{"id": "FEDORA_2011-14756.NASL", "bulletinFamily": "scanner", "title": "Fedora 15 : arora-0.11.0-3.fc15 (2011-14756)", "description": "Fixes CVE-2011-3367, an input validation flaw.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "published": "2011-12-15T00:00:00", "modified": "2018-11-28T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=57308", "reporter": "Tenable", "references": ["https://bugzilla.redhat.com/show_bug.cgi?id=746875", "http://www.nessus.org/u?206fe43a"], "cvelist": ["CVE-2011-3367"], "type": "nessus", "lastseen": "2019-02-21T01:15:48", "history": [{"bulletin": {"bulletinFamily": "scanner", "cpe": ["p-cpe:/a:fedoraproject:fedora:arora", "cpe:/o:fedoraproject:fedora:15"], "cvelist": ["CVE-2011-3367"], "cvss": {"score": 0.0, "vector": "NONE"}, "description": "Fixes CVE-2011-3367, an input validation flaw.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "edition": 3, "enchantments": {"score": {"value": 5.0, "vector": "NONE"}}, "hash": "6b3c7a0f765a97937e3c0fc8ba4f543cc58b9c7262b2c7e47a8e6e583c49bb0e", "hashmap": [{"hash": "5e670391993f97bb70d255962df32a29", "key": "href"}, {"hash": "de38caaccc231e6a74b77a602b35db95", "key": "modified"}, {"hash": "6f97d4df455f69f26a24d5058f157038", "key": "sourceData"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "10abe9d16eda3c51cc78a90f3d3bc8c3", "key": "references"}, {"hash": "a8e5b72f9f3e52bd74c42a7d4192bf36", "key": "cvelist"}, {"hash": "8cd4821cb504d25572038ed182587d85", "key": "cvss"}, {"hash": "ae0770757f08c03cc935bca78b5c49ef", "key": "title"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "8b8c1cd75f5a8486e42b727f530cb512", "key": "pluginID"}, {"hash": "be931514784f88df80712740ad2723e7", "key": "naslFamily"}, {"hash": "e961f1c32dcefbb869270b5d714e6bb7", "key": "cpe"}, {"hash": "dee95985476a86ec28a83a6382a06e8a", "key": "published"}, {"hash": "f9062052ea4f4c67b9bb07de6d0c3dfa", "key": "description"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=57308", "id": "FEDORA_2011-14756.NASL", "lastseen": "2018-08-30T19:52:01", "modified": "2015-10-20T00:00:00", "naslFamily": "Fedora Local Security Checks", "objectVersion": "1.3", "pluginID": "57308", "published": "2011-12-15T00:00:00", "references": ["https://bugzilla.redhat.com/show_bug.cgi?id=746875", "http://www.nessus.org/u?206fe43a"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2011-14756.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(57308);\n script_version(\"$Revision: 1.8 $\");\n script_cvs_date(\"$Date: 2015/10/20 21:56:29 $\");\n\n script_cve_id(\"CVE-2011-3367\");\n script_bugtraq_id(49925);\n script_xref(name:\"FEDORA\", value:\"2011-14756\");\n\n script_name(english:\"Fedora 15 : arora-0.11.0-3.fc15 (2011-14756)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Fixes CVE-2011-3367, an input validation flaw.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=746875\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2011-December/070996.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?206fe43a\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected arora package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:arora\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:15\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/10/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/12/15\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2015 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^15([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 15.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC15\", reference:\"arora-0.11.0-3.fc15\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"arora\");\n}\n", "title": "Fedora 15 : arora-0.11.0-3.fc15 (2011-14756)", "type": "nessus", "viewCount": 0}, "differentElements": ["cvss"], "edition": 3, "lastseen": "2018-08-30T19:52:01"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["p-cpe:/a:fedoraproject:fedora:arora", "cpe:/o:fedoraproject:fedora:15"], "cvelist": ["CVE-2011-3367"], "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "description": "Fixes CVE-2011-3367, an input validation flaw.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "edition": 4, "enchantments": {"score": {"value": 5.0, "vector": "NONE"}}, "hash": "adc10284dd45fe52632814f7165b0c4b5661f75852b0e4d245512e1380d1cedf", "hashmap": [{"hash": "5e670391993f97bb70d255962df32a29", "key": "href"}, {"hash": "de38caaccc231e6a74b77a602b35db95", "key": "modified"}, {"hash": "6f97d4df455f69f26a24d5058f157038", "key": "sourceData"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "26769fd423968d45be7383413e2552f1", "key": "cvss"}, {"hash": "10abe9d16eda3c51cc78a90f3d3bc8c3", "key": "references"}, {"hash": "a8e5b72f9f3e52bd74c42a7d4192bf36", "key": "cvelist"}, {"hash": "ae0770757f08c03cc935bca78b5c49ef", "key": "title"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "8b8c1cd75f5a8486e42b727f530cb512", "key": "pluginID"}, {"hash": "be931514784f88df80712740ad2723e7", "key": "naslFamily"}, {"hash": "e961f1c32dcefbb869270b5d714e6bb7", "key": "cpe"}, {"hash": "dee95985476a86ec28a83a6382a06e8a", "key": "published"}, {"hash": "f9062052ea4f4c67b9bb07de6d0c3dfa", "key": "description"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=57308", "id": "FEDORA_2011-14756.NASL", "lastseen": "2018-09-02T00:00:18", "modified": "2015-10-20T00:00:00", "naslFamily": "Fedora Local Security Checks", "objectVersion": "1.3", "pluginID": "57308", "published": "2011-12-15T00:00:00", "references": ["https://bugzilla.redhat.com/show_bug.cgi?id=746875", "http://www.nessus.org/u?206fe43a"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2011-14756.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(57308);\n script_version(\"$Revision: 1.8 $\");\n script_cvs_date(\"$Date: 2015/10/20 21:56:29 $\");\n\n script_cve_id(\"CVE-2011-3367\");\n script_bugtraq_id(49925);\n script_xref(name:\"FEDORA\", value:\"2011-14756\");\n\n script_name(english:\"Fedora 15 : arora-0.11.0-3.fc15 (2011-14756)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Fixes CVE-2011-3367, an input validation flaw.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=746875\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2011-December/070996.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?206fe43a\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected arora package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:arora\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:15\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/10/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/12/15\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2015 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^15([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 15.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC15\", reference:\"arora-0.11.0-3.fc15\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"arora\");\n}\n", "title": "Fedora 15 : arora-0.11.0-3.fc15 (2011-14756)", "type": "nessus", "viewCount": 0}, "differentElements": ["modified", "sourceData"], "edition": 4, "lastseen": "2018-09-02T00:00:18"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": [], "cvelist": ["CVE-2011-3367"], "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "description": "Fixes CVE-2011-3367, an input validation flaw.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "edition": 1, "enchantments": {}, "hash": "3d2a11c30116c4413c229a91a5a4cbdd721087aa1f1b93b46ca6093d9e1d1e4d", "hashmap": [{"hash": "5e670391993f97bb70d255962df32a29", "key": "href"}, {"hash": "de38caaccc231e6a74b77a602b35db95", "key": "modified"}, {"hash": "6f97d4df455f69f26a24d5058f157038", "key": "sourceData"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "26769fd423968d45be7383413e2552f1", "key": "cvss"}, {"hash": "10abe9d16eda3c51cc78a90f3d3bc8c3", "key": "references"}, {"hash": "a8e5b72f9f3e52bd74c42a7d4192bf36", "key": "cvelist"}, {"hash": "ae0770757f08c03cc935bca78b5c49ef", "key": "title"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "8b8c1cd75f5a8486e42b727f530cb512", "key": "pluginID"}, {"hash": "be931514784f88df80712740ad2723e7", "key": "naslFamily"}, {"hash": "dee95985476a86ec28a83a6382a06e8a", "key": "published"}, {"hash": "f9062052ea4f4c67b9bb07de6d0c3dfa", "key": "description"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=57308", "id": "FEDORA_2011-14756.NASL", "lastseen": "2016-09-26T17:25:50", "modified": "2015-10-20T00:00:00", "naslFamily": "Fedora Local Security Checks", "objectVersion": "1.2", "pluginID": "57308", "published": "2011-12-15T00:00:00", "references": ["https://bugzilla.redhat.com/show_bug.cgi?id=746875", "http://www.nessus.org/u?206fe43a"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2011-14756.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(57308);\n script_version(\"$Revision: 1.8 $\");\n script_cvs_date(\"$Date: 2015/10/20 21:56:29 $\");\n\n script_cve_id(\"CVE-2011-3367\");\n script_bugtraq_id(49925);\n script_xref(name:\"FEDORA\", value:\"2011-14756\");\n\n script_name(english:\"Fedora 15 : arora-0.11.0-3.fc15 (2011-14756)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Fixes CVE-2011-3367, an input validation flaw.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=746875\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2011-December/070996.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?206fe43a\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected arora package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:arora\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:15\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/10/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/12/15\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2015 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^15([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 15.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC15\", reference:\"arora-0.11.0-3.fc15\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"arora\");\n}\n", "title": "Fedora 15 : arora-0.11.0-3.fc15 (2011-14756)", "type": "nessus", "viewCount": 0}, "differentElements": ["cpe"], "edition": 1, "lastseen": "2016-09-26T17:25:50"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["p-cpe:/a:fedoraproject:fedora:arora", "cpe:/o:fedoraproject:fedora:15"], "cvelist": ["CVE-2011-3367"], "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "description": "Fixes CVE-2011-3367, an input validation flaw.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 6, "enchantments": {"dependencies": {"modified": "2019-01-16T20:12:56", "references": [{"idList": ["OPENVAS:1361412562310902764", "OPENVAS:863799", "OPENVAS:863662", "OPENVAS:1361412562310863799", "OPENVAS:902764", "OPENVAS:1361412562310863662", "OPENVAS:1361412562310121295"], "type": "openvas"}, {"idList": ["CVE-2011-3367"], "type": "cve"}, {"idList": ["SECURITYVULNS:DOC:27132", "SECURITYVULNS:VULN:11952"], "type": "securityvulns"}, {"idList": ["GLSA-201412-09"], "type": "gentoo"}, {"idList": ["GENTOO_GLSA-201412-09.NASL", "FEDORA_2011-14719.NASL"], "type": "nessus"}]}, "score": {"value": 5.0, "vector": "NONE"}}, "hash": "910d252a211722641e07d2dde21c7bce74c56bdaeb746366d34e07e16d50d734", "hashmap": [{"hash": "0fa729b98e9073b13a77f1b2799bc2cf", "key": "description"}, {"hash": "5e670391993f97bb70d255962df32a29", "key": "href"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "26769fd423968d45be7383413e2552f1", "key": "cvss"}, {"hash": "10abe9d16eda3c51cc78a90f3d3bc8c3", "key": "references"}, {"hash": "a8e5b72f9f3e52bd74c42a7d4192bf36", "key": "cvelist"}, {"hash": "460b12446c99e9f96de9e7fe92f5d167", "key": "modified"}, {"hash": "5747fc7843a77d328bb6218b1792c544", "key": "sourceData"}, {"hash": "ae0770757f08c03cc935bca78b5c49ef", "key": "title"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "8b8c1cd75f5a8486e42b727f530cb512", "key": "pluginID"}, {"hash": "be931514784f88df80712740ad2723e7", "key": "naslFamily"}, {"hash": "e961f1c32dcefbb869270b5d714e6bb7", "key": "cpe"}, {"hash": "dee95985476a86ec28a83a6382a06e8a", "key": "published"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=57308", "id": "FEDORA_2011-14756.NASL", "lastseen": "2019-01-16T20:12:56", "modified": "2018-11-28T00:00:00", "naslFamily": "Fedora Local Security Checks", "objectVersion": "1.3", "pluginID": "57308", "published": "2011-12-15T00:00:00", "references": ["https://bugzilla.redhat.com/show_bug.cgi?id=746875", "http://www.nessus.org/u?206fe43a"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2011-14756.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(57308);\n script_version(\"1.9\");\n script_cvs_date(\"Date: 2018/11/28 22:47:43\");\n\n script_cve_id(\"CVE-2011-3367\");\n script_bugtraq_id(49925);\n script_xref(name:\"FEDORA\", value:\"2011-14756\");\n\n script_name(english:\"Fedora 15 : arora-0.11.0-3.fc15 (2011-14756)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Fixes CVE-2011-3367, an input validation flaw.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=746875\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2011-December/070996.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?206fe43a\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected arora package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:arora\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:15\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/10/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/12/15\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^15([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 15.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC15\", reference:\"arora-0.11.0-3.fc15\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"arora\");\n}\n", "title": "Fedora 15 : arora-0.11.0-3.fc15 (2011-14756)", "type": "nessus", "viewCount": 0}, "differentElements": ["description"], "edition": 6, "lastseen": "2019-01-16T20:12:56"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["p-cpe:/a:fedoraproject:fedora:arora", "cpe:/o:fedoraproject:fedora:15"], "cvelist": ["CVE-2011-3367"], "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "description": "Fixes CVE-2011-3367, an input validation flaw.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "edition": 2, "enchantments": {"score": {"value": 5.0, "vector": "NONE"}}, "hash": "adc10284dd45fe52632814f7165b0c4b5661f75852b0e4d245512e1380d1cedf", "hashmap": [{"hash": "5e670391993f97bb70d255962df32a29", "key": "href"}, {"hash": "de38caaccc231e6a74b77a602b35db95", "key": "modified"}, {"hash": "6f97d4df455f69f26a24d5058f157038", "key": "sourceData"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "26769fd423968d45be7383413e2552f1", "key": "cvss"}, {"hash": "10abe9d16eda3c51cc78a90f3d3bc8c3", "key": "references"}, {"hash": "a8e5b72f9f3e52bd74c42a7d4192bf36", "key": "cvelist"}, {"hash": "ae0770757f08c03cc935bca78b5c49ef", "key": "title"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "8b8c1cd75f5a8486e42b727f530cb512", "key": "pluginID"}, {"hash": "be931514784f88df80712740ad2723e7", "key": "naslFamily"}, {"hash": "e961f1c32dcefbb869270b5d714e6bb7", "key": "cpe"}, {"hash": "dee95985476a86ec28a83a6382a06e8a", "key": "published"}, {"hash": "f9062052ea4f4c67b9bb07de6d0c3dfa", "key": "description"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=57308", "id": "FEDORA_2011-14756.NASL", "lastseen": "2017-10-29T13:42:34", "modified": "2015-10-20T00:00:00", "naslFamily": "Fedora Local Security Checks", "objectVersion": "1.3", "pluginID": "57308", "published": "2011-12-15T00:00:00", "references": ["https://bugzilla.redhat.com/show_bug.cgi?id=746875", "http://www.nessus.org/u?206fe43a"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2011-14756.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(57308);\n script_version(\"$Revision: 1.8 $\");\n script_cvs_date(\"$Date: 2015/10/20 21:56:29 $\");\n\n script_cve_id(\"CVE-2011-3367\");\n script_bugtraq_id(49925);\n script_xref(name:\"FEDORA\", value:\"2011-14756\");\n\n script_name(english:\"Fedora 15 : arora-0.11.0-3.fc15 (2011-14756)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Fixes CVE-2011-3367, an input validation flaw.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=746875\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2011-December/070996.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?206fe43a\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected arora package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:arora\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:15\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/10/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/12/15\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2015 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^15([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 15.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC15\", reference:\"arora-0.11.0-3.fc15\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"arora\");\n}\n", "title": "Fedora 15 : arora-0.11.0-3.fc15 (2011-14756)", "type": "nessus", "viewCount": 0}, "differentElements": ["cvss"], "edition": 2, "lastseen": "2017-10-29T13:42:34"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["p-cpe:/a:fedoraproject:fedora:arora", "cpe:/o:fedoraproject:fedora:15"], "cvelist": ["CVE-2011-3367"], "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "description": "Fixes CVE-2011-3367, an input validation flaw.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "edition": 5, "enchantments": {"score": {"value": 5.0, "vector": "NONE"}}, "hash": "ee6e3d46a10677d6a61bb0c9f5dea1f6df8fbe577b6e72a462ee8598d1fbe825", "hashmap": [{"hash": "5e670391993f97bb70d255962df32a29", "key": "href"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "26769fd423968d45be7383413e2552f1", "key": "cvss"}, {"hash": "10abe9d16eda3c51cc78a90f3d3bc8c3", "key": "references"}, {"hash": "a8e5b72f9f3e52bd74c42a7d4192bf36", "key": "cvelist"}, {"hash": "460b12446c99e9f96de9e7fe92f5d167", "key": "modified"}, {"hash": "5747fc7843a77d328bb6218b1792c544", "key": "sourceData"}, {"hash": "ae0770757f08c03cc935bca78b5c49ef", "key": "title"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "8b8c1cd75f5a8486e42b727f530cb512", "key": "pluginID"}, {"hash": "be931514784f88df80712740ad2723e7", "key": "naslFamily"}, {"hash": "e961f1c32dcefbb869270b5d714e6bb7", "key": "cpe"}, {"hash": "dee95985476a86ec28a83a6382a06e8a", "key": "published"}, {"hash": "f9062052ea4f4c67b9bb07de6d0c3dfa", "key": "description"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=57308", "id": "FEDORA_2011-14756.NASL", "lastseen": "2018-11-29T19:38:07", "modified": "2018-11-28T00:00:00", "naslFamily": "Fedora Local Security Checks", "objectVersion": "1.3", "pluginID": "57308", "published": "2011-12-15T00:00:00", "references": ["https://bugzilla.redhat.com/show_bug.cgi?id=746875", "http://www.nessus.org/u?206fe43a"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2011-14756.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(57308);\n script_version(\"1.9\");\n script_cvs_date(\"Date: 2018/11/28 22:47:43\");\n\n script_cve_id(\"CVE-2011-3367\");\n script_bugtraq_id(49925);\n script_xref(name:\"FEDORA\", value:\"2011-14756\");\n\n script_name(english:\"Fedora 15 : arora-0.11.0-3.fc15 (2011-14756)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Fixes CVE-2011-3367, an input validation flaw.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=746875\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2011-December/070996.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?206fe43a\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected arora package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:arora\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:15\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/10/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/12/15\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^15([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 15.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC15\", reference:\"arora-0.11.0-3.fc15\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"arora\");\n}\n", "title": "Fedora 15 : arora-0.11.0-3.fc15 (2011-14756)", "type": "nessus", "viewCount": 0}, "differentElements": ["description"], "edition": 5, "lastseen": "2018-11-29T19:38:07"}], "edition": 7, "hashmap": [{"key": "bulletinFamily", "hash": "bbdaea376f500d25f6b0c1050311dd07"}, {"key": "cpe", "hash": "e961f1c32dcefbb869270b5d714e6bb7"}, {"key": "cvelist", "hash": "a8e5b72f9f3e52bd74c42a7d4192bf36"}, {"key": "cvss", "hash": "26769fd423968d45be7383413e2552f1"}, {"key": "description", "hash": "f9062052ea4f4c67b9bb07de6d0c3dfa"}, {"key": "href", "hash": "5e670391993f97bb70d255962df32a29"}, {"key": "modified", "hash": "460b12446c99e9f96de9e7fe92f5d167"}, {"key": "naslFamily", "hash": "be931514784f88df80712740ad2723e7"}, {"key": "pluginID", "hash": "8b8c1cd75f5a8486e42b727f530cb512"}, {"key": "published", "hash": "dee95985476a86ec28a83a6382a06e8a"}, {"key": "references", "hash": "10abe9d16eda3c51cc78a90f3d3bc8c3"}, {"key": "reporter", "hash": "9cf00d658b687f030ebe173a0528c567"}, {"key": "sourceData", "hash": "5747fc7843a77d328bb6218b1792c544"}, {"key": "title", "hash": "ae0770757f08c03cc935bca78b5c49ef"}, {"key": "type", "hash": "5e0bd03bec244039678f2b955a2595aa"}], "hash": "ee6e3d46a10677d6a61bb0c9f5dea1f6df8fbe577b6e72a462ee8598d1fbe825", "viewCount": 0, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2011-3367"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310863662", "OPENVAS:1361412562310902764", "OPENVAS:902764", "OPENVAS:863662", "OPENVAS:863799", "OPENVAS:1361412562310863799", "OPENVAS:1361412562310121295"]}, {"type": "nessus", "idList": ["FEDORA_2011-14719.NASL", "GENTOO_GLSA-201412-09.NASL"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:27132", "SECURITYVULNS:VULN:11952"]}, {"type": "gentoo", "idList": ["GLSA-201412-09"]}], "modified": "2019-02-21T01:15:48"}, "score": {"value": 5.0, "vector": "NONE"}, "vulnersScore": 5.0}, "objectVersion": "1.3", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2011-14756.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(57308);\n script_version(\"1.9\");\n script_cvs_date(\"Date: 2018/11/28 22:47:43\");\n\n script_cve_id(\"CVE-2011-3367\");\n script_bugtraq_id(49925);\n script_xref(name:\"FEDORA\", value:\"2011-14756\");\n\n script_name(english:\"Fedora 15 : arora-0.11.0-3.fc15 (2011-14756)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Fixes CVE-2011-3367, an input validation flaw.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=746875\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2011-December/070996.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?206fe43a\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected arora package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:arora\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:15\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/10/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/12/15\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^15([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 15.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC15\", reference:\"arora-0.11.0-3.fc15\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"arora\");\n}\n", "naslFamily": "Fedora Local Security Checks", "pluginID": "57308", "cpe": ["p-cpe:/a:fedoraproject:fedora:arora", "cpe:/o:fedoraproject:fedora:15"], "scheme": null}

{"cve": [{"lastseen": "2016-09-03T15:39:51", "bulletinFamily": "NVD", "description": "Arora, possibly 0.11 and other versions, does not use a certain font when rendering certificate fields in a security dialog, which allows remote attackers to spoof the common name (CN) of a certificate via rich text.", "modified": "2011-11-30T10:51:03", "published": "2011-11-29T12:55:01", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3367", "id": "CVE-2011-3367", "title": "CVE-2011-3367", "type": "cve", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}], "openvas": [{"lastseen": "2019-03-18T14:43:24", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2011-12-16T00:00:00", "id": "OPENVAS:1361412562310863662", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310863662", "title": "Fedora Update for arora FEDORA-2011-14756", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for arora FEDORA-2011-14756\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.fedoraproject.org/pipermail/package-announce/2011-December/070996.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.863662\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-12-16 11:08:05 +0530 (Fri, 16 Dec 2011)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_xref(name:\"FEDORA\", value:\"2011-14756\");\n script_cve_id(\"CVE-2011-3367\");\n script_name(\"Fedora Update for arora FEDORA-2011-14756\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'arora'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC15\");\n script_tag(name:\"affected\", value:\"arora on Fedora 15\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC15\")\n{\n\n if ((res = isrpmvuln(pkg:\"arora\", rpm:\"arora~0.11.0~3.fc15\", rls:\"FC15\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2019-03-18T14:40:11", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2012-03-19T00:00:00", "id": "OPENVAS:1361412562310863799", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310863799", "title": "Fedora Update for arora FEDORA-2011-14719", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for arora FEDORA-2011-14719\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.fedoraproject.org/pipermail/package-announce/2011-December/070892.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.863799\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-03-19 12:18:54 +0530 (Mon, 19 Mar 2012)\");\n script_cve_id(\"CVE-2011-3367\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_xref(name:\"FEDORA\", value:\"2011-14719\");\n script_name(\"Fedora Update for arora FEDORA-2011-14719\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'arora'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC16\");\n script_tag(name:\"affected\", value:\"arora on Fedora 16\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC16\")\n{\n\n if ((res = isrpmvuln(pkg:\"arora\", rpm:\"arora~0.11.0~3.fc16\", rls:\"FC16\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2017-07-25T10:55:24", "bulletinFamily": "scanner", "description": "Check for the Version of arora", "modified": "2017-07-10T00:00:00", "published": "2011-12-16T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=863662", "id": "OPENVAS:863662", "title": "Fedora Update for arora FEDORA-2011-14756", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for arora FEDORA-2011-14756\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"arora on Fedora 15\";\ntag_insight = \"Arora is a simple, cross platform web browser based on the QtWebKit engine.\n Currently, Arora is still under development, but it already has support for\n browsing and other common features such as web history and bookmarks.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2011-December/070996.html\");\n script_id(863662);\n script_version(\"$Revision: 6626 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:30:10 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-12-16 11:08:05 +0530 (Fri, 16 Dec 2011)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_xref(name: \"FEDORA\", value: \"2011-14756\");\n script_cve_id(\"CVE-2011-3367\");\n script_name(\"Fedora Update for arora FEDORA-2011-14756\");\n\n script_summary(\"Check for the Version of arora\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC15\")\n{\n\n if ((res = isrpmvuln(pkg:\"arora\", rpm:\"arora~0.11.0~3.fc15\", rls:\"FC15\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-01-18T11:06:41", "bulletinFamily": "scanner", "description": "Check for the Version of arora", "modified": "2018-01-17T00:00:00", "published": "2012-03-19T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=863799", "id": "OPENVAS:863799", "title": "Fedora Update for arora FEDORA-2011-14719", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for arora FEDORA-2011-14719\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"arora on Fedora 16\";\ntag_insight = \"Arora is a simple, cross platform web browser based on the QtWebKit engine.\n Currently, Arora is still under development, but it already has support for\n browsing and other common features such as web history and bookmarks.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2011-December/070892.html\");\n script_id(863799);\n script_version(\"$Revision: 8448 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-17 17:18:06 +0100 (Wed, 17 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-03-19 12:18:54 +0530 (Mon, 19 Mar 2012)\");\n script_cve_id(\"CVE-2011-3367\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_xref(name: \"FEDORA\", value: \"2011-14719\");\n script_name(\"Fedora Update for arora FEDORA-2011-14719\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of arora\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC16\")\n{\n\n if ((res = isrpmvuln(pkg:\"arora\", rpm:\"arora~0.11.0~3.fc16\", rls:\"FC16\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-12-10T17:48:12", "bulletinFamily": "scanner", "description": "This host is installed with Arora and is prone common name SSL\n certificate spoofing vulnerability.", "modified": "2018-12-08T00:00:00", "published": "2011-12-15T00:00:00", "id": "OPENVAS:1361412562310902764", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310902764", "title": "Arora Common Name SSL Certificate Spoofing Vulnerability (Linux)", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $id: secpod_arora_cn_ssl_cert_spoofing_vuln_lin.nasl 2011-12-15 14:01:47z dec $\n#\n# Arora Common Name SSL Certificate Spoofing Vulnerability (Linux)\n#\n# Authors:\n# Madhuri D <dmadhuri@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2011 SecPod, http://www.secpod.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the gnu general public license version 2\n# (or any later version), as published by the free software foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.902764\");\n script_version(\"$Revision: 12720 $\");\n script_cve_id(\"CVE-2011-3367\");\n script_bugtraq_id(49925);\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-12-08 14:43:47 +0100 (Sat, 08 Dec 2018) $\");\n script_tag(name:\"creation_date\", value:\"2011-12-15 14:01:47 +0530 (Thu, 15 Dec 2011)\");\n script_name(\"Arora Common Name SSL Certificate Spoofing Vulnerability (Linux)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2011 SecPod\");\n script_family(\"General\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"login/SSH/success\");\n script_exclude_keys(\"ssh/no_linux_shell\");\n\n script_xref(name:\"URL\", value:\"http://secunia.com/advisories/46269\");\n script_xref(name:\"URL\", value:\"http://www.securityfocus.com/archive/1/520041\");\n script_xref(name:\"URL\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=746875\");\n script_xref(name:\"URL\", value:\"http://archives.neohapsis.com/archives/fulldisclosure/2011-10/att-0353/NDSA20111003.txt.asc\");\n\n script_tag(name:\"insight\", value:\"The flaw is due to not using a certain font when rendering\n certificate fields in a security dialog.\");\n\n script_tag(name:\"solution\", value:\"No known solution was made available for at least one year since the disclosure\n of this vulnerability. Likely none will be provided anymore. General solution options are to upgrade to a newer\n release, disable respective features, remove the product or replace the product by another one.\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Arora and is prone common name SSL\n certificate spoofing vulnerability.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow remote attackers to spoof the\n common name (CN) of a certificate via rich text.\");\n\n script_tag(name:\"affected\", value:\"Arora version 0.11 and prior.\");\n\n script_tag(name:\"solution_type\", value:\"WillNotFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n\n exit(0);\n}\n\ninclude(\"ssh_func.inc\");\ninclude(\"version_func.inc\");\n\nsock = ssh_login_or_reuse_connection();\nif(!sock){\n exit(0);\n}\n\ngarg[0] = \"-o\";\ngarg[1] = \"-m1\";\ngarg[2] = \"-a\";\ngarg[3] = string(\"[0]\\\\.[0-9][0-9]\\\\.[0-9]\");\n\nmodName = find_file(file_name:\"arora\", file_path:\"/usr/bin/\", useregex:TRUE, regexpar:\"$\", sock:sock);\nforeach binaryName (modName){\n\n binaryName = chomp(binaryName);\n if(!binaryName) continue;\n\n arg = garg[0] + \" \" + garg[1] + \" \" + garg[2] + \" \" + raw_string(0x22) + garg[3] + raw_string(0x22) + \" \" + binaryName;\n\n arrVer = get_bin_version(full_prog_name:\"grep\", version_argv:arg, ver_pattern:\"([0-9.]+)\", sock:sock);\n if(arrVer[1]){\n if(version_is_less_equal(version:arrVer[1], test_version:\"0.11.0\")){\n report = report_fixed_ver(installed_version:arrVer[1], fixed_version:\"WillNotFix\", install_path:binaryName);\n security_message(port:0, data:report);\n ssh_close_connection();\n exit(0);\n }\n }\n}\n\nssh_close_connection();\nexit(0);", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2017-11-21T11:13:10", "bulletinFamily": "scanner", "description": "This host is installed with Arora and is prone common name SSL\ncertificate spoofing vulnerability.", "modified": "2017-11-20T00:00:00", "published": "2011-12-15T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=902764", "id": "OPENVAS:902764", "title": "Arora Common Name SSL Certificate Spoofing Vulnerability (Linux)", "type": "openvas", "sourceData": "###############################################################################\n# Openvas Vulnerability Test\n# $id: secpod_arora_cn_ssl_cert_spoofing_vuln_lin.nasl 2011-12-15 14:01:47z dec $\n#\n# Arora Common Name SSL Certificate Spoofing Vulnerability (Linux)\n#\n# Authors:\n# Madhuri D <dmadhuri@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2011 SecPod, http://www.secpod.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the gnu general public license version 2\n# (or any later version), as published by the free software foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_impact = \"Successful exploitation will allow remote attackers to spoof the\ncommon name (CN) of a certificate via rich text.\n\nImpact Level: Application.\";\n\ntag_affected = \"Arora version 0.11 and prior\";\n\ntag_insight = \"The flaw is due to not using a certain font when rendering\ncertificate fields in a security dialog.\";\n\ntag_solution = \"No solution or patch was made available for at least one year\nsince disclosure of this vulnerability. Likely none will be provided anymore.\nGeneral solution options are to upgrade to a newer release, disable respective\nfeatures, remove the product or replace the product by another one.\";\n\ntag_summary = \"This host is installed with Arora and is prone common name SSL\ncertificate spoofing vulnerability.\";\n\nif(description)\n{\n script_id(902764);\n script_version(\"$Revision: 7823 $\");\n script_cve_id(\"CVE-2011-3367\");\n script_bugtraq_id(49925);\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-11-20 09:54:04 +0100 (Mon, 20 Nov 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-12-15 14:01:47 +0530 (Thu, 15 Dec 2011)\");\n script_name(\"Arora Common Name SSL Certificate Spoofing Vulnerability (Linux)\");\n script_xref(name : \"URL\" , value : \"http://secunia.com/advisories/46269\");\n script_xref(name : \"URL\" , value : \"http://www.securityfocus.com/archive/1/520041\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=746875\");\n script_xref(name : \"URL\" , value : \"http://archives.neohapsis.com/archives/fulldisclosure/2011-10/att-0353/NDSA20111003.txt.asc\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2011 SecPod\");\n script_family(\"General\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"login/SSH/success\");\n script_exclude_keys(\"ssh/no_linux_shell\");\n\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name:\"solution_type\", value:\"WillNotFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n exit(0);\n}\n\ninclude(\"ssh_func.inc\");\ninclude(\"version_func.inc\");\n\n## Checking OS\nsock = ssh_login_or_reuse_connection();\nif(!sock){\n exit(0);\n}\n\ngrep = find_bin(prog_name:\"grep\", sock:sock);\ngrep = chomp(grep[0]);\n\ngarg[0] = \"-o\";\ngarg[1] = \"-m1\";\ngarg[2] = \"-a\";\ngarg[3] = string(\"[0]\\\\.[0-9][0-9]\\\\.[0-9]\");\n\n## Getting arora file path\nmodName = find_file(file_name:\"arora\", file_path:\"/usr/bin/\",\n useregex:TRUE, regexpar:\"$\", sock:sock);\narg = NULL;\nforeach binaryName (modName)\n{\n binaryName = chomp(binaryName);\n arg = garg[0] + \" \" + garg[1] + \" \" + garg[2] + \" \" + raw_string(0x22) +\n garg[3] + raw_string(0x22) + \" \" + binaryName;\n}\n\nif(arg != NULL)\n{\n arrVer = NULL;\n\n ## Grep the version\n arrVer = get_bin_version(full_prog_name:grep, version_argv:arg,\n ver_pattern:\"([0-9.]+)\", sock:sock);\n if(arrVer[0] != NULL)\n {\n ## Check the arora version\n if(version_is_less_equal(version:arrVer[0], test_version:\"0.11.0\")){\n security_message(0);\n }\n }\n}\nclose(sock);\nssh_close_connection();\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-10-29T12:40:24", "bulletinFamily": "scanner", "description": "Gentoo Linux Local Security Checks GLSA 201412-09", "modified": "2018-10-26T00:00:00", "published": "2015-09-29T00:00:00", "id": "OPENVAS:1361412562310121295", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310121295", "title": "Gentoo Security Advisory GLSA 201412-09", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: glsa-201412-09.nasl 12128 2018-10-26 13:35:25Z cfischer $\n#\n# Gentoo Linux security check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.121295\");\n script_version(\"$Revision: 12128 $\");\n script_tag(name:\"creation_date\", value:\"2015-09-29 11:28:05 +0300 (Tue, 29 Sep 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-26 15:35:25 +0200 (Fri, 26 Oct 2018) $\");\n script_name(\"Gentoo Security Advisory GLSA 201412-09\");\n script_tag(name:\"insight\", value:\"Vulnerabilities have been discovered in the packages listed below. Please review the CVE identifiers in the Reference section for details.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://security.gentoo.org/glsa/201412-09\");\n script_cve_id(\"CVE-2007-4370\", \"CVE-2009-4023\", \"CVE-2009-4111\", \"CVE-2010-0778\", \"CVE-2010-1780\", \"CVE-2010-1782\", \"CVE-2010-1783\", \"CVE-2010-1784\", \"CVE-2010-1785\", \"CVE-2010-1786\", \"CVE-2010-1787\", \"CVE-2010-1788\", \"CVE-2010-1790\", \"CVE-2010-1791\", \"CVE-2010-1792\", \"CVE-2010-1793\", \"CVE-2010-1807\", \"CVE-2010-1812\", \"CVE-2010-1814\", \"CVE-2010-1815\", \"CVE-2010-2526\", \"CVE-2010-2901\", \"CVE-2010-3255\", \"CVE-2010-3257\", \"CVE-2010-3259\", \"CVE-2010-3362\", \"CVE-2010-3374\", \"CVE-2010-3389\", \"CVE-2010-3812\", \"CVE-2010-3813\", \"CVE-2010-3999\", \"CVE-2010-4042\", \"CVE-2010-4197\", \"CVE-2010-4198\", \"CVE-2010-4204\", \"CVE-2010-4206\", \"CVE-2010-4492\", \"CVE-2010-4493\", \"CVE-2010-4577\", \"CVE-2010-4578\", \"CVE-2011-0007\", \"CVE-2011-0465\", \"CVE-2011-0482\", \"CVE-2011-0721\", \"CVE-2011-0727\", \"CVE-2011-0904\", \"CVE-2011-0905\", \"CVE-2011-1072\", \"CVE-2011-1097\", \"CVE-2011-1144\", \"CVE-2011-1425\", \"CVE-2011-1572\", \"CVE-2011-1760\", \"CVE-2011-1951\", \"CVE-2011-2471\", \"CVE-2011-2472\", \"CVE-2011-2473\", \"CVE-2011-2524\", \"CVE-2011-3365\", \"CVE-2011-3366\", \"CVE-2011-3367\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"summary\", value:\"Gentoo Linux Local Security Checks GLSA 201412-09\");\n script_copyright(\"Eero Volotinen\");\n script_family(\"Gentoo Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-gentoo.inc\");\n\nres = \"\";\nreport = \"\";\n\nif((res=ispkgvuln(pkg:\"games-sports/racer-bin\", unaffected: make_list(), vulnerable: make_list(\"lt 0.5.0-r1\"))) != NULL) {\n\n report += res;\n}\nif((res=ispkgvuln(pkg:\"media-libs/fmod\", unaffected: make_list(\"ge 4.38.00\"), vulnerable: make_list(\"lt 4.38.00\"))) != NULL) {\n\n report += res;\n}\nif((res=ispkgvuln(pkg:\"dev-php/PEAR-Mail\", unaffected: make_list(\"ge 1.2.0\"), vulnerable: make_list(\"lt 1.2.0\"))) != NULL) {\n\n report += res;\n}\nif((res=ispkgvuln(pkg:\"sys-fs/lvm2\", unaffected: make_list(\"ge 2.02.72\"), vulnerable: make_list(\"lt 2.02.72\"))) != NULL) {\n\n report += res;\n}\nif((res=ispkgvuln(pkg:\"app-office/gnucash\", unaffected: make_list(\"ge 2.4.4\"), vulnerable: make_list(\"lt 2.4.4\"))) != NULL) {\n\n report += res;\n}\nif((res=ispkgvuln(pkg:\"media-libs/xine-lib\", unaffected: make_list(\"ge 1.1.19\"), vulnerable: make_list(\"lt 1.1.19\"))) != NULL) {\n\n report += res;\n}\nif((res=ispkgvuln(pkg:\"media-sound/lastfmplayer\", unaffected: make_list(\"ge 1.5.4.26862-r3\"), vulnerable: make_list(\"lt 1.5.4.26862-r3\"))) != NULL) {\n\n report += res;\n}\nif((res=ispkgvuln(pkg:\"net-libs/webkit-gtk\", unaffected: make_list(\"ge 1.2.7\"), vulnerable: make_list(\"lt 1.2.7\"))) != NULL) {\n\n report += res;\n}\nif((res=ispkgvuln(pkg:\"sys-apps/shadow\", unaffected: make_list(\"ge 4.1.4.3\"), vulnerable: make_list(\"lt 4.1.4.3\"))) != NULL) {\n\n report += res;\n}\nif((res=ispkgvuln(pkg:\"dev-php/PEAR-PEAR\", unaffected: make_list(\"ge 1.9.2-r1\"), vulnerable: make_list(\"lt 1.9.2-r1\"))) != NULL) {\n\n report += res;\n}\nif((res=ispkgvuln(pkg:\"dev-db/unixODBC\", unaffected: make_list(\"ge 2.3.0-r1\"), vulnerable: make_list(\"lt 2.3.0-r1\"))) != NULL) {\n\n report += res;\n}\nif((res=ispkgvuln(pkg:\"sys-cluster/resource-agents\", unaffected: make_list(\"ge 1.0.4-r1\"), vulnerable: make_list(\"lt 1.0.4-r1\"))) != NULL) {\n\n report += res;\n}\nif((res=ispkgvuln(pkg:\"net-misc/mrouted\", unaffected: make_list(\"ge 3.9.5\"), vulnerable: make_list(\"lt 3.9.5\"))) != NULL) {\n\n report += res;\n}\nif((res=ispkgvuln(pkg:\"net-misc/rsync\", unaffected: make_list(\"ge 3.0.8\"), vulnerable: make_list(\"lt 3.0.8\"))) != NULL) {\n\n report += res;\n}\nif((res=ispkgvuln(pkg:\"dev-libs/xmlsec\", unaffected: make_list(\"ge 1.2.17\"), vulnerable: make_list(\"lt 1.2.17\"))) != NULL) {\n\n report += res;\n}\nif((res=ispkgvuln(pkg:\"x11-apps/xrdb\", unaffected: make_list(\"ge 1.0.9\"), vulnerable: make_list(\"lt 1.0.9\"))) != NULL) {\n\n report += res;\n}\nif((res=ispkgvuln(pkg:\"net-misc/vino\", unaffected: make_list(\"ge 2.32.2\"), vulnerable: make_list(\"lt 2.32.2\"))) != NULL) {\n\n report += res;\n}\nif((res=ispkgvuln(pkg:\"dev-util/oprofile\", unaffected: make_list(\"ge 0.9.6-r1\"), vulnerable: make_list(\"lt 0.9.6-r1\"))) != NULL) {\n\n report += res;\n}\nif((res=ispkgvuln(pkg:\"app-admin/syslog-ng\", unaffected: make_list(\"ge 3.2.4\"), vulnerable: make_list(\"lt 3.2.4\"))) != NULL) {\n\n report += res;\n}\nif((res=ispkgvuln(pkg:\"net-analyzer/sflowtool\", unaffected: make_list(\"ge 3.20\"), vulnerable: make_list(\"lt 3.20\"))) != NULL) {\n\n report += res;\n}\nif((res=ispkgvuln(pkg:\"gnome-base/gdm\", unaffected: make_list(\"ge 3.8.4-r3\"), vulnerable: make_list(\"lt 3.8.4-r3\"))) != NULL) {\n\n report += res;\n}\nif((res=ispkgvuln(pkg:\"net-libs/libsoup\", unaffected: make_list(\"ge 2.34.3\"), vulnerable: make_list(\"lt 2.34.3\"))) != NULL) {\n\n report += res;\n}\nif((res=ispkgvuln(pkg:\"app-misc/ca-certificates\", unaffected: make_list(\"ge 20110502-r1\"), vulnerable: make_list(\"lt 20110502-r1\"))) != NULL) {\n\n report += res;\n}\nif((res=ispkgvuln(pkg:\"dev-vcs/gitolite\", unaffected: make_list(\"ge 1.5.9.1\"), vulnerable: make_list(\"lt 1.5.9.1\"))) != NULL) {\n\n report += res;\n}\nif((res=ispkgvuln(pkg:\"dev-util/qt-creator\", unaffected: make_list(\"ge 2.1.0\"), vulnerable: make_list(\"lt 2.1.0\"))) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "nessus": [{"lastseen": "2019-02-21T01:15:44", "bulletinFamily": "scanner", "description": "Fixes CVE-2011-3367, an input validation flaw.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "modified": "2018-11-28T00:00:00", "id": "FEDORA_2011-14719.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=57141", "published": "2011-12-13T00:00:00", "title": "Fedora 16 : arora-0.11.0-3.fc16 (2011-14719)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2011-14719.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(57141);\n script_version(\"1.9\");\n script_cvs_date(\"Date: 2018/11/28 22:47:43\");\n\n script_cve_id(\"CVE-2011-3367\");\n script_bugtraq_id(49925);\n script_xref(name:\"FEDORA\", value:\"2011-14719\");\n\n script_name(english:\"Fedora 16 : arora-0.11.0-3.fc16 (2011-14719)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Fixes CVE-2011-3367, an input validation flaw.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=746875\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2011-December/070892.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?913cb54b\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected arora package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:arora\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:16\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/10/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/12/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^16([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 16.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC16\", reference:\"arora-0.11.0-3.fc16\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"arora\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2019-02-21T01:23:01", "bulletinFamily": "scanner", "description": "The remote host is affected by the vulnerability described in GLSA-201412-09 (Multiple packages, Multiple vulnerabilities fixed in 2011)\n\n Vulnerabilities have been discovered in the packages listed below.\n Please review the CVE identifiers in the Reference section for details.\n FMOD Studio PEAR Mail LVM2 GnuCash xine-lib Last.fm Scrobbler WebKitGTK+ shadow tool suite PEAR unixODBC Resource Agents mrouted rsync XML Security Library xrdb Vino OProfile syslog-ng sFlow Toolkit GNOME Display Manager libsoup CA Certificates Gitolite QtCreator Racer Impact :\n\n A context-dependent attacker may be able to gain escalated privileges, execute arbitrary code, cause Denial of Service, obtain sensitive information, or otherwise bypass security restrictions.\n Workaround :\n\n There are no known workarounds at this time.", "modified": "2017-04-15T00:00:00", "id": "GENTOO_GLSA-201412-09.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=79962", "published": "2014-12-15T00:00:00", "title": "GLSA-201412-09 : Multiple packages, Multiple vulnerabilities fixed in 2011", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 201412-09.\n#\n# The advisory text is Copyright (C) 2001-2016 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(79962);\n script_version(\"$Revision: 1.5 $\");\n script_cvs_date(\"$Date: 2017/04/15 13:47:37 $\");\n\n script_cve_id(\"CVE-2007-4370\", \"CVE-2009-4023\", \"CVE-2009-4111\", \"CVE-2010-0778\", \"CVE-2010-1780\", \"CVE-2010-1782\", \"CVE-2010-1783\", \"CVE-2010-1784\", \"CVE-2010-1785\", \"CVE-2010-1786\", \"CVE-2010-1787\", \"CVE-2010-1788\", \"CVE-2010-1790\", \"CVE-2010-1791\", \"CVE-2010-1792\", \"CVE-2010-1793\", \"CVE-2010-1807\", \"CVE-2010-1812\", \"CVE-2010-1814\", \"CVE-2010-1815\", \"CVE-2010-2526\", \"CVE-2010-2901\", \"CVE-2010-3255\", \"CVE-2010-3257\", \"CVE-2010-3259\", \"CVE-2010-3362\", \"CVE-2010-3374\", \"CVE-2010-3389\", \"CVE-2010-3812\", \"CVE-2010-3813\", \"CVE-2010-3999\", \"CVE-2010-4042\", \"CVE-2010-4197\", \"CVE-2010-4198\", \"CVE-2010-4204\", \"CVE-2010-4206\", \"CVE-2010-4492\", \"CVE-2010-4493\", \"CVE-2010-4577\", \"CVE-2010-4578\", \"CVE-2011-0007\", \"CVE-2011-0465\", \"CVE-2011-0482\", \"CVE-2011-0721\", \"CVE-2011-0727\", \"CVE-2011-0904\", \"CVE-2011-0905\", \"CVE-2011-1072\", \"CVE-2011-1097\", \"CVE-2011-1144\", \"CVE-2011-1425\", \"CVE-2011-1572\", \"CVE-2011-1760\", \"CVE-2011-1951\", \"CVE-2011-2471\", \"CVE-2011-2472\", \"CVE-2011-2473\", \"CVE-2011-2524\", \"CVE-2011-3365\", \"CVE-2011-3366\", \"CVE-2011-3367\");\n script_bugtraq_id(25297, 37081, 37395, 41148, 41976, 42033, 42034, 42035, 42036, 42037, 42038, 42041, 42042, 42043, 42044, 42045, 42046, 42049, 43047, 43079, 43081, 43083, 43672, 44204, 44206, 44241, 44349, 44359, 44563, 44954, 44960, 45170, 45390, 45715, 45718, 45719, 45720, 45721, 45722, 45788, 46426, 46473, 46605, 47063, 47064, 47135, 47189, 47650, 47652, 47681, 47800, 48241, 48926, 49925);\n script_xref(name:\"GLSA\", value:\"201412-09\");\n script_xref(name:\"IAVA\", value:\"2017-A-0098\");\n\n script_name(english:\"GLSA-201412-09 : Multiple packages, Multiple vulnerabilities fixed in 2011\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-201412-09\n(Multiple packages, Multiple vulnerabilities fixed in 2011)\n\n Vulnerabilities have been discovered in the packages listed below.\n Please review the CVE identifiers in the Reference section for details.\n FMOD Studio\n PEAR Mail\n LVM2\n GnuCash\n xine-lib\n Last.fm Scrobbler\n WebKitGTK+\n shadow tool suite\n PEAR\n unixODBC\n Resource Agents\n mrouted\n rsync\n XML Security Library\n xrdb\n Vino\n OProfile\n syslog-ng\n sFlow Toolkit\n GNOME Display Manager\n libsoup\n CA Certificates\n Gitolite\n QtCreator\n Racer\n \nImpact :\n\n A context-dependent attacker may be able to gain escalated privileges,\n execute arbitrary code, cause Denial of Service, obtain sensitive\n information, or otherwise bypass security restrictions.\n \nWorkaround :\n\n There are no known workarounds at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/201412-09\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All FMOD Studio users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=media-libs/fmod-4.38.00'\n All PEAR Mail users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=dev-php/PEAR-Mail-1.2.0'\n All LVM2 users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=sys-fs/lvm2-2.02.72'\n All GnuCash users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=app-office/gnucash-2.4.4'\n All xine-lib users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=media-libs/xine-lib-1.1.19'\n All Last.fm Scrobbler users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose\n '>=media-sound/lastfmplayer-1.5.4.26862-r3'\n All WebKitGTK+ users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=net-libs/webkit-gtk-1.2.7'\n All shadow tool suite users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=sys-apps/shadow-4.1.4.3'\n All PEAR users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=dev-php/PEAR-PEAR-1.9.2-r1'\n All unixODBC users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=dev-db/unixODBC-2.3.0-r1'\n All Resource Agents users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose\n '>=sys-cluster/resource-agents-1.0.4-r1'\n All mrouted users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=net-misc/mrouted-3.9.5'\n All rsync users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=net-misc/rsync-3.0.8'\n All XML Security Library users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=dev-libs/xmlsec-1.2.17'\n All xrdb users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=x11-apps/xrdb-1.0.9'\n All Vino users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=net-misc/vino-2.32.2'\n All OProfile users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=dev-util/oprofile-0.9.6-r1'\n All syslog-ng users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=app-admin/syslog-ng-3.2.4'\n All sFlow Toolkit users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=net-analyzer/sflowtool-3.20'\n All GNOME Display Manager users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=gnome-base/gdm-3.8.4-r3'\n All libsoup users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=net-libs/libsoup-2.34.3'\n All CA Certificates users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose\n '>=app-misc/ca-certificates-20110502-r1'\n All Gitolite users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=dev-vcs/gitolite-1.5.9.1'\n All QtCreator users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=dev-util/qt-creator-2.1.0'\n Gentoo has discontinued support for Racer. We recommend that users\n unmerge Racer:\n # emerge --unmerge 'games-sports/racer-bin'\n NOTE: This is a legacy GLSA. Updates for all affected architectures have\n been available since 2012. It is likely that your system is already no\n longer affected by these issues.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Racer v0.5.3 Beta 5 Buffer Overflow');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n script_cwe_id(94);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:PEAR-Mail\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:PEAR-PEAR\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:ca-certificates\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:fmod\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:gdm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:gitolite\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:gnucash\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:lastfmplayer\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:libsoup\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:lvm2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:mrouted\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:oprofile\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:qt-creator\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:racer-bin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:resource-agents\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:rsync\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:sflowtool\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:shadow\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:syslog-ng\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:unixODBC\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:vino\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:webkit-gtk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:xine-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:xmlsec\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:xrdb\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/12/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/12/15\");\n script_set_attribute(attribute:\"stig_severity\", value:\"II\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2017 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"dev-db/unixODBC\", unaffected:make_list(\"ge 2.3.0-r1\"), vulnerable:make_list(\"lt 2.3.0-r1\"))) flag++;\nif (qpkg_check(package:\"sys-apps/shadow\", unaffected:make_list(\"ge 4.1.4.3\"), vulnerable:make_list(\"lt 4.1.4.3\"))) flag++;\nif (qpkg_check(package:\"sys-cluster/resource-agents\", unaffected:make_list(\"ge 1.0.4-r1\"), vulnerable:make_list(\"lt 1.0.4-r1\"))) flag++;\nif (qpkg_check(package:\"net-misc/rsync\", unaffected:make_list(\"ge 3.0.8\"), vulnerable:make_list(\"lt 3.0.8\"))) flag++;\nif (qpkg_check(package:\"app-office/gnucash\", unaffected:make_list(\"ge 2.4.4\"), vulnerable:make_list(\"lt 2.4.4\"))) flag++;\nif (qpkg_check(package:\"dev-util/qt-creator\", unaffected:make_list(\"ge 2.1.0\"), vulnerable:make_list(\"lt 2.1.0\"))) flag++;\nif (qpkg_check(package:\"app-misc/ca-certificates\", unaffected:make_list(\"ge 20110502-r1\"), vulnerable:make_list(\"lt 20110502-r1\"))) flag++;\nif (qpkg_check(package:\"net-libs/libsoup\", unaffected:make_list(\"ge 2.34.3\"), vulnerable:make_list(\"lt 2.34.3\"))) flag++;\nif (qpkg_check(package:\"app-admin/syslog-ng\", unaffected:make_list(\"ge 3.2.4\"), vulnerable:make_list(\"lt 3.2.4\"))) flag++;\nif (qpkg_check(package:\"gnome-base/gdm\", unaffected:make_list(\"ge 3.8.4-r3\"), vulnerable:make_list(\"lt 3.8.4-r3\"))) flag++;\nif (qpkg_check(package:\"dev-php/PEAR-PEAR\", unaffected:make_list(\"ge 1.9.2-r1\"), vulnerable:make_list(\"lt 1.9.2-r1\"))) flag++;\nif (qpkg_check(package:\"dev-php/PEAR-Mail\", unaffected:make_list(\"ge 1.2.0\"), vulnerable:make_list(\"lt 1.2.0\"))) flag++;\nif (qpkg_check(package:\"dev-util/oprofile\", unaffected:make_list(\"ge 0.9.6-r1\"), vulnerable:make_list(\"lt 0.9.6-r1\"))) flag++;\nif (qpkg_check(package:\"net-libs/webkit-gtk\", unaffected:make_list(\"ge 1.2.7\"), vulnerable:make_list(\"lt 1.2.7\"))) flag++;\nif (qpkg_check(package:\"media-sound/lastfmplayer\", unaffected:make_list(\"ge 1.5.4.26862-r3\"), vulnerable:make_list(\"lt 1.5.4.26862-r3\"))) flag++;\nif (qpkg_check(package:\"games-sports/racer-bin\", unaffected:make_list(), vulnerable:make_list(\"ge 0.5.0-r1\"))) flag++;\nif (qpkg_check(package:\"sys-fs/lvm2\", unaffected:make_list(\"ge 2.02.72\"), vulnerable:make_list(\"lt 2.02.72\"))) flag++;\nif (qpkg_check(package:\"dev-vcs/gitolite\", unaffected:make_list(\"ge 1.5.9.1\"), vulnerable:make_list(\"lt 1.5.9.1\"))) flag++;\nif (qpkg_check(package:\"net-analyzer/sflowtool\", unaffected:make_list(\"ge 3.20\"), vulnerable:make_list(\"lt 3.20\"))) flag++;\nif (qpkg_check(package:\"x11-apps/xrdb\", unaffected:make_list(\"ge 1.0.9\"), vulnerable:make_list(\"lt 1.0.9\"))) flag++;\nif (qpkg_check(package:\"media-libs/fmod\", unaffected:make_list(\"ge 4.38.00\"), vulnerable:make_list(\"lt 4.38.00\"))) flag++;\nif (qpkg_check(package:\"dev-libs/xmlsec\", unaffected:make_list(\"ge 1.2.17\"), vulnerable:make_list(\"lt 1.2.17\"))) flag++;\nif (qpkg_check(package:\"net-misc/mrouted\", unaffected:make_list(\"ge 3.9.5\"), vulnerable:make_list(\"lt 3.9.5\"))) flag++;\nif (qpkg_check(package:\"media-libs/xine-lib\", unaffected:make_list(\"ge 1.1.19\"), vulnerable:make_list(\"lt 1.1.19\"))) flag++;\nif (qpkg_check(package:\"net-misc/vino\", unaffected:make_list(\"ge 2.32.2\"), vulnerable:make_list(\"lt 2.32.2\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"dev-db/unixODBC / sys-apps/shadow / sys-cluster/resource-agents / etc\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:42", "bulletinFamily": "software", "description": "I recently discovered that various Qt applications including KSSL &#40;the KDE \r\nclass library responsible for SSL negotiation&#41;, Rekonq, Arora and Psi IM are \r\nvulnerable to UI spoofing due to their use of QLabel objects to render \r\nexternally controlled security critical information. The primary area of \r\nconcern at this time relates to the named applications SSL certificate dialogue \r\nUI however other similar dialogue boxes may also be vulnerable.\r\n\r\nAfter discussions with Nokia, KDE and the Rekonq developers the following\r\nCVEs have been assigned to this issue:\r\n\r\n* KSSL - CVE-2011-3365\r\n* Rekonq - CVE-2011-3366\r\n* Arora - CVE-2011-3367\r\n\r\nNote that no CVE has yet been assigned to Psi IM. Nokia have also\r\nupdated the QLabel class section of the Qt documentation to provide\r\nupdated security information regarding this issue.\r\n-- \r\nTim Brown\r\n&lt;mailto:timb@nth-dimension.org.uk&gt;\r\n&lt;http://www.nth-dimension.org.uk/&gt;", "modified": "2011-10-10T00:00:00", "published": "2011-10-10T00:00:00", "id": "SECURITYVULNS:DOC:27132", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:27132", "title": "Low severity flaw in various applications including KSSL, Rekonq, Arora, Psi IM", "type": "securityvulns", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-08-31T11:09:44", "bulletinFamily": "software", "description": "Using Qt QLabel class to display security critical information allows interface spoofing.", "modified": "2011-10-10T00:00:00", "published": "2011-10-10T00:00:00", "id": "SECURITYVULNS:VULN:11952", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:11952", "title": "UI spoofing in different QT applications", "type": "securityvulns", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}], "gentoo": [{"lastseen": "2016-09-06T19:46:21", "bulletinFamily": "unix", "description": "### Background\n\nFor more information on the packages listed in this GLSA, please see their homepage referenced in the ebuild. \n\n### Description\n\nVulnerabilities have been discovered in the packages listed below. Please review the CVE identifiers in the Reference section for details. \n\n * FMOD Studio\n * PEAR Mail\n * LVM2\n * GnuCash\n * xine-lib\n * Last.fm Scrobbler\n * WebKitGTK+\n * shadow tool suite\n * PEAR\n * unixODBC\n * Resource Agents\n * mrouted\n * rsync\n * XML Security Library\n * xrdb\n * Vino\n * OProfile\n * syslog-ng\n * sFlow Toolkit\n * GNOME Display Manager\n * libsoup\n * CA Certificates\n * Gitolite\n * QtCreator\n * Racer\n\n### Impact\n\nA context-dependent attacker may be able to gain escalated privileges, execute arbitrary code, cause Denial of Service, obtain sensitive information, or otherwise bypass security restrictions. \n\n### Workaround\n\nThere are no known workarounds at this time.\n\n### Resolution\n\nAll FMOD Studio users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=media-libs/fmod-4.38.00\"\n \n\nAll PEAR Mail users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev-php/PEAR-Mail-1.2.0\"\n \n\nAll LVM2 users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=sys-fs/lvm2-2.02.72\"\n \n\nAll GnuCash users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=app-office/gnucash-2.4.4\"\n \n\nAll xine-lib users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=media-libs/xine-lib-1.1.19\"\n \n\nAll Last.fm Scrobbler users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose\n \">=media-sound/lastfmplayer-1.5.4.26862-r3\"\n \n\nAll WebKitGTK+ users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=net-libs/webkit-gtk-1.2.7\"\n \n\nAll shadow tool suite users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=sys-apps/shadow-4.1.4.3\"\n \n\nAll PEAR users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev-php/PEAR-PEAR-1.9.2-r1\"\n \n\nAll unixODBC users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev-db/unixODBC-2.3.0-r1\"\n \n\nAll Resource Agents users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose\n \">=sys-cluster/resource-agents-1.0.4-r1\"\n \n\nAll mrouted users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=net-misc/mrouted-3.9.5\"\n \n\nAll rsync users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=net-misc/rsync-3.0.8\"\n \n\nAll XML Security Library users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev-libs/xmlsec-1.2.17\"\n \n\nAll xrdb users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=x11-apps/xrdb-1.0.9\"\n \n\nAll Vino users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=net-misc/vino-2.32.2\"\n \n\nAll OProfile users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev-util/oprofile-0.9.6-r1\"\n \n\nAll syslog-ng users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=app-admin/syslog-ng-3.2.4\"\n \n\nAll sFlow Toolkit users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=net-analyzer/sflowtool-3.20\"\n \n\nAll GNOME Display Manager users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=gnome-base/gdm-3.8.4-r3\"\n \n\nAll libsoup users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=net-libs/libsoup-2.34.3\"\n \n\nAll CA Certificates users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose\n \">=app-misc/ca-certificates-20110502-r1\"\n \n\nAll Gitolite users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev-vcs/gitolite-1.5.9.1\"\n \n\nAll QtCreator users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev-util/qt-creator-2.1.0\"\n \n\nGentoo has discontinued support for Racer. We recommend that users unmerge Racer: \n \n \n # emerge --unmerge \"games-sports/racer-bin\"\n \n\nNOTE: This is a legacy GLSA. Updates for all affected architectures have been available since 2012. It is likely that your system is already no longer affected by these issues.", "modified": "2014-12-11T00:00:00", "published": "2014-12-11T00:00:00", "id": "GLSA-201412-09", "href": "https://security.gentoo.org/glsa/201412-09", "type": "gentoo", "title": "Multiple packages, Multiple vulnerabilities fixed in 2011", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}