "cvelist": ["CVE-2014-2386"], "immutableFields": [], "lastseen": "2021-11-22T21:52:04", "history": [{"bulletin": {"id": "UB:CVE-2014-2386", "vendorId": null, "hash": "a1865f593e4c85c1e417ebeb26475e11", "type": "ubuntucve", "bulletinFamily": "info", "title": "CVE-2014-2386", "description": "Multiple off-by-one errors in Icinga, possibly 1.10.2 and earlier, allow\nremote attackers to cause a denial of service (crash) via unspecified\nvectors to the (1) display_nav_table, (2) print_export_link, (3)\npage_num_selector, or (4) page_limit_selector function in cgi/cgiutils.c or\n(5) status_page_num_selector function in cgi/status.c, which triggers a\nstack-based buffer overflow.\n\n#### Notes\n\nAuthor| Note \n---|--- \n[seth-arnold](<https://launchpad.net/~seth-arnold>) | One-byte overflows of ascii NUL might not normally get a 'medium' but there's so many of them fixed that perhaps one might be useful enough in an exploit.\n", "published": "2014-03-25T00:00:00", "modified": "2014-03-25T00:00:00", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "cvss2": {}, "cvss3": {}, "href": "https://ubuntu.com/security/CVE-2014-2386", "reporter": "ubuntu.com", "references": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2386", "https://nvd.nist.gov/vuln/detail/CVE-2014-2386", "https://launchpad.net/bugs/cve/CVE-2014-2386", "https://security-tracker.debian.org/tracker/CVE-2014-2386"], "cvelist": ["CVE-2014-2386"], "immutableFields": [], "lastseen": "2021-07-01T00:19:09", "history": [], "viewCount": 0, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2014-2386"]}, {"type": "freebsd", "idList": ["4E95EB4E-B737-11E3-87CD-F0DEF10DCA57"]}, {"type": "seebug", "idList": ["SSV:62102"]}, {"type": "nessus", "idList": ["DEBIAN_DSA-2956.NASL", "OPENSUSE-2014-237.NASL", "FREEBSD_PKG_4E95EB4EB73711E387CDF0DEF10DCA57.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:702956", "OPENVAS:1361412562310702956"]}, {"type": "debian", "idList": ["DEBIAN:DSA-2956-1:6D0D0"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:13836", "SECURITYVULNS:DOC:30828"]}], "modified": "2021-07-01T00:19:09", "rev": 2}, "score": {"value": 6.9, "vector": "NONE", "modified": "2021-07-01T00:19:09", "rev": 2}}, "objectVersion": "1.5", "affectedPackage": [{"OS": "ubuntu", "OSVersion": "Upstream", "arch": "noarch", "packageVersion": "1.11.0-1", "packageFilename": "UNKNOWN", "operator": "lt", "packageName": "icinga"}, {"OS": "ubuntu", "OSVersion": "14.04", "arch": "noarch", "packageVersion": "any", "packageFilename": "UNKNOWN", "operator": "lt", "packageName": "icinga"}], "bugs": []}, "lastseen": "2021-07-01T00:19:09", "differentElements": ["cvss2"], "edition": 1}, {"bulletin": {"id": "UB:CVE-2014-2386", "vendorId": null, "hash": "49eb124e03fe8bd472a25c21d651a467", "type": "ubuntucve", "bulletinFamily": "info", "title": "CVE-2014-2386", "description": "Multiple off-by-one errors in Icinga, possibly 1.10.2 and earlier, allow\nremote attackers to cause a denial of service (crash) via unspecified\nvectors to the (1) display_nav_table, (2) print_export_link, (3)\npage_num_selector, or (4) page_limit_selector function in cgi/cgiutils.c or\n(5) status_page_num_selector function in cgi/status.c, which triggers a\nstack-based buffer overflow.\n\n#### Notes\n\nAuthor| Note \n---|--- \n[seth-arnold](<https://launchpad.net/~seth-arnold>) | One-byte overflows of ascii NUL might not normally get a 'medium' but there's so many of them fixed that perhaps one might be useful enough in an exploit.\n", "published": "2014-03-25T00:00:00", "modified": "2014-03-25T00:00:00", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "cvss2": {"cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {}, "href": "https://ubuntu.com/security/CVE-2014-2386", "reporter": "ubuntu.com", "references": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2386", "https://nvd.nist.gov/vuln/detail/CVE-2014-2386", "https://launchpad.net/bugs/cve/CVE-2014-2386", "https://security-tracker.debian.org/tracker/CVE-2014-2386"], "cvelist": ["CVE-2014-2386"], "immutableFields": [], "lastseen": "2021-07-31T01:05:29", "history": [], "viewCount": 0, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2014-2386"]}, {"type": "nessus", "idList": ["FREEBSD_PKG_4E95EB4EB73711E387CDF0DEF10DCA57.NASL", "OPENSUSE-2014-237.NASL", "DEBIAN_DSA-2956.NASL"]}, {"type": "seebug", "idList": ["SSV:62102"]}, {"type": "freebsd", "idList": ["4E95EB4E-B737-11E3-87CD-F0DEF10DCA57"]}, {"type": "openvas", "idList": ["OPENVAS:702956", "OPENVAS:1361412562310702956"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:30828", "SECURITYVULNS:VULN:13836"]}, {"type": "debian", "idList": ["DEBIAN:DSA-2956-1:6D0D0"]}], "modified": "2021-07-31T01:05:29", "rev": 2}, "score": {"value": 6.9, "vector": "NONE", "modified": "2021-07-31T01:05:29", "rev": 2}}, "objectVersion": "1.6", "affectedPackage": [{"OS": "ubuntu", "OSVersion": "Upstream", "arch": "noarch", "packageVersion": "1.11.0-1", "packageFilename": "UNKNOWN", "operator": "lt", "packageName": "icinga"}, {"OS": "ubuntu", "OSVersion": "14.04", "arch": "noarch", "packageVersion": "any", "packageFilename": "UNKNOWN", "operator": "lt", "packageName": "icinga"}], "bugs": []}, "lastseen": "2021-07-31T01:05:29", "differentElements": ["affectedPackage"], "edition": 2}], "viewCount": 0, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2014-2386"]}, {"type": "seebug", "idList": ["SSV:62102"]}, {"type": "freebsd", "idList": ["4E95EB4E-B737-11E3-87CD-F0DEF10DCA57"]}, {"type": "nessus", "idList": ["FREEBSD_PKG_4E95EB4EB73711E387CDF0DEF10DCA57.NASL", "DEBIAN_DSA-2956.NASL", "OPENSUSE-2014-237.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310702956", "OPENVAS:702956"]}, {"type": "debian", "idList": ["DEBIAN:DSA-2956-1:6D0D0"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:13836", "SECURITYVULNS:DOC:30828"]}], "modified": "2021-11-22T21:52:04", "rev": 2}, "score": {"value": 6.9, "vector": "NONE", "modified": "2021-11-22T21:52:04", "rev": 2}}, "objectVersion": "1.6", "affectedPackage": [{"OS": "ubuntu", "OSVersion": "Upstream", "arch": "noarch", "packageVersion": "1.11.0-1", "packageFilename": "UNKNOWN", "operator": "lt", "status": "released", "packageName": "icinga"}, {"OS": "ubuntu", "OSVersion": "14.04", "arch": "noarch", "packageVersion": "any", "packageFilename": "UNKNOWN", "operator": "lt", "status": "does not exist", "packageName": "icinga"}], "bugs": [], "_object_type": "robots.models.ubuntucve.UbuntuCVEBulletin", "_object_types": ["robots.models.ubuntucve.UbuntuCVEBulletin", "robots.models.base.Bulletin"]}], "debiancve": [{"id": "DEBIANCVE:CVE-2014-2386", "vendorId": null, "hash": "faeb009cb9189d22a0e8578a9af535aa", "type": "debiancve", "bulletinFamily": "info", "title": "CVE-2014-2386", "description": "Multiple off-by-one errors in Icinga, possibly 1.10.2 and earlier, allow remote attackers to cause a denial of service (crash) via unspecified vectors to the (1) display_nav_table, (2) print_export_link, (3) page_num_selector, or (4) page_limit_selector function in cgi/cgiutils.c or (5) status_page_num_selector function in cgi/status.c, which triggers a stack-based buffer overflow.", "published": "2014-03-13T00:00:00", "modified": "2014-03-13T00:00:00", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "cvss2": {"cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {}, "href": "https://security-tracker.debian.org/tracker/CVE-2014-2386", "reporter": "Debian Security Bug Tracker", "references": [], "cvelist": ["CVE-2014-2386"], "immutableFields": [], "lastseen": "2021-12-05T10:34:18", "history": [{"bulletin": {"id": "DEBIANCVE:CVE-2014-2386", "vendorId": null, "hash": "faeb009cb9189d22a0e8578a9af535aa", "type": "debiancve", "bulletinFamily": "info", "title": "CVE-2014-2386", "description": "Multiple off-by-one errors in Icinga, possibly 1.10.2 and earlier, allow remote attackers to cause a denial of service (crash) via unspecified vectors to the (1) display_nav_table, (2) print_export_link, (3) page_num_selector, or (4) page_limit_selector function in cgi/cgiutils.c or (5) status_page_num_selector function in cgi/status.c, which triggers a stack-based buffer overflow.", "published": "2014-03-13T00:00:00", "modified": "2014-03-13T00:00:00", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "cvss2": {"cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {}, "href": "https://security-tracker.debian.org/tracker/CVE-2014-2386", "reporter": "Debian Security Bug Tracker", "references": [], "cvelist": ["CVE-2014-2386"], "immutableFields": [], "lastseen": "2021-11-29T13:55:45", "history": [], "viewCount": 0, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2014-2386"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2014-2386"]}, {"type": "seebug", "idList": ["SSV:62102"]}, {"type": "freebsd", "idList": ["4E95EB4E-B737-11E3-87CD-F0DEF10DCA57"]}, {"type": "nessus", "idList": ["OPENSUSE-2014-237.NASL", "FREEBSD_PKG_4E95EB4EB73711E387CDF0DEF10DCA57.NASL", "DEBIAN_DSA-2956.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:702956", "OPENVAS:1361412562310702956"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:30828", "SECURITYVULNS:VULN:13836"]}, {"type": "debian", "idList": ["DEBIAN:DSA-2956-1:6D0D0"]}], "modified": "2021-11-29T13:55:45", "rev": 2}, "score": {"value": 6.5, "vector": "NONE", "modified": "2021-11-29T13:55:45", "rev": 2}}, "objectVersion": "1.6", "affectedPackage": [{"OS": "Debian", "OSVersion": "10", "arch": "all", "packageFilename": "icinga_1.14.2+ds-3_all.deb", "packageVersion": "1.14.2+ds-3", "operator": "lt", "status": "resolved", "packageName": "icinga"}, {"OS": "Debian", "OSVersion": "9", "arch": "all", "packageFilename": "icinga_1.13.4-2_all.deb", "packageVersion": "1.13.4-2", "operator": "lt", "status": "resolved", "packageName": "icinga"}]}, "lastseen": "2021-11-29T13:55:45", "differentElements": ["description"], "edition": 1}, {"bulletin": {"id": "DEBIANCVE:CVE-2014-2386", "vendorId": null, "hash": "bcb38fffa4bc0394125a9a3d3773d124", "type": "debiancve", "bulletinFamily": "info", "title": "CVE-2014-2386", "description": "Multiple off-by-one errors in Icinga, possibly 1.10.2 and earlier, all ...", "published": "2014-03-13T00:00:00", "modified": "2014-03-13T00:00:00", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "cvss2": {"cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {}, "href": "https://security-tracker.debian.org/tracker/CVE-2014-2386", "reporter": "Debian Security Bug Tracker", "references": [], "cvelist": ["CVE-2014-2386"], "immutableFields": [], "lastseen": "2021-12-04T19:05:02", "history": [], "viewCount": 0, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2014-2386"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2014-2386"]}, {"type": "seebug", "idList": ["SSV:62102"]}, {"type": "freebsd", "idList": ["4E95EB4E-B737-11E3-87CD-F0DEF10DCA57"]}, {"type": "nessus", "idList": ["DEBIAN_DSA-2956.NASL", "FREEBSD_PKG_4E95EB4EB73711E387CDF0DEF10DCA57.NASL", "OPENSUSE-2014-237.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310702956", "OPENVAS:702956"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:30828", "SECURITYVULNS:VULN:13836"]}, {"type": "debian", "idList": ["DEBIAN:DSA-2956-1:6D0D0"]}], "modified": "2021-12-04T19:05:02", "rev": 2}, "score": {"value": 6.5, "vector": "NONE", "modified": "2021-12-04T19:05:02", "rev": 2}}, "objectVersion": "1.6", "affectedPackage": [{"OS": "Debian", "OSVersion": "10", "arch": "all", "packageFilename": "icinga_1.14.2+ds-3_all.deb", "packageVersion": "1.14.2+ds-3", "operator": "lt", "status": "resolved", "packageName": "icinga"}, {"OS": "Debian", "OSVersion": "9", "arch": "all", "packageFilename": "icinga_1.13.4-2_all.deb", "packageVersion": "1.13.4-2", "operator": "lt", "status": "resolved", "packageName": "icinga"}]}, "lastseen": "2021-12-04T19:05:02", "differentElements": ["description"], "edition": 2}], "viewCount": 0, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2014-2386"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2014-2386"]}, {"type": "seebug", "idList": ["SSV:62102"]}, {"type": "freebsd", "idList": ["4E95EB4E-B737-11E3-87CD-F0DEF10DCA57"]}, {"type": "nessus", "idList": ["DEBIAN_DSA-2956.NASL", "FREEBSD_PKG_4E95EB4EB73711E387CDF0DEF10DCA57.NASL", "OPENSUSE-2014-237.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310702956", "OPENVAS:702956"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:30828", "SECURITYVULNS:VULN:13836"]}, {"type": "debian", "idList": ["DEBIAN:DSA-2956-1:6D0D0"]}], "modified": "2021-12-04T19:05:02", "rev": 2}, "score": {"value": 6.5, "vector": "NONE", "modified": "2021-12-04T19:05:02", "rev": 2}}, "objectVersion": "1.6", "affectedPackage": [{"OS": "Debian", "OSVersion": "10", "arch": "all", "packageFilename": "icinga_1.14.2+ds-3_all.deb", "packageVersion": "1.14.2+ds-3", "operator": "lt", "status": "resolved", "packageName": "icinga"}, {"OS": "Debian", "OSVersion": "9", "arch": "all", "packageFilename": "icinga_1.13.4-2_all.deb", "packageVersion": "1.13.4-2", "operator": "lt", "status": "resolved", "packageName": "icinga"}], "_object_type": "robots.models.debiancve.DebianCveBulletin", "_object_types": ["robots.models.debiancve.DebianCveBulletin", "robots.models.base.Bulletin"]}], "seebug": [{"href": "https://www.seebug.org/vuldb/ssvid-62102", "status": "details", "history": [], "bulletinFamily": "exploit", "modified": "2014-04-10T00:00:00", "title": "Icinga cgi/cgiutils.c\u548ccgi/status.c\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e", "cvss": {"vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/", "score": 5.0}, "sourceHref": "", "cvelist": ["CVE-2014-2386"], "description": "CVE ID:CVE-2014-2386\r\n\r\nIcinga\u662f\u4e00\u6b3e\u7cfb\u7edf\u76d1\u63a7\u670d\u52a1\u7a0b\u5e8f\u3002\r\n\r\nIcinga cgi/cgiutils.c\u548ccgi/status.c\u5b58\u5728\u8fb9\u754c\u9519\u8bef\uff0c\u5141\u8bb8\u653b\u51fb\u8005\u5229\u7528\u6f0f\u6d1e\u8fdb\u884c\u7f13\u51b2\u533a\u6ea2\u51fa\u653b\u51fb\uff0c\u53ef\u4f7f\u5e94\u7528\u7a0b\u5e8f\u5d29\u6e83\u6216\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002\n0\nIcinga 1.x\nIcinga 1.11.1, 1.10.4\u62161.9.6\u7248\u672c\u5df2\u4fee\u590d\u8be5\u6f0f\u6d1e\uff0c\u5efa\u8bae\u7528\u6237\u4e0b\u8f7d\u4f7f\u7528\uff1a\r\nhttps://www.icinga.org", "viewCount": 1, "published": "2014-04-10T00:00:00", "sourceData": "", "id": "SSV:62102", "enchantments_done": [], "_object_type": "robots.models.seebug.SeebugBulletin", "type": "seebug", "lastseen": "2017-11-19T17:27:39", "reporter": "Root", "_object_types": ["robots.models.base.Bulletin", "robots.models.seebug.SeebugBulletin"], "enchantments": {"score": {"value": 5.6, "vector": "NONE", "modified": "2017-11-19T17:27:39", "rev": 2}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2014-2386"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2014-2386"]}, {"type": "freebsd", "idList": ["4E95EB4E-B737-11E3-87CD-F0DEF10DCA57"]}, {"type": "nessus", "idList": ["DEBIAN_DSA-2956.NASL", "OPENSUSE-2014-237.NASL", "FREEBSD_PKG_4E95EB4EB73711E387CDF0DEF10DCA57.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:702956", "OPENVAS:1361412562310702956"]}, {"type": "debian", "idList": ["DEBIAN:DSA-2956-1:6D0D0"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:13836", "SECURITYVULNS:DOC:30828"]}], "modified": "2017-11-19T17:27:39", "rev": 2}}, "objectVersion": "1.5", "references": [], "immutableFields": []}], "nessus": [{"id": "OPENSUSE-2014-237.NASL", "hash": "86ec86b5371baa12461388a70868134f", "type": "nessus", "bulletinFamily": "scanner", "title": "openSUSE Security Update : icinga (openSUSE-SU-2014:0420-1)", "description": "The monitoring system icinga received security fixes in the cgi helpers where buffers could be overflowed by 1 byte. Note that this will be caught by the FORTIFY_SOURCE static overflow detection.", "published": "2014-06-13T00:00:00", "modified": "2021-01-19T00:00:00", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "cvss2": {}, "cvss3": {"score": null, "vector": null}, "href": "https://www.tenable.com/plugins/nessus/75303", "reporter": "This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2386", "https://lists.opensuse.org/opensuse-updates/2014-03/msg00072.html", "https://bugzilla.novell.com/show_bug.cgi?id=868426"], "cvelist": ["CVE-2014-2386"], "immutableFields": [], "lastseen": "2021-08-19T12:49:43", "history": [{"bulletin": {"id": "OPENSUSE-2014-237.NASL", "hash": "4ca01304d4a87bc76a3240ad0089ca59220fd2c099eeb2c8be6f3f9393e10680", "type": "nessus", "bulletinFamily": "scanner", "title": "openSUSE Security Update : icinga (openSUSE-SU-2014:0420-1)", "description": "The monitoring system icinga received security fixes in the cgi helpers where buffers could be overflowed by 1 byte. Note that this will be caught by the FORTIFY_SOURCE static overflow detection.", "published": "2014-06-13T00:00:00", "modified": "2018-11-10T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "cvss2": {}, "cvss3": {}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=75303", "reporter": "Tenable", "references": ["https://bugzilla.novell.com/show_bug.cgi?id=868426", "https://lists.opensuse.org/opensuse-updates/2014-03/msg00072.html"], "cvelist": ["CVE-2014-2386"], "immutableFields": [], "lastseen": "2018-11-13T16:58:58", "history": [], "viewCount": 1, "enchantments": {"score": {"value": 7.5, "vector": "NONE"}}, "objectVersion": "1.6", "pluginID": "75303", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2014-237.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(75303);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2018/11/10 11:50:01\");\n\n script_cve_id(\"CVE-2014-2386\");\n script_bugtraq_id(66212);\n\n script_name(english:\"openSUSE Security Update : icinga (openSUSE-SU-2014:0420-1)\");\n script_summary(english:\"Check for the openSUSE-2014-237 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The monitoring system icinga received security fixes in the cgi\nhelpers where buffers could be overflowed by 1 byte. Note that this\nwill be caught by the FORTIFY_SOURCE static overflow detection.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=868426\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2014-03/msg00072.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected icinga packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:icinga\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:icinga-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:icinga-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:icinga-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:icinga-idoutils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:icinga-idoutils-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:icinga-idoutils-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:icinga-idoutils-oracle\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:icinga-idoutils-pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:icinga-plugins-downtimes\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:icinga-plugins-eventhandlers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:icinga-www\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:icinga-www-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:monitoring-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:monitoring-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:12.3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:13.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/03/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE12\\.3|SUSE13\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"12.3 / 13.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE12.3\", reference:\"icinga-1.10.2-2.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"icinga-debuginfo-1.10.2-2.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"icinga-debugsource-1.10.2-2.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"icinga-devel-1.10.2-2.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"icinga-idoutils-1.10.2-2.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"icinga-idoutils-debuginfo-1.10.2-2.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"icinga-idoutils-mysql-1.10.2-2.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"icinga-idoutils-oracle-1.10.2-2.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"icinga-idoutils-pgsql-1.10.2-2.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"icinga-plugins-downtimes-1.10.2-2.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"icinga-plugins-eventhandlers-1.10.2-2.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"icinga-www-1.10.2-2.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"icinga-www-debuginfo-1.10.2-2.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"monitoring-tools-1.10.2-2.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"monitoring-tools-debuginfo-1.10.2-2.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"icinga-1.10.2-4.14.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"icinga-debuginfo-1.10.2-4.14.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"icinga-debugsource-1.10.2-4.14.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"icinga-devel-1.10.2-4.14.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"icinga-idoutils-1.10.2-4.14.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"icinga-idoutils-debuginfo-1.10.2-4.14.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"icinga-idoutils-mysql-1.10.2-4.14.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"icinga-idoutils-oracle-1.10.2-4.14.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"icinga-idoutils-pgsql-1.10.2-4.14.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"icinga-plugins-downtimes-1.10.2-4.14.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"icinga-plugins-eventhandlers-1.10.2-4.14.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"icinga-www-1.10.2-4.14.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"icinga-www-debuginfo-1.10.2-4.14.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"monitoring-tools-1.10.2-4.14.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"monitoring-tools-debuginfo-1.10.2-4.14.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"icinga\");\n}\n", "naslFamily": "SuSE Local Security Checks", "cpe": ["p-cpe:/a:novell:opensuse:icinga-idoutils-mysql", "p-cpe:/a:novell:opensuse:monitoring-tools", "cpe:/o:novell:opensuse:12.3", "p-cpe:/a:novell:opensuse:icinga-idoutils-pgsql", "p-cpe:/a:novell:opensuse:icinga-plugins-eventhandlers", "p-cpe:/a:novell:opensuse:monitoring-tools-debuginfo", "p-cpe:/a:novell:opensuse:icinga-idoutils-debuginfo", "p-cpe:/a:novell:opensuse:icinga-debugsource", "p-cpe:/a:novell:opensuse:icinga-idoutils-oracle", "p-cpe:/a:novell:opensuse:icinga-devel", "p-cpe:/a:novell:opensuse:icinga", "p-cpe:/a:novell:opensuse:icinga-debuginfo", "p-cpe:/a:novell:opensuse:icinga-www", "p-cpe:/a:novell:opensuse:icinga-www-debuginfo", "p-cpe:/a:novell:opensuse:icinga-idoutils", "cpe:/o:novell:opensuse:13.1", "p-cpe:/a:novell:opensuse:icinga-plugins-downtimes"], "solution": "", "nessusSeverity": "", "cvssScoreSource": "", "vpr": {}, "exploitAvailable": false, "exploitEase": "", "patchPublicationDate": null, "vulnerabilityPublicationDate": null, "exploitableWith": []}, "lastseen": "2018-11-13T16:58:58", "differentElements": ["cvss", "description", "href", "modified", "reporter", "sourceData"], "edition": 1}, {"bulletin": {"id": "OPENSUSE-2014-237.NASL", "hash": "87ed4a49f268ba54a1a4e058836cfd586ed5a4f77e739d929823ab18e66f50e7", "type": "nessus", "bulletinFamily": "scanner", "title": "openSUSE Security Update : icinga (openSUSE-SU-2014:0420-1)", "description": "The monitoring system icinga received security fixes in the cgi\nhelpers where buffers could be overflowed by 1 byte. Note that this\nwill be caught by the FORTIFY_SOURCE static overflow detection.", "published": "2014-06-13T00:00:00", "modified": "2019-11-02T00:00:00", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "cvss2": {}, "cvss3": {}, "href": "https://www.tenable.com/plugins/nessus/75303", "reporter": "This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["https://bugzilla.novell.com/show_bug.cgi?id=868426", "https://lists.opensuse.org/opensuse-updates/2014-03/msg00072.html"], "cvelist": ["CVE-2014-2386"], "immutableFields": [], "lastseen": "2019-11-01T03:00:39", "history": [], "viewCount": 1, "enchantments": {"dependencies": {"modified": "2019-11-01T03:00:39", "references": [{"idList": ["SECURITYVULNS:DOC:30828", "SECURITYVULNS:VULN:13836"], "type": "securityvulns"}, {"idList": ["SSV:62102"], "type": "seebug"}, {"idList": ["CVE-2014-2386"], "type": "cve"}, {"idList": ["DEBIAN_DSA-2956.NASL", "FREEBSD_PKG_4E95EB4EB73711E387CDF0DEF10DCA57.NASL"], "type": "nessus"}, {"idList": ["4E95EB4E-B737-11E3-87CD-F0DEF10DCA57"], "type": "freebsd"}, {"idList": ["OPENVAS:1361412562310702956", "OPENVAS:702956"], "type": "openvas"}, {"idList": ["DEBIAN:DSA-2956-1:6D0D0"], "type": "debian"}]}, "score": {"modified": "2019-11-01T03:00:39", "value": 6.5, "vector": "NONE"}}, "objectVersion": "1.6", "pluginID": "75303", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2014-237.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(75303);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2019/01/02 16:37:56\");\n\n script_cve_id(\"CVE-2014-2386\");\n script_bugtraq_id(66212);\n\n script_name(english:\"openSUSE Security Update : icinga (openSUSE-SU-2014:0420-1)\");\n script_summary(english:\"Check for the openSUSE-2014-237 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The monitoring system icinga received security fixes in the cgi\nhelpers where buffers could be overflowed by 1 byte. Note that this\nwill be caught by the FORTIFY_SOURCE static overflow detection.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=868426\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2014-03/msg00072.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected icinga packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:icinga\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:icinga-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:icinga-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:icinga-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:icinga-idoutils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:icinga-idoutils-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:icinga-idoutils-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:icinga-idoutils-oracle\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:icinga-idoutils-pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:icinga-plugins-downtimes\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:icinga-plugins-eventhandlers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:icinga-www\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:icinga-www-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:monitoring-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:monitoring-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:12.3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:13.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/03/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE12\\.3|SUSE13\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"12.3 / 13.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE12.3\", reference:\"icinga-1.10.2-2.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"icinga-debuginfo-1.10.2-2.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"icinga-debugsource-1.10.2-2.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"icinga-devel-1.10.2-2.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"icinga-idoutils-1.10.2-2.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"icinga-idoutils-debuginfo-1.10.2-2.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"icinga-idoutils-mysql-1.10.2-2.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"icinga-idoutils-oracle-1.10.2-2.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"icinga-idoutils-pgsql-1.10.2-2.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"icinga-plugins-downtimes-1.10.2-2.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"icinga-plugins-eventhandlers-1.10.2-2.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"icinga-www-1.10.2-2.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"icinga-www-debuginfo-1.10.2-2.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"monitoring-tools-1.10.2-2.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"monitoring-tools-debuginfo-1.10.2-2.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"icinga-1.10.2-4.14.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"icinga-debuginfo-1.10.2-4.14.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"icinga-debugsource-1.10.2-4.14.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"icinga-devel-1.10.2-4.14.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"icinga-idoutils-1.10.2-4.14.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"icinga-idoutils-debuginfo-1.10.2-4.14.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"icinga-idoutils-mysql-1.10.2-4.14.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"icinga-idoutils-oracle-1.10.2-4.14.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"icinga-idoutils-pgsql-1.10.2-4.14.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"icinga-plugins-downtimes-1.10.2-4.14.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"icinga-plugins-eventhandlers-1.10.2-4.14.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"icinga-www-1.10.2-4.14.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"icinga-www-debuginfo-1.10.2-4.14.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"monitoring-tools-1.10.2-4.14.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"monitoring-tools-debuginfo-1.10.2-4.14.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"icinga\");\n}\n", "naslFamily": "SuSE Local Security Checks", "cpe": ["p-cpe:/a:novell:opensuse:icinga-idoutils-mysql", "p-cpe:/a:novell:opensuse:monitoring-tools", "cpe:/o:novell:opensuse:12.3", "p-cpe:/a:novell:opensuse:icinga-idoutils-pgsql", "p-cpe:/a:novell:opensuse:icinga-plugins-eventhandlers", "p-cpe:/a:novell:opensuse:monitoring-tools-debuginfo", "p-cpe:/a:novell:opensuse:icinga-idoutils-debuginfo", "p-cpe:/a:novell:opensuse:icinga-debugsource", "p-cpe:/a:novell:opensuse:icinga-idoutils-oracle", "p-cpe:/a:novell:opensuse:icinga-devel", "p-cpe:/a:novell:opensuse:icinga", "p-cpe:/a:novell:opensuse:icinga-debuginfo", "p-cpe:/a:novell:opensuse:icinga-www", "p-cpe:/a:novell:opensuse:icinga-www-debuginfo", "p-cpe:/a:novell:opensuse:icinga-idoutils", "cpe:/o:novell:opensuse:13.1", "p-cpe:/a:novell:opensuse:icinga-plugins-downtimes"], "solution": "", "nessusSeverity": "", "cvssScoreSource": "", "vpr": {}, "exploitAvailable": false, "exploitEase": "", "patchPublicationDate": null, "vulnerabilityPublicationDate": null, "exploitableWith": []}, "lastseen": "2019-11-01T03:00:39", "differentElements": ["modified"], "edition": 2}, {"bulletin": {"id": "OPENSUSE-2014-237.NASL", "hash": "d6623c1704eecc17bb32687cea4ae3934778706885b5aae5494b4670a97d74a5", "type": "nessus", "bulletinFamily": "scanner", "title": "openSUSE Security Update : icinga (openSUSE-SU-2014:0420-1)", "description": "The monitoring system icinga received security fixes in the cgi\nhelpers where buffers could be overflowed by 1 byte. Note that this\nwill be caught by the FORTIFY_SOURCE static overflow detection.", "published": "2014-06-13T00:00:00", "modified": "2020-03-02T00:00:00", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "cvss2": {}, "cvss3": {}, "href": "https://www.tenable.com/plugins/nessus/75303", "reporter": "This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["https://bugzilla.novell.com/show_bug.cgi?id=868426", "https://lists.opensuse.org/opensuse-updates/2014-03/msg00072.html"], "cvelist": ["CVE-2014-2386"], "immutableFields": [], "lastseen": "2020-03-18T01:34:04", "history": [], "viewCount": 1, "enchantments": {"dependencies": {"modified": "2020-03-18T01:34:04", "references": [{"idList": ["SECURITYVULNS:DOC:30828", "SECURITYVULNS:VULN:13836"], "type": "securityvulns"}, {"idList": ["SSV:62102"], "type": "seebug"}, {"idList": ["CVE-2014-2386"], "type": "cve"}, {"idList": ["DEBIAN_DSA-2956.NASL", "FREEBSD_PKG_4E95EB4EB73711E387CDF0DEF10DCA57.NASL"], "type": "nessus"}, {"idList": ["4E95EB4E-B737-11E3-87CD-F0DEF10DCA57"], "type": "freebsd"}, {"idList": ["OPENVAS:1361412562310702956", "OPENVAS:702956"], "type": "openvas"}, {"idList": ["DEBIAN:DSA-2956-1:6D0D0"], "type": "debian"}]}, "score": {"modified": "2020-03-18T01:34:04", "value": 6.5, "vector": "NONE"}}, "objectVersion": "1.6", "pluginID": "75303", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2014-237.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(75303);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2019/01/02 16:37:56\");\n\n script_cve_id(\"CVE-2014-2386\");\n script_bugtraq_id(66212);\n\n script_name(english:\"openSUSE Security Update : icinga (openSUSE-SU-2014:0420-1)\");\n script_summary(english:\"Check for the openSUSE-2014-237 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The monitoring system icinga received security fixes in the cgi\nhelpers where buffers could be overflowed by 1 byte. Note that this\nwill be caught by the FORTIFY_SOURCE static overflow detection.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=868426\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2014-03/msg00072.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected icinga packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:icinga\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:icinga-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:icinga-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:icinga-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:icinga-idoutils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:icinga-idoutils-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:icinga-idoutils-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:icinga-idoutils-oracle\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:icinga-idoutils-pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:icinga-plugins-downtimes\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:icinga-plugins-eventhandlers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:icinga-www\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:icinga-www-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:monitoring-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:monitoring-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:12.3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:13.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/03/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE12\\.3|SUSE13\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"12.3 / 13.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE12.3\", reference:\"icinga-1.10.2-2.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"icinga-debuginfo-1.10.2-2.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"icinga-debugsource-1.10.2-2.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"icinga-devel-1.10.2-2.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"icinga-idoutils-1.10.2-2.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"icinga-idoutils-debuginfo-1.10.2-2.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"icinga-idoutils-mysql-1.10.2-2.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"icinga-idoutils-oracle-1.10.2-2.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"icinga-idoutils-pgsql-1.10.2-2.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"icinga-plugins-downtimes-1.10.2-2.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"icinga-plugins-eventhandlers-1.10.2-2.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"icinga-www-1.10.2-2.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"icinga-www-debuginfo-1.10.2-2.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"monitoring-tools-1.10.2-2.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"monitoring-tools-debuginfo-1.10.2-2.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"icinga-1.10.2-4.14.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"icinga-debuginfo-1.10.2-4.14.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"icinga-debugsource-1.10.2-4.14.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"icinga-devel-1.10.2-4.14.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"icinga-idoutils-1.10.2-4.14.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"icinga-idoutils-debuginfo-1.10.2-4.14.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"icinga-idoutils-mysql-1.10.2-4.14.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"icinga-idoutils-oracle-1.10.2-4.14.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"icinga-idoutils-pgsql-1.10.2-4.14.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"icinga-plugins-downtimes-1.10.2-4.14.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"icinga-plugins-eventhandlers-1.10.2-4.14.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"icinga-www-1.10.2-4.14.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"icinga-www-debuginfo-1.10.2-4.14.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"monitoring-tools-1.10.2-4.14.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"monitoring-tools-debuginfo-1.10.2-4.14.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"icinga\");\n}\n", "naslFamily": "SuSE Local Security Checks", "cpe": ["p-cpe:/a:novell:opensuse:icinga-idoutils-mysql", "p-cpe:/a:novell:opensuse:monitoring-tools", "cpe:/o:novell:opensuse:12.3", "p-cpe:/a:novell:opensuse:icinga-idoutils-pgsql", "p-cpe:/a:novell:opensuse:icinga-plugins-eventhandlers", "p-cpe:/a:novell:opensuse:monitoring-tools-debuginfo", "p-cpe:/a:novell:opensuse:icinga-idoutils-debuginfo", "p-cpe:/a:novell:opensuse:icinga-debugsource", "p-cpe:/a:novell:opensuse:icinga-idoutils-oracle", "p-cpe:/a:novell:opensuse:icinga-devel", "p-cpe:/a:novell:opensuse:icinga", "p-cpe:/a:novell:opensuse:icinga-debuginfo", "p-cpe:/a:novell:opensuse:icinga-www", "p-cpe:/a:novell:opensuse:icinga-www-debuginfo", "p-cpe:/a:novell:opensuse:icinga-idoutils", "cpe:/o:novell:opensuse:13.1", "p-cpe:/a:novell:opensuse:icinga-plugins-downtimes"], "solution": "", "nessusSeverity": "", "cvssScoreSource": "", "vpr": {}, "exploitAvailable": false, "exploitEase": "", "patchPublicationDate": null, "vulnerabilityPublicationDate": null, "exploitableWith": []}, "lastseen": "2020-03-18T01:34:04", "differentElements": ["modified"], "edition": 3}, {"bulletin": {"id": "OPENSUSE-2014-237.NASL", "hash": "fafd44169d53eaee885856929a04484af8b5d508529043a00470e48a5574d576", "type": "nessus", "bulletinFamily": "scanner", "title": "openSUSE Security Update : icinga (openSUSE-SU-2014:0420-1)", "description": "The monitoring system icinga received security fixes in the cgi\nhelpers where buffers could be overflowed by 1 byte. Note that this\nwill be caught by the FORTIFY_SOURCE static overflow detection.", "published": "2014-06-13T00:00:00", "modified": "2020-05-02T00:00:00", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "cvss2": {}, "cvss3": {}, "href": "https://www.tenable.com/plugins/nessus/75303", "reporter": "This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["https://bugzilla.novell.com/show_bug.cgi?id=868426", "https://lists.opensuse.org/opensuse-updates/2014-03/msg00072.html"], "cvelist": ["CVE-2014-2386"], "immutableFields": [], "lastseen": "2020-05-01T01:25:32", "history": [], "viewCount": 1, "enchantments": {"dependencies": {"modified": "2020-05-01T01:25:32", "references": [{"idList": ["SECURITYVULNS:DOC:30828", "SECURITYVULNS:VULN:13836"], "type": "securityvulns"}, {"idList": ["SSV:62102"], "type": "seebug"}, {"idList": ["CVE-2014-2386"], "type": "cve"}, {"idList": ["DEBIAN_DSA-2956.NASL", "FREEBSD_PKG_4E95EB4EB73711E387CDF0DEF10DCA57.NASL"], "type": "nessus"}, {"idList": ["4E95EB4E-B737-11E3-87CD-F0DEF10DCA57"], "type": "freebsd"}, {"idList": ["OPENVAS:1361412562310702956", "OPENVAS:702956"], "type": "openvas"}, {"idList": ["DEBIAN:DSA-2956-1:6D0D0"], "type": "debian"}], "rev": 2}, "score": {"modified": "2020-05-01T01:25:32", "rev": 2, "value": 6.5, "vector": "NONE"}}, "objectVersion": "1.6", "pluginID": "75303", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2014-237.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(75303);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2019/01/02 16:37:56\");\n\n script_cve_id(\"CVE-2014-2386\");\n script_bugtraq_id(66212);\n\n script_name(english:\"openSUSE Security Update : icinga (openSUSE-SU-2014:0420-1)\");\n script_summary(english:\"Check for the openSUSE-2014-237 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The monitoring system icinga received security fixes in the cgi\nhelpers where buffers could be overflowed by 1 byte. Note that this\nwill be caught by the FORTIFY_SOURCE static overflow detection.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=868426\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2014-03/msg00072.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected icinga packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:icinga\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:icinga-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:icinga-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:icinga-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:icinga-idoutils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:icinga-idoutils-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:icinga-idoutils-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:icinga-idoutils-oracle\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:icinga-idoutils-pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:icinga-plugins-downtimes\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:icinga-plugins-eventhandlers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:icinga-www\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:icinga-www-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:monitoring-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:monitoring-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:12.3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:13.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/03/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE12\\.3|SUSE13\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"12.3 / 13.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE12.3\", reference:\"icinga-1.10.2-2.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"icinga-debuginfo-1.10.2-2.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"icinga-debugsource-1.10.2-2.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"icinga-devel-1.10.2-2.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"icinga-idoutils-1.10.2-2.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"icinga-idoutils-debuginfo-1.10.2-2.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"icinga-idoutils-mysql-1.10.2-2.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"icinga-idoutils-oracle-1.10.2-2.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"icinga-idoutils-pgsql-1.10.2-2.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"icinga-plugins-downtimes-1.10.2-2.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"icinga-plugins-eventhandlers-1.10.2-2.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"icinga-www-1.10.2-2.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"icinga-www-debuginfo-1.10.2-2.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"monitoring-tools-1.10.2-2.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"monitoring-tools-debuginfo-1.10.2-2.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"icinga-1.10.2-4.14.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"icinga-debuginfo-1.10.2-4.14.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"icinga-debugsource-1.10.2-4.14.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"icinga-devel-1.10.2-4.14.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"icinga-idoutils-1.10.2-4.14.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"icinga-idoutils-debuginfo-1.10.2-4.14.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"icinga-idoutils-mysql-1.10.2-4.14.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"icinga-idoutils-oracle-1.10.2-4.14.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"icinga-idoutils-pgsql-1.10.2-4.14.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"icinga-plugins-downtimes-1.10.2-4.14.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"icinga-plugins-eventhandlers-1.10.2-4.14.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"icinga-www-1.10.2-4.14.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"icinga-www-debuginfo-1.10.2-4.14.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"monitoring-tools-1.10.2-4.14.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"monitoring-tools-debuginfo-1.10.2-4.14.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"icinga\");\n}\n", "naslFamily": "SuSE Local Security Checks", "cpe": ["p-cpe:/a:novell:opensuse:icinga-idoutils-mysql", "p-cpe:/a:novell:opensuse:monitoring-tools", "cpe:/o:novell:opensuse:12.3", "p-cpe:/a:novell:opensuse:icinga-idoutils-pgsql", "p-cpe:/a:novell:opensuse:icinga-plugins-eventhandlers", "p-cpe:/a:novell:opensuse:monitoring-tools-debuginfo", "p-cpe:/a:novell:opensuse:icinga-idoutils-debuginfo", "p-cpe:/a:novell:opensuse:icinga-debugsource", "p-cpe:/a:novell:opensuse:icinga-idoutils-oracle", "p-cpe:/a:novell:opensuse:icinga-devel", "p-cpe:/a:novell:opensuse:icinga", "p-cpe:/a:novell:opensuse:icinga-debuginfo", "p-cpe:/a:novell:opensuse:icinga-www", "p-cpe:/a:novell:opensuse:icinga-www-debuginfo", "p-cpe:/a:novell:opensuse:icinga-idoutils", "cpe:/o:novell:opensuse:13.1", "p-cpe:/a:novell:opensuse:icinga-plugins-downtimes"], "solution": "", "nessusSeverity": "", "cvssScoreSource": "", "vpr": {}, "exploitAvailable": false, "exploitEase": "", "patchPublicationDate": null, "vulnerabilityPublicationDate": null, "exploitableWith": []}, "lastseen": "2020-05-01T01:25:32", "differentElements": ["modified", "reporter", "sourceData"], "edition": 4}, {"bulletin": {"id": "OPENSUSE-2014-237.NASL", "hash": "8ce4ec817841a02754fb7d79ab0107ffa01ebb5922ac470cc3f067272905f0a2", "type": "nessus", "bulletinFamily": "scanner", "title": "openSUSE Security Update : icinga (openSUSE-SU-2014:0420-1)", "description": "The monitoring system icinga received security fixes in the cgi\nhelpers where buffers could be overflowed by 1 byte. Note that this\nwill be caught by the FORTIFY_SOURCE static overflow detection.", "published": "2014-06-13T00:00:00", "modified": "2014-06-13T00:00:00", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "cvss2": {}, "cvss3": {}, "href": "https://www.tenable.com/plugins/nessus/75303", "reporter": "This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["https://bugzilla.novell.com/show_bug.cgi?id=868426", "https://lists.opensuse.org/opensuse-updates/2014-03/msg00072.html"], "cvelist": ["CVE-2014-2386"], "immutableFields": [], "lastseen": "2021-01-20T12:27:28", "history": [], "viewCount": 1, "enchantments": {"dependencies": {"modified": "2021-01-20T12:27:28", "references": [{"idList": ["SECURITYVULNS:DOC:30828", "SECURITYVULNS:VULN:13836"], "type": "securityvulns"}, {"idList": ["SSV:62102"], "type": "seebug"}, {"idList": ["UB:CVE-2014-2386"], "type": "ubuntucve"}, {"idList": ["CVE-2014-2386"], "type": "cve"}, {"idList": ["DEBIAN_DSA-2956.NASL", "FREEBSD_PKG_4E95EB4EB73711E387CDF0DEF10DCA57.NASL"], "type": "nessus"}, {"idList": ["4E95EB4E-B737-11E3-87CD-F0DEF10DCA57"], "type": "freebsd"}, {"idList": ["OPENVAS:1361412562310702956", "OPENVAS:702956"], "type": "openvas"}, {"idList": ["DEBIAN:DSA-2956-1:6D0D0"], "type": "debian"}], "rev": 2}, "score": {"modified": "2021-01-20T12:27:28", "rev": 2, "value": 6.5, "vector": "NONE"}}, "objectVersion": "1.6", "pluginID": "75303", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2014-237.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(75303);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2014-2386\");\n script_bugtraq_id(66212);\n\n script_name(english:\"openSUSE Security Update : icinga (openSUSE-SU-2014:0420-1)\");\n script_summary(english:\"Check for the openSUSE-2014-237 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The monitoring system icinga received security fixes in the cgi\nhelpers where buffers could be overflowed by 1 byte. Note that this\nwill be caught by the FORTIFY_SOURCE static overflow detection.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=868426\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2014-03/msg00072.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected icinga packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:icinga\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:icinga-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:icinga-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:icinga-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:icinga-idoutils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:icinga-idoutils-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:icinga-idoutils-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:icinga-idoutils-oracle\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:icinga-idoutils-pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:icinga-plugins-downtimes\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:icinga-plugins-eventhandlers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:icinga-www\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:icinga-www-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:monitoring-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:monitoring-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:12.3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:13.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/03/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE12\\.3|SUSE13\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"12.3 / 13.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE12.3\", reference:\"icinga-1.10.2-2.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"icinga-debuginfo-1.10.2-2.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"icinga-debugsource-1.10.2-2.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"icinga-devel-1.10.2-2.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"icinga-idoutils-1.10.2-2.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"icinga-idoutils-debuginfo-1.10.2-2.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"icinga-idoutils-mysql-1.10.2-2.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"icinga-idoutils-oracle-1.10.2-2.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"icinga-idoutils-pgsql-1.10.2-2.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"icinga-plugins-downtimes-1.10.2-2.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"icinga-plugins-eventhandlers-1.10.2-2.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"icinga-www-1.10.2-2.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"icinga-www-debuginfo-1.10.2-2.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"monitoring-tools-1.10.2-2.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"monitoring-tools-debuginfo-1.10.2-2.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"icinga-1.10.2-4.14.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"icinga-debuginfo-1.10.2-4.14.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"icinga-debugsource-1.10.2-4.14.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"icinga-devel-1.10.2-4.14.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"icinga-idoutils-1.10.2-4.14.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"icinga-idoutils-debuginfo-1.10.2-4.14.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"icinga-idoutils-mysql-1.10.2-4.14.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"icinga-idoutils-oracle-1.10.2-4.14.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"icinga-idoutils-pgsql-1.10.2-4.14.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"icinga-plugins-downtimes-1.10.2-4.14.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"icinga-plugins-eventhandlers-1.10.2-4.14.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"icinga-www-1.10.2-4.14.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"icinga-www-debuginfo-1.10.2-4.14.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"monitoring-tools-1.10.2-4.14.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"monitoring-tools-debuginfo-1.10.2-4.14.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"icinga\");\n}\n", "naslFamily": "SuSE Local Security Checks", "cpe": ["p-cpe:/a:novell:opensuse:icinga-idoutils-mysql", "p-cpe:/a:novell:opensuse:monitoring-tools", "cpe:/o:novell:opensuse:12.3", "p-cpe:/a:novell:opensuse:icinga-idoutils-pgsql", "p-cpe:/a:novell:opensuse:icinga-plugins-eventhandlers", "p-cpe:/a:novell:opensuse:monitoring-tools-debuginfo", "p-cpe:/a:novell:opensuse:icinga-idoutils-debuginfo", "p-cpe:/a:novell:opensuse:icinga-debugsource", "p-cpe:/a:novell:opensuse:icinga-idoutils-oracle", "p-cpe:/a:novell:opensuse:icinga-devel", "p-cpe:/a:novell:opensuse:icinga", "p-cpe:/a:novell:opensuse:icinga-debuginfo", "p-cpe:/a:novell:opensuse:icinga-www", "p-cpe:/a:novell:opensuse:icinga-www-debuginfo", "p-cpe:/a:novell:opensuse:icinga-idoutils", "cpe:/o:novell:opensuse:13.1", "p-cpe:/a:novell:opensuse:icinga-plugins-downtimes"], "solution": "", "nessusSeverity": "", "cvssScoreSource": "", "vpr": {}, "exploitAvailable": false, "exploitEase": "", "patchPublicationDate": null, "vulnerabilityPublicationDate": null, "exploitableWith": []}, "lastseen": "2021-01-20T12:27:28", "differentElements": ["cvss2"], "edition": 5}, {"bulletin": {"id": "OPENSUSE-2014-237.NASL", "hash": "e6072b7373d14cc39e5e396e8a3a2736", "type": "nessus", "bulletinFamily": "scanner", "title": "openSUSE Security Update : icinga (openSUSE-SU-2014:0420-1)", "description": "The monitoring system icinga received security fixes in the cgi\nhelpers where buffers could be overflowed by 1 byte. Note that this\nwill be caught by the FORTIFY_SOURCE static overflow detection.", "published": "2014-06-13T00:00:00", "modified": "2014-06-13T00:00:00", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "cvss2": {"cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {}, "href": "https://www.tenable.com/plugins/nessus/75303", "reporter": "This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["https://bugzilla.novell.com/show_bug.cgi?id=868426", "https://lists.opensuse.org/opensuse-updates/2014-03/msg00072.html"], "cvelist": ["CVE-2014-2386"], "immutableFields": [], "lastseen": "2021-07-29T01:46:16", "history": [], "viewCount": 1, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2014-2386"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2014-2386"]}, {"type": "nessus", "idList": ["FREEBSD_PKG_4E95EB4EB73711E387CDF0DEF10DCA57.NASL", "DEBIAN_DSA-2956.NASL"]}, {"type": "seebug", "idList": ["SSV:62102"]}, {"type": "freebsd", "idList": ["4E95EB4E-B737-11E3-87CD-F0DEF10DCA57"]}, {"type": "openvas", "idList": ["OPENVAS:702956", "OPENVAS:1361412562310702956"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:13836", "SECURITYVULNS:DOC:30828"]}, {"type": "debian", "idList": ["DEBIAN:DSA-2956-1:6D0D0"]}], "modified": "2021-07-29T01:46:16", "rev": 2}, "score": {"value": 6.5, "vector": "NONE", "modified": "2021-07-29T01:46:16", "rev": 2}}, "objectVersion": "1.6", "pluginID": "75303", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2014-237.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(75303);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2014-2386\");\n script_bugtraq_id(66212);\n\n script_name(english:\"openSUSE Security Update : icinga (openSUSE-SU-2014:0420-1)\");\n script_summary(english:\"Check for the openSUSE-2014-237 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The monitoring system icinga received security fixes in the cgi\nhelpers where buffers could be overflowed by 1 byte. Note that this\nwill be caught by the FORTIFY_SOURCE static overflow detection.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=868426\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2014-03/msg00072.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected icinga packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:icinga\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:icinga-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:icinga-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:icinga-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:icinga-idoutils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:icinga-idoutils-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:icinga-idoutils-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:icinga-idoutils-oracle\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:icinga-idoutils-pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:icinga-plugins-downtimes\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:icinga-plugins-eventhandlers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:icinga-www\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:icinga-www-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:monitoring-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:monitoring-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:12.3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:13.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/03/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE12\\.3|SUSE13\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"12.3 / 13.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE12.3\", reference:\"icinga-1.10.2-2.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"icinga-debuginfo-1.10.2-2.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"icinga-debugsource-1.10.2-2.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"icinga-devel-1.10.2-2.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"icinga-idoutils-1.10.2-2.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"icinga-idoutils-debuginfo-1.10.2-2.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"icinga-idoutils-mysql-1.10.2-2.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"icinga-idoutils-oracle-1.10.2-2.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"icinga-idoutils-pgsql-1.10.2-2.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"icinga-plugins-downtimes-1.10.2-2.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"icinga-plugins-eventhandlers-1.10.2-2.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"icinga-www-1.10.2-2.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"icinga-www-debuginfo-1.10.2-2.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"monitoring-tools-1.10.2-2.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"monitoring-tools-debuginfo-1.10.2-2.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"icinga-1.10.2-4.14.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"icinga-debuginfo-1.10.2-4.14.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"icinga-debugsource-1.10.2-4.14.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"icinga-devel-1.10.2-4.14.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"icinga-idoutils-1.10.2-4.14.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"icinga-idoutils-debuginfo-1.10.2-4.14.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"icinga-idoutils-mysql-1.10.2-4.14.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"icinga-idoutils-oracle-1.10.2-4.14.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"icinga-idoutils-pgsql-1.10.2-4.14.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"icinga-plugins-downtimes-1.10.2-4.14.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"icinga-plugins-eventhandlers-1.10.2-4.14.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"icinga-www-1.10.2-4.14.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"icinga-www-debuginfo-1.10.2-4.14.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"monitoring-tools-1.10.2-4.14.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"monitoring-tools-debuginfo-1.10.2-4.14.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"icinga\");\n}\n", "naslFamily": "SuSE Local Security Checks", "cpe": ["p-cpe:/a:novell:opensuse:icinga-idoutils-mysql", "p-cpe:/a:novell:opensuse:monitoring-tools", "cpe:/o:novell:opensuse:12.3", "p-cpe:/a:novell:opensuse:icinga-idoutils-pgsql", "p-cpe:/a:novell:opensuse:icinga-plugins-eventhandlers", "p-cpe:/a:novell:opensuse:monitoring-tools-debuginfo", "p-cpe:/a:novell:opensuse:icinga-idoutils-debuginfo", "p-cpe:/a:novell:opensuse:icinga-debugsource", "p-cpe:/a:novell:opensuse:icinga-idoutils-oracle", "p-cpe:/a:novell:opensuse:icinga-devel", "p-cpe:/a:novell:opensuse:icinga", "p-cpe:/a:novell:opensuse:icinga-debuginfo", "p-cpe:/a:novell:opensuse:icinga-www", "p-cpe:/a:novell:opensuse:icinga-www-debuginfo", "p-cpe:/a:novell:opensuse:icinga-idoutils", "cpe:/o:novell:opensuse:13.1", "p-cpe:/a:novell:opensuse:icinga-plugins-downtimes"], "solution": "", "nessusSeverity": "", "cvssScoreSource": "", "vpr": {}, "exploitAvailable": false, "exploitEase": "", "patchPublicationDate": null, "vulnerabilityPublicationDate": null, "exploitableWith": []}, "lastseen": "2021-07-29T01:46:16", "differentElements": ["cvss2", "cvss3", "description", "exploitEase", "modified", "patchPublicationDate", "references", "solution", "vpr"], "edition": 6}, {"bulletin": {"id": "OPENSUSE-2014-237.NASL", "hash": "98120507e3500819067166c34999d920", "type": "nessus", "bulletinFamily": "scanner", "title": "openSUSE Security Update : icinga (openSUSE-SU-2014:0420-1)", "description": "The monitoring system icinga received security fixes in the cgi helpers where buffers could be overflowed by 1 byte. Note that this will be caught by the FORTIFY_SOURCE static overflow detection.", "published": "2014-06-13T00:00:00", "modified": "2021-01-19T00:00:00", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "cvss2": {}, "cvss3": {"score": null, "vector": null}, "href": "https://www.tenable.com/plugins/nessus/75303", "reporter": "This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2386", "https://bugzilla.novell.com/show_bug.cgi?id=868426", "https://lists.opensuse.org/opensuse-updates/2014-03/msg00072.html"], "cvelist": ["CVE-2014-2386"], "immutableFields": [], "lastseen": "2021-08-11T14:14:27", "history": [], "viewCount": 1, "enchantments": {"dependencies": {"references": [{"type": "ubuntucve", "idList": ["UB:CVE-2014-2386"]}, {"type": "cve", "idList": ["CVE-2014-2386"]}, {"type": "seebug", "idList": ["SSV:62102"]}, {"type": "freebsd", "idList": ["4E95EB4E-B737-11E3-87CD-F0DEF10DCA57"]}, {"type": "nessus", "idList": ["DEBIAN_DSA-2956.NASL", "FREEBSD_PKG_4E95EB4EB73711E387CDF0DEF10DCA57.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310702956", "OPENVAS:702956"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:13836", "SECURITYVULNS:DOC:30828"]}, {"type": "debian", "idList": ["DEBIAN:DSA-2956-1:6D0D0"]}], "modified": "2021-08-11T14:14:27", "rev": 2}, "score": {"value": 6.5, "vector": "NONE", "modified": "2021-08-11T14:14:27", "rev": 2}}, "objectVersion": "1.6", "pluginID": "75303", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2014-237.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(75303);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2014-2386\");\n script_bugtraq_id(66212);\n\n script_name(english:\"openSUSE Security Update : icinga (openSUSE-SU-2014:0420-1)\");\n script_summary(english:\"Check for the openSUSE-2014-237 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The monitoring system icinga received security fixes in the cgi\nhelpers where buffers could be overflowed by 1 byte. Note that this\nwill be caught by the FORTIFY_SOURCE static overflow detection.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=868426\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2014-03/msg00072.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected icinga packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:icinga\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:icinga-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:icinga-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:icinga-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:icinga-idoutils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:icinga-idoutils-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:icinga-idoutils-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:icinga-idoutils-oracle\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:icinga-idoutils-pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:icinga-plugins-downtimes\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:icinga-plugins-eventhandlers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:icinga-www\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:icinga-www-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:monitoring-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:monitoring-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:12.3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:13.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/03/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE12\\.3|SUSE13\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"12.3 / 13.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE12.3\", reference:\"icinga-1.10.2-2.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"icinga-debuginfo-1.10.2-2.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"icinga-debugsource-1.10.2-2.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"icinga-devel-1.10.2-2.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"icinga-idoutils-1.10.2-2.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"icinga-idoutils-debuginfo-1.10.2-2.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"icinga-idoutils-mysql-1.10.2-2.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"icinga-idoutils-oracle-1.10.2-2.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"icinga-idoutils-pgsql-1.10.2-2.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"icinga-plugins-downtimes-1.10.2-2.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"icinga-plugins-eventhandlers-1.10.2-2.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"icinga-www-1.10.2-2.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"icinga-www-debuginfo-1.10.2-2.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"monitoring-tools-1.10.2-2.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"monitoring-tools-debuginfo-1.10.2-2.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"icinga-1.10.2-4.14.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"icinga-debuginfo-1.10.2-4.14.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"icinga-debugsource-1.10.2-4.14.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"icinga-devel-1.10.2-4.14.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"icinga-idoutils-1.10.2-4.14.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"icinga-idoutils-debuginfo-1.10.2-4.14.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"icinga-idoutils-mysql-1.10.2-4.14.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"icinga-idoutils-oracle-1.10.2-4.14.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"icinga-idoutils-pgsql-1.10.2-4.14.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"icinga-plugins-downtimes-1.10.2-4.14.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"icinga-plugins-eventhandlers-1.10.2-4.14.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"icinga-www-1.10.2-4.14.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"icinga-www-debuginfo-1.10.2-4.14.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"monitoring-tools-1.10.2-4.14.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"monitoring-tools-debuginfo-1.10.2-4.14.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"icinga\");\n}\n", "naslFamily": "SuSE Local Security Checks", "cpe": ["p-cpe:/a:novell:opensuse:icinga", "p-cpe:/a:novell:opensuse:icinga-debuginfo", "p-cpe:/a:novell:opensuse:icinga-debugsource", "p-cpe:/a:novell:opensuse:icinga-devel", "p-cpe:/a:novell:opensuse:icinga-idoutils", "p-cpe:/a:novell:opensuse:icinga-idoutils-debuginfo", "p-cpe:/a:novell:opensuse:icinga-idoutils-mysql", "p-cpe:/a:novell:opensuse:icinga-idoutils-oracle", "p-cpe:/a:novell:opensuse:icinga-idoutils-pgsql", "p-cpe:/a:novell:opensuse:icinga-plugins-downtimes", "p-cpe:/a:novell:opensuse:icinga-plugins-eventhandlers", "p-cpe:/a:novell:opensuse:icinga-www", "p-cpe:/a:novell:opensuse:icinga-www-debuginfo", "p-cpe:/a:novell:opensuse:monitoring-tools", "p-cpe:/a:novell:opensuse:monitoring-tools-debuginfo", "cpe:/o:novell:opensuse:12.3", "cpe:/o:novell:opensuse:13.1"], "solution": "Update the affected icinga packages.", "nessusSeverity": "", "cvssScoreSource": "", "vpr": {"risk factor": "Low", "score": "3.6"}, "exploitAvailable": false, "exploitEase": "No known exploits are available", "patchPublicationDate": "2014-03-14T00:00:00", "vulnerabilityPublicationDate": null, "exploitableWith": []}, "lastseen": "2021-08-11T14:14:27", "differentElements": ["nessusSeverity"], "edition": 7}], "viewCount": 1, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2014-2386"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2014-2386"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2014-2386"]}, {"type": "seebug", "idList": ["SSV:62102"]}, {"type": "freebsd", "idList": ["4E95EB4E-B737-11E3-87CD-F0DEF10DCA57"]}, {"type": "nessus", "idList": ["FREEBSD_PKG_4E95EB4EB73711E387CDF0DEF10DCA57.NASL", "DEBIAN_DSA-2956.NASL"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:30828", "SECURITYVULNS:VULN:13836"]}, {"type": "openvas", "idList": ["OPENVAS:702956", "OPENVAS:1361412562310702956"]}, {"type": "debian", "idList": ["DEBIAN:DSA-2956-1:6D0D0"]}], "modified": "2021-08-19T12:49:43", "rev": 2}, "score": {"value": 6.5, "vector": "NONE", "modified": "2021-08-19T12:49:43", "rev": 2}}, "objectVersion": "1.6", "pluginID": "75303", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2014-237.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(75303);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2014-2386\");\n script_bugtraq_id(66212);\n\n script_name(english:\"openSUSE Security Update : icinga (openSUSE-SU-2014:0420-1)\");\n script_summary(english:\"Check for the openSUSE-2014-237 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The monitoring system icinga received security fixes in the cgi\nhelpers where buffers could be overflowed by 1 byte. Note that this\nwill be caught by the FORTIFY_SOURCE static overflow detection.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=868426\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2014-03/msg00072.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected icinga packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:icinga\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:icinga-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:icinga-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:icinga-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:icinga-idoutils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:icinga-idoutils-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:icinga-idoutils-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:icinga-idoutils-oracle\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:icinga-idoutils-pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:icinga-plugins-downtimes\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:icinga-plugins-eventhandlers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:icinga-www\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:icinga-www-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:monitoring-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:monitoring-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:12.3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:13.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/03/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE12\\.3|SUSE13\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"12.3 / 13.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE12.3\", reference:\"icinga-1.10.2-2.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"icinga-debuginfo-1.10.2-2.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"icinga-debugsource-1.10.2-2.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"icinga-devel-1.10.2-2.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"icinga-idoutils-1.10.2-2.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"icinga-idoutils-debuginfo-1.10.2-2.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"icinga-idoutils-mysql-1.10.2-2.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"icinga-idoutils-oracle-1.10.2-2.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"icinga-idoutils-pgsql-1.10.2-2.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"icinga-plugins-downtimes-1.10.2-2.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"icinga-plugins-eventhandlers-1.10.2-2.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"icinga-www-1.10.2-2.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"icinga-www-debuginfo-1.10.2-2.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"monitoring-tools-1.10.2-2.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"monitoring-tools-debuginfo-1.10.2-2.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"icinga-1.10.2-4.14.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"icinga-debuginfo-1.10.2-4.14.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"icinga-debugsource-1.10.2-4.14.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"icinga-devel-1.10.2-4.14.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"icinga-idoutils-1.10.2-4.14.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"icinga-idoutils-debuginfo-1.10.2-4.14.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"icinga-idoutils-mysql-1.10.2-4.14.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"icinga-idoutils-oracle-1.10.2-4.14.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"icinga-idoutils-pgsql-1.10.2-4.14.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"icinga-plugins-downtimes-1.10.2-4.14.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"icinga-plugins-eventhandlers-1.10.2-4.14.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"icinga-www-1.10.2-4.14.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"icinga-www-debuginfo-1.10.2-4.14.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"monitoring-tools-1.10.2-4.14.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"monitoring-tools-debuginfo-1.10.2-4.14.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"icinga\");\n}\n", "naslFamily": "SuSE Local Security Checks", "cpe": ["p-cpe:/a:novell:opensuse:icinga", "p-cpe:/a:novell:opensuse:icinga-debuginfo", "p-cpe:/a:novell:opensuse:icinga-debugsource", "p-cpe:/a:novell:opensuse:icinga-devel", "p-cpe:/a:novell:opensuse:icinga-idoutils", "p-cpe:/a:novell:opensuse:icinga-idoutils-debuginfo", "p-cpe:/a:novell:opensuse:icinga-idoutils-mysql", "p-cpe:/a:novell:opensuse:icinga-idoutils-oracle", "p-cpe:/a:novell:opensuse:icinga-idoutils-pgsql", "p-cpe:/a:novell:opensuse:icinga-plugins-downtimes", "p-cpe:/a:novell:opensuse:icinga-plugins-eventhandlers", "p-cpe:/a:novell:opensuse:icinga-www", "p-cpe:/a:novell:opensuse:icinga-www-debuginfo", "p-cpe:/a:novell:opensuse:monitoring-tools", "p-cpe:/a:novell:opensuse:monitoring-tools-debuginfo", "cpe:/o:novell:opensuse:12.3", "cpe:/o:novell:opensuse:13.1"], "solution": "Update the affected icinga packages.", "nessusSeverity": "Medium", "cvssScoreSource": "", "vpr": {"risk factor": "Low", "score": "3.6"}, "exploitAvailable": false, "exploitEase": "No known exploits are available", "patchPublicationDate": "2014-03-14T00:00:00", "vulnerabilityPublicationDate": null, "exploitableWith": [], "_object_type": "robots.models.nessus.NessusBulletin", "_object_types": ["robots.models.base.Bulletin", "robots.models.nessus.NessusBulletin"]}, {"id": "FREEBSD_PKG_4E95EB4EB73711E387CDF0DEF10DCA57.NASL", "hash": "13a39e1e977178237a50d95d268c0910", "type": "nessus", "bulletinFamily": "scanner", "title": "FreeBSD : Icinga -- buffer overflow in classic web interface (4e95eb4e-b737-11e3-87cd-f0def10dca57)", "description": "The Icinga Team reports :\n\nWrong strlen check against MAX_INPUT_BUFFER without taking '\\0' into account [...]", "published": "2014-03-31T00:00:00", "modified": "2021-01-06T00:00:00", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "cvss2": {}, "cvss3": {"score": null, "vector": null}, "href": "https://www.tenable.com/plugins/nessus/73266", "reporter": "This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["http://www.nessus.org/u?0b4ce949", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2386", "https://nvd.nist.gov/vuln/detail/CVE-2014-2386"], "cvelist": ["CVE-2014-2386"], "immutableFields": [], "lastseen": "2021-08-19T12:50:58", "history": [{"bulletin": {"id": "FREEBSD_PKG_4E95EB4EB73711E387CDF0DEF10DCA57.NASL", "hash": "0bd4e77942c91a6f68678aa9d0eaddb909e8a775a55b76dbf2b30b0bb64a61cd", "type": "nessus", "bulletinFamily": "scanner", "title": "FreeBSD : Icinga -- buffer overflow in classic web interface (4e95eb4e-b737-11e3-87cd-f0def10dca57)", "description": "The Icinga Team reports :\n\nWrong strlen check against MAX_INPUT_BUFFER without taking ", "published": "2014-03-31T00:00:00", "modified": "2019-11-02T00:00:00", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "cvss2": {}, "cvss3": {}, "href": "https://www.tenable.com/plugins/nessus/73266", "reporter": "This script is Copyright (C) 2014-2018 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["http://www.nessus.org/u?0b4ce949", "https://nvd.nist.gov/vuln/detail/CVE-2014-2386"], "cvelist": ["CVE-2014-2386"], "immutableFields": [], "lastseen": "2019-11-01T02:37:44", "history": [], "viewCount": 0, "enchantments": {"dependencies": {"modified": "2019-11-01T02:37:44", "references": [{"idList": ["SECURITYVULNS:DOC:30828", "SECURITYVULNS:VULN:13836"], "type": "securityvulns"}, {"idList": ["SSV:62102"], "type": "seebug"}, {"idList": ["CVE-2014-2386"], "type": "cve"}, {"idList": ["4E95EB4E-B737-11E3-87CD-F0DEF10DCA57"], "type": "freebsd"}, {"idList": ["OPENVAS:1361412562310702956", "OPENVAS:702956"], "type": "openvas"}, {"idList": ["DEBIAN:DSA-2956-1:6D0D0"], "type": "debian"}, {"idList": ["OPENSUSE-2014-237.NASL", "DEBIAN_DSA-2956.NASL"], "type": "nessus"}]}, "score": {"modified": "2019-11-01T02:37:44", "value": 7.2, "vector": "NONE"}}, "objectVersion": "1.6", "pluginID": "73266", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(73266);\n script_version(\"1.5\");\n script_cvs_date(\"Date: 2018/12/19 13:21:18\");\n\n script_cve_id(\"CVE-2014-2386\");\n\n script_name(english:\"FreeBSD : Icinga -- buffer overflow in classic web interface (4e95eb4e-b737-11e3-87cd-f0def10dca57)\");\n script_summary(english:\"Checks for updated package in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote FreeBSD host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The Icinga Team reports :\n\nWrong strlen check against MAX_INPUT_BUFFER without taking '\\0' into\naccount [...]\"\n );\n # http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2386\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://nvd.nist.gov/vuln/detail/CVE-2014-2386\"\n );\n # https://vuxml.freebsd.org/freebsd/4e95eb4e-b737-11e3-87cd-f0def10dca57.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?0b4ce949\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:icinga\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/02/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/03/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/03/31\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"icinga<1.11.1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "naslFamily": "FreeBSD Local Security Checks", "cpe": ["cpe:/o:freebsd:freebsd", "p-cpe:/a:freebsd:freebsd:icinga"], "solution": "", "nessusSeverity": "", "cvssScoreSource": "", "vpr": {}, "exploitAvailable": false, "exploitEase": "", "patchPublicationDate": null, "vulnerabilityPublicationDate": null, "exploitableWith": []}, "lastseen": "2019-11-01T02:37:44", "differentElements": ["modified"], "edition": 1}, {"bulletin": {"id": "FREEBSD_PKG_4E95EB4EB73711E387CDF0DEF10DCA57.NASL", "hash": "300848a81b08b49e16d4fde756efae136610378153f5ea84ca01a9e1751b7a6d", "type": "nessus", "bulletinFamily": "scanner", "title": "FreeBSD : Icinga -- buffer overflow in classic web interface (4e95eb4e-b737-11e3-87cd-f0def10dca57)", "description": "The Icinga Team reports :\n\nWrong strlen check against MAX_INPUT_BUFFER without taking ", "published": "2014-03-31T00:00:00", "modified": "2020-09-02T00:00:00", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "cvss2": {}, "cvss3": {}, "href": "https://www.tenable.com/plugins/nessus/73266", "reporter": "This script is Copyright (C) 2014-2018 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["http://www.nessus.org/u?0b4ce949", "https://nvd.nist.gov/vuln/detail/CVE-2014-2386"], "cvelist": ["CVE-2014-2386"], "immutableFields": [], "lastseen": "2020-09-04T02:18:07", "history": [], "viewCount": 1, "enchantments": {"dependencies": {"modified": "2020-09-04T02:18:07", "references": [{"idList": ["SECURITYVULNS:DOC:30828", "SECURITYVULNS:VULN:13836"], "type": "securityvulns"}, {"idList": ["SSV:62102"], "type": "seebug"}, {"idList": ["CVE-2014-2386"], "type": "cve"}, {"idList": ["4E95EB4E-B737-11E3-87CD-F0DEF10DCA57"], "type": "freebsd"}, {"idList": ["OPENVAS:1361412562310702956", "OPENVAS:702956"], "type": "openvas"}, {"idList": ["DEBIAN:DSA-2956-1:6D0D0"], "type": "debian"}, {"idList": ["OPENSUSE-2014-237.NASL", "DEBIAN_DSA-2956.NASL"], "type": "nessus"}], "rev": 2}, "score": {"modified": "2020-09-04T02:18:07", "rev": 2, "value": 7.2, "vector": "NONE"}}, "objectVersion": "1.6", "pluginID": "73266", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(73266);\n script_version(\"1.5\");\n script_cvs_date(\"Date: 2018/12/19 13:21:18\");\n\n script_cve_id(\"CVE-2014-2386\");\n\n script_name(english:\"FreeBSD : Icinga -- buffer overflow in classic web interface (4e95eb4e-b737-11e3-87cd-f0def10dca57)\");\n script_summary(english:\"Checks for updated package in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote FreeBSD host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The Icinga Team reports :\n\nWrong strlen check against MAX_INPUT_BUFFER without taking '\\0' into\naccount [...]\"\n );\n # http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2386\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://nvd.nist.gov/vuln/detail/CVE-2014-2386\"\n );\n # https://vuxml.freebsd.org/freebsd/4e95eb4e-b737-11e3-87cd-f0def10dca57.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?0b4ce949\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:icinga\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/02/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/03/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/03/31\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"icinga<1.11.1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "naslFamily": "FreeBSD Local Security Checks", "cpe": ["cpe:/o:freebsd:freebsd", "p-cpe:/a:freebsd:freebsd:icinga"], "solution": "", "nessusSeverity": "", "cvssScoreSource": "", "vpr": {}, "exploitAvailable": false, "exploitEase": "", "patchPublicationDate": null, "vulnerabilityPublicationDate": null, "exploitableWith": []}, "lastseen": "2020-09-04T02:18:07", "differentElements": ["description"], "edition": 2}, {"bulletin": {"id": "FREEBSD_PKG_4E95EB4EB73711E387CDF0DEF10DCA57.NASL", "hash": "700ec118a8d473503252079110b30b6359969ac69cd27feca750c16d80baf8f7", "type": "nessus", "bulletinFamily": "scanner", "title": "FreeBSD : Icinga -- buffer overflow in classic web interface (4e95eb4e-b737-11e3-87cd-f0def10dca57)", "description": "The Icinga Team reports :\n\nWrong strlen check against MAX_INPUT_BUFFER without taking '\\0' into\naccount [...]", "published": "2014-03-31T00:00:00", "modified": "2020-09-02T00:00:00", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "cvss2": {}, "cvss3": {}, "href": "https://www.tenable.com/plugins/nessus/73266", "reporter": "This script is Copyright (C) 2014-2018 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["http://www.nessus.org/u?0b4ce949", "https://nvd.nist.gov/vuln/detail/CVE-2014-2386"], "cvelist": ["CVE-2014-2386"], "immutableFields": [], "lastseen": "2020-09-14T14:45:22", "history": [], "viewCount": 1, "enchantments": {"dependencies": {"modified": "2020-09-14T14:45:22", "references": [{"idList": ["SECURITYVULNS:DOC:30828", "SECURITYVULNS:VULN:13836"], "type": "securityvulns"}, {"idList": ["SSV:62102"], "type": "seebug"}, {"idList": ["CVE-2014-2386"], "type": "cve"}, {"idList": ["4E95EB4E-B737-11E3-87CD-F0DEF10DCA57"], "type": "freebsd"}, {"idList": ["OPENVAS:1361412562310702956", "OPENVAS:702956"], "type": "openvas"}, {"idList": ["DEBIAN:DSA-2956-1:6D0D0"], "type": "debian"}, {"idList": ["OPENSUSE-2014-237.NASL", "DEBIAN_DSA-2956.NASL"], "type": "nessus"}], "rev": 2}, "score": {"modified": "2020-09-14T14:45:22", "rev": 2, "value": 7.0, "vector": "NONE"}}, "objectVersion": "1.6", "pluginID": "73266", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(73266);\n script_version(\"1.5\");\n script_cvs_date(\"Date: 2018/12/19 13:21:18\");\n\n script_cve_id(\"CVE-2014-2386\");\n\n script_name(english:\"FreeBSD : Icinga -- buffer overflow in classic web interface (4e95eb4e-b737-11e3-87cd-f0def10dca57)\");\n script_summary(english:\"Checks for updated package in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote FreeBSD host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The Icinga Team reports :\n\nWrong strlen check against MAX_INPUT_BUFFER without taking '\\0' into\naccount [...]\"\n );\n # http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2386\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://nvd.nist.gov/vuln/detail/CVE-2014-2386\"\n );\n # https://vuxml.freebsd.org/freebsd/4e95eb4e-b737-11e3-87cd-f0def10dca57.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?0b4ce949\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:icinga\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/02/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/03/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/03/31\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"icinga<1.11.1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "naslFamily": "FreeBSD Local Security Checks", "cpe": ["cpe:/o:freebsd:freebsd", "p-cpe:/a:freebsd:freebsd:icinga"], "solution": "", "nessusSeverity": "", "cvssScoreSource": "", "vpr": {}, "exploitAvailable": false, "exploitEase": "", "patchPublicationDate": null, "vulnerabilityPublicationDate": null, "exploitableWith": []}, "lastseen": "2020-09-14T14:45:22", "differentElements": ["modified", "reporter", "sourceData"], "edition": 3}, {"bulletin": {"id": "FREEBSD_PKG_4E95EB4EB73711E387CDF0DEF10DCA57.NASL", "hash": "2c115d600afe58774453ab256b6cb56871d7094f6e2a4d448725b511459a13c2", "type": "nessus", "bulletinFamily": "scanner", "title": "FreeBSD : Icinga -- buffer overflow in classic web interface (4e95eb4e-b737-11e3-87cd-f0def10dca57)", "description": "The Icinga Team reports :\n\nWrong strlen check against MAX_INPUT_BUFFER without taking '\\0' into\naccount [...]", "published": "2014-03-31T00:00:00", "modified": "2014-03-31T00:00:00", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "cvss2": {}, "cvss3": {}, "href": "https://www.tenable.com/plugins/nessus/73266", "reporter": "This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["http://www.nessus.org/u?0b4ce949", "https://nvd.nist.gov/vuln/detail/CVE-2014-2386"], "cvelist": ["CVE-2014-2386"], "immutableFields": [], "lastseen": "2020-09-24T07:06:19", "history": [], "viewCount": 1, "enchantments": {"dependencies": {"modified": "2020-09-24T07:06:19", "references": [{"idList": ["SECURITYVULNS:DOC:30828", "SECURITYVULNS:VULN:13836"], "type": "securityvulns"}, {"idList": ["SSV:62102"], "type": "seebug"}, {"idList": ["CVE-2014-2386"], "type": "cve"}, {"idList": ["4E95EB4E-B737-11E3-87CD-F0DEF10DCA57"], "type": "freebsd"}, {"idList": ["OPENVAS:1361412562310702956", "OPENVAS:702956"], "type": "openvas"}, {"idList": ["DEBIAN:DSA-2956-1:6D0D0"], "type": "debian"}, {"idList": ["OPENSUSE-2014-237.NASL", "DEBIAN_DSA-2956.NASL"], "type": "nessus"}], "rev": 2}, "score": {"modified": "2020-09-24T07:06:19", "rev": 2, "value": 7.0, "vector": "NONE"}}, "objectVersion": "1.6", "pluginID": "73266", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(73266);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/09/23\");\n\n script_cve_id(\"CVE-2014-2386\");\n\n script_name(english:\"FreeBSD : Icinga -- buffer overflow in classic web interface (4e95eb4e-b737-11e3-87cd-f0def10dca57)\");\n script_summary(english:\"Checks for updated package in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote FreeBSD host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The Icinga Team reports :\n\nWrong strlen check against MAX_INPUT_BUFFER without taking '\\0' into\naccount [...]\"\n );\n # http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2386\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://nvd.nist.gov/vuln/detail/CVE-2014-2386\"\n );\n # https://vuxml.freebsd.org/freebsd/4e95eb4e-b737-11e3-87cd-f0def10dca57.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?0b4ce949\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:icinga\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/02/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/03/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/03/31\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"icinga<1.11.1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "naslFamily": "FreeBSD Local Security Checks", "cpe": ["cpe:/o:freebsd:freebsd", "p-cpe:/a:freebsd:freebsd:icinga"], "solution": "", "nessusSeverity": "", "cvssScoreSource": "", "vpr": {}, "exploitAvailable": false, "exploitEase": "", "patchPublicationDate": null, "vulnerabilityPublicationDate": null, "exploitableWith": []}, "lastseen": "2020-09-24T07:06:19", "differentElements": ["reporter", "sourceData"], "edition": 4}, {"bulletin": {"id": "FREEBSD_PKG_4E95EB4EB73711E387CDF0DEF10DCA57.NASL", "hash": "f4c4a90bcd7a4bd98cf91fcccab16bad24e86292570e8d06dda60ca83674b8c9", "type": "nessus", "bulletinFamily": "scanner", "title": "FreeBSD : Icinga -- buffer overflow in classic web interface (4e95eb4e-b737-11e3-87cd-f0def10dca57)", "description": "The Icinga Team reports :\n\nWrong strlen check against MAX_INPUT_BUFFER without taking '\\0' into\naccount [...]", "published": "2014-03-31T00:00:00", "modified": "2014-03-31T00:00:00", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "cvss2": {}, "cvss3": {}, "href": "https://www.tenable.com/plugins/nessus/73266", "reporter": "This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["http://www.nessus.org/u?0b4ce949", "https://nvd.nist.gov/vuln/detail/CVE-2014-2386"], "cvelist": ["CVE-2014-2386"], "immutableFields": [], "lastseen": "2021-01-07T10:43:21", "history": [], "viewCount": 2, "enchantments": {"dependencies": {"modified": "2021-01-07T10:43:21", "references": [{"idList": ["SECURITYVULNS:DOC:30828", "SECURITYVULNS:VULN:13836"], "type": "securityvulns"}, {"idList": ["SSV:62102"], "type": "seebug"}, {"idList": ["UB:CVE-2014-2386"], "type": "ubuntucve"}, {"idList": ["CVE-2014-2386"], "type": "cve"}, {"idList": ["4E95EB4E-B737-11E3-87CD-F0DEF10DCA57"], "type": "freebsd"}, {"idList": ["OPENVAS:1361412562310702956", "OPENVAS:702956"], "type": "openvas"}, {"idList": ["DEBIAN:DSA-2956-1:6D0D0"], "type": "debian"}, {"idList": ["OPENSUSE-2014-237.NASL", "DEBIAN_DSA-2956.NASL"], "type": "nessus"}], "rev": 2}, "score": {"modified": "2021-01-07T10:43:21", "rev": 2, "value": 7.0, "vector": "NONE"}}, "objectVersion": "1.6", "pluginID": "73266", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(73266);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2014-2386\");\n\n script_name(english:\"FreeBSD : Icinga -- buffer overflow in classic web interface (4e95eb4e-b737-11e3-87cd-f0def10dca57)\");\n script_summary(english:\"Checks for updated package in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote FreeBSD host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The Icinga Team reports :\n\nWrong strlen check against MAX_INPUT_BUFFER without taking '\\0' into\naccount [...]\"\n );\n # http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2386\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://nvd.nist.gov/vuln/detail/CVE-2014-2386\"\n );\n # https://vuxml.freebsd.org/freebsd/4e95eb4e-b737-11e3-87cd-f0def10dca57.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?0b4ce949\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:icinga\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/02/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/03/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/03/31\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"icinga<1.11.1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "naslFamily": "FreeBSD Local Security Checks", "cpe": ["cpe:/o:freebsd:freebsd", "p-cpe:/a:freebsd:freebsd:icinga"], "solution": "", "nessusSeverity": "", "cvssScoreSource": "", "vpr": {}, "exploitAvailable": false, "exploitEase": "", "patchPublicationDate": null, "vulnerabilityPublicationDate": null, "exploitableWith": []}, "lastseen": "2021-01-07T10:43:21", "differentElements": ["cvss2"], "edition": 5}, {"bulletin": {"id": "FREEBSD_PKG_4E95EB4EB73711E387CDF0DEF10DCA57.NASL", "hash": "8071b6274b030f251e5138e276b3ec31", "type": "nessus", "bulletinFamily": "scanner", "title": "FreeBSD : Icinga -- buffer overflow in classic web interface (4e95eb4e-b737-11e3-87cd-f0def10dca57)", "description": "The Icinga Team reports :\n\nWrong strlen check against MAX_INPUT_BUFFER without taking '\\0' into\naccount [...]", "published": "2014-03-31T00:00:00", "modified": "2014-03-31T00:00:00", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "cvss2": {"cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {}, "href": "https://www.tenable.com/plugins/nessus/73266", "reporter": "This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["http://www.nessus.org/u?0b4ce949", "https://nvd.nist.gov/vuln/detail/CVE-2014-2386"], "cvelist": ["CVE-2014-2386"], "immutableFields": [], "lastseen": "2021-07-29T00:08:45", "history": [], "viewCount": 2, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2014-2386"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2014-2386"]}, {"type": "seebug", "idList": ["SSV:62102"]}, {"type": "freebsd", "idList": ["4E95EB4E-B737-11E3-87CD-F0DEF10DCA57"]}, {"type": "nessus", "idList": ["OPENSUSE-2014-237.NASL", "DEBIAN_DSA-2956.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:702956", "OPENVAS:1361412562310702956"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:30828", "SECURITYVULNS:VULN:13836"]}, {"type": "debian", "idList": ["DEBIAN:DSA-2956-1:6D0D0"]}], "modified": "2021-07-29T00:08:45", "rev": 2}, "score": {"value": 7.0, "vector": "NONE", "modified": "2021-07-29T00:08:45", "rev": 2}}, "objectVersion": "1.6", "pluginID": "73266", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(73266);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2014-2386\");\n\n script_name(english:\"FreeBSD : Icinga -- buffer overflow in classic web interface (4e95eb4e-b737-11e3-87cd-f0def10dca57)\");\n script_summary(english:\"Checks for updated package in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote FreeBSD host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The Icinga Team reports :\n\nWrong strlen check against MAX_INPUT_BUFFER without taking '\\0' into\naccount [...]\"\n );\n # http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2386\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://nvd.nist.gov/vuln/detail/CVE-2014-2386\"\n );\n # https://vuxml.freebsd.org/freebsd/4e95eb4e-b737-11e3-87cd-f0def10dca57.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?0b4ce949\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:icinga\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/02/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/03/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/03/31\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"icinga<1.11.1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "naslFamily": "FreeBSD Local Security Checks", "cpe": ["cpe:/o:freebsd:freebsd", "p-cpe:/a:freebsd:freebsd:icinga"], "solution": "", "nessusSeverity": "", "cvssScoreSource": "", "vpr": {}, "exploitAvailable": false, "exploitEase": "", "patchPublicationDate": null, "vulnerabilityPublicationDate": null, "exploitableWith": []}, "lastseen": "2021-07-29T00:08:45", "differentElements": ["cvss2", "cvss3", "description", "modified", "patchPublicationDate", "references", "solution", "vpr", "vulnerabilityPublicationDate"], "edition": 6}, {"bulletin": {"id": "FREEBSD_PKG_4E95EB4EB73711E387CDF0DEF10DCA57.NASL", "hash": "9ae6c69d981254af919dc2cd07abccbb", "type": "nessus", "bulletinFamily": "scanner", "title": "FreeBSD : Icinga -- buffer overflow in classic web interface (4e95eb4e-b737-11e3-87cd-f0def10dca57)", "description": "The Icinga Team reports :\n\nWrong strlen check against MAX_INPUT_BUFFER without taking '\\0' into account [...]", "published": "2014-03-31T00:00:00", "modified": "2021-01-06T00:00:00", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "cvss2": {}, "cvss3": {"score": null, "vector": null}, "href": "https://www.tenable.com/plugins/nessus/73266", "reporter": "This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2386", "https://nvd.nist.gov/vuln/detail/CVE-2014-2386", "http://www.nessus.org/u?0b4ce949"], "cvelist": ["CVE-2014-2386"], "immutableFields": [], "lastseen": "2021-08-11T14:16:06", "history": [], "viewCount": 2, "enchantments": {"dependencies": {"references": [{"type": "ubuntucve", "idList": ["UB:CVE-2014-2386"]}, {"type": "cve", "idList": ["CVE-2014-2386"]}, {"type": "freebsd", "idList": ["4E95EB4E-B737-11E3-87CD-F0DEF10DCA57"]}, {"type": "seebug", "idList": ["SSV:62102"]}, {"type": "nessus", "idList": ["OPENSUSE-2014-237.NASL", "DEBIAN_DSA-2956.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310702956", "OPENVAS:702956"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:13836", "SECURITYVULNS:DOC:30828"]}, {"type": "debian", "idList": ["DEBIAN:DSA-2956-1:6D0D0"]}], "modified": "2021-08-11T14:16:06", "rev": 2}, "score": {"value": 7.0, "vector": "NONE", "modified": "2021-08-11T14:16:06", "rev": 2}}, "objectVersion": "1.6", "pluginID": "73266", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(73266);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2014-2386\");\n\n script_name(english:\"FreeBSD : Icinga -- buffer overflow in classic web interface (4e95eb4e-b737-11e3-87cd-f0def10dca57)\");\n script_summary(english:\"Checks for updated package in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote FreeBSD host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The Icinga Team reports :\n\nWrong strlen check against MAX_INPUT_BUFFER without taking '\\0' into\naccount [...]\"\n );\n # http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2386\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://nvd.nist.gov/vuln/detail/CVE-2014-2386\"\n );\n # https://vuxml.freebsd.org/freebsd/4e95eb4e-b737-11e3-87cd-f0def10dca57.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?0b4ce949\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:icinga\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/02/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/03/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/03/31\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"icinga<1.11.1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "naslFamily": "FreeBSD Local Security Checks", "cpe": ["p-cpe:/a:freebsd:freebsd:icinga", "cpe:/o:freebsd:freebsd"], "solution": "Update the affected package.", "nessusSeverity": "", "cvssScoreSource": "", "vpr": {"risk factor": "Low", "score": "3.6"}, "exploitAvailable": false, "exploitEase": "", "patchPublicationDate": "2014-03-29T00:00:00", "vulnerabilityPublicationDate": "2014-02-18T00:00:00", "exploitableWith": []}, "lastseen": "2021-08-11T14:16:06", "differentElements": ["nessusSeverity"], "edition": 7}], "viewCount": 2, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2014-2386"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2014-2386"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2014-2386"]}, {"type": "seebug", "idList": ["SSV:62102"]}, {"type": "nessus", "idList": ["OPENSUSE-2014-237.NASL", "DEBIAN_DSA-2956.NASL"]}, {"type": "freebsd", "idList": ["4E95EB4E-B737-11E3-87CD-F0DEF10DCA57"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:30828", "SECURITYVULNS:VULN:13836"]}, {"type": "openvas", "idList": ["OPENVAS:702956", "OPENVAS:1361412562310702956"]}, {"type": "debian", "idList": ["DEBIAN:DSA-2956-1:6D0D0"]}], "modified": "2021-08-19T12:50:58", "rev": 2}, "score": {"value": 7.0, "vector": "NONE", "modified": "2021-08-19T12:50:58", "rev": 2}}, "objectVersion": "1.6", "pluginID": "73266", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(73266);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2014-2386\");\n\n script_name(english:\"FreeBSD : Icinga -- buffer overflow in classic web interface (4e95eb4e-b737-11e3-87cd-f0def10dca57)\");\n script_summary(english:\"Checks for updated package in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote FreeBSD host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The Icinga Team reports :\n\nWrong strlen check against MAX_INPUT_BUFFER without taking '\\0' into\naccount [...]\"\n );\n # http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2386\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://nvd.nist.gov/vuln/detail/CVE-2014-2386\"\n );\n # https://vuxml.freebsd.org/freebsd/4e95eb4e-b737-11e3-87cd-f0def10dca57.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?0b4ce949\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:icinga\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/02/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/03/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/03/31\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"icinga<1.11.1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "naslFamily": "FreeBSD Local Security Checks", "cpe": ["p-cpe:/a:freebsd:freebsd:icinga", "cpe:/o:freebsd:freebsd"], "solution": "Update the affected package.", "nessusSeverity": "Medium", "cvssScoreSource": "", "vpr": {"risk factor": "Low", "score": "3.6"}, "exploitAvailable": false, "exploitEase": "", "patchPublicationDate": "2014-03-29T00:00:00", "vulnerabilityPublicationDate": "2014-02-18T00:00:00", "exploitableWith": [], "_object_type": "robots.models.nessus.NessusBulletin", "_object_types": ["robots.models.base.Bulletin", "robots.models.nessus.NessusBulletin"]}, {"id": "DEBIAN_DSA-2956.NASL", "hash": "fa320579f6b3069fd482d65564d70435", "type": "nessus", "bulletinFamily": "scanner", "title": "Debian DSA-2956-1 : icinga - security update", "description": "Multiple security issues have been found in the Icinga host and network monitoring system (buffer overflows, cross-site request forgery, off-by ones) which could result in the execution of arbitrary code, denial of service or session hijacking.", "published": "2014-06-12T00:00:00", "modified": "2021-01-11T00:00:00", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cvss2": {}, "cvss3": {"score": null, "vector": null}, "href": "https://www.tenable.com/plugins/nessus/74477", "reporter": "This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7108", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7106", "https://www.debian.org/security/2014/dsa-2956", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2386", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1878", "https://packages.debian.org/source/wheezy/icinga", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7107"], "cvelist": ["CVE-2013-7106", "CVE-2013-7107", "CVE-2013-7108", "CVE-2014-1878", "CVE-2014-2386"], "immutableFields": [], "lastseen": "2021-08-19T12:49:26", "history": [{"bulletin": {"id": "DEBIAN_DSA-2956.NASL", "hash": "5b1521cb587d448cb7b1dcedb81da20c5729ee80c66ac0c2d7f95312ce7c733f", "type": "nessus", "bulletinFamily": "scanner", "title": "Debian DSA-2956-1 : icinga - security update", "description": "Multiple security issues have been found in the Icinga host and network monitoring system (buffer overflows, cross-site request forgery, off-by ones) which could result in the execution of arbitrary code, denial of service or session hijacking.", "published": "2014-06-12T00:00:00", "modified": "2016-10-10T00:00:00", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "cvss2": {}, "cvss3": {}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=74477", "reporter": "Tenable", "references": ["http://www.debian.org/security/2014/dsa-2956", "https://packages.debian.org/source/wheezy/icinga"], "cvelist": ["CVE-2013-7106", "CVE-2013-7107", "CVE-2014-1878", "CVE-2014-2386", "CVE-2013-7108"], "immutableFields": [], "lastseen": "2016-10-10T21:24:03", "history": [], "viewCount": 0, "enchantments": {}, "objectVersion": "1.6", "pluginID": "74477", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-2956. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(74477);\n script_version(\"$Revision: 1.3 $\");\n script_cvs_date(\"$Date: 2016/10/10 14:05:03 $\");\n\n script_cve_id(\"CVE-2013-7106\", \"CVE-2013-7107\", \"CVE-2013-7108\", \"CVE-2014-1878\", \"CVE-2014-2386\");\n script_bugtraq_id(64363, 64370, 64374, 65605, 66212);\n script_osvdb_id(101032, 101319, 101320, 101321, 101322, 101323, 101324, 101325, 101336, 101337, 101338, 103453);\n script_xref(name:\"DSA\", value:\"2956\");\n\n script_name(english:\"Debian DSA-2956-1 : icinga - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple security issues have been found in the Icinga host and\nnetwork monitoring system (buffer overflows, cross-site request\nforgery, off-by ones) which could result in the execution of arbitrary\ncode, denial of service or session hijacking.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/wheezy/icinga\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.debian.org/security/2014/dsa-2956\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the icinga packages.\n\nFor the stable distribution (wheezy), these problems have been fixed\nin version 1.7.1-7.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:ND\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:icinga\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:7.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/06/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2016 Tenable Network Security, Inc.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"7.0\", prefix:\"icinga\", reference:\"1.7.1-7\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"icinga-cgi\", reference:\"1.7.1-7\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"icinga-common\", reference:\"1.7.1-7\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"icinga-core\", reference:\"1.7.1-7\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"icinga-dbg\", reference:\"1.7.1-7\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"icinga-doc\", reference:\"1.7.1-7\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"icinga-idoutils\", reference:\"1.7.1-7\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "naslFamily": "Debian Local Security Checks", "cpe": [], "solution": "", "nessusSeverity": "", "cvssScoreSource": "", "vpr": {}, "exploitAvailable": false, "exploitEase": "", "patchPublicationDate": null, "vulnerabilityPublicationDate": null, "exploitableWith": []}, "lastseen": "2016-10-10T21:24:03", "differentElements": ["cpe"], "edition": 1}, {"bulletin": {"id": "DEBIAN_DSA-2956.NASL", "hash": "e76c6cad81e137805c13694b83c707956908dc5eb64826995c43fd0fab1ea936", "type": "nessus", "bulletinFamily": "scanner", "title": "Debian DSA-2956-1 : icinga - security update", "description": "Multiple security issues have been found in the Icinga host and network monitoring system (buffer overflows, cross-site request forgery, off-by ones) which could result in the execution of arbitrary code, denial of service or session hijacking.", "published": "2014-06-12T00:00:00", "modified": "2016-10-10T00:00:00", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "cvss2": {}, "cvss3": {}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=74477", "reporter": "Tenable", "references": ["http://www.debian.org/security/2014/dsa-2956", "https://packages.debian.org/source/wheezy/icinga"], "cvelist": ["CVE-2013-7106", "CVE-2013-7107", "CVE-2014-1878", "CVE-2014-2386", "CVE-2013-7108"], "immutableFields": [], "lastseen": "2017-10-29T13:36:02", "history": [], "viewCount": 0, "enchantments": {"score": {"value": 7.5, "vector": "NONE"}}, "objectVersion": "1.6", "pluginID": "74477", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-2956. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(74477);\n script_version(\"$Revision: 1.3 $\");\n script_cvs_date(\"$Date: 2016/10/10 14:05:03 $\");\n\n script_cve_id(\"CVE-2013-7106\", \"CVE-2013-7107\", \"CVE-2013-7108\", \"CVE-2014-1878\", \"CVE-2014-2386\");\n script_bugtraq_id(64363, 64370, 64374, 65605, 66212);\n script_osvdb_id(101032, 101319, 101320, 101321, 101322, 101323, 101324, 101325, 101336, 101337, 101338, 103453);\n script_xref(name:\"DSA\", value:\"2956\");\n\n script_name(english:\"Debian DSA-2956-1 : icinga - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple security issues have been found in the Icinga host and\nnetwork monitoring system (buffer overflows, cross-site request\nforgery, off-by ones) which could result in the execution of arbitrary\ncode, denial of service or session hijacking.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/wheezy/icinga\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.debian.org/security/2014/dsa-2956\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the icinga packages.\n\nFor the stable distribution (wheezy), these problems have been fixed\nin version 1.7.1-7.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:ND\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:icinga\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:7.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/06/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2016 Tenable Network Security, Inc.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"7.0\", prefix:\"icinga\", reference:\"1.7.1-7\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"icinga-cgi\", reference:\"1.7.1-7\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"icinga-common\", reference:\"1.7.1-7\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"icinga-core\", reference:\"1.7.1-7\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"icinga-dbg\", reference:\"1.7.1-7\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"icinga-doc\", reference:\"1.7.1-7\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"icinga-idoutils\", reference:\"1.7.1-7\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "naslFamily": "Debian Local Security Checks", "cpe": ["cpe:/o:debian:debian_linux:7.0", "p-cpe:/a:debian:debian_linux:icinga"], "solution": "", "nessusSeverity": "", "cvssScoreSource": "", "vpr": {}, "exploitAvailable": false, "exploitEase": "", "patchPublicationDate": null, "vulnerabilityPublicationDate": null, "exploitableWith": []}, "lastseen": "2017-10-29T13:36:02", "differentElements": ["cvss", "modified", "sourceData"], "edition": 2}, {"bulletin": {"id": "DEBIAN_DSA-2956.NASL", "hash": "c687474494ca7d8f360995b3d85804fe81731882383d3ddeba68e890afdd79bc", "type": "nessus", "bulletinFamily": "scanner", "title": "Debian DSA-2956-1 : icinga - security update", "description": "Multiple security issues have been found in the Icinga host and network monitoring system (buffer overflows, cross-site request forgery, off-by ones) which could result in the execution of arbitrary code, denial of service or session hijacking.", "published": "2014-06-12T00:00:00", "modified": "2018-07-09T00:00:00", "cvss": {"score": 0.0, "vector": "NONE"}, "cvss2": {}, "cvss3": {}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=74477", "reporter": "Tenable", "references": ["http://www.debian.org/security/2014/dsa-2956", "https://packages.debian.org/source/wheezy/icinga"], "cvelist": ["CVE-2013-7106", "CVE-2013-7107", "CVE-2014-1878", "CVE-2014-2386", "CVE-2013-7108"], "immutableFields": [], "lastseen": "2018-08-30T19:35:33", "history": [], "viewCount": 1, "enchantments": {"score": {"value": 7.5, "vector": "NONE"}}, "objectVersion": "1.6", "pluginID": "74477", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-2956. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(74477);\n script_version(\"1.4\");\n script_cvs_date(\"Date: 2018/07/09 14:30:25\");\n\n script_cve_id(\"CVE-2013-7106\", \"CVE-2013-7107\", \"CVE-2013-7108\", \"CVE-2014-1878\", \"CVE-2014-2386\");\n script_bugtraq_id(64363, 64370, 64374, 65605, 66212);\n script_xref(name:\"DSA\", value:\"2956\");\n\n script_name(english:\"Debian DSA-2956-1 : icinga - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple security issues have been found in the Icinga host and\nnetwork monitoring system (buffer overflows, cross-site request\nforgery, off-by ones) which could result in the execution of arbitrary\ncode, denial of service or session hijacking.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/wheezy/icinga\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.debian.org/security/2014/dsa-2956\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the icinga packages.\n\nFor the stable distribution (wheezy), these problems have been fixed\nin version 1.7.1-7.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:icinga\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:7.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/06/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"7.0\", prefix:\"icinga\", reference:\"1.7.1-7\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"icinga-cgi\", reference:\"1.7.1-7\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"icinga-common\", reference:\"1.7.1-7\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"icinga-core\", reference:\"1.7.1-7\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"icinga-dbg\", reference:\"1.7.1-7\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"icinga-doc\", reference:\"1.7.1-7\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"icinga-idoutils\", reference:\"1.7.1-7\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "naslFamily": "Debian Local Security Checks", "cpe": ["cpe:/o:debian:debian_linux:7.0", "p-cpe:/a:debian:debian_linux:icinga"], "solution": "", "nessusSeverity": "", "cvssScoreSource": "", "vpr": {}, "exploitAvailable": false, "exploitEase": "", "patchPublicationDate": null, "vulnerabilityPublicationDate": null, "exploitableWith": []}, "lastseen": "2018-08-30T19:35:33", "differentElements": ["cvss", "description", "href", "modified", "references", "reporter", "sourceData"], "edition": 3}, {"bulletin": {"id": "DEBIAN_DSA-2956.NASL", "hash": "ef77911168b38f3704a82a080a2f5862a6bb220315da458676bbe443efcce924", "type": "nessus", "bulletinFamily": "scanner", "title": "Debian DSA-2956-1 : icinga - security update", "description": "Multiple security issues have been found in the Icinga host and\nnetwork monitoring system (buffer overflows, cross-site request\nforgery, off-by ones) which could result in the execution of arbitrary\ncode, denial of service or session hijacking.", "published": "2014-06-12T00:00:00", "modified": "2019-12-02T00:00:00", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cvss2": {}, "cvss3": {}, "href": "https://www.tenable.com/plugins/nessus/74477", "reporter": "This script is Copyright (C) 2014-2018 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["https://packages.debian.org/source/wheezy/icinga", "https://www.debian.org/security/2014/dsa-2956"], "cvelist": ["CVE-2013-7106", "CVE-2013-7107", "CVE-2014-1878", "CVE-2014-2386", "CVE-2013-7108"], "immutableFields": [], "lastseen": "2019-12-13T06:51:21", "history": [], "viewCount": 3, "enchantments": {"dependencies": {"modified": "2019-12-13T06:51:21", "references": [{"idList": ["SSV:62102"], "type": "seebug"}, {"idList": ["ALAS-2017-899"], "type": "amazon"}, {"idList": ["OPENVAS:1361412562310804248", "OPENVAS:1361412562310121309", "OPENVAS:1361412562310843202", "OPENVAS:1361412562310702956", "OPENVAS:1361412562310891615", "OPENVAS:1361412562310843124", "OPENVAS:702956"], "type": "openvas"}, {"idList": ["GLSA-201412-23"], "type": "gentoo"}, {"idList": ["SECURITYVULNS:VULN:13733", "SECURITYVULNS:DOC:30828", "SECURITYVULNS:DOC:30248", "SECURITYVULNS:VULN:13533", "SECURITYVULNS:VULN:13836", "SECURITYVULNS:DOC:30629", "SECURITYVULNS:DOC:30630"], "type": "securityvulns"}, {"idList": ["CVE-2013-7106", "CVE-2013-7107", "CVE-2014-1878", "CVE-2014-2386", "CVE-2013-7108"], "type": "cve"}, {"idList": ["USN-3253-2", "USN-3253-1"], "type": "ubuntu"}, {"idList": ["DEBIAN_DLA-60.NASL", "UBUNTU_USN-3253-1.NASL", "SUSE_11_NAGIOS-140331.NASL", "DEBIAN_DLA-461.NASL", "SUSE_11_NAGIOS-140108.NASL", "OPENSUSE-2014-58.NASL", "UBUNTU_USN-3253-2.NASL", "OPENSUSE-2014-153.NASL", "OPENSUSE-2014-13.NASL", "DEBIAN_DLA-1615.NASL"], "type": "nessus"}, {"idList": ["DEBIAN:DLA-461-1:5370A", "DEBIAN:DLA-1615-1:D4F7C", "DEBIAN:DSA-2956-1:6D0D0", "DEBIAN:DLA-60-1:5B1EB"], "type": "debian"}, {"idList": ["EDB-ID:38882"], "type": "exploitdb"}, {"idList": ["BA04A373-7D20-11E3-8992-00132034B086", "4E95EB4E-B737-11E3-87CD-F0DEF10DCA57"], "type": "freebsd"}]}, "score": {"modified": "2019-12-13T06:51:21", "value": 8.3, "vector": "NONE"}}, "objectVersion": "1.6", "pluginID": "74477", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-2956. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(74477);\n script_version(\"1.5\");\n script_cvs_date(\"Date: 2018/11/10 11:49:36\");\n\n script_cve_id(\"CVE-2013-7106\", \"CVE-2013-7107\", \"CVE-2013-7108\", \"CVE-2014-1878\", \"CVE-2014-2386\");\n script_bugtraq_id(64363, 64370, 64374, 65605, 66212);\n script_xref(name:\"DSA\", value:\"2956\");\n\n script_name(english:\"Debian DSA-2956-1 : icinga - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple security issues have been found in the Icinga host and\nnetwork monitoring system (buffer overflows, cross-site request\nforgery, off-by ones) which could result in the execution of arbitrary\ncode, denial of service or session hijacking.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/wheezy/icinga\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2014/dsa-2956\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the icinga packages.\n\nFor the stable distribution (wheezy), these problems have been fixed\nin version 1.7.1-7.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:icinga\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:7.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/06/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"7.0\", prefix:\"icinga\", reference:\"1.7.1-7\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"icinga-cgi\", reference:\"1.7.1-7\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"icinga-common\", reference:\"1.7.1-7\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"icinga-core\", reference:\"1.7.1-7\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"icinga-dbg\", reference:\"1.7.1-7\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"icinga-doc\", reference:\"1.7.1-7\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"icinga-idoutils\", reference:\"1.7.1-7\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "naslFamily": "Debian Local Security Checks", "cpe": ["cpe:/o:debian:debian_linux:7.0", "p-cpe:/a:debian:debian_linux:icinga"], "solution": "", "nessusSeverity": "", "cvssScoreSource": "", "vpr": {}, "exploitAvailable": false, "exploitEase": "", "patchPublicationDate": null, "vulnerabilityPublicationDate": null, "exploitableWith": []}, "lastseen": "2019-12-13T06:51:21", "differentElements": ["modified", "reporter", "sourceData"], "edition": 4}, {"bulletin": {"id": "DEBIAN_DSA-2956.NASL", "hash": "11d5403a08beff18651a5d51c00d048c6c0aaed63855b6926813ffb45b858f2a", "type": "nessus", "bulletinFamily": "scanner", "title": "Debian DSA-2956-1 : icinga - security update", "description": "Multiple security issues have been found in the Icinga host and\nnetwork monitoring system (buffer overflows, cross-site request\nforgery, off-by ones) which could result in the execution of arbitrary\ncode, denial of service or session hijacking.", "published": "2014-06-12T00:00:00", "modified": "2014-06-12T00:00:00", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cvss2": {}, "cvss3": {}, "href": "https://www.tenable.com/plugins/nessus/74477", "reporter": "This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["https://packages.debian.org/source/wheezy/icinga", "https://www.debian.org/security/2014/dsa-2956"], "cvelist": ["CVE-2013-7106", "CVE-2013-7107", "CVE-2014-1878", "CVE-2014-2386", "CVE-2013-7108"], "immutableFields": [], "lastseen": "2021-01-12T09:48:38", "history": [], "viewCount": 3, "enchantments": {"dependencies": {"modified": "2021-01-12T09:48:38", "references": [{"idList": ["DEBIAN_DLA-60.NASL", "UBUNTU_USN-3253-1.NASL", "SUSE_11_NAGIOS-140108.NASL", "OPENSUSE-2014-58.NASL", "UBUNTU_USN-3253-2.NASL", "OPENSUSE-2014-153.NASL", "MANDRIVA_MDVSA-2014-089.NASL", "OPENSUSE-2014-13.NASL", "OPENSUSE-2014-42.NASL", "DEBIAN_DLA-1615.NASL"], "type": "nessus"}, {"idList": ["SSV:62102"], "type": "seebug"}, {"idList": ["ALAS-2017-899"], "type": "amazon"}, {"idList": ["UB:CVE-2013-7106", "UB:CVE-2014-1878", "UB:CVE-2013-7107", "UB:CVE-2014-2386", "UB:CVE-2013-7108"], "type": "ubuntucve"}, {"idList": ["OPENVAS:1361412562310804248", "OPENVAS:1361412562310121309", "OPENVAS:1361412562310843202", "OPENVAS:1361412562310702956", "OPENVAS:1361412562310891615", "OPENVAS:1361412562310843124", "OPENVAS:702956"], "type": "openvas"}, {"idList": ["GLSA-201412-23"], "type": "gentoo"}, {"idList": ["SECURITYVULNS:VULN:13733", "SECURITYVULNS:DOC:30828", "SECURITYVULNS:DOC:30248", "SECURITYVULNS:VULN:13533", "SECURITYVULNS:VULN:13836", "SECURITYVULNS:DOC:30629", "SECURITYVULNS:DOC:30630"], "type": "securityvulns"}, {"idList": ["CVE-2013-7106", "CVE-2013-7107", "CVE-2014-1878", "CVE-2014-2386", "CVE-2013-7108"], "type": "cve"}, {"idList": ["USN-3253-2", "USN-3253-1"], "type": "ubuntu"}, {"idList": ["DEBIAN:DLA-461-1:5370A", "DEBIAN:DLA-1615-1:D4F7C", "DEBIAN:DSA-2956-1:6D0D0", "DEBIAN:DLA-60-1:5B1EB"], "type": "debian"}, {"idList": ["EDB-ID:38882"], "type": "exploitdb"}, {"idList": ["BA04A373-7D20-11E3-8992-00132034B086", "4E95EB4E-B737-11E3-87CD-F0DEF10DCA57"], "type": "freebsd"}], "rev": 2}, "score": {"modified": "2021-01-12T09:48:38", "rev": 2, "value": 8.3, "vector": "NONE"}}, "objectVersion": "1.6", "pluginID": "74477", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-2956. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(74477);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2013-7106\", \"CVE-2013-7107\", \"CVE-2013-7108\", \"CVE-2014-1878\", \"CVE-2014-2386\");\n script_bugtraq_id(64363, 64370, 64374, 65605, 66212);\n script_xref(name:\"DSA\", value:\"2956\");\n\n script_name(english:\"Debian DSA-2956-1 : icinga - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple security issues have been found in the Icinga host and\nnetwork monitoring system (buffer overflows, cross-site request\nforgery, off-by ones) which could result in the execution of arbitrary\ncode, denial of service or session hijacking.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/wheezy/icinga\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2014/dsa-2956\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the icinga packages.\n\nFor the stable distribution (wheezy), these problems have been fixed\nin version 1.7.1-7.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:icinga\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:7.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/06/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"7.0\", prefix:\"icinga\", reference:\"1.7.1-7\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"icinga-cgi\", reference:\"1.7.1-7\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"icinga-common\", reference:\"1.7.1-7\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"icinga-core\", reference:\"1.7.1-7\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"icinga-dbg\", reference:\"1.7.1-7\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"icinga-doc\", reference:\"1.7.1-7\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"icinga-idoutils\", reference:\"1.7.1-7\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "naslFamily": "Debian Local Security Checks", "cpe": ["cpe:/o:debian:debian_linux:7.0", "p-cpe:/a:debian:debian_linux:icinga"], "solution": "", "nessusSeverity": "", "cvssScoreSource": "", "vpr": {}, "exploitAvailable": false, "exploitEase": "", "patchPublicationDate": null, "vulnerabilityPublicationDate": null, "exploitableWith": []}, "lastseen": "2021-01-12T09:48:38", "differentElements": ["cvss2"], "edition": 5}, {"bulletin": {"id": "DEBIAN_DSA-2956.NASL", "hash": "b6771c396c1c728b6d4abbb7bd0fdbc7", "type": "nessus", "bulletinFamily": "scanner", "title": "Debian DSA-2956-1 : icinga - security update", "description": "Multiple security issues have been found in the Icinga host and\nnetwork monitoring system (buffer overflows, cross-site request\nforgery, off-by ones) which could result in the execution of arbitrary\ncode, denial of service or session hijacking.", "published": "2014-06-12T00:00:00", "modified": "2014-06-12T00:00:00", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cvss2": {"cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {}, "href": "https://www.tenable.com/plugins/nessus/74477", "reporter": "This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["https://packages.debian.org/source/wheezy/icinga", "https://www.debian.org/security/2014/dsa-2956"], "cvelist": ["CVE-2013-7106", "CVE-2013-7107", "CVE-2014-1878", "CVE-2014-2386", "CVE-2013-7108"], "immutableFields": [], "lastseen": "2021-07-28T23:06:34", "history": [], "viewCount": 3, "enchantments": {"dependencies": {"references": [{"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:13533", "SECURITYVULNS:DOC:30629", "SECURITYVULNS:DOC:30248", "SECURITYVULNS:DOC:30828", "SECURITYVULNS:DOC:30630", "SECURITYVULNS:VULN:13733", "SECURITYVULNS:VULN:13836"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310804248", "OPENVAS:1361412562310121309", "OPENVAS:1361412562310702956", "OPENVAS:1361412562310843202", "OPENVAS:1361412562310891615", "OPENVAS:702956", "OPENVAS:1361412562310843124"]}, {"type": "debian", "idList": ["DEBIAN:DLA-60-1:5B1EB", "DEBIAN:DLA-1615-1:D4F7C", "DEBIAN:DLA-461-1:5370A", "DEBIAN:DSA-2956-1:6D0D0"]}, {"type": "cve", "idList": ["CVE-2014-1878", "CVE-2013-7106", "CVE-2013-7107", "CVE-2013-7108", "CVE-2014-2386"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2013-7106", "UB:CVE-2014-2386", "UB:CVE-2013-7107", "UB:CVE-2013-7108", "UB:CVE-2014-1878"]}, {"type": "nessus", "idList": ["SUSE_11_NAGIOS-140331.NASL", "DEBIAN_DLA-60.NASL", "UBUNTU_USN-3253-2.NASL", "SUSE_11_NAGIOS-140108.NASL", "DEBIAN_DLA-1615.NASL", "MANDRIVA_MDVSA-2014-089.NASL", "OPENSUSE-2014-291.NASL", "OPENSUSE-2014-153.NASL", "DEBIAN_DLA-461.NASL", "UBUNTU_USN-3253-1.NASL"]}, {"type": "ubuntu", "idList": ["USN-3253-1", "USN-3253-2"]}, {"type": "exploitdb", "idList": ["EDB-ID:38882"]}, {"type": "seebug", "idList": ["SSV:62102"]}, {"type": "freebsd", "idList": ["BA04A373-7D20-11E3-8992-00132034B086", "4E95EB4E-B737-11E3-87CD-F0DEF10DCA57"]}, {"type": "amazon", "idList": ["ALAS-2017-899"]}, {"type": "gentoo", "idList": ["GLSA-201412-23"]}], "modified": "2021-07-28T23:06:34", "rev": 2}, "score": {"value": 8.3, "vector": "NONE", "modified": "2021-07-28T23:06:34", "rev": 2}}, "objectVersion": "1.6", "pluginID": "74477", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-2956. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(74477);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2013-7106\", \"CVE-2013-7107\", \"CVE-2013-7108\", \"CVE-2014-1878\", \"CVE-2014-2386\");\n script_bugtraq_id(64363, 64370, 64374, 65605, 66212);\n script_xref(name:\"DSA\", value:\"2956\");\n\n script_name(english:\"Debian DSA-2956-1 : icinga - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple security issues have been found in the Icinga host and\nnetwork monitoring system (buffer overflows, cross-site request\nforgery, off-by ones) which could result in the execution of arbitrary\ncode, denial of service or session hijacking.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/wheezy/icinga\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2014/dsa-2956\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the icinga packages.\n\nFor the stable distribution (wheezy), these problems have been fixed\nin version 1.7.1-7.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:icinga\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:7.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/06/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"7.0\", prefix:\"icinga\", reference:\"1.7.1-7\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"icinga-cgi\", reference:\"1.7.1-7\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"icinga-common\", reference:\"1.7.1-7\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"icinga-core\", reference:\"1.7.1-7\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"icinga-dbg\", reference:\"1.7.1-7\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"icinga-doc\", reference:\"1.7.1-7\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"icinga-idoutils\", reference:\"1.7.1-7\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "naslFamily": "Debian Local Security Checks", "cpe": ["cpe:/o:debian:debian_linux:7.0", "p-cpe:/a:debian:debian_linux:icinga"], "solution": "", "nessusSeverity": "", "cvssScoreSource": "", "vpr": {}, "exploitAvailable": false, "exploitEase": "", "patchPublicationDate": null, "vulnerabilityPublicationDate": null, "exploitableWith": []}, "lastseen": "2021-07-28T23:06:34", "differentElements": ["cvss2", "cvss3", "description", "exploitAvailable", "exploitEase", "modified", "patchPublicationDate", "references", "solution", "vpr"], "edition": 6}, {"bulletin": {"id": "DEBIAN_DSA-2956.NASL", "hash": "962db0337637a342b08376258e68fbb6", "type": "nessus", "bulletinFamily": "scanner", "title": "Debian DSA-2956-1 : icinga - security update", "description": "Multiple security issues have been found in the Icinga host and network monitoring system (buffer overflows, cross-site request forgery, off-by ones) which could result in the execution of arbitrary code, denial of service or session hijacking.", "published": "2014-06-12T00:00:00", "modified": "2021-01-11T00:00:00", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cvss2": {}, "cvss3": {"score": null, "vector": null}, "href": "https://www.tenable.com/plugins/nessus/74477", "reporter": "This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["https://packages.debian.org/source/wheezy/icinga", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7107", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7108", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7106", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1878", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2386", "https://www.debian.org/security/2014/dsa-2956"], "cvelist": ["CVE-2013-7106", "CVE-2013-7107", "CVE-2013-7108", "CVE-2014-1878", "CVE-2014-2386"], "immutableFields": [], "lastseen": "2021-08-11T14:14:20", "history": [], "viewCount": 3, "enchantments": {"dependencies": {"references": [{"type": "openvas", "idList": ["OPENVAS:1361412562310702956", "OPENVAS:1361412562310843202", "OPENVAS:702956", "OPENVAS:1361412562310804248", "OPENVAS:1361412562310121309", "OPENVAS:1361412562310891615", "OPENVAS:1361412562310843124"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:30630", "SECURITYVULNS:VULN:13836", "SECURITYVULNS:VULN:13533", "SECURITYVULNS:VULN:13733", "SECURITYVULNS:DOC:30629", "SECURITYVULNS:DOC:30248", "SECURITYVULNS:DOC:30828"]}, {"type": "debian", "idList": ["DEBIAN:DLA-1615-1:D4F7C", "DEBIAN:DLA-60-1:5B1EB", "DEBIAN:DSA-2956-1:6D0D0", "DEBIAN:DLA-461-1:5370A"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2013-7106", "UB:CVE-2014-1878", "UB:CVE-2013-7108", "UB:CVE-2013-7107", "UB:CVE-2014-2386"]}, {"type": "cve", "idList": ["CVE-2013-7106", "CVE-2013-7107", "CVE-2014-2386", "CVE-2014-1878", "CVE-2013-7108"]}, {"type": "nessus", "idList": ["OPENSUSE-2014-42.NASL", "SUSE_11_NAGIOS-140331.NASL", "DEBIAN_DLA-60.NASL", "SUSE_11_NAGIOS-140108.NASL", "DEBIAN_DLA-1615.NASL", "OPENSUSE-2014-13.NASL", "OPENSUSE-2014-153.NASL", "OPENSUSE-2014-58.NASL", "UBUNTU_USN-3253-2.NASL", "UBUNTU_USN-3253-1.NASL"]}, {"type": "ubuntu", "idList": ["USN-3253-1", "USN-3253-2"]}, {"type": "exploitdb", "idList": ["EDB-ID:38882"]}, {"type": "seebug", "idList": ["SSV:62102"]}, {"type": "freebsd", "idList": ["BA04A373-7D20-11E3-8992-00132034B086", "4E95EB4E-B737-11E3-87CD-F0DEF10DCA57"]}, {"type": "amazon", "idList": ["ALAS-2017-899"]}, {"type": "gentoo", "idList": ["GLSA-201412-23"]}], "modified": "2021-08-11T14:14:20", "rev": 2}, "score": {"value": 8.3, "vector": "NONE", "modified": "2021-08-11T14:14:20", "rev": 2}}, "objectVersion": "1.6", "pluginID": "74477", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-2956. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(74477);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2013-7106\", \"CVE-2013-7107\", \"CVE-2013-7108\", \"CVE-2014-1878\", \"CVE-2014-2386\");\n script_bugtraq_id(64363, 64370, 64374, 65605, 66212);\n script_xref(name:\"DSA\", value:\"2956\");\n\n script_name(english:\"Debian DSA-2956-1 : icinga - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple security issues have been found in the Icinga host and\nnetwork monitoring system (buffer overflows, cross-site request\nforgery, off-by ones) which could result in the execution of arbitrary\ncode, denial of service or session hijacking.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/wheezy/icinga\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2014/dsa-2956\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the icinga packages.\n\nFor the stable distribution (wheezy), these problems have been fixed\nin version 1.7.1-7.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:icinga\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:7.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/06/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"7.0\", prefix:\"icinga\", reference:\"1.7.1-7\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"icinga-cgi\", reference:\"1.7.1-7\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"icinga-common\", reference:\"1.7.1-7\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"icinga-core\", reference:\"1.7.1-7\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"icinga-dbg\", reference:\"1.7.1-7\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"icinga-doc\", reference:\"1.7.1-7\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"icinga-idoutils\", reference:\"1.7.1-7\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "naslFamily": "Debian Local Security Checks", "cpe": ["p-cpe:/a:debian:debian_linux:icinga", "cpe:/o:debian:debian_linux:7.0"], "solution": "Upgrade the icinga packages.\n\nFor the stable distribution (wheezy), these problems have been fixed in version 1.7.1-7.", "nessusSeverity": "", "cvssScoreSource": "", "vpr": {"risk factor": "Medium", "score": "6"}, "exploitAvailable": true, "exploitEase": "Exploits are available", "patchPublicationDate": "2014-06-11T00:00:00", "vulnerabilityPublicationDate": null, "exploitableWith": []}, "lastseen": "2021-08-11T14:14:20", "differentElements": ["nessusSeverity"], "edition": 7}], "viewCount": 3, "enchantments": {"dependencies": {"references": [{"type": "debian", "idList": ["DEBIAN:DLA-60-1:98AA3", "DEBIAN:DLA-1615-1:D1385", "DEBIAN:DLA-60-1:5B1EB", "DEBIAN:DLA-1615-1:D4F7C", "DEBIAN:DSA-2956-1:6D0D0", "DEBIAN:DLA-461-1:5370A"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310843124", "OPENVAS:702956", "OPENVAS:1361412562310121309", "OPENVAS:1361412562310702956", "OPENVAS:1361412562310843202", "OPENVAS:1361412562310891615", "OPENVAS:1361412562310804248"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:30828", "SECURITYVULNS:VULN:13836", "SECURITYVULNS:DOC:30630", "SECURITYVULNS:DOC:30248", "SECURITYVULNS:VULN:13533", "SECURITYVULNS:DOC:30629", "SECURITYVULNS:VULN:13733"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2013-7107", "UB:CVE-2014-2386", "UB:CVE-2013-7108", "UB:CVE-2013-7106", "UB:CVE-2014-1878"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2013-7107", "DEBIANCVE:CVE-2014-1878", "DEBIANCVE:CVE-2013-7108", "DEBIANCVE:CVE-2013-7106", "DEBIANCVE:CVE-2014-2386"]}, {"type": "cve", "idList": ["CVE-2013-7107", "CVE-2014-1878", "CVE-2013-7108", "CVE-2014-2386", "CVE-2013-7106"]}, {"type": "alpinelinux", "idList": ["ALPINE:CVE-2013-7108", "ALPINE:CVE-2014-1878"]}, {"type": "nessus", "idList": ["MANDRIVA_MDVSA-2014-089.NASL", "OPENSUSE-2014-42.NASL", "UBUNTU_USN-3253-2.NASL", "SUSE_11_NAGIOS-140108.NASL", "MANDRIVA_MDVSA-2014-004.NASL", "UBUNTU_USN-3253-1.NASL", "FREEBSD_PKG_BA04A3737D2011E3899200132034B086.NASL", "OPENSUSE-2014-291.NASL", "DEBIAN_DLA-461.NASL", "OPENSUSE-2014-58.NASL", "GENTOO_GLSA-201412-23.NASL", "OPENSUSE-2014-237.NASL", "DEBIAN_DLA-1615.NASL", "OPENSUSE-2014-13.NASL", "OPENSUSE-2014-153.NASL", "ALA_ALAS-2017-899.NASL", "DEBIAN_DLA-60.NASL", "SUSE_11_NAGIOS-140331.NASL", "FREEBSD_PKG_4E95EB4EB73711E387CDF0DEF10DCA57.NASL"]}, {"type": "ubuntu", "idList": ["USN-3253-2", "USN-3253-1"]}, {"type": "exploitdb", "idList": ["EDB-ID:38882"]}, {"type": "seebug", "idList": ["SSV:62102"]}, {"type": "freebsd", "idList": ["4E95EB4E-B737-11E3-87CD-F0DEF10DCA57", "BA04A373-7D20-11E3-8992-00132034B086"]}, {"type": "checkpoint_advisories", "idList": ["CPAI-2014-0376"]}, {"type": "ibm", "idList": ["079322F37896A0ABC40D5E9888C345C74DC7F9F0503D886CB971333FDE21464E"]}, {"type": "amazon", "idList": ["ALAS-2017-899"]}, {"type": "gentoo", "idList": ["GLSA-201412-23"]}], "modified": "2021-08-19T12:49:26", "rev": 2}, "score": {"value": 8.3, "vector": "NONE", "modified": "2021-08-19T12:49:26", "rev": 2}}, "objectVersion": "1.6", "pluginID": "74477", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-2956. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(74477);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2013-7106\", \"CVE-2013-7107\", \"CVE-2013-7108\", \"CVE-2014-1878\", \"CVE-2014-2386\");\n script_bugtraq_id(64363, 64370, 64374, 65605, 66212);\n script_xref(name:\"DSA\", value:\"2956\");\n\n script_name(english:\"Debian DSA-2956-1 : icinga - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple security issues have been found in the Icinga host and\nnetwork monitoring system (buffer overflows, cross-site request\nforgery, off-by ones) which could result in the execution of arbitrary\ncode, denial of service or session hijacking.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/wheezy/icinga\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2014/dsa-2956\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the icinga packages.\n\nFor the stable distribution (wheezy), these problems have been fixed\nin version 1.7.1-7.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:icinga\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:7.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/06/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"7.0\", prefix:\"icinga\", reference:\"1.7.1-7\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"icinga-cgi\", reference:\"1.7.1-7\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"icinga-common\", reference:\"1.7.1-7\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"icinga-core\", reference:\"1.7.1-7\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"icinga-dbg\", reference:\"1.7.1-7\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"icinga-doc\", reference:\"1.7.1-7\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"icinga-idoutils\", reference:\"1.7.1-7\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "naslFamily": "Debian Local Security Checks", "cpe": ["p-cpe:/a:debian:debian_linux:icinga", "cpe:/o:debian:debian_linux:7.0"], "solution": "Upgrade the icinga packages.\n\nFor the stable distribution (wheezy), these problems have been fixed in version 1.7.1-7.", "nessusSeverity": "Medium", "cvssScoreSource": "", "vpr": {"risk factor": "Medium", "score": "6"}, "exploitAvailable": true, "exploitEase": "Exploits are available", "patchPublicationDate": "2014-06-11T00:00:00", "vulnerabilityPublicationDate": null, "exploitableWith": [], "_object_type": "robots.models.nessus.NessusBulletin", "_object_types": ["robots.models.base.Bulletin", "robots.models.nessus.NessusBulletin"]}], "openvas": [{"id": "OPENVAS:702956", "hash": "01b731d3f461afde2d82ae44c8fa7b3c", "type": "openvas", "bulletinFamily": "scanner", "title": "Debian Security Advisory DSA 2956-1 (icinga - security update)", "description": "Multiple security issues have been found in the Icinga host and network\nmonitoring system (buffer overflows, cross-site request forgery, off-by\nones) which could result in the execution of arbitrary code, denial of\nservice or session hijacking.", "published": "2014-06-11T00:00:00", "modified": "2017-07-10T00:00:00", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=702956", "reporter": "Copyright (c) 2014 Greenbone Networks GmbH http://greenbone.net", "references": ["http://www.debian.org/security/2014/dsa-2956.html"], "cvelist": ["CVE-2013-7106", "CVE-2013-7107", "CVE-2014-1878", "CVE-2014-2386", "CVE-2013-7108"], "lastseen": "2017-07-25T10:48:38", "history": [{"lastseen": "2017-07-24T12:48:34", "differentElements": ["modified", "sourceData"], "edition": 2, "bulletin": {"id": "OPENVAS:702956", "hash": "1238ebbb7e6b84499d6e60858d3e1dacd9139ff2680814aa59f8d858c9e6085e", "type": "openvas", "bulletinFamily": "scanner", "title": "Debian Security Advisory DSA 2956-1 (icinga - security update)", "description": "Multiple security issues have been found in the Icinga host and network\nmonitoring system (buffer overflows, cross-site request forgery, off-by\nones) which could result in the execution of arbitrary code, denial of\nservice or session hijacking.", "published": "2014-06-11T00:00:00", "modified": "2017-07-07T00:00:00", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=702956", "reporter": "Copyright (c) 2014 Greenbone Networks GmbH http://greenbone.net", "references": ["http://www.debian.org/security/2014/dsa-2956.html"], "cvelist": ["CVE-2013-7106", "CVE-2013-7107", "CVE-2014-1878", "CVE-2014-2386", "CVE-2013-7108"], "lastseen": "2017-07-24T12:48:34", "history": [], "viewCount": 0, "enchantments": {}, "objectVersion": "1.4", "pluginID": "702956", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2956.nasl 6610 2017-07-07 12:06:40Z cfischer $\n# Auto-generated from advisory DSA 2956-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2014 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ntag_affected = \"icinga on Debian Linux\";\ntag_insight = \"Icinga is a modular monitoring framework for hosts, services, and\nnetworks, based on the Nagios project. It is designed to be easy to\nunderstand and modify to fit any need.\";\ntag_solution = \"For the stable distribution (wheezy), these problems have been fixed in\nversion 1.7.1-7.\n\nFor the testing distribution (jessie), these problems have been fixed in\nversion 1.11.0-1.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 1.11.0-1.\n\nWe recommend that you upgrade your icinga packages.\";\ntag_summary = \"Multiple security issues have been found in the Icinga host and network\nmonitoring system (buffer overflows, cross-site request forgery, off-by\nones) which could result in the execution of arbitrary code, denial of\nservice or session hijacking.\";\ntag_vuldetect = \"This check tests the installed software version using the apt package manager.\";\n\nif(description)\n{\n script_id(702956);\n script_version(\"$Revision: 6610 $\");\n script_cve_id(\"CVE-2013-7106\", \"CVE-2013-7107\", \"CVE-2013-7108\", \"CVE-2014-1878\", \"CVE-2014-2386\");\n script_name(\"Debian Security Advisory DSA 2956-1 (icinga - security update)\");\n script_tag(name: \"last_modification\", value:\"$Date: 2017-07-07 14:06:40 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name: \"creation_date\", value:\"2014-06-11 00:00:00 +0200 (Wed, 11 Jun 2014)\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n\n script_xref(name: \"URL\", value: \"http://www.debian.org/security/2014/dsa-2956.html\");\n\n script_summary(\"Debian Security Advisory DSA 2956-1 (icinga - security update)\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2014 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name: \"affected\", value: tag_affected);\n script_tag(name: \"insight\", value: tag_insight);\n# script_tag(name: \"impact\", value: tag_impact);\n script_tag(name: \"solution\", value: tag_solution);\n script_tag(name: \"summary\", value: tag_summary);\n script_tag(name: \"vuldetect\", value: tag_vuldetect);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"icinga\", ver:\"1.7.1-7\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icinga-cgi\", ver:\"1.7.1-7\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icinga-common\", ver:\"1.7.1-7\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icinga-core\", ver:\"1.7.1-7\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icinga-dbg\", ver:\"1.7.1-7\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icinga-doc\", ver:\"1.7.1-7\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icinga-idoutils\", ver:\"1.7.1-7\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icinga\", ver:\"1.7.1-7\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icinga-cgi\", ver:\"1.7.1-7\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icinga-common\", ver:\"1.7.1-7\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icinga-core\", ver:\"1.7.1-7\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icinga-dbg\", ver:\"1.7.1-7\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icinga-doc\", ver:\"1.7.1-7\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icinga-idoutils\", ver:\"1.7.1-7\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icinga\", ver:\"1.7.1-7\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icinga-cgi\", ver:\"1.7.1-7\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icinga-common\", ver:\"1.7.1-7\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icinga-core\", ver:\"1.7.1-7\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icinga-dbg\", ver:\"1.7.1-7\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icinga-doc\", ver:\"1.7.1-7\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icinga-idoutils\", ver:\"1.7.1-7\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icinga\", ver:\"1.7.1-7\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icinga-cgi\", ver:\"1.7.1-7\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icinga-common\", ver:\"1.7.1-7\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icinga-core\", ver:\"1.7.1-7\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icinga-dbg\", ver:\"1.7.1-7\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icinga-doc\", ver:\"1.7.1-7\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icinga-idoutils\", ver:\"1.7.1-7\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "naslFamily": "Debian Local Security Checks"}}, {"lastseen": "2017-07-02T21:09:28", "differentElements": ["modified", "sourceData"], "edition": 1, "bulletin": {"id": "OPENVAS:702956", "hash": "6e2330c43fc037dad3b1fcb266a79c665786e0e8649288c08e9b95b4e112c5fa", "type": "openvas", "bulletinFamily": "scanner", "title": "Debian Security Advisory DSA 2956-1 (icinga - security update)", "description": "Multiple security issues have been found in the Icinga host and network\nmonitoring system (buffer overflows, cross-site request forgery, off-by\nones) which could result in the execution of arbitrary code, denial of\nservice or session hijacking.", "published": "2014-06-11T00:00:00", "modified": "2016-03-03T00:00:00", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=702956", "reporter": "Copyright (c) 2014 Greenbone Networks GmbH http://greenbone.net", "references": ["http://www.debian.org/security/2014/dsa-2956.html"], "cvelist": ["CVE-2013-7106", "CVE-2013-7107", "CVE-2014-1878", "CVE-2014-2386", "CVE-2013-7108"], "lastseen": "2017-07-02T21:09:28", "history": [], "viewCount": 0, "enchantments": {}, "objectVersion": "1.4", "pluginID": "702956", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2956.nasl 2767 2016-03-03 09:38:42Z benallard $\n# Auto-generated from advisory DSA 2956-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2014 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ntag_affected = \"icinga on Debian Linux\";\ntag_insight = \"Icinga is a modular monitoring framework for hosts, services, and\nnetworks, based on the Nagios project. It is designed to be easy to\nunderstand and modify to fit any need.\";\ntag_solution = \"For the stable distribution (wheezy), these problems have been fixed in\nversion 1.7.1-7.\n\nFor the testing distribution (jessie), these problems have been fixed in\nversion 1.11.0-1.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 1.11.0-1.\n\nWe recommend that you upgrade your icinga packages.\";\ntag_summary = \"Multiple security issues have been found in the Icinga host and network\nmonitoring system (buffer overflows, cross-site request forgery, off-by\nones) which could result in the execution of arbitrary code, denial of\nservice or session hijacking.\";\ntag_vuldetect = \"This check tests the installed software version using the apt package manager.\";\n\nif(description)\n{\n script_id(702956);\n script_version(\"$Revision: 2767 $\");\n script_cve_id(\"CVE-2013-7106\", \"CVE-2013-7107\", \"CVE-2013-7108\", \"CVE-2014-1878\", \"CVE-2014-2386\");\n script_name(\"Debian Security Advisory DSA 2956-1 (icinga - security update)\");\n script_tag(name: \"last_modification\", value:\"$Date: 2016-03-03 10:38:42 +0100 (Thu, 03 Mar 2016) $\");\n script_tag(name: \"creation_date\", value:\"2014-06-11 00:00:00 +0200 (Wed, 11 Jun 2014)\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n\n script_xref(name: \"URL\", value: \"http://www.debian.org/security/2014/dsa-2956.html\");\n\n script_summary(\"Debian Security Advisory DSA 2956-1 (icinga - security update)\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2014 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"HostDetails/OS/cpe:/o:debian:debian_linux\", \"login/SSH/success\", \"ssh/login/packages\");\n script_tag(name: \"affected\", value: tag_affected);\n script_tag(name: \"insight\", value: tag_insight);\n# script_tag(name: \"impact\", value: tag_impact);\n script_tag(name: \"solution\", value: tag_solution);\n script_tag(name: \"summary\", value: tag_summary);\n script_tag(name: \"vuldetect\", value: tag_vuldetect);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"icinga\", ver:\"1.7.1-7\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icinga-cgi\", ver:\"1.7.1-7\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icinga-common\", ver:\"1.7.1-7\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icinga-core\", ver:\"1.7.1-7\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icinga-dbg\", ver:\"1.7.1-7\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icinga-doc\", ver:\"1.7.1-7\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icinga-idoutils\", ver:\"1.7.1-7\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icinga\", ver:\"1.7.1-7\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icinga-cgi\", ver:\"1.7.1-7\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icinga-common\", ver:\"1.7.1-7\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icinga-core\", ver:\"1.7.1-7\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icinga-dbg\", ver:\"1.7.1-7\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icinga-doc\", ver:\"1.7.1-7\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icinga-idoutils\", ver:\"1.7.1-7\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icinga\", ver:\"1.7.1-7\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icinga-cgi\", ver:\"1.7.1-7\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icinga-common\", ver:\"1.7.1-7\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icinga-core\", ver:\"1.7.1-7\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icinga-dbg\", ver:\"1.7.1-7\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icinga-doc\", ver:\"1.7.1-7\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icinga-idoutils\", ver:\"1.7.1-7\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icinga\", ver:\"1.7.1-7\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icinga-cgi\", ver:\"1.7.1-7\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icinga-common\", ver:\"1.7.1-7\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icinga-core\", ver:\"1.7.1-7\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icinga-dbg\", ver:\"1.7.1-7\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icinga-doc\", ver:\"1.7.1-7\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icinga-idoutils\", ver:\"1.7.1-7\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "naslFamily": "Debian Local Security Checks"}}], "viewCount": 0, "enchantments": {"score": {"value": 8.2, "vector": "NONE", "modified": "2017-07-25T10:48:38", "rev": 2}, "dependencies": {"references": [{"type": "debian", "idList": ["DEBIAN:DLA-60-1:98AA3", "DEBIAN:DLA-1615-1:D1385", "DEBIAN:DLA-60-1:5B1EB", "DEBIAN:DLA-1615-1:D4F7C", "DEBIAN:DSA-2956-1:6D0D0", "DEBIAN:DLA-461-1:5370A"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310843124", "OPENVAS:1361412562310121309", "OPENVAS:1361412562310702956", "OPENVAS:1361412562310843202", "OPENVAS:1361412562310891615", "OPENVAS:1361412562310804248"]}, {"type": "nessus", "idList": ["MANDRIVA_MDVSA-2014-089.NASL", "OPENSUSE-2014-42.NASL", "UBUNTU_USN-3253-2.NASL", "SUSE_11_NAGIOS-140108.NASL", "MANDRIVA_MDVSA-2014-004.NASL", "UBUNTU_USN-3253-1.NASL", "FREEBSD_PKG_BA04A3737D2011E3899200132034B086.NASL", "OPENSUSE-2014-291.NASL", "DEBIAN_DLA-461.NASL", "OPENSUSE-2014-58.NASL", "GENTOO_GLSA-201412-23.NASL", "OPENSUSE-2014-237.NASL", "DEBIAN_DLA-1615.NASL", "OPENSUSE-2014-13.NASL", "OPENSUSE-2014-153.NASL", "ALA_ALAS-2017-899.NASL", "DEBIAN_DLA-60.NASL", "SUSE_11_NAGIOS-140331.NASL", "FREEBSD_PKG_4E95EB4EB73711E387CDF0DEF10DCA57.NASL", "DEBIAN_DSA-2956.NASL"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:30828", "SECURITYVULNS:VULN:13836", "SECURITYVULNS:DOC:30630", "SECURITYVULNS:DOC:30248", "SECURITYVULNS:VULN:13533", "SECURITYVULNS:DOC:30629", "SECURITYVULNS:VULN:13733"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2013-7107", "UB:CVE-2014-2386", "UB:CVE-2013-7108", "UB:CVE-2013-7106", "UB:CVE-2014-1878"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2013-7107", "DEBIANCVE:CVE-2014-1878", "DEBIANCVE:CVE-2013-7108", "DEBIANCVE:CVE-2013-7106", "DEBIANCVE:CVE-2014-2386"]}, {"type": "cve", "idList": ["CVE-2013-7107", "CVE-2014-1878", "CVE-2013-7108", "CVE-2014-2386", "CVE-2013-7106"]}, {"type": "alpinelinux", "idList": ["ALPINE:CVE-2013-7108", "ALPINE:CVE-2014-1878"]}, {"type": "ubuntu", "idList": ["USN-3253-2", "USN-3253-1"]}, {"type": "exploitdb", "idList": ["EDB-ID:38882"]}, {"type": "seebug", "idList": ["SSV:62102"]}, {"type": "freebsd", "idList": ["4E95EB4E-B737-11E3-87CD-F0DEF10DCA57", "BA04A373-7D20-11E3-8992-00132034B086"]}, {"type": "checkpoint_advisories", "idList": ["CPAI-2014-0376"]}, {"type": "ibm", "idList": ["079322F37896A0ABC40D5E9888C345C74DC7F9F0503D886CB971333FDE21464E"]}, {"type": "amazon", "idList": ["ALAS-2017-899"]}, {"type": "gentoo", "idList": ["GLSA-201412-23"]}], "modified": "2017-07-25T10:48:38", "rev": 2}}, "objectVersion": "1.5", "pluginID": "702956", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2956.nasl 6637 2017-07-10 09:58:13Z teissa $\n# Auto-generated from advisory DSA 2956-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2014 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ntag_affected = \"icinga on Debian Linux\";\ntag_insight = \"Icinga is a modular monitoring framework for hosts, services, and\nnetworks, based on the Nagios project. It is designed to be easy to\nunderstand and modify to fit any need.\";\ntag_solution = \"For the stable distribution (wheezy), these problems have been fixed in\nversion 1.7.1-7.\n\nFor the testing distribution (jessie), these problems have been fixed in\nversion 1.11.0-1.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 1.11.0-1.\n\nWe recommend that you upgrade your icinga packages.\";\ntag_summary = \"Multiple security issues have been found in the Icinga host and network\nmonitoring system (buffer overflows, cross-site request forgery, off-by\nones) which could result in the execution of arbitrary code, denial of\nservice or session hijacking.\";\ntag_vuldetect = \"This check tests the installed software version using the apt package manager.\";\n\nif(description)\n{\n script_id(702956);\n script_version(\"$Revision: 6637 $\");\n script_cve_id(\"CVE-2013-7106\", \"CVE-2013-7107\", \"CVE-2013-7108\", \"CVE-2014-1878\", \"CVE-2014-2386\");\n script_name(\"Debian Security Advisory DSA 2956-1 (icinga - security update)\");\n script_tag(name: \"last_modification\", value:\"$Date: 2017-07-10 11:58:13 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name: \"creation_date\", value:\"2014-06-11 00:00:00 +0200 (Wed, 11 Jun 2014)\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n\n script_xref(name: \"URL\", value: \"http://www.debian.org/security/2014/dsa-2956.html\");\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2014 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name: \"affected\", value: tag_affected);\n script_tag(name: \"insight\", value: tag_insight);\n# script_tag(name: \"impact\", value: tag_impact);\n script_tag(name: \"solution\", value: tag_solution);\n script_tag(name: \"summary\", value: tag_summary);\n script_tag(name: \"vuldetect\", value: tag_vuldetect);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"icinga\", ver:\"1.7.1-7\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icinga-cgi\", ver:\"1.7.1-7\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icinga-common\", ver:\"1.7.1-7\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icinga-core\", ver:\"1.7.1-7\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icinga-dbg\", ver:\"1.7.1-7\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icinga-doc\", ver:\"1.7.1-7\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icinga-idoutils\", ver:\"1.7.1-7\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icinga\", ver:\"1.7.1-7\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icinga-cgi\", ver:\"1.7.1-7\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icinga-common\", ver:\"1.7.1-7\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icinga-core\", ver:\"1.7.1-7\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icinga-dbg\", ver:\"1.7.1-7\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icinga-doc\", ver:\"1.7.1-7\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icinga-idoutils\", ver:\"1.7.1-7\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icinga\", ver:\"1.7.1-7\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icinga-cgi\", ver:\"1.7.1-7\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icinga-common\", ver:\"1.7.1-7\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icinga-core\", ver:\"1.7.1-7\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icinga-dbg\", ver:\"1.7.1-7\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icinga-doc\", ver:\"1.7.1-7\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icinga-idoutils\", ver:\"1.7.1-7\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icinga\", ver:\"1.7.1-7\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icinga-cgi\", ver:\"1.7.1-7\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icinga-common\", ver:\"1.7.1-7\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icinga-core\", ver:\"1.7.1-7\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icinga-dbg\", ver:\"1.7.1-7\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icinga-doc\", ver:\"1.7.1-7\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icinga-idoutils\", ver:\"1.7.1-7\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "naslFamily": "Debian Local Security Checks", "_object_type": "robots.models.openvas.OpenVASBulletin", "_object_types": ["robots.models.base.Bulletin", "robots.models.openvas.OpenVASBulletin"], "immutableFields": [], "cvss2": {}, "cvss3": {}}, {"id": "OPENVAS:1361412562310702956", "hash": "8a0bf0708725729d1ad1ea3478ef98bc", "type": "openvas", "bulletinFamily": "scanner", "title": "Debian Security Advisory DSA 2956-1 (icinga - security update)", "description": "Multiple security issues have been found in the Icinga host and network\nmonitoring system (buffer overflows, cross-site request forgery, off-by\nones) which could result in the execution of arbitrary code, denial of\nservice or session hijacking.", "published": "2014-06-11T00:00:00", "modified": "2019-03-19T00:00:00", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310702956", "reporter": "Copyright (c) 2014 Greenbone Networks GmbH http://greenbone.net", "references": ["http://www.debian.org/security/2014/dsa-2956.html"], "cvelist": ["CVE-2013-7106", "CVE-2013-7107", "CVE-2014-1878", "CVE-2014-2386", "CVE-2013-7108"], "lastseen": "2019-05-29T18:37:45", "history": [{"bulletin": {"id": "OPENVAS:1361412562310702956", "hash": "a90207c56cf0e1dd8af9e3867b92fca3796df60ae1ae8cded1c9bf303928a306", "type": "openvas", "bulletinFamily": "scanner", "title": "Debian Security Advisory DSA 2956-1 (icinga - security update)", "description": "Multiple security issues have been found in the Icinga host and network\nmonitoring system (buffer overflows, cross-site request forgery, off-by\nones) which could result in the execution of arbitrary code, denial of\nservice or session hijacking.", "published": "2014-06-11T00:00:00", "modified": "2018-04-06T00:00:00", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310702956", "reporter": "Copyright (c) 2014 Greenbone Networks GmbH http://greenbone.net", "references": ["http://www.debian.org/security/2014/dsa-2956.html"], "cvelist": ["CVE-2013-7106", "CVE-2013-7107", "CVE-2014-1878", "CVE-2014-2386", "CVE-2013-7108"], "lastseen": "2018-04-06T11:11:43", "history": [], "viewCount": 0, "enchantments": {"score": {"value": 7.5, "vector": "NONE"}}, "objectVersion": "1.4", "pluginID": "1361412562310702956", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2956.nasl 9354 2018-04-06 07:15:32Z cfischer $\n# Auto-generated from advisory DSA 2956-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2014 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ntag_affected = \"icinga on Debian Linux\";\ntag_insight = \"Icinga is a modular monitoring framework for hosts, services, and\nnetworks, based on the Nagios project. It is designed to be easy to\nunderstand and modify to fit any need.\";\ntag_solution = \"For the stable distribution (wheezy), these problems have been fixed in\nversion 1.7.1-7.\n\nFor the testing distribution (jessie), these problems have been fixed in\nversion 1.11.0-1.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 1.11.0-1.\n\nWe recommend that you upgrade your icinga packages.\";\ntag_summary = \"Multiple security issues have been found in the Icinga host and network\nmonitoring system (buffer overflows, cross-site request forgery, off-by\nones) which could result in the execution of arbitrary code, denial of\nservice or session hijacking.\";\ntag_vuldetect = \"This check tests the installed software version using the apt package manager.\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.702956\");\n script_version(\"$Revision: 9354 $\");\n script_cve_id(\"CVE-2013-7106\", \"CVE-2013-7107\", \"CVE-2013-7108\", \"CVE-2014-1878\", \"CVE-2014-2386\");\n script_name(\"Debian Security Advisory DSA 2956-1 (icinga - security update)\");\n script_tag(name: \"last_modification\", value:\"$Date: 2018-04-06 09:15:32 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name: \"creation_date\", value:\"2014-06-11 00:00:00 +0200 (Wed, 11 Jun 2014)\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n\n script_xref(name: \"URL\", value: \"http://www.debian.org/security/2014/dsa-2956.html\");\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2014 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name: \"affected\", value: tag_affected);\n script_tag(name: \"insight\", value: tag_insight);\n# script_tag(name: \"impact\", value: tag_impact);\n script_tag(name: \"solution\", value: tag_solution);\n script_tag(name: \"summary\", value: tag_summary);\n script_tag(name: \"vuldetect\", value: tag_vuldetect);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"icinga\", ver:\"1.7.1-7\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icinga-cgi\", ver:\"1.7.1-7\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icinga-common\", ver:\"1.7.1-7\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icinga-core\", ver:\"1.7.1-7\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icinga-dbg\", ver:\"1.7.1-7\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icinga-doc\", ver:\"1.7.1-7\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icinga-idoutils\", ver:\"1.7.1-7\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icinga\", ver:\"1.7.1-7\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icinga-cgi\", ver:\"1.7.1-7\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icinga-common\", ver:\"1.7.1-7\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icinga-core\", ver:\"1.7.1-7\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icinga-dbg\", ver:\"1.7.1-7\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icinga-doc\", ver:\"1.7.1-7\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icinga-idoutils\", ver:\"1.7.1-7\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icinga\", ver:\"1.7.1-7\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icinga-cgi\", ver:\"1.7.1-7\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icinga-common\", ver:\"1.7.1-7\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icinga-core\", ver:\"1.7.1-7\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icinga-dbg\", ver:\"1.7.1-7\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icinga-doc\", ver:\"1.7.1-7\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icinga-idoutils\", ver:\"1.7.1-7\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icinga\", ver:\"1.7.1-7\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icinga-cgi\", ver:\"1.7.1-7\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icinga-common\", ver:\"1.7.1-7\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icinga-core\", ver:\"1.7.1-7\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icinga-dbg\", ver:\"1.7.1-7\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icinga-doc\", ver:\"1.7.1-7\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icinga-idoutils\", ver:\"1.7.1-7\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "naslFamily": "Debian Local Security Checks"}, "differentElements": ["cvss"], "edition": 1, "lastseen": "2018-04-06T11:11:43"}, {"bulletin": {"id": "OPENVAS:1361412562310702956", "hash": "a90207c56cf0e1dd8af9e3867b92fca3796df60ae1ae8cded1c9bf303928a306", "type": "openvas", "bulletinFamily": "scanner", "title": "Debian Security Advisory DSA 2956-1 (icinga - security update)", "description": "Multiple security issues have been found in the Icinga host and network\nmonitoring system (buffer overflows, cross-site request forgery, off-by\nones) which could result in the execution of arbitrary code, denial of\nservice or session hijacking.", "published": "2014-06-11T00:00:00", "modified": "2018-04-06T00:00:00", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310702956", "reporter": "Copyright (c) 2014 Greenbone Networks GmbH http://greenbone.net", "references": ["http://www.debian.org/security/2014/dsa-2956.html"], "cvelist": ["CVE-2013-7106", "CVE-2013-7107", "CVE-2014-1878", "CVE-2014-2386", "CVE-2013-7108"], "lastseen": "2018-09-01T23:55:29", "history": [], "viewCount": 0, "enchantments": {"dependencies": {"modified": "2018-09-01T23:55:29", "references": [{"idList": ["DEBIAN_DLA-60.NASL", "UBUNTU_USN-3253-1.NASL", "SUSE_11_NAGIOS-140331.NASL", "SUSE_11_NAGIOS-140108.NASL", "DEBIAN_DSA-2956.NASL", "UBUNTU_USN-3253-2.NASL", "OPENSUSE-2014-153.NASL", "OPENSUSE-2014-13.NASL", "OPENSUSE-2014-42.NASL", "DEBIAN_DLA-1615.NASL"], "type": "nessus"}, {"idList": ["SSV:62102"], "type": "seebug"}, {"idList": ["ALAS-2017-899"], "type": "amazon"}, {"idList": ["OPENVAS:1361412562310804248", "OPENVAS:1361412562310121309", "OPENVAS:1361412562310843202", "OPENVAS:1361412562310891615", "OPENVAS:1361412562310843124", "OPENVAS:702956"], "type": "openvas"}, {"idList": ["GLSA-201412-23"], "type": "gentoo"}, {"idList": ["SECURITYVULNS:VULN:13733", "SECURITYVULNS:DOC:30828", "SECURITYVULNS:DOC:30248", "SECURITYVULNS:VULN:13533", "SECURITYVULNS:VULN:13836", "SECURITYVULNS:DOC:30629", "SECURITYVULNS:DOC:30630"], "type": "securityvulns"}, {"idList": ["CVE-2013-7106", "CVE-2013-7107", "CVE-2014-1878", "CVE-2014-2386", "CVE-2013-7108"], "type": "cve"}, {"idList": ["USN-3253-2", "USN-3253-1"], "type": "ubuntu"}, {"idList": ["DEBIAN:DLA-461-1:5370A", "DEBIAN:DLA-1615-1:D4F7C", "DEBIAN:DSA-2956-1:6D0D0", "DEBIAN:DLA-60-1:5B1EB"], "type": "debian"}, {"idList": ["EDB-ID:38882"], "type": "exploitdb"}, {"idList": ["BA04A373-7D20-11E3-8992-00132034B086", "4E95EB4E-B737-11E3-87CD-F0DEF10DCA57"], "type": "freebsd"}]}, "score": {"value": 7.5, "vector": "NONE"}}, "objectVersion": "1.4", "pluginID": "1361412562310702956", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2956.nasl 9354 2018-04-06 07:15:32Z cfischer $\n# Auto-generated from advisory DSA 2956-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2014 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ntag_affected = \"icinga on Debian Linux\";\ntag_insight = \"Icinga is a modular monitoring framework for hosts, services, and\nnetworks, based on the Nagios project. It is designed to be easy to\nunderstand and modify to fit any need.\";\ntag_solution = \"For the stable distribution (wheezy), these problems have been fixed in\nversion 1.7.1-7.\n\nFor the testing distribution (jessie), these problems have been fixed in\nversion 1.11.0-1.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 1.11.0-1.\n\nWe recommend that you upgrade your icinga packages.\";\ntag_summary = \"Multiple security issues have been found in the Icinga host and network\nmonitoring system (buffer overflows, cross-site request forgery, off-by\nones) which could result in the execution of arbitrary code, denial of\nservice or session hijacking.\";\ntag_vuldetect = \"This check tests the installed software version using the apt package manager.\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.702956\");\n script_version(\"$Revision: 9354 $\");\n script_cve_id(\"CVE-2013-7106\", \"CVE-2013-7107\", \"CVE-2013-7108\", \"CVE-2014-1878\", \"CVE-2014-2386\");\n script_name(\"Debian Security Advisory DSA 2956-1 (icinga - security update)\");\n script_tag(name: \"last_modification\", value:\"$Date: 2018-04-06 09:15:32 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name: \"creation_date\", value:\"2014-06-11 00:00:00 +0200 (Wed, 11 Jun 2014)\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n\n script_xref(name: \"URL\", value: \"http://www.debian.org/security/2014/dsa-2956.html\");\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2014 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name: \"affected\", value: tag_affected);\n script_tag(name: \"insight\", value: tag_insight);\n# script_tag(name: \"impact\", value: tag_impact);\n script_tag(name: \"solution\", value: tag_solution);\n script_tag(name: \"summary\", value: tag_summary);\n script_tag(name: \"vuldetect\", value: tag_vuldetect);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"icinga\", ver:\"1.7.1-7\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icinga-cgi\", ver:\"1.7.1-7\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icinga-common\", ver:\"1.7.1-7\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icinga-core\", ver:\"1.7.1-7\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icinga-dbg\", ver:\"1.7.1-7\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icinga-doc\", ver:\"1.7.1-7\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icinga-idoutils\", ver:\"1.7.1-7\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icinga\", ver:\"1.7.1-7\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icinga-cgi\", ver:\"1.7.1-7\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icinga-common\", ver:\"1.7.1-7\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icinga-core\", ver:\"1.7.1-7\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icinga-dbg\", ver:\"1.7.1-7\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icinga-doc\", ver:\"1.7.1-7\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icinga-idoutils\", ver:\"1.7.1-7\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icinga\", ver:\"1.7.1-7\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icinga-cgi\", ver:\"1.7.1-7\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icinga-common\", ver:\"1.7.1-7\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icinga-core\", ver:\"1.7.1-7\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icinga-dbg\", ver:\"1.7.1-7\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icinga-doc\", ver:\"1.7.1-7\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icinga-idoutils\", ver:\"1.7.1-7\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icinga\", ver:\"1.7.1-7\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icinga-cgi\", ver:\"1.7.1-7\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icinga-common\", ver:\"1.7.1-7\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icinga-core\", ver:\"1.7.1-7\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icinga-dbg\", ver:\"1.7.1-7\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icinga-doc\", ver:\"1.7.1-7\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icinga-idoutils\", ver:\"1.7.1-7\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "naslFamily": "Debian Local Security Checks"}, "differentElements": ["modified", "sourceData"], "edition": 3, "lastseen": "2018-09-01T23:55:29"}, {"bulletin": {"id": "OPENVAS:1361412562310702956", "hash": "46088382054069b564dde45dc3abcfd84ca5b45cb63fdc51e583da80b16cd653", "type": "openvas", "bulletinFamily": "scanner", "title": "Debian Security Advisory DSA 2956-1 (icinga - security update)", "description": "Multiple security issues have been found in the Icinga host and network\nmonitoring system (buffer overflows, cross-site request forgery, off-by\nones) which could result in the execution of arbitrary code, denial of\nservice or session hijacking.", "published": "2014-06-11T00:00:00", "modified": "2018-04-06T00:00:00", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310702956", "reporter": "Copyright (c) 2014 Greenbone Networks GmbH http://greenbone.net", "references": ["http://www.debian.org/security/2014/dsa-2956.html"], "cvelist": ["CVE-2013-7106", "CVE-2013-7107", "CVE-2014-1878", "CVE-2014-2386", "CVE-2013-7108"], "lastseen": "2018-08-30T19:24:14", "history": [], "viewCount": 0, "enchantments": {"score": {"value": 7.5, "vector": "NONE"}}, "objectVersion": "1.4", "pluginID": "1361412562310702956", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2956.nasl 9354 2018-04-06 07:15:32Z cfischer $\n# Auto-generated from advisory DSA 2956-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2014 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ntag_affected = \"icinga on Debian Linux\";\ntag_insight = \"Icinga is a modular monitoring framework for hosts, services, and\nnetworks, based on the Nagios project. It is designed to be easy to\nunderstand and modify to fit any need.\";\ntag_solution = \"For the stable distribution (wheezy), these problems have been fixed in\nversion 1.7.1-7.\n\nFor the testing distribution (jessie), these problems have been fixed in\nversion 1.11.0-1.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 1.11.0-1.\n\nWe recommend that you upgrade your icinga packages.\";\ntag_summary = \"Multiple security issues have been found in the Icinga host and network\nmonitoring system (buffer overflows, cross-site request forgery, off-by\nones) which could result in the execution of arbitrary code, denial of\nservice or session hijacking.\";\ntag_vuldetect = \"This check tests the installed software version using the apt package manager.\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.702956\");\n script_version(\"$Revision: 9354 $\");\n script_cve_id(\"CVE-2013-7106\", \"CVE-2013-7107\", \"CVE-2013-7108\", \"CVE-2014-1878\", \"CVE-2014-2386\");\n script_name(\"Debian Security Advisory DSA 2956-1 (icinga - security update)\");\n script_tag(name: \"last_modification\", value:\"$Date: 2018-04-06 09:15:32 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name: \"creation_date\", value:\"2014-06-11 00:00:00 +0200 (Wed, 11 Jun 2014)\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n\n script_xref(name: \"URL\", value: \"http://www.debian.org/security/2014/dsa-2956.html\");\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2014 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name: \"affected\", value: tag_affected);\n script_tag(name: \"insight\", value: tag_insight);\n# script_tag(name: \"impact\", value: tag_impact);\n script_tag(name: \"solution\", value: tag_solution);\n script_tag(name: \"summary\", value: tag_summary);\n script_tag(name: \"vuldetect\", value: tag_vuldetect);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"icinga\", ver:\"1.7.1-7\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icinga-cgi\", ver:\"1.7.1-7\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icinga-common\", ver:\"1.7.1-7\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icinga-core\", ver:\"1.7.1-7\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icinga-dbg\", ver:\"1.7.1-7\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icinga-doc\", ver:\"1.7.1-7\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icinga-idoutils\", ver:\"1.7.1-7\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icinga\", ver:\"1.7.1-7\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icinga-cgi\", ver:\"1.7.1-7\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icinga-common\", ver:\"1.7.1-7\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icinga-core\", ver:\"1.7.1-7\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icinga-dbg\", ver:\"1.7.1-7\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icinga-doc\", ver:\"1.7.1-7\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icinga-idoutils\", ver:\"1.7.1-7\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icinga\", ver:\"1.7.1-7\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icinga-cgi\", ver:\"1.7.1-7\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icinga-common\", ver:\"1.7.1-7\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icinga-core\", ver:\"1.7.1-7\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icinga-dbg\", ver:\"1.7.1-7\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icinga-doc\", ver:\"1.7.1-7\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icinga-idoutils\", ver:\"1.7.1-7\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icinga\", ver:\"1.7.1-7\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icinga-cgi\", ver:\"1.7.1-7\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icinga-common\", ver:\"1.7.1-7\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icinga-core\", ver:\"1.7.1-7\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icinga-dbg\", ver:\"1.7.1-7\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icinga-doc\", ver:\"1.7.1-7\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icinga-idoutils\", ver:\"1.7.1-7\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "naslFamily": "Debian Local Security Checks"}, "differentElements": ["cvss"], "edition": 2, "lastseen": "2018-08-30T19:24:14"}, {"bulletin": {"id": "OPENVAS:1361412562310702956", "hash": "a8474d106bdfc5032d781bca0c1309400ad4f5acd45b878c11c23c2154cde4d5", "type": "openvas", "bulletinFamily": "scanner", "title": "Debian Security Advisory DSA 2956-1 (icinga - security update)", "description": "Multiple security issues have been found in the Icinga host and network\nmonitoring system (buffer overflows, cross-site request forgery, off-by\nones) which could result in the execution of arbitrary code, denial of\nservice or session hijacking.", "published": "2014-06-11T00:00:00", "modified": "2019-03-19T00:00:00", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310702956", "reporter": "Copyright (c) 2014 Greenbone Networks GmbH http://greenbone.net", "references": ["http://www.debian.org/security/2014/dsa-2956.html"], "cvelist": ["CVE-2013-7106", "CVE-2013-7107", "CVE-2014-1878", "CVE-2014-2386", "CVE-2013-7108"], "lastseen": "2019-03-19T12:39:06", "history": [], "viewCount": 0, "enchantments": {"dependencies": {"modified": "2019-03-19T12:39:06", "references": [{"idList": ["DEBIAN_DLA-60.NASL", "UBUNTU_USN-3253-1.NASL", "SUSE_11_NAGIOS-140331.NASL", "SUSE_11_NAGIOS-140108.NASL", "DEBIAN_DSA-2956.NASL", "UBUNTU_USN-3253-2.NASL", "OPENSUSE-2014-153.NASL", "OPENSUSE-2014-13.NASL", "OPENSUSE-2014-42.NASL", "DEBIAN_DLA-1615.NASL"], "type": "nessus"}, {"idList": ["SSV:62102"], "type": "seebug"}, {"idList": ["ALAS-2017-899"], "type": "amazon"}, {"idList": ["OPENVAS:1361412562310804248", "OPENVAS:1361412562310121309", "OPENVAS:1361412562310843202", "OPENVAS:1361412562310891615", "OPENVAS:1361412562310843124", "OPENVAS:702956"], "type": "openvas"}, {"idList": ["GLSA-201412-23"], "type": "gentoo"}, {"idList": ["SECURITYVULNS:VULN:13733", "SECURITYVULNS:DOC:30828", "SECURITYVULNS:DOC:30248", "SECURITYVULNS:VULN:13533", "SECURITYVULNS:VULN:13836", "SECURITYVULNS:DOC:30629", "SECURITYVULNS:DOC:30630"], "type": "securityvulns"}, {"idList": ["CVE-2013-7106", "CVE-2013-7107", "CVE-2014-1878", "CVE-2014-2386", "CVE-2013-7108"], "type": "cve"}, {"idList": ["USN-3253-2", "USN-3253-1"], "type": "ubuntu"}, {"idList": ["DEBIAN:DLA-461-1:5370A", "DEBIAN:DLA-1615-1:D4F7C", "DEBIAN:DSA-2956-1:6D0D0", "DEBIAN:DLA-60-1:5B1EB"], "type": "debian"}, {"idList": ["EDB-ID:38882"], "type": "exploitdb"}, {"idList": ["BA04A373-7D20-11E3-8992-00132034B086", "4E95EB4E-B737-11E3-87CD-F0DEF10DCA57"], "type": "freebsd"}]}, "score": {"value": 7.5, "vector": "NONE"}}, "objectVersion": "1.4", "pluginID": "1361412562310702956", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2956.nasl 14302 2019-03-19 08:28:48Z cfischer $\n# Auto-generated from advisory DSA 2956-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2014 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.702956\");\n script_version(\"$Revision: 14302 $\");\n script_cve_id(\"CVE-2013-7106\", \"CVE-2013-7107\", \"CVE-2013-7108\", \"CVE-2014-1878\", \"CVE-2014-2386\");\n script_name(\"Debian Security Advisory DSA 2956-1 (icinga - security update)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-19 09:28:48 +0100 (Tue, 19 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2014-06-11 00:00:00 +0200 (Wed, 11 Jun 2014)\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n\n script_xref(name:\"URL\", value:\"http://www.debian.org/security/2014/dsa-2956.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2014 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB7\");\n script_tag(name:\"affected\", value:\"icinga on Debian Linux\");\n script_tag(name:\"solution\", value:\"For the stable distribution (wheezy), these problems have been fixed in\nversion 1.7.1-7.\n\nFor the testing distribution (jessie), these problems have been fixed in\nversion 1.11.0-1.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 1.11.0-1.\n\nWe recommend that you upgrade your icinga packages.\");\n script_tag(name:\"summary\", value:\"Multiple security issues have been found in the Icinga host and network\nmonitoring system (buffer overflows, cross-site request forgery, off-by\nones) which could result in the execution of arbitrary code, denial of\nservice or session hijacking.\");\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version using the apt package manager.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"icinga\", ver:\"1.7.1-7\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icinga-cgi\", ver:\"1.7.1-7\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icinga-common\", ver:\"1.7.1-7\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icinga-core\", ver:\"1.7.1-7\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icinga-dbg\", ver:\"1.7.1-7\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icinga-doc\", ver:\"1.7.1-7\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icinga-idoutils\", ver:\"1.7.1-7\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}", "naslFamily": "Debian Local Security Checks"}, "differentElements": ["cvss"], "edition": 4, "lastseen": "2019-03-19T12:39:06"}], "viewCount": 1, "enchantments": {"dependencies": {"references": [{"type": "debian", "idList": ["DEBIAN:DLA-60-1:98AA3", "DEBIAN:DLA-1615-1:D1385", "DEBIAN:DLA-60-1:5B1EB", "DEBIAN:DLA-1615-1:D4F7C", "DEBIAN:DSA-2956-1:6D0D0", "DEBIAN:DLA-461-1:5370A"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310843124", "OPENVAS:702956", "OPENVAS:1361412562310121309", "OPENVAS:1361412562310843202", "OPENVAS:1361412562310891615", "OPENVAS:1361412562310804248"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:30828", "SECURITYVULNS:VULN:13836", "SECURITYVULNS:DOC:30630", "SECURITYVULNS:DOC:30248", "SECURITYVULNS:VULN:13533", "SECURITYVULNS:DOC:30629", "SECURITYVULNS:VULN:13733"]}, {"type": "nessus", "idList": ["MANDRIVA_MDVSA-2014-089.NASL", "OPENSUSE-2014-42.NASL", "UBUNTU_USN-3253-2.NASL", "SUSE_11_NAGIOS-140108.NASL", "MANDRIVA_MDVSA-2014-004.NASL", "UBUNTU_USN-3253-1.NASL", "FREEBSD_PKG_BA04A3737D2011E3899200132034B086.NASL", "OPENSUSE-2014-291.NASL", "DEBIAN_DLA-461.NASL", "OPENSUSE-2014-58.NASL", "GENTOO_GLSA-201412-23.NASL", "OPENSUSE-2014-237.NASL", "DEBIAN_DLA-1615.NASL", "OPENSUSE-2014-13.NASL", "OPENSUSE-2014-153.NASL", "ALA_ALAS-2017-899.NASL", "DEBIAN_DLA-60.NASL", "SUSE_11_NAGIOS-140331.NASL", "FREEBSD_PKG_4E95EB4EB73711E387CDF0DEF10DCA57.NASL", "DEBIAN_DSA-2956.NASL"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2013-7107", "UB:CVE-2014-2386", "UB:CVE-2013-7108", "UB:CVE-2013-7106", "UB:CVE-2014-1878"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2013-7107", "DEBIANCVE:CVE-2014-1878", "DEBIANCVE:CVE-2013-7108", "DEBIANCVE:CVE-2013-7106", "DEBIANCVE:CVE-2014-2386"]}, {"type": "cve", "idList": ["CVE-2013-7107", "CVE-2014-1878", "CVE-2013-7108", "CVE-2014-2386", "CVE-2013-7106"]}, {"type": "alpinelinux", "idList": ["ALPINE:CVE-2013-7108", "ALPINE:CVE-2014-1878"]}, {"type": "ubuntu", "idList": ["USN-3253-2", "USN-3253-1"]}, {"type": "exploitdb", "idList": ["EDB-ID:38882"]}, {"type": "seebug", "idList": ["SSV:62102"]}, {"type": "freebsd", "idList": ["4E95EB4E-B737-11E3-87CD-F0DEF10DCA57", "BA04A373-7D20-11E3-8992-00132034B086"]}, {"type": "checkpoint_advisories", "idList": ["CPAI-2014-0376"]}, {"type": "ibm", "idList": ["079322F37896A0ABC40D5E9888C345C74DC7F9F0503D886CB971333FDE21464E"]}, {"type": "amazon", "idList": ["ALAS-2017-899"]}, {"type": "gentoo", "idList": ["GLSA-201412-23"]}], "modified": "2019-05-29T18:37:45", "rev": 2}, "score": {"value": 7.9, "vector": "NONE", "modified": "2019-05-29T18:37:45", "rev": 2}}, "objectVersion": "1.5", "pluginID": "1361412562310702956", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2956.nasl 14302 2019-03-19 08:28:48Z cfischer $\n# Auto-generated from advisory DSA 2956-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2014 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.702956\");\n script_version(\"$Revision: 14302 $\");\n script_cve_id(\"CVE-2013-7106\", \"CVE-2013-7107\", \"CVE-2013-7108\", \"CVE-2014-1878\", \"CVE-2014-2386\");\n script_name(\"Debian Security Advisory DSA 2956-1 (icinga - security update)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-19 09:28:48 +0100 (Tue, 19 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2014-06-11 00:00:00 +0200 (Wed, 11 Jun 2014)\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n\n script_xref(name:\"URL\", value:\"http://www.debian.org/security/2014/dsa-2956.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2014 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB7\");\n script_tag(name:\"affected\", value:\"icinga on Debian Linux\");\n script_tag(name:\"solution\", value:\"For the stable distribution (wheezy), these problems have been fixed in\nversion 1.7.1-7.\n\nFor the testing distribution (jessie), these problems have been fixed in\nversion 1.11.0-1.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 1.11.0-1.\n\nWe recommend that you upgrade your icinga packages.\");\n script_tag(name:\"summary\", value:\"Multiple security issues have been found in the Icinga host and network\nmonitoring system (buffer overflows, cross-site request forgery, off-by\nones) which could result in the execution of arbitrary code, denial of\nservice or session hijacking.\");\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version using the apt package manager.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"icinga\", ver:\"1.7.1-7\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icinga-cgi\", ver:\"1.7.1-7\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icinga-common\", ver:\"1.7.1-7\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icinga-core\", ver:\"1.7.1-7\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icinga-dbg\", ver:\"1.7.1-7\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icinga-doc\", ver:\"1.7.1-7\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icinga-idoutils\", ver:\"1.7.1-7\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}", "naslFamily": "Debian Local Security Checks", "_object_type": "robots.models.openvas.OpenVASBulletin", "_object_types": ["robots.models.base.Bulletin", "robots.models.openvas.OpenVASBulletin"], "immutableFields": [], "cvss2": {}, "cvss3": {}}], "securityvulns": [{"id": "SECURITYVULNS:DOC:30828", "bulletinFamily": "software", "title": "[SECURITY] [DSA 2956-1] icinga security update", "description": "\r\n\r\n-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n- -------------------------------------------------------------------------\r\nDebian Security Advisory DSA-2956-1 security@debian.org\r\nhttp://www.debian.org/security/ Moritz Muehlenhoff\r\nJune 11, 2014 http://www.debian.org/security/faq\r\n- -------------------------------------------------------------------------\r\n\r\nPackage : icinga\r\nCVE ID : CVE-2013-7106 CVE-2013-7107 CVE-2013-7108 CVE-2014-1878 \r\n CVE-2014-2386\r\n\r\nMultiple security issues have been found in the Icinga host and network\r\nmonitoring system &#40;buffer overflows, cross-site request forgery, off-by\r\nones&#41; which could result in the execution of arbitrary code, denial of\r\nservice or session hijacking.\r\n\r\nFor the stable distribution &#40;wheezy&#41;, these problems have been fixed in\r\nversion 1.7.1-7.\r\n\r\nFor the testing distribution &#40;jessie&#41;, these problems have been fixed in\r\nversion 1.11.0-1.\r\n\r\nFor the unstable distribution &#40;sid&#41;, these problems have been fixed in\r\nversion 1.11.0-1.\r\n\r\nWe recommend that you upgrade your icinga packages.\r\n\r\nFurther information about Debian Security Advisories, how to apply\r\nthese updates to your system and frequently asked questions can be\r\nfound at: http://www.debian.org/security/\r\n\r\nMailing list: debian-security-announce@lists.debian.org\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1\r\n\r\niQIcBAEBAgAGBQJTmGiJAAoJEBDCk7bDfE42ht8QALgnGvSkYNUNH1hGAkLs5k8U\r\nUaclxk+kZl/m4sx1w1si/iF/XWMmq1+A3ptsByMXSq2dyrtqBP6Y9aJX0UU0Yyep\r\nFvMP1XjFY+ooVVv0Yhd5nagtCreIVj/Q/bhgIxOV6b55BJaCiuOueFpRRNVX17IL\r\npg04TDgeKmzC3Rk4FK64fvWWoj99UnQu3D2QqToeeQfArkj+6jUGCvmcPi0c95wd\r\necVZxmPaFdLkzzjLTDMN+vR4v4d5EtvGi1sLvind5ceuhzh8OMfv+j2H1Omv/w+P\r\nFz+vMwS6iUaOpVDo4e2uNMIR2Aa/pbGXDEC0kXj2eEdgOrh+2tSgeHNQ6sDcpKbW\r\nrMl2iMJC930WI4u6t0thLYTYpul53gAKpQzeK4kT/24HdpPCknqxn0pbTnMEXfZC\r\npJri0jvZtoWpMpmUXLIhpTKHreR6/v7Fz17ZshlUuJfi11e6l6y5vEFZko/5KZxD\r\nqEtfD3OeQhKO7Y55gsCf3r7SEDLSNDbfYqYn2Qv4b0QDPYjlZNZLXr2ldzHF7D2h\r\nq0ysFko6vOcgneNPCvd8joil7vgZGLSRIpgYEB9G2uBIgEaCV0/n6v5pJ5E2dyBu\r\n336ggdK9sojNvor7yzKKNs/uApD0nhR6vJS46JSVAVijIUmoLTepgEbPzdn/kGKa\r\n1MoybG+77CBL9visVFUF\r\n=155r\r\n-----END PGP SIGNATURE-----\r\n\r\n", "published": "2014-06-14T00:00:00", "modified": "2014-06-14T00:00:00", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:30828", "reporter": "Securityvulns", "references": [], "cvelist": ["CVE-2013-7106", "CVE-2013-7107", "CVE-2014-1878", "CVE-2014-2386", "CVE-2013-7108"], "type": "securityvulns", "lastseen": "2018-08-31T11:10:52", "history": [], "edition": 1, "hashmap": [{"key": "affectedSoftware", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "bulletinFamily", "hash": "f9fa10ba956cacf91d7878861139efb9"}, {"key": "cvelist", "hash": "581dd9b01e6a004a2fc411329f7d7939"}, {"key": "cvss", "hash": "737e2591b537c46d1ca7ce6f0cea5cb9"}, {"key": "description", "hash": "2ae684dd966dd46ce552bee18710b586"}, {"key": "href", "hash": "c710cf819201bddee449fa5b1d167057"}, {"key": "modified", "hash": "3806a123621f4632a5424aba3641557c"}, {"key": "published", "hash": "3806a123621f4632a5424aba3641557c"}, {"key": "references", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "reporter", "hash": "a49ebb2e1a771348dfa0039e0d589df6"}, {"key": "title", "hash": "5f8f3cac20b0176835a3bca3dd2b95e2"}, {"key": "type", "hash": "d54751dd75af2ea0147b462b3e001cd0"}], "hash": "e6987c17b9bb711d44a86adfed5a81a48cfe1fd31c8a550b2fdcf31607c55c7b", "viewCount": 6, "enchantments": {"score": {"value": 7.6, "vector": "NONE", "modified": "2018-08-31T11:10:52", "rev": 2}, "dependencies": {"references": [{"type": "openvas", "idList": ["OPENVAS:1361412562310843124", "OPENVAS:702956", "OPENVAS:1361412562310121309", "OPENVAS:1361412562310702956", "OPENVAS:1361412562310843202", "OPENVAS:1361412562310891615", "OPENVAS:1361412562310804248"]}, {"type": "nessus", "idList": ["MANDRIVA_MDVSA-2014-089.NASL", "OPENSUSE-2014-42.NASL", "UBUNTU_USN-3253-2.NASL", "SUSE_11_NAGIOS-140108.NASL", "MANDRIVA_MDVSA-2014-004.NASL", "UBUNTU_USN-3253-1.NASL", "FREEBSD_PKG_BA04A3737D2011E3899200132034B086.NASL", "OPENSUSE-2014-291.NASL", "DEBIAN_DLA-461.NASL", "OPENSUSE-2014-58.NASL", "GENTOO_GLSA-201412-23.NASL", "OPENSUSE-2014-237.NASL", "DEBIAN_DLA-1615.NASL", "OPENSUSE-2014-13.NASL", "OPENSUSE-2014-153.NASL", "ALA_ALAS-2017-899.NASL", "DEBIAN_DLA-60.NASL", "SUSE_11_NAGIOS-140331.NASL", "FREEBSD_PKG_4E95EB4EB73711E387CDF0DEF10DCA57.NASL", "DEBIAN_DSA-2956.NASL"]}, {"type": "debian", "idList": ["DEBIAN:DLA-60-1:98AA3", "DEBIAN:DLA-1615-1:D1385", "DEBIAN:DLA-60-1:5B1EB", "DEBIAN:DLA-1615-1:D4F7C", "DEBIAN:DSA-2956-1:6D0D0", "DEBIAN:DLA-461-1:5370A"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2013-7107", "DEBIANCVE:CVE-2014-1878", "DEBIANCVE:CVE-2013-7108", "DEBIANCVE:CVE-2013-7106", "DEBIANCVE:CVE-2014-2386"]}, {"type": "cve", "idList": ["CVE-2013-7107", "CVE-2014-1878", "CVE-2013-7108", "CVE-2014-2386", "CVE-2013-7106"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2013-7107", "UB:CVE-2014-2386", "UB:CVE-2013-7108", "UB:CVE-2013-7106", "UB:CVE-2014-1878"]}, {"type": "alpinelinux", "idList": ["ALPINE:CVE-2013-7108", "ALPINE:CVE-2014-1878"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:13836", "SECURITYVULNS:DOC:30630", "SECURITYVULNS:DOC:30248", "SECURITYVULNS:VULN:13533", "SECURITYVULNS:DOC:30629", "SECURITYVULNS:VULN:13733"]}, {"type": "ubuntu", "idList": ["USN-3253-2", "USN-3253-1"]}, {"type": "exploitdb", "idList": ["EDB-ID:38882"]}, {"type": "seebug", "idList": ["SSV:62102"]}, {"type": "freebsd", "idList": ["4E95EB4E-B737-11E3-87CD-F0DEF10DCA57", "BA04A373-7D20-11E3-8992-00132034B086"]}, {"type": "checkpoint_advisories", "idList": ["CPAI-2014-0376"]}, {"type": "ibm", "idList": ["079322F37896A0ABC40D5E9888C345C74DC7F9F0503D886CB971333FDE21464E"]}, {"type": "amazon", "idList": ["ALAS-2017-899"]}, {"type": "gentoo", "idList": ["GLSA-201412-23"]}], "modified": "2018-08-31T11:10:52", "rev": 2}}, "objectVersion": "1.5", "affectedSoftware": [], "immutableFields": [], "cvss2": {}, "cvss3": {}}, {"id": "SECURITYVULNS:VULN:13836", "bulletinFamily": "software", "title": "Web applications security vulnerabilities summary &#40;PHP, ASP, JSP, CGI, Perl&#41;", "description": "PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.", "published": "2014-06-14T00:00:00", "modified": "2014-06-14T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:13836", "reporter": " ", "references": ["https://vulners.com/securityvulns/securityvulns:doc:30859", "https://vulners.com/securityvulns/securityvulns:doc:30868", "https://vulners.com/securityvulns/securityvulns:doc:30863", "https://vulners.com/securityvulns/securityvulns:doc:30872", "https://vulners.com/securityvulns/securityvulns:doc:30853", "https://vulners.com/securityvulns/securityvulns:doc:30852", "https://vulners.com/securityvulns/securityvulns:doc:30843", "https://vulners.com/securityvulns/securityvulns:doc:30846", "https://vulners.com/securityvulns/securityvulns:doc:30840", "https://vulners.com/securityvulns/securityvulns:doc:30847", "https://vulners.com/securityvulns/securityvulns:doc:30848", "https://vulners.com/securityvulns/securityvulns:doc:30851", "https://vulners.com/securityvulns/securityvulns:doc:30864", "https://vulners.com/securityvulns/securityvulns:doc:30845", "https://vulners.com/securityvulns/securityvulns:doc:30869", "https://vulners.com/securityvulns/securityvulns:doc:30834", "https://vulners.com/securityvulns/securityvulns:doc:30828", "https://vulners.com/securityvulns/securityvulns:doc:30831", "https://vulners.com/securityvulns/securityvulns:doc:30829", "https://vulners.com/securityvulns/securityvulns:doc:30839", "https://vulners.com/securityvulns/securityvulns:doc:30844", "https://vulners.com/securityvulns/securityvulns:doc:30865", "https://vulners.com/securityvulns/securityvulns:doc:30856", "https://vulners.com/securityvulns/securityvulns:doc:30837", "https://vulners.com/securityvulns/securityvulns:doc:30866", "https://vulners.com/securityvulns/securityvulns:doc:30857", "https://vulners.com/securityvulns/securityvulns:doc:30850", "https://vulners.com/securityvulns/securityvulns:doc:30833", "https://vulners.com/securityvulns/securityvulns:doc:30849", "https://vulners.com/securityvulns/securityvulns:doc:30825", "https://vulners.com/securityvulns/securityvulns:doc:30870", "https://vulners.com/securityvulns/securityvulns:doc:30835", "https://vulners.com/securityvulns/securityvulns:doc:30871", "https://vulners.com/securityvulns/securityvulns:doc:30854", "https://vulners.com/securityvulns/securityvulns:doc:30861", "https://vulners.com/securityvulns/securityvulns:doc:30830", "https://vulners.com/securityvulns/securityvulns:doc:30826", "https://vulners.com/securityvulns/securityvulns:doc:30827", "https://vulners.com/securityvulns/securityvulns:doc:30855", "https://vulners.com/securityvulns/securityvulns:doc:30862", "https://vulners.com/securityvulns/securityvulns:doc:30858", "https://vulners.com/securityvulns/securityvulns:doc:30842", "https://vulners.com/securityvulns/securityvulns:doc:30832", "https://vulners.com/securityvulns/securityvulns:doc:30836", "https://vulners.com/securityvulns/securityvulns:doc:30838", "https://vulners.com/securityvulns/securityvulns:doc:30860"], "cvelist": ["CVE-2014-3946", "CVE-2014-3781", "CVE-2014-2575", "CVE-2014-3945", "CVE-2014-2987", "CVE-2014-2303", "CVE-2014-3414", "CVE-2014-3947", "CVE-2014-2554", "CVE-2014-3948", "CVE-2014-3944", "CVE-2014-3137", "CVE-2014-3740", "CVE-2013-2251", "CVE-2014-3877", "CVE-2014-3446", "CVE-2014-3943", "CVE-2014-3941", "CVE-2014-3210", "CVE-2014-1402", "CVE-2014-0228", "CVE-2014-3415", "CVE-2014-0130", "CVE-2014-2577", "CVE-2014-3875", "CVE-2014-3942", "CVE-2014-3783", "CVE-2013-7106", "CVE-2014-2233", "CVE-2014-2843", "CVE-2014-3447", "CVE-2013-7107", "CVE-2014-3749", "CVE-2014-0081", "CVE-2014-2232", "CVE-2014-1855", "CVE-2014-1878", "CVE-2014-2302", "CVE-2014-0082", "CVE-2014-3876", "CVE-2014-2553", "CVE-2014-3782", "CVE-2014-2386", "CVE-2014-3966", "CVE-2013-5954", "CVE-2014-0107", "CVE-2014-3448", "CVE-2013-7108", "CVE-2014-2988", "CVE-2014-3445", "CVE-2014-3949"], "type": "securityvulns", "lastseen": "2021-06-08T18:45:19", "history": [{"bulletin": {"affectedSoftware": [{"name": "python-jinja", "operator": "eq", "version": "2.5"}, {"name": "Seo Panel", "operator": "eq", "version": "3.4"}, {"name": "SpiceWorks", "operator": "eq", "version": "7.2"}, {"name": "Wordpress Booking System", "operator": "eq", "version": "1.2"}, {"name": "Mybb", "operator": "eq", "version": "1.6"}, {"name": "icinga", "operator": "eq", "version": "1.11"}, {"name": "Action Pack", "operator": "eq", "version": "3.2"}, {"name": "MapAPI", "operator": "eq", "version": "1.1"}, {"name": "Revive Adserver", "operator": "eq", "version": "3.0"}, {"name": "Dotclear", "operator": "eq", "version": "6.2"}, {"name": "Continuity CMS", "operator": "eq", "version": "4.2"}, {"name": "Hive", "operator": "eq", "version": "0.13"}, {"name": "Continuum", "operator": "eq", "version": "1.4"}, {"name": "CodeIgniter", "operator": "eq", "version": "2.1"}, {"name": "otrs", "operator": "eq", "version": "3.2"}, {"name": "ASPxFileManager", "operator": "eq", "version": "13.2"}, {"name": "typo3", "operator": "eq", "version": "4.5"}, {"name": "mediawiki", "operator": "eq", "version": "1.19"}, {"name": "eGroupware", "operator": "eq", "version": "1.8"}, {"name": "libxalan", "operator": "eq", "version": "2.7"}, {"name": "webEdition", "operator": "eq", "version": "6.3"}, {"name": "Sharetronix", "operator": "eq", "version": "3.3"}, {"name": "python-bottle", "operator": "eq", "version": "0.10"}, {"name": "Struts", "operator": "eq", "version": "2.3"}, {"name": "Transform Foundation Server", "operator": "eq", "version": "5.2"}, {"name": "FCKeditor", "operator": "eq", "version": "2.6"}, {"name": "SOS Webpages", "operator": "eq", "version": "1.1"}, {"name": "Participants Database", "operator": "eq", "version": "1.5"}], "bulletinFamily": "software", "cvelist": ["CVE-2014-3946", "CVE-2014-3781", "CVE-2014-2575", "CVE-2014-3945", "CVE-2014-2987", "CVE-2014-2303", "CVE-2014-3414", "CVE-2014-3947", "CVE-2014-2554", "CVE-2014-3948", "CVE-2014-3944", "CVE-2014-3137", "CVE-2014-3740", "CVE-2013-2251", "CVE-2014-3877", "CVE-2014-3446", "CVE-2014-3943", "CVE-2014-3941", "CVE-2014-3210", "CVE-2014-1402", "CVE-2014-0228", "CVE-2014-3415", "CVE-2014-0130", "CVE-2014-2577", "CVE-2014-3875", "CVE-2014-3942", "CVE-2014-3783", "CVE-2013-7106", "CVE-2014-2233", "CVE-2014-2843", "CVE-2014-3447", "CVE-2013-7107", "CVE-2014-3749", "CVE-2014-0081", "CVE-2014-2232", "CVE-2014-1855", "CVE-2014-1878", "CVE-2014-2302", "CVE-2014-0082", "CVE-2014-3876", "CVE-2014-2553", "CVE-2014-3782", "CVE-2014-2386", "CVE-2014-3966", "CVE-2013-5954", "CVE-2014-0107", "CVE-2014-3448", "CVE-2013-7108", "CVE-2014-2988", "CVE-2014-3445", "CVE-2014-3949"], "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "description": "PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.", "edition": 1, "enchantments": {"dependencies": {"modified": "2018-08-31T11:09:56", "references": [{"idList": ["1337DAY-ID-22317", "1337DAY-ID-22286"], "type": "zdt"}, {"idList": ["SECURITYVULNS:DOC:30828", "SECURITYVULNS:DOC:30862", "SECURITYVULNS:DOC:30868", "SECURITYVULNS:DOC:30864", "SECURITYVULNS:DOC:30837", "SECURITYVULNS:DOC:30845", "SECURITYVULNS:DOC:30848", "SECURITYVULNS:DOC:30872", "SECURITYVULNS:DOC:30830", "SECURITYVULNS:DOC:30834", "SECURITYVULNS:DOC:30831", "SECURITYVULNS:DOC:30859", "SECURITYVULNS:DOC:30861", "SECURITYVULNS:DOC:30870", "SECURITYVULNS:DOC:30854", "SECURITYVULNS:DOC:30860", "SECURITYVULNS:DOC:30855", "SECURITYVULNS:DOC:30851", "SECURITYVULNS:DOC:30846", "SECURITYVULNS:DOC:30836", "SECURITYVULNS:DOC:30853", "SECURITYVULNS:DOC:30839", "SECURITYVULNS:DOC:30869", "SECURITYVULNS:DOC:30843", "SECURITYVULNS:DOC:30832", "SECURITYVULNS:DOC:30856", "SECURITYVULNS:DOC:30849", "SECURITYVULNS:DOC:30842", "SECURITYVULNS:DOC:30866", "SECURITYVULNS:DOC:30827", "SECURITYVULNS:DOC:30850", "SECURITYVULNS:DOC:30835", "SECURITYVULNS:DOC:30858", "SECURITYVULNS:DOC:30847", "SECURITYVULNS:DOC:30833", "SECURITYVULNS:DOC:30871", "SECURITYVULNS:DOC:30863", "SECURITYVULNS:DOC:30865", "SECURITYVULNS:DOC:30825", "SECURITYVULNS:DOC:30829", "SECURITYVULNS:DOC:30857", "SECURITYVULNS:DOC:30840", "SECURITYVULNS:DOC:30838", "SECURITYVULNS:DOC:30826", "SECURITYVULNS:DOC:30568", "SECURITYVULNS:DOC:30852", "SECURITYVULNS:DOC:30844"], "type": "securityvulns"}, {"idList": ["OPENSUSE-2014-429.NASL", "DEBIAN_DLA-60.NASL", "DEBIAN_DSA-2956.NASL", "DEBIAN_DSA-2929.NASL", "OPENSUSE-2014-319.NASL", "DEBIAN_DLA-68.NASL", "MANDRIVA_MDVSA-2014-111.NASL"], "type": "nessus"}, {"idList": ["PACKETSTORM:126906"], "type": "packetstorm"}, {"idList": ["SOL15595", "F5:K15595"], "type": "f5"}, {"idList": ["DEBIAN:DLA-68-1:B79F5", "DEBIAN:DSA-2956-1:6D0D0", "DEBIAN:DLA-60-1:5B1EB", "DEBIAN:DSA-2929-1:88D5D"], "type": "debian"}, {"idList": ["TYPO3-EXT-SA-2014-007", "TYPO3-CORE-SA-2014-001"], "type": "typo3"}, {"idList": ["SSV:93066"], "type": "seebug"}, {"idList": ["OPENVAS:1361412562310804464", "OPENVAS:1361412562310804465", "OPENVAS:1361412562310702956", "OPENVAS:1361412562310802076", "OPENVAS:1361412562310702942", "OPENVAS:1361412562310804664", "OPENVAS:702942", "OPENVAS:1361412562310702929", "OPENVAS:702929", "OPENVAS:702956"], "type": "openvas"}, {"idList": ["CVE-2014-2303", "CVE-2014-3944", "CVE-2014-3446", "CVE-2014-3941", "CVE-2014-3942", "CVE-2013-7106", "CVE-2014-3447", "CVE-2013-7107", "CVE-2013-5954", "CVE-2013-7108"], "type": "cve"}], "rev": 2}, "score": {"modified": "2018-08-31T11:09:56", "rev": 2, "value": 4.5, "vector": "NONE"}}, "hash": "b755412e9f556abb7a6b07e5462ce4253e926d75475079534fab13b9fe7fa9c1", "hashmap": [{"hash": "3806a123621f4632a5424aba3641557c", "key": "modified"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "immutableFields"}, {"hash": "2076413bdcb42307d016f5286cbae795", "key": "cvss"}, {"hash": "6cf996ed95ee5d10a1d320d0d36bafe6", "key": "references"}, {"hash": "a847ad13d837f39373399982fe4b1f29", "key": "affectedSoftware"}, {"hash": "6335ea2fe8c52e4750e5b2d17cbb6f0e", "key": "href"}, {"hash": "c61e5d59aa5c4e535b518cca44e00a6f", "key": "description"}, {"hash": "f9fa10ba956cacf91d7878861139efb9", "key": "bulletinFamily"}, {"hash": "3806a123621f4632a5424aba3641557c", "key": "published"}, {"hash": "7215ee9c7d9dc229d2921a40e899ec5f", "key": "reporter"}, {"hash": "fc6e88e5fbc2d23fd787f6b578b8ac2d", "key": "cvelist"}, {"hash": "9caff91e9ebcf551c6d0d9d96b286138", "key": "title"}, {"hash": "d54751dd75af2ea0147b462b3e001cd0", "key": "type"}], "history": [], "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:13836", "id": "SECURITYVULNS:VULN:13836", "immutableFields": [], "lastseen": "2018-08-31T11:09:56", "modified": "2014-06-14T00:00:00", "objectVersion": "1.5", "published": "2014-06-14T00:00:00", "references": ["https://vulners.com/securityvulns/securityvulns:doc:30859", "https://vulners.com/securityvulns/securityvulns:doc:30868", "https://vulners.com/securityvulns/securityvulns:doc:30863", "https://vulners.com/securityvulns/securityvulns:doc:30872", "https://vulners.com/securityvulns/securityvulns:doc:30853", "https://vulners.com/securityvulns/securityvulns:doc:30852", "https://vulners.com/securityvulns/securityvulns:doc:30843", "https://vulners.com/securityvulns/securityvulns:doc:30846", "https://vulners.com/securityvulns/securityvulns:doc:30840", "https://vulners.com/securityvulns/securityvulns:doc:30847", "https://vulners.com/securityvulns/securityvulns:doc:30848", "https://vulners.com/securityvulns/securityvulns:doc:30851", "https://vulners.com/securityvulns/securityvulns:doc:30864", "https://vulners.com/securityvulns/securityvulns:doc:30845", "https://vulners.com/securityvulns/securityvulns:doc:30869", "https://vulners.com/securityvulns/securityvulns:doc:30834", "https://vulners.com/securityvulns/securityvulns:doc:30828", "https://vulners.com/securityvulns/securityvulns:doc:30831", "https://vulners.com/securityvulns/securityvulns:doc:30829", "https://vulners.com/securityvulns/securityvulns:doc:30839", "https://vulners.com/securityvulns/securityvulns:doc:30844", "https://vulners.com/securityvulns/securityvulns:doc:30865", "https://vulners.com/securityvulns/securityvulns:doc:30856", "https://vulners.com/securityvulns/securityvulns:doc:30837", "https://vulners.com/securityvulns/securityvulns:doc:30866", "https://vulners.com/securityvulns/securityvulns:doc:30857", "https://vulners.com/securityvulns/securityvulns:doc:30850", "https://vulners.com/securityvulns/securityvulns:doc:30833", "https://vulners.com/securityvulns/securityvulns:doc:30849", "https://vulners.com/securityvulns/securityvulns:doc:30825", "https://vulners.com/securityvulns/securityvulns:doc:30870", "https://vulners.com/securityvulns/securityvulns:doc:30835", "https://vulners.com/securityvulns/securityvulns:doc:30871", "https://vulners.com/securityvulns/securityvulns:doc:30854", "https://vulners.com/securityvulns/securityvulns:doc:30861", "https://vulners.com/securityvulns/securityvulns:doc:30830", "https://vulners.com/securityvulns/securityvulns:doc:30826", "https://vulners.com/securityvulns/securityvulns:doc:30827", "https://vulners.com/securityvulns/securityvulns:doc:30855", "https://vulners.com/securityvulns/securityvulns:doc:30862", "https://vulners.com/securityvulns/securityvulns:doc:30858", "https://vulners.com/securityvulns/securityvulns:doc:30842", "https://vulners.com/securityvulns/securityvulns:doc:30832", "https://vulners.com/securityvulns/securityvulns:doc:30836", "https://vulners.com/securityvulns/securityvulns:doc:30838", "https://vulners.com/securityvulns/securityvulns:doc:30860"], "reporter": " ", "title": "Web applications security vulnerabilities summary &#40;PHP, ASP, JSP, CGI, Perl&#41;", "type": "securityvulns", "viewCount": 85}, "different_elements": ["affectedSoftware"], "edition": 1, "lastseen": "2018-08-31T11:09:56"}], "edition": 2, "hashmap": [{"key": "affectedSoftware", "hash": "4eee07236b44835f34e5e4f4c48bbd11"}, {"key": "bulletinFamily", "hash": "f9fa10ba956cacf91d7878861139efb9"}, {"key": "cvelist", "hash": "fc6e88e5fbc2d23fd787f6b578b8ac2d"}, {"key": "cvss", "hash": "2076413bdcb42307d016f5286cbae795"}, {"key": "description", "hash": "c61e5d59aa5c4e535b518cca44e00a6f"}, {"key": "href", "hash": "6335ea2fe8c52e4750e5b2d17cbb6f0e"}, {"key": "immutableFields", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "modified", "hash": "3806a123621f4632a5424aba3641557c"}, {"key": "published", "hash": "3806a123621f4632a5424aba3641557c"}, {"key": "references", "hash": "6cf996ed95ee5d10a1d320d0d36bafe6"}, {"key": "reporter", "hash": "7215ee9c7d9dc229d2921a40e899ec5f"}, {"key": "title", "hash": "9caff91e9ebcf551c6d0d9d96b286138"}, {"key": "type", "hash": "d54751dd75af2ea0147b462b3e001cd0"}], "hash": "fbc35bfaf04eb5b2a9b5d64736702686a51a41d3d6c250ab43e135c22d3d39ef", "viewCount": 131, "enchantments": {"dependencies": {"references": [{"type": "openvas", "idList": ["OPENVAS:702942", "OPENVAS:1361412562310702956", "OPENVAS:1361412562310702942", "OPENVAS:1361412562310802076", "OPENVAS:702956"]}, {"type": "nessus", "idList": ["OPENSUSE-2014-429.NASL", "DEBIAN_DSA-2956.NASL"]}, {"type": "debian", "idList": ["DEBIAN:DSA-2956-1:6D0D0"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:30836", "SECURITYVULNS:DOC:30866", "SECURITYVULNS:DOC:30855", "SECURITYVULNS:DOC:30843", "SECURITYVULNS:DOC:30844", "SECURITYVULNS:DOC:30869", "SECURITYVULNS:DOC:30835", "SECURITYVULNS:DOC:30839", "SECURITYVULNS:DOC:30840", "SECURITYVULNS:DOC:30872", "SECURITYVULNS:DOC:30857", "SECURITYVULNS:DOC:30848", "SECURITYVULNS:DOC:30864", "SECURITYVULNS:DOC:30838", "SECURITYVULNS:DOC:30850", "SECURITYVULNS:DOC:30831", "SECURITYVULNS:DOC:30827", "SECURITYVULNS:DOC:30868", "SECURITYVULNS:DOC:30858", "SECURITYVULNS:DOC:30837", "SECURITYVULNS:DOC:30871", "SECURITYVULNS:DOC:30845", "SECURITYVULNS:DOC:30842", "SECURITYVULNS:DOC:30849", "SECURITYVULNS:DOC:30853", "SECURITYVULNS:DOC:30856", "SECURITYVULNS:DOC:30833", "SECURITYVULNS:DOC:30829", "SECURITYVULNS:DOC:30846", "SECURITYVULNS:DOC:30851", "SECURITYVULNS:DOC:30860", "SECURITYVULNS:DOC:30832", "SECURITYVULNS:DOC:30826", "SECURITYVULNS:DOC:30825", "SECURITYVULNS:DOC:30870", "SECURITYVULNS:DOC:30863", "SECURITYVULNS:DOC:30861", "SECURITYVULNS:DOC:30854", "SECURITYVULNS:DOC:30828", "SECURITYVULNS:DOC:30834", "SECURITYVULNS:DOC:30862", "SECURITYVULNS:DOC:30859", "SECURITYVULNS:DOC:30865", "SECURITYVULNS:DOC:30852", "SECURITYVULNS:DOC:30847", "SECURITYVULNS:DOC:30830"]}, {"type": "typo3", "idList": ["TYPO3-CORE-SA-2014-001"]}, {"type": "cve", "idList": ["CVE-2014-2386", "CVE-2013-5954", "CVE-2014-3946", "CVE-2014-3877", "CVE-2014-0130", "CVE-2014-3875", "CVE-2013-2251", "CVE-2013-7107", "CVE-2013-7106", "CVE-2014-3782", "CVE-2013-7108", "CVE-2014-3945", "CVE-2014-3947", "CVE-2014-2303", "CVE-2014-2302", "CVE-2014-3447", "CVE-2014-1878", "CVE-2014-2988", "CVE-2014-1855", "CVE-2014-3943", "CVE-2014-2843", "CVE-2014-3948", "CVE-2014-3942", "CVE-2014-2577", "CVE-2014-2554", "CVE-2014-3944", "CVE-2014-0107", "CVE-2014-2575", "CVE-2014-1402", "CVE-2014-3210", "CVE-2014-3941", "CVE-2014-3749", "CVE-2014-3445", "CVE-2014-3446", "CVE-2014-3415", "CVE-2014-3740", "CVE-2014-2553", "CVE-2014-3876", "CVE-2014-3448", "CVE-2014-3414", "CVE-2014-3783", "CVE-2014-0082", "CVE-2014-3781", "CVE-2014-2233", "CVE-2014-3949", "CVE-2014-2987", "CVE-2014-3966"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2014-3943", "UB:CVE-2014-3783", "UB:CVE-2013-7107", "UB:CVE-2014-2553", "UB:CVE-2014-3876", "UB:CVE-2014-3941", "UB:CVE-2014-2554", "UB:CVE-2014-3944", "UB:CVE-2014-0107", "UB:CVE-2014-2386", "UB:CVE-2014-3945", "UB:CVE-2014-3781", "UB:CVE-2014-3875", "UB:CVE-2014-3782", "UB:CVE-2014-3947", "UB:CVE-2014-3877", "UB:CVE-2013-7106", "UB:CVE-2014-3966", "UB:CVE-2014-1402", "UB:CVE-2013-7108", "UB:CVE-2014-0082", "UB:CVE-2014-3946", "UB:CVE-2014-1878", "UB:CVE-2014-3942", "UB:CVE-2014-0130"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2014-2386", "DEBIANCVE:CVE-2013-7106", "DEBIANCVE:CVE-2014-1878", "DEBIANCVE:CVE-2014-2553", "DEBIANCVE:CVE-2014-0107", "DEBIANCVE:CVE-2014-3876", "DEBIANCVE:CVE-2013-7108", "DEBIANCVE:CVE-2013-7107", "DEBIANCVE:CVE-2014-1402", "DEBIANCVE:CVE-2014-0082", "DEBIANCVE:CVE-2014-3877", "DEBIANCVE:CVE-2014-3966", "DEBIANCVE:CVE-2014-3875", "DEBIANCVE:CVE-2014-2554"]}, {"type": "alpinelinux", "idList": ["ALPINE:CVE-2013-7108", "ALPINE:CVE-2014-1878"]}, {"type": "zdt", "idList": ["1337DAY-ID-22286"]}], "modified": "2021-06-08T18:45:19", "rev": 2}, "score": {"value": 4.2, "vector": "NONE", "modified": "2021-06-08T18:45:19", "rev": 2}}, "objectVersion": "1.5", "affectedSoftware": [{"name": "python-jinja", "operator": "eq", "version": "2.5"}, {"name": "struts", "operator": "eq", "version": "2.3"}, {"name": "dotclear", "operator": "eq", "version": "6.2"}, {"name": "icinga", "operator": "eq", "version": "1.11"}, {"name": "continuity cms", "operator": "eq", "version": "4.2"}, {"name": "revive adserver", "operator": "eq", "version": "3.0"}, {"name": "codeigniter", "operator": "eq", "version": "2.1"}, {"name": "fckeditor", "operator": "eq", "version": "2.6"}, {"name": "transform foundation server", "operator": "eq", "version": "5.2"}, {"name": "participants database", "operator": "eq", "version": "1.5"}, {"name": "otrs", "operator": "eq", "version": "3.2"}, {"name": "spiceworks", "operator": "eq", "version": "7.2"}, {"name": "mapapi", "operator": "eq", "version": "1.1"}, {"name": "mybb", "operator": "eq", "version": "1.6"}, {"name": "sharetronix", "operator": "eq", "version": "3.3"}, {"name": "typo3", "operator": "eq", "version": "4.5"}, {"name": "continuum", "operator": "eq", "version": "1.4"}, {"name": "mediawiki", "operator": "eq", "version": "1.19"}, {"name": "sos webpages", "operator": "eq", "version": "1.1"}, {"name": "hive", "operator": "eq", "version": "0.13"}, {"name": "seo panel", "operator": "eq", "version": "3.4"}, {"name": "libxalan", "operator": "eq", "version": "2.7"}, {"name": "wordpress booking system", "operator": "eq", "version": "1.2"}, {"name": "python-bottle", "operator": "eq", "version": "0.10"}, {"name": "action pack", "operator": "eq", "version": "3.2"}, {"name": "aspxfilemanager", "operator": "eq", "version": "13.2"}, {"name": "webedition", "operator": "eq", "version": "6.3"}, {"name": "egroupware", "operator": "eq", "version": "1.8"}], "immutableFields": [], "scheme": null, "cvss2": {}, "cvss3": {}}], "debian": [{"id": "DEBIAN:DSA-2956-1:6D0D0", "hash": "7dcc59c4920be3968613275cf2110de7", "type": "debian", "bulletinFamily": "unix", "title": "[SECURITY] [DSA 2956-1] icinga security update", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-2956-1 security@debian.org\nhttp://www.debian.org/security/ Moritz Muehlenhoff\nJune 11, 2014 http://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : icinga\nCVE ID : CVE-2013-7106 CVE-2013-7107 CVE-2013-7108 CVE-2014-1878 \n CVE-2014-2386\n\nMultiple security issues have been found in the Icinga host and network\nmonitoring system (buffer overflows, cross-site request forgery, off-by\nones) which could result in the execution of arbitrary code, denial of\nservice or session hijacking.\n\nFor the stable distribution (wheezy), these problems have been fixed in\nversion 1.7.1-7.\n\nFor the testing distribution (jessie), these problems have been fixed in\nversion 1.11.0-1.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 1.11.0-1.\n\nWe recommend that you upgrade your icinga packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: http://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org", "published": "2014-06-11T14:34:20", "modified": "2014-06-11T14:34:20", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cvss2": {"cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {}, "href": "https://lists.debian.org/debian-security-announce/2014/msg00136.html", "reporter": "Debian", "references": [], "cvelist": ["CVE-2013-7106", "CVE-2013-7107", "CVE-2013-7108", "CVE-2014-1878", "CVE-2014-2386"], "immutableFields": [], "lastseen": "2021-10-21T23:06:57", "history": [{"bulletin": {"id": "DEBIAN:DSA-2956-1:6D0D0", "hash": "88da0344710c150dc5ad04efba78b5485bf8b6a6b3e4424077fd2271dc311c99", "type": "debian", "bulletinFamily": "unix", "title": "[SECURITY] [DSA 2956-1] icinga security update", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-2956-1 security@debian.org\nhttp://www.debian.org/security/ Moritz Muehlenhoff\nJune 11, 2014 http://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : icinga\nCVE ID : CVE-2013-7106 CVE-2013-7107 CVE-2013-7108 CVE-2014-1878 \n CVE-2014-2386\n\nMultiple security issues have been found in the Icinga host and network\nmonitoring system (buffer overflows, cross-site request forgery, off-by\nones) which could result in the execution of arbitrary code, denial of\nservice or session hijacking.\n\nFor the stable distribution (wheezy), these problems have been fixed in\nversion 1.7.1-7.\n\nFor the testing distribution (jessie), these problems have been fixed in\nversion 1.11.0-1.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 1.11.0-1.\n\nWe recommend that you upgrade your icinga packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: http://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "published": "2014-06-11T14:34:43", "modified": "2014-06-11T14:34:43", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cvss2": {}, "cvss3": {}, "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2014/msg00136.html", "reporter": "Debian", "references": [], "cvelist": ["CVE-2013-7106", "CVE-2013-7107", "CVE-2014-1878", "CVE-2014-2386", "CVE-2013-7108"], "immutableFields": [], "lastseen": "2020-08-11T12:47:52", "history": [], "viewCount": 0, "enchantments": {"dependencies": {"modified": "2020-08-11T12:47:52", "references": [{"idList": ["SSV:62102"], "type": "seebug"}, {"idList": ["ALAS-2017-899"], "type": "amazon"}, {"idList": ["DEBIAN_DLA-60.NASL", "UBUNTU_USN-3253-1.NASL", "SUSE_11_NAGIOS-140331.NASL", "SUSE_11_NAGIOS-140108.NASL", "OPENSUSE-2014-58.NASL", "DEBIAN_DSA-2956.NASL", "UBUNTU_USN-3253-2.NASL", "OPENSUSE-2014-153.NASL", "OPENSUSE-2014-13.NASL", "DEBIAN_DLA-1615.NASL"], "type": "nessus"}, {"idList": ["OPENVAS:1361412562310804248", "OPENVAS:1361412562310121309", "OPENVAS:1361412562310843202", "OPENVAS:1361412562310702956", "OPENVAS:1361412562310891615", "OPENVAS:1361412562310843124", "OPENVAS:702956"], "type": "openvas"}, {"idList": ["GLSA-201412-23"], "type": "gentoo"}, {"idList": ["SECURITYVULNS:VULN:13733", "SECURITYVULNS:DOC:30828", "SECURITYVULNS:DOC:30248", "SECURITYVULNS:VULN:13533", "SECURITYVULNS:VULN:13836", "SECURITYVULNS:DOC:30629", "SECURITYVULNS:DOC:30630"], "type": "securityvulns"}, {"idList": ["CVE-2013-7106", "CVE-2013-7107", "CVE-2014-1878", "CVE-2014-2386", "CVE-2013-7108"], "type": "cve"}, {"idList": ["USN-3253-2", "USN-3253-1"], "type": "ubuntu"}, {"idList": ["EDB-ID:38882"], "type": "exploitdb"}, {"idList": ["DEBIAN:DLA-461-1:5370A", "DEBIAN:DLA-1615-1:D4F7C", "DEBIAN:DLA-60-1:5B1EB"], "type": "debian"}, {"idList": ["BA04A373-7D20-11E3-8992-00132034B086", "4E95EB4E-B737-11E3-87CD-F0DEF10DCA57"], "type": "freebsd"}], "rev": 2}, "score": {"modified": "2020-08-11T12:47:52", "rev": 2, "value": 7.5, "vector": "NONE"}}, "objectVersion": "1.6", "affectedPackage": [{"OS": "Debian", "OSVersion": "8", "arch": "all", "operator": "lt", "packageFilename": "icinga_1.11.0-1_all.deb", "packageName": "icinga", "packageVersion": "1.11.0-1"}, {"OS": "Debian", "OSVersion": "7", "arch": "all", "operator": "lt", "packageFilename": "icinga_1.7.1-7_all.deb", "packageName": "icinga", "packageVersion": "1.7.1-7"}]}, "lastseen": "2020-08-11T12:47:52", "differentElements": ["affectedPackage"], "edition": 1}, {"bulletin": {"id": "DEBIAN:DSA-2956-1:6D0D0", "hash": "a215e7130a412c884d27c148ed5b133a35b8cc18c6f2e4dd774e869923a0414e", "type": "debian", "bulletinFamily": "unix", "title": "[SECURITY] [DSA 2956-1] icinga security update", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-2956-1 security@debian.org\nhttp://www.debian.org/security/ Moritz Muehlenhoff\nJune 11, 2014 http://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : icinga\nCVE ID : CVE-2013-7106 CVE-2013-7107 CVE-2013-7108 CVE-2014-1878 \n CVE-2014-2386\n\nMultiple security issues have been found in the Icinga host and network\nmonitoring system (buffer overflows, cross-site request forgery, off-by\nones) which could result in the execution of arbitrary code, denial of\nservice or session hijacking.\n\nFor the stable distribution (wheezy), these problems have been fixed in\nversion 1.7.1-7.\n\nFor the testing distribution (jessie), these problems have been fixed in\nversion 1.11.0-1.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 1.11.0-1.\n\nWe recommend that you upgrade your icinga packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: http://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "published": "2014-06-11T14:34:43", "modified": "2014-06-11T14:34:43", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cvss2": {}, "cvss3": {}, "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2014/msg00136.html", "reporter": "Debian", "references": [], "cvelist": ["CVE-2013-7106", "CVE-2013-7107", "CVE-2014-1878", "CVE-2014-2386", "CVE-2013-7108"], "immutableFields": [], "lastseen": "2021-06-08T22:18:00", "history": [], "viewCount": 0, "enchantments": {"dependencies": {"modified": "2021-06-08T22:18:00", "references": [{"idList": ["SSV:62102"], "type": "seebug"}, {"idList": ["ALAS-2017-899"], "type": "amazon"}, {"idList": ["DEBIAN_DLA-60.NASL", "UBUNTU_USN-3253-1.NASL", "SUSE_11_NAGIOS-140108.NASL", "OPENSUSE-2014-58.NASL", "DEBIAN_DSA-2956.NASL", "UBUNTU_USN-3253-2.NASL", "OPENSUSE-2014-153.NASL", "OPENSUSE-2014-13.NASL", "OPENSUSE-2014-42.NASL", "DEBIAN_DLA-1615.NASL"], "type": "nessus"}, {"idList": ["UB:CVE-2013-7106", "UB:CVE-2014-1878", "UB:CVE-2013-7107", "UB:CVE-2014-2386", "UB:CVE-2013-7108"], "type": "ubuntucve"}, {"idList": ["OPENVAS:1361412562310804248", "OPENVAS:1361412562310121309", "OPENVAS:1361412562310843202", "OPENVAS:1361412562310702956", "OPENVAS:1361412562310891615", "OPENVAS:1361412562310843124", "OPENVAS:702956"], "type": "openvas"}, {"idList": ["GLSA-201412-23"], "type": "gentoo"}, {"idList": ["SECURITYVULNS:VULN:13733", "SECURITYVULNS:DOC:30828", "SECURITYVULNS:DOC:30248", "SECURITYVULNS:VULN:13533", "SECURITYVULNS:VULN:13836", "SECURITYVULNS:DOC:30629", "SECURITYVULNS:DOC:30630"], "type": "securityvulns"}, {"idList": ["CVE-2013-7106", "CVE-2013-7107", "CVE-2014-1878", "CVE-2014-2386", "CVE-2013-7108"], "type": "cve"}, {"idList": ["USN-3253-2", "USN-3253-1"], "type": "ubuntu"}, {"idList": ["EDB-ID:38882"], "type": "exploitdb"}, {"idList": ["DEBIAN:DLA-461-1:5370A", "DEBIAN:DLA-1615-1:D4F7C", "DEBIAN:DLA-60-1:5B1EB"], "type": "debian"}, {"idList": ["BA04A373-7D20-11E3-8992-00132034B086", "4E95EB4E-B737-11E3-87CD-F0DEF10DCA57"], "type": "freebsd"}], "rev": 2}, "score": {"modified": "2021-06-08T22:18:00", "rev": 2, "value": 7.5, "vector": "NONE"}}, "objectVersion": "1.6", "affectedPackage": []}, "lastseen": "2021-06-08T22:18:00", "differentElements": ["affectedPackage", "cvss2"], "edition": 2}, {"bulletin": {"id": "DEBIAN:DSA-2956-1:6D0D0", "hash": "2da68111eab356f0a5c5def93463b229eb591802d4ccb40ac1a965bb99fbaf12", "type": "debian", "bulletinFamily": "unix", "title": "[SECURITY] [DSA 2956-1] icinga security update", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-2956-1 security@debian.org\nhttp://www.debian.org/security/ Moritz Muehlenhoff\nJune 11, 2014 http://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : icinga\nCVE ID : CVE-2013-7106 CVE-2013-7107 CVE-2013-7108 CVE-2014-1878 \n CVE-2014-2386\n\nMultiple security issues have been found in the Icinga host and network\nmonitoring system (buffer overflows, cross-site request forgery, off-by\nones) which could result in the execution of arbitrary code, denial of\nservice or session hijacking.\n\nFor the stable distribution (wheezy), these problems have been fixed in\nversion 1.7.1-7.\n\nFor the testing distribution (jessie), these problems have been fixed in\nversion 1.11.0-1.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 1.11.0-1.\n\nWe recommend that you upgrade your icinga packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: http://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "published": "2014-06-11T14:34:43", "modified": "2014-06-11T14:34:43", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cvss2": {"cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {}, "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2014/msg00136.html", "reporter": "Debian", "references": [], "cvelist": ["CVE-2013-7106", "CVE-2013-7107", "CVE-2014-1878", "CVE-2014-2386", "CVE-2013-7108"], "immutableFields": [], "lastseen": "2021-08-29T11:27:44", "history": [], "viewCount": 0, "enchantments": {"dependencies": {"modified": "2021-08-03T10:24:44", "references": [{"idList": ["SSV:62102"], "type": "seebug"}, {"idList": ["ALAS-2017-899"], "type": "amazon"}, {"idList": ["DEBIAN_DLA-60.NASL", "UBUNTU_USN-3253-1.NASL", "SUSE_11_NAGIOS-140108.NASL", "OPENSUSE-2014-58.NASL", "DEBIAN_DSA-2956.NASL", "UBUNTU_USN-3253-2.NASL", "OPENSUSE-2014-153.NASL", "OPENSUSE-2014-13.NASL", "OPENSUSE-2014-42.NASL", "DEBIAN_DLA-1615.NASL"], "type": "nessus"}, {"idList": ["UB:CVE-2013-7106", "UB:CVE-2014-1878", "UB:CVE-2013-7107", "UB:CVE-2014-2386", "UB:CVE-2013-7108"], "type": "ubuntucve"}, {"idList": ["OPENVAS:1361412562310804248", "OPENVAS:1361412562310121309", "OPENVAS:1361412562310843202", "OPENVAS:1361412562310702956", "OPENVAS:1361412562310891615", "OPENVAS:1361412562310843124", "OPENVAS:702956"], "type": "openvas"}, {"idList": ["GLSA-201412-23"], "type": "gentoo"}, {"idList": ["SECURITYVULNS:VULN:13733", "SECURITYVULNS:DOC:30828", "SECURITYVULNS:DOC:30248", "SECURITYVULNS:VULN:13533", "SECURITYVULNS:VULN:13836", "SECURITYVULNS:DOC:30629", "SECURITYVULNS:DOC:30630"], "type": "securityvulns"}, {"idList": ["CVE-2013-7106", "CVE-2013-7107", "CVE-2014-1878", "CVE-2014-2386", "CVE-2013-7108"], "type": "cve"}, {"idList": ["USN-3253-2", "USN-3253-1"], "type": "ubuntu"}, {"idList": ["EDB-ID:38882"], "type": "exploitdb"}, {"idList": ["DEBIAN:DLA-461-1:5370A", "DEBIAN:DLA-1615-1:D4F7C", "DEBIAN:DLA-60-1:5B1EB"], "type": "debian"}, {"idList": ["BA04A373-7D20-11E3-8992-00132034B086", "4E95EB4E-B737-11E3-87CD-F0DEF10DCA57"], "type": "freebsd"}], "rev": 2}, "score": {"modified": "2021-08-03T10:24:44", "rev": 2, "value": 7.5, "vector": "NONE"}}, "objectVersion": "1.6", "affectedPackage": [{"OS": "Debian", "OSVersion": "8", "arch": "all", "operator": "lt", "packageFilename": "icinga_1.11.0-1_all.deb", "packageName": "icinga", "packageVersion": "1.11.0-1"}, {"OS": "Debian", "OSVersion": "7", "arch": "all", "operator": "lt", "packageFilename": "icinga_1.7.1-7_all.deb", "packageName": "icinga", "packageVersion": "1.7.1-7"}]}, "lastseen": "2021-08-29T11:27:44", "differentElements": ["affectedPackage"], "edition": 3}, {"bulletin": {"id": "DEBIAN:DSA-2956-1:6D0D0", "hash": "75cd019b1ff8dcf8e7b00b03223fc714", "type": "debian", "bulletinFamily": "unix", "title": "[SECURITY] [DSA 2956-1] icinga security update", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-2956-1 security@debian.org\nhttp://www.debian.org/security/ Moritz Muehlenhoff\nJune 11, 2014 http://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : icinga\nCVE ID : CVE-2013-7106 CVE-2013-7107 CVE-2013-7108 CVE-2014-1878 \n CVE-2014-2386\n\nMultiple security issues have been found in the Icinga host and network\nmonitoring system (buffer overflows, cross-site request forgery, off-by\nones) which could result in the execution of arbitrary code, denial of\nservice or session hijacking.\n\nFor the stable distribution (wheezy), these problems have been fixed in\nversion 1.7.1-7.\n\nFor the testing distribution (jessie), these problems have been fixed in\nversion 1.11.0-1.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 1.11.0-1.\n\nWe recommend that you upgrade your icinga packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: http://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "published": "2014-06-11T14:34:43", "modified": "2014-06-11T14:34:43", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cvss2": {"cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {}, "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2014/msg00136.html", "reporter": "Debian", "references": [], "cvelist": ["CVE-2013-7106", "CVE-2013-7107", "CVE-2014-1878", "CVE-2014-2386", "CVE-2013-7108"], "immutableFields": [], "lastseen": "2021-10-01T10:36:51", "history": [], "viewCount": 0, "enchantments": {"dependencies": {"references": [{"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:13836", "SECURITYVULNS:VULN:13733", "SECURITYVULNS:DOC:30248", "SECURITYVULNS:DOC:30630", "SECURITYVULNS:DOC:30828", "SECURITYVULNS:DOC:30629", "SECURITYVULNS:VULN:13533"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310121309", "OPENVAS:1361412562310843202", "OPENVAS:702956", "OPENVAS:1361412562310891615", "OPENVAS:1361412562310804248", "OPENVAS:1361412562310843124", "OPENVAS:1361412562310702956"]}, {"type": "nessus", "idList": ["ALA_ALAS-2017-899.NASL", "SUSE_11_NAGIOS-140331.NASL", "UBUNTU_USN-3253-2.NASL", "OPENSUSE-2014-291.NASL", "OPENSUSE-2014-42.NASL", "DEBIAN_DLA-461.NASL", "GENTOO_GLSA-201412-23.NASL", "DEBIAN_DLA-1615.NASL", "OPENSUSE-2014-153.NASL", "MANDRIVA_MDVSA-2014-089.NASL", "MANDRIVA_MDVSA-2014-004.NASL", "UBUNTU_USN-3253-1.NASL", "OPENSUSE-2014-237.NASL", "SUSE_11_NAGIOS-140108.NASL", "FREEBSD_PKG_BA04A3737D2011E3899200132034B086.NASL", "FREEBSD_PKG_4E95EB4EB73711E387CDF0DEF10DCA57.NASL", "DEBIAN_DSA-2956.NASL", "OPENSUSE-2014-13.NASL", "DEBIAN_DLA-60.NASL", "OPENSUSE-2014-58.NASL"]}, {"type": "cve", "idList": ["CVE-2014-1878", "CVE-2014-2386", "CVE-2013-7106", "CVE-2013-7107", "CVE-2013-7108"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2014-2386", "UB:CVE-2013-7107", "UB:CVE-2013-7108", "UB:CVE-2013-7106", "UB:CVE-2014-1878"]}, {"type": "debian", "idList": ["DEBIAN:DLA-60-1:5B1EB", "DEBIAN:DLA-461-1:5370A", "DEBIAN:DLA-1615-1:D4F7C"]}, {"type": "ubuntu", "idList": ["USN-3253-1", "USN-3253-2"]}, {"type": "exploitdb", "idList": ["EDB-ID:38882"]}, {"type": "seebug", "idList": ["SSV:62102"]}, {"type": "freebsd", "idList": ["4E95EB4E-B737-11E3-87CD-F0DEF10DCA57", "BA04A373-7D20-11E3-8992-00132034B086"]}, {"type": "amazon", "idList": ["ALAS-2017-899"]}, {"type": "gentoo", "idList": ["GLSA-201412-23"]}], "modified": "2021-10-01T10:36:51", "rev": 2}, "score": {"value": 7.5, "vector": "NONE", "modified": "2021-10-01T10:36:51", "rev": 2}}, "objectVersion": "1.6", "affectedPackage": [{"OS": "Debian", "OSVersion": "7", "arch": "all", "operator": "lt", "packageFilename": "icinga_1.7.1-7_all.deb", "packageName": "icinga", "packageVersion": "1.7.1-7"}]}, "lastseen": "2021-10-01T10:36:51", "differentElements": ["affectedPackage", "description", "href", "modified", "published"], "edition": 4}], "viewCount": 0, "enchantments": {"dependencies": {"references": [{"type": "openvas", "idList": ["OPENVAS:1361412562310843124", "OPENVAS:702956", "OPENVAS:1361412562310121309", "OPENVAS:1361412562310702956", "OPENVAS:1361412562310843202", "OPENVAS:1361412562310891615", "OPENVAS:1361412562310804248"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:30828", "SECURITYVULNS:VULN:13836", "SECURITYVULNS:DOC:30630", "SECURITYVULNS:DOC:30248", "SECURITYVULNS:VULN:13533", "SECURITYVULNS:DOC:30629", "SECURITYVULNS:VULN:13733"]}, {"type": "nessus", "idList": ["MANDRIVA_MDVSA-2014-089.NASL", "OPENSUSE-2014-42.NASL", "UBUNTU_USN-3253-2.NASL", "SUSE_11_NAGIOS-140108.NASL", "MANDRIVA_MDVSA-2014-004.NASL", "UBUNTU_USN-3253-1.NASL", "FREEBSD_PKG_BA04A3737D2011E3899200132034B086.NASL", "OPENSUSE-2014-291.NASL", "DEBIAN_DLA-461.NASL", "OPENSUSE-2014-58.NASL", "GENTOO_GLSA-201412-23.NASL", "OPENSUSE-2014-237.NASL", "DEBIAN_DLA-1615.NASL", "OPENSUSE-2014-13.NASL", "OPENSUSE-2014-153.NASL", "ALA_ALAS-2017-899.NASL", "DEBIAN_DLA-60.NASL", "SUSE_11_NAGIOS-140331.NASL", "FREEBSD_PKG_4E95EB4EB73711E387CDF0DEF10DCA57.NASL", "DEBIAN_DSA-2956.NASL"]}, {"type": "cve", "idList": ["CVE-2013-7107", "CVE-2014-1878", "CVE-2013-7108", "CVE-2014-2386", "CVE-2013-7106"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2013-7107", "DEBIANCVE:CVE-2014-1878", "DEBIANCVE:CVE-2013-7108", "DEBIANCVE:CVE-2013-7106", "DEBIANCVE:CVE-2014-2386"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2013-7107", "UB:CVE-2014-2386", "UB:CVE-2013-7108", "UB:CVE-2013-7106", "UB:CVE-2014-1878"]}, {"type": "alpinelinux", "idList": ["ALPINE:CVE-2013-7108", "ALPINE:CVE-2014-1878"]}, {"type": "debian", "idList": ["DEBIAN:DLA-60-1:98AA3", "DEBIAN:DLA-1615-1:D1385", "DEBIAN:DLA-60-1:5B1EB", "DEBIAN:DLA-1615-1:D4F7C", "DEBIAN:DLA-461-1:5370A"]}, {"type": "ubuntu", "idList": ["USN-3253-2", "USN-3253-1"]}, {"type": "exploitdb", "idList": ["EDB-ID:38882"]}, {"type": "seebug", "idList": ["SSV:62102"]}, {"type": "freebsd", "idList": ["4E95EB4E-B737-11E3-87CD-F0DEF10DCA57", "BA04A373-7D20-11E3-8992-00132034B086"]}, {"type": "checkpoint_advisories", "idList": ["CPAI-2014-0376"]}, {"type": "ibm", "idList": ["079322F37896A0ABC40D5E9888C345C74DC7F9F0503D886CB971333FDE21464E"]}, {"type": "amazon", "idList": ["ALAS-2017-899"]}, {"type": "gentoo", "idList": ["GLSA-201412-23"]}], "modified": "2021-10-21T23:06:57", "rev": 2}, "score": {"value": 7.5, "vector": "NONE", "modified": "2021-10-21T23:06:57", "rev": 2}}, "objectVersion": "1.6", "affectedPackage": [{"arch": "kfreebsd-i386", "packageFilename": "icinga-core_1.7.1-7_kfreebsd-i386.deb", "OS": "Debian", "OSVersion": "7", "packageVersion": "1.7.1-7", "operator": "lt", "packageName": "icinga-core"}, {"arch": "powerpc", "OS": "Debian", "OSVersion": "7", "packageFilename": "icinga-dbg_1.7.1-7_powerpc.deb", "packageVersion": "1.7.1-7", "operator": "lt", "packageName": "icinga-dbg"}, {"OS": "Debian", "OSVersion": "7", "arch": "s390", "packageFilename": "icinga-dbg_1.7.1-7_s390.deb", "packageVersion": "1.7.1-7", "operator": "lt", "packageName": "icinga-dbg"}, {"arch": "sparc", "OS": "Debian", "OSVersion": "7", "packageFilename": "icinga-cgi_1.7.1-7_sparc.deb", "packageVersion": "1.7.1-7", "operator": "lt", "packageName": "icinga-cgi"}, {"operator": "lt", "OS": "Debian", "OSVersion": "7", "arch": "s390", "packageFilename": "icinga_1.7.1-7_s390.deb", "packageVersion": "1.7.1-7", "packageName": "icinga"}, {"arch": "amd64", "OS": "Debian", "OSVersion": "7", "packageVersion": "1.7.1-7", "packageFilename": "icinga-cgi_1.7.1-7_amd64.deb", "operator": "lt", "packageName": "icinga-cgi"}, {"packageFilename": "icinga-doc_1.0.2-2+squeeze2_all.deb", "arch": "all", "OSVersion": "6", "OS": "Debian", "packageVersion": "1.0.2-2+squeeze2", "operator": "lt", "packageName": "icinga-doc"}, {"packageFilename": "nagios3_3.5.1.dfsg-2+deb8u1_amd64.deb", "packageVersion": "3.5.1.dfsg-2+deb8u1", "OS": "Debian", "OSVersion": "8", "operator": "lt", "arch": "amd64", "packageName": "nagios3"}, {"OS": "Debian", "OSVersion": "7", "arch": "mipsel", "packageVersion": "1.7.1-7", "packageFilename": "icinga-idoutils_1.7.1-7_mipsel.deb", "operator": "lt", "packageName": "icinga-idoutils"}, {"packageVersion": "3.4.1-3+deb7u2", "OS": "Debian", "OSVersion": "7", "packageFilename": "nagios3_3.4.1-3+deb7u2_i386.deb", "arch": "i386", "operator": "lt", "packageName": "nagios3"}, {"OS": "Debian", "OSVersion": "7", "packageFilename": "icinga-core_1.7.1-7_s390x.deb", "packageVersion": "1.7.1-7", "arch": "s390x", "operator": "lt", "packageName": "icinga-core"}, {"packageVersion": "3.5.1.dfsg-2+deb8u1", "OS": "Debian", "OSVersion": "8", "packageFilename": "nagios3_3.5.1.dfsg-2+deb8u1_armhf.deb", "arch": "armhf", "operator": "lt", "packageName": "nagios3"}, {"operator": "lt", "OS": "Debian", "OSVersion": "7", "packageFilename": "icinga_1.7.1-7_kfreebsd-amd64.deb", "packageVersion": "1.7.1-7", "arch": "kfreebsd-amd64", "packageName": "icinga"}, {"OS": "Debian", "OSVersion": "7", "packageFilename": "icinga-dbg_1.7.1-7_mipsel.deb", "arch": "mipsel", "packageVersion": "1.7.1-7", "operator": "lt", "packageName": "icinga-dbg"}, {"OS": "Debian", "OSVersion": "7", "packageVersion": "1.7.1-7", "packageFilename": "icinga-idoutils_1.7.1-7_i386.deb", "arch": "i386", "operator": "lt", "packageName": "icinga-idoutils"}, {"OS": "Debian", "OSVersion": "7", "packageVersion": "1.7.1-7", "arch": "kfreebsd-amd64", "operator": "lt", "packageFilename": "icinga-cgi_1.7.1-7_kfreebsd-amd64.deb", "packageName": "icinga-cgi"}, {"packageVersion": "3.5.1.dfsg-2+deb8u1", "OS": "Debian", "OSVersion": "8", "packageFilename": "nagios3-dbg_3.5.1.dfsg-2+deb8u1_armhf.deb", "arch": "armhf", "operator": "lt", "packageName": "nagios3-dbg"}, {"packageVersion": "3.4.1-3+deb7u2", "OS": "Debian", "OSVersion": "7", "packageFilename": "nagios3_3.4.1-3+deb7u2_amd64.deb", "operator": "lt", "arch": "amd64", "packageName": "nagios3"}, {"operator": "lt", "OS": "Debian", "OSVersion": "7", "packageVersion": "1.7.1-7", "arch": "i386", "packageFilename": "icinga-cgi_1.7.1-7_i386.deb", "packageName": "icinga-cgi"}, {"arch": "all", "packageVersion": "3.4.1-3+deb7u2", "OS": "Debian", "OSVersion": "7", "operator": "lt", "packageFilename": "nagios3-doc_3.4.1-3+deb7u2_all.deb", "packageName": "nagios3-doc"}, {"OS": "Debian", "OSVersion": "7", "packageFilename": "icinga-cgi_1.7.1-7_s390x.deb", "packageVersion": "1.7.1-7", "arch": "s390x", "operator": "lt", "packageName": "icinga-cgi"}, {"OS": "Debian", "OSVersion": "7", "packageVersion": "1.7.1-7", "arch": "i386", "operator": "lt", "packageFilename": "icinga-core_1.7.1-7_i386.deb", "packageName": "icinga-core"}, {"operator": "lt", "packageFilename": "icinga_1.7.1-7_ia64.deb", "OS": "Debian", "arch": "ia64", "OSVersion": "7", "packageVersion": "1.7.1-7", "packageName": "icinga"}, {"packageFilename": "icinga-cgi_1.7.1-7_armel.deb", "arch": "armel", "OS": "Debian", "OSVersion": "7", "packageVersion": "1.7.1-7", "operator": "lt", "packageName": "icinga-cgi"}, {"OS": "Debian", "OSVersion": "7", "packageFilename": "icinga-dbg_1.7.1-7_kfreebsd-amd64.deb", "packageVersion": "1.7.1-7", "arch": "kfreebsd-amd64", "operator": "lt", "packageName": "icinga-dbg"}, {"packageFilename": "nagios3-core_3.5.1.dfsg-2+deb8u1_amd64.deb", "packageVersion": "3.5.1.dfsg-2+deb8u1", "OS": "Debian", "OSVersion": "8", "operator": "lt", "arch": "amd64", "packageName": "nagios3-core"}, {"packageVersion": "3.4.1-3+deb7u2", "OS": "Debian", "OSVersion": "7", "arch": "armhf", "operator": "lt", "packageFilename": "nagios3-cgi_3.4.1-3+deb7u2_armhf.deb", "packageName": "nagios3-cgi"}, {"OS": "Debian", "OSVersion": "7", "packageFilename": "icinga-dbg_1.7.1-7_s390x.deb", "packageVersion": "1.7.1-7", "arch": "s390x", "operator": "lt", "packageName": "icinga-dbg"}, {"packageVersion": "3.5.1.dfsg-2+deb8u1", "OS": "Debian", "OSVersion": "8", "arch": "armhf", "packageFilename": "nagios3-core_3.5.1.dfsg-2+deb8u1_armhf.deb", "operator": "lt", "packageName": "nagios3-core"}, {"packageFilename": "icinga-cgi_1.0.2-2+squeeze2_amd64.deb", "OSVersion": "6", "OS": "Debian", "packageVersion": "1.0.2-2+squeeze2", "operator": "lt", "arch": "amd64", "packageName": "icinga-cgi"}, {"packageVersion": "3.5.1.dfsg-2+deb8u1", "OS": "Debian", "OSVersion": "8", "arch": "i386", "packageFilename": "nagios3_3.5.1.dfsg-2+deb8u1_i386.deb", "operator": "lt", "packageName": "nagios3"}, {"packageFilename": "nagios3-common_3.5.1.dfsg-2+deb8u1_all.deb", "arch": "all", "packageVersion": "3.5.1.dfsg-2+deb8u1", "OS": "Debian", "OSVersion": "8", "operator": "lt", "packageName": "nagios3-common"}, {"packageVersion": "3.5.1.dfsg-2+deb8u1", "OS": "Debian", "packageFilename": "nagios3-dbg_3.5.1.dfsg-2+deb8u1_amd64.deb", "OSVersion": "8", "operator": "lt", "arch": "amd64", "packageName": "nagios3-dbg"}, {"arch": "all", "OSVersion": "6", "OS": "Debian", "packageVersion": "1.0.2-2+squeeze2", "packageFilename": "icinga-phpapi_1.0.2-2+squeeze2_all.deb", "operator": "lt", "packageName": "icinga-phpapi"}, {"OS": "Debian", "OSVersion": "7", "packageFilename": "icinga-idoutils_1.7.1-7_amd64.deb", "packageVersion": "1.7.1-7", "operator": "lt", "arch": "amd64", "packageName": "icinga-idoutils"}, {"OS": "Debian", "OSVersion": "7", "packageFilename": "icinga-dbg_1.7.1-7_amd64.deb", "packageVersion": "1.7.1-7", "operator": "lt", "arch": "amd64", "packageName": "icinga-dbg"}, {"OSVersion": "6", "packageFilename": "icinga-cgi_1.0.2-2+squeeze2_i386.deb", "OS": "Debian", "packageVersion": "1.0.2-2+squeeze2", "arch": "i386", "operator": "lt", "packageName": "icinga-cgi"}, {"packageVersion": "3.4.1-3+deb7u2", "OS": "Debian", "OSVersion": "7", "arch": "armhf", "operator": "lt", "packageFilename": "nagios3_3.4.1-3+deb7u2_armhf.deb", "packageName": "nagios3"}, {"packageVersion": "3.4.1-3+deb7u2", "OS": "Debian", "OSVersion": "7", "packageFilename": "nagios3-core_3.4.1-3+deb7u2_i386.deb", "arch": "i386", "operator": "lt", "packageName": "nagios3-core"}, {"arch": "all", "OS": "Debian", "OSVersion": "7", "packageVersion": "1.7.1-7", "packageFilename": "icinga-common_1.7.1-7_all.deb", "operator": "lt", "packageName": "icinga-common"}, {"operator": "lt", "arch": "powerpc", "OS": "Debian", "OSVersion": "7", "packageFilename": "icinga_1.7.1-7_powerpc.deb", "packageVersion": "1.7.1-7", "packageName": "icinga"}, {"OS": "Debian", "OSVersion": "7", "packageVersion": "1.7.1-7", "operator": "lt", "packageFilename": "icinga-cgi_1.7.1-7_mips.deb", "arch": "mips", "packageName": "icinga-cgi"}, {"packageVersion": "3.5.1.dfsg-2+deb8u1", "OS": "Debian", "OSVersion": "8", "arch": "armhf", "operator": "lt", "packageFilename": "nagios3-cgi_3.5.1.dfsg-2+deb8u1_armhf.deb", "packageName": "nagios3-cgi"}, {"OSVersion": "6", "packageFilename": "icinga-dbg_1.0.2-2+squeeze2_amd64.deb", "OS": "Debian", "packageVersion": "1.0.2-2+squeeze2", "operator": "lt", "arch": "amd64", "packageName": "icinga-dbg"}, {"OS": "Debian", "OSVersion": "7", "packageVersion": "1.7.1-7", "operator": "lt", "packageFilename": "icinga-core_1.7.1-7_mips.deb", "arch": "mips", "packageName": "icinga-core"}, {"packageVersion": "3.4.1-3+deb7u2", "arch": "armel", "OS": "Debian", "OSVersion": "7", "operator": "lt", "packageFilename": "nagios3_3.4.1-3+deb7u2_armel.deb", "packageName": "nagios3"}, {"OS": "Debian", "OSVersion": "7", "packageVersion": "1.7.1-7", "packageFilename": "icinga-dbg_1.7.1-7_mips.deb", "operator": "lt", "arch": "mips", "packageName": "icinga-dbg"}, {"arch": "all", "OS": "Debian", "OSVersion": "7", "packageFilename": "icinga-doc_1.7.1-7_all.deb", "packageVersion": "1.7.1-7", "operator": "lt", "packageName": "icinga-doc"}, {"operator": "lt", "OS": "Debian", "OSVersion": "7", "packageVersion": "1.7.1-7", "arch": "i386", "packageFilename": "icinga_1.7.1-7_i386.deb", "packageName": "icinga"}, {"OSVersion": "6", "OS": "Debian", "packageVersion": "1.0.2-2+squeeze2", "arch": "i386", "operator": "lt", "packageFilename": "icinga-dbg_1.0.2-2+squeeze2_i386.deb", "packageName": "icinga-dbg"}, {"operator": "lt", "OS": "Debian", "OSVersion": "7", "packageVersion": "1.7.1-7", "packageFilename": "icinga_1.7.1-7_mips.deb", "arch": "mips", "packageName": "icinga"}, {"operator": "lt", "packageFilename": "icinga_1.7.1-7_amd64.deb", "OS": "Debian", "OSVersion": "7", "packageVersion": "1.7.1-7", "arch": "amd64", "packageName": "icinga"}, {"packageFilename": "nagios3-cgi_3.4.1-3+deb7u2_i386.deb", "packageVersion": "3.4.1-3+deb7u2", "OS": "Debian", "OSVersion": "7", "arch": "i386", "operator": "lt", "packageName": "nagios3-cgi"}, {"OS": "Debian", "arch": "ia64", "OSVersion": "7", "packageVersion": "1.7.1-7", "operator": "lt", "packageFilename": "icinga-dbg_1.7.1-7_ia64.deb", "packageName": "icinga-dbg"}, {"OS": "Debian", "OSVersion": "7", "packageVersion": "1.7.1-7", "arch": "armhf", "operator": "lt", "packageFilename": "icinga-dbg_1.7.1-7_armhf.deb", "packageName": "icinga-dbg"}, {"packageVersion": "3.4.1-3+deb7u2", "OS": "Debian", "OSVersion": "7", "packageFilename": "nagios3-core_3.4.1-3+deb7u2_amd64.deb", "operator": "lt", "arch": "amd64", "packageName": "nagios3-core"}, {"packageFilename": "icinga-idoutils_1.7.1-7_kfreebsd-amd64.deb", "OS": "Debian", "OSVersion": "7", "packageVersion": "1.7.1-7", "arch": "kfreebsd-amd64", "operator": "lt", "packageName": "icinga-idoutils"}, {"OS": "Debian", "arch": "ia64", "OSVersion": "7", "packageFilename": "icinga-core_1.7.1-7_ia64.deb", "packageVersion": "1.7.1-7", "operator": "lt", "packageName": "icinga-core"}, {"arch": "sparc", "OS": "Debian", "OSVersion": "7", "packageVersion": "1.7.1-7", "packageFilename": "icinga-dbg_1.7.1-7_sparc.deb", "operator": "lt", "packageName": "icinga-dbg"}, {"OS": "Debian", "OSVersion": "7", "packageFilename": "icinga-idoutils_1.7.1-7_s390x.deb", "packageVersion": "1.7.1-7", "arch": "s390x", "operator": "lt", "packageName": "icinga-idoutils"}, {"arch": "kfreebsd-i386", "packageFilename": "icinga-idoutils_1.7.1-7_kfreebsd-i386.deb", "OS": "Debian", "OSVersion": "7", "packageVersion": "1.7.1-7", "operator": "lt", "packageName": "icinga-idoutils"}, {"arch": "sparc", "OS": "Debian", "OSVersion": "7", "packageFilename": "icinga-core_1.7.1-7_sparc.deb", "packageVersion": "1.7.1-7", "operator": "lt", "packageName": "icinga-core"}, {"packageVersion": "3.5.1.dfsg-2+deb8u1", "OS": "Debian", "OSVersion": "8", "arch": "i386", "operator": "lt", "packageFilename": "nagios3-core_3.5.1.dfsg-2+deb8u1_i386.deb", "packageName": "nagios3-core"}, {"arch": "kfreebsd-i386", "operator": "lt", "OS": "Debian", "OSVersion": "7", "packageFilename": "icinga_1.7.1-7_kfreebsd-i386.deb", "packageVersion": "1.7.1-7", "packageName": "icinga"}, {"packageFilename": "icinga-idoutils_1.7.1-7_ia64.deb", "OS": "Debian", "arch": "ia64", "OSVersion": "7", "packageVersion": "1.7.1-7", "operator": "lt", "packageName": "icinga-idoutils"}, {"OSVersion": "6", "operator": "lt", "packageFilename": "icinga_1.0.2-2+squeeze2_i386.deb", "OS": "Debian", "packageVersion": "1.0.2-2+squeeze2", "arch": "i386", "packageName": "icinga"}, {"packageFilename": "nagios3-dbg_3.5.1.dfsg-2+deb8u1_i386.deb", "packageVersion": "3.5.1.dfsg-2+deb8u1", "OS": "Debian", "OSVersion": "8", "arch": "i386", "operator": "lt", "packageName": "nagios3-dbg"}, {"packageVersion": "3.4.1-3+deb7u2", "OS": "Debian", "OSVersion": "7", "packageFilename": "nagios3-dbg_3.4.1-3+deb7u2_amd64.deb", "operator": "lt", "arch": "amd64", "packageName": "nagios3-dbg"}, {"packageFilename": "icinga-core_1.7.1-7_powerpc.deb", "arch": "powerpc", "OS": "Debian", "OSVersion": "7", "packageVersion": "1.7.1-7", "operator": "lt", "packageName": "icinga-core"}, {"packageVersion": "3.4.1-3+deb7u2", "packageFilename": "nagios3-cgi_3.4.1-3+deb7u2_armel.deb", "arch": "armel", "OS": "Debian", "OSVersion": "7", "operator": "lt", "packageName": "nagios3-cgi"}, {"arch": "all", "packageVersion": "3.4.1-3+deb7u2", "OS": "Debian", "OSVersion": "7", "packageFilename": "nagios3_3.4.1-3+deb7u2_all.deb", "operator": "lt", "packageName": "nagios3"}, {"arch": "armel", "OS": "Debian", "OSVersion": "7", "packageFilename": "icinga-dbg_1.7.1-7_armel.deb", "packageVersion": "1.7.1-7", "operator": "lt", "packageName": "icinga-dbg"}, {"arch": "armel", "OS": "Debian", "OSVersion": "7", "packageVersion": "1.7.1-7", "packageFilename": "icinga-idoutils_1.7.1-7_armel.deb", "operator": "lt", "packageName": "icinga-idoutils"}, {"arch": "all", "OS": "Debian", "OSVersion": "7", "packageFilename": "icinga_1.7.1-7_all.deb", "packageVersion": "1.7.1-7", "operator": "lt", "packageName": "icinga"}, {"arch": "all", "OSVersion": "6", "OS": "Debian", "packageVersion": "1.0.2-2+squeeze2", "packageFilename": "icinga-common_1.0.2-2+squeeze2_all.deb", "operator": "lt", "packageName": "icinga-common"}, {"arch": "all", "packageVersion": "3.5.1.dfsg-2+deb8u1", "OS": "Debian", "OSVersion": "8", "operator": "lt", "packageFilename": "nagios3_3.5.1.dfsg-2+deb8u1_all.deb", "packageName": "nagios3"}, {"OS": "Debian", "arch": "ia64", "OSVersion": "7", "packageVersion": "1.7.1-7", "operator": "lt", "packageFilename": "icinga-cgi_1.7.1-7_ia64.deb", "packageName": "icinga-cgi"}, {"arch": "armel", "OS": "Debian", "OSVersion": "7", "packageFilename": "icinga-core_1.7.1-7_armel.deb", "packageVersion": "1.7.1-7", "operator": "lt", "packageName": "icinga-core"}, {"OS": "Debian", "OSVersion": "7", "arch": "s390", "packageVersion": "1.7.1-7", "operator": "lt", "packageFilename": "icinga-idoutils_1.7.1-7_s390.deb", "packageName": "icinga-idoutils"}, {"arch": "all", "packageVersion": "3.4.1-3+deb7u2", "OS": "Debian", "OSVersion": "7", "packageFilename": "nagios3-common_3.4.1-3+deb7u2_all.deb", "operator": "lt", "packageName": "nagios3-common"}, {"arch": "armel", "packageVersion": "3.5.1.dfsg-2+deb8u1", "OS": "Debian", "OSVersion": "8", "packageFilename": "nagios3-core_3.5.1.dfsg-2+deb8u1_armel.deb", "operator": "lt", "packageName": "nagios3-core"}, {"arch": "sparc", "OS": "Debian", "OSVersion": "7", "packageVersion": "1.7.1-7", "packageFilename": "icinga-idoutils_1.7.1-7_sparc.deb", "operator": "lt", "packageName": "icinga-idoutils"}, {"operator": "lt", "OS": "Debian", "OSVersion": "7", "packageVersion": "1.7.1-7", "arch": "kfreebsd-amd64", "packageFilename": "icinga-core_1.7.1-7_kfreebsd-amd64.deb", "packageName": "icinga-core"}, {"packageVersion": "3.4.1-3+deb7u2", "OS": "Debian", "OSVersion": "7", "arch": "armhf", "operator": "lt", "packageFilename": "nagios3-dbg_3.4.1-3+deb7u2_armhf.deb", "packageName": "nagios3-dbg"}, {"packageVersion": "3.5.1.dfsg-2+deb8u1", "OS": "Debian", "OSVersion": "8", "packageFilename": "nagios3-cgi_3.5.1.dfsg-2+deb8u1_i386.deb", "arch": "i386", "operator": "lt", "packageName": "nagios3-cgi"}, {"operator": "lt", "OS": "Debian", "OSVersion": "7", "arch": "mipsel", "packageVersion": "1.7.1-7", "packageFilename": "icinga_1.7.1-7_mipsel.deb", "packageName": "icinga"}, {"OSVersion": "6", "OS": "Debian", "packageVersion": "1.0.2-2+squeeze2", "packageFilename": "icinga-core_1.0.2-2+squeeze2_amd64.deb", "operator": "lt", "arch": "amd64", "packageName": "icinga-core"}, {"arch": "sparc", "operator": "lt", "OS": "Debian", "OSVersion": "7", "packageVersion": "1.7.1-7", "packageFilename": "icinga_1.7.1-7_sparc.deb", "packageName": "icinga"}, {"arch": "kfreebsd-i386", "OS": "Debian", "OSVersion": "7", "packageFilename": "icinga-dbg_1.7.1-7_kfreebsd-i386.deb", "packageVersion": "1.7.1-7", "operator": "lt", "packageName": "icinga-dbg"}, {"arch": "armel", "packageVersion": "3.5.1.dfsg-2+deb8u1", "OS": "Debian", "OSVersion": "8", "packageFilename": "nagios3-cgi_3.5.1.dfsg-2+deb8u1_armel.deb", "operator": "lt", "packageName": "nagios3-cgi"}, {"packageVersion": "3.4.1-3+deb7u2", "packageFilename": "nagios3-core_3.4.1-3+deb7u2_armel.deb", "arch": "armel", "OS": "Debian", "OSVersion": "7", "operator": "lt", "packageName": "nagios3-core"}, {"packageVersion": "3.5.1.dfsg-2+deb8u1", "OS": "Debian", "OSVersion": "8", "packageFilename": "nagios3-cgi_3.5.1.dfsg-2+deb8u1_amd64.deb", "operator": "lt", "arch": "amd64", "packageName": "nagios3-cgi"}, {"arch": "kfreebsd-i386", "OS": "Debian", "OSVersion": "7", "packageFilename": "icinga-cgi_1.7.1-7_kfreebsd-i386.deb", "packageVersion": "1.7.1-7", "operator": "lt", "packageName": "icinga-cgi"}, {"packageFilename": "icinga-core_1.7.1-7_mipsel.deb", "OS": "Debian", "OSVersion": "7", "arch": "mipsel", "packageVersion": "1.7.1-7", "operator": "lt", "packageName": "icinga-core"}, {"OS": "Debian", "OSVersion": "7", "arch": "s390", "packageFilename": "icinga-core_1.7.1-7_s390.deb", "packageVersion": "1.7.1-7", "operator": "lt", "packageName": "icinga-core"}, {"packageFilename": "icinga-idoutils_1.7.1-7_armhf.deb", "OS": "Debian", "OSVersion": "7", "packageVersion": "1.7.1-7", "arch": "armhf", "operator": "lt", "packageName": "icinga-idoutils"}, {"OS": "Debian", "OSVersion": "7", "packageVersion": "1.7.1-7", "packageFilename": "icinga-dbg_1.7.1-7_i386.deb", "arch": "i386", "operator": "lt", "packageName": "icinga-dbg"}, {"OS": "Debian", "OSVersion": "7", "arch": "mipsel", "packageFilename": "icinga-cgi_1.7.1-7_mipsel.deb", "packageVersion": "1.7.1-7", "operator": "lt", "packageName": "icinga-cgi"}, {"packageFilename": "nagios3-dbg_3.5.1.dfsg-2+deb8u1_armel.deb", "arch": "armel", "packageVersion": "3.5.1.dfsg-2+deb8u1", "OS": "Debian", "OSVersion": "8", "operator": "lt", "packageName": "nagios3-dbg"}, {"arch": "powerpc", "OS": "Debian", "OSVersion": "7", "packageVersion": "1.7.1-7", "packageFilename": "icinga-cgi_1.7.1-7_powerpc.deb", "operator": "lt", "packageName": "icinga-cgi"}, {"packageVersion": "3.4.1-3+deb7u2", "OS": "Debian", "OSVersion": "7", "packageFilename": "nagios3-core_3.4.1-3+deb7u2_armhf.deb", "arch": "armhf", "operator": "lt", "packageName": "nagios3-core"}, {"OS": "Debian", "OSVersion": "7", "arch": "s390", "packageFilename": "icinga-cgi_1.7.1-7_s390.deb", "packageVersion": "1.7.1-7", "operator": "lt", "packageName": "icinga-cgi"}, {"operator": "lt", "OS": "Debian", "OSVersion": "7", "packageFilename": "icinga_1.7.1-7_s390x.deb", "packageVersion": "1.7.1-7", "arch": "s390x", "packageName": "icinga"}, {"packageFilename": "icinga_1.7.1-7_armel.deb", "operator": "lt", "arch": "armel", "OS": "Debian", "OSVersion": "7", "packageVersion": "1.7.1-7", "packageName": "icinga"}, {"OS": "Debian", "OSVersion": "7", "packageVersion": "1.7.1-7", "packageFilename": "icinga-idoutils_1.7.1-7_mips.deb", "operator": "lt", "arch": "mips", "packageName": "icinga-idoutils"}, {"operator": "lt", "OS": "Debian", "OSVersion": "7", "packageVersion": "1.7.1-7", "packageFilename": "icinga_1.7.1-7_armhf.deb", "arch": "armhf", "packageName": "icinga"}, {"OS": "Debian", "OSVersion": "7", "packageFilename": "icinga-core_1.7.1-7_amd64.deb", "packageVersion": "1.7.1-7", "operator": "lt", "arch": "amd64", "packageName": "icinga-core"}, {"arch": "powerpc", "OS": "Debian", "OSVersion": "7", "packageVersion": "1.7.1-7", "packageFilename": "icinga-idoutils_1.7.1-7_powerpc.deb", "operator": "lt", "packageName": "icinga-idoutils"}, {"OSVersion": "6", "packageFilename": "icinga-idoutils_1.0.2-2+squeeze2_amd64.deb", "OS": "Debian", "packageVersion": "1.0.2-2+squeeze2", "operator": "lt", "arch": "amd64", "packageName": "icinga-idoutils"}, {"packageFilename": "nagios3-dbg_3.4.1-3+deb7u2_i386.deb", "packageVersion": "3.4.1-3+deb7u2", "OS": "Debian", "OSVersion": "7", "arch": "i386", "operator": "lt", "packageName": "nagios3-dbg"}, {"arch": "all", "packageVersion": "3.5.1.dfsg-2+deb8u1", "OS": "Debian", "OSVersion": "8", "packageFilename": "nagios3-doc_3.5.1.dfsg-2+deb8u1_all.deb", "operator": "lt", "packageName": "nagios3-doc"}, {"packageVersion": "3.4.1-3+deb7u2", "packageFilename": "nagios3-cgi_3.4.1-3+deb7u2_amd64.deb", "OS": "Debian", "OSVersion": "7", "operator": "lt", "arch": "amd64", "packageName": "nagios3-cgi"}, {"OSVersion": "6", "packageFilename": "icinga-idoutils_1.0.2-2+squeeze2_i386.deb", "OS": "Debian", "packageVersion": "1.0.2-2+squeeze2", "arch": "i386", "operator": "lt", "packageName": "icinga-idoutils"}, {"packageFilename": "nagios3-dbg_3.4.1-3+deb7u2_armel.deb", "packageVersion": "3.4.1-3+deb7u2", "arch": "armel", "OS": "Debian", "OSVersion": "7", "operator": "lt", "packageName": "nagios3-dbg"}, {"arch": "all", "OSVersion": "6", "packageFilename": "icinga_1.0.2-2+squeeze2_all.deb", "OS": "Debian", "packageVersion": "1.0.2-2+squeeze2", "operator": "lt", "packageName": "icinga"}, {"OS": "Debian", "OSVersion": "7", "packageVersion": "1.7.1-7", "packageFilename": "icinga-core_1.7.1-7_armhf.deb", "arch": "armhf", "operator": "lt", "packageName": "icinga-core"}, {"OSVersion": "6", "OS": "Debian", "packageFilename": "icinga-core_1.0.2-2+squeeze2_i386.deb", "packageVersion": "1.0.2-2+squeeze2", "arch": "i386", "operator": "lt", "packageName": "icinga-core"}, {"arch": "armel", "packageVersion": "3.5.1.dfsg-2+deb8u1", "OS": "Debian", "OSVersion": "8", "operator": "lt", "packageFilename": "nagios3_3.5.1.dfsg-2+deb8u1_armel.deb", "packageName": "nagios3"}, {"operator": "lt", "OS": "Debian", "OSVersion": "7", "packageVersion": "1.7.1-7", "arch": "armhf", "packageFilename": "icinga-cgi_1.7.1-7_armhf.deb", "packageName": "icinga-cgi"}, {"OSVersion": "6", "operator": "lt", "OS": "Debian", "packageVersion": "1.0.2-2+squeeze2", "arch": "amd64", "packageFilename": "icinga_1.0.2-2+squeeze2_amd64.deb", "packageName": "icinga"}], "_object_type": "robots.models.debian.DebianBulletin", "_object_types": ["robots.models.debian.DebianBulletin", "robots.models.base.Bulletin"]}]}