{"id": "FEDORA_2014-1935.NASL", "bulletinFamily": "scanner", "title": "Fedora 20 : tpp-1.3.1-17.fc20 (2014-1935)", "description": "977368: apply Adam Miller's patch correctly. (jesusr at redhat.com)\n976686, 976687: Don't execute commands with --exec by default (abe at\ndebian.org)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "published": "2014-02-12T00:00:00", "modified": "2014-02-12T00:00:00", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "href": "https://www.tenable.com/plugins/nessus/72449", "reporter": "This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["http://www.nessus.org/u?22e8a5ce", "https://bugzilla.redhat.com/show_bug.cgi?id=977368", "https://bugzilla.redhat.com/show_bug.cgi?id=976687", "https://bugzilla.redhat.com/show_bug.cgi?id=976686"], "cvelist": ["CVE-2013-2208"], "type": "nessus", "lastseen": "2021-01-12T10:12:29", "edition": 15, "viewCount": 1, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2013-2208"]}, {"type": "openvas", "idList": ["OPENVAS:867491", "OPENVAS:867493", "OPENVAS:1361412562310867491", "OPENVAS:1361412562310867493", "OPENVAS:1361412562310121033"]}, {"type": "gentoo", "idList": ["GLSA-201309-19"]}, {"type": "fedora", "idList": ["FEDORA:1894A224D8", "FEDORA:94E73222BC"]}, {"type": "nessus", "idList": ["GENTOO_GLSA-201309-19.NASL", "FEDORA_2014-1955.NASL"]}], "modified": "2021-01-12T10:12:29", "rev": 2}, "score": {"value": 6.4, "vector": "NONE", "modified": "2021-01-12T10:12:29", "rev": 2}, "vulnersScore": 6.4}, "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2014-1935.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(72449);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2013-2208\");\n script_bugtraq_id(60720);\n script_xref(name:\"FEDORA\", value:\"2014-1935\");\n\n script_name(english:\"Fedora 20 : tpp-1.3.1-17.fc20 (2014-1935)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"977368: apply Adam Miller's patch correctly. (jesusr at redhat.com)\n976686, 976687: Don't execute commands with --exec by default (abe at\ndebian.org)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=976686\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=976687\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=977368\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2014-February/128176.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?22e8a5ce\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected tpp package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:tpp\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:20\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/02/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/02/12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^20([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 20.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC20\", reference:\"tpp-1.3.1-17.fc20\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"tpp\");\n}\n", "naslFamily": "Fedora Local Security Checks", "pluginID": "72449", "cpe": ["p-cpe:/a:fedoraproject:fedora:tpp", "cpe:/o:fedoraproject:fedora:20"], "scheme": null}

{"cve": [{"lastseen": "2021-02-02T06:06:50", "description": "tpp 1.3.1 allows remote attackers to execute arbitrary commands via a --exec command in a TPP template file.", "edition": 4, "cvss3": {}, "published": "2013-10-28T22:55:00", "title": "CVE-2013-2208", "type": "cve", "cwe": ["CWE-94"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-2208"], "modified": "2013-10-30T14:39:00", "cpe": ["cpe:/a:andreas_krennmair:tpp:1.3.1"], "id": "CVE-2013-2208", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2208", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:andreas_krennmair:tpp:1.3.1:*:*:*:*:*:*:*"]}], "openvas": [{"lastseen": "2017-07-25T10:48:57", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-2208"], "description": "Check for the Version of tpp", "modified": "2017-07-10T00:00:00", "published": "2014-02-13T00:00:00", "id": "OPENVAS:867493", "href": "http://plugins.openvas.org/nasl.php?oid=867493", "type": "openvas", "title": "Fedora Update for tpp FEDORA-2014-1955", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for tpp FEDORA-2014-1955\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\nif(description)\n{\n script_id(867493);\n script_version(\"$Revision: 6629 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:33:41 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2014-02-13 11:40:46 +0530 (Thu, 13 Feb 2014)\");\n script_cve_id(\"CVE-2013-2208\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_name(\"Fedora Update for tpp FEDORA-2014-1955\");\n\n tag_insight = \"tpp stands for text presentation program and is a ncurses-based presentation\ntool. The presentation can be written with your favorite editor in a simple\ndescription format and then shown on any text terminal that is supported by\nncurses - ranging from an old VT100 to the Linux framebuffer to an xterm.\n\";\n\n tag_affected = \"tpp on Fedora 19\";\n\n tag_solution = \"Please Install the Updated Packages.\";\n\n\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name: \"FEDORA\", value: \"2014-1955\");\n script_xref(name: \"URL\" , value: \"https://lists.fedoraproject.org/pipermail/package-announce/2014-February/128106.html\");\n script_summary(\"Check for the Version of tpp\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC19\")\n{\n\n if ((res = isrpmvuln(pkg:\"tpp\", rpm:\"tpp~1.3.1~17.fc19\", rls:\"FC19\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-25T10:48:58", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-2208"], "description": "Check for the Version of tpp", "modified": "2017-07-10T00:00:00", "published": "2014-02-13T00:00:00", "id": "OPENVAS:867491", "href": "http://plugins.openvas.org/nasl.php?oid=867491", "type": "openvas", "title": "Fedora Update for tpp FEDORA-2014-1935", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for tpp FEDORA-2014-1935\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\nif(description)\n{\n script_id(867491);\n script_version(\"$Revision: 6629 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:33:41 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2014-02-13 11:40:45 +0530 (Thu, 13 Feb 2014)\");\n script_cve_id(\"CVE-2013-2208\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_name(\"Fedora Update for tpp FEDORA-2014-1935\");\n\n tag_insight = \"tpp stands for text presentation program and is a ncurses-based presentation\ntool. The presentation can be written with your favorite editor in a simple\ndescription format and then shown on any text terminal that is supported by\nncurses - ranging from an old VT100 to the Linux framebuffer to an xterm.\n\";\n\n tag_affected = \"tpp on Fedora 20\";\n\n tag_solution = \"Please Install the Updated Packages.\";\n\n\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name: \"FEDORA\", value: \"2014-1935\");\n script_xref(name: \"URL\" , value: \"https://lists.fedoraproject.org/pipermail/package-announce/2014-February/128176.html\");\n script_summary(\"Check for the Version of tpp\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC20\")\n{\n\n if ((res = isrpmvuln(pkg:\"tpp\", rpm:\"tpp~1.3.1~17.fc20\", rls:\"FC20\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:36:29", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-2208"], "description": "Gentoo Linux Local Security Checks GLSA 201309-19", "modified": "2018-10-26T00:00:00", "published": "2015-09-29T00:00:00", "id": "OPENVAS:1361412562310121033", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310121033", "type": "openvas", "title": "Gentoo Security Advisory GLSA 201309-19", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: glsa-201309-19.nasl 12128 2018-10-26 13:35:25Z cfischer $\n#\n# Gentoo Linux security check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.121033\");\n script_version(\"$Revision: 12128 $\");\n script_tag(name:\"creation_date\", value:\"2015-09-29 11:25:57 +0300 (Tue, 29 Sep 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-26 15:35:25 +0200 (Fri, 26 Oct 2018) $\");\n script_name(\"Gentoo Security Advisory GLSA 201309-19\");\n script_tag(name:\"insight\", value:\"TPP templates may contain a --exec clause, the contents of which are automatically executed without confirmation from the user.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://security.gentoo.org/glsa/201309-19\");\n script_cve_id(\"CVE-2013-2208\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"summary\", value:\"Gentoo Linux Local Security Checks GLSA 201309-19\");\n script_copyright(\"Eero Volotinen\");\n script_family(\"Gentoo Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-gentoo.inc\");\n\nres = \"\";\nreport = \"\";\n\nif((res=ispkgvuln(pkg:\"app-office/tpp\", unaffected: make_list(\"ge 1.3.1-r2\"), vulnerable: make_list(\"lt 1.3.1-r2\"))) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:37:45", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-2208"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2014-02-13T00:00:00", "id": "OPENVAS:1361412562310867493", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310867493", "type": "openvas", "title": "Fedora Update for tpp FEDORA-2014-1955", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for tpp FEDORA-2014-1955\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.867493\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2014-02-13 11:40:46 +0530 (Thu, 13 Feb 2014)\");\n script_cve_id(\"CVE-2013-2208\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_name(\"Fedora Update for tpp FEDORA-2014-1955\");\n script_tag(name:\"affected\", value:\"tpp on Fedora 19\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"FEDORA\", value:\"2014-1955\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2014-February/128106.html\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'tpp'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC19\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC19\")\n{\n\n if ((res = isrpmvuln(pkg:\"tpp\", rpm:\"tpp~1.3.1~17.fc19\", rls:\"FC19\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:37:10", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-2208"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2014-02-13T00:00:00", "id": "OPENVAS:1361412562310867491", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310867491", "type": "openvas", "title": "Fedora Update for tpp FEDORA-2014-1935", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for tpp FEDORA-2014-1935\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.867491\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2014-02-13 11:40:45 +0530 (Thu, 13 Feb 2014)\");\n script_cve_id(\"CVE-2013-2208\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_name(\"Fedora Update for tpp FEDORA-2014-1935\");\n script_tag(name:\"affected\", value:\"tpp on Fedora 20\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"FEDORA\", value:\"2014-1935\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2014-February/128176.html\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'tpp'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC20\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC20\")\n{\n\n if ((res = isrpmvuln(pkg:\"tpp\", rpm:\"tpp~1.3.1~17.fc20\", rls:\"FC20\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "gentoo": [{"lastseen": "2016-09-06T19:46:39", "bulletinFamily": "unix", "cvelist": ["CVE-2013-2208"], "edition": 1, "description": "### Background\n\nTPP is an ncurses-based text presentation tool.\n\n### Description\n\nTPP templates may contain a --exec clause, the contents of which are automatically executed without confirmation from the user. \n\n### Impact\n\nA remote attacker could entice a user to open a specially crafted file using TPP, possibly resulting in execution of arbitrary code with the privileges of the user. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll TPP users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=app-office/tpp-1.3.1-r2\"", "modified": "2013-09-25T00:00:00", "published": "2013-09-25T00:00:00", "id": "GLSA-201309-19", "href": "https://security.gentoo.org/glsa/201309-19", "type": "gentoo", "title": "TPP: User-assisted execution of arbitrary code", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "nessus": [{"lastseen": "2021-01-07T10:54:50", "description": "The remote host is affected by the vulnerability described in GLSA-201309-19\n(TPP: User-assisted execution of arbitrary code)\n\n TPP templates may contain a --exec clause, the contents of which are\n automatically executed without confirmation from the user.\n \nImpact :\n\n A remote attacker could entice a user to open a specially crafted file\n using TPP, possibly resulting in execution of arbitrary code with the\n privileges of the user.\n \nWorkaround :\n\n There is no known workaround at this time.", "edition": 21, "published": "2013-09-26T00:00:00", "title": "GLSA-201309-19 : TPP: User-assisted execution of arbitrary code", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-2208"], "modified": "2013-09-26T00:00:00", "cpe": ["cpe:/o:gentoo:linux", "p-cpe:/a:gentoo:linux:tpp"], "id": "GENTOO_GLSA-201309-19.NASL", "href": "https://www.tenable.com/plugins/nessus/70131", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 201309-19.\n#\n# The advisory text is Copyright (C) 2001-2015 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(70131);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2013-2208\");\n script_bugtraq_id(60720);\n script_xref(name:\"GLSA\", value:\"201309-19\");\n\n script_name(english:\"GLSA-201309-19 : TPP: User-assisted execution of arbitrary code\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-201309-19\n(TPP: User-assisted execution of arbitrary code)\n\n TPP templates may contain a --exec clause, the contents of which are\n automatically executed without confirmation from the user.\n \nImpact :\n\n A remote attacker could entice a user to open a specially crafted file\n using TPP, possibly resulting in execution of arbitrary code with the\n privileges of the user.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/201309-19\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All TPP users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=app-office/tpp-1.3.1-r2'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:tpp\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/09/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/09/26\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"app-office/tpp\", unaffected:make_list(\"ge 1.3.1-r2\"), vulnerable:make_list(\"lt 1.3.1-r2\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:qpkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"TPP\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-12T10:12:29", "description": "977368: apply Adam Miller's patch correctly. (jesusr at redhat.com)\n976686, 976687: Don't execute commands with --exec by default (abe at\ndebian.org)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 15, "published": "2014-02-12T00:00:00", "title": "Fedora 19 : tpp-1.3.1-17.fc19 (2014-1955)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-2208"], "modified": "2014-02-12T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:19", "p-cpe:/a:fedoraproject:fedora:tpp"], "id": "FEDORA_2014-1955.NASL", "href": "https://www.tenable.com/plugins/nessus/72450", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2014-1955.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(72450);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2013-2208\");\n script_bugtraq_id(60720);\n script_xref(name:\"FEDORA\", value:\"2014-1955\");\n\n script_name(english:\"Fedora 19 : tpp-1.3.1-17.fc19 (2014-1955)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"977368: apply Adam Miller's patch correctly. (jesusr at redhat.com)\n976686, 976687: Don't execute commands with --exec by default (abe at\ndebian.org)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=976686\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=976687\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=977368\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2014-February/128106.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?8dbdcba9\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected tpp package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:tpp\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:19\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/02/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/02/12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^19([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 19.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC19\", reference:\"tpp-1.3.1-17.fc19\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"tpp\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "fedora": [{"lastseen": "2020-12-21T08:17:52", "bulletinFamily": "unix", "cvelist": ["CVE-2013-2208"], "description": "tpp stands for text presentation program and is a ncurses-based presentation tool. The presentation can be written with your favorite editor in a simple description format and then shown on any text terminal that is supported by ncurses - ranging from an old VT100 to the Linux framebuffer to an xterm. ", "modified": "2014-02-11T23:17:28", "published": "2014-02-11T23:17:28", "id": "FEDORA:1894A224D8", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 20 Update: tpp-1.3.1-17.fc20", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:52", "bulletinFamily": "unix", "cvelist": ["CVE-2013-2208"], "description": "tpp stands for text presentation program and is a ncurses-based presentation tool. The presentation can be written with your favorite editor in a simple description format and then shown on any text terminal that is supported by ncurses - ranging from an old VT100 to the Linux framebuffer to an xterm. ", "modified": "2014-02-11T23:06:31", "published": "2014-02-11T23:06:31", "id": "FEDORA:94E73222BC", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 19 Update: tpp-1.3.1-17.fc19", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}]}