{"id": "FEDORA_2017-DA9D0F0DC0.NASL", "bulletinFamily": "scanner", "title": "Fedora 24 : R / rkward / rpy (2017-da9d0f0dc0)", "description": "Update to 3.3.3. Fix CVE-2016-8714.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.", "published": "2017-03-22T00:00:00", "modified": "2017-03-22T00:00:00", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "href": "https://www.tenable.com/plugins/nessus/97870", "reporter": "This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["https://bodhi.fedoraproject.org/updates/FEDORA-2017-da9d0f0dc0"], "cvelist": ["CVE-2016-8714"], "type": "nessus", "lastseen": "2021-01-07T10:14:09", "edition": 18, "viewCount": 2, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2016-8714"]}, {"type": "seebug", "idList": ["SSV:96546"]}, {"type": "fedora", "idList": ["FEDORA:D2416604AAFC", "FEDORA:0CF366087C01", "FEDORA:4BD55608A204", "FEDORA:3B8006087C39", "FEDORA:EF57F604AF78", "FEDORA:A042F604A70F", "FEDORA:600FF608A4A3", "FEDORA:CAC966087C34", "FEDORA:97E20608A21B"]}, {"type": "openvas", "idList": ["OPENVAS:703813", "OPENVAS:1361412562310872510", "OPENVAS:1361412562310872509", "OPENVAS:1361412562310872514", "OPENVAS:1361412562310872505", "OPENVAS:1361412562310872515", "OPENVAS:1361412562310890861", "OPENVAS:1361412562310703813", "OPENVAS:1361412562310872512"]}, {"type": "debian", "idList": ["DEBIAN:DLA-861-1:717C5", "DEBIAN:DSA-3813-1:7EF26"]}, {"type": "nessus", "idList": ["FEDORA_2017-07C8F3EA2B.NASL", "DEBIAN_DLA-861.NASL", "DEBIAN_DSA-3813.NASL", "FEDORA_2017-AE18216E75.NASL"]}, {"type": "talos", "idList": ["TALOS-2016-0227"]}], "modified": "2021-01-07T10:14:09", "rev": 2}, "score": {"value": 6.1, "vector": "NONE", "modified": "2021-01-07T10:14:09", "rev": 2}, "vulnersScore": 6.1}, "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2017-da9d0f0dc0.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(97870);\n script_version(\"3.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2016-8714\");\n script_xref(name:\"FEDORA\", value:\"2017-da9d0f0dc0\");\n\n script_name(english:\"Fedora 24 : R / rkward / rpy (2017-da9d0f0dc0)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Update to 3.3.3. Fix CVE-2016-8714.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2017-da9d0f0dc0\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected R, rkward and / or rpy packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:R\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:rkward\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:rpy\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:24\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/03/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/03/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/03/22\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^24([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 24\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC24\", reference:\"R-3.3.3-1.fc24\")) flag++;\nif (rpm_check(release:\"FC24\", reference:\"rkward-0.6.5-5.fc24\")) flag++;\nif (rpm_check(release:\"FC24\", reference:\"rpy-2.8.5-3.fc24\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"R / rkward / rpy\");\n}\n", "naslFamily": "Fedora Local Security Checks", "pluginID": "97870", "cpe": ["p-cpe:/a:fedoraproject:fedora:rkward", "p-cpe:/a:fedoraproject:fedora:rpy", "cpe:/o:fedoraproject:fedora:24", "p-cpe:/a:fedoraproject:fedora:R"], "scheme": null, "cvss3": {"score": 7.5, "vector": "AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}}

{"cve": [{"lastseen": "2021-02-02T06:28:13", "description": "An exploitable buffer overflow vulnerability exists in the LoadEncoding functionality of the R programming language version 3.3.0. A specially crafted R script can cause a buffer overflow resulting in a memory corruption. An attacker can send a malicious R script to trigger this vulnerability.", "edition": 4, "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-03-10T10:59:00", "title": "CVE-2016-8714", "type": "cve", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-8714"], "modified": "2017-11-04T01:29:00", "cpe": ["cpe:/a:r_project:r:3.3.2", "cpe:/a:r_project:r:3.3.0"], "id": "CVE-2016-8714", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-8714", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:r_project:r:3.3.2:*:*:*:*:*:*:*", "cpe:2.3:a:r_project:r:3.3.0:*:*:*:*:*:*:*"]}], "seebug": [{"lastseen": "2017-11-19T12:00:59", "description": "### Summary\r\nAn exploitable buffer overflow vulnerability exists in the LoadEncoding functionality of the R programming language version 3.3.0. A specially crafted R script can cause a buffer overflow resulting in a memory corruption. An attacker can send a malicious R script to trigger this vulnerability.\r\n\r\n### Tested Versions\r\nR 3.3.0\r\n\r\nR 3.3.2\r\n### Product URLs\r\nhttps://www.r-project.org/\r\n\r\n### CVSSv3 Score\r\n7.5 - CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H\r\n\r\n### Details\r\nThe R programming language is commonly used in statistical computing and supported by the R Foundation for Statistical Computing. R is praised for having a large variety of statistical and graphical features.\r\n\r\nDuring the creation of a PDF document, the file containing the encoding array can be specified by the user. The following command can specify the encoding file for a pdf.\r\n```\r\n pdf(encoding=\"/path/to/some/file\")\r\n```\r\n\r\nWhile loading this file, each of the specific elements in the file is copied into the `cname` element for each item in the `encnames` array [0].\r\n```\r\n src/library/grDevices/src/devPS.c:493\r\n\r\nLoadEncoding(const char *encpath, char *encname,\r\n char *encconvname, CNAME *encnames,\r\n char *enccode, Rboolean isPDF)\r\n {\r\n ...\r\n for(i = 0; i < 256; i++) {\r\n if (GetNextItem(fp, buf, i, &state)) {\r\n fclose(fp); return 0;\r\n }\r\n\r\n strcpy(encnames[i].cname, buf+1); // [0]\r\n\r\n strcat(enccode, \" /\"); strcat(enccode, encnames[i].cname);\r\n if(i%8 == 7) strcat(enccode, \"\\n\");\r\n }\r\n ...\r\n```\r\nThe `encnames` array is a part of a `EncodingInfo` structure.\r\n```\r\n /*\r\n * Information about a font encoding\r\n */\r\n typedef struct EncInfo {\r\n char encpath[PATH_MAX];\r\n char name[100]; /* Name written to PostScript/PDF file */\r\n char convname[50]; /* Name used in mbcsToSbcs() with iconv() */\r\n CNAME encnames[256];\r\n char enccode[5000];\r\n } EncodingInfo, *encodinginfo;\r\n```\r\n\r\nThe `encnames` array is of structure type `CNAME` with a `cname` attribute that is a buffer of length 40 [1].\r\n```\r\n src/library/grDevices/src/devPS.c:281\r\n\r\n /* The longest named Adobe glyph is 39 chars:\r\n whitediamondcontainingblacksmalldiamond\r\n */\r\n\r\n typedef struct {\r\n char cname[40]; // [1]\r\n } CNAME;\r\n```\r\n\r\nBy providing an element in the encoding file of longer than length 40, the `cname` buffer is overflown. This could be leveraged to potentially gain remote code execution later in the program.\r\n\r\n### Crash Information\r\n```\r\n$ R -d valgrind -f poc.r\r\n...\r\n==21442== Invalid write of size 1\r\n==21442== at 0x4C34140: __stpcpy_sse2_unaligned (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)\r\n==21442== by 0xA0D4D89: ??? (in /usr/lib/R/library/grDevices/libs/grDevices.so)\r\n==21442== by 0xA0D6A5B: ??? (in /usr/lib/R/library/grDevices/libs/grDevices.so)\r\n==21442== by 0xA0E226D: PDFDeviceDriver (in /usr/lib/R/library/grDevices/libs/grDevices.so)\r\n==21442== by 0xA0E3DE9: PDF (in /usr/lib/R/library/grDevices/libs/grDevices.so)\r\n==21442== by 0x4F08F80: ??? (in /usr/lib/R/lib/libR.so)\r\n==21442== by 0x4F34BFC: ??? (in /usr/lib/R/lib/libR.so)\r\n==21442== by 0x4F40F2F: Rf_eval (in /usr/lib/R/lib/libR.so)\r\n==21442== by 0x4F4296D: Rf_applyClosure (in /usr/lib/R/lib/libR.so)\r\n==21442== by 0x4F410CC: Rf_eval (in /usr/lib/R/lib/libR.so)\r\n==21442== by 0x4F68891: Rf_ReplIteration (in /usr/lib/R/lib/libR.so)\r\n==21442== by 0x4F68C10: ??? (in /usr/lib/R/lib/libR.so)\r\n==21442== Address 0x79f5eee is 0 bytes after a block of size 19,486 alloc'd\r\n==21442== at 0x4C2DB8F: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)\r\n==21442== by 0xA0D6A28: ??? (in /usr/lib/R/library/grDevices/libs/grDevices.so)\r\n==21442== by 0xA0E226D: PDFDeviceDriver (in /usr/lib/R/library/grDevices/libs/grDevices.so)\r\n==21442== by 0xA0E3DE9: PDF (in /usr/lib/R/library/grDevices/libs/grDevices.so)\r\n==21442== by 0x4F08F80: ??? (in /usr/lib/R/lib/libR.so)\r\n==21442== by 0x4F34BFC: ??? (in /usr/lib/R/lib/libR.so)\r\n==21442== by 0x4F40F2F: Rf_eval (in /usr/lib/R/lib/libR.so)\r\n==21442== by 0x4F4296D: Rf_applyClosure (in /usr/lib/R/lib/libR.so)\r\n==21442== by 0x4F410CC: Rf_eval (in /usr/lib/R/lib/libR.so)\r\n==21442== by 0x4F68891: Rf_ReplIteration (in /usr/lib/R/lib/libR.so)\r\n==21442== by 0x4F68C10: ??? (in /usr/lib/R/lib/libR.so)\r\n==21442== by 0x4F68CC3: run_Rmainloop (in /usr/lib/R/lib/libR.so)\r\n```\r\n\r\n### Timeline\r\n* 2016-11-17 - Vendor Disclosure\r\n* 2017-03-09 - Public Release\r\n\r\n### CREDIT\r\n* Discovered by Cory Duplantis of Cisco Talos", "published": "2017-09-20T00:00:00", "type": "seebug", "title": "R PDF LoadEncoding Code Execution Vulnerability(CVE-2016-8714)", "bulletinFamily": "exploit", "cvelist": ["CVE-2016-8714"], "modified": "2017-09-20T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-96546", "id": "SSV:96546", "sourceData": "", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "sourceHref": ""}], "fedora": [{"lastseen": "2020-12-21T08:17:54", "bulletinFamily": "unix", "cvelist": ["CVE-2016-8714"], "description": "RKWard aims to provide an easily extensible, easy to use IDE/GUI for the R-project. RKWard tries to combine the power of the R-language with the (relative) ease of use of commercial statistics tools. Long term plans include integration with office suites ", "modified": "2017-03-21T02:50:56", "published": "2017-03-21T02:50:56", "id": "FEDORA:CAC966087C34", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 24 Update: rkward-0.6.5-5.fc24", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:54", "bulletinFamily": "unix", "cvelist": ["CVE-2016-8714"], "description": "This is a metapackage that provides both core R userspace and all R development components. R is a language and environment for statistical computing and graphics. R is similar to the award-winning S system, which was developed at Bell Laboratories by John Chambers et al. It provides a wide variety of statistical and graphical techniques (linear and nonlinear modelling, statistical tests, time series analysis, classification, clustering, ...). R is designed as a true computer language with control-flow constructions for iteration and alternation, and it allows users to add additional functionality by defining new functions. For computationally intensive tasks, C, C++ and Fortran code can be linked and called at run time. ", "modified": "2017-03-21T02:50:57", "published": "2017-03-21T02:50:57", "id": "FEDORA:3B8006087C39", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 24 Update: R-3.3.3-1.fc24", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:54", "bulletinFamily": "unix", "cvelist": ["CVE-2016-8714"], "description": "RPy provides a robust Python interface to the R programming language. It can manage all kinds of R objects and can execute arbitrary R functions. All the errors from the R language are converted to Python exceptions. ", "modified": "2017-03-21T02:50:57", "published": "2017-03-21T02:50:57", "id": "FEDORA:0CF366087C01", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 24 Update: rpy-2.8.5-3.fc24", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:54", "bulletinFamily": "unix", "cvelist": ["CVE-2016-8714"], "description": "RPy provides a robust Python interface to the R programming language. It can manage all kinds of R objects and can execute arbitrary R functions. All the errors from the R language are converted to Python exceptions. ", "modified": "2017-03-21T03:22:52", "published": "2017-03-21T03:22:52", "id": "FEDORA:97E20608A21B", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 25 Update: rpy-2.8.5-3.fc25", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:54", "bulletinFamily": "unix", "cvelist": ["CVE-2016-8714"], "description": "RKWard aims to provide an easily extensible, easy to use IDE/GUI for the R-project. RKWard tries to combine the power of the R-language with the (relative) ease of use of commercial statistics tools. Long term plans include integration with office suites ", "modified": "2017-03-21T03:22:52", "published": "2017-03-21T03:22:52", "id": "FEDORA:600FF608A4A3", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 25 Update: rkward-0.6.5-5.fc25", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:54", "bulletinFamily": "unix", "cvelist": ["CVE-2016-8714"], "description": "This is a metapackage that provides both core R userspace and all R development components. R is a language and environment for statistical computing and graphics. R is similar to the award-winning S system, which was developed at Bell Laboratories by John Chambers et al. It provides a wide variety of statistical and graphical techniques (linear and nonlinear modelling, statistical tests, time series analysis, classification, clustering, ...). R is designed as a true computer language with control-flow constructions for iteration and alternation, and it allows users to add additional functionality by defining new functions. For computationally intensive tasks, C, C++ and Fortran code can be linked and called at run time. ", "modified": "2017-03-21T03:22:53", "published": "2017-03-21T03:22:53", "id": "FEDORA:4BD55608A204", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 25 Update: R-3.3.3-1.fc25", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:54", "bulletinFamily": "unix", "cvelist": ["CVE-2016-8714"], "description": "RKWard aims to provide an easily extensible, easy to use IDE/GUI for the R-project. RKWard tries to combine the power of the R-language with the (relative) ease of use of commercial statistics tools. Long term plans include integration with office suites ", "modified": "2017-04-01T17:53:36", "published": "2017-04-01T17:53:36", "id": "FEDORA:D2416604AAFC", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 26 Update: rkward-0.6.5-5.fc26", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:54", "bulletinFamily": "unix", "cvelist": ["CVE-2016-8714"], "description": "This is a metapackage that provides both core R userspace and all R development components. R is a language and environment for statistical computing and graphics. R is similar to the award-winning S system, which was developed at Bell Laboratories by John Chambers et al. It provides a wide variety of statistical and graphical techniques (linear and nonlinear modelling, statistical tests, time series analysis, classification, clustering, ...). R is designed as a true computer language with control-flow constructions for iteration and alternation, and it allows users to add additional functionality by defining new functions. For computationally intensive tasks, C, C++ and Fortran code can be linked and called at run time. ", "modified": "2017-04-01T17:53:36", "published": "2017-04-01T17:53:36", "id": "FEDORA:EF57F604AF78", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 26 Update: R-3.3.3-1.fc26", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:54", "bulletinFamily": "unix", "cvelist": ["CVE-2016-8714"], "description": "RPy provides a robust Python interface to the R programming language. It can manage all kinds of R objects and can execute arbitrary R functions. All the errors from the R language are converted to Python exceptions. ", "modified": "2017-04-01T17:53:36", "published": "2017-04-01T17:53:36", "id": "FEDORA:A042F604A70F", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 26 Update: rpy-2.8.5-3.fc26", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "nessus": [{"lastseen": "2021-01-07T10:12:51", "description": "Update to 3.3.3. Fix CVE-2016-8714.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.", "edition": 18, "cvss3": {"score": 7.5, "vector": "AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2017-03-21T00:00:00", "title": "Fedora 25 : R / rkward / rpy (2017-ae18216e75)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-8714"], "modified": "2017-03-21T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:rkward", "cpe:/o:fedoraproject:fedora:25", "p-cpe:/a:fedoraproject:fedora:rpy", "p-cpe:/a:fedoraproject:fedora:R"], "id": "FEDORA_2017-AE18216E75.NASL", "href": "https://www.tenable.com/plugins/nessus/97841", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2017-ae18216e75.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(97841);\n script_version(\"3.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2016-8714\");\n script_xref(name:\"FEDORA\", value:\"2017-ae18216e75\");\n\n script_name(english:\"Fedora 25 : R / rkward / rpy (2017-ae18216e75)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Update to 3.3.3. Fix CVE-2016-8714.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2017-ae18216e75\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected R, rkward and / or rpy packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:R\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:rkward\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:rpy\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:25\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/03/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/03/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/03/21\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^25([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 25\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC25\", reference:\"R-3.3.3-1.fc25\")) flag++;\nif (rpm_check(release:\"FC25\", reference:\"rkward-0.6.5-5.fc25\")) flag++;\nif (rpm_check(release:\"FC25\", reference:\"rpy-2.8.5-3.fc25\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"R / rkward / rpy\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-12T09:44:19", "description": "An exploitable buffer overflow vulnerability exists in the\nLoadEncoding functionality of the R programming language. A specially\ncrafted R script can cause a buffer overflow resulting in a memory\ncorruption. An attacker can send a malicious R script to trigger this\nvulnerability.\n\nFor Debian 7 'Wheezy', this problem has been fixed in version\n2.15.1-4+deb7u1.\n\nWe recommend that you upgrade your r-base packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.", "edition": 17, "cvss3": {"score": 7.5, "vector": "AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2017-03-20T00:00:00", "title": "Debian DLA-861-1 : r-base security update", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-8714"], "modified": "2017-03-20T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:r-mathlib", "p-cpe:/a:debian:debian_linux:r-doc-info", "p-cpe:/a:debian:debian_linux:r-base", "p-cpe:/a:debian:debian_linux:r-base-core-dbg", "p-cpe:/a:debian:debian_linux:r-doc-pdf", "p-cpe:/a:debian:debian_linux:r-base-core", "p-cpe:/a:debian:debian_linux:r-base-dev", "cpe:/o:debian:debian_linux:7.0", "p-cpe:/a:debian:debian_linux:r-doc-html", "p-cpe:/a:debian:debian_linux:r-recommended", "p-cpe:/a:debian:debian_linux:r-base-html"], "id": "DEBIAN_DLA-861.NASL", "href": "https://www.tenable.com/plugins/nessus/97798", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-861-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(97798);\n script_version(\"3.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2016-8714\");\n\n script_name(english:\"Debian DLA-861-1 : r-base security update\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An exploitable buffer overflow vulnerability exists in the\nLoadEncoding functionality of the R programming language. A specially\ncrafted R script can cause a buffer overflow resulting in a memory\ncorruption. An attacker can send a malicious R script to trigger this\nvulnerability.\n\nFor Debian 7 'Wheezy', this problem has been fixed in version\n2.15.1-4+deb7u1.\n\nWe recommend that you upgrade your r-base packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2017/03/msg00018.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/wheezy/r-base\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:r-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:r-base-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:r-base-core-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:r-base-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:r-base-html\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:r-doc-html\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:r-doc-info\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:r-doc-pdf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:r-mathlib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:r-recommended\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:7.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/03/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/03/20\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"7.0\", prefix:\"r-base\", reference:\"2.15.1-4+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"r-base-core\", reference:\"2.15.1-4+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"r-base-core-dbg\", reference:\"2.15.1-4+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"r-base-dev\", reference:\"2.15.1-4+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"r-base-html\", reference:\"2.15.1-4+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"r-doc-html\", reference:\"2.15.1-4+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"r-doc-info\", reference:\"2.15.1-4+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"r-doc-pdf\", reference:\"2.15.1-4+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"r-mathlib\", reference:\"2.15.1-4+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"r-recommended\", reference:\"2.15.1-4+deb7u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-12T09:50:11", "description": "Cory Duplantis discovered a buffer overflow in the R programming\nlanguage. A malformed encoding file may lead to the execution of\narbitrary code during PDF generation.", "edition": 24, "cvss3": {"score": 7.5, "vector": "AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2017-03-20T00:00:00", "title": "Debian DSA-3813-1 : r-base - security update", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-8714"], "modified": "2017-03-20T00:00:00", "cpe": ["cpe:/o:debian:debian_linux:8.0", "p-cpe:/a:debian:debian_linux:r-base"], "id": "DEBIAN_DSA-3813.NASL", "href": "https://www.tenable.com/plugins/nessus/97802", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-3813. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(97802);\n script_version(\"3.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2016-8714\");\n script_xref(name:\"DSA\", value:\"3813\");\n\n script_name(english:\"Debian DSA-3813-1 : r-base - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Cory Duplantis discovered a buffer overflow in the R programming\nlanguage. A malformed encoding file may lead to the execution of\narbitrary code during PDF generation.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/jessie/r-base\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2017/dsa-3813\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the r-base packages.\n\nFor the stable distribution (jessie), this problem has been fixed in\nversion 3.1.1-1+deb8u1.\n\nFor the upcoming stable distribution (stretch), this problem has been\nfixed in version 3.3.3-1.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:r-base\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:8.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/03/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/03/20\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"8.0\", prefix:\"r-base\", reference:\"3.1.1-1+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"r-base-core\", reference:\"3.1.1-1+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"r-base-core-dbg\", reference:\"3.1.1-1+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"r-base-dev\", reference:\"3.1.1-1+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"r-base-html\", reference:\"3.1.1-1+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"r-doc-html\", reference:\"3.1.1-1+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"r-doc-info\", reference:\"3.1.1-1+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"r-doc-pdf\", reference:\"3.1.1-1+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"r-mathlib\", reference:\"3.1.1-1+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"r-recommended\", reference:\"3.1.1-1+deb8u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-12T10:15:08", "description": "Update to 3.3.3. Fix CVE-2016-8714.\n\n----\n\nRebuilt for fc26\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.", "edition": 17, "cvss3": {"score": 7.5, "vector": "AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2017-07-17T00:00:00", "title": "Fedora 26 : R / rkward / rpy (2017-07c8f3ea2b)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-8714"], "modified": "2017-07-17T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:rkward", "p-cpe:/a:fedoraproject:fedora:rpy", "p-cpe:/a:fedoraproject:fedora:R", "cpe:/o:fedoraproject:fedora:26"], "id": "FEDORA_2017-07C8F3EA2B.NASL", "href": "https://www.tenable.com/plugins/nessus/101565", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2017-07c8f3ea2b.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(101565);\n script_version(\"3.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2016-8714\");\n script_xref(name:\"FEDORA\", value:\"2017-07c8f3ea2b\");\n\n script_name(english:\"Fedora 26 : R / rkward / rpy (2017-07c8f3ea2b)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Update to 3.3.3. Fix CVE-2016-8714.\n\n----\n\nRebuilt for fc26\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2017-07c8f3ea2b\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected R, rkward and / or rpy packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:R\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:rkward\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:rpy\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:26\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/03/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/04/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/07/17\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^26([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 26\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC26\", reference:\"R-3.3.3-1.fc26\")) flag++;\nif (rpm_check(release:\"FC26\", reference:\"rkward-0.6.5-5.fc26\")) flag++;\nif (rpm_check(release:\"FC26\", reference:\"rpy-2.8.5-3.fc26\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"R / rkward / rpy\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "openvas": [{"lastseen": "2019-05-29T18:34:20", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-8714"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2017-03-21T00:00:00", "id": "OPENVAS:1361412562310872510", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310872510", "type": "openvas", "title": "Fedora Update for rkward FEDORA-2017-da9d0f0dc0", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for rkward FEDORA-2017-da9d0f0dc0\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.872510\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-03-21 05:56:38 +0100 (Tue, 21 Mar 2017)\");\n script_cve_id(\"CVE-2016-8714\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for rkward FEDORA-2017-da9d0f0dc0\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'rkward'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"rkward on Fedora 24\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2017-da9d0f0dc0\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AR4KT57HWFXJEXLGASYJVVYP3IU54KWR\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC24\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC24\")\n{\n\n if ((res = isrpmvuln(pkg:\"rkward\", rpm:\"rkward~0.6.5~5.fc24\", rls:\"FC24\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:34:24", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-8714"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2017-03-21T00:00:00", "id": "OPENVAS:1361412562310872514", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310872514", "type": "openvas", "title": "Fedora Update for rkward FEDORA-2017-ae18216e75", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for rkward FEDORA-2017-ae18216e75\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.872514\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-03-21 05:56:41 +0100 (Tue, 21 Mar 2017)\");\n script_cve_id(\"CVE-2016-8714\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for rkward FEDORA-2017-ae18216e75\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'rkward'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"rkward on Fedora 25\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2017-ae18216e75\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ENU4I67XMZJ2QCRVFPHYX7R3KJOBS44I\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC25\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC25\")\n{\n\n if ((res = isrpmvuln(pkg:\"rkward\", rpm:\"rkward~0.6.5~5.fc25\", rls:\"FC25\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-01-29T20:08:06", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-8714"], "description": "An exploitable buffer overflow vulnerability exists in the\nLoadEncoding functionality of the R programming language. A\nspecially crafted R script can cause a buffer overflow\nresulting in a memory corruption. An attacker can send a\nmalicious R script to trigger this vulnerability.", "modified": "2020-01-29T00:00:00", "published": "2018-01-12T00:00:00", "id": "OPENVAS:1361412562310890861", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310890861", "type": "openvas", "title": "Debian LTS: Security Advisory for r-base (DLA-861-1)", "sourceData": "# Copyright (C) 2018 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.890861\");\n script_version(\"2020-01-29T08:22:52+0000\");\n script_cve_id(\"CVE-2016-8714\");\n script_name(\"Debian LTS: Security Advisory for r-base (DLA-861-1)\");\n script_tag(name:\"last_modification\", value:\"2020-01-29 08:22:52 +0000 (Wed, 29 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2018-01-12 00:00:00 +0100 (Fri, 12 Jan 2018)\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"https://lists.debian.org/debian-lts-announce/2017/03/msg00018.html\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB7\");\n\n script_tag(name:\"affected\", value:\"r-base on Debian Linux\");\n\n script_tag(name:\"solution\", value:\"For Debian 7 'Wheezy', this problem has been fixed in version\n2.15.1-4+deb7u1.\n\nWe recommend that you upgrade your r-base packages.\");\n\n script_tag(name:\"summary\", value:\"An exploitable buffer overflow vulnerability exists in the\nLoadEncoding functionality of the R programming language. A\nspecially crafted R script can cause a buffer overflow\nresulting in a memory corruption. An attacker can send a\nmalicious R script to trigger this vulnerability.\");\n\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif(!isnull(res = isdpkgvuln(pkg:\"r-base\", ver:\"2.15.1-4+deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"r-base-core\", ver:\"2.15.1-4+deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"r-base-core-dbg\", ver:\"2.15.1-4+deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"r-base-dev\", ver:\"2.15.1-4+deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"r-base-html\", ver:\"2.15.1-4+deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"r-doc-html\", ver:\"2.15.1-4+deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"r-doc-info\", ver:\"2.15.1-4+deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"r-doc-pdf\", ver:\"2.15.1-4+deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"r-mathlib\", ver:\"2.15.1-4+deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"r-recommended\", ver:\"2.15.1-4+deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:34:24", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-8714"], "description": "Cory Duplantis discovered a buffer overflow in the R programming\nlanguage. A malformed encoding file may lead to the execution of\narbitrary code during PDF generation.", "modified": "2019-03-18T00:00:00", "published": "2017-03-19T00:00:00", "id": "OPENVAS:1361412562310703813", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310703813", "type": "openvas", "title": "Debian Security Advisory DSA 3813-1 (r-base - security update)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3813.nasl 14280 2019-03-18 14:50:45Z cfischer $\n# Auto-generated from advisory DSA 3813-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2017 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.703813\");\n script_version(\"$Revision: 14280 $\");\n script_cve_id(\"CVE-2016-8714\");\n script_name(\"Debian Security Advisory DSA 3813-1 (r-base - security update)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 15:50:45 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-03-19 00:00:00 +0100 (Sun, 19 Mar 2017)\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"http://www.debian.org/security/2017/dsa-3813.html\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2017 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB(8|9)\");\n script_tag(name:\"affected\", value:\"r-base on Debian Linux\");\n script_tag(name:\"solution\", value:\"For the stable distribution (jessie), this problem has been fixed in\nversion 3.1.1-1+deb8u1.\n\nFor the upcoming stable distribution (stretch), this problem has been\nfixed in version 3.3.3-1.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 3.3.3-1.\n\nWe recommend that you upgrade your r-base packages.\");\n script_tag(name:\"summary\", value:\"Cory Duplantis discovered a buffer overflow in the R programming\nlanguage. A malformed encoding file may lead to the execution of\narbitrary code during PDF generation.\");\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"r-base\", ver:\"3.1.1-1+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"r-base-core\", ver:\"3.1.1-1+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"r-base-core-dbg\", ver:\"3.1.1-1+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"r-base-dev\", ver:\"3.1.1-1+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"r-base-html\", ver:\"3.1.1-1+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"r-doc-html\", ver:\"3.1.1-1+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"r-doc-info\", ver:\"3.1.1-1+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"r-doc-pdf\", ver:\"3.1.1-1+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"r-mathlib\", ver:\"3.1.1-1+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"r-recommended\", ver:\"3.1.1-1+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"r-base\", ver:\"3.3.3-1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"r-base-core\", ver:\"3.3.3-1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"r-base-core-dbg\", ver:\"3.3.3-1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"r-base-dev\", ver:\"3.3.3-1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"r-base-html\", ver:\"3.3.3-1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"r-doc-html\", ver:\"3.3.3-1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"r-doc-info\", ver:\"3.3.3-1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"r-doc-pdf\", ver:\"3.3.3-1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"r-mathlib\", ver:\"3.3.3-1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"r-recommended\", ver:\"3.3.3-1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:34:15", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-8714"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2017-03-21T00:00:00", "id": "OPENVAS:1361412562310872509", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310872509", "type": "openvas", "title": "Fedora Update for R FEDORA-2017-ae18216e75", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for R FEDORA-2017-ae18216e75\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.872509\");\n script_version(\"$Revision: 14225 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 15:32:03 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-03-21 05:56:37 +0100 (Tue, 21 Mar 2017)\");\n script_cve_id(\"CVE-2016-8714\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for R FEDORA-2017-ae18216e75\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'R'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"R on Fedora 25\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2017-ae18216e75\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MGLH4U5VBNH57OJMG6ARNS6QYLNPH5MM\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC25\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC25\")\n{\n\n if ((res = isrpmvuln(pkg:\"R\", rpm:\"R~3.3.3~1.fc25\", rls:\"FC25\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2017-07-24T12:57:39", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-8714"], "description": "Cory Duplantis discovered a buffer overflow in the R programming\nlanguage. A malformed encoding file may lead to the execution of\narbitrary code during PDF generation.", "modified": "2017-07-07T00:00:00", "published": "2017-03-19T00:00:00", "id": "OPENVAS:703813", "href": "http://plugins.openvas.org/nasl.php?oid=703813", "type": "openvas", "title": "Debian Security Advisory DSA 3813-1 (r-base - security update)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3813.nasl 6607 2017-07-07 12:04:25Z cfischer $\n# Auto-generated from advisory DSA 3813-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2017 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\n\nif(description)\n{\n script_id(703813);\n script_version(\"$Revision: 6607 $\");\n script_cve_id(\"CVE-2016-8714\");\n script_name(\"Debian Security Advisory DSA 3813-1 (r-base - security update)\");\n script_tag(name: \"last_modification\", value: \"$Date: 2017-07-07 14:04:25 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name: \"creation_date\", value: \"2017-03-19 00:00:00 +0100 (Sun, 19 Mar 2017)\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name: \"solution_type\", value: \"VendorFix\");\n script_tag(name: \"qod_type\", value: \"package\");\n\n script_xref(name: \"URL\", value: \"http://www.debian.org/security/2017/dsa-3813.html\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2017 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name: \"affected\", value: \"r-base on Debian Linux\");\n script_tag(name: \"insight\", value: \"R is a system for statistical computation and graphics. It consists\nof a language plus a run-time environment with graphics, a debugger,\naccess to certain system functions, and the ability to run programs\nstored in script files.\");\n script_tag(name: \"solution\", value: \"For the stable distribution (jessie), this problem has been fixed in\nversion 3.1.1-1+deb8u1.\n\nFor the upcoming stable distribution (stretch), this problem has been\nfixed in version 3.3.3-1.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 3.3.3-1.\n\nWe recommend that you upgrade your r-base packages.\");\n script_tag(name: \"summary\", value: \"Cory Duplantis discovered a buffer overflow in the R programming\nlanguage. A malformed encoding file may lead to the execution of\narbitrary code during PDF generation.\");\n script_tag(name: \"vuldetect\", value: \"This check tests the installed software version using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"r-base\", ver:\"3.1.1-1+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"r-base-core\", ver:\"3.1.1-1+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"r-base-core-dbg\", ver:\"3.1.1-1+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"r-base-dev\", ver:\"3.1.1-1+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"r-base-html\", ver:\"3.1.1-1+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"r-doc-html\", ver:\"3.1.1-1+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"r-doc-info\", ver:\"3.1.1-1+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"r-doc-pdf\", ver:\"3.1.1-1+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"r-mathlib\", ver:\"3.1.1-1+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"r-recommended\", ver:\"3.1.1-1+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"r-base\", ver:\"3.3.3-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"r-base-core\", ver:\"3.3.3-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"r-base-core-dbg\", ver:\"3.3.3-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"r-base-dev\", ver:\"3.3.3-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"r-base-html\", ver:\"3.3.3-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"r-doc-html\", ver:\"3.3.3-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"r-doc-info\", ver:\"3.3.3-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"r-doc-pdf\", ver:\"3.3.3-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"r-mathlib\", ver:\"3.3.3-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"r-recommended\", ver:\"3.3.3-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:34:33", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-8714"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2017-03-21T00:00:00", "id": "OPENVAS:1361412562310872515", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310872515", "type": "openvas", "title": "Fedora Update for rpy FEDORA-2017-da9d0f0dc0", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for rpy FEDORA-2017-da9d0f0dc0\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.872515\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-03-21 05:56:42 +0100 (Tue, 21 Mar 2017)\");\n script_cve_id(\"CVE-2016-8714\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for rpy FEDORA-2017-da9d0f0dc0\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'rpy'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"rpy on Fedora 24\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2017-da9d0f0dc0\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/J4HMOMVSEQW4B54L7ZW5PSKKKA62VT6B\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC24\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC24\")\n{\n\n if ((res = isrpmvuln(pkg:\"rpy\", rpm:\"rpy~2.8.5~3.fc24\", rls:\"FC24\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:34:24", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-8714"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2017-03-21T00:00:00", "id": "OPENVAS:1361412562310872505", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310872505", "type": "openvas", "title": "Fedora Update for R FEDORA-2017-da9d0f0dc0", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for R FEDORA-2017-da9d0f0dc0\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.872505\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-03-21 05:56:00 +0100 (Tue, 21 Mar 2017)\");\n script_cve_id(\"CVE-2016-8714\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for R FEDORA-2017-da9d0f0dc0\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'R'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"R on Fedora 24\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2017-da9d0f0dc0\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6VDK36EP4GXNSKQFPQDQD5ICMRWCP4RM\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC24\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC24\")\n{\n\n if ((res = isrpmvuln(pkg:\"R\", rpm:\"R~3.3.3~1.fc24\", rls:\"FC24\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:34:08", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-8714"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2017-03-21T00:00:00", "id": "OPENVAS:1361412562310872512", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310872512", "type": "openvas", "title": "Fedora Update for rpy FEDORA-2017-ae18216e75", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for rpy FEDORA-2017-ae18216e75\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.872512\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-03-21 05:56:39 +0100 (Tue, 21 Mar 2017)\");\n script_cve_id(\"CVE-2016-8714\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for rpy FEDORA-2017-ae18216e75\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'rpy'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"rpy on Fedora 25\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2017-ae18216e75\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XXDMM2WOTDZSRJ47YJQPQ2UE3WAL4PCZ\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC25\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC25\")\n{\n\n if ((res = isrpmvuln(pkg:\"rpy\", rpm:\"rpy~2.8.5~3.fc25\", rls:\"FC25\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "debian": [{"lastseen": "2019-05-30T02:21:18", "bulletinFamily": "unix", "cvelist": ["CVE-2016-8714"], "description": "Package : r-base\nVersion : 2.15.1-4+deb7u1\nCVE ID : CVE-2016-8714\nDebian Bug : #857466\n\nAn exploitable buffer overflow vulnerability exists in the\nLoadEncoding functionality of the R programming language. A\nspecially crafted R script can cause a buffer overflow\nresulting in a memory corruption. An attacker can send a\nmalicious R script to trigger this vulnerability.\n\nFor Debian 7 &quot;Wheezy&quot;, this problem has been fixed in version\n2.15.1-4+deb7u1.\n\nWe recommend that you upgrade your r-base packages.\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS\n\n- -- \n -------------- Ola Lundqvist --------------------\n/ opal@debian.org GPG fingerprint \\\n| ola@inguza.com 22F2 32C6 B1E0 F4BF 2B26 |\n| http://inguza.com/ 0A6A 5E90 DCFA 9426 876F /\n -------------------------------------------------\n", "edition": 3, "modified": "2017-03-17T21:52:43", "published": "2017-03-17T21:52:43", "id": "DEBIAN:DLA-861-1:717C5", "href": "https://lists.debian.org/debian-lts-announce/2017/debian-lts-announce-201703/msg00018.html", "title": "[SECURITY] [DLA 861-1] r-base security update", "type": "debian", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-08-12T01:10:17", "bulletinFamily": "unix", "cvelist": ["CVE-2016-8714"], "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-3813-1 security@debian.org\nhttps://www.debian.org/security/ Moritz Muehlenhoff\nMarch 19, 2017 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : r-base\nCVE ID : CVE-2016-8714\n\nCory Duplantis discovered a buffer overflow in the R programming\nlangauage. A malformed encoding file may lead to the execution of\narbitrary code during PDF generation.\n\nFor the stable distribution (jessie), this problem has been fixed in\nversion 3.1.1-1+deb8u1.\n\nFor the upcoming stable distribution (stretch), this problem has been\nfixed in version 3.3.3-1.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 3.3.3-1.\n\nWe recommend that you upgrade your r-base packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "edition": 10, "modified": "2017-03-19T11:54:37", "published": "2017-03-19T11:54:37", "id": "DEBIAN:DSA-3813-1:7EF26", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2017/msg00068.html", "title": "[SECURITY] [DSA 3813-1] r-base security update", "type": "debian", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "talos": [{"lastseen": "2020-07-01T21:25:12", "bulletinFamily": "info", "cvelist": ["CVE-2016-8714"], "description": "# Talos Vulnerability Report\n\n### TALOS-2016-0227\n\n## R PDF LoadEncoding Code Execution Vulnerability\n\n##### March 9, 2017\n\n##### CVE Number\n\nCVE-2016-8714\n\n### Summary\n\nAn exploitable buffer overflow vulnerability exists in the LoadEncoding functionality of the R programming language version 3.3.0. A specially crafted R script can cause a buffer overflow resulting in a memory corruption. An attacker can send a malicious R script to trigger this vulnerability.\n\n### Tested Versions\n\nR 3.3.0 \nR 3.3.2\n\n### Product URLs\n\n<https://www.r-project.org/>\n\n### CVSSv3 Score\n\n7.5 - CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H\n\n### Details\n\nThe R programming language is commonly used in statistical computing and supported by the R Foundation for Statistical Computing. R is praised for having a large variety of statistical and graphical features.\n\nDuring the creation of a PDF document, the file containing the encoding array can be specified by the user. The following command can specify the encoding file for a pdf.\n \n \n pdf(encoding=\"/path/to/some/file\")\n \n\nWhile loading this file, each of the specific elements in the file is copied into the `cname` element for each item in the `encnames` array [0].\n \n \n src/library/grDevices/src/devPS.c:493\n \n\nLoadEncoding(const char *encpath, char *encname, \n \n \n \t\t\tchar *encconvname, CNAME *encnames,\n \t\t\tchar *enccode, Rboolean isPDF)\n {\n ...\n \t for(i = 0; i < 256; i++) {\n \t\t if (GetNextItem(fp, buf, i, &state)) {\n \t\t\t fclose(fp); return 0;\n \t\t }\n \n \t\t strcpy(encnames[i].cname, buf+1); // [0]\n \n \t\t strcat(enccode, \" /\"); strcat(enccode, encnames[i].cname);\n \t\t if(i%8 == 7) strcat(enccode, \"\\n\");\n \t }\n ...\n \n\nThe `encnames` array is a part of a `EncodingInfo` structure.\n \n \n /*\n * Information about a font encoding\n */\n typedef struct EncInfo {\n char encpath[PATH_MAX];\n char name[100]; /* Name written to PostScript/PDF file */\n char convname[50]; /* Name used in mbcsToSbcs() with iconv() */\n CNAME encnames[256];\n char enccode[5000];\n } EncodingInfo, *encodinginfo;\n \n\nThe `encnames` array is of structure type `CNAME` with a `cname` attribute that is a buffer of length 40 [1].\n \n \n src/library/grDevices/src/devPS.c:281\n \n /* The longest named Adobe glyph is 39 chars:\n whitediamondcontainingblacksmalldiamond\n */\n \n typedef struct {\n char cname[40]; // [1]\n } CNAME;\n \n\nBy providing an element in the encoding file of longer than length 40, the `cname` buffer is overflown. This could be leveraged to potentially gain remote code execution later in the program.\n\n### Crash Information\n \n \n $ R -d valgrind -f poc.r\n ...\n ==21442== Invalid write of size 1\n ==21442== at 0x4C34140: __stpcpy_sse2_unaligned (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)\n ==21442== by 0xA0D4D89: ??? (in /usr/lib/R/library/grDevices/libs/grDevices.so)\n ==21442== by 0xA0D6A5B: ??? (in /usr/lib/R/library/grDevices/libs/grDevices.so)\n ==21442== by 0xA0E226D: PDFDeviceDriver (in /usr/lib/R/library/grDevices/libs/grDevices.so)\n ==21442== by 0xA0E3DE9: PDF (in /usr/lib/R/library/grDevices/libs/grDevices.so)\n ==21442== by 0x4F08F80: ??? (in /usr/lib/R/lib/libR.so)\n ==21442== by 0x4F34BFC: ??? (in /usr/lib/R/lib/libR.so)\n ==21442== by 0x4F40F2F: Rf_eval (in /usr/lib/R/lib/libR.so)\n ==21442== by 0x4F4296D: Rf_applyClosure (in /usr/lib/R/lib/libR.so)\n ==21442== by 0x4F410CC: Rf_eval (in /usr/lib/R/lib/libR.so)\n ==21442== by 0x4F68891: Rf_ReplIteration (in /usr/lib/R/lib/libR.so)\n ==21442== by 0x4F68C10: ??? (in /usr/lib/R/lib/libR.so)\n ==21442== Address 0x79f5eee is 0 bytes after a block of size 19,486 alloc'd\n ==21442== at 0x4C2DB8F: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)\n ==21442== by 0xA0D6A28: ??? (in /usr/lib/R/library/grDevices/libs/grDevices.so)\n ==21442== by 0xA0E226D: PDFDeviceDriver (in /usr/lib/R/library/grDevices/libs/grDevices.so)\n ==21442== by 0xA0E3DE9: PDF (in /usr/lib/R/library/grDevices/libs/grDevices.so)\n ==21442== by 0x4F08F80: ??? (in /usr/lib/R/lib/libR.so)\n ==21442== by 0x4F34BFC: ??? (in /usr/lib/R/lib/libR.so)\n ==21442== by 0x4F40F2F: Rf_eval (in /usr/lib/R/lib/libR.so)\n ==21442== by 0x4F4296D: Rf_applyClosure (in /usr/lib/R/lib/libR.so)\n ==21442== by 0x4F410CC: Rf_eval (in /usr/lib/R/lib/libR.so)\n ==21442== by 0x4F68891: Rf_ReplIteration (in /usr/lib/R/lib/libR.so)\n ==21442== by 0x4F68C10: ??? (in /usr/lib/R/lib/libR.so)\n ==21442== by 0x4F68CC3: run_Rmainloop (in /usr/lib/R/lib/libR.so)\n \n\n### Timeline\n\n2016-11-17 - Vendor Disclosure \n2017-03-09 - Public Release\n\n##### Credit\n\nDiscovered by Cory Duplantis of Cisco Talos\n\n* * *\n\nVulnerability Reports Next Report\n\nTALOS-2016-0260\n\nPrevious Report\n\nTALOS-2017-0296\n", "edition": 12, "modified": "2017-03-09T00:00:00", "published": "2017-03-09T00:00:00", "id": "TALOS-2016-0227", "href": "http://www.talosintelligence.com/vulnerability_reports/TALOS-2016-0227", "title": "R PDF LoadEncoding Code Execution Vulnerability", "type": "talos", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}]}