Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2009-2021 Tenable Network Security, Inc.FEDORA_2009-8132.NASL
HistoryAug 01, 2009 - 12:00 a.m.

Fedora 11 : OpenEXR-1.6.1-8.fc11 (2009-8132)

2009-08-0100:00:00
This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.
www.tenable.com
12

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.04 Low

EPSS

Percentile

92.1%

JSON

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Fedora Security Advisory 2009-8132.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(40452);
  script_version("1.16");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/11");

  script_cve_id("CVE-2009-1720", "CVE-2009-1721");
  script_bugtraq_id(35838);
  script_xref(name:"FEDORA", value:"2009-8132");

  script_name(english:"Fedora 11 : OpenEXR-1.6.1-8.fc11 (2009-8132)");
  script_summary(english:"Checks rpm output for the updated package.");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Fedora host is missing a security update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"  - Wed Jul 29 2009 Rex Dieter <rdieter at
    fedoraproject.org> 1.6.1-8

    - CVE-2009-1720 OpenEXR: Multiple integer overflows
      (#513995)

    - CVE-2009-1721 OpenEXR: Invalid pointer free by image
      decompression (#514003)

    - Fri Jul 24 2009 Fedora Release Engineering <rel-eng at
      lists.fedoraproject.org> - 1.6.1-7

    - Rebuilt for
      https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild

Note that Tenable Network Security has extracted the preceding
description block directly from the Fedora security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.redhat.com/show_bug.cgi?id=513995"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.redhat.com/show_bug.cgi?id=514003"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild"
  );
  # https://lists.fedoraproject.org/pipermail/package-announce/2009-July/027215.html
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?618a01b9"
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Update the affected OpenEXR package."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:ND/RL:OF/RC:ND");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");
  script_cwe_id(16, 189);

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:OpenEXR");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:11");

  script_set_attribute(attribute:"patch_publication_date", value:"2009/07/31");
  script_set_attribute(attribute:"plugin_publication_date", value:"2009/08/01");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.");
  script_family(english:"Fedora Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
os_ver = os_ver[1];
if (! ereg(pattern:"^11([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 11.x", "Fedora " + os_ver);

if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);

flag = 0;
if (rpm_check(release:"FC11", reference:"OpenEXR-1.6.1-8.fc11")) flag++;


if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
  else security_hole(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "OpenEXR");
}
VendorProductVersionCPE
fedoraprojectfedoraopenexrp-cpe:/a:fedoraproject:fedora:openexr
fedoraprojectfedora11cpe:/o:fedoraproject:fedora:11

Related

nessus 14
openvas 23
fedora 2
gentoo 1
securityvulns 4
ubuntu 1
debian 1
osv 1
cvelist 2
ubuntucve 2
nvd 2
cve 2
debiancve 2
prion 2
seebug 1
nessus
nessus
openSUSE Security Update : OpenEXR (OpenEXR-1157)
2009-09-02 00:00:00
openSUSE Security Update : OpenEXR (OpenEXR-1157)
2009-09-02 00:00:00
Fedora 10 : OpenEXR-1.6.1-8.fc10 (2009-8136)
2009-08-01 00:00:00
openvas
openvas
SLES11: Security update for OpenEXR
2009-10-11 00:00:00
Fedora Core 10 FEDORA-2009-8136 (OpenEXR)
2009-08-17 00:00:00
Fedora Core 11 FEDORA-2009-8132 (OpenEXR)
2009-08-17 00:00:00
fedora
fedora
[SECURITY] Fedora 10 Update: OpenEXR-1.6.1-8.fc10
2009-07-31 18:02:09
[SECURITY] Fedora 11 Update: OpenEXR-1.6.1-8.fc11
2009-07-31 18:01:21
gentoo
gentoo
OpenEXR: Multiple Vulnerabilities
2013-12-09 00:00:00
securityvulns
securityvulns
OpenEXR multiple security vulnerabilities
2009-07-28 00:00:00
[SECURITY] [DSA 1842-1] New openexr packages fix several vulnerabilities
2009-07-28 00:00:00
Apple Mac OS X multiple security vulnerabilities
2009-08-07 00:00:00
ubuntu
ubuntu
OpenEXR vulnerabilities
2009-09-14 00:00:00
debian
debian
[SECURITY] [DSA 1842-1] New openexr packages fix several vulnerabilities
2009-07-28 12:16:25
osv
osv
openexr - several vulnerabilities
2009-07-28 00:00:00
cvelist
cvelist
CVE-2009-1721
2009-07-31 18:29:00
CVE-2009-1720
2009-07-31 18:29:00
ubuntucve
ubuntucve
CVE-2009-1721
2009-07-31 00:00:00
CVE-2009-1720
2009-07-31 00:00:00
nvd
nvd
CVE-2009-1721
2009-07-31 19:00:01
CVE-2009-1720
2009-07-31 19:00:01
cve
cve
CVE-2009-1720
2009-07-31 19:00:01
CVE-2009-1721
2009-07-31 19:00:01
debiancve
debiancve
CVE-2009-1720
2009-07-31 19:00:01
CVE-2009-1721
2009-07-31 19:00:01
prion
prion
Design/Logic Flaw
2009-07-31 19:00:00
Integer overflow
2009-07-31 19:00:00
seebug
seebug
Apple Mac OS X 2009-003修补多个安全漏洞
2009-08-06 00:00:00

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.04 Low

EPSS

Percentile

92.1%

JSON
Related for FEDORA_2009-8132.NASL
nessus14openvas23fedora2gentoo1securityvulns4ubuntu1debian1osv1cvelist2ubuntucve2nvd2cve2debiancve2prion2seebug1