Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2010-2021 Tenable Network Security, Inc.FEDORA_2010-16178.NASL
HistoryNov 10, 2010 - 12:00 a.m.

Fedora 14 : apr-util-1.3.10-1.fc14 (2010-16178)

2010-11-1000:00:00
This script is Copyright (C) 2010-2021 Tenable Network Security, Inc.
www.tenable.com
8
JSON

This update includes the latest stable release of the APR-util library.

A memory leak in the apr_brigade_split_line() function allowed a denial of service attack network services using this function, such as the Apache HTTP Server. (CVE-2010-1623)

Bug fixes to the ‘thread pool’ interfaces and ODBC support are also included.

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Fedora Security Advisory 2010-16178.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(50532);
  script_version("1.11");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/11");

  script_cve_id("CVE-2010-1623");
  script_bugtraq_id(43673);
  script_xref(name:"FEDORA", value:"2010-16178");

  script_name(english:"Fedora 14 : apr-util-1.3.10-1.fc14 (2010-16178)");
  script_summary(english:"Checks rpm output for the updated package.");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Fedora host is missing a security update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"This update includes the latest stable release of the APR-util
library.

A memory leak in the apr_brigade_split_line() function allowed a
denial of service attack network services using this function, such as
the Apache HTTP Server. (CVE-2010-1623)

Bug fixes to the 'thread pool' interfaces and ODBC support are also
included.

Note that Tenable Network Security has extracted the preceding
description block directly from the Fedora security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.redhat.com/show_bug.cgi?id=640281"
  );
  # https://lists.fedoraproject.org/pipermail/package-announce/2010-November/050670.html
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?66e05705"
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Update the affected apr-util package."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:ND/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:apr-util");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:14");

  script_set_attribute(attribute:"patch_publication_date", value:"2010/10/13");
  script_set_attribute(attribute:"plugin_publication_date", value:"2010/11/10");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2010-2021 Tenable Network Security, Inc.");
  script_family(english:"Fedora Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
os_ver = os_ver[1];
if (! ereg(pattern:"^14([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 14.x", "Fedora " + os_ver);

if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);

flag = 0;
if (rpm_check(release:"FC14", reference:"apr-util-1.3.10-1.fc14")) flag++;


if (flag)
{
  if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
  else security_warning(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "apr-util");
}
VendorProductVersionCPE
fedoraprojectfedoraapr-utilp-cpe:/a:fedoraproject:fedora:apr-util
fedoraprojectfedora14cpe:/o:fedoraproject:fedora:14

Related

openvas 32
fedora 3
veracode 1
redhat 2
f5 2
nessus 25
oraclelinux 1
ubuntucve 2
httpd 2
prion 1
cve 1
ubuntu 2
debian 2
slackware 2
centos 1
debiancve 1
freebsd 1
gentoo 1
suse 1
kaspersky 1
hackerone 1
openvas
openvas
Mandriva Update for apr-util MDVSA-2010:192 (apr-util)
2010-10-04 00:00:00
Fedora Update for apr-util FEDORA-2010-16178
2010-12-02 00:00:00
Ubuntu Update for apr-util vulnerability USN-1022-1
2010-12-02 00:00:00
fedora
fedora
[SECURITY] Fedora 13 Update: apr-util-1.3.10-1.fc13
2010-10-28 05:47:25
[SECURITY] Fedora 12 Update: apr-util-1.3.10-1.fc12
2010-10-28 05:58:28
[SECURITY] Fedora 14 Update: apr-util-1.3.10-1.fc14
2010-11-10 01:19:10
veracode
veracode
Denial Of Service (DoS)
2020-04-10 00:51:33
redhat
redhat
(RHSA-2010:0950) Moderate: apr-util security update
2010-12-07 00:00:00
(RHSA-2011:0897) Moderate: JBoss Enterprise Web Server 1.0.2 update
2011-06-22 00:00:00
f5
f5
K15902 : Apache vulnerability CVE-2010-1623
2015-09-16 00:00:00
SOL15902 - Apache vulnerability CVE-2010-1623
2014-12-11 00:00:00
nessus
nessus
F5 Networks BIG-IP : Apache vulnerability (SOL15902)
2015-09-16 00:00:00
CentOS 4 : apr-util (CESA-2010:0950)
2011-01-28 00:00:00
RHEL 4 / 5 / 6 : apr-util (RHSA-2010:0950)
2010-12-08 00:00:00
oraclelinux
oraclelinux
apr-util security update
2010-12-07 00:00:00
ubuntucve
ubuntucve
CVE-2010-1623
2010-10-04 00:00:00
CVE-2007-6750
2011-12-27 00:00:00
httpd
httpd
Apache Httpd < 2.0.64 : apr_bridage_split_line DoS
2010-03-03 00:00:00
Apache Httpd < 2.2.17 : apr_bridage_split_line DoS
2010-03-03 00:00:00
prion
prion
Design/Logic Flaw
2010-10-04 21:00:00
cve
cve
CVE-2010-1623
2010-10-04 21:00:00
ubuntu
ubuntu
APR-util vulnerability
2010-11-25 00:00:00
Apache vulnerabilities
2010-11-25 00:00:00
debian
debian
[SECURITY] [DSA-2117-1] New apr-util packages fix denial of service
2010-10-04 21:35:18
[SECURITY] [DSA-2117-1] New apr-util packages fix denial of service
2010-10-04 21:35:18
slackware
slackware
[slackware-security] apr-util
2011-02-11 01:16:50
[slackware-security] httpd
2011-02-11 01:17:26
centos
centos
apr security update
2011-01-27 08:46:39
debiancve
debiancve
CVE-2010-1623
2010-10-04 21:00:00
freebsd
freebsd
apr -- multiple vunerabilities
2010-10-02 00:00:00
gentoo
gentoo
Apache Portable Runtime, APR Utility Library: Denial of service
2014-05-18 00:00:00
suse
suse
Security update for apache2 (important)
2011-11-09 19:08:34
kaspersky
kaspersky
KLA10066 Multiple vulnerabilities in Apache httpd
2010-10-19 00:00:00
hackerone
hackerone
U.S. Dept Of Defense: Out-of-date Version (Apache)
2016-11-24 15:09:27
JSON
Related for FEDORA_2010-16178.NASL
openvas32fedora3veracode1redhat2f52nessus25oraclelinux1ubuntucve2httpd2prion1cve1ubuntu2debian2slackware2centos1debiancve1freebsd1gentoo1suse1kaspersky1hackerone1