DATABASE RESOURCES PRICING ABOUT US

{"id": "FEDORA_2018-E03A17FA61.NASL", "type": "nessus", "bulletinFamily": "scanner", "title": "Fedora 26 : mosquitto (2018-e03a17fa61)", "description": "Fix CVE-2017-7651 (rhbz#1551755, rhbz#1551754)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "published": "2018-04-03T00:00:00", "modified": "2021-01-06T00:00:00", "cvss": {"score": 6, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}, "cvss2": {}, "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "href": "https://www.tenable.com/plugins/nessus/108792", "reporter": "This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["https://bodhi.fedoraproject.org/updates/FEDORA-2018-e03a17fa61", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7652", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7651"], "cvelist": ["CVE-2017-7651", "CVE-2017-7652"], "immutableFields": [], "lastseen": "2021-08-19T12:32:46", "viewCount": 5, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2017-7651", "CVE-2017-7652"]}, {"type": "debian", "idList": ["DEBIAN:DLA-1334-1:FD9A9", "DEBIAN:DLA-1409-1:82A98", "DEBIAN:DSA-4325-1:4A8D0", "DEBIAN:DSA-4325-1:649AD"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2017-7651", "DEBIANCVE:CVE-2017-7652"]}, {"type": "fedora", "idList": ["FEDORA:1CF3F6042D45", "FEDORA:6E6AF632B6F1", "FEDORA:80E836075DAE", "FEDORA:82FBD6076012"]}, {"type": "nessus", "idList": ["DEBIAN_DLA-1334.NASL", "DEBIAN_DLA-1409.NASL", "DEBIAN_DSA-4325.NASL", "FEDORA_2018-AD652798B8.NASL", "FEDORA_2018-D305559481.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310704325", "OPENVAS:1361412562310874314", "OPENVAS:1361412562310874320", "OPENVAS:1361412562310875217", "OPENVAS:1361412562310891334", "OPENVAS:1361412562310891409"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2017-7651", "UB:CVE-2017-7652"]}], "rev": 4}, "score": {"value": 5.4, "vector": "NONE"}, "backreferences": {"references": [{"type": "cve", "idList": ["CVE-2017-7651", "CVE-2017-7652"]}, {"type": "debian", "idList": ["DEBIAN:DLA-1334-1:FD9A9", "DEBIAN:DLA-1409-1:82A98"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2017-7651", "DEBIANCVE:CVE-2017-7652"]}, {"type": "fedora", "idList": ["FEDORA:1CF3F6042D45", "FEDORA:6E6AF632B6F1", "FEDORA:80E836075DAE", "FEDORA:82FBD6076012"]}, {"type": "nessus", "idList": ["DEBIAN_DLA-1334.NASL", "FEDORA_2018-AD652798B8.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310891334"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2017-7651", "UB:CVE-2017-7652"]}]}, "exploitation": null, "vulnersScore": 5.4}, "pluginID": "108792", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2018-e03a17fa61.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(108792);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2017-7651\", \"CVE-2017-7652\");\n script_xref(name:\"FEDORA\", value:\"2018-e03a17fa61\");\n\n script_name(english:\"Fedora 26 : mosquitto (2018-e03a17fa61)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Fix CVE-2017-7651 (rhbz#1551755, rhbz#1551754)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2018-e03a17fa61\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected mosquitto package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:mosquitto\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:26\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/04/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/04/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/04/03\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^26([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 26\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC26\", reference:\"mosquitto-1.4.15-1.fc26\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"mosquitto\");\n}\n", "naslFamily": "Fedora Local Security Checks", "cpe": ["p-cpe:/a:fedoraproject:fedora:mosquitto", "cpe:/o:fedoraproject:fedora:26"], "solution": "Update the affected mosquitto package.", "nessusSeverity": "Medium", "cvssScoreSource": "", "vpr": {"risk factor": "Medium", "score": "5.9"}, "exploitAvailable": false, "exploitEase": "", "patchPublicationDate": "2018-04-02T00:00:00", "vulnerabilityPublicationDate": "2018-04-24T00:00:00", "exploitableWith": [], "_state": {"dependencies": 1645539687}}

{"nessus": [{"lastseen": "2021-08-19T12:32:34", "description": "CVE-2017-7651 A crafted CONNECT packet from an unauthenticated client could result in extraordinary memory consumption.\n\nCVE-2017-7652 In case all sockets/file descriptors are exhausted, a SIGHUP signal to reload the configuration could result in default config values (especially bad security settings)\n\nFor Debian 7 'Wheezy', these problems have been fixed in version 0.15-2+deb7u3.\n\nWe recommend that you upgrade your mosquitto packages.\n\nNOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2018-04-02T00:00:00", "type": "nessus", "title": "Debian DLA-1334-1 : mosquitto security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-7651", "CVE-2017-7652"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:libmosquitto0", "p-cpe:/a:debian:debian_linux:libmosquitto0-dev", "p-cpe:/a:debian:debian_linux:libmosquittopp0", "p-cpe:/a:debian:debian_linux:libmosquittopp0-dev", "p-cpe:/a:debian:debian_linux:mosquitto", "p-cpe:/a:debian:debian_linux:mosquitto-clients", "p-cpe:/a:debian:debian_linux:python-mosquitto", "cpe:/o:debian:debian_linux:7.0"], "id": "DEBIAN_DLA-1334.NASL", "href": "https://www.tenable.com/plugins/nessus/108768", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-1334-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(108768);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2017-7651\", \"CVE-2017-7652\");\n\n script_name(english:\"Debian DLA-1334-1 : mosquitto security update\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"CVE-2017-7651 A crafted CONNECT packet from an unauthenticated client\ncould result in extraordinary memory consumption.\n\nCVE-2017-7652 In case all sockets/file descriptors are exhausted, a\nSIGHUP signal to reload the configuration could result in default\nconfig values (especially bad security settings)\n\nFor Debian 7 'Wheezy', these problems have been fixed in version\n0.15-2+deb7u3.\n\nWe recommend that you upgrade your mosquitto packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2018/03/msg00037.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/wheezy/mosquitto\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libmosquitto0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libmosquitto0-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libmosquittopp0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libmosquittopp0-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:mosquitto\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:mosquitto-clients\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:python-mosquitto\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:7.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/03/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/04/02\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"7.0\", prefix:\"libmosquitto0\", reference:\"0.15-2+deb7u3\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libmosquitto0-dev\", reference:\"0.15-2+deb7u3\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libmosquittopp0\", reference:\"0.15-2+deb7u3\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libmosquittopp0-dev\", reference:\"0.15-2+deb7u3\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"mosquitto\", reference:\"0.15-2+deb7u3\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"mosquitto-clients\", reference:\"0.15-2+deb7u3\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"python-mosquitto\", reference:\"0.15-2+deb7u3\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:31:41", "description": "CVE-2017-7651 fix to avoid extraordinary memory consumption by crafted CONNECT packet from unauthenticated client\n\nCVE-2017-7652 in case all sockets/file descriptors are exhausted, this is a fix to avoid default config values after reloading configuration by SIGHUP signal\n\nFor Debian 8 'Jessie', these problems have been fixed in version 1.3.4-2+deb8u2.\n\nWe recommend that you upgrade your mosquitto packages.\n\nNOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2018-07-02T00:00:00", "type": "nessus", "title": "Debian DLA-1409-1 : mosquitto security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-7651", "CVE-2017-7652"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:libmosquitto-dev", "p-cpe:/a:debian:debian_linux:libmosquitto1", "p-cpe:/a:debian:debian_linux:libmosquittopp-dev", "p-cpe:/a:debian:debian_linux:libmosquittopp1", "p-cpe:/a:debian:debian_linux:mosquitto", "p-cpe:/a:debian:debian_linux:mosquitto-clients", "p-cpe:/a:debian:debian_linux:mosquitto-dbg", "p-cpe:/a:debian:debian_linux:python-mosquitto", "p-cpe:/a:debian:debian_linux:python3-mosquitto", "cpe:/o:debian:debian_linux:8.0"], "id": "DEBIAN_DLA-1409.NASL", "href": "https://www.tenable.com/plugins/nessus/110818", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-1409-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(110818);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2017-7651\", \"CVE-2017-7652\");\n\n script_name(english:\"Debian DLA-1409-1 : mosquitto security update\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"CVE-2017-7651 fix to avoid extraordinary memory consumption by crafted\nCONNECT packet from unauthenticated client\n\nCVE-2017-7652 in case all sockets/file descriptors are exhausted, this\nis a fix to avoid default config values after reloading configuration\nby SIGHUP signal\n\nFor Debian 8 'Jessie', these problems have been fixed in version\n1.3.4-2+deb8u2.\n\nWe recommend that you upgrade your mosquitto packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2018/06/msg00016.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/jessie/mosquitto\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libmosquitto-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libmosquitto1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libmosquittopp-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libmosquittopp1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:mosquitto\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:mosquitto-clients\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:mosquitto-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:python-mosquitto\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:python3-mosquitto\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:8.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/06/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/07/02\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"8.0\", prefix:\"libmosquitto-dev\", reference:\"1.3.4-2+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libmosquitto1\", reference:\"1.3.4-2+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libmosquittopp-dev\", reference:\"1.3.4-2+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libmosquittopp1\", reference:\"1.3.4-2+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"mosquitto\", reference:\"1.3.4-2+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"mosquitto-clients\", reference:\"1.3.4-2+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"mosquitto-dbg\", reference:\"1.3.4-2+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"python-mosquitto\", reference:\"1.3.4-2+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"python3-mosquitto\", reference:\"1.3.4-2+deb8u2\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:29:32", "description": "Fix CVE-2017-7651 (rhbz#1551755, rhbz#1551754)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2019-01-03T00:00:00", "type": "nessus", "title": "Fedora 28 : mosquitto (2018-d305559481)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-7651", "CVE-2017-7652"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:mosquitto", "cpe:/o:fedoraproject:fedora:28"], "id": "FEDORA_2018-D305559481.NASL", "href": "https://www.tenable.com/plugins/nessus/120818", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2018-d305559481.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(120818);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2017-7651\", \"CVE-2017-7652\");\n script_xref(name:\"FEDORA\", value:\"2018-d305559481\");\n\n script_name(english:\"Fedora 28 : mosquitto (2018-d305559481)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Fix CVE-2017-7651 (rhbz#1551755, rhbz#1551754)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2018-d305559481\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected mosquitto package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-7652\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:mosquitto\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:28\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/04/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/04/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/01/03\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^28([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 28\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC28\", reference:\"mosquitto-1.4.15-1.fc28\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"mosquitto\");\n}\n", "cvss": {"score": 6, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:32:35", "description": "Fix CVE-2017-7651 (rhbz#1551755, rhbz#1551754)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2018-04-03T00:00:00", "type": "nessus", "title": "Fedora 27 : mosquitto (2018-ad652798b8)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-7651", "CVE-2017-7652"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:mosquitto", "cpe:/o:fedoraproject:fedora:27"], "id": "FEDORA_2018-AD652798B8.NASL", "href": "https://www.tenable.com/plugins/nessus/108791", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2018-ad652798b8.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(108791);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2017-7651\", \"CVE-2017-7652\");\n script_xref(name:\"FEDORA\", value:\"2018-ad652798b8\");\n\n script_name(english:\"Fedora 27 : mosquitto (2018-ad652798b8)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Fix CVE-2017-7651 (rhbz#1551755, rhbz#1551754)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2018-ad652798b8\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected mosquitto package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:mosquitto\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:27\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/04/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/04/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/04/03\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^27([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 27\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC27\", reference:\"mosquitto-1.4.15-1.fc27\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"mosquitto\");\n}\n", "cvss": {"score": 6, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2022-03-27T15:54:36", "description": "It was discovered that mosquitto, an MQTT broker, was vulnerable to remote denial-of-service attacks that could be mounted using various vectors.", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2018-10-26T00:00:00", "type": "nessus", "title": "Debian DSA-4325-1 : mosquitto - security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-7651", "CVE-2017-7652", "CVE-2017-7653", "CVE-2017-7654"], "modified": "2022-02-04T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:mosquitto", "cpe:/o:debian:debian_linux:9.0"], "id": "DEBIAN_DSA-4325.NASL", "href": "https://www.tenable.com/plugins/nessus/118408", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-4325. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(118408);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/02/04\");\n\n script_cve_id(\"CVE-2017-7651\", \"CVE-2017-7652\", \"CVE-2017-7653\", \"CVE-2017-7654\");\n script_xref(name:\"DSA\", value:\"4325\");\n\n script_name(english:\"Debian DSA-4325-1 : mosquitto - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"It was discovered that mosquitto, an MQTT broker, was vulnerable to\nremote denial-of-service attacks that could be mounted using various\nvectors.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=911265\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=911266\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/source-package/mosquitto\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/stretch/mosquitto\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2018/dsa-4325\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"Upgrade the mosquitto packages.\n\nFor the stable distribution (stretch), these problems have been fixed\nin version 1.4.10-3+deb9u2.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-7652\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:mosquitto\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:9.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/04/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/10/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/10/26\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"9.0\", prefix:\"libmosquitto-dev\", reference:\"1.4.10-3+deb9u2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libmosquitto1\", reference:\"1.4.10-3+deb9u2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libmosquitto1-dbg\", reference:\"1.4.10-3+deb9u2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libmosquittopp-dev\", reference:\"1.4.10-3+deb9u2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libmosquittopp1\", reference:\"1.4.10-3+deb9u2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libmosquittopp1-dbg\", reference:\"1.4.10-3+deb9u2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"mosquitto\", reference:\"1.4.10-3+deb9u2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"mosquitto-clients\", reference:\"1.4.10-3+deb9u2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"mosquitto-dbg\", reference:\"1.4.10-3+deb9u2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"mosquitto-dev\", reference:\"1.4.10-3+deb9u2\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}], "openvas": [{"lastseen": "2019-05-29T18:33:08", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2018-04-03T00:00:00", "type": "openvas", "title": "Fedora Update for mosquitto FEDORA-2018-ad652798b8", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-7651", "CVE-2017-7652"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310874314", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310874314", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2018_ad652798b8_mosquitto_fc27.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for mosquitto FEDORA-2018-ad652798b8\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.874314\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-04-03 09:00:15 +0200 (Tue, 03 Apr 2018)\");\n script_cve_id(\"CVE-2017-7651\", \"CVE-2017-7652\");\n script_tag(name:\"cvss_base\", value:\"6.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:S/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for mosquitto FEDORA-2018-ad652798b8\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'mosquitto'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"mosquitto on Fedora 27\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_xref(name:\"FEDORA\", value:\"2018-ad652798b8\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FP7ERL4EHBNK2ANTRUQ4ZYHAP5Z4K534\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC27\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC27\")\n{\n\n if ((res = isrpmvuln(pkg:\"mosquitto\", rpm:\"mosquitto~1.4.15~1.fc27\", rls:\"FC27\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:32:55", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2018-04-03T00:00:00", "type": "openvas", "title": "Fedora Update for mosquitto FEDORA-2018-e03a17fa61", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-7651", "CVE-2017-7652"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310874320", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310874320", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2018_e03a17fa61_mosquitto_fc26.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for mosquitto FEDORA-2018-e03a17fa61\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.874320\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-04-03 09:01:13 +0200 (Tue, 03 Apr 2018)\");\n script_cve_id(\"CVE-2017-7651\", \"CVE-2017-7652\");\n script_tag(name:\"cvss_base\", value:\"6.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:S/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for mosquitto FEDORA-2018-e03a17fa61\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'mosquitto'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"mosquitto on Fedora 26\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_xref(name:\"FEDORA\", value:\"2018-e03a17fa61\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RYEDVPCR6ICVW23636D3QSTT3FLZNXYA\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC26\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC26\")\n{\n\n if ((res = isrpmvuln(pkg:\"mosquitto\", rpm:\"mosquitto~1.4.15~1.fc26\", rls:\"FC26\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2020-01-29T20:09:14", "description": "CVE-2017-7651\nA crafted CONNECT packet from an unauthenticated client could\nresult in extraordinary memory consumption.\n\nCVE-2017-7652\nIn case all sockets/file descriptors are exhausted, a SIGHUP\nsignal to reload the configuration could result in default\nconfig values (especially bad security settings)", "cvss3": {}, "published": "2018-04-02T00:00:00", "type": "openvas", "title": "Debian LTS: Security Advisory for mosquitto (DLA-1334-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-7651", "CVE-2017-7652"], "modified": "2020-01-29T00:00:00", "id": "OPENVAS:1361412562310891334", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310891334", "sourceData": "# Copyright (C) 2018 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.891334\");\n script_version(\"2020-01-29T08:22:52+0000\");\n script_cve_id(\"CVE-2017-7651\", \"CVE-2017-7652\");\n script_name(\"Debian LTS: Security Advisory for mosquitto (DLA-1334-1)\");\n script_tag(name:\"last_modification\", value:\"2020-01-29 08:22:52 +0000 (Wed, 29 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2018-04-02 00:00:00 +0200 (Mon, 02 Apr 2018)\");\n script_tag(name:\"cvss_base\", value:\"6.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:S/C:P/I:P/A:P\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"https://lists.debian.org/debian-lts-announce/2018/03/msg00037.html\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB7\");\n\n script_tag(name:\"affected\", value:\"mosquitto on Debian Linux\");\n\n script_tag(name:\"solution\", value:\"For Debian 7 'Wheezy', these problems have been fixed in version\n0.15-2+deb7u3.\n\nWe recommend that you upgrade your mosquitto packages.\");\n\n script_tag(name:\"summary\", value:\"CVE-2017-7651\nA crafted CONNECT packet from an unauthenticated client could\nresult in extraordinary memory consumption.\n\nCVE-2017-7652\nIn case all sockets/file descriptors are exhausted, a SIGHUP\nsignal to reload the configuration could result in default\nconfig values (especially bad security settings)\");\n\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif(!isnull(res = isdpkgvuln(pkg:\"libmosquitto0\", ver:\"0.15-2+deb7u3\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libmosquitto0-dev\", ver:\"0.15-2+deb7u3\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libmosquittopp0\", ver:\"0.15-2+deb7u3\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libmosquittopp0-dev\", ver:\"0.15-2+deb7u3\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"mosquitto\", ver:\"0.15-2+deb7u3\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"mosquitto-clients\", ver:\"0.15-2+deb7u3\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"python-mosquitto\", ver:\"0.15-2+deb7u3\", rls:\"DEB7\"))) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}\n", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2020-01-29T20:07:55", "description": "CVE-2017-7651\nfix to avoid extraordinary memory consumption by crafted\nCONNECT packet from unauthenticated client\n\nCVE-2017-7652\nin case all sockets/file descriptors are exhausted, this is a\nfix to avoid default config values after reloading configuration\nby SIGHUP signal", "cvss3": {}, "published": "2018-07-10T00:00:00", "type": "openvas", "title": "Debian LTS: Security Advisory for mosquitto (DLA-1409-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-7651", "CVE-2017-7652"], "modified": "2020-01-29T00:00:00", "id": "OPENVAS:1361412562310891409", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310891409", "sourceData": "# Copyright (C) 2018 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.891409\");\n script_version(\"2020-01-29T08:22:52+0000\");\n script_cve_id(\"CVE-2017-7651\", \"CVE-2017-7652\");\n script_name(\"Debian LTS: Security Advisory for mosquitto (DLA-1409-1)\");\n script_tag(name:\"last_modification\", value:\"2020-01-29 08:22:52 +0000 (Wed, 29 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2018-07-10 00:00:00 +0200 (Tue, 10 Jul 2018)\");\n script_tag(name:\"cvss_base\", value:\"6.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:S/C:P/I:P/A:P\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"https://lists.debian.org/debian-lts-announce/2018/06/msg00016.html\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB8\");\n\n script_tag(name:\"affected\", value:\"mosquitto on Debian Linux\");\n\n script_tag(name:\"solution\", value:\"For Debian 8 'Jessie', these problems have been fixed in version\n1.3.4-2+deb8u2.\n\nWe recommend that you upgrade your mosquitto packages.\");\n\n script_tag(name:\"summary\", value:\"CVE-2017-7651\nfix to avoid extraordinary memory consumption by crafted\nCONNECT packet from unauthenticated client\n\nCVE-2017-7652\nin case all sockets/file descriptors are exhausted, this is a\nfix to avoid default config values after reloading configuration\nby SIGHUP signal\");\n\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif(!isnull(res = isdpkgvuln(pkg:\"libmosquitto-dev\", ver:\"1.3.4-2+deb8u2\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libmosquitto1\", ver:\"1.3.4-2+deb8u2\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libmosquittopp-dev\", ver:\"1.3.4-2+deb8u2\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libmosquittopp1\", ver:\"1.3.4-2+deb8u2\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"mosquitto\", ver:\"1.3.4-2+deb8u2\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"mosquitto-clients\", ver:\"1.3.4-2+deb8u2\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"mosquitto-dbg\", ver:\"1.3.4-2+deb8u2\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"python-mosquitto\", ver:\"1.3.4-2+deb8u2\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"python3-mosquitto\", ver:\"1.3.4-2+deb8u2\", rls:\"DEB8\"))) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}\n", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:33:09", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2018-10-23T00:00:00", "type": "openvas", "title": "Fedora Update for mosquitto FEDORA-2018-a115b0b80e", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-7651", "CVE-2018-12543", "CVE-2017-7652"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310875217", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310875217", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2018_a115b0b80e_mosquitto_fc27.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for mosquitto FEDORA-2018-a115b0b80e\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.875217\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-10-23 12:15:51 +0200 (Tue, 23 Oct 2018)\");\n script_cve_id(\"CVE-2018-12543\", \"CVE-2017-7651\", \"CVE-2017-7652\");\n script_tag(name:\"cvss_base\", value:\"6.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:S/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for mosquitto FEDORA-2018-a115b0b80e\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'mosquitto'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present\n on the target host.\");\n script_tag(name:\"affected\", value:\"mosquitto on Fedora 27\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n\n script_xref(name:\"FEDORA\", value:\"2018-a115b0b80e\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/77EDTTTRVLQNEVCGONNDBXVZ6KXYAGMA\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC27\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC27\")\n{\n\n if ((res = isrpmvuln(pkg:\"mosquitto\", rpm:\"mosquitto~1.5.3~1.fc27\", rls:\"FC27\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2019-07-04T18:56:39", "description": "It was discovered that mosquitto, an MQTT broker, was vulnerable to\nremote denial-of-service attacks that could be mounted using various\nvectors.", "cvss3": {}, "published": "2018-10-25T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 4325-1 (mosquitto - security update)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-7651", "CVE-2017-7653", "CVE-2017-7654", "CVE-2017-7652"], "modified": "2019-07-04T00:00:00", "id": "OPENVAS:1361412562310704325", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310704325", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Auto-generated from advisory DSA 4325-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2018 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License as published by\n# the Free Software Foundation; either version 2 of the License, or\n# (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.704325\");\n script_version(\"2019-07-04T09:25:28+0000\");\n script_cve_id(\"CVE-2017-7651\", \"CVE-2017-7652\", \"CVE-2017-7653\", \"CVE-2017-7654\");\n script_name(\"Debian Security Advisory DSA 4325-1 (mosquitto - security update)\");\n script_tag(name:\"last_modification\", value:\"2019-07-04 09:25:28 +0000 (Thu, 04 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2018-10-25 00:00:00 +0200 (Thu, 25 Oct 2018)\");\n script_tag(name:\"cvss_base\", value:\"6.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:S/C:P/I:P/A:P\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"https://www.debian.org/security/2018/dsa-4325.html\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2018 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB9\");\n script_tag(name:\"affected\", value:\"mosquitto on Debian Linux\");\n script_tag(name:\"solution\", value:\"For the stable distribution (stretch), these problems have been fixed in\nversion 1.4.10-3+deb9u2.\n\nWe recommend that you upgrade your mosquitto packages.\");\n\n script_xref(name:\"URL\", value:\"https://security-tracker.debian.org/tracker/mosquitto\");\n script_tag(name:\"summary\", value:\"It was discovered that mosquitto, an MQTT broker, was vulnerable to\nremote denial-of-service attacks that could be mounted using various\nvectors.\");\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif(!isnull(res = isdpkgvuln(pkg:\"libmosquitto-dev\", ver:\"1.4.10-3+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libmosquitto1\", ver:\"1.4.10-3+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libmosquitto1-dbg\", ver:\"1.4.10-3+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libmosquittopp-dev\", ver:\"1.4.10-3+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libmosquittopp1\", ver:\"1.4.10-3+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libmosquittopp1-dbg\", ver:\"1.4.10-3+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"mosquitto\", ver:\"1.4.10-3+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"mosquitto-clients\", ver:\"1.4.10-3+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"mosquitto-dbg\", ver:\"1.4.10-3+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"mosquitto-dev\", ver:\"1.4.10-3+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}], "debian": [{"lastseen": "2021-12-06T04:01:13", "description": "Package : mosquitto\nVersion : 0.15-2+deb7u3\nCVE ID : CVE-2017-7651 CVE-2017-7652\n\n\nCVE-2017-7651\n A crafted CONNECT packet from an unauthenticated client could\n result in extraordinary memory consumption.\n\nCVE-2017-7652\n In case all sockets/file descriptors are exhausted, a SIGHUP\n signal to reload the configuration could result in default\n config values (especially bad security settings)\n\n\nFor Debian 7 &quot;Wheezy&quot;, these problems have been fixed in version\n0.15-2+deb7u3.\n\nWe recommend that you upgrade your mosquitto packages.\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2018-03-31T18:24:19", "type": "debian", "title": "[SECURITY] [DLA 1334-1] mosquitto security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.0, "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-7651", "CVE-2017-7652"], "modified": "2018-03-31T18:24:19", "id": "DEBIAN:DLA-1334-1:FD9A9", "href": "https://lists.debian.org/debian-lts-announce/2018/03/msg00037.html", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2021-12-05T04:14:30", "description": "Package : mosquitto\nVersion : 1.3.4-2+deb8u2\nCVE ID : CVE-2017-7651 CVE-2017-7652\n\n\nCVE-2017-7651\n fix to avoid extraordinary memory consumption by crafted\n CONNECT packet from unauthenticated client\n\n CVE-2017-7652\n in case all sockets/file descriptors are exhausted, this is a\n fix to avoid default config values after reloading configuration\n by SIGHUP signal\n\n\nFor Debian 8 &quot;Jessie&quot;, these problems have been fixed in version\n1.3.4-2+deb8u2.\n\nWe recommend that you upgrade your mosquitto packages.\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2018-06-29T21:07:47", "type": "debian", "title": "[SECURITY] [DLA 1409-1] mosquitto security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.0, "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-7651", "CVE-2017-7652"], "modified": "2018-06-29T21:07:47", "id": "DEBIAN:DLA-1409-1:82A98", "href": "https://lists.debian.org/debian-lts-announce/2018/06/msg00016.html", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2021-10-21T18:28:26", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-4325-1 security@debian.org\nhttps://www.debian.org/security/ Sebastien Delafond\nOctober 25, 2018 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : mosquitto\nCVE ID : CVE-2017-7651 CVE-2017-7652 CVE-2017-7653 CVE-2017-7654\nDebian Bug : 911265 911266 \n\nIt was discovered that mosquitto, an MQTT broker, was vulnerable to\nremote denial-of-service attacks that could be mounted using various\nvectors.\n\nFor the stable distribution (stretch), these problems have been fixed in\nversion 1.4.10-3+deb9u2.\n\nWe recommend that you upgrade your mosquitto packages.\n\nFor the detailed security status of mosquitto please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/mosquitto\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2018-10-25T07:20:59", "type": "debian", "title": "[SECURITY] [DSA 4325-1] mosquitto security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.0, "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-7651", "CVE-2017-7652", "CVE-2017-7653", "CVE-2017-7654"], "modified": "2018-10-25T07:20:59", "id": "DEBIAN:DSA-4325-1:4A8D0", "href": "https://lists.debian.org/debian-security-announce/2018/msg00256.html", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2022-02-18T23:58:32", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-4325-1 security@debian.org\nhttps://www.debian.org/security/ Sebastien Delafond\nOctober 25, 2018 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : mosquitto\nCVE ID : CVE-2017-7651 CVE-2017-7652 CVE-2017-7653 CVE-2017-7654\nDebian Bug : 911265 911266 \n\nIt was discovered that mosquitto, an MQTT broker, was vulnerable to\nremote denial-of-service attacks that could be mounted using various\nvectors.\n\nFor the stable distribution (stretch), these problems have been fixed in\nversion 1.4.10-3+deb9u2.\n\nWe recommend that you upgrade your mosquitto packages.\n\nFor the detailed security status of mosquitto please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/mosquitto\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2018-10-25T07:20:59", "type": "debian", "title": "[SECURITY] [DSA 4325-1] mosquitto security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.0, "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-7651", "CVE-2017-7652", "CVE-2017-7653", "CVE-2017-7654"], "modified": "2018-10-25T07:20:59", "id": "DEBIAN:DSA-4325-1:649AD", "href": "https://lists.debian.org/debian-security-announce/2018/msg00256.html", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}], "fedora": [{"lastseen": "2020-12-21T08:17:54", "description": "Mosquitto is an open source message broker that implements the MQ Telemetry Transport protocol version 3.1 and 3.1.1 MQTT provides a lightweight method of carrying out messaging using a publish/subscribe model. This makes it suitable for \"machine to machine\" messaging such as with low power sensors or mobile devices such as phones, embedded computers or micro-controllers like the Arduino. ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.5, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-04-02T11:49:42", "type": "fedora", "title": "[SECURITY] Fedora 28 Update: mosquitto-1.4.15-1.fc28", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.0, "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-7651", "CVE-2017-7652"], "modified": "2018-04-02T11:49:42", "id": "FEDORA:80E836075DAE", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/KOGZVVLSEGP3E4BNHVG2MKWS666OTDPZ/", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:54", "description": "Mosquitto is an open source message broker that implements the MQ Telemetry Transport protocol version 3.1 and 3.1.1 MQTT provides a lightweight method of carrying out messaging using a publish/subscribe model. This makes it suitable for \"machine to machine\" messaging such as with low power sensors or mobile devices such as phones, embedded computers or micro-controllers like the Arduino. ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.5, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-04-02T12:34:24", "type": "fedora", "title": "[SECURITY] Fedora 26 Update: mosquitto-1.4.15-1.fc26", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.0, "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-7651", "CVE-2017-7652"], "modified": "2018-04-02T12:34:24", "id": "FEDORA:1CF3F6042D45", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/RYEDVPCR6ICVW23636D3QSTT3FLZNXYA/", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:54", "description": "Mosquitto is an open source message broker that implements the MQ Telemetry Transport protocol version 3.1 and 3.1.1 MQTT provides a lightweight method of carrying out messaging using a publish/subscribe model. This makes it suitable for \"machine to machine\" messaging such as with low power sensors or mobile devices such as phones, embedded computers or micro-controllers like the Arduino. ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.5, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-04-02T13:02:38", "type": "fedora", "title": "[SECURITY] Fedora 27 Update: mosquitto-1.4.15-1.fc27", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.0, "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-7651", "CVE-2017-7652"], "modified": "2018-04-02T13:02:38", "id": "FEDORA:82FBD6076012", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/FP7ERL4EHBNK2ANTRUQ4ZYHAP5Z4K534/", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2021-07-28T18:41:37", "description": "Mosquitto is an open source message broker that implements the MQ Telemetry Transport protocol version 3.1 and 3.1.1 MQTT provides a lightweight method of carrying out messaging using a publish/subscribe model. This makes it suitable for \"machine to machine\" messaging such as with low power sensors or mobile devices such as phones, embedded computers or micro-controllers like the Arduino. ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2018-10-22T22:29:49", "type": "fedora", "title": "[SECURITY] Fedora 27 Update: mosquitto-1.5.3-1.fc27", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.0, "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-7651", "CVE-2017-7652", "CVE-2018-12543"], "modified": "2018-10-22T22:29:49", "id": "FEDORA:6E6AF632B6F1", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/77EDTTTRVLQNEVCGONNDBXVZ6KXYAGMA/", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}], "debiancve": [{"lastseen": "2022-04-20T07:36:11", "description": "In Eclipse Mosquitto 1.4.14, a user can shutdown the Mosquitto server simply by filling the RAM memory with a lot of connections with large payload. This can be done without authentications if occur in connection phase of MQTT protocol.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2018-04-24T14:29:00", "type": "debiancve", "title": "CVE-2017-7651", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-7651"], "modified": "2018-04-24T14:29:00", "id": "DEBIANCVE:CVE-2017-7651", "href": "https://security-tracker.debian.org/tracker/CVE-2017-7651", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-04-20T07:36:11", "description": "In Eclipse Mosquitto 1.4.14, if a Mosquitto instance is set running with a configuration file, then sending a HUP signal to server triggers the configuration to be reloaded from disk. If there are lots of clients connected so that there are no more file descriptors/sockets available (default limit typically 1024 file descriptors on Linux), then opening the configuration file will fail.", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-04-25T13:29:00", "type": "debiancve", "title": "CVE-2017-7652", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.0, "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-7652"], "modified": "2018-04-25T13:29:00", "id": "DEBIANCVE:CVE-2017-7652", "href": "https://security-tracker.debian.org/tracker/CVE-2017-7652", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}], "ubuntucve": [{"lastseen": "2021-11-22T21:36:22", "description": "In Eclipse Mosquitto 1.4.14, a user can shutdown the Mosquitto server\nsimply by filling the RAM memory with a lot of connections with large\npayload. This can be done without authentications if occur in connection\nphase of MQTT protocol.\n\n#### Bugs\n\n * <https://bugs.launchpad.net/ubuntu/+source/mosquitto/+bug/1752591>\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2018-04-24T00:00:00", "type": "ubuntucve", "title": "CVE-2017-7651", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-7651"], "modified": "2018-04-24T00:00:00", "id": "UB:CVE-2017-7651", "href": "https://ubuntu.com/security/CVE-2017-7651", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-11-22T21:36:19", "description": "In Eclipse Mosquitto 1.4.14, if a Mosquitto instance is set running with a\nconfiguration file, then sending a HUP signal to server triggers the\nconfiguration to be reloaded from disk. If there are lots of clients\nconnected so that there are no more file descriptors/sockets available\n(default limit typically 1024 file descriptors on Linux), then opening the\nconfiguration file will fail.", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.5, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-04-25T00:00:00", "type": "ubuntucve", "title": "CVE-2017-7652", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.0, "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-7652"], "modified": "2018-04-25T00:00:00", "id": "UB:CVE-2017-7652", "href": "https://ubuntu.com/security/CVE-2017-7652", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}], "cve": [{"lastseen": "2022-03-23T18:38:57", "description": "In Eclipse Mosquitto 1.4.14, a user can shutdown the Mosquitto server simply by filling the RAM memory with a lot of connections with large payload. This can be done without authentications if occur in connection phase of MQTT protocol.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2018-04-24T14:29:00", "type": "cve", "title": "CVE-2017-7651", "cwe": ["CWE-400"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-7651"], "modified": "2019-10-09T23:29:00", "cpe": ["cpe:/o:debian:debian_linux:7.0", "cpe:/a:eclipse:mosquitto:1.4.14", "cpe:/o:debian:debian_linux:9.0", "cpe:/o:debian:debian_linux:8.0"], "id": "CVE-2017-7651", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-7651", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:eclipse:mosquitto:1.4.14:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T18:39:01", "description": "In Eclipse Mosquitto 1.4.14, if a Mosquitto instance is set running with a configuration file, then sending a HUP signal to server triggers the configuration to be reloaded from disk. If there are lots of clients connected so that there are no more file descriptors/sockets available (default limit typically 1024 file descriptors on Linux), then opening the configuration file will fail.", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-04-25T13:29:00", "type": "cve", "title": "CVE-2017-7652", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.0, "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-7652"], "modified": "2019-10-09T23:29:00", "cpe": ["cpe:/o:debian:debian_linux:7.0", "cpe:/a:eclipse:mosquitto:1.4.14", "cpe:/o:debian:debian_linux:9.0", "cpe:/o:debian:debian_linux:8.0"], "id": "CVE-2017-7652", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-7652", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:eclipse:mosquitto:1.4.14:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*"]}]}