Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.DEBIAN_DLA-202.NASL
HistoryApr 20, 2015 - 12:00 a.m.

Debian DLA-202-1 : wesnoth-1.8 security update

2015-04-2000:00:00
This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
6
JSON

Ignacio R. Morelle discovered that missing path restrictions in the ‘Battle of Wesnoth’ game could result in the disclosure of arbitrary files in the user’s home directory if malicious campaigns/maps are loaded.

For the oldstable distribution (distribution), this problem has been fixed in version 1:1.8.5-1+deb6u1. See DSA-3218-1 for the versions of the other releases.

NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Debian Security Advisory DLA-202-1. The text
# itself is copyright (C) Software in the Public Interest, Inc.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(82860);
  script_version("1.5");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/11");

  script_cve_id("CVE-2015-0844");
  script_bugtraq_id(74047);

  script_name(english:"Debian DLA-202-1 : wesnoth-1.8 security update");
  script_summary(english:"Checks dpkg output for the updated packages.");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Debian host is missing a security update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Ignacio R. Morelle discovered that missing path restrictions in the
'Battle of Wesnoth' game could result in the disclosure of arbitrary
files in the user's home directory if malicious campaigns/maps are
loaded.

For the oldstable distribution (distribution), this problem has been
fixed in version 1:1.8.5-1+deb6u1. See DSA-3218-1 for the versions of
the other releases.

NOTE: Tenable Network Security has extracted the preceding description
block directly from the DLA security advisory. Tenable has attempted
to automatically clean and format it as much as possible without
introducing additional issues."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://lists.debian.org/debian-lts-announce/2015/04/msg00015.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://packages.debian.org/source/squeeze-lts/wesnoth-1.8"
  );
  script_set_attribute(attribute:"solution", value:"Upgrade the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:wesnoth");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:wesnoth-1.8");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:wesnoth-1.8-aoi");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:wesnoth-1.8-core");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:wesnoth-1.8-data");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:wesnoth-1.8-dbg");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:wesnoth-1.8-did");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:wesnoth-1.8-dm");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:wesnoth-1.8-ei");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:wesnoth-1.8-httt");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:wesnoth-1.8-l");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:wesnoth-1.8-low");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:wesnoth-1.8-music");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:wesnoth-1.8-nr");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:wesnoth-1.8-server");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:wesnoth-1.8-sof");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:wesnoth-1.8-sotbe");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:wesnoth-1.8-thot");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:wesnoth-1.8-tools");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:wesnoth-1.8-trow");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:wesnoth-1.8-tsg");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:wesnoth-1.8-ttb");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:wesnoth-1.8-utbs");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:wesnoth-all");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:wesnoth-core");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:wesnoth-editor");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:wesnoth-music");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:6.0");

  script_set_attribute(attribute:"patch_publication_date", value:"2015/04/17");
  script_set_attribute(attribute:"plugin_publication_date", value:"2015/04/20");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Debian Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");

  exit(0);
}


include("audit.inc");
include("debian_package.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);


flag = 0;
if (deb_check(release:"6.0", prefix:"wesnoth", reference:"1:1.8.5-1+deb6u1")) flag++;
if (deb_check(release:"6.0", prefix:"wesnoth-1.8", reference:"1:1.8.5-1+deb6u1")) flag++;
if (deb_check(release:"6.0", prefix:"wesnoth-1.8-aoi", reference:"1:1.8.5-1+deb6u1")) flag++;
if (deb_check(release:"6.0", prefix:"wesnoth-1.8-core", reference:"1:1.8.5-1+deb6u1")) flag++;
if (deb_check(release:"6.0", prefix:"wesnoth-1.8-data", reference:"1:1.8.5-1+deb6u1")) flag++;
if (deb_check(release:"6.0", prefix:"wesnoth-1.8-dbg", reference:"1:1.8.5-1+deb6u1")) flag++;
if (deb_check(release:"6.0", prefix:"wesnoth-1.8-did", reference:"1:1.8.5-1+deb6u1")) flag++;
if (deb_check(release:"6.0", prefix:"wesnoth-1.8-dm", reference:"1:1.8.5-1+deb6u1")) flag++;
if (deb_check(release:"6.0", prefix:"wesnoth-1.8-ei", reference:"1:1.8.5-1+deb6u1")) flag++;
if (deb_check(release:"6.0", prefix:"wesnoth-1.8-httt", reference:"1:1.8.5-1+deb6u1")) flag++;
if (deb_check(release:"6.0", prefix:"wesnoth-1.8-l", reference:"1:1.8.5-1+deb6u1")) flag++;
if (deb_check(release:"6.0", prefix:"wesnoth-1.8-low", reference:"1:1.8.5-1+deb6u1")) flag++;
if (deb_check(release:"6.0", prefix:"wesnoth-1.8-music", reference:"1:1.8.5-1+deb6u1")) flag++;
if (deb_check(release:"6.0", prefix:"wesnoth-1.8-nr", reference:"1:1.8.5-1+deb6u1")) flag++;
if (deb_check(release:"6.0", prefix:"wesnoth-1.8-server", reference:"1:1.8.5-1+deb6u1")) flag++;
if (deb_check(release:"6.0", prefix:"wesnoth-1.8-sof", reference:"1:1.8.5-1+deb6u1")) flag++;
if (deb_check(release:"6.0", prefix:"wesnoth-1.8-sotbe", reference:"1:1.8.5-1+deb6u1")) flag++;
if (deb_check(release:"6.0", prefix:"wesnoth-1.8-thot", reference:"1:1.8.5-1+deb6u1")) flag++;
if (deb_check(release:"6.0", prefix:"wesnoth-1.8-tools", reference:"1:1.8.5-1+deb6u1")) flag++;
if (deb_check(release:"6.0", prefix:"wesnoth-1.8-trow", reference:"1:1.8.5-1+deb6u1")) flag++;
if (deb_check(release:"6.0", prefix:"wesnoth-1.8-tsg", reference:"1:1.8.5-1+deb6u1")) flag++;
if (deb_check(release:"6.0", prefix:"wesnoth-1.8-ttb", reference:"1:1.8.5-1+deb6u1")) flag++;
if (deb_check(release:"6.0", prefix:"wesnoth-1.8-utbs", reference:"1:1.8.5-1+deb6u1")) flag++;
if (deb_check(release:"6.0", prefix:"wesnoth-all", reference:"1:1.8.5-1+deb6u1")) flag++;
if (deb_check(release:"6.0", prefix:"wesnoth-core", reference:"1:1.8.5-1+deb6u1")) flag++;
if (deb_check(release:"6.0", prefix:"wesnoth-editor", reference:"1:1.8.5-1+deb6u1")) flag++;
if (deb_check(release:"6.0", prefix:"wesnoth-music", reference:"1:1.8.5-1+deb6u1")) flag++;

if (flag)
{
  if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());
  else security_warning(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");
VendorProductVersionCPE
debiandebian_linuxwesnothp-cpe:/a:debian:debian_linux:wesnoth
debiandebian_linuxwesnoth-1.8p-cpe:/a:debian:debian_linux:wesnoth-1.8
debiandebian_linuxwesnoth-1.8-aoip-cpe:/a:debian:debian_linux:wesnoth-1.8-aoi
debiandebian_linuxwesnoth-1.8-corep-cpe:/a:debian:debian_linux:wesnoth-1.8-core
debiandebian_linuxwesnoth-1.8-datap-cpe:/a:debian:debian_linux:wesnoth-1.8-data
debiandebian_linuxwesnoth-1.8-dbgp-cpe:/a:debian:debian_linux:wesnoth-1.8-dbg
debiandebian_linuxwesnoth-1.8-didp-cpe:/a:debian:debian_linux:wesnoth-1.8-did
debiandebian_linuxwesnoth-1.8-dmp-cpe:/a:debian:debian_linux:wesnoth-1.8-dm
debiandebian_linuxwesnoth-1.8-eip-cpe:/a:debian:debian_linux:wesnoth-1.8-ei
debiandebian_linuxwesnoth-1.8-htttp-cpe:/a:debian:debian_linux:wesnoth-1.8-httt
Rows per page:
1-10 of 281

Related

fedora 3
securityvulns 2
openvas 7
nessus 5
freebsd 1
debiancve 1
debian 2
prion 1
ubuntucve 1
osv 2
cve 1
mageia 1
fedora
fedora
[SECURITY] Fedora 21 Update: wesnoth-1.12.2-1.fc21
2015-04-26 12:50:07
[SECURITY] Fedora 22 Update: wesnoth-1.12.2-1.fc22
2015-04-21 18:36:13
[SECURITY] Fedora 20 Update: wesnoth-1.12.2-1.fc20
2015-04-26 12:44:55
securityvulns
securityvulns
[SECURITY] [DSA 3218-1] wesnoth-1.10 security update
2015-05-12 00:00:00
Battle of Wesnoth directory traversal
2015-05-12 00:00:00
openvas
openvas
Debian Security Advisory DSA 3218-1 (wesnoth-1.10 - security update)
2015-04-10 00:00:00
Debian: Security Advisory (DSA-3218-1)
2015-04-09 00:00:00
Fedora Update for wesnoth FEDORA-2015-6295
2015-04-27 00:00:00
nessus
nessus
Fedora 20 : wesnoth-1.12.2-1.fc20 (2015-6280)
2015-04-27 00:00:00
Fedora 21 : wesnoth-1.12.2-1.fc21 (2015-6295)
2015-04-27 00:00:00
Debian DSA-3218-1 : wesnoth-1.10 - security update
2015-04-13 00:00:00
freebsd
freebsd
Wesnoth -- Remote information disclosure
2015-04-11 00:00:00
debiancve
debiancve
CVE-2015-0844
2015-04-14 18:59:00
debian
debian
[SECURITY] [DLA 202-1] wesnoth-1.8 security update
2015-04-17 17:39:42
[SECURITY] [DSA 3218-1] wesnoth-1.10 security update
2015-04-10 17:51:50
prion
prion
Design/Logic Flaw
2015-04-14 18:59:00
ubuntucve
ubuntucve
CVE-2015-0844
2015-04-14 00:00:00
osv
osv
wesnoth-1.8 - security update
2015-04-17 00:00:00
wesnoth-1.10 - security update
2015-04-10 00:00:00
cve
cve
CVE-2015-0844
2015-04-14 18:59:00
mageia
mageia
Updated wesnoth packages fix CVE-2015-0844
2015-04-15 12:01:28
JSON
Related for DEBIAN_DLA-202.NASL
fedora3securityvulns2openvas7nessus5freebsd1debiancve1debian2prion1ubuntucve1osv2cve1mageia1