Security vulnerabilities fixed in Firefox ESR 45.4
2016-09-13T00:00:00
ID MFSA2016-86 Type mozilla Reporter Mozilla Foundation Modified 2016-09-13T00:00:00
Description
CVE-2016-5270 - Heap-buffer-overflow in nsCaseTransformTextRunFactory::TransformString [high]
Reporter: Atte Kettunen
Description: An out-of-bounds write of a boolean value during text conversion with some unicode characters. [1291016]
CVE-2016-5272 - Bad cast in nsImageGeometryMixin [high]
Reporter: Abhishek Arya
Description: A bad cast when processing layout with input elements can result in a potentially exploitable crash. [1297934]
CVE-2016-5276 - Heap-use-after-free in mozilla::a11y::DocAccessible::ProcessInvalidationList [high]
Reporter: Nils
Description: A use-after-free vulnerability triggered by setting a aria-owns attribute [1287721]
CVE-2016-5274 - use-after-free in nsFrameManager::CaptureFrameState [high]
Reporter: Nils
Description: A use-after-free issue in web animations during restyling. [1282076]
CVE-2016-5277 - Heap-use-after-free in nsRefreshDriver::Tick [high]
Reporter: Nils
Description: A user-after-free vulnerability with web animations when destroying a timeline [1291665]
CVE-2016-5278 - Heap-buffer-overflow in nsBMPEncoder::AddImageFrame [critical]
Reporter: Nils
Description: A potentially exploitable crash caused by a buffer overflow while encoding image frames to images [1294677]
CVE-2016-5280 - Use-after-free in mozilla::nsTextNodeDirectionalityMap::RemoveElementFromMap [high]
Reporter: Mei Wang
Description: Use-after-free vulnerability when changing text direction [1289970]
CVE-2016-5281 - use-after-free in DOMSVGLength [high]
Reporter: Brian Carpenter
Description: Use-after-free vulnerability when manipulating SVG format content through script [1284690]
CVE-2016-5284 - Add-on update site certificate pin expiration [high]
Reporter: Ryan Duff
Description: Due to flaws in the process we used to update "Preloaded Public Key Pinning" in our releases, the pinning for add-on updates became ineffective in early September. An attacker who was able to get a mis-issued certificate for a Mozilla web site could send malicious add-on updates to users on networks controlled by the attacker. Users who have not installed any add-ons are not affected. [1303127]
CVE-2016-5250 - Resource Timing API is storing resources sent by the previous page [moderate]
Reporter: Catalin Dumitru
Description: URLs of resources loaded after a navigation started can leak to the following page through the Resource Timing API, leading to potential information disclosure. [1254688]
CVE-2016-5261 - Integer overflow and memory corruption in WebSocketChannel [high]
Reporter: Samuel Groß
Description: An integer overflow error in WebSockets during data buffering on incoming packets resulting in attacker controlled data being written at a known offset in the allocated buffer. [1287266]
CVE-2016-5257 - Memory safety bugs fixed in Firefox 49 and Firefox ESR 45.4 [critical]
Reporter: Mozilla developers
Description: Mozilla developers and community members Christoph Diehl, Andrew McCreight, Dan Minor, Byron Campen, Jon Coppeard, Steve Fink, Tyson Smith, Philipp, and Carsten Book reported memory safety bugs present in Firefox 48 and Firefox ESR 45.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort at least some of these could be exploited to run arbitrary code. [Memory safety bugs fixed in Firefox 49 and Firefox ESR 45.4]
{"hash": "cc19d10b1bfd1db29153f02863ee1c7483a879e75fa62b96847ebe5148153ee0", "id": "MFSA2016-86", "lastseen": "2016-09-20T16:55:17", "viewCount": 2, "hashmap": [{"hash": "c8cfa02b880197e6047c9388a6d9d1d3", "key": "affectedSoftware"}, {"hash": "f9fa10ba956cacf91d7878861139efb9", "key": "bulletinFamily"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvelist"}, {"hash": "d4be9c4fc84262b4f39f89565918568f", "key": "cvss"}, {"hash": "046625b8611063360f6904e87b15238c", "key": "description"}, {"hash": "be66f8d654a23449527a6d47c0f70d12", "key": "href"}, {"hash": "a6b67d250d46fe1e7b3a11ecda12a7d7", "key": "modified"}, {"hash": "777d45bbbcdf50d49c42c70ad7acf5fe", "key": "objectVersion"}, {"hash": "a6b67d250d46fe1e7b3a11ecda12a7d7", "key": "published"}, {"hash": "ba7fab650510d1fb05a5779092ee045c", "key": "references"}, {"hash": "69b8c22deabb5fe0d45054681cf9eafc", "key": "reporter"}, {"hash": "3d53b51d16d431cec1c442549559a8c4", "key": "title"}, {"hash": "dbeb1c32b66fd7717de583d999f89ec3", "key": "type"}], "bulletinFamily": "software", "cvss": {"score": 0.0, "vector": "NONE"}, "edition": 1, "enchantments": {"score": {"value": 9.3, "vector": "NONE"}, "dependencies": {"references": [{"type": "nessus", "idList": ["SUSE_SU-2016-3222-1.NASL", "SUSE_SU-2016-3210-1.NASL", "SUSE_SU-2016-3223-1.NASL", "SUSE_SU-2016-3080-1.NASL", "REDHAT-RHSA-2016-2850.NASL", "REDHAT-RHSA-2016-2843.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310809324", "OPENVAS:1361412562310809326", "OPENVAS:1361412562310809327", "OPENVAS:1361412562310809325"]}, {"type": "cve", "idList": ["CVE-2016-5284", "CVE-2016-5281", "CVE-2016-5280", "CVE-2016-5278", "CVE-2016-5277", "CVE-2016-5276", "CVE-2016-5274", "CVE-2016-5272", "CVE-2016-5270", "CVE-2016-5257"]}], "modified": "2016-09-20T16:55:17"}, "vulnersScore": 9.3}, "type": "mozilla", "description": "CVE-2016-5270 - Heap-buffer-overflow in nsCaseTransformTextRunFactory::TransformString [high]\nReporter: Atte Kettunen\nDescription: An out-of-bounds write of a boolean value during text conversion with some unicode characters. [1291016]\n\nCVE-2016-5272 - Bad cast in nsImageGeometryMixin [high]\nReporter: Abhishek Arya\nDescription: A bad cast when processing layout with input elements can result in a potentially exploitable crash. [1297934]\n\nCVE-2016-5276 - Heap-use-after-free in mozilla::a11y::DocAccessible::ProcessInvalidationList [high]\nReporter: Nils\nDescription: A use-after-free vulnerability triggered by setting a aria-owns attribute [1287721]\n\nCVE-2016-5274 - use-after-free in nsFrameManager::CaptureFrameState [high]\nReporter: Nils\nDescription: A use-after-free issue in web animations during restyling. [1282076]\n\nCVE-2016-5277 - Heap-use-after-free in nsRefreshDriver::Tick [high]\nReporter: Nils\nDescription: A user-after-free vulnerability with web animations when destroying a timeline [1291665]\n\nCVE-2016-5278 - Heap-buffer-overflow in nsBMPEncoder::AddImageFrame [critical]\nReporter: Nils\nDescription: A potentially exploitable crash caused by a buffer overflow while encoding image frames to images [1294677]\n\nCVE-2016-5280 - Use-after-free in mozilla::nsTextNodeDirectionalityMap::RemoveElementFromMap [high]\nReporter: Mei Wang\nDescription: Use-after-free vulnerability when changing text direction [1289970]\n\nCVE-2016-5281 - use-after-free in DOMSVGLength [high]\nReporter: Brian Carpenter\nDescription: Use-after-free vulnerability when manipulating SVG format content through script [1284690]\n\nCVE-2016-5284 - Add-on update site certificate pin expiration [high]\nReporter: Ryan Duff\nDescription: Due to flaws in the process we used to update \"Preloaded Public Key Pinning\" in our releases, the pinning for add-on updates became ineffective in early September. An attacker who was able to get a mis-issued certificate for a Mozilla web site could send malicious add-on updates to users on networks controlled by the attacker. Users who have not installed any add-ons are not affected. [1303127]\n\nCVE-2016-5250 - Resource Timing API is storing resources sent by the previous page [moderate]\nReporter: Catalin Dumitru \nDescription: URLs of resources loaded after a navigation started can leak to the following page through the Resource Timing API, leading to potential information disclosure. [1254688]\n\nCVE-2016-5261 - Integer overflow and memory corruption in WebSocketChannel [high]\nReporter: Samuel Gro\u00df\nDescription: An integer overflow error in WebSockets during data buffering on incoming packets resulting in attacker controlled data being written at a known offset in the allocated buffer. [1287266]\n\nCVE-2016-5257 - Memory safety bugs fixed in Firefox 49 and Firefox ESR 45.4 [critical]\nReporter: Mozilla developers\nDescription: Mozilla developers and community members Christoph Diehl, Andrew McCreight, Dan Minor, Byron Campen, Jon Coppeard, Steve Fink, Tyson Smith, Philipp, and Carsten Book reported memory safety bugs present in Firefox 48 and Firefox ESR 45.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort at least some of these could be exploited to run arbitrary code. [Memory safety bugs fixed in Firefox 49 and Firefox ESR 45.4]", "title": "Security vulnerabilities fixed in Firefox ESR 45.4", "history": [], "objectVersion": "1.2", "cvelist": [], "published": "2016-09-13T00:00:00", "references": ["https://bugzilla.mozilla.org/show_bug.cgi?id=1297934", "https://bugzilla.mozilla.org/show_bug.cgi?id=1289970", "https://bugzilla.mozilla.org/show_bug.cgi?id=1303127", "https://bugzilla.mozilla.org/show_bug.cgi?id=1291016", "https://bugzilla.mozilla.org/show_bug.cgi?id=1284690", "https://bugzilla.mozilla.org/show_bug.cgi?id=1287721", "https://bugzilla.mozilla.org/show_bug.cgi?id=1291665", "https://bugzilla.mozilla.org/show_bug.cgi?id=1254688", "https://bugzilla.mozilla.org/show_bug.cgi?id=1287266", "https://blog.mozilla.org/security/2016/09/16/update-on-add-on-pinning-vulnerability/", "https://bugzilla.mozilla.org/show_bug.cgi?id=1282076", "https://bugzilla.mozilla.org/show_bug.cgi?id=1294677"], "reporter": "Mozilla Foundation", "affectedSoftware": [{"version": "45.4", "name": "Firefox ESR", "operator": "lt"}], "modified": "2016-09-13T00:00:00", "href": "http://www.mozilla.org/en-US/security/advisories/mfsa2016-86/"}
{"nessus": [{"lastseen": "2018-09-01T23:51:17", "bulletinFamily": "scanner", "description": "New python packages are available for Slackware 14.0, 14.1, 14.2, and\n-current to fix a security issue.", "modified": "2017-09-25T00:00:00", "published": "2017-09-25T00:00:00", "id": "SLACKWARE_SSA_2017-266-02.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=103424", "title": "Slackware 14.0 / 14.1 / 14.2 / current : python (SSA:2017-266-02)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Slackware Security Advisory 2017-266-02. The text \n# itself is copyright (C) Slackware Linux, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(103424);\n script_version(\"$Revision: 3.1 $\");\n script_cvs_date(\"$Date: 2017/09/25 13:28:56 $\");\n\n script_cve_id(\"CVE-2016-0718\", \"CVE-2016-4472\", \"CVE-2016-9063\", \"CVE-2017-9233\");\n script_xref(name:\"SSA\", value:\"2017-266-02\");\n\n script_name(english:\"Slackware 14.0 / 14.1 / 14.2 / current : python (SSA:2017-266-02)\");\n script_summary(english:\"Checks for updated package in /var/log/packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Slackware host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"New python packages are available for Slackware 14.0, 14.1, 14.2, and\n-current to fix a security issue.\"\n );\n # http://www.slackware.com/security/viewer.php?l=slackware-security&y=2017&m=slackware-security.436421\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?9e0c1fdd\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected python package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:slackware:slackware_linux:python\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:14.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:14.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:14.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/09/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/09/25\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017 Tenable Network Security, Inc.\");\n script_family(english:\"Slackware Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Slackware/release\", \"Host/Slackware/packages\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"slackware.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Slackware/release\")) audit(AUDIT_OS_NOT, \"Slackware\");\nif (!get_kb_item(\"Host/Slackware/packages\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Slackware\", cpu);\n\n\nflag = 0;\nif (slackware_check(osver:\"14.0\", pkgname:\"python\", pkgver:\"2.7.14\", pkgarch:\"i486\", pkgnum:\"1_slack14.0\")) flag++;\nif (slackware_check(osver:\"14.0\", arch:\"x86_64\", pkgname:\"python\", pkgver:\"2.7.14\", pkgarch:\"x86_64\", pkgnum:\"1_slack14.0\")) flag++;\n\nif (slackware_check(osver:\"14.1\", pkgname:\"python\", pkgver:\"2.7.14\", pkgarch:\"i486\", pkgnum:\"1_slack14.1\")) flag++;\nif (slackware_check(osver:\"14.1\", arch:\"x86_64\", pkgname:\"python\", pkgver:\"2.7.14\", pkgarch:\"x86_64\", pkgnum:\"1_slack14.1\")) flag++;\n\nif (slackware_check(osver:\"14.2\", pkgname:\"python\", pkgver:\"2.7.14\", pkgarch:\"i586\", pkgnum:\"1_slack14.2\")) flag++;\nif (slackware_check(osver:\"14.2\", arch:\"x86_64\", pkgname:\"python\", pkgver:\"2.7.14\", pkgarch:\"x86_64\", pkgnum:\"1_slack14.2\")) flag++;\n\nif (slackware_check(osver:\"current\", pkgname:\"python\", pkgver:\"2.7.14\", pkgarch:\"i586\", pkgnum:\"1\")) flag++;\nif (slackware_check(osver:\"current\", arch:\"x86_64\", pkgname:\"python\", pkgver:\"2.7.14\", pkgarch:\"x86_64\", pkgnum:\"1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:slackware_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-02-21T01:30:32", "bulletinFamily": "scanner", "description": "According to the versions of the nss nss-util packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - Multiple buffer handling flaws were found in the way NSS handled cryptographic data from the network. A remote attacker could use these flaws to crash an application using NSS or, possibly, execute arbitrary code with the permission of the user running the application. (CVE-2016-2834)\n\n - A NULL pointer dereference flaw was found in the way NSS handled invalid Diffie-Hellman keys. A remote client could use this flaw to crash a TLS/SSL server using NSS. (CVE-2016-5285)\n\n - It was found that Diffie Hellman Client key exchange handling in NSS was vulnerable to small subgroup confinement attack. An attacker could use this flaw to recover private keys by confining the client DH key to small subgroup of the desired group. (CVE-2016-8635)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "modified": "2018-11-14T00:00:00", "id": "EULEROS_SA-2016-1084.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=99843", "published": "2017-05-01T00:00:00", "title": "EulerOS 2.0 SP1 : nss\nnss-util (EulerOS-SA-2016-1084)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(99843);\n script_version(\"1.9\");\n script_cvs_date(\"Date: 2018/11/14 14:36:22\");\n\n script_cve_id(\n \"CVE-2016-2834\",\n \"CVE-2016-5285\",\n \"CVE-2016-8635\"\n );\n\n script_name(english:\"EulerOS 2.0 SP1 : nss\nnss-util (EulerOS-SA-2016-1084)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the nss nss-util packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - Multiple buffer handling flaws were found in the way\n NSS handled cryptographic data from the network. A\n remote attacker could use these flaws to crash an\n application using NSS or, possibly, execute arbitrary\n code with the permission of the user running the\n application. (CVE-2016-2834)\n\n - A NULL pointer dereference flaw was found in the way\n NSS handled invalid Diffie-Hellman keys. A remote\n client could use this flaw to crash a TLS/SSL server\n using NSS. (CVE-2016-5285)\n\n - It was found that Diffie Hellman Client key exchange\n handling in NSS was vulnerable to small subgroup\n confinement attack. An attacker could use this flaw to\n recover private keys by confining the client DH key to\n small subgroup of the desired group. (CVE-2016-8635)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huawei.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2016-1084\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?b3999ccf\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected nss\nnss-util packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/11/16\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:nss\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:nss-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:nss-sysinit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:nss-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:nss-util\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:nss-util-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/05/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(1)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP1\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP1\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\n\nflag = 0;\n\npkgs = [\"nss-3.21.3-2\",\n \"nss-devel-3.21.3-2\",\n \"nss-sysinit-3.21.3-2\",\n \"nss-tools-3.21.3-2\",\n \"nss-util-3.21.3-1.1\",\n \"nss-util-devel-3.21.3-1.1\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"1\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"nss\nnss-util\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-02-21T01:30:31", "bulletinFamily": "scanner", "description": "According to the versions of the firefox package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - Mozilla Firefox before 48.0 allows remote attackers to obtain sensitive information about the previously retrieved page via Resource Timing API calls.(CVE-2016-5250)\n\n - Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 49.0 and Firefox ESR 45.x before 45.4 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.(CVE-2016-5257)\n\n - Integer overflow in the WebSocketChannel class in the WebSockets subsystem in Mozilla Firefox before 48.0 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted packets that trigger incorrect buffer-resize operations during buffering.(CVE-2016-5261)\n\n - Heap-based buffer overflow in the nsCaseTransformTextRunFactory::TransformString function in Mozilla Firefox before 49.0 and Firefox ESR 45.x before 45.4 allows remote attackers to cause a denial of service (boolean out-of-bounds write) or possibly have unspecified other impact via Unicode characters that are mishandled during text conversion.(CVE-2016-5270)\n\n - The nsImageGeometryMixin class in Mozilla Firefox before 49.0 and Firefox ESR 45.x before 45.4 does not properly perform a cast of an unspecified variable during handling of INPUT elements, which allows remote attackers to execute arbitrary code via a crafted web site.(CVE-2016-5272)\n\n - Use-after-free vulnerability in the nsFrameManager::CaptureFrameState function in Mozilla Firefox before 49.0 and Firefox ESR 45.x before 45.4 allows remote attackers to execute arbitrary code by leveraging improper interaction between restyling and the Web Animations model implementation.(CVE-2016-5274)\n\n - Use-after-free vulnerability in the mozilla::a11y::DocAccessible::ProcessInvalidationList function in Mozilla Firefox before 49.0 and Firefox ESR 45.x before 45.4 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via an aria-owns attribute.(CVE-2016-5276)\n\n - Use-after-free vulnerability in the nsRefreshDriver::Tick function in Mozilla Firefox before 49.0 and Firefox ESR 45.x before 45.4 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) by leveraging improper interaction between timeline destruction and the Web Animations model implementation.(CVE-2016-5277)\n\n - Heap-based buffer overflow in the nsBMPEncoder::AddImageFrame function in Mozilla Firefox before 49.0 and Firefox ESR 45.x before 45.4 allows remote attackers to execute arbitrary code via a crafted image data that is mishandled during the encoding of an image frame to an image.(CVE-2016-5278)\n\n - Use-after-free vulnerability in the mozilla::nsTextNodeDirectionalityMap::RemoveElementFrom Map function in Mozilla Firefox before 49.0 and Firefox ESR 45.x before 45.4 allows remote attackers to execute arbitrary code via bidirectional text.(CVE-2016-5280)\n\n - Use-after-free vulnerability in the DOMSVGLength class in Mozilla Firefox before 49.0 and Firefox ESR 45.x before 45.4 allows remote attackers to execute arbitrary code by leveraging improper interaction between JavaScript code and an SVG document.(CVE-2016-5281)\n\n - Mozilla Firefox before 49.0 and Firefox ESR 45.x before 45.4 rely on unintended expiration dates for Preloaded Public Key Pinning, which allows man-in-the-middle attackers to spoof add-on updates by leveraging possession of an X.509 server certificate for addons.mozilla.org signed by an arbitrary built-in Certification Authority.(CVE-2016-5284)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "modified": "2019-01-08T00:00:00", "id": "EULEROS_SA-2016-1046.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=99809", "published": "2017-05-01T00:00:00", "title": "EulerOS 2.0 SP1 : firefox (EulerOS-SA-2016-1046)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(99809);\n script_version(\"1.25\");\n script_cvs_date(\"Date: 2019/01/08 11:01:15\");\n\n script_cve_id(\n \"CVE-2016-5250\",\n \"CVE-2016-5257\",\n \"CVE-2016-5261\",\n \"CVE-2016-5270\",\n \"CVE-2016-5272\",\n \"CVE-2016-5274\",\n \"CVE-2016-5276\",\n \"CVE-2016-5277\",\n \"CVE-2016-5278\",\n \"CVE-2016-5280\",\n \"CVE-2016-5281\",\n \"CVE-2016-5284\"\n );\n\n script_name(english:\"EulerOS 2.0 SP1 : firefox (EulerOS-SA-2016-1046)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the firefox package installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - Mozilla Firefox before 48.0 allows remote attackers to\n obtain sensitive information about the previously\n retrieved page via Resource Timing API\n calls.(CVE-2016-5250)\n\n - Multiple unspecified vulnerabilities in the browser\n engine in Mozilla Firefox before 49.0 and Firefox ESR\n 45.x before 45.4 allow remote attackers to cause a\n denial of service (memory corruption and application\n crash) or possibly execute arbitrary code via unknown\n vectors.(CVE-2016-5257)\n\n - Integer overflow in the WebSocketChannel class in the\n WebSockets subsystem in Mozilla Firefox before 48.0\n allows remote attackers to execute arbitrary code or\n cause a denial of service (memory corruption) via\n crafted packets that trigger incorrect buffer-resize\n operations during buffering.(CVE-2016-5261)\n\n - Heap-based buffer overflow in the\n nsCaseTransformTextRunFactory::TransformString function\n in Mozilla Firefox before 49.0 and Firefox ESR 45.x\n before 45.4 allows remote attackers to cause a denial\n of service (boolean out-of-bounds write) or possibly\n have unspecified other impact via Unicode characters\n that are mishandled during text\n conversion.(CVE-2016-5270)\n\n - The nsImageGeometryMixin class in Mozilla Firefox\n before 49.0 and Firefox ESR 45.x before 45.4 does not\n properly perform a cast of an unspecified variable\n during handling of INPUT elements, which allows remote\n attackers to execute arbitrary code via a crafted web\n site.(CVE-2016-5272)\n\n - Use-after-free vulnerability in the\n nsFrameManager::CaptureFrameState function in Mozilla\n Firefox before 49.0 and Firefox ESR 45.x before 45.4\n allows remote attackers to execute arbitrary code by\n leveraging improper interaction between restyling and\n the Web Animations model implementation.(CVE-2016-5274)\n\n - Use-after-free vulnerability in the\n mozilla::a11y::DocAccessible::ProcessInvalidationList\n function in Mozilla Firefox before 49.0 and Firefox ESR\n 45.x before 45.4 allows remote attackers to execute\n arbitrary code or cause a denial of service (heap\n memory corruption) via an aria-owns\n attribute.(CVE-2016-5276)\n\n - Use-after-free vulnerability in the\n nsRefreshDriver::Tick function in Mozilla Firefox\n before 49.0 and Firefox ESR 45.x before 45.4 allows\n remote attackers to execute arbitrary code or cause a\n denial of service (heap memory corruption) by\n leveraging improper interaction between timeline\n destruction and the Web Animations model\n implementation.(CVE-2016-5277)\n\n - Heap-based buffer overflow in the\n nsBMPEncoder::AddImageFrame function in Mozilla Firefox\n before 49.0 and Firefox ESR 45.x before 45.4 allows\n remote attackers to execute arbitrary code via a\n crafted image data that is mishandled during the\n encoding of an image frame to an image.(CVE-2016-5278)\n\n - Use-after-free vulnerability in the\n mozilla::nsTextNodeDirectionalityMap::RemoveElementFrom\n Map function in Mozilla Firefox before 49.0 and Firefox\n ESR 45.x before 45.4 allows remote attackers to execute\n arbitrary code via bidirectional text.(CVE-2016-5280)\n\n - Use-after-free vulnerability in the DOMSVGLength class\n in Mozilla Firefox before 49.0 and Firefox ESR 45.x\n before 45.4 allows remote attackers to execute\n arbitrary code by leveraging improper interaction\n between JavaScript code and an SVG\n document.(CVE-2016-5281)\n\n - Mozilla Firefox before 49.0 and Firefox ESR 45.x before\n 45.4 rely on unintended expiration dates for Preloaded\n Public Key Pinning, which allows man-in-the-middle\n attackers to spoof add-on updates by leveraging\n possession of an X.509 server certificate for\n addons.mozilla.org signed by an arbitrary built-in\n Certification Authority.(CVE-2016-5284)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huawei.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2016-1046\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?4bff0400\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected firefox packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/09/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/05/01\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:firefox\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(1)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP1\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP1\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\n\nflag = 0;\n\npkgs = [\"firefox-45.4.0-1\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"1\", reference:pkg, allowmaj:TRUE)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"firefox\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-02-21T01:30:30", "bulletinFamily": "scanner", "description": "According to the versions of the nss nspr nss-softokn nss-util packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - A use-after-free flaw was found in the way NSS handled DHE (Diffie-Hellman key exchange) and ECDHE (Elliptic Curve Diffie-Hellman key exchange) handshake messages.\n A remote attacker could send a specially crafted handshake message that, when parsed by an application linked against NSS, would cause that application to crash or, under certain special conditions, execute arbitrary code using the permissions of the user running the application.(CVE-2016-1978)\n\n - A use-after-free flaw was found in the way NSS processed certain DER (Distinguished Encoding Rules) encoded cryptographic keys. An attacker could use this flaw to create a specially crafted DER encoded certificate which, when parsed by an application compiled against the NSS library, could cause that application to crash, or execute arbitrary code using the permissions of the user running the application.\n (CVE-2016-1979)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "modified": "2018-11-14T00:00:00", "id": "EULEROS_SA-2016-1017.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=99780", "published": "2017-05-01T00:00:00", "title": "EulerOS 2.0 SP1 : nss\nnspr\nnss-softokn\nnss-util (EulerOS-SA-2016-1017)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(99780);\n script_version(\"1.9\");\n script_cvs_date(\"Date: 2018/11/14 14:36:22\");\n\n script_cve_id(\n \"CVE-2016-1978\",\n \"CVE-2016-1979\"\n );\n\n script_name(english:\"EulerOS 2.0 SP1 : nss\nnspr\nnss-softokn\nnss-util (EulerOS-SA-2016-1017)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the nss nspr nss-softokn nss-util\npackages installed, the EulerOS installation on the remote host is\naffected by the following vulnerabilities :\n\n - A use-after-free flaw was found in the way NSS handled\n DHE (Diffie-Hellman key exchange) and ECDHE (Elliptic\n Curve Diffie-Hellman key exchange) handshake messages.\n A remote attacker could send a specially crafted\n handshake message that, when parsed by an application\n linked against NSS, would cause that application to\n crash or, under certain special conditions, execute\n arbitrary code using the permissions of the user\n running the application.(CVE-2016-1978)\n\n - A use-after-free flaw was found in the way NSS\n processed certain DER (Distinguished Encoding Rules)\n encoded cryptographic keys. An attacker could use this\n flaw to create a specially crafted DER encoded\n certificate which, when parsed by an application\n compiled against the NSS library, could cause that\n application to crash, or execute arbitrary code using\n the permissions of the user running the application.\n (CVE-2016-1979)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huawei.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2016-1017\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?e9fa7f8a\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected nss\nnspr\nnss-softokn\nnss-util packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/04/25\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:nspr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:nspr-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:nss\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:nss-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:nss-softokn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:nss-softokn-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:nss-softokn-freebl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:nss-softokn-freebl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:nss-sysinit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:nss-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:nss-util\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:nss-util-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/05/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(1)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP1\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP1\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\n\nflag = 0;\n\npkgs = [\"nspr-4.11.0-1\",\n \"nspr-devel-4.11.0-1\",\n \"nss-3.21.0-9\",\n \"nss-devel-3.21.0-9\",\n \"nss-softokn-3.16.2.3-14.2\",\n \"nss-softokn-devel-3.16.2.3-14.2\",\n \"nss-softokn-freebl-3.16.2.3-14.2\",\n \"nss-softokn-freebl-devel-3.16.2.3-14.2\",\n \"nss-sysinit-3.21.0-9\",\n \"nss-tools-3.21.0-9\",\n \"nss-util-3.21.0-2.2\",\n \"nss-util-devel-3.21.0-2.2\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"1\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"nss\nnspr\nnss-softokn\nnss-util\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-02-21T01:30:33", "bulletinFamily": "scanner", "description": "According to the version of the expat packages installed, the EulerOS installation on the remote host is affected by the following vulnerability :\n\n - An out-of-bounds read flaw was found in the way Expat processed certain input. A remote attacker could send specially crafted XML that, when parsed by an application using the Expat library, would cause that application to crash or, possibly, execute arbitrary code with the permission of the user running the application.(CVE-2016-0718)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "modified": "2018-11-14T00:00:00", "id": "EULEROS_SA-2017-1002.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=99849", "published": "2017-05-01T00:00:00", "title": "EulerOS 2.0 SP1 : expat (EulerOS-SA-2017-1002)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(99849);\n script_version(\"1.9\");\n script_cvs_date(\"Date: 2018/11/14 14:36:22\");\n\n script_cve_id(\n \"CVE-2016-0718\"\n );\n\n script_name(english:\"EulerOS 2.0 SP1 : expat (EulerOS-SA-2017-1002)\");\n script_summary(english:\"Checks the rpm output for the updated package.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the version of the expat packages installed, the EulerOS\ninstallation on the remote host is affected by the following\nvulnerability :\n\n - An out-of-bounds read flaw was found in the way Expat\n processed certain input. A remote attacker could send\n specially crafted XML that, when parsed by an\n application using the Expat library, would cause that\n application to crash or, possibly, execute arbitrary\n code with the permission of the user running the\n application.(CVE-2016-0718)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huawei.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2017-1002\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?1767d439\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected expat package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/01/07\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:expat\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:expat-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/05/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(1)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP1\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP1\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\n\nflag = 0;\n\npkgs = [\"expat-2.1.0-10\",\n \"expat-devel-2.1.0-10\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"1\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"expat\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-02-21T01:30:30", "bulletinFamily": "scanner", "description": "According to the version of the nss-util packages installed, the EulerOS installation on the remote host is affected by the following vulnerability :\n\n - A heap-based buffer overflow flaw was found in the way NSS parsed certain ASN.1 structures. An attacker could use this flaw to create a specially crafted certificate which, when parsed by NSS, could cause it to crash, or execute arbitrary code, using the permissions of the user running an application compiled against the NSS library.(CVE-2016-1950)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "modified": "2018-11-14T00:00:00", "id": "EULEROS_SA-2016-1003.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=99766", "published": "2017-05-01T00:00:00", "title": "EulerOS 2.0 SP1 : nss-util (EulerOS-SA-2016-1003)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(99766);\n script_version(\"1.8\");\n script_cvs_date(\"Date: 2018/11/14 14:36:22\");\n\n script_cve_id(\n \"CVE-2016-1950\"\n );\n\n script_name(english:\"EulerOS 2.0 SP1 : nss-util (EulerOS-SA-2016-1003)\");\n script_summary(english:\"Checks the rpm output for the updated package.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the version of the nss-util packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerability :\n\n - A heap-based buffer overflow flaw was found in the way\n NSS parsed certain ASN.1 structures. An attacker could\n use this flaw to create a specially crafted certificate\n which, when parsed by NSS, could cause it to crash, or\n execute arbitrary code, using the permissions of the\n user running an application compiled against the NSS\n library.(CVE-2016-1950)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huawei.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2016-1003\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?2a6a40bb\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected nss-util package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/03/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:nss-util\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:nss-util-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/05/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(1)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP1\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP1\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\n\nflag = 0;\n\npkgs = [\"nss-util-3.21.0-3\",\n \"nss-util-devel-3.21.0-3\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"1\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"nss-util\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-02-21T01:30:30", "bulletinFamily": "scanner", "description": "According to the versions of the graphite2 package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - Various vulnerabilities have been discovered in Graphite2. An attacker able to trick an unsuspecting user into opening specially crafted font files in an application using Graphite2 could exploit these flaws to cause the application to crash or, potentially, execute arbitrary code with the privileges of the application. (CVE-2016-1521, CVE-2016-1522, CVE-2016-1523, CVE-2016-1526)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "modified": "2018-11-14T00:00:00", "id": "EULEROS_SA-2016-1013.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=99776", "published": "2017-05-01T00:00:00", "title": "EulerOS 2.0 SP1 : graphite2 (EulerOS-SA-2016-1013)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(99776);\n script_version(\"1.9\");\n script_cvs_date(\"Date: 2018/11/14 14:36:22\");\n\n script_cve_id(\n \"CVE-2016-1521\",\n \"CVE-2016-1522\",\n \"CVE-2016-1523\",\n \"CVE-2016-1526\"\n );\n\n script_name(english:\"EulerOS 2.0 SP1 : graphite2 (EulerOS-SA-2016-1013)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the graphite2 package installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - Various vulnerabilities have been discovered in\n Graphite2. An attacker able to trick an unsuspecting\n user into opening specially crafted font files in an\n application using Graphite2 could exploit these flaws\n to cause the application to crash or, potentially,\n execute arbitrary code with the privileges of the\n application. (CVE-2016-1521, CVE-2016-1522,\n CVE-2016-1523, CVE-2016-1526)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huawei.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2016-1013\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?8e5249d9\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected graphite2 packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/04/05\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:graphite2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/05/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(1)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP1\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP1\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\n\nflag = 0;\n\npkgs = [\"graphite2-1.3.6-1\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"1\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"graphite2\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-02-21T01:30:30", "bulletinFamily": "scanner", "description": "According to the versions of the firefox package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2016-1952, CVE-2016-1954, CVE-2016-1957, CVE-2016-1958, CVE-2016-1960, CVE-2016-1961, CVE-2016-1962, CVE-2016-1973, CVE-2016-1974, CVE-2016-1964, CVE-2016-1965, CVE-2016-1966)\n\n - Multiple security flaws were found in the graphite2 font library shipped with Firefox. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2016-1977, CVE-2016-2790, CVE-2016-2791, CVE-2016-2792, CVE-2016-2793, CVE-2016-2794, CVE-2016-2795, CVE-2016-2796, CVE-2016-2797, CVE-2016-2798, CVE-2016-2799, CVE-2016-2800, CVE-2016-2801, CVE-2016-2802)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "modified": "2018-11-14T00:00:00", "id": "EULEROS_SA-2016-1002.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=99765", "published": "2017-05-01T00:00:00", "title": "EulerOS 2.0 SP1 : firefox (EulerOS-SA-2016-1002)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(99765);\n script_version(\"1.8\");\n script_cvs_date(\"Date: 2018/11/14 14:36:22\");\n\n script_cve_id(\n \"CVE-2016-1952\",\n \"CVE-2016-1954\",\n \"CVE-2016-1957\",\n \"CVE-2016-1958\",\n \"CVE-2016-1960\",\n \"CVE-2016-1961\",\n \"CVE-2016-1962\",\n \"CVE-2016-1964\",\n \"CVE-2016-1965\",\n \"CVE-2016-1966\",\n \"CVE-2016-1973\",\n \"CVE-2016-1974\",\n \"CVE-2016-1977\",\n \"CVE-2016-2790\",\n \"CVE-2016-2791\",\n \"CVE-2016-2792\",\n \"CVE-2016-2793\",\n \"CVE-2016-2794\",\n \"CVE-2016-2795\",\n \"CVE-2016-2796\",\n \"CVE-2016-2797\",\n \"CVE-2016-2798\",\n \"CVE-2016-2799\",\n \"CVE-2016-2800\",\n \"CVE-2016-2801\",\n \"CVE-2016-2802\"\n );\n\n script_name(english:\"EulerOS 2.0 SP1 : firefox (EulerOS-SA-2016-1002)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the firefox package installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - Several flaws were found in the processing of malformed\n web content. A web page containing malicious content\n could cause Firefox to crash or, potentially, execute\n arbitrary code with the privileges of the user running\n Firefox. (CVE-2016-1952, CVE-2016-1954, CVE-2016-1957,\n CVE-2016-1958, CVE-2016-1960, CVE-2016-1961,\n CVE-2016-1962, CVE-2016-1973, CVE-2016-1974,\n CVE-2016-1964, CVE-2016-1965, CVE-2016-1966)\n\n - Multiple security flaws were found in the graphite2\n font library shipped with Firefox. A web page\n containing malicious content could cause Firefox to\n crash or, potentially, execute arbitrary code with the\n privileges of the user running Firefox. (CVE-2016-1977,\n CVE-2016-2790, CVE-2016-2791, CVE-2016-2792,\n CVE-2016-2793, CVE-2016-2794, CVE-2016-2795,\n CVE-2016-2796, CVE-2016-2797, CVE-2016-2798,\n CVE-2016-2799, CVE-2016-2800, CVE-2016-2801,\n CVE-2016-2802)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huawei.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2016-1002\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?43f49690\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected firefox packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/03/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:firefox\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/05/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(1)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP1\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP1\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\n\nflag = 0;\n\npkgs = [\"firefox-38.7.0-1\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"1\", reference:pkg, allowmaj:TRUE)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"firefox\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-02-21T01:30:13", "bulletinFamily": "scanner", "description": "The remote OracleVM system is missing necessary patches to address critical security updates :\n\nnss\n\n - Added nss-vendor.patch to change vendor\n\n - Temporarily disable some tests until expired PayPalEE.cert is renewed\n\n - Rebase to 3.28.4\n\n - Fix crash with tstclnt -W\n\n - Adjust gtests to run with our old softoken and downstream patches\n\n - Avoid cipher suite ordering change, spotted by Hubert Kario\n\n - Rebase to 3.28.3\n\n - Remove upstreamed moz-1282627-rh-1294606.patch, moz-1312141-rh-1387811.patch, moz-1315936.patch, and moz-1318561.patch\n\n - Remove no longer necessary nss-duplicate-ciphers.patch\n\n - Disable X25519 and exclude tests using it\n\n - Catch failed ASN1 decoding of RSA keys, by Kamil Dudka (#1427481)\n\n - Update expired PayPalEE.cert\n\n - Disable unsupported test cases in ssl_gtests\n\n - Adjust the sslstress.txt filename so that it matches with the disableSSL2tests patch ported from RHEL 7\n\n - Exclude SHA384 and CHACHA20_POLY1305 ciphersuites from stress tests\n\n - Don't add gtests and ssl_gtests to nss_tests, unless gtests are enabled\n\n - Add patch to fix SSL CA name leaks, taken from NSS 3.27.2 release\n\n - Add patch to fix bash syntax error in tests/ssl.sh\n\n - Add patch to remove duplicate ciphersuites entries in sslinfo.c\n\n - Add patch to abort selfserv/strsclnt/tstclnt on non-parsable version range\n\n - Build with support for SSLKEYLOGFILE\n\n - Update fix_multiple_open patch to fix regression in openldap client\n\n - Remove pk11_genobj_leak patch, which caused crash with Firefox\n\n - Add comment in the policy file to preserve the last empty line\n\n - Disable SHA384 ciphersuites when CKM_TLS12_KEY_AND_MAC_DERIVE is not provided by softoken this superseds check_hash_impl patch\n\n - Fix problem in check_hash_impl patch\n\n - Add patch to check if hash algorithms are backed by a token\n\n - Add patch to disable TLS_ECDHE_[RSA,ECDSA]_WITH_AES_128_CBC_SHA256, which have never enabled in the past\n\n - Add upstream patch to fix a crash. Mozilla #1315936\n\n - Disable the use of RSA-PSS with SSL/TLS. #1390161\n\n - Use updated upstream patch for RH bug 1387811\n\n - Added upstream patches to fix RH bugs 1057388, 1294606, 1387811\n\n - Enable gtests when requested\n\n - Rebase to NSS 3.27.1\n\n - Remove nss-646045.patch, which is not necessary\n\n - Remove p-disable-md5-590364-reversed.patch, which is no-op here, because the patched code is removed later in %setup\n\n - Remove disable_hw_gcm.patch, which is no-op here, because the patched code is removed later in %setup.\n Also remove NSS_DISABLE_HW_GCM setting, which was only required for RHEL 5\n\n - Add Bug-1001841-disable-sslv2-libssl.patch and Bug-1001841-disable-sslv2-tests.patch, which completedly disable EXPORT ciphersuites. Ported from RHEL 7\n\n - Remove disable-export-suites-tests.patch, which is covered by Bug-1001841-disable-sslv2-tests.patch\n\n - Remove nss-ca-2.6-enable-legacy.patch, as we decided to not allow 1024 legacy CA certificates\n\n - Remove ssl-server-min-key-sizes.patch, as we decided to support DH key size greater than 1023 bits\n\n - Remove nss-init-ss-sec-certs-null.patch, which appears to be no-op, as it clears memory area allocated with PORT_ZAlloc\n\n - Remove nss-disable-sslv2-libssl.patch, nss-disable-sslv2-tests.patch, sslauth-no-v2.patch, and nss-sslstress-txt-ssl3-lower-value-in-range.patch as SSLv2 is already disabled in upstream\n\n - Remove fix-nss-test-filtering.patch, which is fixed in upstream\n\n - Add nss-check-policy-file.patch from Fedora\n\n - Install policy config in /etc/pki/nss-legacy/nss-rhel6.config\n\nnss-util\n\n - Rebase to NSS 3.28.4 to accommodate base64 encoding fix\n\n - Rebase to NSS 3.28.3\n\n - Package new header eccutil.h\n\n - Tolerate policy file without last empty line\n\n - Add missing source files\n\n - Rebase to NSS 3.26.0\n\n - Remove upstreamed patch for (CVE-2016-1950)\n\n - Remove p-disable-md5-590364-reversed.patch for bug 1335915", "modified": "2018-07-25T00:00:00", "id": "ORACLEVM_OVMSA-2017-0065.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=99568", "published": "2017-04-21T00:00:00", "title": "OracleVM 3.3 / 3.4 : nss / nss-util (OVMSA-2017-0065)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from OracleVM\n# Security Advisory OVMSA-2017-0065.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(99568);\n script_version(\"3.3\");\n script_cvs_date(\"Date: 2018/07/25 14:27:30\");\n\n script_cve_id(\"CVE-2016-1950\");\n\n script_name(english:\"OracleVM 3.3 / 3.4 : nss / nss-util (OVMSA-2017-0065)\");\n script_summary(english:\"Checks the RPM output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote OracleVM host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote OracleVM system is missing necessary patches to address\ncritical security updates :\n\nnss\n\n - Added nss-vendor.patch to change vendor\n\n - Temporarily disable some tests until expired\n PayPalEE.cert is renewed\n\n - Rebase to 3.28.4\n\n - Fix crash with tstclnt -W\n\n - Adjust gtests to run with our old softoken and\n downstream patches\n\n - Avoid cipher suite ordering change, spotted by Hubert\n Kario\n\n - Rebase to 3.28.3\n\n - Remove upstreamed moz-1282627-rh-1294606.patch,\n moz-1312141-rh-1387811.patch, moz-1315936.patch, and\n moz-1318561.patch\n\n - Remove no longer necessary nss-duplicate-ciphers.patch\n\n - Disable X25519 and exclude tests using it\n\n - Catch failed ASN1 decoding of RSA keys, by Kamil Dudka\n (#1427481)\n\n - Update expired PayPalEE.cert\n\n - Disable unsupported test cases in ssl_gtests\n\n - Adjust the sslstress.txt filename so that it matches\n with the disableSSL2tests patch ported from RHEL 7\n\n - Exclude SHA384 and CHACHA20_POLY1305 ciphersuites from\n stress tests\n\n - Don't add gtests and ssl_gtests to nss_tests, unless\n gtests are enabled\n\n - Add patch to fix SSL CA name leaks, taken from NSS\n 3.27.2 release\n\n - Add patch to fix bash syntax error in tests/ssl.sh\n\n - Add patch to remove duplicate ciphersuites entries in\n sslinfo.c\n\n - Add patch to abort selfserv/strsclnt/tstclnt on\n non-parsable version range\n\n - Build with support for SSLKEYLOGFILE\n\n - Update fix_multiple_open patch to fix regression in\n openldap client\n\n - Remove pk11_genobj_leak patch, which caused crash with\n Firefox\n\n - Add comment in the policy file to preserve the last\n empty line\n\n - Disable SHA384 ciphersuites when\n CKM_TLS12_KEY_AND_MAC_DERIVE is not provided by\n softoken this superseds check_hash_impl patch\n\n - Fix problem in check_hash_impl patch\n\n - Add patch to check if hash algorithms are backed by a\n token\n\n - Add patch to disable\n TLS_ECDHE_[RSA,ECDSA]_WITH_AES_128_CBC_SHA256, which\n have never enabled in the past\n\n - Add upstream patch to fix a crash. Mozilla #1315936\n\n - Disable the use of RSA-PSS with SSL/TLS. #1390161\n\n - Use updated upstream patch for RH bug 1387811\n\n - Added upstream patches to fix RH bugs 1057388, 1294606,\n 1387811\n\n - Enable gtests when requested\n\n - Rebase to NSS 3.27.1\n\n - Remove nss-646045.patch, which is not necessary\n\n - Remove p-disable-md5-590364-reversed.patch, which is\n no-op here, because the patched code is removed later in\n %setup\n\n - Remove disable_hw_gcm.patch, which is no-op here,\n because the patched code is removed later in %setup.\n Also remove NSS_DISABLE_HW_GCM setting, which was only\n required for RHEL 5\n\n - Add Bug-1001841-disable-sslv2-libssl.patch and\n Bug-1001841-disable-sslv2-tests.patch, which completedly\n disable EXPORT ciphersuites. Ported from RHEL 7\n\n - Remove disable-export-suites-tests.patch, which is\n covered by Bug-1001841-disable-sslv2-tests.patch\n\n - Remove nss-ca-2.6-enable-legacy.patch, as we decided to\n not allow 1024 legacy CA certificates\n\n - Remove ssl-server-min-key-sizes.patch, as we decided to\n support DH key size greater than 1023 bits\n\n - Remove nss-init-ss-sec-certs-null.patch, which appears\n to be no-op, as it clears memory area allocated with\n PORT_ZAlloc\n\n - Remove nss-disable-sslv2-libssl.patch,\n nss-disable-sslv2-tests.patch, sslauth-no-v2.patch, and\n nss-sslstress-txt-ssl3-lower-value-in-range.patch as\n SSLv2 is already disabled in upstream\n\n - Remove fix-nss-test-filtering.patch, which is fixed in\n upstream\n\n - Add nss-check-policy-file.patch from Fedora\n\n - Install policy config in\n /etc/pki/nss-legacy/nss-rhel6.config\n\nnss-util\n\n - Rebase to NSS 3.28.4 to accommodate base64 encoding fix\n\n - Rebase to NSS 3.28.3\n\n - Package new header eccutil.h\n\n - Tolerate policy file without last empty line\n\n - Add missing source files\n\n - Rebase to NSS 3.26.0\n\n - Remove upstreamed patch for (CVE-2016-1950)\n\n - Remove p-disable-md5-590364-reversed.patch for bug\n 1335915\"\n );\n # https://oss.oracle.com/pipermail/oraclevm-errata/2017-April/000682.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?3652e035\"\n );\n # https://oss.oracle.com/pipermail/oraclevm-errata/2017-April/000683.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?97bdc28b\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:vm:nss\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:vm:nss-sysinit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:vm:nss-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:vm:nss-util\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:vm_server:3.3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:vm_server:3.4\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/04/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/04/21\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"OracleVM Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleVM/release\", \"Host/OracleVM/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/OracleVM/release\");\nif (isnull(release) || \"OVS\" >!< release) audit(AUDIT_OS_NOT, \"OracleVM\");\nif (! ereg(pattern:\"^OVS\" + \"(3\\.3|3\\.4)\" + \"(\\.[0-9]|$)\", string:release)) audit(AUDIT_OS_NOT, \"OracleVM 3.3 / 3.4\", \"OracleVM \" + release);\nif (!get_kb_item(\"Host/OracleVM/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"OracleVM\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"OVS3.3\", reference:\"nss-3.28.4-1.0.1.el6_9\")) flag++;\nif (rpm_check(release:\"OVS3.3\", reference:\"nss-sysinit-3.28.4-1.0.1.el6_9\")) flag++;\nif (rpm_check(release:\"OVS3.3\", reference:\"nss-tools-3.28.4-1.0.1.el6_9\")) flag++;\nif (rpm_check(release:\"OVS3.3\", reference:\"nss-util-3.28.4-1.el6_9\")) flag++;\n\nif (rpm_check(release:\"OVS3.4\", reference:\"nss-3.28.4-1.0.1.el6_9\")) flag++;\nif (rpm_check(release:\"OVS3.4\", reference:\"nss-sysinit-3.28.4-1.0.1.el6_9\")) flag++;\nif (rpm_check(release:\"OVS3.4\", reference:\"nss-tools-3.28.4-1.0.1.el6_9\")) flag++;\nif (rpm_check(release:\"OVS3.4\", reference:\"nss-util-3.28.4-1.el6_9\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"nss / nss-sysinit / nss-tools / nss-util\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-02-21T01:28:53", "bulletinFamily": "scanner", "description": "New expat packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, 14.2, and -current to fix security issues.", "modified": "2017-09-21T00:00:00", "id": "SLACKWARE_SSA_2016-359-01.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=96092", "published": "2016-12-27T00:00:00", "title": "Slackware 13.0 / 13.1 / 13.37 / 14.0 / 14.1 / 14.2 / current : expat (SSA:2016-359-01)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Slackware Security Advisory 2016-359-01. The text \n# itself is copyright (C) Slackware Linux, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(96092);\n script_version(\"$Revision: 3.2 $\");\n script_cvs_date(\"$Date: 2017/09/21 13:38:14 $\");\n\n script_cve_id(\"CVE-2012-6702\", \"CVE-2015-1283\", \"CVE-2016-0718\", \"CVE-2016-4472\", \"CVE-2016-5300\");\n script_xref(name:\"SSA\", value:\"2016-359-01\");\n\n script_name(english:\"Slackware 13.0 / 13.1 / 13.37 / 14.0 / 14.1 / 14.2 / current : expat (SSA:2016-359-01)\");\n script_summary(english:\"Checks for updated package in /var/log/packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Slackware host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"New expat packages are available for Slackware 13.0, 13.1, 13.37,\n14.0, 14.1, 14.2, and -current to fix security issues.\"\n );\n # http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.567786\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?4e91e6f9\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected expat package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:slackware:slackware_linux:expat\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:13.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:13.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:13.37\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:14.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:14.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:14.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/12/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/12/27\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2017 Tenable Network Security, Inc.\");\n script_family(english:\"Slackware Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Slackware/release\", \"Host/Slackware/packages\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"slackware.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Slackware/release\")) audit(AUDIT_OS_NOT, \"Slackware\");\nif (!get_kb_item(\"Host/Slackware/packages\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Slackware\", cpu);\n\n\nflag = 0;\nif (slackware_check(osver:\"13.0\", pkgname:\"expat\", pkgver:\"2.2.0\", pkgarch:\"i486\", pkgnum:\"1_slack13.0\")) flag++;\nif (slackware_check(osver:\"13.0\", arch:\"x86_64\", pkgname:\"expat\", pkgver:\"2.2.0\", pkgarch:\"x86_64\", pkgnum:\"1_slack13.0\")) flag++;\n\nif (slackware_check(osver:\"13.1\", pkgname:\"expat\", pkgver:\"2.2.0\", pkgarch:\"i486\", pkgnum:\"1_slack13.1\")) flag++;\nif (slackware_check(osver:\"13.1\", arch:\"x86_64\", pkgname:\"expat\", pkgver:\"2.2.0\", pkgarch:\"x86_64\", pkgnum:\"1_slack13.1\")) flag++;\n\nif (slackware_check(osver:\"13.37\", pkgname:\"expat\", pkgver:\"2.2.0\", pkgarch:\"i486\", pkgnum:\"1_slack13.37\")) flag++;\nif (slackware_check(osver:\"13.37\", arch:\"x86_64\", pkgname:\"expat\", pkgver:\"2.2.0\", pkgarch:\"x86_64\", pkgnum:\"1_slack13.37\")) flag++;\n\nif (slackware_check(osver:\"14.0\", pkgname:\"expat\", pkgver:\"2.2.0\", pkgarch:\"i486\", pkgnum:\"1_slack14.0\")) flag++;\nif (slackware_check(osver:\"14.0\", arch:\"x86_64\", pkgname:\"expat\", pkgver:\"2.2.0\", pkgarch:\"x86_64\", pkgnum:\"1_slack14.0\")) flag++;\n\nif (slackware_check(osver:\"14.1\", pkgname:\"expat\", pkgver:\"2.2.0\", pkgarch:\"i486\", pkgnum:\"1_slack14.1\")) flag++;\nif (slackware_check(osver:\"14.1\", arch:\"x86_64\", pkgname:\"expat\", pkgver:\"2.2.0\", pkgarch:\"x86_64\", pkgnum:\"1_slack14.1\")) flag++;\n\nif (slackware_check(osver:\"14.2\", pkgname:\"expat\", pkgver:\"2.2.0\", pkgarch:\"i586\", pkgnum:\"1_slack14.2\")) flag++;\nif (slackware_check(osver:\"14.2\", arch:\"x86_64\", pkgname:\"expat\", pkgver:\"2.2.0\", pkgarch:\"x86_64\", pkgnum:\"1_slack14.2\")) flag++;\n\nif (slackware_check(osver:\"current\", pkgname:\"expat\", pkgver:\"2.2.0\", pkgarch:\"i586\", pkgnum:\"1\")) flag++;\nif (slackware_check(osver:\"current\", arch:\"x86_64\", pkgname:\"expat\", pkgver:\"2.2.0\", pkgarch:\"x86_64\", pkgnum:\"1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:slackware_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}]}