Fedora 30 : abcm2ps (2020-eb7a965fcf)

2020-05-21T00:00:00

Description

New upstream release with fixes for CVEs and other enhancements. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

{"id": "FEDORA_2020-EB7A965FCF.NASL", "vendorId": null, "type": "nessus", "bulletinFamily": "scanner", "title": "Fedora 30 : abcm2ps (2020-eb7a965fcf)", "description": "New upstream release with fixes for CVEs and other enhancements.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "published": "2020-05-21T00:00:00", "modified": "2020-05-26T00:00:00", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {}, "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "href": "https://www.tenable.com/plugins/nessus/136757", "reporter": "This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10771", "https://bodhi.fedoraproject.org/updates/FEDORA-2020-eb7a965fcf", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10753"], "cvelist": ["CVE-2018-10753", "CVE-2018-10771"], "immutableFields": [], "lastseen": "2022-05-22T15:06:53", "viewCount": 3, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2018-10753", "CVE-2018-10771", "CVE-2019-1010011"]}, {"type": "debian", "idList": ["DEBIAN:DLA-2983-1:D6823"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2018-10753", "DEBIANCVE:CVE-2018-10771"]}, {"type": "fedora", "idList": ["FEDORA:0A0AB60323ED", "FEDORA:C5A31616B767", "FEDORA:EEF99615AB4B"]}, {"type": "nessus", "idList": ["DEBIAN_DLA-2983.NASL", "FEDORA_2020-7016BB7A0D.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310877860", "OPENVAS:1361412562310877873", "OPENVAS:1361412562310877896"]}, {"type": "osv", "idList": ["OSV:DLA-2983-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2018-10753", "UB:CVE-2018-10771"]}]}, "score": {"value": 1.0, "vector": "NONE"}, "backreferences": {"references": [{"type": "cve", "idList": ["CVE-2018-10753", "CVE-2018-10771"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2018-10753", "DEBIANCVE:CVE-2018-10771"]}, {"type": "fedora", "idList": ["FEDORA:0A0AB60323ED", "FEDORA:C5A31616B767", "FEDORA:EEF99615AB4B"]}, {"type": "nessus", "idList": ["FEDORA_2020-7016BB7A0D.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310877860", "OPENVAS:1361412562310877873", "OPENVAS:1361412562310877896"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2018-10753", "UB:CVE-2018-10771"]}]}, "exploitation": null, "vulnersScore": 1.0}, "_state": {"dependencies": 1660004461, "score": 1659878424}, "_internal": {"score_hash": "ac15eff667c1c6317a5fcd37245bd9e4"}, "pluginID": "136757", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2020-eb7a965fcf.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(136757);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/05/26\");\n\n script_cve_id(\"CVE-2018-10753\", \"CVE-2018-10771\");\n script_xref(name:\"FEDORA\", value:\"2020-eb7a965fcf\");\n\n script_name(english:\"Fedora 30 : abcm2ps (2020-eb7a965fcf)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"New upstream release with fixes for CVEs and other enhancements.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2020-eb7a965fcf\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected abcm2ps package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:abcm2ps\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:30\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/05/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/05/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/05/21\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^30([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 30\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC30\", reference:\"abcm2ps-8.14.7-2.fc30\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"abcm2ps\");\n}\n", "naslFamily": "Fedora Local Security Checks", "cpe": ["p-cpe:/a:fedoraproject:fedora:abcm2ps", "cpe:/o:fedoraproject:fedora:30"], "solution": "Update the affected abcm2ps package.", "nessusSeverity": "High", "cvssScoreSource": "", "vpr": {"risk factor": "Medium", "score": "5.9"}, "exploitAvailable": false, "exploitEase": "No known exploits are available", "patchPublicationDate": "2020-05-21T00:00:00", "vulnerabilityPublicationDate": "2018-05-05T00:00:00", "exploitableWith": []}

{"openvas": [{"lastseen": "2020-06-03T15:34:17", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2020-05-29T00:00:00", "type": "openvas", "title": "Fedora: Security Advisory for abcm2ps (FEDORA-2020-a820f2b735)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-10753", "CVE-2018-10771"], "modified": "2020-05-29T00:00:00", "id": "OPENVAS:1361412562310877896", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310877896", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from (a) referenced\n# source(s), and are Copyright (C) by the respective right holder(s).\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.877896\");\n script_version(\"2020-05-29T08:53:11+0000\");\n script_cve_id(\"CVE-2018-10753\", \"CVE-2018-10771\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-05-29 08:53:11 +0000 (Fri, 29 May 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-05-29 03:29:24 +0000 (Fri, 29 May 2020)\");\n script_name(\"Fedora: Security Advisory for abcm2ps (FEDORA-2020-a820f2b735)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC32\");\n\n script_xref(name:\"FEDORA\", value:\"2020-a820f2b735\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W6DUTXB4EC3TQHTTAAIBKJ54GJTF6Y7V\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'abcm2ps'\n package(s) announced via the FEDORA-2020-a820f2b735 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Abcm2ps is a package which converts music tunes from ABC format to\nPostscript. Based on abc2ps version 1.2.5, it was developed mainly to\nprint Baroque organ scores which have independent voices played on one\nor many keyboards and a pedal-board. Abcm2ps introduces many\nextensions to the ABC language that make it suitable for classical\nmusic.\");\n\n script_tag(name:\"affected\", value:\"'abcm2ps' package(s) on Fedora 32.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"FC32\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"abcm2ps\", rpm:\"abcm2ps~8.14.7~2.fc32\", rls:\"FC32\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-06-03T15:39:12", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2020-05-29T00:00:00", "type": "openvas", "title": "Fedora: Security Advisory for abcm2ps (FEDORA-2020-7016bb7a0d)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-10753", "CVE-2018-10771"], "modified": "2020-05-29T00:00:00", "id": "OPENVAS:1361412562310877873", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310877873", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from (a) referenced\n# source(s), and are Copyright (C) by the respective right holder(s).\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.877873\");\n script_version(\"2020-05-29T08:53:11+0000\");\n script_cve_id(\"CVE-2018-10753\", \"CVE-2018-10771\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-05-29 08:53:11 +0000 (Fri, 29 May 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-05-29 03:28:53 +0000 (Fri, 29 May 2020)\");\n script_name(\"Fedora: Security Advisory for abcm2ps (FEDORA-2020-7016bb7a0d)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC31\");\n\n script_xref(name:\"FEDORA\", value:\"2020-7016bb7a0d\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LSTB65NYYCKU7O6RF5B6CYY5IA6CA66Y\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'abcm2ps'\n package(s) announced via the FEDORA-2020-7016bb7a0d advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Abcm2ps is a package which converts music tunes from ABC format to\nPostscript. Based on abc2ps version 1.2.5, it was developed mainly to\nprint Baroque organ scores which have independent voices played on one\nor many keyboards and a pedal-board. Abcm2ps introduces many\nextensions to the ABC language that make it suitable for classical\nmusic.\");\n\n script_tag(name:\"affected\", value:\"'abcm2ps' package(s) on Fedora 31.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"FC31\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"abcm2ps\", rpm:\"abcm2ps~8.14.7~2.fc31\", rls:\"FC31\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-06-03T15:39:29", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2020-05-29T00:00:00", "type": "openvas", "title": "Fedora: Security Advisory for abcm2ps (FEDORA-2020-eb7a965fcf)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-10753", "CVE-2018-10771"], "modified": "2020-05-29T00:00:00", "id": "OPENVAS:1361412562310877860", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310877860", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from (a) referenced\n# source(s), and are Copyright (C) by the respective right holder(s).\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.877860\");\n script_version(\"2020-05-29T08:53:11+0000\");\n script_cve_id(\"CVE-2018-10753\", \"CVE-2018-10771\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-05-29 08:53:11 +0000 (Fri, 29 May 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-05-29 03:28:36 +0000 (Fri, 29 May 2020)\");\n script_name(\"Fedora: Security Advisory for abcm2ps (FEDORA-2020-eb7a965fcf)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC30\");\n\n script_xref(name:\"FEDORA\", value:\"2020-eb7a965fcf\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IGDXW2I3MY3QH4PJXLJET5QZZXMXTNWO\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'abcm2ps'\n package(s) announced via the FEDORA-2020-eb7a965fcf advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Abcm2ps is a package which converts music tunes from ABC format to\nPostscript. Based on abc2ps version 1.2.5, it was developed mainly to\nprint Baroque organ scores which have independent voices played on one\nor many keyboards and a pedal-board. Abcm2ps introduces many\nextensions to the ABC language that make it suitable for classical\nmusic.\");\n\n script_tag(name:\"affected\", value:\"'abcm2ps' package(s) on Fedora 30.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"FC30\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"abcm2ps\", rpm:\"abcm2ps~8.14.7~2.fc30\", rls:\"FC30\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "nessus": [{"lastseen": "2022-05-22T15:05:54", "description": "New upstream release with fixes for CVEs and other enhancements.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2020-05-21T00:00:00", "type": "nessus", "title": "Fedora 31 : abcm2ps (2020-7016bb7a0d)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-10753", "CVE-2018-10771"], "modified": "2020-05-26T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:abcm2ps", "cpe:/o:fedoraproject:fedora:31"], "id": "FEDORA_2020-7016BB7A0D.NASL", "href": "https://www.tenable.com/plugins/nessus/136755", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2020-7016bb7a0d.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(136755);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/05/26\");\n\n script_cve_id(\"CVE-2018-10753\", \"CVE-2018-10771\");\n script_xref(name:\"FEDORA\", value:\"2020-7016bb7a0d\");\n\n script_name(english:\"Fedora 31 : abcm2ps (2020-7016bb7a0d)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"New upstream release with fixes for CVEs and other enhancements.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2020-7016bb7a0d\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected abcm2ps package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:abcm2ps\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:31\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/05/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/05/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/05/21\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^31([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 31\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC31\", reference:\"abcm2ps-8.14.7-2.fc31\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"abcm2ps\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-07-11T17:24:34", "description": "The remote Debian 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the dla-2983 advisory.\n\n - Stack-based buffer overflow in the delayed_output function in music.c in abcm2ps through 8.13.20 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact. (CVE-2018-10753)\n\n - Stack-based buffer overflow in the get_key function in parse.c in abcm2ps through 8.13.20 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact.\n (CVE-2018-10771)\n\n - moinejf abcm2ps 8.13.20 is affected by: Incorrect Access Control. The impact is: Allows attackers to cause a denial of service attack via a crafted file. The component is: front.c, function txt_add. The fixed version is: after commit commit 08aef597656d065e86075f3d53fda89765845eae. (CVE-2019-1010069)\n\n - abcm2ps v8.14.11 was discovered to contain an out-of-bounds read in the function calculate_beam at draw.c.\n (CVE-2021-32434)\n\n - Stack-based buffer overflow in the function get_key in parse.c of abcm2ps v8.14.11 allows remote attackers to cause a Denial of Service (DoS) via unspecified vectors. (CVE-2021-32435)\n\n - An out-of-bounds read in the function write_title() in subs.c of abcm2ps v8.14.11 allows remote attackers to cause a Denial of Service (DoS) via unspecified vectors. (CVE-2021-32436)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2022-04-17T00:00:00", "type": "nessus", "title": "Debian DLA-2983-1 : abcm2ps - LTS security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-10753", "CVE-2018-10771", "CVE-2019-1010069", "CVE-2021-32434", "CVE-2021-32435", "CVE-2021-32436"], "modified": "2022-04-17T00:00:00", "cpe": ["cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:abcm2ps:*:*:*:*:*:*:*"], "id": "DEBIAN_DLA-2983.NASL", "href": "https://www.tenable.com/plugins/nessus/159770", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory dla-2983. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(159770);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/17\");\n\n script_cve_id(\n \"CVE-2018-10753\",\n \"CVE-2018-10771\",\n \"CVE-2019-1010069\",\n \"CVE-2021-32434\",\n \"CVE-2021-32435\",\n \"CVE-2021-32436\"\n );\n\n script_name(english:\"Debian DLA-2983-1 : abcm2ps - LTS security update\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Debian host is missing one or more security-related updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Debian 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the\ndla-2983 advisory.\n\n - Stack-based buffer overflow in the delayed_output function in music.c in abcm2ps through 8.13.20 allows\n remote attackers to cause a denial of service (application crash) or possibly have unspecified other\n impact. (CVE-2018-10753)\n\n - Stack-based buffer overflow in the get_key function in parse.c in abcm2ps through 8.13.20 allows remote\n attackers to cause a denial of service (application crash) or possibly have unspecified other impact.\n (CVE-2018-10771)\n\n - moinejf abcm2ps 8.13.20 is affected by: Incorrect Access Control. The impact is: Allows attackers to cause\n a denial of service attack via a crafted file. The component is: front.c, function txt_add. The fixed\n version is: after commit commit 08aef597656d065e86075f3d53fda89765845eae. (CVE-2019-1010069)\n\n - abcm2ps v8.14.11 was discovered to contain an out-of-bounds read in the function calculate_beam at draw.c.\n (CVE-2021-32434)\n\n - Stack-based buffer overflow in the function get_key in parse.c of abcm2ps v8.14.11 allows remote attackers\n to cause a Denial of Service (DoS) via unspecified vectors. (CVE-2021-32435)\n\n - An out-of-bounds read in the function write_title() in subs.c of abcm2ps v8.14.11 allows remote attackers\n to cause a Denial of Service (DoS) via unspecified vectors. (CVE-2021-32436)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/source-package/abcm2ps\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.debian.org/lts/security/2022/dla-2983\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2018-10753\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2018-10771\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2019-1010069\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2021-32434\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2021-32435\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2021-32436\");\n script_set_attribute(attribute:\"see_also\", value:\"https://packages.debian.org/source/stretch/abcm2ps\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade the abcm2ps packages.\n\nFor Debian 9 stretch, these problems have been fixed in version 7.8.9-1+deb9u1.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-10771\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/05/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/04/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/04/17\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:abcm2ps\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:9.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Debian Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('debian_package.inc');\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar release = get_kb_item('Host/Debian/release');\nif ( isnull(release) ) audit(AUDIT_OS_NOT, 'Debian');\nvar release = chomp(release);\nif (! preg(pattern:\"^(9)\\.[0-9]+\", string:release)) audit(AUDIT_OS_NOT, 'Debian 9.0', 'Debian ' + release);\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Debian', cpu);\n\nvar pkgs = [\n {'release': '9.0', 'prefix': 'abcm2ps', 'reference': '7.8.9-1+deb9u1'}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var release = NULL;\n var prefix = NULL;\n var reference = NULL;\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['prefix'])) prefix = package_array['prefix'];\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (release && prefix && reference) {\n if (deb_check(release:release, prefix:prefix, reference:reference)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : deb_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = deb_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'abcm2ps');\n}\n", "cvss": {"score": 7.5, "vector": "CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "fedora": [{"lastseen": "2021-07-28T14:46:51", "description": "Abcm2ps is a package which converts music tunes from ABC format to Postscript. Based on abc2ps version 1.2.5, it was developed mainly to print Baroque organ scores which have independent voices played on one or many keyboards and a pedal-board. Abcm2ps introduces many extensions to the ABC language that make it suitable for classical music. ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2020-05-21T02:50:36", "type": "fedora", "title": "[SECURITY] Fedora 31 Update: abcm2ps-8.14.7-2.fc31", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-10753", "CVE-2018-10771"], "modified": "2020-05-21T02:50:36", "id": "FEDORA:0A0AB60323ED", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/LSTB65NYYCKU7O6RF5B6CYY5IA6CA66Y/", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-07-28T14:46:51", "description": "Abcm2ps is a package which converts music tunes from ABC format to Postscript. Based on abc2ps version 1.2.5, it was developed mainly to print Baroque organ scores which have independent voices played on one or many keyboards and a pedal-board. Abcm2ps introduces many extensions to the ABC language that make it suitable for classical music. ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2020-05-21T02:53:32", "type": "fedora", "title": "[SECURITY] Fedora 32 Update: abcm2ps-8.14.7-2.fc32", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-10753", "CVE-2018-10771"], "modified": "2020-05-21T02:53:32", "id": "FEDORA:EEF99615AB4B", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/W6DUTXB4EC3TQHTTAAIBKJ54GJTF6Y7V/", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-07-28T14:46:51", "description": "Abcm2ps is a package which converts music tunes from ABC format to Postscript. Based on abc2ps version 1.2.5, it was developed mainly to print Baroque organ scores which have independent voices played on one or many keyboards and a pedal-board. Abcm2ps introduces many extensions to the ABC language that make it suitable for classical music. ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2020-05-21T03:08:16", "type": "fedora", "title": "[SECURITY] Fedora 30 Update: abcm2ps-8.14.7-2.fc30", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-10753", "CVE-2018-10771"], "modified": "2020-05-21T03:08:16", "id": "FEDORA:C5A31616B767", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/IGDXW2I3MY3QH4PJXLJET5QZZXMXTNWO/", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "cve": [{"lastseen": "2022-03-23T19:03:54", "description": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2018-10753, CVE-2018-10771. Reason: This candidate is a reservation duplicate of CVE-2018-10753 and CVE-2018-10771. Notes: All CVE users should reference CVE-2018-10753 and CVE-2018-10771 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.", "cvss3": {}, "published": "2019-07-15T03:15:00", "type": "cve", "title": "CVE-2019-1010011", "cwe": [], "bulletinFamily": "NVD", "cvss2": {}, "cvelist": ["CVE-2018-10753", "CVE-2018-10771", "CVE-2019-1010011"], "modified": "2019-07-16T20:15:00", "cpe": [], "id": "CVE-2019-1010011", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-1010011", "cvss": {"score": 0.0, "vector": "NONE"}, "cpe23": []}, {"lastseen": "2022-04-18T06:09:06", "description": "Stack-based buffer overflow in the get_key function in parse.c in abcm2ps through 8.13.20 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-05-07T02:29:00", "type": "cve", "title": "CVE-2018-10771", "cwe": ["CWE-787"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-10771"], "modified": "2022-04-18T01:15:00", "cpe": ["cpe:/a:moinejf:abcm2ps:8.13.20"], "id": "CVE-2018-10771", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-10771", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:moinejf:abcm2ps:8.13.20:*:*:*:*:*:*:*"]}, {"lastseen": "2022-04-18T06:09:06", "description": "Stack-based buffer overflow in the delayed_output function in music.c in abcm2ps through 8.13.20 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-05-05T02:29:00", "type": "cve", "title": "CVE-2018-10753", "cwe": ["CWE-787"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-10753"], "modified": "2022-04-18T01:15:00", "cpe": ["cpe:/a:moinejf:abcm2ps:8.13.20"], "id": "CVE-2018-10753", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-10753", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:moinejf:abcm2ps:8.13.20:*:*:*:*:*:*:*"]}], "ubuntucve": [{"lastseen": "2022-08-04T13:49:59", "description": "Stack-based buffer overflow in the get_key function in parse.c in abcm2ps\nthrough 8.13.20 allows remote attackers to cause a denial of service\n(application crash) or possibly have unspecified other impact.\n\n#### Bugs\n\n * <http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=898130>\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-05-07T00:00:00", "type": "ubuntucve", "title": "CVE-2018-10771", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-10771"], "modified": "2018-05-07T00:00:00", "id": "UB:CVE-2018-10771", "href": "https://ubuntu.com/security/CVE-2018-10771", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-08-04T13:49:59", "description": "Stack-based buffer overflow in the delayed_output function in music.c in\nabcm2ps through 8.13.20 allows remote attackers to cause a denial of\nservice (application crash) or possibly have unspecified other impact.\n\n#### Bugs\n\n * <http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=897966>\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-05-05T00:00:00", "type": "ubuntucve", "title": "CVE-2018-10753", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-10753"], "modified": "2018-05-05T00:00:00", "id": "UB:CVE-2018-10753", "href": "https://ubuntu.com/security/CVE-2018-10753", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "debiancve": [{"lastseen": "2022-07-04T05:57:15", "description": "Stack-based buffer overflow in the get_key function in parse.c in abcm2ps through 8.13.20 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-05-07T02:29:00", "type": "debiancve", "title": "CVE-2018-10771", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-10771"], "modified": "2018-05-07T02:29:00", "id": "DEBIANCVE:CVE-2018-10771", "href": "https://security-tracker.debian.org/tracker/CVE-2018-10771", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-07-04T05:57:15", "description": "Stack-based buffer overflow in the delayed_output function in music.c in abcm2ps through 8.13.20 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-05-05T02:29:00", "type": "debiancve", "title": "CVE-2018-10753", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-10753"], "modified": "2018-05-05T02:29:00", "id": "DEBIANCVE:CVE-2018-10753", "href": "https://security-tracker.debian.org/tracker/CVE-2018-10753", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "osv": [{"lastseen": "2022-07-21T08:14:21", "description": "\nMultiple vulnerabilities have been discovered in abcm2ps: program which\ntranslates ABC music description files to PostScript.\n\n\n* [CVE-2018-10753](https://security-tracker.debian.org/tracker/CVE-2018-10753)\nStack-based buffer overflow in the delayed\\_output function in music.c\n allows remote attackers to cause a denial of service (application crash) or\n possibly have unspecified other impact.\n* [CVE-2018-10771](https://security-tracker.debian.org/tracker/CVE-2018-10771)\nStack-based buffer overflow in the get\\_key function in parse.c allows remote\n attackers to cause a denial of service (application crash) or possibly have\n unspecified other impact.\n* [CVE-2019-1010069](https://security-tracker.debian.org/tracker/CVE-2019-1010069)\nIncorrect access control allows attackers to cause a denial of service via a\n crafted file.\n* [CVE-2021-32434](https://security-tracker.debian.org/tracker/CVE-2021-32434)\nArray overflow when wrong duration in voice overlay.\n* [CVE-2021-32435](https://security-tracker.debian.org/tracker/CVE-2021-32435)\nStack-based buffer overflow in the function get\\_key in parse.c allows remote\n attackers to cause a senial of service (DoS) via unspecified vectors.\n* [CVE-2021-32436](https://security-tracker.debian.org/tracker/CVE-2021-32436)\nOut-of-bounds read in the function write\\_title() in subs.c allows remote\n attackers to cause a denial of service via unspecified vectors.\n\n\nFor Debian 9 stretch, these problems have been fixed in version\n7.8.9-1+deb9u1.\n\n\nWe recommend that you upgrade your abcm2ps packages.\n\n\nFor the detailed security status of abcm2ps please refer to\nits security tracker page at:\n<https://security-tracker.debian.org/tracker/abcm2ps>\n\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: <https://wiki.debian.org/LTS>\n\n\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-04-17T00:00:00", "type": "osv", "title": "abcm2ps - security update", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-10753", "CVE-2018-10771", "CVE-2019-1010069", "CVE-2021-32434", "CVE-2021-32435", "CVE-2021-32436"], "modified": "2022-07-21T05:54:08", "id": "OSV:DLA-2983-1", "href": "https://osv.dev/vulnerability/DLA-2983-1", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "debian": [{"lastseen": "2022-04-17T17:46:21", "description": "From: Anton Gladky <gladk@debian.org>\nTo: debian-lts-announce@lists.debian.org\nSubject: [SECURITY] [DLA 2983-1] abcm2ps security update\n\n- -------------------------------------------------------------------------\nDebian LTS Advisory DLA-2983-1 debian-lts@lists.debian.org\nhttps://www.debian.org/lts/security/ Anton Gladky\nApril 16, 2022 https://wiki.debian.org/LTS\n- -------------------------------------------------------------------------\n\nPackage : abcm2ps\nVersion : 7.8.9-1+deb9u1\nCVE ID : CVE-2018-10753 CVE-2018-10771 CVE-2019-1010069 CVE-2021-32434\n CVE-2021-32435 CVE-2021-32436:\n\nMultiple vulnerabilities have been discovered in abcm2ps: program which\ntranslates ABC music description files to PostScript.\n\nCVE-2018-10753\n\n Stack-based buffer overflow in the delayed_output function in music.c\n allows remote attackers to cause a denial of service (application crash) or\n possibly have unspecified other impact.\n\nCVE-2018-10771\n\n Stack-based buffer overflow in the get_key function in parse.c allows remote\n attackers to cause a denial of service (application crash) or possibly have\n unspecified other impact.\n\nCVE-2019-1010069\n\n Incorrect access control allows attackers to cause a denial of service via a\n crafted file.\n\nCVE-2021-32434\n\n Array overflow when wrong duration in voice overlay.\n\nCVE-2021-32435\n\n Stack-based buffer overflow in the function get_key in parse.c allows remote\n attackers to cause a senial of service (DoS) via unspecified vectors.\n\nCVE-2021-32436\n\n Out-of-bounds read in the function write_title() in subs.c allows remote\n attackers to cause a denial of service via unspecified vectors.\n\nFor Debian 9 stretch, these problems have been fixed in version\n7.8.9-1+deb9u1.\n\nWe recommend that you upgrade your abcm2ps packages.\n\nFor the detailed security status of abcm2ps please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/abcm2ps\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-04-17T05:35:57", "type": "debian", "title": "[SECURITY] [DLA 2983-1] abcm2ps security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-10753", "CVE-2018-10771", "CVE-2019-1010069", "CVE-2021-32434", "CVE-2021-32435", "CVE-2021-32436"], "modified": "2022-04-17T05:35:57", "id": "DEBIAN:DLA-2983-1:D6823", "href": "https://lists.debian.org/debian-lts-announce/2022/04/msg00015.html", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}]}

Fedora 30 : abcm2ps (2020-eb7a965fcf)

Description

Related