Lucene search
This script is Copyright (C) 2008-2021 and is owned by Tenable, Inc. or an Affiliate thereof.DEBIAN_DSA-1562.NASLHistoryMay 01, 2008 - 12:00 a.m.
Debian DSA-1562-1 : iceape - programming error
2008-05-0100:00:00
This script is Copyright (C) 2008-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
12
It was discovered that crashes in the JavaScript engine of Iceape, an unbranded version of the SeaMonkey internet suite could potentially lead to the execution of arbitrary code.
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Debian Security Advisory DSA-1562. The text
# itself is copyright (C) Software in the Public Interest, Inc.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(32086);
script_version("1.16");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/04");
script_cve_id("CVE-2008-1380");
script_xref(name:"DSA", value:"1562");
script_name(english:"Debian DSA-1562-1 : iceape - programming error");
script_summary(english:"Checks dpkg output for the updated package");
script_set_attribute(
attribute:"synopsis",
value:"The remote Debian host is missing a security-related update."
);
script_set_attribute(
attribute:"description",
value:
"It was discovered that crashes in the JavaScript engine of Iceape, an
unbranded version of the SeaMonkey internet suite could potentially
lead to the execution of arbitrary code."
);
script_set_attribute(
attribute:"see_also",
value:"https://www.debian.org/security/2008/dsa-1562"
);
script_set_attribute(
attribute:"solution",
value:
"Upgrade the iceape packages.
For the stable distribution (etch), this problem has been fixed in
version 1.0.13~pre080323b-0etch3."
);
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
script_cwe_id(399);
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:iceape");
script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:4.0");
script_set_attribute(attribute:"patch_publication_date", value:"2008/04/28");
script_set_attribute(attribute:"plugin_publication_date", value:"2008/05/01");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2008-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_family(english:"Debian Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");
exit(0);
}
include("audit.inc");
include("debian_package.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);
flag = 0;
if (deb_check(release:"4.0", prefix:"iceape", reference:"1.0.13~pre080323b-0etch3")) flag++;
if (deb_check(release:"4.0", prefix:"iceape-browser", reference:"1.0.13~pre080323b-0etch3")) flag++;
if (deb_check(release:"4.0", prefix:"iceape-calendar", reference:"1.0.13~pre080323b-0etch3")) flag++;
if (deb_check(release:"4.0", prefix:"iceape-chatzilla", reference:"1.0.13~pre080323b-0etch3")) flag++;
if (deb_check(release:"4.0", prefix:"iceape-dbg", reference:"1.0.13~pre080323b-0etch3")) flag++;
if (deb_check(release:"4.0", prefix:"iceape-dev", reference:"1.0.13~pre080323b-0etch3")) flag++;
if (deb_check(release:"4.0", prefix:"iceape-dom-inspector", reference:"1.0.13~pre080323b-0etch3")) flag++;
if (deb_check(release:"4.0", prefix:"iceape-gnome-support", reference:"1.0.13~pre080323b-0etch3")) flag++;
if (deb_check(release:"4.0", prefix:"iceape-mailnews", reference:"1.0.13~pre080323b-0etch3")) flag++;
if (deb_check(release:"4.0", prefix:"mozilla", reference:"1.8+1.0.13~pre080323b-0etch3")) flag++;
if (deb_check(release:"4.0", prefix:"mozilla-browser", reference:"1.8+1.0.13~pre080323b-0etch3")) flag++;
if (deb_check(release:"4.0", prefix:"mozilla-calendar", reference:"1.8+1.0.13~pre080323b-0etch3")) flag++;
if (deb_check(release:"4.0", prefix:"mozilla-chatzilla", reference:"1.8+1.0.13~pre080323b-0etch3")) flag++;
if (deb_check(release:"4.0", prefix:"mozilla-dev", reference:"1.8+1.0.13~pre080323b-0etch3")) flag++;
if (deb_check(release:"4.0", prefix:"mozilla-dom-inspector", reference:"1.8+1.0.13~pre080323b-0etch3")) flag++;
if (deb_check(release:"4.0", prefix:"mozilla-js-debugger", reference:"1.8+1.0.13~pre080323b-0etch3")) flag++;
if (deb_check(release:"4.0", prefix:"mozilla-mailnews", reference:"1.8+1.0.13~pre080323b-0etch3")) flag++;
if (deb_check(release:"4.0", prefix:"mozilla-psm", reference:"1.8+1.0.13~pre080323b-0etch3")) flag++;
if (flag)
{
if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());
else security_hole(0);
exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");
| Vendor | Product | Version | CPE |
|---|---|---|---|
| debian | debian_linux | iceape | p-cpe:/a:debian:debian_linux:iceape |
| debian | debian_linux | 4.0 | cpe:/o:debian:debian_linux:4.0 |
Related
fedora
fedora
[SECURITY] Fedora 7 Update: kazehakase-0.5.4-2.fc7.2
2008-04-22 22:40:41
[SECURITY] Fedora 8 Update: openvrml-0.17.5-5.fc8
2008-04-22 22:45:12
[SECURITY] Fedora 7 Update: devhelp-0.13-16.fc7
2008-04-22 22:40:41
openvas
openvas
Fedora Update for yelp FEDORA-2008-3249
2009-02-17 00:00:00
Fedora Update for Miro FEDORA-2008-3283
2009-02-17 00:00:00
Fedora Update for gtkmozembedmm FEDORA-2008-3283
2009-02-17 00:00:00
osv
osv
xulrunner - arbitrary code execution
2008-04-24 00:00:00
iceweasel - arbitrary code execution
2008-04-23 00:00:00
iceape - arbitrary code execution
2008-04-28 00:00:00
nessus
nessus
Fedora 8 : seamonkey-1.1.9-2.fc8 (2008-3264)
2008-04-25 00:00:00
Debian DSA-1558-1 : xulrunner - programming error
2008-04-28 00:00:00
openSUSE 10 Security Update : epiphany (epiphany-5293)
2008-06-09 00:00:00
oraclelinux
oraclelinux
seamonkey security update
2008-04-17 00:00:00
thunderbird security update
2008-04-30 00:00:00
firefox security update
2008-04-17 00:00:00
securityvulns
securityvulns
Mozilla Firefox memory corruption
2008-04-18 00:00:00
Mozilla Foundation Security Advisory 2008-20
2008-04-18 00:00:00
seebug
seebug
Mozilla Firefox JavaScriptεεΎζΆιε¨ε
εη ΄εζΌζ΄
2008-04-19 00:00:00
centos
centos
seamonkey security update
2008-04-18 00:18:42
seamonkey security update
2008-04-17 15:54:11
firefox security update
2008-04-19 13:20:35
redhat
redhat
(RHSA-2008:0222) Critical: firefox security update
2008-04-16 00:00:00
(RHSA-2008:0224) Moderate: thunderbird security update
2008-04-30 00:00:00
(RHSA-2008:0223) Critical: seamonkey security update
2008-04-16 00:00:00
slackware
slackware
[slackware-security] mozilla-firefox
2008-04-17 22:44:04
debian
debian
[SECURITY] [DSA 1562-1] New iceape packages fix arbitrary code execution
2008-04-28 19:47:46
[SECURITY] [DSA 1555-1] New iceweasel packages fix arbitrary code execution
2008-04-23 17:54:24
[SECURITY] [DSA 1558-1] New xulrunner packages fix arbitrary code execution
2008-04-24 21:21:53
veracode
veracode
Arbitrary Code Execution
2020-04-10 00:20:49
ubuntu
ubuntu
Firefox vulnerabilities
2008-04-22 00:00:00
freebsd
freebsd
firefox -- javascript garbage collector vulnerability
2008-04-16 00:00:00
prion
prion
Code injection
2008-04-17 19:05:00
ubuntucve
ubuntucve
CVE-2008-1380
2008-04-17 00:00:00
cert
cert
mozilla
mozilla
Crash in JavaScript garbage collector β Mozilla
2008-04-16 00:00:00
cve
cve
CVE-2008-1380
2008-04-17 19:05:00
gentoo
gentoo
Mozilla products: Multiple vulnerabilities
2008-08-06 00:00:00
Mozilla products: Multiple vulnerabilities
2008-05-20 00:00:00
Related for DEBIAN_DSA-1562.NASL