CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
EPSS
Percentile
99.0%
New stable release, API and ABI compatible with previous 1.2.x versions.
CVE-2010-3113 CVE-2010-1814 CVE-2010-1812 CVE-2010-1815 CVE-2010-3115 CVE-2010-1807 CVE-2010-3114 CVE-2010-3116 CVE-2010-3257 CVE-2010-3259
Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Fedora Security Advisory 2010-15982.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(50034);
script_version("1.15");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/11");
script_cve_id("CVE-2010-1807", "CVE-2010-1812", "CVE-2010-1814", "CVE-2010-1815", "CVE-2010-3113", "CVE-2010-3114", "CVE-2010-3115", "CVE-2010-3116", "CVE-2010-3257", "CVE-2010-3259");
script_xref(name:"FEDORA", value:"2010-15982");
script_name(english:"Fedora 12 : webkitgtk-1.2.5-1.fc12 (2010-15982)");
script_summary(english:"Checks rpm output for the updated package.");
script_set_attribute(
attribute:"synopsis",
value:"The remote Fedora host is missing a security update."
);
script_set_attribute(
attribute:"description",
value:
" - New stable release, API and ABI compatible with previous
1.2.x versions.
- The patches to fix the following CVEs are included with
help from Vincent Danen and other members of the Red Hat
security team :
CVE-2010-3113 CVE-2010-1814 CVE-2010-1812 CVE-2010-1815 CVE-2010-3115
CVE-2010-1807 CVE-2010-3114 CVE-2010-3116 CVE-2010-3257 CVE-2010-3259
Note that Tenable Network Security has extracted the preceding
description block directly from the Fedora security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues."
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.redhat.com/show_bug.cgi?id=627703"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.redhat.com/show_bug.cgi?id=628032"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.redhat.com/show_bug.cgi?id=628035"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.redhat.com/show_bug.cgi?id=628071"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.redhat.com/show_bug.cgi?id=631939"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.redhat.com/show_bug.cgi?id=631946"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.redhat.com/show_bug.cgi?id=631948"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.redhat.com/show_bug.cgi?id=640353"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.redhat.com/show_bug.cgi?id=640357"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.redhat.com/show_bug.cgi?id=640360"
);
# https://lists.fedoraproject.org/pipermail/package-announce/2010-October/049544.html
script_set_attribute(
attribute:"see_also",
value:"http://www.nessus.org/u?12c6edb5"
);
script_set_attribute(
attribute:"solution",
value:"Update the affected webkitgtk package."
);
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"exploit_framework_core", value:"true");
script_set_attribute(attribute:"exploited_by_malware", value:"true");
script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
script_set_attribute(attribute:"canvas_package", value:'CANVAS');
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:webkitgtk");
script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:12");
script_set_attribute(attribute:"patch_publication_date", value:"2010/10/08");
script_set_attribute(attribute:"plugin_publication_date", value:"2010/10/20");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_family(english:"Fedora Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
os_ver = os_ver[1];
if (! ereg(pattern:"^12([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 12.x", "Fedora " + os_ver);
if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);
flag = 0;
if (rpm_check(release:"FC12", reference:"webkitgtk-1.2.5-1.fc12")) flag++;
if (flag)
{
if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
else security_hole(0);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "webkitgtk");
}
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1807
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1812
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1814
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1815
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3113
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3114
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3115
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3116
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3257
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3259
www.nessus.org/u?12c6edb5
bugzilla.redhat.com/show_bug.cgi?id=627703
bugzilla.redhat.com/show_bug.cgi?id=628032
bugzilla.redhat.com/show_bug.cgi?id=628035
bugzilla.redhat.com/show_bug.cgi?id=628071
bugzilla.redhat.com/show_bug.cgi?id=631939
bugzilla.redhat.com/show_bug.cgi?id=631946
bugzilla.redhat.com/show_bug.cgi?id=631948
bugzilla.redhat.com/show_bug.cgi?id=640353
bugzilla.redhat.com/show_bug.cgi?id=640357
bugzilla.redhat.com/show_bug.cgi?id=640360