{"id": "FEDORA_2013-13019.NASL", "bulletinFamily": "scanner", "title": "Fedora 18 : libzrtpcpp-2.3.4-1.fc18 / ortp-0.20.0-5.fc18 / twinkle-1.4.2-19.fc18.1 (2013-13019)", "description": "Fixes CVE-2013-2221, CVE-2013-2222, CVE-2013-2223.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "published": "2013-07-24T00:00:00", "modified": "2018-11-28T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=69025", "reporter": "Tenable", "references": ["http://www.nessus.org/u?f688b184", "https://bugzilla.redhat.com/show_bug.cgi?id=980904", "http://www.nessus.org/u?5e7a9b11", "http://www.nessus.org/u?1f4868da"], "cvelist": ["CVE-2013-2222", "CVE-2013-2223", "CVE-2013-2221"], "type": "nessus", "lastseen": "2019-02-21T01:19:47", "history": [{"bulletin": {"bulletinFamily": "scanner", "cpe": [], "cvelist": ["CVE-2013-2222", "CVE-2013-2223", "CVE-2013-2221"], "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "description": "Fixes CVE-2013-2221, CVE-2013-2222, CVE-2013-2223.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "edition": 1, "enchantments": {}, "hash": "d60ed3afe24b1a4dd1d13fd61f2428934c14c4a689fe67a4384abc0d0739be48", "hashmap": [{"hash": "6935ace1be33ac5a6e41545d86def1ac", "key": "sourceData"}, {"hash": "09d286967656c7cd10b4cbf258d0607e", "key": "description"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "06b7fe4fec870ff660dfa5140dcdd97d", "key": "published"}, {"hash": "6974dde082801f12e5205868a5915123", "key": "references"}, {"hash": "e5d275b3ebd62646b78320753699e02e", "key": "cvss"}, {"hash": "d7a5a621648695afeef0193c5c062fd6", "key": "title"}, {"hash": "a5835b9d77765fbef146e6ec8d7f77c9", "key": "pluginID"}, {"hash": "9a00910eeedb8c835c4637a953896665", "key": "modified"}, {"hash": "29cc918328a54f7edffd01918650f70e", "key": "cvelist"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "be931514784f88df80712740ad2723e7", "key": "naslFamily"}, {"hash": "5d1e1a0fab8e21d5896aaa5c6e096954", "key": "href"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=69025", "id": "FEDORA_2013-13019.NASL", "lastseen": "2016-09-26T17:26:12", "modified": "2015-10-19T00:00:00", "naslFamily": "Fedora Local Security Checks", "objectVersion": "1.2", "pluginID": "69025", "published": "2013-07-24T00:00:00", "references": ["http://www.nessus.org/u?f688b184", "https://bugzilla.redhat.com/show_bug.cgi?id=980904", "http://www.nessus.org/u?5e7a9b11", "http://www.nessus.org/u?1f4868da"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2013-13019.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(69025);\n script_version(\"$Revision: 1.7 $\");\n script_cvs_date(\"$Date: 2015/10/19 21:02:58 $\");\n\n script_cve_id(\"CVE-2013-2221\", \"CVE-2013-2222\", \"CVE-2013-2223\");\n script_bugtraq_id(60871, 60872, 60873);\n script_xref(name:\"FEDORA\", value:\"2013-13019\");\n\n script_name(english:\"Fedora 18 : libzrtpcpp-2.3.4-1.fc18 / ortp-0.20.0-5.fc18 / twinkle-1.4.2-19.fc18.1 (2013-13019)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Fixes CVE-2013-2221, CVE-2013-2222, CVE-2013-2223.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=980904\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2013-July/112415.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?1f4868da\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2013-July/112416.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?5e7a9b11\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2013-July/112417.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?f688b184\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libzrtpcpp, ortp and / or twinkle packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:libzrtpcpp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:ortp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:twinkle\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:18\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/07/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/24\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2015 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^18([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 18.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC18\", reference:\"libzrtpcpp-2.3.4-1.fc18\")) flag++;\nif (rpm_check(release:\"FC18\", reference:\"ortp-0.20.0-5.fc18\")) flag++;\nif (rpm_check(release:\"FC18\", reference:\"twinkle-1.4.2-19.fc18.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libzrtpcpp / ortp / twinkle\");\n}\n", "title": "Fedora 18 : libzrtpcpp-2.3.4-1.fc18 / ortp-0.20.0-5.fc18 / twinkle-1.4.2-19.fc18.1 (2013-13019)", "type": "nessus", "viewCount": 1}, "differentElements": ["cpe"], "edition": 1, "lastseen": "2016-09-26T17:26:12"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["cpe:/o:fedoraproject:fedora:18", "p-cpe:/a:fedoraproject:fedora:libzrtpcpp", "p-cpe:/a:fedoraproject:fedora:twinkle", "p-cpe:/a:fedoraproject:fedora:ortp"], "cvelist": ["CVE-2013-2222", "CVE-2013-2223", "CVE-2013-2221"], "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "description": "Fixes CVE-2013-2221, CVE-2013-2222, CVE-2013-2223.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 6, "enchantments": {"dependencies": {"modified": "2019-01-16T20:16:59", "references": [{"idList": ["FEDORA_2013-12479.NASL", "FREEBSD_PKG_04320E7DEA6611E2A96E60A44C524F57.NASL", "OPENSUSE-2013-804.NASL", "FEDORA_2013-13018.NASL", "GENTOO_GLSA-201309-13.NASL"], "type": "nessus"}, {"idList": ["GLSA-201309-13"], "type": "gentoo"}, {"idList": ["04320E7D-EA66-11E2-A96E-60A44C524F57"], "type": "freebsd"}, {"idList": ["CVE-2013-2222", "CVE-2013-2223", "CVE-2013-2221"], "type": "cve"}, {"idList": ["OPENVAS:866316", "OPENVAS:1361412562310866784", "OPENVAS:1361412562310866418", "OPENVAS:866367", "OPENVAS:1361412562310866242", "OPENVAS:866418", "OPENVAS:866784", "OPENVAS:866242", "OPENVAS:1361412562310866367", "OPENVAS:866342"], "type": "openvas"}]}, "score": {"value": 2.1, "vector": "NONE"}}, "hash": "5245ab40f7104c826f93ec4194ac61c55b4c54e74150b2eacd9b27a36413ea89", "hashmap": [{"hash": "1bda8aa558594b47e093d7ceac50a526", "key": "cpe"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "06b7fe4fec870ff660dfa5140dcdd97d", "key": "published"}, {"hash": "6974dde082801f12e5205868a5915123", "key": "references"}, {"hash": "58c0ed4c178615e66a752bb015171126", "key": "sourceData"}, {"hash": "e5d275b3ebd62646b78320753699e02e", "key": "cvss"}, {"hash": "d7a5a621648695afeef0193c5c062fd6", "key": "title"}, {"hash": "a5835b9d77765fbef146e6ec8d7f77c9", "key": "pluginID"}, {"hash": "460b12446c99e9f96de9e7fe92f5d167", "key": "modified"}, {"hash": "29cc918328a54f7edffd01918650f70e", "key": "cvelist"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "be931514784f88df80712740ad2723e7", "key": "naslFamily"}, {"hash": "5d1e1a0fab8e21d5896aaa5c6e096954", "key": "href"}, {"hash": "21ce56dd9c7137916229a2ec7db4d5cb", "key": "description"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=69025", "id": "FEDORA_2013-13019.NASL", "lastseen": "2019-01-16T20:16:59", "modified": "2018-11-28T00:00:00", "naslFamily": "Fedora Local Security Checks", "objectVersion": "1.3", "pluginID": "69025", "published": "2013-07-24T00:00:00", "references": ["http://www.nessus.org/u?f688b184", "https://bugzilla.redhat.com/show_bug.cgi?id=980904", "http://www.nessus.org/u?5e7a9b11", "http://www.nessus.org/u?1f4868da"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2013-13019.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(69025);\n script_version(\"1.8\");\n script_cvs_date(\"Date: 2018/11/28 22:47:44\");\n\n script_cve_id(\"CVE-2013-2221\", \"CVE-2013-2222\", \"CVE-2013-2223\");\n script_bugtraq_id(60871, 60872, 60873);\n script_xref(name:\"FEDORA\", value:\"2013-13019\");\n\n script_name(english:\"Fedora 18 : libzrtpcpp-2.3.4-1.fc18 / ortp-0.20.0-5.fc18 / twinkle-1.4.2-19.fc18.1 (2013-13019)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Fixes CVE-2013-2221, CVE-2013-2222, CVE-2013-2223.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=980904\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2013-July/112415.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?1f4868da\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2013-July/112416.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?5e7a9b11\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2013-July/112417.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?f688b184\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libzrtpcpp, ortp and / or twinkle packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:libzrtpcpp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:ortp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:twinkle\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:18\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/07/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/24\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^18([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 18.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC18\", reference:\"libzrtpcpp-2.3.4-1.fc18\")) flag++;\nif (rpm_check(release:\"FC18\", reference:\"ortp-0.20.0-5.fc18\")) flag++;\nif (rpm_check(release:\"FC18\", reference:\"twinkle-1.4.2-19.fc18.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libzrtpcpp / ortp / twinkle\");\n}\n", "title": "Fedora 18 : libzrtpcpp-2.3.4-1.fc18 / ortp-0.20.0-5.fc18 / twinkle-1.4.2-19.fc18.1 (2013-13019)", "type": "nessus", "viewCount": 1}, "differentElements": ["description"], "edition": 6, "lastseen": "2019-01-16T20:16:59"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["cpe:/o:fedoraproject:fedora:18", "p-cpe:/a:fedoraproject:fedora:libzrtpcpp", "p-cpe:/a:fedoraproject:fedora:twinkle", "p-cpe:/a:fedoraproject:fedora:ortp"], "cvelist": ["CVE-2013-2222", "CVE-2013-2223", "CVE-2013-2221"], "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "description": "Fixes CVE-2013-2221, CVE-2013-2222, CVE-2013-2223.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "edition": 2, "enchantments": {"score": {"value": 2.1, "vector": "NONE"}}, "hash": "fb2046864e7ed16cfba98f088a78f1ada76a018a19cd36fde5b58b92ae8fd302", "hashmap": [{"hash": "1bda8aa558594b47e093d7ceac50a526", "key": "cpe"}, {"hash": "6935ace1be33ac5a6e41545d86def1ac", "key": "sourceData"}, {"hash": "09d286967656c7cd10b4cbf258d0607e", "key": "description"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "06b7fe4fec870ff660dfa5140dcdd97d", "key": "published"}, {"hash": "6974dde082801f12e5205868a5915123", "key": "references"}, {"hash": "e5d275b3ebd62646b78320753699e02e", "key": "cvss"}, {"hash": "d7a5a621648695afeef0193c5c062fd6", "key": "title"}, {"hash": "a5835b9d77765fbef146e6ec8d7f77c9", "key": "pluginID"}, {"hash": "9a00910eeedb8c835c4637a953896665", "key": "modified"}, {"hash": "29cc918328a54f7edffd01918650f70e", "key": "cvelist"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "be931514784f88df80712740ad2723e7", "key": "naslFamily"}, {"hash": "5d1e1a0fab8e21d5896aaa5c6e096954", "key": "href"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=69025", "id": "FEDORA_2013-13019.NASL", "lastseen": "2017-10-29T13:43:57", "modified": "2015-10-19T00:00:00", "naslFamily": "Fedora Local Security Checks", "objectVersion": "1.3", "pluginID": "69025", "published": "2013-07-24T00:00:00", "references": ["http://www.nessus.org/u?f688b184", "https://bugzilla.redhat.com/show_bug.cgi?id=980904", "http://www.nessus.org/u?5e7a9b11", "http://www.nessus.org/u?1f4868da"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2013-13019.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(69025);\n script_version(\"$Revision: 1.7 $\");\n script_cvs_date(\"$Date: 2015/10/19 21:02:58 $\");\n\n script_cve_id(\"CVE-2013-2221\", \"CVE-2013-2222\", \"CVE-2013-2223\");\n script_bugtraq_id(60871, 60872, 60873);\n script_xref(name:\"FEDORA\", value:\"2013-13019\");\n\n script_name(english:\"Fedora 18 : libzrtpcpp-2.3.4-1.fc18 / ortp-0.20.0-5.fc18 / twinkle-1.4.2-19.fc18.1 (2013-13019)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Fixes CVE-2013-2221, CVE-2013-2222, CVE-2013-2223.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=980904\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2013-July/112415.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?1f4868da\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2013-July/112416.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?5e7a9b11\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2013-July/112417.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?f688b184\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libzrtpcpp, ortp and / or twinkle packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:libzrtpcpp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:ortp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:twinkle\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:18\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/07/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/24\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2015 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^18([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 18.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC18\", reference:\"libzrtpcpp-2.3.4-1.fc18\")) flag++;\nif (rpm_check(release:\"FC18\", reference:\"ortp-0.20.0-5.fc18\")) flag++;\nif (rpm_check(release:\"FC18\", reference:\"twinkle-1.4.2-19.fc18.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libzrtpcpp / ortp / twinkle\");\n}\n", "title": "Fedora 18 : libzrtpcpp-2.3.4-1.fc18 / ortp-0.20.0-5.fc18 / twinkle-1.4.2-19.fc18.1 (2013-13019)", "type": "nessus", "viewCount": 1}, "differentElements": ["cvss"], "edition": 2, "lastseen": "2017-10-29T13:43:57"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["cpe:/o:fedoraproject:fedora:18", "p-cpe:/a:fedoraproject:fedora:libzrtpcpp", "p-cpe:/a:fedoraproject:fedora:twinkle", "p-cpe:/a:fedoraproject:fedora:ortp"], "cvelist": ["CVE-2013-2222", "CVE-2013-2223", "CVE-2013-2221"], "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "description": "Fixes CVE-2013-2221, CVE-2013-2222, CVE-2013-2223.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "edition": 5, "enchantments": {"score": {"value": 2.1, "vector": "NONE"}}, "hash": "96c071a97053f8b89cbe10078ed894d2788817ed8daeaca18f78ca8b8dc36f3a", "hashmap": [{"hash": "1bda8aa558594b47e093d7ceac50a526", "key": "cpe"}, {"hash": "09d286967656c7cd10b4cbf258d0607e", "key": "description"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "06b7fe4fec870ff660dfa5140dcdd97d", "key": "published"}, {"hash": "6974dde082801f12e5205868a5915123", "key": "references"}, {"hash": "58c0ed4c178615e66a752bb015171126", "key": "sourceData"}, {"hash": "e5d275b3ebd62646b78320753699e02e", "key": "cvss"}, {"hash": "d7a5a621648695afeef0193c5c062fd6", "key": "title"}, {"hash": "a5835b9d77765fbef146e6ec8d7f77c9", "key": "pluginID"}, {"hash": "460b12446c99e9f96de9e7fe92f5d167", "key": "modified"}, {"hash": "29cc918328a54f7edffd01918650f70e", "key": "cvelist"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "be931514784f88df80712740ad2723e7", "key": "naslFamily"}, {"hash": "5d1e1a0fab8e21d5896aaa5c6e096954", "key": "href"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=69025", "id": "FEDORA_2013-13019.NASL", "lastseen": "2018-11-29T19:41:24", "modified": "2018-11-28T00:00:00", "naslFamily": "Fedora Local Security Checks", "objectVersion": "1.3", "pluginID": "69025", "published": "2013-07-24T00:00:00", "references": ["http://www.nessus.org/u?f688b184", "https://bugzilla.redhat.com/show_bug.cgi?id=980904", "http://www.nessus.org/u?5e7a9b11", "http://www.nessus.org/u?1f4868da"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2013-13019.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(69025);\n script_version(\"1.8\");\n script_cvs_date(\"Date: 2018/11/28 22:47:44\");\n\n script_cve_id(\"CVE-2013-2221\", \"CVE-2013-2222\", \"CVE-2013-2223\");\n script_bugtraq_id(60871, 60872, 60873);\n script_xref(name:\"FEDORA\", value:\"2013-13019\");\n\n script_name(english:\"Fedora 18 : libzrtpcpp-2.3.4-1.fc18 / ortp-0.20.0-5.fc18 / twinkle-1.4.2-19.fc18.1 (2013-13019)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Fixes CVE-2013-2221, CVE-2013-2222, CVE-2013-2223.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=980904\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2013-July/112415.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?1f4868da\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2013-July/112416.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?5e7a9b11\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2013-July/112417.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?f688b184\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libzrtpcpp, ortp and / or twinkle packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:libzrtpcpp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:ortp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:twinkle\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:18\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/07/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/24\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^18([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 18.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC18\", reference:\"libzrtpcpp-2.3.4-1.fc18\")) flag++;\nif (rpm_check(release:\"FC18\", reference:\"ortp-0.20.0-5.fc18\")) flag++;\nif (rpm_check(release:\"FC18\", reference:\"twinkle-1.4.2-19.fc18.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libzrtpcpp / ortp / twinkle\");\n}\n", "title": "Fedora 18 : libzrtpcpp-2.3.4-1.fc18 / ortp-0.20.0-5.fc18 / twinkle-1.4.2-19.fc18.1 (2013-13019)", "type": "nessus", "viewCount": 1}, "differentElements": ["description"], "edition": 5, "lastseen": "2018-11-29T19:41:24"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["cpe:/o:fedoraproject:fedora:18", "p-cpe:/a:fedoraproject:fedora:libzrtpcpp", "p-cpe:/a:fedoraproject:fedora:twinkle", "p-cpe:/a:fedoraproject:fedora:ortp"], "cvelist": ["CVE-2013-2222", "CVE-2013-2223", "CVE-2013-2221"], "cvss": {"score": 0.0, "vector": "NONE"}, "description": "Fixes CVE-2013-2221, CVE-2013-2222, CVE-2013-2223.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "edition": 3, "enchantments": {"score": {"value": 2.1, "vector": "NONE"}}, "hash": "13d807ad4546e070651a12c23c0eeed6f573b0ea03f47d94d85f52d972a70100", "hashmap": [{"hash": "1bda8aa558594b47e093d7ceac50a526", "key": "cpe"}, {"hash": "6935ace1be33ac5a6e41545d86def1ac", "key": "sourceData"}, {"hash": "09d286967656c7cd10b4cbf258d0607e", "key": "description"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "06b7fe4fec870ff660dfa5140dcdd97d", "key": "published"}, {"hash": "6974dde082801f12e5205868a5915123", "key": "references"}, {"hash": "d7a5a621648695afeef0193c5c062fd6", "key": "title"}, {"hash": "a5835b9d77765fbef146e6ec8d7f77c9", "key": "pluginID"}, {"hash": "9a00910eeedb8c835c4637a953896665", "key": "modified"}, {"hash": "29cc918328a54f7edffd01918650f70e", "key": "cvelist"}, {"hash": "8cd4821cb504d25572038ed182587d85", "key": "cvss"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "be931514784f88df80712740ad2723e7", "key": "naslFamily"}, {"hash": "5d1e1a0fab8e21d5896aaa5c6e096954", "key": "href"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=69025", "id": "FEDORA_2013-13019.NASL", "lastseen": "2018-08-30T19:54:33", "modified": "2015-10-19T00:00:00", "naslFamily": "Fedora Local Security Checks", "objectVersion": "1.3", "pluginID": "69025", "published": "2013-07-24T00:00:00", "references": ["http://www.nessus.org/u?f688b184", "https://bugzilla.redhat.com/show_bug.cgi?id=980904", "http://www.nessus.org/u?5e7a9b11", "http://www.nessus.org/u?1f4868da"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2013-13019.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(69025);\n script_version(\"$Revision: 1.7 $\");\n script_cvs_date(\"$Date: 2015/10/19 21:02:58 $\");\n\n script_cve_id(\"CVE-2013-2221\", \"CVE-2013-2222\", \"CVE-2013-2223\");\n script_bugtraq_id(60871, 60872, 60873);\n script_xref(name:\"FEDORA\", value:\"2013-13019\");\n\n script_name(english:\"Fedora 18 : libzrtpcpp-2.3.4-1.fc18 / ortp-0.20.0-5.fc18 / twinkle-1.4.2-19.fc18.1 (2013-13019)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Fixes CVE-2013-2221, CVE-2013-2222, CVE-2013-2223.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=980904\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2013-July/112415.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?1f4868da\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2013-July/112416.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?5e7a9b11\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2013-July/112417.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?f688b184\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libzrtpcpp, ortp and / or twinkle packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:libzrtpcpp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:ortp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:twinkle\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:18\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/07/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/24\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2015 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^18([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 18.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC18\", reference:\"libzrtpcpp-2.3.4-1.fc18\")) flag++;\nif (rpm_check(release:\"FC18\", reference:\"ortp-0.20.0-5.fc18\")) flag++;\nif (rpm_check(release:\"FC18\", reference:\"twinkle-1.4.2-19.fc18.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libzrtpcpp / ortp / twinkle\");\n}\n", "title": "Fedora 18 : libzrtpcpp-2.3.4-1.fc18 / ortp-0.20.0-5.fc18 / twinkle-1.4.2-19.fc18.1 (2013-13019)", "type": "nessus", "viewCount": 1}, "differentElements": ["cvss"], "edition": 3, "lastseen": "2018-08-30T19:54:33"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["cpe:/o:fedoraproject:fedora:18", "p-cpe:/a:fedoraproject:fedora:libzrtpcpp", "p-cpe:/a:fedoraproject:fedora:twinkle", "p-cpe:/a:fedoraproject:fedora:ortp"], "cvelist": ["CVE-2013-2222", "CVE-2013-2223", "CVE-2013-2221"], "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "description": "Fixes CVE-2013-2221, CVE-2013-2222, CVE-2013-2223.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "edition": 4, "enchantments": {"score": {"value": 2.1, "vector": "NONE"}}, "hash": "fb2046864e7ed16cfba98f088a78f1ada76a018a19cd36fde5b58b92ae8fd302", "hashmap": [{"hash": "1bda8aa558594b47e093d7ceac50a526", "key": "cpe"}, {"hash": "6935ace1be33ac5a6e41545d86def1ac", "key": "sourceData"}, {"hash": "09d286967656c7cd10b4cbf258d0607e", "key": "description"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "06b7fe4fec870ff660dfa5140dcdd97d", "key": "published"}, {"hash": "6974dde082801f12e5205868a5915123", "key": "references"}, {"hash": "e5d275b3ebd62646b78320753699e02e", "key": "cvss"}, {"hash": "d7a5a621648695afeef0193c5c062fd6", "key": "title"}, {"hash": "a5835b9d77765fbef146e6ec8d7f77c9", "key": "pluginID"}, {"hash": "9a00910eeedb8c835c4637a953896665", "key": "modified"}, {"hash": "29cc918328a54f7edffd01918650f70e", "key": "cvelist"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "be931514784f88df80712740ad2723e7", "key": "naslFamily"}, {"hash": "5d1e1a0fab8e21d5896aaa5c6e096954", "key": "href"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=69025", "id": "FEDORA_2013-13019.NASL", "lastseen": "2018-09-02T00:04:49", "modified": "2015-10-19T00:00:00", "naslFamily": "Fedora Local Security Checks", "objectVersion": "1.3", "pluginID": "69025", "published": "2013-07-24T00:00:00", "references": ["http://www.nessus.org/u?f688b184", "https://bugzilla.redhat.com/show_bug.cgi?id=980904", "http://www.nessus.org/u?5e7a9b11", "http://www.nessus.org/u?1f4868da"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2013-13019.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(69025);\n script_version(\"$Revision: 1.7 $\");\n script_cvs_date(\"$Date: 2015/10/19 21:02:58 $\");\n\n script_cve_id(\"CVE-2013-2221\", \"CVE-2013-2222\", \"CVE-2013-2223\");\n script_bugtraq_id(60871, 60872, 60873);\n script_xref(name:\"FEDORA\", value:\"2013-13019\");\n\n script_name(english:\"Fedora 18 : libzrtpcpp-2.3.4-1.fc18 / ortp-0.20.0-5.fc18 / twinkle-1.4.2-19.fc18.1 (2013-13019)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Fixes CVE-2013-2221, CVE-2013-2222, CVE-2013-2223.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=980904\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2013-July/112415.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?1f4868da\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2013-July/112416.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?5e7a9b11\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2013-July/112417.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?f688b184\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libzrtpcpp, ortp and / or twinkle packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:libzrtpcpp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:ortp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:twinkle\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:18\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/07/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/24\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2015 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^18([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 18.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC18\", reference:\"libzrtpcpp-2.3.4-1.fc18\")) flag++;\nif (rpm_check(release:\"FC18\", reference:\"ortp-0.20.0-5.fc18\")) flag++;\nif (rpm_check(release:\"FC18\", reference:\"twinkle-1.4.2-19.fc18.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libzrtpcpp / ortp / twinkle\");\n}\n", "title": "Fedora 18 : libzrtpcpp-2.3.4-1.fc18 / ortp-0.20.0-5.fc18 / twinkle-1.4.2-19.fc18.1 (2013-13019)", "type": "nessus", "viewCount": 1}, "differentElements": ["modified", "sourceData"], "edition": 4, "lastseen": "2018-09-02T00:04:49"}], "edition": 7, "hashmap": [{"key": "bulletinFamily", "hash": "bbdaea376f500d25f6b0c1050311dd07"}, {"key": "cpe", "hash": "1bda8aa558594b47e093d7ceac50a526"}, {"key": "cvelist", "hash": "29cc918328a54f7edffd01918650f70e"}, {"key": "cvss", "hash": "e5d275b3ebd62646b78320753699e02e"}, {"key": "description", "hash": "09d286967656c7cd10b4cbf258d0607e"}, {"key": "href", "hash": "5d1e1a0fab8e21d5896aaa5c6e096954"}, {"key": "modified", "hash": "460b12446c99e9f96de9e7fe92f5d167"}, {"key": "naslFamily", "hash": "be931514784f88df80712740ad2723e7"}, {"key": "pluginID", "hash": "a5835b9d77765fbef146e6ec8d7f77c9"}, {"key": "published", "hash": "06b7fe4fec870ff660dfa5140dcdd97d"}, {"key": "references", "hash": "6974dde082801f12e5205868a5915123"}, {"key": "reporter", "hash": "9cf00d658b687f030ebe173a0528c567"}, {"key": "sourceData", "hash": "58c0ed4c178615e66a752bb015171126"}, {"key": "title", "hash": "d7a5a621648695afeef0193c5c062fd6"}, {"key": "type", "hash": "5e0bd03bec244039678f2b955a2595aa"}], "hash": "96c071a97053f8b89cbe10078ed894d2788817ed8daeaca18f78ca8b8dc36f3a", "viewCount": 1, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2013-2223", "CVE-2013-2221", "CVE-2013-2222"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310866298", "OPENVAS:866242", "OPENVAS:866784", "OPENVAS:866367", "OPENVAS:866298", "OPENVAS:1361412562310121027", "OPENVAS:866342", "OPENVAS:1361412562310866316", "OPENVAS:866418", "OPENVAS:1361412562310866242"]}, {"type": "freebsd", "idList": ["04320E7D-EA66-11E2-A96E-60A44C524F57"]}, {"type": "nessus", "idList": ["OPENSUSE-2013-804.NASL", "FEDORA_2013-13018.NASL", "FREEBSD_PKG_04320E7DEA6611E2A96E60A44C524F57.NASL", "FEDORA_2013-12479.NASL", "GENTOO_GLSA-201309-13.NASL"]}, {"type": "gentoo", "idList": ["GLSA-201309-13"]}], "modified": "2019-02-21T01:19:47"}, "score": {"value": 5.8, "vector": "NONE", "modified": "2019-02-21T01:19:47"}, "vulnersScore": 5.8}, "objectVersion": "1.3", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2013-13019.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(69025);\n script_version(\"1.8\");\n script_cvs_date(\"Date: 2018/11/28 22:47:44\");\n\n script_cve_id(\"CVE-2013-2221\", \"CVE-2013-2222\", \"CVE-2013-2223\");\n script_bugtraq_id(60871, 60872, 60873);\n script_xref(name:\"FEDORA\", value:\"2013-13019\");\n\n script_name(english:\"Fedora 18 : libzrtpcpp-2.3.4-1.fc18 / ortp-0.20.0-5.fc18 / twinkle-1.4.2-19.fc18.1 (2013-13019)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Fixes CVE-2013-2221, CVE-2013-2222, CVE-2013-2223.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=980904\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2013-July/112415.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?1f4868da\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2013-July/112416.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?5e7a9b11\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2013-July/112417.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?f688b184\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libzrtpcpp, ortp and / or twinkle packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:libzrtpcpp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:ortp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:twinkle\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:18\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/07/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/24\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^18([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 18.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC18\", reference:\"libzrtpcpp-2.3.4-1.fc18\")) flag++;\nif (rpm_check(release:\"FC18\", reference:\"ortp-0.20.0-5.fc18\")) flag++;\nif (rpm_check(release:\"FC18\", reference:\"twinkle-1.4.2-19.fc18.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libzrtpcpp / ortp / twinkle\");\n}\n", "naslFamily": "Fedora Local Security Checks", "pluginID": "69025", "cpe": ["cpe:/o:fedoraproject:fedora:18", "p-cpe:/a:fedoraproject:fedora:libzrtpcpp", "p-cpe:/a:fedoraproject:fedora:twinkle", "p-cpe:/a:fedoraproject:fedora:ortp"], "scheme": null}

{"cve": [{"lastseen": "2019-05-29T18:13:02", "bulletinFamily": "NVD", "description": "GNU ZRTPCPP before 3.2.0 allows remote attackers to obtain sensitive information (uninitialized heap memory) or cause a denial of service (out-of-bounds read) via a crafted packet, as demonstrated by a truncated Ping packet that is not properly handled by the getEpHash function.", "modified": "2018-01-09T02:29:00", "id": "CVE-2013-2223", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2223", "published": "2013-10-04T17:55:00", "title": "CVE-2013-2223", "type": "cve", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2019-05-29T18:13:02", "bulletinFamily": "NVD", "description": "Multiple stack-based buffer overflows in GNU ZRTPCPP before 3.2.0 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted ZRTP Hello packet to the (1) ZRtp::findBestSASType, (2) ZRtp::findBestAuthLen, (3) ZRtp::findBestCipher, (4) ZRtp::findBestHash, or (5) ZRtp::findBestPubKey functions.", "modified": "2018-01-09T02:29:00", "id": "CVE-2013-2222", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2222", "published": "2013-10-04T17:55:00", "title": "CVE-2013-2222", "type": "cve", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:13:02", "bulletinFamily": "NVD", "description": "Heap-based buffer overflow in the ZRtp::storeMsgTemp function in GNU ZRTPCPP before 3.2.0 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large packet.", "modified": "2018-01-09T02:29:00", "id": "CVE-2013-2221", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2221", "published": "2013-10-04T17:55:00", "title": "CVE-2013-2221", "type": "cve", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "nessus": [{"lastseen": "2018-11-13T16:54:31", "bulletinFamily": "scanner", "description": "libzrtpcpp was updated to fix multiple security issues.", "modified": "2018-11-10T00:00:00", "published": "2014-06-13T00:00:00", "id": "OPENSUSE-2013-804.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=75177", "title": "openSUSE Security Update : libzrtpcpp (openSUSE-SU-2013:1599-1)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2013-804.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(75177);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2018/11/10 11:50:01\");\n\n script_cve_id(\"CVE-2013-2221\", \"CVE-2013-2222\", \"CVE-2013-2223\");\n script_bugtraq_id(60871, 60872, 60873);\n\n script_name(english:\"openSUSE Security Update : libzrtpcpp (openSUSE-SU-2013:1599-1)\");\n script_summary(english:\"Check for the openSUSE-2013-804 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\"libzrtpcpp was updated to fix multiple security issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=828028\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2013-10/msg00052.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libzrtpcpp packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libzrtpcpp-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libzrtpcpp-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libzrtpcpp2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libzrtpcpp2-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:12.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:12.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/10/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE12\\.2|SUSE12\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"12.2 / 12.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE12.2\", reference:\"libzrtpcpp-debugsource-2.0.0-6.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"libzrtpcpp-devel-2.0.0-6.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"libzrtpcpp2-2.0.0-6.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"libzrtpcpp2-debuginfo-2.0.0-6.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"libzrtpcpp-debugsource-2.0.0-8.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"libzrtpcpp-devel-2.0.0-8.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"libzrtpcpp2-2.0.0-8.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"libzrtpcpp2-debuginfo-2.0.0-8.4.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libzrtpcpp\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-02-21T01:20:04", "bulletinFamily": "scanner", "description": "The remote host is affected by the vulnerability described in GLSA-201309-13 (GNU ZRTP: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in GNU ZRTP. Please review the CVE identifiers referenced below for details.\n Impact :\n\n A remote attacker could possibly execute arbitrary code with the privileges of the process, cause a Denial of Service condition, or obtain sensitive information.\n Workaround :\n\n There is no known workaround at this time.", "modified": "2018-07-11T00:00:00", "id": "GENTOO_GLSA-201309-13.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=70109", "published": "2013-09-25T00:00:00", "title": "GLSA-201309-13 : GNU ZRTP: Multiple vulnerabilities", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 201309-13.\n#\n# The advisory text is Copyright (C) 2001-2015 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(70109);\n script_version(\"1.8\");\n script_cvs_date(\"Date: 2018/07/11 17:09:26\");\n\n script_cve_id(\"CVE-2013-2221\", \"CVE-2013-2222\", \"CVE-2013-2223\");\n script_bugtraq_id(60871, 60872, 60873);\n script_xref(name:\"GLSA\", value:\"201309-13\");\n\n script_name(english:\"GLSA-201309-13 : GNU ZRTP: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-201309-13\n(GNU ZRTP: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in GNU ZRTP. Please review\n the CVE identifiers referenced below for details.\n \nImpact :\n\n A remote attacker could possibly execute arbitrary code with the\n privileges of the process, cause a Denial of Service condition, or obtain\n sensitive information.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/201309-13\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All GNU ZRTP users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=net-libs/libzrtpcpp-2.3.4'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:libzrtpcpp\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/09/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/09/25\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"net-libs/libzrtpcpp\", unaffected:make_list(\"ge 2.3.4\"), vulnerable:make_list(\"lt 2.3.4\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"GNU ZRTP\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-02-21T01:19:44", "bulletinFamily": "scanner", "description": "Update to new upstream 2.3.4 to fix several security issues.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "modified": "2018-11-28T00:00:00", "id": "FEDORA_2013-12479.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=68893", "published": "2013-07-16T00:00:00", "title": "Fedora 19 : libzrtpcpp-2.3.4-1.fc19 (2013-12479)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2013-12479.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(68893);\n script_version(\"1.7\");\n script_cvs_date(\"Date: 2018/11/28 22:47:44\");\n\n script_cve_id(\"CVE-2013-2221\", \"CVE-2013-2222\", \"CVE-2013-2223\");\n script_bugtraq_id(60871, 60872, 60873);\n script_xref(name:\"FEDORA\", value:\"2013-12479\");\n\n script_name(english:\"Fedora 19 : libzrtpcpp-2.3.4-1.fc19 (2013-12479)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Update to new upstream 2.3.4 to fix several security issues.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=980894\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=980895\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=980896\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2013-July/111709.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?dc1fb1f9\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libzrtpcpp package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:libzrtpcpp\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:19\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/07/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/16\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^19([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 19.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC19\", reference:\"libzrtpcpp-2.3.4-1.fc19\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libzrtpcpp\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-02-21T01:19:10", "bulletinFamily": "scanner", "description": "Mark Dowd reports :\n\nVulnerability 1. Remote Heap Overflow: If an attacker sends a packet larger than 1024 bytes that gets stored temporarily (which occurs many times - such as when sending a ZRTP Hello packet), a heap overflow will occur, leading to potential arbitrary code execution on the vulnerable host.\n\nVulnerability 2. Multiple Stack Overflows: ZRTPCPP contains multiple stack overflows that arise when preparing a response to a client's ZRTP Hello packet.\n\nVulnerability 3. Information Leaking / Out of Bounds Reads : The ZRTPCPP library performs very little validation regarding the expected size of a packet versus the actual amount of data received. This can lead to both information leaking and out of bounds data reads (usually resulting in a crash). Information leaking can be performed for example by sending a malformed ZRTP Ping packet.", "modified": "2018-11-10T00:00:00", "id": "FREEBSD_PKG_04320E7DEA6611E2A96E60A44C524F57.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=67249", "published": "2013-07-12T00:00:00", "title": "FreeBSD : libzrtpcpp -- multiple security vulnerabilities (04320e7d-ea66-11e2-a96e-60a44c524f57)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(67249);\n script_version(\"1.4\");\n script_cvs_date(\"Date: 2018/11/10 11:49:43\");\n\n script_cve_id(\"CVE-2013-2221\", \"CVE-2013-2222\", \"CVE-2013-2223\");\n\n script_name(english:\"FreeBSD : libzrtpcpp -- multiple security vulnerabilities (04320e7d-ea66-11e2-a96e-60a44c524f57)\");\n script_summary(english:\"Checks for updated package in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote FreeBSD host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Mark Dowd reports :\n\nVulnerability 1. Remote Heap Overflow: If an attacker sends a packet\nlarger than 1024 bytes that gets stored temporarily (which occurs many\ntimes - such as when sending a ZRTP Hello packet), a heap overflow\nwill occur, leading to potential arbitrary code execution on the\nvulnerable host.\n\nVulnerability 2. Multiple Stack Overflows: ZRTPCPP contains multiple\nstack overflows that arise when preparing a response to a client's\nZRTP Hello packet.\n\nVulnerability 3. Information Leaking / Out of Bounds Reads : The\nZRTPCPP library performs very little validation regarding the expected\nsize of a packet versus the actual amount of data received. This can\nlead to both information leaking and out of bounds data reads (usually\nresulting in a crash). Information leaking can be performed for\nexample by sending a malformed ZRTP Ping packet.\"\n );\n # https://vuxml.freebsd.org/freebsd/04320e7d-ea66-11e2-a96e-60a44c524f57.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?8362a20c\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:libzrtpcpp\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2013/06/27\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/07/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"libzrtpcpp<2.3.4\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-02-21T01:19:47", "bulletinFamily": "scanner", "description": "Fixes CVE-2013-2221, CVE-2013-2222, CVE-2013-2223.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "modified": "2018-11-28T00:00:00", "id": "FEDORA_2013-13018.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=69024", "published": "2013-07-24T00:00:00", "title": "Fedora 17 : libzrtpcpp-2.3.4-1.fc17 / ortp-0.20.0-5.fc17 / twinkle-1.4.2-19.fc17.1 (2013-13018)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2013-13018.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(69024);\n script_version(\"1.9\");\n script_cvs_date(\"Date: 2018/11/28 22:47:44\");\n\n script_cve_id(\"CVE-2013-2221\", \"CVE-2013-2222\", \"CVE-2013-2223\");\n script_bugtraq_id(60871, 60872, 60873);\n script_xref(name:\"FEDORA\", value:\"2013-13018\");\n\n script_name(english:\"Fedora 17 : libzrtpcpp-2.3.4-1.fc17 / ortp-0.20.0-5.fc17 / twinkle-1.4.2-19.fc17.1 (2013-13018)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Fixes CVE-2013-2221, CVE-2013-2222, CVE-2013-2223.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=980904\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2013-July/112434.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?57c277f1\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2013-July/112435.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?4bb88671\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2013-July/112436.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?54fc505d\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libzrtpcpp, ortp and / or twinkle packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:libzrtpcpp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:ortp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:twinkle\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:17\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/07/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/24\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^17([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 17.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC17\", reference:\"libzrtpcpp-2.3.4-1.fc17\")) flag++;\nif (rpm_check(release:\"FC17\", reference:\"ortp-0.20.0-5.fc17\")) flag++;\nif (rpm_check(release:\"FC17\", reference:\"twinkle-1.4.2-19.fc17.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libzrtpcpp / ortp / twinkle\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "freebsd": [{"lastseen": "2019-05-29T18:33:35", "bulletinFamily": "unix", "description": "\nMark Dowd reports:\n\nVulnerability 1. Remote Heap Overflow: If an attacker sends a\n\t packet larger than 1024 bytes that gets stored temporarily (which\n\t occurs many times - such as when sending a ZRTP Hello packet), a\n\t heap overflow will occur, leading to potential arbitrary code\n\t execution on the vulnerable host.\nVulnerability 2. Multiple Stack Overflows: ZRTPCPP contains\n\t multiple stack overflows that arise when preparing a response\n\t to a client's ZRTP Hello packet.\nVulnerability 3. Information Leaking / Out of Bounds Reads:\n\t The ZRTPCPP library performs very little validation regarding the\n\t expected size of a packet versus the actual amount of data\n\t received. This can lead to both information leaking and out\n\t of bounds data reads (usually resulting in a crash).\n\t Information leaking can be performed for example by sending\n\t a malformed ZRTP Ping packet.\n\n", "modified": "2013-06-27T00:00:00", "published": "2013-06-27T00:00:00", "id": "04320E7D-EA66-11E2-A96E-60A44C524F57", "href": "https://vuxml.freebsd.org/freebsd/04320e7d-ea66-11e2-a96e-60a44c524f57.html", "title": "libzrtpcpp -- multiple security vulnerabilities", "type": "freebsd", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "openvas": [{"lastseen": "2018-01-24T11:09:23", "bulletinFamily": "scanner", "description": "Check for the Version of twinkle", "modified": "2018-01-24T00:00:00", "published": "2013-08-01T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=866242", "id": "OPENVAS:866242", "title": "Fedora Update for twinkle FEDORA-2013-13019", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for twinkle FEDORA-2013-13019\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\nif(description)\n{\n script_id(866242);\n script_version(\"$Revision: 8509 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-24 07:57:46 +0100 (Wed, 24 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2013-08-01 18:35:12 +0530 (Thu, 01 Aug 2013)\");\n script_cve_id(\"CVE-2013-2221\", \"CVE-2013-2222\", \"CVE-2013-2223\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Fedora Update for twinkle FEDORA-2013-13019\");\n\n tag_insight = \"Twinkle is a SIP based soft phone for making telephone calls over IP networks.\n\";\n\n tag_affected = \"twinkle on Fedora 18\";\n\n tag_solution = \"Please Install the Updated Packages.\";\n\n\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name: \"FEDORA\", value: \"2013-13019\");\n script_xref(name: \"URL\" , value: \"https://lists.fedoraproject.org/pipermail/package-announce/2013-July/112415.html\");\n script_tag(name: \"summary\" , value: \"Check for the Version of twinkle\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC18\")\n{\n\n if ((res = isrpmvuln(pkg:\"twinkle\", rpm:\"twinkle~1.4.2~19.fc18.1\", rls:\"FC18\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-01-26T11:10:12", "bulletinFamily": "scanner", "description": "Check for the Version of libzrtpcpp", "modified": "2018-01-25T00:00:00", "published": "2013-08-20T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=866784", "id": "OPENVAS:866784", "title": "Fedora Update for libzrtpcpp FEDORA-2013-12479", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for libzrtpcpp FEDORA-2013-12479\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\nif(description)\n{\n script_id(866784);\n script_version(\"$Revision: 8526 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-25 07:57:37 +0100 (Thu, 25 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2013-08-20 15:27:11 +0530 (Tue, 20 Aug 2013)\");\n script_cve_id(\"CVE-2013-2221\", \"CVE-2013-2222\", \"CVE-2013-2223\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Fedora Update for libzrtpcpp FEDORA-2013-12479\");\n\n tag_insight = \"This package provides a library that adds ZRTP support to the GNU\nccRTP stack. Phil Zimmermann developed ZRTP to allow ad-hoc, easy to\nuse key negotiation to setup Secure RTP (SRTP) sessions. GNU ZRTP\ntogether with GNU ccRTP (1.5.0 or later) provides a ZRTP\nimplementation that can be directly embedded into client and server\napplications.\n\";\n\n tag_affected = \"libzrtpcpp on Fedora 19\";\n\n tag_solution = \"Please Install the Updated Packages.\";\n\n\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name: \"FEDORA\", value: \"2013-12479\");\n script_xref(name: \"URL\" , value: \"https://lists.fedoraproject.org/pipermail/package-announce/2013-July/111709.html\");\n script_tag(name: \"summary\" , value: \"Check for the Version of libzrtpcpp\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC19\")\n{\n\n if ((res = isrpmvuln(pkg:\"libzrtpcpp\", rpm:\"libzrtpcpp~2.3.4~1.fc19\", rls:\"FC19\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-01-18T11:09:24", "bulletinFamily": "scanner", "description": "Check for the Version of ortp", "modified": "2018-01-18T00:00:00", "published": "2013-08-01T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=866367", "id": "OPENVAS:866367", "title": "Fedora Update for ortp FEDORA-2013-13019", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for ortp FEDORA-2013-13019\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\nif(description)\n{\n script_id(866367);\n script_version(\"$Revision: 8456 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-18 07:58:40 +0100 (Thu, 18 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2013-08-01 18:39:14 +0530 (Thu, 01 Aug 2013)\");\n script_cve_id(\"CVE-2013-2221\", \"CVE-2013-2222\", \"CVE-2013-2223\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Fedora Update for ortp FEDORA-2013-13019\");\n\n tag_insight = \"oRTP is a C library that implements RTP (RFC3550).\n\";\n\n tag_affected = \"ortp on Fedora 18\";\n\n tag_solution = \"Please Install the Updated Packages.\";\n\n\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name: \"FEDORA\", value: \"2013-13019\");\n script_xref(name: \"URL\" , value: \"https://lists.fedoraproject.org/pipermail/package-announce/2013-July/112417.html\");\n script_tag(name: \"summary\" , value: \"Check for the Version of ortp\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC18\")\n{\n\n if ((res = isrpmvuln(pkg:\"ortp\", rpm:\"ortp~0.20.0~5.fc18\", rls:\"FC18\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:38:28", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2013-08-01T00:00:00", "id": "OPENVAS:1361412562310866298", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310866298", "title": "Fedora Update for libzrtpcpp FEDORA-2013-13019", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for libzrtpcpp FEDORA-2013-13019\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.866298\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2013-08-01 18:36:59 +0530 (Thu, 01 Aug 2013)\");\n script_cve_id(\"CVE-2013-2221\", \"CVE-2013-2222\", \"CVE-2013-2223\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Fedora Update for libzrtpcpp FEDORA-2013-13019\");\n\n\n script_tag(name:\"affected\", value:\"libzrtpcpp on Fedora 18\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"FEDORA\", value:\"2013-13019\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2013-July/112416.html\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'libzrtpcpp'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC18\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC18\")\n{\n\n if ((res = isrpmvuln(pkg:\"libzrtpcpp\", rpm:\"libzrtpcpp~2.3.4~1.fc18\", rls:\"FC18\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2018-01-22T13:10:19", "bulletinFamily": "scanner", "description": "Check for the Version of libzrtpcpp", "modified": "2018-01-22T00:00:00", "published": "2013-08-01T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=866418", "id": "OPENVAS:866418", "title": "Fedora Update for libzrtpcpp FEDORA-2013-13018", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for libzrtpcpp FEDORA-2013-13018\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\nif(description)\n{\n script_id(866418);\n script_version(\"$Revision: 8483 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-22 07:58:04 +0100 (Mon, 22 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2013-08-01 18:40:48 +0530 (Thu, 01 Aug 2013)\");\n script_cve_id(\"CVE-2013-2221\", \"CVE-2013-2222\", \"CVE-2013-2223\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Fedora Update for libzrtpcpp FEDORA-2013-13018\");\n\n tag_insight = \"This package provides a library that adds ZRTP support to the GNU\nccRTP stack. Phil Zimmermann developed ZRTP to allow ad-hoc, easy to\nuse key negotiation to setup Secure RTP (SRTP) sessions. GNU ZRTP\ntogether with GNU ccRTP (1.5.0 or later) provides a ZRTP\nimplementation that can be directly embedded into client and server\napplications.\n\";\n\n tag_affected = \"libzrtpcpp on Fedora 17\";\n\n tag_solution = \"Please Install the Updated Packages.\";\n\n\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name: \"FEDORA\", value: \"2013-13018\");\n script_xref(name: \"URL\" , value: \"https://lists.fedoraproject.org/pipermail/package-announce/2013-July/112435.html\");\n script_tag(name: \"summary\" , value: \"Check for the Version of libzrtpcpp\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC17\")\n{\n\n if ((res = isrpmvuln(pkg:\"libzrtpcpp\", rpm:\"libzrtpcpp~2.3.4~1.fc17\", rls:\"FC17\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-02-06T13:10:14", "bulletinFamily": "scanner", "description": "Check for the Version of twinkle", "modified": "2018-02-05T00:00:00", "published": "2013-08-01T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=866316", "id": "OPENVAS:866316", "title": "Fedora Update for twinkle FEDORA-2013-13018", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for twinkle FEDORA-2013-13018\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\nif(description)\n{\n script_id(866316);\n script_version(\"$Revision: 8672 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-02-05 17:39:18 +0100 (Mon, 05 Feb 2018) $\");\n script_tag(name:\"creation_date\", value:\"2013-08-01 18:37:46 +0530 (Thu, 01 Aug 2013)\");\n script_cve_id(\"CVE-2013-2221\", \"CVE-2013-2222\", \"CVE-2013-2223\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Fedora Update for twinkle FEDORA-2013-13018\");\n\n tag_insight = \"Twinkle is a SIP based soft phone for making telephone calls\nover IP networks.\n\";\n\n tag_affected = \"twinkle on Fedora 17\";\n\n tag_solution = \"Please Install the Updated Packages.\";\n\n\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name: \"FEDORA\", value: \"2013-13018\");\n script_xref(name: \"URL\" , value: \"https://lists.fedoraproject.org/pipermail/package-announce/2013-July/112436.html\");\n script_tag(name: \"summary\" , value: \"Check for the Version of twinkle\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC17\")\n{\n\n if ((res = isrpmvuln(pkg:\"twinkle\", rpm:\"twinkle~1.4.2~19.fc17.1\", rls:\"FC17\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:38:01", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2013-08-01T00:00:00", "id": "OPENVAS:1361412562310866316", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310866316", "title": "Fedora Update for twinkle FEDORA-2013-13018", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for twinkle FEDORA-2013-13018\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.866316\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2013-08-01 18:37:46 +0530 (Thu, 01 Aug 2013)\");\n script_cve_id(\"CVE-2013-2221\", \"CVE-2013-2222\", \"CVE-2013-2223\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Fedora Update for twinkle FEDORA-2013-13018\");\n\n\n script_tag(name:\"affected\", value:\"twinkle on Fedora 17\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"FEDORA\", value:\"2013-13018\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2013-July/112436.html\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'twinkle'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC17\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC17\")\n{\n\n if ((res = isrpmvuln(pkg:\"twinkle\", rpm:\"twinkle~1.4.2~19.fc17.1\", rls:\"FC17\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:38:26", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2013-08-01T00:00:00", "id": "OPENVAS:1361412562310866367", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310866367", "title": "Fedora Update for ortp FEDORA-2013-13019", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for ortp FEDORA-2013-13019\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.866367\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2013-08-01 18:39:14 +0530 (Thu, 01 Aug 2013)\");\n script_cve_id(\"CVE-2013-2221\", \"CVE-2013-2222\", \"CVE-2013-2223\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Fedora Update for ortp FEDORA-2013-13019\");\n\n\n script_tag(name:\"affected\", value:\"ortp on Fedora 18\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"FEDORA\", value:\"2013-13019\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2013-July/112417.html\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'ortp'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC18\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC18\")\n{\n\n if ((res = isrpmvuln(pkg:\"ortp\", rpm:\"ortp~0.20.0~5.fc18\", rls:\"FC18\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:38:20", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2013-08-01T00:00:00", "id": "OPENVAS:1361412562310866418", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310866418", "title": "Fedora Update for libzrtpcpp FEDORA-2013-13018", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for libzrtpcpp FEDORA-2013-13018\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.866418\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2013-08-01 18:40:48 +0530 (Thu, 01 Aug 2013)\");\n script_cve_id(\"CVE-2013-2221\", \"CVE-2013-2222\", \"CVE-2013-2223\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Fedora Update for libzrtpcpp FEDORA-2013-13018\");\n\n\n script_tag(name:\"affected\", value:\"libzrtpcpp on Fedora 17\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"FEDORA\", value:\"2013-13018\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2013-July/112435.html\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'libzrtpcpp'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC17\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC17\")\n{\n\n if ((res = isrpmvuln(pkg:\"libzrtpcpp\", rpm:\"libzrtpcpp~2.3.4~1.fc17\", rls:\"FC17\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:38:12", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2013-08-20T00:00:00", "id": "OPENVAS:1361412562310866784", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310866784", "title": "Fedora Update for libzrtpcpp FEDORA-2013-12479", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for libzrtpcpp FEDORA-2013-12479\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.866784\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2013-08-20 15:27:11 +0530 (Tue, 20 Aug 2013)\");\n script_cve_id(\"CVE-2013-2221\", \"CVE-2013-2222\", \"CVE-2013-2223\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Fedora Update for libzrtpcpp FEDORA-2013-12479\");\n\n\n script_tag(name:\"affected\", value:\"libzrtpcpp on Fedora 19\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"FEDORA\", value:\"2013-12479\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2013-July/111709.html\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'libzrtpcpp'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC19\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC19\")\n{\n\n if ((res = isrpmvuln(pkg:\"libzrtpcpp\", rpm:\"libzrtpcpp~2.3.4~1.fc19\", rls:\"FC19\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "gentoo": [{"lastseen": "2016-09-06T19:46:25", "bulletinFamily": "unix", "description": "### Background\n\nGNU ZRTP is a C++ implementation of the ZRTP protocol.\n\n### Description\n\nMultiple vulnerabilities have been discovered in GNU ZRTP. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nA remote attacker could possibly execute arbitrary code with the privileges of the process, cause a Denial of Service condition, or obtain sensitive information. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll GNU ZRTP users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=net-libs/libzrtpcpp-2.3.4\"", "modified": "2013-09-24T00:00:00", "published": "2013-09-24T00:00:00", "id": "GLSA-201309-13", "href": "https://security.gentoo.org/glsa/201309-13", "type": "gentoo", "title": "GNU ZRTP: Multiple vulnerabilities", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}]}