Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2009-2021 and is owned by Tenable, Inc. or an Affiliate thereof.FEDORA_2009-10857.NASL
HistoryNov 13, 2009 - 12:00 a.m.

Fedora 11 : texlive-2007-46.fc11 (2009-10857)

2009-11-1300:00:00
This script is Copyright (C) 2009-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
13

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.014 Low

EPSS

Percentile

86.4%

JSON

  • Fri Oct 23 2009 Jindrich Novy <jnovy at redhat.com> 2007-46

    • add missing dependency on kpathsea

    • Thu Oct 15 2009 Jindrich Novy <jnovy at redhat.com> 2007-45

    • make kpathsea not dependent on texlive

    • fix lacheck again (#451513)

    • fix dvips configuration (#467542)

    • update kpathsea description and summary (#519257)

    • use upstream patch to fix pool overflow CVE-2009-1284 (#492136)

    • don’t complain if the pdvipsk hunks touching config.ps don’t apply

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Fedora Security Advisory 2009-10857.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(42787);
  script_version("1.15");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/11");

  script_cve_id("CVE-2009-1284");
  script_bugtraq_id(34332);
  script_xref(name:"FEDORA", value:"2009-10857");

  script_name(english:"Fedora 11 : texlive-2007-46.fc11 (2009-10857)");
  script_summary(english:"Checks rpm output for the updated package.");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Fedora host is missing a security update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"  - Fri Oct 23 2009 Jindrich Novy <jnovy at redhat.com>
    2007-46

    - add missing dependency on kpathsea

    - Thu Oct 15 2009 Jindrich Novy <jnovy at redhat.com>
      2007-45

    - make kpathsea not dependent on texlive

    - fix lacheck again (#451513)

    - fix dvips configuration (#467542)

    - update kpathsea description and summary (#519257)

    - use upstream patch to fix pool overflow CVE-2009-1284
      (#492136)

    - don't complain if the pdvipsk hunks touching config.ps
      don't apply

Note that Tenable Network Security has extracted the preceding
description block directly from the Fedora security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.redhat.com/show_bug.cgi?id=492136"
  );
  # https://lists.fedoraproject.org/pipermail/package-announce/2009-November/031003.html
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?bf9106b2"
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Update the affected texlive package."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:ND");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_cwe_id(119);

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:texlive");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:11");

  script_set_attribute(attribute:"patch_publication_date", value:"2009/10/27");
  script_set_attribute(attribute:"plugin_publication_date", value:"2009/11/13");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2009-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Fedora Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
os_ver = os_ver[1];
if (! ereg(pattern:"^11([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 11.x", "Fedora " + os_ver);

if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);

flag = 0;
if (rpm_check(release:"FC11", reference:"texlive-2007-46.fc11")) flag++;


if (flag)
{
  if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
  else security_warning(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "texlive");
}
VendorProductVersionCPE
fedoraprojectfedoratexlivep-cpe:/a:fedoraproject:fedora:texlive
fedoraprojectfedora11cpe:/o:fedoraproject:fedora:11

Related

openvas 18
fedora 3
cve 1
debiancve 1
ubuntucve 1
nvd 1
nessus 4
prion 1
cvelist 1
gentoo 1
securityvulns 1
ubuntu 1
openvas
openvas
Fedora Core 10 FEDORA-2009-10730 (texlive)
2009-11-17 00:00:00
Fedora Core 10 FEDORA-2009-10730 (texlive)
2009-11-17 00:00:00
Fedora Core 11 FEDORA-2009-10857 (texlive)
2009-11-17 00:00:00
fedora
fedora
[SECURITY] Fedora 10 Update: texlive-2007-46.fc10
2009-11-13 02:25:13
[SECURITY] Fedora 11 Update: texlive-2007-46.fc11
2009-11-13 02:25:51
[SECURITY] Fedora 11 Update: texlive-2007-47.fc11
2010-05-18 21:51:53
cve
cve
CVE-2009-1284
2009-04-09 16:27:57
debiancve
debiancve
CVE-2009-1284
2009-04-09 16:27:57
ubuntucve
ubuntucve
CVE-2009-1284
2009-04-09 00:00:00
nvd
nvd
CVE-2009-1284
2009-04-09 16:27:57
nessus
nessus
Fedora 10 : texlive-2007-46.fc10 (2009-10730)
2009-11-13 00:00:00
GLSA-201206-28 : TeX Live: Multiple vulnerabilities
2012-06-26 00:00:00
Ubuntu 8.04 LTS / 9.04 / 9.10 / 10.04 LTS : texlive-bin vulnerabilities (USN-937-1)
2010-05-07 00:00:00
prion
prion
Buffer overflow
2009-04-09 16:27:00
cvelist
cvelist
CVE-2009-1284
2009-04-09 16:00:00
gentoo
gentoo
TeX Live: Multiple vulnerabilities
2012-06-25 00:00:00
securityvulns
securityvulns
[USN-937-1] TeX Live vulnerabilities
2010-05-11 00:00:00
ubuntu
ubuntu
TeX Live vulnerabilities
2010-05-06 00:00:00

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.014 Low

EPSS

Percentile

86.4%

JSON
Related for FEDORA_2009-10857.NASL
openvas18fedora3cve1debiancve1ubuntucve1nvd1nessus4prion1cvelist1gentoo1securityvulns1ubuntu1