Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2009-2021 and is owned by Tenable, Inc. or an Affiliate thereof.FEDORA_2009-1256.NASL
HistoryFeb 05, 2009 - 12:00 a.m.

Fedora 9 : roundcubemail-0.2-7.stable.fc9 (2009-1256)

2009-02-0500:00:00
This script is Copyright (C) 2009-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
7
JSON

Upgrade to 0.2 stable Following security fix is included as well:
Common Vulnerabilities and Exposures assigned an identifier CVE-2009-0413 to the following vulnerability: Cross-site scripting (XSS) vulnerability in RoundCube Webmail (roundcubemail) 0.2 stable allows remote attackers to inject arbitrary web script or HTML via the background attribute embedded in an HTML e-mail message. References:
https://vulners.com/cve/CVE-2009-0413 http://trac.roundcube.net/changeset/2245 http://www.securityfocus.com/bid/33372 http://secunia.com/advisories/33622 http://xforce.iss.net/xforce/xfdb/48129

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Fedora Security Advisory 2009-1256.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(35594);
  script_version("1.17");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/11");

  script_cve_id("CVE-2009-0413");
  script_bugtraq_id(33372);
  script_xref(name:"FEDORA", value:"2009-1256");
  script_xref(name:"Secunia", value:"33622");

  script_name(english:"Fedora 9 : roundcubemail-0.2-7.stable.fc9 (2009-1256)");
  script_summary(english:"Checks rpm output for the updated package.");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Fedora host is missing a security update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Upgrade to 0.2 stable Following security fix is included as well:
Common Vulnerabilities and Exposures assigned an identifier
CVE-2009-0413 to the following vulnerability: Cross-site scripting
(XSS) vulnerability in RoundCube Webmail (roundcubemail) 0.2 stable
allows remote attackers to inject arbitrary web script or HTML via the
background attribute embedded in an HTML e-mail message. References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0413
http://trac.roundcube.net/changeset/2245
http://www.securityfocus.com/bid/33372
http://secunia.com/advisories/33622
http://xforce.iss.net/xforce/xfdb/48129

Note that Tenable Network Security has extracted the preceding
description block directly from the Fedora security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://trac.roundcube.net/changeset/2245"
  );
  # http://www.securityfocus.com/bid/33372
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.securityfocus.com/bid/33372"
  );
  # http://xforce.iss.net/xforce/xfdb/48129
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?204c363c"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.redhat.com/show_bug.cgi?id=484052"
  );
  # https://lists.fedoraproject.org/pipermail/package-announce/2009-February/019722.html
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?bdf24f69"
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Update the affected roundcubemail package."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");
  script_cwe_id(79);

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:roundcubemail");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:9");

  script_set_attribute(attribute:"patch_publication_date", value:"2009/02/05");
  script_set_attribute(attribute:"plugin_publication_date", value:"2009/02/05");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2009-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Fedora Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
os_ver = os_ver[1];
if (! ereg(pattern:"^9([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 9.x", "Fedora " + os_ver);

if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);

flag = 0;
if (rpm_check(release:"FC9", reference:"roundcubemail-0.2-7.stable.fc9")) flag++;


if (flag)
{
  if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
  else security_warning(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "roundcubemail");
}
VendorProductVersionCPE
fedoraprojectfedoraroundcubemailp-cpe:/a:fedoraproject:fedora:roundcubemail
fedoraprojectfedora9cpe:/o:fedoraproject:fedora:9

Related

prion 1
openvas 8
debiancve 1
ubuntucve 1
nessus 2
seebug 1
freebsd 1
fedora 3
cve 1
prion
prion
Cross site scripting
2009-02-03 23:30:00
openvas
openvas
Fedora Core 10 FEDORA-2009-1204 (roundcubemail)
2009-02-10 00:00:00
Fedora Core 9 FEDORA-2009-1256 (roundcubemail)
2009-02-10 00:00:00
Fedora Core 9 FEDORA-2009-1256 (roundcubemail)
2009-02-10 00:00:00
debiancve
debiancve
CVE-2009-0413
2009-02-03 23:30:00
ubuntucve
ubuntucve
CVE-2009-0413
2009-02-03 00:00:00
nessus
nessus
Fedora 10 : roundcubemail-0.2-7.stable.fc10 (2009-1204)
2009-04-23 00:00:00
FreeBSD : roundcube -- webmail script insertion and php code injection (35c0b572-125a-11de-a964-0030843d3802)
2009-03-17 00:00:00
seebug
seebug
Roundcube Webmail้‚ฎไปถๆถˆๆฏHTMLๆณจๅ…ฅๆผๆดž
2009-12-04 00:00:00
freebsd
freebsd
roundcube -- webmail script insertion and php code injection
2009-01-21 00:00:00
fedora
fedora
[SECURITY] Fedora 10 Update: roundcubemail-0.2-7.stable.fc10
2009-02-05 02:08:18
[SECURITY] Fedora 9 Update: roundcubemail-0.2-7.stable.fc9
2009-02-05 02:12:50
[SECURITY] Fedora 10 Update: roundcubemail-0.2.2-4.fc10
2009-12-02 04:27:37
cve
cve
CVE-2009-0413
2009-02-03 23:30:00
JSON
Related for FEDORA_2009-1256.NASL
prion1openvas8debiancve1ubuntucve1nessus2seebug1freebsd1fedora3cve1