ID DEBIAN_DLA-49.NASL Type nessus Reporter Tenable Modified 2018-11-28T00:00:00
Description
During a review for EDF, Raphael Geissert discovered that the
acpi-support package did not properly handle data obtained from a
user's environment.
NOTE: Tenable Network Security has extracted the preceding description
block directly from the DLA security advisory. Tenable has attempted
to automatically clean and format it as much as possible without
introducing additional issues.
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Debian Security Advisory DLA-49-1. The text
# itself is copyright (C) Software in the Public Interest, Inc.
#
include("compat.inc");
if (description)
{
script_id(82196);
script_version("1.3");
script_cvs_date("Date: 2018/11/28 22:47:42");
script_cve_id("CVE-2014-0484");
script_bugtraq_id(69730);
script_name(english:"Debian DLA-49-1 : acpi-support security update");
script_summary(english:"Checks dpkg output for the updated packages.");
script_set_attribute(
attribute:"synopsis",
value:"The remote Debian host is missing a security update."
);
script_set_attribute(
attribute:"description",
value:
"During a review for EDF, Raphael Geissert discovered that the
acpi-support package did not properly handle data obtained from a
user's environment.
NOTE: Tenable Network Security has extracted the preceding description
block directly from the DLA security advisory. Tenable has attempted
to automatically clean and format it as much as possible without
introducing additional issues."
);
script_set_attribute(
attribute:"see_also",
value:"https://lists.debian.org/debian-lts-announce/2014/09/msg00012.html"
);
script_set_attribute(
attribute:"see_also",
value:"https://packages.debian.org/source/squeeze-lts/acpi-support"
);
script_set_attribute(attribute:"solution", value:"Upgrade the affected packages.");
script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:acpi-fakekey");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:acpi-support");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:acpi-support-base");
script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:6.0");
script_set_attribute(attribute:"patch_publication_date", value:"2014/09/17");
script_set_attribute(attribute:"plugin_publication_date", value:"2015/03/26");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2015-2018 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_family(english:"Debian Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");
exit(0);
}
include("audit.inc");
include("debian_package.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);
flag = 0;
if (deb_check(release:"6.0", prefix:"acpi-fakekey", reference:"0.137-5+deb6u2")) flag++;
if (deb_check(release:"6.0", prefix:"acpi-support", reference:"0.137-5+deb6u2")) flag++;
if (deb_check(release:"6.0", prefix:"acpi-support-base", reference:"0.137-5+deb6u2")) flag++;
if (flag)
{
if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());
else security_hole(0);
exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");
{"id": "DEBIAN_DLA-49.NASL", "bulletinFamily": "scanner", "title": "Debian DLA-49-1 : acpi-support security update", "description": "During a review for EDF, Raphael Geissert discovered that the\nacpi-support package did not properly handle data obtained from a\nuser's environment.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.", "published": "2015-03-26T00:00:00", "modified": "2018-11-28T00:00:00", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=82196", "reporter": "Tenable", "references": ["https://packages.debian.org/source/squeeze-lts/acpi-support", "https://lists.debian.org/debian-lts-announce/2014/09/msg00012.html"], "cvelist": ["CVE-2014-0484"], "type": "nessus", "lastseen": "2019-01-16T20:21:08", "history": [{"bulletin": {"bulletinFamily": "scanner", "cpe": ["cpe:/o:debian:debian_linux:6.0", "p-cpe:/a:debian:debian_linux:acpi-fakekey", "p-cpe:/a:debian:debian_linux:acpi-support-base", "p-cpe:/a:debian:debian_linux:acpi-support"], "cvelist": ["CVE-2014-0484"], "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "description": "During a review for EDF, Raphael Geissert discovered that the acpi-support package did not properly handle data obtained from a user's environment.\n\nNOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "edition": 5, "enchantments": {"score": {"value": 2.1, "vector": "NONE"}}, "hash": "f751d86b06439e43807ed8e63a7dc1e4faadeb206da7df176139bfc39980c2ae", "hashmap": [{"hash": "c7a8931717203ca6ed5b37edf2b9e00e", "key": "cvelist"}, {"hash": "cfd16da9581e0c21db590e40dfd9e493", "key": "cvss"}, {"hash": "9b3b6525ec69443d468bbe9da2662aa9", "key": "href"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "38d05dc218509df845a5bae799f1b083", "key": "sourceData"}, {"hash": "792489f4666a491ab32d8a839a006cc3", "key": "references"}, {"hash": "e4e8c7b29a744ebb9ae927cba17934da", "key": "title"}, {"hash": "66c37212f6e0f8cdf5bb6e25daaf5f09", "key": "pluginID"}, {"hash": "2fca5e86525cfc098a06ed6ee192e3e9", "key": "cpe"}, {"hash": "b04cb1ee3e32672ef56c470342308d5f", "key": "published"}, {"hash": "460b12446c99e9f96de9e7fe92f5d167", "key": "modified"}, {"hash": "93a4448e24fe07b06ca42fd1263a3ce7", "key": "description"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "74562d71b087df9eabd0c21f99b132cc", "key": "naslFamily"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=82196", "id": "DEBIAN_DLA-49.NASL", "lastseen": "2018-11-29T19:35:02", "modified": "2018-11-28T00:00:00", "naslFamily": "Debian Local Security Checks", "objectVersion": "1.3", "pluginID": "82196", "published": "2015-03-26T00:00:00", "references": ["https://packages.debian.org/source/squeeze-lts/acpi-support", "https://lists.debian.org/debian-lts-announce/2014/09/msg00012.html"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-49-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(82196);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2018/11/28 22:47:42\");\n\n script_cve_id(\"CVE-2014-0484\");\n script_bugtraq_id(69730);\n\n script_name(english:\"Debian DLA-49-1 : acpi-support security update\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"During a review for EDF, Raphael Geissert discovered that the\nacpi-support package did not properly handle data obtained from a\nuser's environment.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2014/09/msg00012.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/squeeze-lts/acpi-support\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:acpi-fakekey\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:acpi-support\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:acpi-support-base\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:6.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/09/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/03/26\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"6.0\", prefix:\"acpi-fakekey\", reference:\"0.137-5+deb6u2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"acpi-support\", reference:\"0.137-5+deb6u2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"acpi-support-base\", reference:\"0.137-5+deb6u2\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "title": "Debian DLA-49-1 : acpi-support security update", "type": "nessus", "viewCount": 0}, "differentElements": ["description"], "edition": 5, "lastseen": "2018-11-29T19:35:02"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["cpe:/o:debian:debian_linux:6.0", "p-cpe:/a:debian:debian_linux:acpi-fakekey", "p-cpe:/a:debian:debian_linux:acpi-support-base", "p-cpe:/a:debian:debian_linux:acpi-support"], "cvelist": ["CVE-2014-0484"], "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "description": "During a review for EDF, Raphael Geissert discovered that the acpi-support package did not properly handle data obtained from a user's environment.\n\nNOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "edition": 2, "enchantments": {"score": {"value": 2.1, "vector": "NONE"}}, "hash": "69762259b50972dc7ad58fda19b271217f319f3ef6e536b4f7ad363cadbe2c34", "hashmap": [{"hash": "c7a8931717203ca6ed5b37edf2b9e00e", "key": "cvelist"}, {"hash": "cfd16da9581e0c21db590e40dfd9e493", "key": "cvss"}, {"hash": "9b3b6525ec69443d468bbe9da2662aa9", "key": "href"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "792489f4666a491ab32d8a839a006cc3", "key": "references"}, {"hash": "e4e8c7b29a744ebb9ae927cba17934da", "key": "title"}, {"hash": "66c37212f6e0f8cdf5bb6e25daaf5f09", "key": "pluginID"}, {"hash": "2fca5e86525cfc098a06ed6ee192e3e9", "key": "cpe"}, {"hash": "b04cb1ee3e32672ef56c470342308d5f", "key": "published"}, {"hash": "93a4448e24fe07b06ca42fd1263a3ce7", "key": "description"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "9b5b3dc446c7e541dbfd4dddbe1db6da", "key": "modified"}, {"hash": "32cb2eb72bbb38ea2783e8de3ffc672c", "key": "sourceData"}, {"hash": "74562d71b087df9eabd0c21f99b132cc", "key": "naslFamily"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=82196", "id": "DEBIAN_DLA-49.NASL", "lastseen": "2017-10-29T13:41:17", "modified": "2015-12-02T00:00:00", "naslFamily": "Debian Local Security Checks", "objectVersion": "1.3", "pluginID": "82196", "published": "2015-03-26T00:00:00", "references": ["https://packages.debian.org/source/squeeze-lts/acpi-support", "https://lists.debian.org/debian-lts-announce/2014/09/msg00012.html"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-49-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(82196);\n script_version(\"$Revision: 1.2 $\");\n script_cvs_date(\"$Date: 2015/12/02 20:16:13 $\");\n\n script_cve_id(\"CVE-2014-0484\");\n script_bugtraq_id(69730);\n\n script_name(english:\"Debian DLA-49-1 : acpi-support security update\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"During a review for EDF, Raphael Geissert discovered that the\nacpi-support package did not properly handle data obtained from a\nuser's environment.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2014/09/msg00012.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/squeeze-lts/acpi-support\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:acpi-fakekey\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:acpi-support\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:acpi-support-base\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:6.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/09/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/03/26\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015 Tenable Network Security, Inc.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"6.0\", prefix:\"acpi-fakekey\", reference:\"0.137-5+deb6u2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"acpi-support\", reference:\"0.137-5+deb6u2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"acpi-support-base\", reference:\"0.137-5+deb6u2\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "title": "Debian DLA-49-1 : acpi-support security update", "type": "nessus", "viewCount": 0}, "differentElements": ["cvss"], "edition": 2, "lastseen": "2017-10-29T13:41:17"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": [], "cvelist": ["CVE-2014-0484"], "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "description": "During a review for EDF, Raphael Geissert discovered that the acpi-support package did not properly handle data obtained from a user's environment.\n\nNOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "edition": 1, "enchantments": {}, "hash": "f0871e4d82eb9c9a013068362a220b6feba4d6bd79c8491eb6f982b1ff317adf", "hashmap": [{"hash": "c7a8931717203ca6ed5b37edf2b9e00e", "key": "cvelist"}, {"hash": "cfd16da9581e0c21db590e40dfd9e493", "key": "cvss"}, {"hash": "9b3b6525ec69443d468bbe9da2662aa9", "key": "href"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "792489f4666a491ab32d8a839a006cc3", "key": "references"}, {"hash": "e4e8c7b29a744ebb9ae927cba17934da", "key": "title"}, {"hash": "66c37212f6e0f8cdf5bb6e25daaf5f09", "key": "pluginID"}, {"hash": "b04cb1ee3e32672ef56c470342308d5f", "key": "published"}, {"hash": "93a4448e24fe07b06ca42fd1263a3ce7", "key": "description"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "9b5b3dc446c7e541dbfd4dddbe1db6da", "key": "modified"}, {"hash": "32cb2eb72bbb38ea2783e8de3ffc672c", "key": "sourceData"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe"}, {"hash": "74562d71b087df9eabd0c21f99b132cc", "key": "naslFamily"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=82196", "id": "DEBIAN_DLA-49.NASL", "lastseen": "2016-09-26T17:25:29", "modified": "2015-12-02T00:00:00", "naslFamily": "Debian Local Security Checks", "objectVersion": "1.2", "pluginID": "82196", "published": "2015-03-26T00:00:00", "references": ["https://packages.debian.org/source/squeeze-lts/acpi-support", "https://lists.debian.org/debian-lts-announce/2014/09/msg00012.html"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-49-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(82196);\n script_version(\"$Revision: 1.2 $\");\n script_cvs_date(\"$Date: 2015/12/02 20:16:13 $\");\n\n script_cve_id(\"CVE-2014-0484\");\n script_bugtraq_id(69730);\n\n script_name(english:\"Debian DLA-49-1 : acpi-support security update\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"During a review for EDF, Raphael Geissert discovered that the\nacpi-support package did not properly handle data obtained from a\nuser's environment.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2014/09/msg00012.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/squeeze-lts/acpi-support\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:acpi-fakekey\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:acpi-support\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:acpi-support-base\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:6.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/09/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/03/26\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015 Tenable Network Security, Inc.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"6.0\", prefix:\"acpi-fakekey\", reference:\"0.137-5+deb6u2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"acpi-support\", reference:\"0.137-5+deb6u2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"acpi-support-base\", reference:\"0.137-5+deb6u2\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "title": "Debian DLA-49-1 : acpi-support security update", "type": "nessus", "viewCount": 0}, "differentElements": ["cpe"], "edition": 1, "lastseen": "2016-09-26T17:25:29"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["cpe:/o:debian:debian_linux:6.0", "p-cpe:/a:debian:debian_linux:acpi-fakekey", "p-cpe:/a:debian:debian_linux:acpi-support-base", "p-cpe:/a:debian:debian_linux:acpi-support"], "cvelist": ["CVE-2014-0484"], "cvss": {"score": 0.0, "vector": "NONE"}, "description": "During a review for EDF, Raphael Geissert discovered that the acpi-support package did not properly handle data obtained from a user's environment.\n\nNOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "edition": 3, "enchantments": {"score": {"value": 2.1, "vector": "NONE"}}, "hash": "81f3a634be8ef2ded7cc4b0ee194f93e3440159c635a38b218de6fb257de3f65", "hashmap": [{"hash": "c7a8931717203ca6ed5b37edf2b9e00e", "key": "cvelist"}, {"hash": "9b3b6525ec69443d468bbe9da2662aa9", "key": "href"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "792489f4666a491ab32d8a839a006cc3", "key": "references"}, {"hash": "e4e8c7b29a744ebb9ae927cba17934da", "key": "title"}, {"hash": "66c37212f6e0f8cdf5bb6e25daaf5f09", "key": "pluginID"}, {"hash": "2fca5e86525cfc098a06ed6ee192e3e9", "key": "cpe"}, {"hash": "b04cb1ee3e32672ef56c470342308d5f", "key": "published"}, {"hash": "93a4448e24fe07b06ca42fd1263a3ce7", "key": "description"}, {"hash": "8cd4821cb504d25572038ed182587d85", "key": "cvss"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "9b5b3dc446c7e541dbfd4dddbe1db6da", "key": "modified"}, {"hash": "32cb2eb72bbb38ea2783e8de3ffc672c", "key": "sourceData"}, {"hash": "74562d71b087df9eabd0c21f99b132cc", "key": "naslFamily"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=82196", "id": "DEBIAN_DLA-49.NASL", "lastseen": "2018-08-30T19:49:05", "modified": "2015-12-02T00:00:00", "naslFamily": "Debian Local Security Checks", "objectVersion": "1.3", "pluginID": "82196", "published": "2015-03-26T00:00:00", "references": ["https://packages.debian.org/source/squeeze-lts/acpi-support", "https://lists.debian.org/debian-lts-announce/2014/09/msg00012.html"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-49-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(82196);\n script_version(\"$Revision: 1.2 $\");\n script_cvs_date(\"$Date: 2015/12/02 20:16:13 $\");\n\n script_cve_id(\"CVE-2014-0484\");\n script_bugtraq_id(69730);\n\n script_name(english:\"Debian DLA-49-1 : acpi-support security update\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"During a review for EDF, Raphael Geissert discovered that the\nacpi-support package did not properly handle data obtained from a\nuser's environment.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2014/09/msg00012.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/squeeze-lts/acpi-support\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:acpi-fakekey\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:acpi-support\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:acpi-support-base\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:6.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/09/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/03/26\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015 Tenable Network Security, Inc.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"6.0\", prefix:\"acpi-fakekey\", reference:\"0.137-5+deb6u2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"acpi-support\", reference:\"0.137-5+deb6u2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"acpi-support-base\", reference:\"0.137-5+deb6u2\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "title": "Debian DLA-49-1 : acpi-support security update", "type": "nessus", "viewCount": 0}, "differentElements": ["cvss"], "edition": 3, "lastseen": "2018-08-30T19:49:05"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["cpe:/o:debian:debian_linux:6.0", "p-cpe:/a:debian:debian_linux:acpi-fakekey", "p-cpe:/a:debian:debian_linux:acpi-support-base", "p-cpe:/a:debian:debian_linux:acpi-support"], "cvelist": ["CVE-2014-0484"], "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "description": "During a review for EDF, Raphael Geissert discovered that the acpi-support package did not properly handle data obtained from a user's environment.\n\nNOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "edition": 4, "enchantments": {"score": {"value": 2.1, "vector": "NONE"}}, "hash": "69762259b50972dc7ad58fda19b271217f319f3ef6e536b4f7ad363cadbe2c34", "hashmap": [{"hash": "c7a8931717203ca6ed5b37edf2b9e00e", "key": "cvelist"}, {"hash": "cfd16da9581e0c21db590e40dfd9e493", "key": "cvss"}, {"hash": "9b3b6525ec69443d468bbe9da2662aa9", "key": "href"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "792489f4666a491ab32d8a839a006cc3", "key": "references"}, {"hash": "e4e8c7b29a744ebb9ae927cba17934da", "key": "title"}, {"hash": "66c37212f6e0f8cdf5bb6e25daaf5f09", "key": "pluginID"}, {"hash": "2fca5e86525cfc098a06ed6ee192e3e9", "key": "cpe"}, {"hash": "b04cb1ee3e32672ef56c470342308d5f", "key": "published"}, {"hash": "93a4448e24fe07b06ca42fd1263a3ce7", "key": "description"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "9b5b3dc446c7e541dbfd4dddbe1db6da", "key": "modified"}, {"hash": "32cb2eb72bbb38ea2783e8de3ffc672c", "key": "sourceData"}, {"hash": "74562d71b087df9eabd0c21f99b132cc", "key": "naslFamily"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=82196", "id": "DEBIAN_DLA-49.NASL", "lastseen": "2018-09-01T23:56:05", "modified": "2015-12-02T00:00:00", "naslFamily": "Debian Local Security Checks", "objectVersion": "1.3", "pluginID": "82196", "published": "2015-03-26T00:00:00", "references": ["https://packages.debian.org/source/squeeze-lts/acpi-support", "https://lists.debian.org/debian-lts-announce/2014/09/msg00012.html"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-49-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(82196);\n script_version(\"$Revision: 1.2 $\");\n script_cvs_date(\"$Date: 2015/12/02 20:16:13 $\");\n\n script_cve_id(\"CVE-2014-0484\");\n script_bugtraq_id(69730);\n\n script_name(english:\"Debian DLA-49-1 : acpi-support security update\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"During a review for EDF, Raphael Geissert discovered that the\nacpi-support package did not properly handle data obtained from a\nuser's environment.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2014/09/msg00012.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/squeeze-lts/acpi-support\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:acpi-fakekey\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:acpi-support\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:acpi-support-base\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:6.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/09/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/03/26\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015 Tenable Network Security, Inc.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"6.0\", prefix:\"acpi-fakekey\", reference:\"0.137-5+deb6u2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"acpi-support\", reference:\"0.137-5+deb6u2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"acpi-support-base\", reference:\"0.137-5+deb6u2\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "title": "Debian DLA-49-1 : acpi-support security update", "type": "nessus", "viewCount": 0}, "differentElements": ["modified", "sourceData"], "edition": 4, "lastseen": "2018-09-01T23:56:05"}], "edition": 6, "hashmap": [{"key": "bulletinFamily", "hash": "bbdaea376f500d25f6b0c1050311dd07"}, {"key": "cpe", "hash": "2fca5e86525cfc098a06ed6ee192e3e9"}, {"key": "cvelist", "hash": "c7a8931717203ca6ed5b37edf2b9e00e"}, {"key": "cvss", "hash": "cfd16da9581e0c21db590e40dfd9e493"}, {"key": "description", "hash": "bc33a6ced608006163419adf149fd32c"}, {"key": "href", "hash": "9b3b6525ec69443d468bbe9da2662aa9"}, {"key": "modified", "hash": "460b12446c99e9f96de9e7fe92f5d167"}, {"key": "naslFamily", "hash": "74562d71b087df9eabd0c21f99b132cc"}, {"key": "pluginID", "hash": "66c37212f6e0f8cdf5bb6e25daaf5f09"}, {"key": "published", "hash": "b04cb1ee3e32672ef56c470342308d5f"}, {"key": "references", "hash": "792489f4666a491ab32d8a839a006cc3"}, {"key": "reporter", "hash": "9cf00d658b687f030ebe173a0528c567"}, {"key": "sourceData", "hash": "38d05dc218509df845a5bae799f1b083"}, {"key": "title", "hash": "e4e8c7b29a744ebb9ae927cba17934da"}, {"key": "type", "hash": "5e0bd03bec244039678f2b955a2595aa"}], "hash": "da913df858afa7c8fa174b81f6b1701ccb31634f4892fe8e9990b7e3c42d7cae", "viewCount": 0, "enchantments": {"score": {"value": 2.1, "vector": "NONE"}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2014-0484"]}, {"type": "openvas", "idList": ["OPENVAS:703020", "OPENVAS:1361412562310703020"]}, {"type": "debian", "idList": ["DEBIAN:DLA-49-1:9749F", "DEBIAN:DSA-3020-1:95B46"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:31081", "SECURITYVULNS:VULN:13906"]}, {"type": "nessus", "idList": ["DEBIAN_DSA-3020.NASL"]}], "modified": "2019-01-16T20:21:08"}, "vulnersScore": 2.1}, "objectVersion": "1.3", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-49-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(82196);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2018/11/28 22:47:42\");\n\n script_cve_id(\"CVE-2014-0484\");\n script_bugtraq_id(69730);\n\n script_name(english:\"Debian DLA-49-1 : acpi-support security update\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"During a review for EDF, Raphael Geissert discovered that the\nacpi-support package did not properly handle data obtained from a\nuser's environment.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2014/09/msg00012.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/squeeze-lts/acpi-support\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:acpi-fakekey\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:acpi-support\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:acpi-support-base\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:6.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/09/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/03/26\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"6.0\", prefix:\"acpi-fakekey\", reference:\"0.137-5+deb6u2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"acpi-support\", reference:\"0.137-5+deb6u2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"acpi-support-base\", reference:\"0.137-5+deb6u2\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "naslFamily": "Debian Local Security Checks", "pluginID": "82196", "cpe": ["cpe:/o:debian:debian_linux:6.0", "p-cpe:/a:debian:debian_linux:acpi-fakekey", "p-cpe:/a:debian:debian_linux:acpi-support-base", "p-cpe:/a:debian:debian_linux:acpi-support"]}
{"cve": [{"lastseen": "2016-09-03T19:52:02", "bulletinFamily": "NVD", "description": "The Debian acpi-support package before 0.140-5+deb7u3 allows local users to gain privileges via vectors related to the \"user's environment.\"", "modified": "2014-09-24T14:50:33", "published": "2014-09-22T11:55:07", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0484", "id": "CVE-2014-0484", "title": "CVE-2014-0484", "type": "cve", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "openvas": [{"lastseen": "2017-08-01T10:48:41", "bulletinFamily": "scanner", "description": "During a review for EDF, Raphael Geissert discovered that the\nacpi-support package did not properly handle data obtained from a\nuser", "modified": "2017-07-17T00:00:00", "published": "2014-09-10T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=703020", "id": "OPENVAS:703020", "title": "Debian Security Advisory DSA 3020-1 (acpi-support - security update)", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3020.nasl 6735 2017-07-17 09:56:49Z teissa $\n# Auto-generated from advisory DSA 3020-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2014 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_id(703020);\n script_version(\"$Revision: 6735 $\");\n script_cve_id(\"CVE-2014-0484\");\n script_name(\"Debian Security Advisory DSA 3020-1 (acpi-support - security update)\");\n script_tag(name: \"last_modification\", value:\"$Date: 2017-07-17 11:56:49 +0200 (Mon, 17 Jul 2017) $\");\n script_tag(name: \"creation_date\", value:\"2014-09-10 00:00:00 +0200 (Wed, 10 Sep 2014)\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_xref(name: \"URL\", value: \"http://www.debian.org/security/2014/dsa-3020.html\");\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2014 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name: \"affected\", value: \"acpi-support on Debian Linux\");\n script_tag(name: \"insight\", value: \"This package contains scripts to react to various ACPI events. It only\nincludes scripts for events that can be supported with some level of\nsafety cross platform.\");\n script_tag(name: \"solution\", value: \"For the stable distribution (wheezy), this problem has been fixed in\nversion 0.140-5+deb7u3.\n\nFor the testing distribution (jessie), and the unstable distribution (sid)\nthis problem will be fixed soon.\n\nWe recommend that you upgrade your acpi-support packages.\");\n script_tag(name: \"summary\", value: \"During a review for EDF, Raphael Geissert discovered that the\nacpi-support package did not properly handle data obtained from a\nuser's environment. This could lead to program malfunction or allow a\nlocal user to escalate privileges to the root user due to a programming\nerror.\");\n script_tag(name: \"vuldetect\", value: \"This check tests the installed software version using the apt package manager.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\nexit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"acpi-fakekey\", ver:\"0.140-5+deb7u3\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"acpi-support\", ver:\"0.140-5+deb7u3\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"acpi-support-base\", ver:\"0.140-5+deb7u3\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"acpi-fakekey\", ver:\"0.140-5+deb7u3\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"acpi-support\", ver:\"0.140-5+deb7u3\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"acpi-support-base\", ver:\"0.140-5+deb7u3\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"acpi-fakekey\", ver:\"0.140-5+deb7u3\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"acpi-support\", ver:\"0.140-5+deb7u3\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"acpi-support-base\", ver:\"0.140-5+deb7u3\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"acpi-fakekey\", ver:\"0.140-5+deb7u3\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"acpi-support\", ver:\"0.140-5+deb7u3\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"acpi-support-base\", ver:\"0.140-5+deb7u3\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-01T23:54:23", "bulletinFamily": "scanner", "description": "During a review for EDF, Raphael Geissert discovered that the\nacpi-support package did not properly handle data obtained from a\nuser", "modified": "2018-04-06T00:00:00", "published": "2014-09-10T00:00:00", "id": "OPENVAS:1361412562310703020", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310703020", "title": "Debian Security Advisory DSA 3020-1 (acpi-support - security update)", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3020.nasl 9354 2018-04-06 07:15:32Z cfischer $\n# Auto-generated from advisory DSA 3020-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2014 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.703020\");\n script_version(\"$Revision: 9354 $\");\n script_cve_id(\"CVE-2014-0484\");\n script_name(\"Debian Security Advisory DSA 3020-1 (acpi-support - security update)\");\n script_tag(name: \"last_modification\", value:\"$Date: 2018-04-06 09:15:32 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name: \"creation_date\", value:\"2014-09-10 00:00:00 +0200 (Wed, 10 Sep 2014)\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_xref(name: \"URL\", value: \"http://www.debian.org/security/2014/dsa-3020.html\");\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2014 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name: \"affected\", value: \"acpi-support on Debian Linux\");\n script_tag(name: \"insight\", value: \"This package contains scripts to react to various ACPI events. It only\nincludes scripts for events that can be supported with some level of\nsafety cross platform.\");\n script_tag(name: \"solution\", value: \"For the stable distribution (wheezy), this problem has been fixed in\nversion 0.140-5+deb7u3.\n\nFor the testing distribution (jessie), and the unstable distribution (sid)\nthis problem will be fixed soon.\n\nWe recommend that you upgrade your acpi-support packages.\");\n script_tag(name: \"summary\", value: \"During a review for EDF, Raphael Geissert discovered that the\nacpi-support package did not properly handle data obtained from a\nuser's environment. This could lead to program malfunction or allow a\nlocal user to escalate privileges to the root user due to a programming\nerror.\");\n script_tag(name: \"vuldetect\", value: \"This check tests the installed software version using the apt package manager.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\nexit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"acpi-fakekey\", ver:\"0.140-5+deb7u3\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"acpi-support\", ver:\"0.140-5+deb7u3\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"acpi-support-base\", ver:\"0.140-5+deb7u3\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"acpi-fakekey\", ver:\"0.140-5+deb7u3\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"acpi-support\", ver:\"0.140-5+deb7u3\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"acpi-support-base\", ver:\"0.140-5+deb7u3\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"acpi-fakekey\", ver:\"0.140-5+deb7u3\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"acpi-support\", ver:\"0.140-5+deb7u3\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"acpi-support-base\", ver:\"0.140-5+deb7u3\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"acpi-fakekey\", ver:\"0.140-5+deb7u3\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"acpi-support\", ver:\"0.140-5+deb7u3\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"acpi-support-base\", ver:\"0.140-5+deb7u3\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "debian": [{"lastseen": "2018-10-16T22:12:49", "bulletinFamily": "unix", "description": "Package : acpi-support\nVersion : 0.137-5+deb6u2\nCVE ID : CVE-2014-0484\n\nDuring a review for EDF, Raphael Geissert discovered that the\nacpi-support package did not properly handle data obtained from a\nuser's environment.\n", "modified": "2014-09-17T06:21:30", "published": "2014-09-17T06:21:30", "id": "DEBIAN:DLA-49-1:9749F", "href": "https://lists.debian.org/debian-lts-announce/2014/debian-lts-announce-201409/msg00012.html", "title": "[SECURITY] [DLA 49-1] acpi-support security update", "type": "debian", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-10-18T13:50:00", "bulletinFamily": "unix", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-3020-1 security@debian.org\nhttp://www.debian.org/security/ Raphael Geissert\nSeptember 10, 2014 http://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : acpi-support\nCVE ID : CVE-2014-0484\n\nDuring a review for EDF, Raphael Geissert discovered that the\nacpi-support package did not properly handle data obtained from a\nuser's environment. This could lead to program malfunction or allow a\nlocal user to escalate privileges to the root user due to a programming\nerror.\n\nFor the stable distribution (wheezy), this problem has been fixed in\nversion 0.140-5+deb7u3.\n\nFor the testing distribution (jessie), and the unstable distribution (sid)\nthis problem will be fixed soon.\n\nWe recommend that you upgrade your acpi-support packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "modified": "2014-09-10T14:51:35", "published": "2014-09-10T14:51:35", "id": "DEBIAN:DSA-3020-1:95B46", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2014/msg00207.html", "title": "[SECURITY] [DSA 3020-1] acpi-support security update", "type": "debian", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "nessus": [{"lastseen": "2019-01-16T20:19:41", "bulletinFamily": "scanner", "description": "During a review for EDF, Raphael Geissert discovered that the\nacpi-support package did not properly handle data obtained from a\nuser's environment. This could lead to program malfunction or allow a\nlocal user to escalate privileges to the root user due to a\nprogramming error.", "modified": "2018-11-10T00:00:00", "published": "2014-09-11T00:00:00", "id": "DEBIAN_DSA-3020.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=77610", "title": "Debian DSA-3020-1 : acpi-support - security update", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-3020. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(77610);\n script_version(\"1.4\");\n script_cvs_date(\"Date: 2018/11/10 11:49:36\");\n\n script_cve_id(\"CVE-2014-0484\");\n script_xref(name:\"DSA\", value:\"3020\");\n\n script_name(english:\"Debian DSA-3020-1 : acpi-support - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"During a review for EDF, Raphael Geissert discovered that the\nacpi-support package did not properly handle data obtained from a\nuser's environment. This could lead to program malfunction or allow a\nlocal user to escalate privileges to the root user due to a\nprogramming error.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/wheezy/acpi-support\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2014/dsa-3020\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the acpi-support packages.\n\nFor the stable distribution (wheezy), this problem has been fixed in\nversion 0.140-5+deb7u3.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:acpi-support\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:7.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/09/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/09/11\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"7.0\", prefix:\"acpi-fakekey\", reference:\"0.140-5+deb7u3\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"acpi-support\", reference:\"0.140-5+deb7u3\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"acpi-support-base\", reference:\"0.140-5+deb7u3\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:53", "bulletinFamily": "software", "description": "\r\n\r\n-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n- -------------------------------------------------------------------------\r\nDebian Security Advisory DSA-3020-1 security@debian.org\r\nhttp://www.debian.org/security/ Raphael Geissert\r\nSeptember 10, 2014 http://www.debian.org/security/faq\r\n- -------------------------------------------------------------------------\r\n\r\nPackage : acpi-support\r\nCVE ID : CVE-2014-0484\r\n\r\nDuring a review for EDF, Raphael Geissert discovered that the\r\nacpi-support package did not properly handle data obtained from a\r\nuser's environment. This could lead to program malfunction or allow a\r\nlocal user to escalate privileges to the root user due to a programming\r\nerror.\r\n\r\nFor the stable distribution (wheezy), this problem has been fixed in\r\nversion 0.140-5+deb7u3.\r\n\r\nFor the testing distribution (jessie), and the unstable distribution (sid)\r\nthis problem will be fixed soon.\r\n\r\nWe recommend that you upgrade your acpi-support packages.\r\n\r\nFurther information about Debian Security Advisories, how to apply\r\nthese updates to your system and frequently asked questions can be\r\nfound at: https://www.debian.org/security/\r\n\r\nMailing list: debian-security-announce@lists.debian.org\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v2.0.22 (GNU/Linux)\r\n\r\niEYEARECAAYFAlQQZWQACgkQYy49rUbZzlpFkACfWupzb7EZeBuRcz1yutluO0B2\r\nfnsAn0m5qFnWFf4cD/GcDZWAuLN5bas7\r\n=RTmD\r\n-----END PGP SIGNATURE-----\r\n\r\n", "modified": "2014-09-15T00:00:00", "published": "2014-09-15T00:00:00", "id": "SECURITYVULNS:DOC:31081", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:31081", "title": "[SECURITY] [DSA 3020-1] acpi-support security update", "type": "securityvulns", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:09:56", "bulletinFamily": "software", "description": "Race conditions, memory corruption.", "modified": "2014-09-15T00:00:00", "published": "2014-09-15T00:00:00", "id": "SECURITYVULNS:VULN:13906", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:13906", "title": "acpi-support privilege escalation", "type": "securityvulns", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}
