Lucene search
This script is Copyright (C) 2009-2021 and is owned by Tenable, Inc. or an Affiliate thereof.CENTOS_RHSA-2009-1096.NASLHistoryJun 15, 2009 - 12:00 a.m.
CentOS 3 : seamonkey (CESA-2009:1096)
2009-06-1500:00:00
This script is Copyright (C) 2009-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
27
Updated SeaMonkey packages that fix several security issues are now available for Red Hat Enterprise Linux 3 and 4.
This update has been rated as having critical security impact by the Red Hat Security Response Team.
SeaMonkey is an open source Web browser, email and newsgroup client, IRC chat client, and HTML editor.
Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause SeaMonkey to crash or, potentially, execute arbitrary code as the user running SeaMonkey.
(CVE-2009-1392, CVE-2009-1833, CVE-2009-1838, CVE-2009-1841)
A flaw was found in the processing of malformed, local file content.
If a user loaded malicious, local content via the file:// URL, it was possible for that content to access other local data. (CVE-2009-1835)
All SeaMonkey users should upgrade to these updated packages, which correct these issues. After installing the update, SeaMonkey must be restarted for the changes to take effect.
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Red Hat Security Advisory RHSA-2009:1096 and
# CentOS Errata and Security Advisory 2009:1096 respectively.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(39373);
script_version("1.23");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/04");
script_cve_id("CVE-2009-1392", "CVE-2009-1832", "CVE-2009-1833", "CVE-2009-1834", "CVE-2009-1835", "CVE-2009-1836", "CVE-2009-1838", "CVE-2009-1840", "CVE-2009-1841");
script_xref(name:"RHSA", value:"2009:1096");
script_name(english:"CentOS 3 : seamonkey (CESA-2009:1096)");
script_summary(english:"Checks rpm output for the updated packages");
script_set_attribute(
attribute:"synopsis",
value:"The remote CentOS host is missing one or more security updates."
);
script_set_attribute(
attribute:"description",
value:
"Updated SeaMonkey packages that fix several security issues are now
available for Red Hat Enterprise Linux 3 and 4.
This update has been rated as having critical security impact by the
Red Hat Security Response Team.
SeaMonkey is an open source Web browser, email and newsgroup client,
IRC chat client, and HTML editor.
Several flaws were found in the processing of malformed web content. A
web page containing malicious content could cause SeaMonkey to crash
or, potentially, execute arbitrary code as the user running SeaMonkey.
(CVE-2009-1392, CVE-2009-1833, CVE-2009-1838, CVE-2009-1841)
A flaw was found in the processing of malformed, local file content.
If a user loaded malicious, local content via the file:// URL, it was
possible for that content to access other local data. (CVE-2009-1835)
All SeaMonkey users should upgrade to these updated packages, which
correct these issues. After installing the update, SeaMonkey must be
restarted for the changes to take effect."
);
# https://lists.centos.org/pipermail/centos-announce/2009-June/015965.html
script_set_attribute(
attribute:"see_also",
value:"http://www.nessus.org/u?ae4b7ec8"
);
# https://lists.centos.org/pipermail/centos-announce/2009-June/015966.html
script_set_attribute(
attribute:"see_also",
value:"http://www.nessus.org/u?5acb83f3"
);
# https://lists.centos.org/pipermail/centos-announce/2009-June/015967.html
script_set_attribute(
attribute:"see_also",
value:"http://www.nessus.org/u?054c8e71"
);
script_set_attribute(
attribute:"solution",
value:"Update the affected seamonkey packages."
);
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
script_cwe_id(20, 94, 200, 264, 287);
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:seamonkey");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:seamonkey-chat");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:seamonkey-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:seamonkey-dom-inspector");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:seamonkey-js-debugger");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:seamonkey-mail");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:seamonkey-nspr");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:seamonkey-nspr-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:seamonkey-nss");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:seamonkey-nss-devel");
script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:3");
script_set_attribute(attribute:"vuln_publication_date", value:"2009/06/12");
script_set_attribute(attribute:"patch_publication_date", value:"2009/06/12");
script_set_attribute(attribute:"plugin_publication_date", value:"2009/06/15");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2009-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_family(english:"CentOS Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/CentOS/release", "Host/CentOS/rpm-list");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/CentOS/release");
if (isnull(release) || "CentOS" >!< release) audit(AUDIT_OS_NOT, "CentOS");
os_ver = pregmatch(pattern: "CentOS(?: Linux)? release ([0-9]+)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "CentOS");
os_ver = os_ver[1];
if (! preg(pattern:"^3([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "CentOS 3.x", "CentOS " + os_ver);
if (!get_kb_item("Host/CentOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && "ia64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "CentOS", cpu);
flag = 0;
if (rpm_check(release:"CentOS-3", reference:"seamonkey-1.0.9-0.38.el3.centos3")) flag++;
if (rpm_check(release:"CentOS-3", reference:"seamonkey-chat-1.0.9-0.38.el3.centos3")) flag++;
if (rpm_check(release:"CentOS-3", reference:"seamonkey-devel-1.0.9-0.38.el3.centos3")) flag++;
if (rpm_check(release:"CentOS-3", reference:"seamonkey-dom-inspector-1.0.9-0.38.el3.centos3")) flag++;
if (rpm_check(release:"CentOS-3", reference:"seamonkey-js-debugger-1.0.9-0.38.el3.centos3")) flag++;
if (rpm_check(release:"CentOS-3", reference:"seamonkey-mail-1.0.9-0.38.el3.centos3")) flag++;
if (rpm_check(release:"CentOS-3", reference:"seamonkey-nspr-1.0.9-0.38.el3.centos3")) flag++;
if (rpm_check(release:"CentOS-3", reference:"seamonkey-nspr-devel-1.0.9-0.38.el3.centos3")) flag++;
if (rpm_check(release:"CentOS-3", reference:"seamonkey-nss-1.0.9-0.38.el3.centos3")) flag++;
if (rpm_check(release:"CentOS-3", reference:"seamonkey-nss-devel-1.0.9-0.38.el3.centos3")) flag++;
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_HOLE,
extra : rpm_report_get()
);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "seamonkey / seamonkey-chat / seamonkey-devel / etc");
}
| Vendor | Product | Version | CPE |
|---|---|---|---|
| centos | centos | seamonkey | p-cpe:/a:centos:centos:seamonkey |
| centos | centos | seamonkey-chat | p-cpe:/a:centos:centos:seamonkey-chat |
| centos | centos | seamonkey-devel | p-cpe:/a:centos:centos:seamonkey-devel |
| centos | centos | seamonkey-dom-inspector | p-cpe:/a:centos:centos:seamonkey-dom-inspector |
| centos | centos | seamonkey-js-debugger | p-cpe:/a:centos:centos:seamonkey-js-debugger |
| centos | centos | seamonkey-mail | p-cpe:/a:centos:centos:seamonkey-mail |
| centos | centos | seamonkey-nspr | p-cpe:/a:centos:centos:seamonkey-nspr |
| centos | centos | seamonkey-nspr-devel | p-cpe:/a:centos:centos:seamonkey-nspr-devel |
| centos | centos | seamonkey-nss | p-cpe:/a:centos:centos:seamonkey-nss |
| centos | centos | seamonkey-nss-devel | p-cpe:/a:centos:centos:seamonkey-nss-devel |
References
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1392
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1832
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1833
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1834
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1835
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1836
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1838
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1840
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1841
www.nessus.org/u?054c8e71
www.nessus.org/u?5acb83f3
www.nessus.org/u?ae4b7ec8
Related
openvas
openvas
Mozilla Seamonkey Multiple Vulnerabilities (Jun 2009) - Linux
2009-06-16 00:00:00
Mozilla Seamonkey Multiple Vulnerability Jun-09 (Linux)
2009-06-16 00:00:00
Mozilla Seamonkey Multiple Vulnerability Jun-09 (Windows)
2009-06-16 00:00:00
nessus
nessus
Oracle Linux 3 / 4 : seamonkey (ELSA-2009-1096)
2013-07-12 00:00:00
Debian DSA-1820-1 : xulrunner - several vulnerabilities
2009-06-19 00:00:00
openSUSE Security Update : MozillaFirefox (MozillaFirefox-1000)
2009-07-21 00:00:00
fedora
fedora
[SECURITY] Fedora 10 Update: epiphany-extensions-2.24.3-2.fc10
2009-06-16 02:20:19
[SECURITY] Fedora 9 Update: chmsee-1.0.1-13.fc9
2009-06-16 02:33:47
[SECURITY] Fedora 9 Update: firefox-3.0.11-1.fc9
2009-06-16 02:33:47
securityvulns
securityvulns
Mozilla Firefox multiple security vulnerabilities
2009-06-14 00:00:00
Mozilla Foundation Security Advisory 2009-24
2009-06-14 00:00:00
Mozilla Foundation Security Advisory 2009-32
2009-06-14 00:00:00
oraclelinux
oraclelinux
firefox security update
2009-06-12 00:00:00
seamonkey security update
2009-06-12 00:00:00
thunderbird security update
2009-06-25 00:00:00
centos
centos
firefox, xulrunner security update
2009-06-19 11:07:44
seamonkey security update
2009-06-12 21:25:45
thunderbird security update
2009-06-26 14:08:25
ubuntu
ubuntu
Firefox and Xulrunner vulnerabilities
2009-06-12 00:00:00
Thunderbird vulnerabilities
2009-06-25 00:00:00
debian
debian
[SECURITY] [DSA 1820-1] New xulrunner packages fix several vulnerabilities
2009-06-18 14:13:03
[SECURITY] [DSA 1830-1] New icedove packages fix several vulnerabilities
2009-07-12 11:21:02
redhat
redhat
(RHSA-2009:1095) Critical: firefox security update
2009-06-11 00:00:00
(RHSA-2009:1096) Critical: seamonkey security update
2009-06-11 00:00:00
(RHSA-2009:1126) Moderate: thunderbird security update
2009-06-25 00:00:00
osv
osv
xulrunner - several vulnerabilities
2009-06-18 00:00:00
icedove - several vulnerabilities
2009-07-12 00:00:00
suse
suse
remote code execution in MozillaFirefox
2009-06-16 16:38:22
freebsd
freebsd
mozilla -- multiple vulnerabilities
2009-06-11 00:00:00
mozilla
mozilla
Crashes with evidence of memory corruption (rv:1.9.0.11) — Mozilla
2009-06-11 00:00:00
JavaScript chrome privilege escalation — Mozilla
2009-06-11 00:00:00
XUL scripts bypass content-policy checks — Mozilla
2009-06-11 00:00:00
seebug
seebug
Mozilla Firefox和SeaMonkey JavaScript Chrome特权提升漏洞
2009-06-18 00:00:00
prion
prion
Design/Logic Flaw
2009-06-12 21:30:00
Design/Logic Flaw
2009-06-12 21:30:00
Memory corruption
2009-06-12 21:30:00
checkpoint_advisories
checkpoint_advisories
Update Protection against Mozilla Firefox Browser Engine Memory Corruption
2010-03-25 00:00:00
Protection against Mozilla Firefox SSL Tampering via non-200 Responses to Proxy CONNECT Requests
2009-07-06 00:00:00
Mozilla Firefox Browser CSS style Engine Memory Corruption (CVE-2009-1392)
2010-07-25 00:00:00
ubuntucve
ubuntucve
veracode
veracode
Arbitrary Code Execution
2020-04-10 00:33:03
Arbitrary Code Execution
2020-04-10 00:33:44
Privilege Escalation
2020-04-10 00:33:52
cve
cve
Related for CENTOS_RHSA-2009-1096.NASL