Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2009-2021 and is owned by Tenable, Inc. or an Affiliate thereof.FEDORA_2009-2418.NASL
HistoryMar 19, 2009 - 12:00 a.m.

Fedora 9 : bugzilla-3.2.2-2.fc9 (2009-2418)

2009-03-1900:00:00
This script is Copyright (C) 2009-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
12

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.006 Low

EPSS

Percentile

79.3%

JSON

  • Thu Mar 5 2009 Itamar Reis Peixoto <itamar at ispbrasil.com.br> 3.2.2-2

    • fix from BZ #474250 Comment #16, from Chris Eveleigh
      –>

    • add python BR for contrib subpackage

    • fix description

    • change Requires perl-SOAP-Lite to perl(SOAP::Lite) according guidelines

    • Sun Mar 1 2009 Itamar Reis Peixoto <itamar at ispbrasil.com.br> 3.2.2-1

    • thanks to Chris Eveleigh <chris dot eveleigh at planningportal dot gov dot uk>

    • for contributing with patches :-)

    • Upgrade to upstream 3.2.2 to fix multiple security vulns

    • Removed old perl_requires exclusions, added new ones for RADIUS, Oracle and sanitycheck.cgi

    • Added Oracle to supported DBs in description (and moved line breaks)

    • Include a patch to fix max_allowed_packet warnin when using with mysql

    • Sat Feb 28 2009 Itamar Reis Peixoto <itamar at ispbrasil.com.br> 3.0.8-1

    • Upgrade to 3.0.8, fix #466077 #438080

    • fix macro in changelog rpmlint warning

    • fix files-attr-not-set rpmlint warning for doc and contrib sub-packages

    • Mon Feb 23 2009 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 3.0.4-4

    • Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild

    • Mon Feb 2 2009 Stepan Kasal <skasal at redhat.com> - 3.0.4-3

    • do not require perl-Email-Simple, it is (no longer) in use

    • remove several explicit perl-* requires; the automatic dependencies do handle them

    • Mon Jul 14 2008 Tom ‘spot’ Callaway <tcallawa at redhat.com> - 3.0.4-2

      • fix license tag

      • Fri May 9 2008 John Berninger <john at ncphotography dot com> - 3.0.4-1

      • Update to upstream 3.0.4 to fix multiple security vulns

      • Change perms on /etc/bugzilla for bz 427981

      • Sun May 4 2008 John Berninger <john at ncphotography dot com> - 3.0.3-0

      • Update to upstream 3.0.3 - bz 444669

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Fedora Security Advisory 2009-2418.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(35960);
  script_version("1.17");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/11");

  script_cve_id("CVE-2008-4437", "CVE-2008-6098", "CVE-2009-0481", "CVE-2009-0482", "CVE-2009-0483", "CVE-2009-0484", "CVE-2009-0485", "CVE-2009-0486");
  script_bugtraq_id(30661, 32178);
  script_xref(name:"FEDORA", value:"2009-2418");

  script_name(english:"Fedora 9 : bugzilla-3.2.2-2.fc9 (2009-2418)");
  script_summary(english:"Checks rpm output for the updated package.");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Fedora host is missing a security update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"  - Thu Mar 5 2009 Itamar Reis Peixoto <itamar at
    ispbrasil.com.br> 3.2.2-2

    - fix from BZ #474250 Comment #16, from Chris Eveleigh
      -->

    - add python BR for contrib subpackage

    - fix description

    - change Requires perl-SOAP-Lite to perl(SOAP::Lite)
      according guidelines

    - Sun Mar 1 2009 Itamar Reis Peixoto <itamar at
      ispbrasil.com.br> 3.2.2-1

    - thanks to Chris Eveleigh <chris dot eveleigh at
      planningportal dot gov dot uk>

    - for contributing with patches :-)

    - Upgrade to upstream 3.2.2 to fix multiple security
      vulns

    - Removed old perl_requires exclusions, added new ones
      for RADIUS, Oracle and sanitycheck.cgi

    - Added Oracle to supported DBs in description (and
      moved line breaks)

    - Include a patch to fix max_allowed_packet warnin when
      using with mysql

    - Sat Feb 28 2009 Itamar Reis Peixoto <itamar at
      ispbrasil.com.br> 3.0.8-1

    - Upgrade to 3.0.8, fix #466077 #438080

    - fix macro in changelog rpmlint warning

    - fix files-attr-not-set rpmlint warning for doc and
      contrib sub-packages

    - Mon Feb 23 2009 Fedora Release Engineering <rel-eng at
      lists.fedoraproject.org> - 3.0.4-4

    - Rebuilt for
      https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild

    - Mon Feb 2 2009 Stepan Kasal <skasal at redhat.com> -
      3.0.4-3

    - do not require perl-Email-Simple, it is (no longer) in
      use

    - remove several explicit perl-* requires; the automatic
      dependencies do handle them

  - Mon Jul 14 2008 Tom 'spot' Callaway <tcallawa at
    redhat.com> - 3.0.4-2

    - fix license tag

    - Fri May 9 2008 John Berninger <john at ncphotography
      dot com> - 3.0.4-1

    - Update to upstream 3.0.4 to fix multiple security
      vulns

    - Change perms on /etc/bugzilla for bz 427981

    - Sun May 4 2008 John Berninger <john at ncphotography
      dot com> - 3.0.3-0

    - Update to upstream 3.0.3 - bz 444669

Note that Tenable Network Security has extracted the preceding
description block directly from the Fedora security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.redhat.com/show_bug.cgi?id=465956"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.redhat.com/show_bug.cgi?id=484755"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.redhat.com/show_bug.cgi?id=484805"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.redhat.com/show_bug.cgi?id=484806"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.redhat.com/show_bug.cgi?id=484807"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.redhat.com/show_bug.cgi?id=484811"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.redhat.com/show_bug.cgi?id=484812"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.redhat.com/show_bug.cgi?id=484813"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild"
  );
  # https://lists.fedoraproject.org/pipermail/package-announce/2009-March/021457.html
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?580d7913"
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Update the affected bugzilla package."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_cwe_id(22, 79, 264, 352);

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:bugzilla");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:9");

  script_set_attribute(attribute:"patch_publication_date", value:"2009/03/05");
  script_set_attribute(attribute:"plugin_publication_date", value:"2009/03/19");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2009-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Fedora Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
os_ver = os_ver[1];
if (! ereg(pattern:"^9([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 9.x", "Fedora " + os_ver);

if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);

flag = 0;
if (rpm_check(release:"FC9", reference:"bugzilla-3.2.2-2.fc9")) flag++;


if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
  else security_hole(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "bugzilla");
}
VendorProductVersionCPE
fedoraprojectfedorabugzillap-cpe:/a:fedoraproject:fedora:bugzilla
fedoraprojectfedora9cpe:/o:fedoraproject:fedora:9

References

Related

nessus 3
openvas 8
fedora 2
gentoo 1
nvd 8
cve 8
cvelist 8
ubuntucve 8
prion 8
freebsd 1
nessus
nessus
Fedora 10 : bugzilla-3.2.2-2.fc10 (2009-2417)
2009-04-23 00:00:00
GLSA-201006-19 : Bugzilla: Multiple vulnerabilities
2010-06-04 00:00:00
FreeBSD : Bugzilla -- Directory Traversal in importxml.pl (1d96305d-6ae6-11dd-91d5-000c29d47fd7)
2008-08-17 00:00:00
openvas
openvas
Fedora Core 9 FEDORA-2009-2418 (bugzilla)
2009-03-20 00:00:00
Fedora Core 10 FEDORA-2009-2417 (bugzilla)
2009-03-20 00:00:00
Fedora Core 9 FEDORA-2009-2418 (bugzilla)
2009-03-20 00:00:00
fedora
fedora
[SECURITY] Fedora 10 Update: bugzilla-3.2.2-2.fc10
2009-03-18 19:06:58
[SECURITY] Fedora 9 Update: bugzilla-3.2.2-2.fc9
2009-03-18 18:59:22
gentoo
gentoo
Bugzilla: Multiple vulnerabilities
2010-06-04 00:00:00
nvd
nvd
CVE-2008-6098
2009-02-09 18:30:00
CVE-2009-0481
2009-02-09 17:30:00
CVE-2009-0484
2009-02-09 17:30:00
cve
cve
CVE-2008-6098
2009-02-09 18:30:00
CVE-2009-0484
2009-02-09 17:30:00
CVE-2009-0482
2009-02-09 17:30:00
cvelist
cvelist
CVE-2008-6098
2009-02-09 18:00:00
CVE-2009-0481
2009-02-09 17:00:00
CVE-2009-0484
2009-02-09 17:00:00
ubuntucve
ubuntucve
CVE-2008-6098
2009-02-09 00:00:00
CVE-2008-4437
2008-10-03 00:00:00
CVE-2009-0484
2009-02-09 00:00:00
prion
prion
Authentication flaw
2009-02-09 18:30:00
Cross site scripting
2009-02-09 17:30:00
Directory traversal
2008-10-03 22:22:00
freebsd
freebsd
Bugzilla -- Directory Traversal in importxml.pl
2008-06-03 00:00:00

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.006 Low

EPSS

Percentile

79.3%

JSON
Related for FEDORA_2009-2418.NASL
nessus3openvas8fedora2gentoo1nvd8cve8cvelist8ubuntucve8prion8freebsd1