Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.FEDORA_2012-9040.NASL
HistoryJun 26, 2012 - 12:00 a.m.

Fedora 17 : lighttpd-1.4.31-1.fc17 (2012-9040)

2012-06-2600:00:00
This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
9
JSON

This update fixes CVE-2011-4362 by updating to the latest release. It also fixes problems that had been reported with previous releases, such as ssl-related crashes on startup. This update fixes some minor SSL related problems, as well as a connection stall bug. This update fixes some minor SSL related problems, as well as a connection stall bug. This update fixes some minor SSL related problems, as well as a connection stall bug.

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Fedora Security Advisory 2012-9040.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(59689);
  script_version("1.11");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/11");

  script_cve_id("CVE-2011-4362");
  script_bugtraq_id(50851);
  script_xref(name:"FEDORA", value:"2012-9040");

  script_name(english:"Fedora 17 : lighttpd-1.4.31-1.fc17 (2012-9040)");
  script_summary(english:"Checks rpm output for the updated package.");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Fedora host is missing a security update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"This update fixes CVE-2011-4362 by updating to the latest release. It
also fixes problems that had been reported with previous releases,
such as ssl-related crashes on startup. This update fixes some minor
SSL related problems, as well as a connection stall bug. This update
fixes some minor SSL related problems, as well as a connection stall
bug. This update fixes some minor SSL related problems, as well as a
connection stall bug.

Note that Tenable Network Security has extracted the preceding
description block directly from the Fedora security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.redhat.com/show_bug.cgi?id=758624"
  );
  # https://lists.fedoraproject.org/pipermail/package-announce/2012-June/082765.html
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?28c4e40a"
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Update the affected lighttpd package."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:lighttpd");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:17");

  script_set_attribute(attribute:"patch_publication_date", value:"2012/06/07");
  script_set_attribute(attribute:"plugin_publication_date", value:"2012/06/26");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Fedora Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
os_ver = os_ver[1];
if (! ereg(pattern:"^17([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 17.x", "Fedora " + os_ver);

if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);

flag = 0;
if (rpm_check(release:"FC17", reference:"lighttpd-1.4.31-1.fc17")) flag++;


if (flag)
{
  if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
  else security_warning(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "lighttpd");
}
VendorProductVersionCPE
fedoraprojectfedoralighttpdp-cpe:/a:fedoraproject:fedora:lighttpd
fedoraprojectfedora17cpe:/o:fedoraproject:fedora:17

Related

openvas 10
seebug 4
exploitpack 1
ubuntucve 1
debiancve 1
freebsd 1
fedora 2
nessus 9
securityvulns 3
cve 1
amazon 1
prion 1
exploitdb 1
osv 1
debian 2
gentoo 1
ibm 1
jvn 1
openvas
openvas
FreeBSD Ports: lighttpd
2012-02-13 00:00:00
Amazon Linux: Security Advisory (ALAS-2012-107)
2015-09-08 00:00:00
Fedora Update for lighttpd FEDORA-2012-9040
2012-08-30 00:00:00
seebug
seebug
Lighttpd Proof of Concept code for CVE-2011-4362
2012-01-02 00:00:00
Lighttpd 1.4.30 / 1.5 Denial Of Service
2011-12-27 00:00:00
lighttpd Denial of Service Vulnerability PoC
2014-07-01 00:00:00
exploitpack
exploitpack
lighttpd - Denial of Service (PoC)
2011-12-31 00:00:00
ubuntucve
ubuntucve
CVE-2011-4362
2011-12-24 00:00:00
debiancve
debiancve
CVE-2011-4362
2011-12-24 19:55:00
freebsd
freebsd
lighttpd -- remote DoS in HTTP authentication
2011-11-29 00:00:00
fedora
fedora
[SECURITY] Fedora 17 Update: lighttpd-1.4.31-1.fc17
2012-06-26 00:44:26
[SECURITY] Fedora 16 Update: lighttpd-1.4.31-1.fc16
2012-06-26 00:31:28
nessus
nessus
Amazon Linux AMI : lighttpd (ALAS-2012-107)
2013-09-04 00:00:00
lighttpd < 1.4.30 base64_decode Function Out-of-Bounds Read Error DoS
2011-12-28 00:00:00
openSUSE Security Update : lighttpd (openSUSE-2012-110)
2014-06-13 00:00:00
securityvulns
securityvulns
Lighttpd Proof of Concept code for CVE-2011-4362
2012-01-02 00:00:00
lighthttpd security vulnerabilities
2012-01-02 00:00:00
[SECURITY] [DSA 2368-1] lighttpd security update
2011-12-26 00:00:00
cve
cve
CVE-2011-4362
2011-12-24 19:55:00
amazon
amazon
Medium: lighttpd
2012-07-09 14:20:00
prion
prion
Integer overflow
2011-12-24 19:55:00
exploitdb
exploitdb
lighttpd - Denial of Service (PoC)
2011-12-31 00:00:00
osv
osv
lighttpd - several
2011-12-20 00:00:00
debian
debian
[SECURITY] [DSA 2368-1] lighttpd security update
2011-12-21 00:24:51
[SECURITY] [DSA 2381-] lighttpd security update
2011-12-21 00:02:46
gentoo
gentoo
lighttpd: Multiple vulnerabilities
2014-06-13 00:00:00
ibm
ibm
Security Bulletin: IBM System x Integrated Management Module (IMM) Lighttpd W (CVE-2011-4362, CVE-2010-0295, CVE-2008-4360, CVE-2008-4359, CVE-20084298, CVE-2008-1531)
2019-01-30 08:20:01
jvn
jvn
JVN#37417423: Multiple vulnerabilities in SolarView Compact
2021-02-19 00:00:00
JSON
Related for FEDORA_2012-9040.NASL
openvas10seebug4exploitpack1ubuntucve1debiancve1freebsd1fedora2nessus9securityvulns3cve1amazon1prion1exploitdb1osv1debian2gentoo1ibm1jvn1