FreeBSD : mozilla -- automated file upload (6e740881-0cae-11d9-8a8a-000c41e2cdad)
2005-07-13T00:00:00
ID FREEBSD_PKG_6E7408810CAE11D98A8A000C41E2CDAD.NASL Type nessus Reporter This script is Copyright (C) 2005-2021 and is owned by Tenable, Inc. or an Affiliate thereof. Modified 2005-07-13T00:00:00
Description
A malicious web page can cause an automated file upload from the
victim's machine when viewed with Mozilla with JavaScript enabled.
This is due to a bug permitting default values for type='file' <input>
elements in certain situations.
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from the FreeBSD VuXML database :
#
# Copyright 2003-2018 Jacques Vidrine and contributors
#
# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,
# HTML, PDF, PostScript, RTF and so forth) with or without modification,
# are permitted provided that the following conditions are met:
# 1. Redistributions of source code (VuXML) must retain the above
# copyright notice, this list of conditions and the following
# disclaimer as the first lines of this file unmodified.
# 2. Redistributions in compiled form (transformed to other DTDs,
# published online in any format, converted to PDF, PostScript,
# RTF and other formats) must reproduce the above copyright
# notice, this list of conditions and the following disclaimer
# in the documentation and/or other materials provided with the
# distribution.
#
# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS "AS IS"
# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS
# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT
# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,
# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(18977);
script_version("1.17");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/06");
script_cve_id("CVE-2004-0759");
script_name(english:"FreeBSD : mozilla -- automated file upload (6e740881-0cae-11d9-8a8a-000c41e2cdad)");
script_summary(english:"Checks for updated packages in pkg_info output");
script_set_attribute(
attribute:"synopsis",
value:
"The remote FreeBSD host is missing one or more security-related
updates."
);
script_set_attribute(
attribute:"description",
value:
"A malicious web page can cause an automated file upload from the
victim's machine when viewed with Mozilla with JavaScript enabled.
This is due to a bug permitting default values for type='file' <input>
elements in certain situations."
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.mozilla.org/show_bug.cgi?id=241924"
);
# https://vuxml.freebsd.org/freebsd/6e740881-0cae-11d9-8a8a-000c41e2cdad.html
script_set_attribute(
attribute:"see_also",
value:"http://www.nessus.org/u?f5ad1f51"
);
script_set_attribute(attribute:"solution", value:"Update the affected packages.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:mozilla");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:mozilla-gtk1");
script_set_attribute(attribute:"cpe", value:"cpe:/o:freebsd:freebsd");
script_set_attribute(attribute:"vuln_publication_date", value:"2004/04/28");
script_set_attribute(attribute:"patch_publication_date", value:"2004/09/22");
script_set_attribute(attribute:"plugin_publication_date", value:"2005/07/13");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2005-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_family(english:"FreeBSD Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/FreeBSD/release", "Host/FreeBSD/pkg_info");
exit(0);
}
include("audit.inc");
include("freebsd_package.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/FreeBSD/release")) audit(AUDIT_OS_NOT, "FreeBSD");
if (!get_kb_item("Host/FreeBSD/pkg_info")) audit(AUDIT_PACKAGE_LIST_MISSING);
flag = 0;
if (pkg_test(save_report:TRUE, pkg:"mozilla>=1.7.a,2<1.7,2")) flag++;
if (pkg_test(save_report:TRUE, pkg:"mozilla>=1.8.a,2<1.8.a2,2")) flag++;
if (pkg_test(save_report:TRUE, pkg:"mozilla-gtk1>=1.7.a<1.7")) flag++;
if (flag)
{
if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get());
else security_warning(0);
exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");
{"id": "FREEBSD_PKG_6E7408810CAE11D98A8A000C41E2CDAD.NASL", "bulletinFamily": "scanner", "title": "FreeBSD : mozilla -- automated file upload (6e740881-0cae-11d9-8a8a-000c41e2cdad)", "description": "A malicious web page can cause an automated file upload from the\nvictim's machine when viewed with Mozilla with JavaScript enabled.\nThis is due to a bug permitting default values for type='file' <input>\nelements in certain situations.", "published": "2005-07-13T00:00:00", "modified": "2005-07-13T00:00:00", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N"}, "href": "https://www.tenable.com/plugins/nessus/18977", "reporter": "This script is Copyright (C) 2005-2021 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["https://bugzilla.mozilla.org/show_bug.cgi?id=241924", "http://www.nessus.org/u?f5ad1f51"], "cvelist": ["CVE-2004-0759"], "type": "nessus", "lastseen": "2021-01-07T10:45:21", "edition": 25, "viewCount": 0, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2004-0759"]}, {"type": "openvas", "idList": ["OPENVAS:52378", "OPENVAS:136141256231065531", "OPENVAS:136141256231053919", "OPENVAS:65531", "OPENVAS:53919"]}, {"type": "osvdb", "idList": ["OSVDB:8305"]}, {"type": "freebsd", "idList": ["6E740881-0CAE-11D9-8A8A-000C41E2CDAD"]}, {"type": "nessus", "idList": ["REDHAT-RHSA-2004-421.NASL", "SLACKWARE_SSA_2004-223-01.NASL", "MANDRAKE_MDKSA-2004-082.NASL"]}, {"type": "redhat", "idList": ["RHSA-2004:421"]}, {"type": "slackware", "idList": ["SSA-2004-223-01"]}, {"type": "suse", "idList": ["SUSE-SA:2004:033", "SUSE-SA:2004:036", "SUSE-SA:2004:035", "SUSE-SA:2004:034", "SUSE-SA:2004:032", "SUSE-SA:2004:031", "SUSE-SA:2004:030"]}], "modified": "2021-01-07T10:45:21", "rev": 2}, "score": {"value": 6.1, "vector": "NONE", "modified": "2021-01-07T10:45:21", "rev": 2}, "vulnersScore": 6.1}, "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(18977);\n script_version(\"1.17\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2004-0759\");\n\n script_name(english:\"FreeBSD : mozilla -- automated file upload (6e740881-0cae-11d9-8a8a-000c41e2cdad)\");\n script_summary(english:\"Checks for updated packages in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote FreeBSD host is missing one or more security-related\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A malicious web page can cause an automated file upload from the\nvictim's machine when viewed with Mozilla with JavaScript enabled.\nThis is due to a bug permitting default values for type='file' <input>\nelements in certain situations.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=241924\"\n );\n # https://vuxml.freebsd.org/freebsd/6e740881-0cae-11d9-8a8a-000c41e2cdad.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?f5ad1f51\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:mozilla\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:mozilla-gtk1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2004/04/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2004/09/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2005/07/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2005-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"mozilla>=1.7.a,2<1.7,2\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"mozilla>=1.8.a,2<1.8.a2,2\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"mozilla-gtk1>=1.7.a<1.7\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "naslFamily": "FreeBSD Local Security Checks", "pluginID": "18977", "cpe": ["p-cpe:/a:freebsd:freebsd:mozilla", "cpe:/o:freebsd:freebsd", "p-cpe:/a:freebsd:freebsd:mozilla-gtk1"], "scheme": null}
{"cve": [{"lastseen": "2020-10-03T11:33:39", "description": "Mozilla before 1.7 allows remote web servers to read arbitrary files via Javascript that sets the value of an <input type=\"file\"> tag.", "edition": 3, "cvss3": {}, "published": "2004-08-18T04:00:00", "title": "CVE-2004-0759", "type": "cve", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2004-0759"], "modified": "2017-10-11T01:29:00", "cpe": ["cpe:/a:mozilla:mozilla:*"], "id": "CVE-2004-0759", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2004-0759", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N"}, "cpe23": ["cpe:2.3:a:mozilla:mozilla:*:*:*:*:*:*:*:*"]}], "openvas": [{"lastseen": "2017-07-02T21:10:14", "bulletinFamily": "scanner", "cvelist": ["CVE-2004-0759"], "description": "The remote host is missing an update to the system\nas announced in the referenced advisory.", "modified": "2016-09-22T00:00:00", "published": "2008-09-04T00:00:00", "id": "OPENVAS:52378", "href": "http://plugins.openvas.org/nasl.php?oid=52378", "type": "openvas", "title": "FreeBSD Ports: mozilla", "sourceData": "#\n#VID 6e740881-0cae-11d9-8a8a-000c41e2cdad\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from vuxml or freebsd advisories\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The following packages are affected:\n mozilla\n mozilla-gtk1\n\nCVE-2004-0759\nMozilla before 1.7 allows remote web servers to read arbitrary files\nvia Javascript that sets the value of an <input type='file'> tag.\";\ntag_solution = \"Update your system with the appropriate patches or\nsoftware upgrades.\n\nhttps://bugzilla.mozilla.org/show_bug.cgi?id=241924\nhttp://www.vuxml.org/freebsd/6e740881-0cae-11d9-8a8a-000c41e2cdad.html\";\ntag_summary = \"The remote host is missing an update to the system\nas announced in the referenced advisory.\";\n\n\nif(description)\n{\n script_id(52378);\n script_version(\"$Revision: 4128 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2016-09-22 07:37:51 +0200 (Thu, 22 Sep 2016) $\");\n script_tag(name:\"creation_date\", value:\"2008-09-04 20:41:11 +0200 (Thu, 04 Sep 2008)\");\n script_bugtraq_id(15495);\n script_cve_id(\"CVE-2004-0759\");\n script_tag(name:\"cvss_base\", value:\"6.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:N\");\n script_name(\"FreeBSD Ports: mozilla\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"FreeBSD Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/freebsdrel\", \"login/SSH/success\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-bsd.inc\");\n\ntxt = \"\";\nvuln = 0;\nbver = portver(pkg:\"mozilla\");\nif(!isnull(bver) && revcomp(a:bver, b:\"1.7.a,2\")>=0 && revcomp(a:bver, b:\"1.7,2\")<0) {\n txt += 'Package mozilla version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nif(!isnull(bver) && revcomp(a:bver, b:\"1.8.a,2\")>=0 && revcomp(a:bver, b:\"1.8.a2,2\")<0) {\n txt += 'Package mozilla version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"mozilla-gtk1\");\nif(!isnull(bver) && revcomp(a:bver, b:\"1.7.a\")>=0 && revcomp(a:bver, b:\"1.7\")<0) {\n txt += 'Package mozilla-gtk1 version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\n\nif(vuln) {\n security_message(data:string(txt));\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-04-06T11:37:13", "bulletinFamily": "scanner", "cvelist": ["CVE-2004-0765", "CVE-2004-0762", "CVE-2004-0758", "CVE-2004-0718", "CVE-2004-0764", "CVE-2004-0757", "CVE-2004-0760", "CVE-2004-0722", "CVE-2004-0759", "CVE-2004-0763", "CVE-2004-0761"], "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n mozilla-dom-inspector\n mozilla-venkman\n mozilla-mail\n mozilla\n mozilla-calendar\n mozilla-irc\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5016546 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/", "modified": "2018-04-06T00:00:00", "published": "2009-10-10T00:00:00", "id": "OPENVAS:136141256231065531", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231065531", "type": "openvas", "title": "SLES9: Security update for Mozilla", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: sles9p5016546.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Security update for Mozilla\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n mozilla-dom-inspector\n mozilla-venkman\n mozilla-mail\n mozilla\n mozilla-calendar\n mozilla-irc\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5016546 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/\";\n\ntag_solution = \"Please install the updates provided by SuSE.\";\n \nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.65531\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-10 16:11:46 +0200 (Sat, 10 Oct 2009)\");\n script_cve_id(\"CVE-2004-0718\", \"CVE-2004-0722\", \"CVE-2004-0757\", \"CVE-2004-0758\", \"CVE-2004-0759\", \"CVE-2004-0760\", \"CVE-2004-0761\", \"CVE-2004-0762\", \"CVE-2004-0763\", \"CVE-2004-0764\", \"CVE-2004-0765\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"SLES9: Security update for Mozilla\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse_sles\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"mozilla-dom-inspector\", rpm:\"mozilla-dom-inspector~1.6~74.8\", rls:\"SLES9.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-26T08:55:11", "bulletinFamily": "scanner", "cvelist": ["CVE-2004-0765", "CVE-2004-0762", "CVE-2004-0758", "CVE-2004-0718", "CVE-2004-0764", "CVE-2004-0757", "CVE-2004-0760", "CVE-2004-0722", "CVE-2004-0759", "CVE-2004-0763", "CVE-2004-0761"], "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n mozilla-dom-inspector\n mozilla-venkman\n mozilla-mail\n mozilla\n mozilla-calendar\n mozilla-irc\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5016546 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/", "modified": "2017-07-11T00:00:00", "published": "2009-10-10T00:00:00", "id": "OPENVAS:65531", "href": "http://plugins.openvas.org/nasl.php?oid=65531", "type": "openvas", "title": "SLES9: Security update for Mozilla", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: sles9p5016546.nasl 6666 2017-07-11 13:13:36Z cfischer $\n# Description: Security update for Mozilla\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n mozilla-dom-inspector\n mozilla-venkman\n mozilla-mail\n mozilla\n mozilla-calendar\n mozilla-irc\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5016546 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/\";\n\ntag_solution = \"Please install the updates provided by SuSE.\";\n \nif(description)\n{\n script_id(65531);\n script_version(\"$Revision: 6666 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-11 15:13:36 +0200 (Tue, 11 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-10 16:11:46 +0200 (Sat, 10 Oct 2009)\");\n script_cve_id(\"CVE-2004-0718\", \"CVE-2004-0722\", \"CVE-2004-0757\", \"CVE-2004-0758\", \"CVE-2004-0759\", \"CVE-2004-0760\", \"CVE-2004-0761\", \"CVE-2004-0762\", \"CVE-2004-0763\", \"CVE-2004-0764\", \"CVE-2004-0765\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"SLES9: Security update for Mozilla\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse_sles\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"mozilla-dom-inspector\", rpm:\"mozilla-dom-inspector~1.6~74.8\", rls:\"SLES9.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:38:32", "bulletinFamily": "scanner", "cvelist": ["CVE-2004-0765", "CVE-2004-0762", "CVE-2004-0758", "CVE-2004-0718", "CVE-2004-0764", "CVE-2004-0757", "CVE-2004-0599", "CVE-2004-0597", "CVE-2004-0760", "CVE-2004-0598", "CVE-2004-0722", "CVE-2004-0759", "CVE-2004-0763", "CVE-2004-0761"], "description": "The remote host is missing an update as announced\nvia advisory SSA:2004-223-01.", "modified": "2019-03-15T00:00:00", "published": "2012-09-11T00:00:00", "id": "OPENVAS:136141256231053919", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231053919", "type": "openvas", "title": "Slackware Advisory SSA:2004-223-01 Mozilla ", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: esoft_slk_ssa_2004_223_01.nasl 14202 2019-03-15 09:16:15Z cfischer $\n# Description: Auto-generated from the corresponding slackware advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.53919\");\n script_tag(name:\"creation_date\", value:\"2012-09-11 01:34:21 +0200 (Tue, 11 Sep 2012)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 10:16:15 +0100 (Fri, 15 Mar 2019) $\");\n script_cve_id(\"CVE-2004-0597\", \"CVE-2004-0598\", \"CVE-2004-0599\", \"CVE-2004-0763\", \"CVE-2004-0758\", \"CVE-2004-0718\", \"CVE-2004-0722\", \"CVE-2004-0757\", \"CVE-2004-0759\", \"CVE-2004-0760\", \"CVE-2004-0761\", \"CVE-2004-0762\", \"CVE-2004-0764\", \"CVE-2004-0765\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_version(\"$Revision: 14202 $\");\n script_name(\"Slackware Advisory SSA:2004-223-01 Mozilla \");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Slackware Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/slackware_linux\", \"ssh/login/slackpack\", re:\"ssh/login/release=SLK(9\\.1|10\\.0)\");\n\n script_xref(name:\"URL\", value:\"https://secure1.securityspace.com/smysecure/catid.html?in=SSA:2004-223-01\");\n\n script_tag(name:\"insight\", value:\"New Mozilla packages are available for Slackware 9.1, 10.0, and -current\nto fix a number of security issues. Slackware 10.0 and -current were\nupgraded to Mozilla 1.7.2, and Slackware 9.1 was upgraded to Mozilla 1.4.3.\nAs usual, new versions of Mozilla require new versions of things that link\nwith the Mozilla libraries, so for Slackware 10.0 and -current new versions\nof epiphany, galeon, gaim, and mozilla-plugins have also been provided.\nThere don't appear to be epiphany and galeon versions that are compatible\nwith Mozilla 1.4.3 and the GNOME in Slackware 9.1, so these are not\nprovided and Epiphany and Galeon will be broken on Slackware 9.1 if the\nnew Mozilla package is installed. Furthermore, earlier versions of\nMozilla (such as the 1.3 series) were not fixed upstream, so versions\nof Slackware earlier than 9.1 will remain vulnerable to these browser\nissues. If you still use Slackware 9.0 or earlier, you may want to\nconsider removing Mozilla or upgrading to a newer version.\n\nFor more details on the outsanding problems, please visit\nthe referenced security advisory.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to the new package(s).\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update as announced\nvia advisory SSA:2004-223-01.\");\n\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-slack.inc\");\n\nreport = \"\";\nres = \"\";\n\nif((res = isslkpkgvuln(pkg:\"mozilla\", ver:\"1.4.3-i486-1\", rls:\"SLK9.1\")) != NULL) {\n report += res;\n}\nif((res = isslkpkgvuln(pkg:\"mozilla-plugins\", ver:\"1.4.3-noarch-1\", rls:\"SLK9.1\")) != NULL) {\n report += res;\n}\nif((res = isslkpkgvuln(pkg:\"mozilla\", ver:\"1.7.2-i486-1\", rls:\"SLK10.0\")) != NULL) {\n report += res;\n}\nif((res = isslkpkgvuln(pkg:\"mozilla-plugins\", ver:\"1.7.2-noarch-1\", rls:\"SLK10.0\")) != NULL) {\n report += res;\n}\nif((res = isslkpkgvuln(pkg:\"epiphany\", ver:\"1.2.7-i486-1\", rls:\"SLK10.0\")) != NULL) {\n report += res;\n}\nif((res = isslkpkgvuln(pkg:\"gaim\", ver:\"0.81-i486-1\", rls:\"SLK10.0\")) != NULL) {\n report += res;\n}\nif((res = isslkpkgvuln(pkg:\"galeon\", ver:\"1.3.17-i486-1\", rls:\"SLK10.0\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2017-09-18T11:13:07", "bulletinFamily": "scanner", "cvelist": ["CVE-2004-0765", "CVE-2004-0762", "CVE-2004-0758", "CVE-2004-0718", "CVE-2004-0764", "CVE-2004-0757", "CVE-2004-0599", "CVE-2004-0597", "CVE-2004-0760", "CVE-2004-0598", "CVE-2004-0722", "CVE-2004-0759", "CVE-2004-0763", "CVE-2004-0761"], "description": "The remote host is missing an update as announced\nvia advisory SSA:2004-223-01.", "modified": "2017-09-15T00:00:00", "published": "2012-09-11T00:00:00", "id": "OPENVAS:53919", "href": "http://plugins.openvas.org/nasl.php?oid=53919", "type": "openvas", "title": "Slackware Advisory SSA:2004-223-01 Mozilla", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: esoft_slk_ssa_2004_223_01.nasl 7141 2017-09-15 09:58:49Z cfischer $\n# Description: Auto-generated from the corresponding slackware advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"New Mozilla packages are available for Slackware 9.1, 10.0, and -current\nto fix a number of security issues. Slackware 10.0 and -current were\nupgraded to Mozilla 1.7.2, and Slackware 9.1 was upgraded to Mozilla 1.4.3.\nAs usual, new versions of Mozilla require new versions of things that link\nwith the Mozilla libraries, so for Slackware 10.0 and -current new versions\nof epiphany, galeon, gaim, and mozilla-plugins have also been provided.\nThere don't appear to be epiphany and galeon versions that are compatible\nwith Mozilla 1.4.3 and the GNOME in Slackware 9.1, so these are not\nprovided and Epiphany and Galeon will be broken on Slackware 9.1 if the\nnew Mozilla package is installed. Furthermore, earlier versions of\nMozilla (such as the 1.3 series) were not fixed upstream, so versions\nof Slackware earlier than 9.1 will remain vulnerable to these browser\nissues. If you still use Slackware 9.0 or earlier, you may want to\nconsider removing Mozilla or upgrading to a newer version.\n\nFor more details on the outsanding problems, please visit\nthe referenced security advisory.\";\ntag_summary = \"The remote host is missing an update as announced\nvia advisory SSA:2004-223-01.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=SSA:2004-223-01\";\n \nif(description)\n{\n script_id(53919);\n script_tag(name:\"creation_date\", value:\"2012-09-11 01:34:21 +0200 (Tue, 11 Sep 2012)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-09-15 11:58:49 +0200 (Fri, 15 Sep 2017) $\");\n script_cve_id(\"CVE-2004-0597\", \"CVE-2004-0598\", \"CVE-2004-0599\", \"CVE-2004-0763\", \"CVE-2004-0758\", \"CVE-2004-0718\", \"CVE-2004-0722\", \"CVE-2004-0757\", \"CVE-2004-0759\", \"CVE-2004-0760\", \"CVE-2004-0761\", \"CVE-2004-0762\", \"CVE-2004-0764\", \"CVE-2004-0765\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_version(\"$Revision: 7141 $\");\n name = \"Slackware Advisory SSA:2004-223-01 Mozilla \";\n script_name(name);\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Slackware Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/slackware_linux\", \"ssh/login/slackpack\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-slack.inc\");\nvuln = 0;\nif(isslkpkgvuln(pkg:\"mozilla\", ver:\"1.4.3-i486-1\", rls:\"SLK9.1\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"mozilla-plugins\", ver:\"1.4.3-noarch-1\", rls:\"SLK9.1\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"mozilla\", ver:\"1.7.2-i486-1\", rls:\"SLK10.0\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"mozilla-plugins\", ver:\"1.7.2-noarch-1\", rls:\"SLK10.0\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"epiphany\", ver:\"1.2.7-i486-1\", rls:\"SLK10.0\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"gaim\", ver:\"0.81-i486-1\", rls:\"SLK10.0\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"galeon\", ver:\"1.3.17-i486-1\", rls:\"SLK10.0\")) {\n vuln = 1;\n}\n\nif(vuln) {\n security_message(0);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "osvdb": [{"lastseen": "2017-04-28T13:20:03", "bulletinFamily": "software", "cvelist": ["CVE-2004-0759"], "edition": 1, "description": "## Vulnerability Description\nMozilla contains a flaw that may allow a malicious user to capture or upload a file from a users machine. The issue is triggered when a user loads a malicious web page which uses a specially crafted javascript. It is possible that the flaw may allow an attacker to retrieve files from known locations without the user being notified, resulting in a loss of confidentiality.\n## Solution Description\nUpgrade to version 1.7 or higher, as it has been reported to fix this vulnerability. It is also possible to correct the flaw by implementing the following workaround(s): disable javascript functionality.\n## Short Description\nMozilla contains a flaw that may allow a malicious user to capture or upload a file from a users machine. The issue is triggered when a user loads a malicious web page which uses a specially crafted javascript. It is possible that the flaw may allow an attacker to retrieve files from known locations without the user being notified, resulting in a loss of confidentiality.\n## References:\n[Vendor Specific Advisory URL](http://bugzilla.mozilla.org/show_bug.cgi?id=241924)\n[Vendor Specific Advisory URL](ftp://ftp.sco.com/pub/openserver5/507/mp/osr507mp4/osr507mp4.htm)\n[Vendor Specific Advisory URL](ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt)\n[Vendor Specific Advisory URL](http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7)\n[Secunia Advisory ID:15432](https://secuniaresearch.flexerasoftware.com/advisories/15432/)\n[Secunia Advisory ID:17645](https://secuniaresearch.flexerasoftware.com/advisories/17645/)\n[Secunia Advisory ID:12234](https://secuniaresearch.flexerasoftware.com/advisories/12234/)\n[Secunia Advisory ID:12283](https://secuniaresearch.flexerasoftware.com/advisories/12283/)\n[Secunia Advisory ID:10856](https://secuniaresearch.flexerasoftware.com/advisories/10856/)\n[Secunia Advisory ID:12747](https://secuniaresearch.flexerasoftware.com/advisories/12747/)\nRedHat RHSA: RHSA-2004:421-17\nOther Advisory URL: http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:082\nOther Advisory URL: http://www.suse.de/de/security/2004_36_mozilla.html\nOther Advisory URL: ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.25/SCOSA-2005.25.txt\nKeyword: SCOSA-2005.49\nISS X-Force ID: 16870\n[CVE-2004-0759](https://vulners.com/cve/CVE-2004-0759)\n", "modified": "2004-08-03T00:00:00", "published": "2004-08-03T00:00:00", "href": "https://vulners.com/osvdb/OSVDB:8305", "id": "OSVDB:8305", "type": "osvdb", "title": "Mozilla Browsers Arbitrary File Upload", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}}], "freebsd": [{"lastseen": "2019-05-29T18:35:12", "bulletinFamily": "unix", "cvelist": ["CVE-2004-0759"], "description": "\nA malicious web page can cause an automated file upload\n\t from the victim's machine when viewed with Mozilla with\n\t Javascript enabled. This is due to a bug permitting\n\t default values for type=\"file\" <input> elements in\n\t certain situations.\n", "edition": 4, "modified": "2004-09-26T00:00:00", "published": "2004-04-28T00:00:00", "id": "6E740881-0CAE-11D9-8A8A-000C41E2CDAD", "href": "https://vuxml.freebsd.org/freebsd/6e740881-0cae-11d9-8a8a-000c41e2cdad.html", "title": "mozilla -- automated file upload", "type": "freebsd", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N"}}], "redhat": [{"lastseen": "2019-08-13T18:45:54", "bulletinFamily": "unix", "cvelist": ["CVE-2004-0597", "CVE-2004-0599", "CVE-2004-0718", "CVE-2004-0722", "CVE-2004-0757", "CVE-2004-0758", "CVE-2004-0759", "CVE-2004-0760", "CVE-2004-0761", "CVE-2004-0762", "CVE-2004-0763", "CVE-2004-0764", "CVE-2004-0765"], "description": "Mozilla is an open source Web browser, advanced email and newsgroup\nclient, IRC chat client, and HTML editor.\n\nA number of flaws have been found in Mozilla 1.4 that have been fixed in\nthe Mozilla 1.4.3 release: \n\nZen Parse reported improper input validation to the SOAPParameter object\nconstructor leading to an integer overflow and controllable heap\ncorruption. Malicious JavaScript could be written to utilize this flaw and\ncould allow arbitrary code execution. The Common Vulnerabilities and\nExposures project (cve.mitre.org) has assigned the name CAN-2004-0722 to\nthis issue.\n\nDuring a source code audit, Chris Evans discovered a buffer overflow and\ninteger overflows which affect the libpng code inside Mozilla. An attacker\ncould create a carefully crafted PNG file in such a way that it would cause\nMozilla to crash or execute arbitrary code when the image was viewed.\n(CAN-2004-0597, CAN-2004-0599)\n\nZen Parse reported a flaw in the POP3 capability. A malicious POP3 server\ncould send a carefully crafted response that would cause a heap overflow\nand potentially allow execution of arbitrary code as the user running\nMozilla. (CAN-2004-0757)\n\nMarcel Boesch found a flaw that allows a CA certificate to be imported with\na DN the same as that of the built-in CA root certificates, which can cause\na denial of service to SSL pages, as the malicious certificate is treated\nas invalid. (CAN-2004-0758)\n\nMet - Martin Hassman reported a flaw in Mozilla that could allow malicious\nJavascript code to upload local files from a users machine without\nrequiring confirmation. (CAN-2004-0759)\n\nMindlock Security reported a flaw in ftp URI handling. By using a NULL\ncharacter (%00) in a ftp URI, Mozilla can be confused into opening a\nresource as a different MIME type. (CAN-2004-0760)\n\nMozilla does not properly prevent a frame in one domain from injecting\ncontent into a frame that belongs to another domain, which facilitates\nwebsite spoofing and other attacks, also known as the frame injection\nvulnerability. (CAN-2004-0718)\n\nTolga Tarhan reported a flaw that can allow a malicious webpage to use a\nredirect sequence to spoof the security lock icon that makes a webpage\nappear to be encrypted. (CAN-2004-0761)\n\nJesse Ruderman reported a security issue that affects a number of browsers\nincluding Mozilla that could allow malicious websites to install arbitrary\nextensions by using interactive events to manipulate the XPInstall Security\ndialog box. (CAN-2004-0762)\n\nEmmanouel Kellinis discovered a caching flaw in Mozilla which allows\nmalicious websites to spoof certificates of trusted websites via\nredirects and Javascript that uses the \"onunload\" method. (CAN-2004-0763)\n\nMozilla allowed malicious websites to hijack the user interface via the\n\"chrome\" flag and XML User Interface Language (XUL) files. (CAN-2004-0764)\n\nThe cert_TestHostName function in Mozilla only checks the hostname portion\nof a certificate when the hostname portion of the URI is not a fully\nqualified domain name (FQDN). This flaw could be used for spoofing if an\nattacker had control of machines on a default DNS search path. (CAN-2004-0765)\n\nAll users are advised to update to these erratum packages which contain a\nsnapshot of Mozilla 1.4.3 including backported fixes and are not vulnerable\nto these issues.", "modified": "2019-03-22T23:43:47", "published": "2004-08-04T04:00:00", "id": "RHSA-2004:421", "href": "https://access.redhat.com/errata/RHSA-2004:421", "type": "redhat", "title": "(RHSA-2004:421) mozilla security update", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "nessus": [{"lastseen": "2021-01-17T13:05:19", "description": "Updated mozilla packages based on version 1.4.3 that fix a number of\nsecurity issues for Red Hat Enterprise Linux are now available.\n\nMozilla is an open source Web browser, advanced email and newsgroup\nclient, IRC chat client, and HTML editor.\n\nA number of flaws have been found in Mozilla 1.4 that have been fixed\nin the Mozilla 1.4.3 release :\n\nZen Parse reported improper input validation to the SOAPParameter\nobject constructor leading to an integer overflow and controllable\nheap corruption. Malicious JavaScript could be written to utilize this\nflaw and could allow arbitrary code execution. The Common\nVulnerabilities and Exposures project (cve.mitre.org) has assigned the\nname CVE-2004-0722 to this issue.\n\nDuring a source code audit, Chris Evans discovered a buffer overflow\nand integer overflows which affect the libpng code inside Mozilla. An\nattacker could create a carefully crafted PNG file in such a way that\nit would cause Mozilla to crash or execute arbitrary code when the\nimage was viewed. (CVE-2004-0597, CVE-2004-0599)\n\nZen Parse reported a flaw in the POP3 capability. A malicious POP3\nserver could send a carefully crafted response that would cause a heap\noverflow and potentially allow execution of arbitrary code as the user\nrunning Mozilla. (CVE-2004-0757)\n\nMarcel Boesch found a flaw that allows a CA certificate to be imported\nwith a DN the same as that of the built-in CA root certificates, which\ncan cause a denial of service to SSL pages, as the malicious\ncertificate is treated as invalid. (CVE-2004-0758)\n\nMet - Martin Hassman reported a flaw in Mozilla that could allow\nmalicious JavaScript code to upload local files from a users machine\nwithout requiring confirmation. (CVE-2004-0759)\n\nMindlock Security reported a flaw in ftp URI handling. By using a NULL\ncharacter (%00) in a ftp URI, Mozilla can be confused into opening a\nresource as a different MIME type. (CVE-2004-0760)\n\nMozilla does not properly prevent a frame in one domain from injecting\ncontent into a frame that belongs to another domain, which facilitates\nwebsite spoofing and other attacks, also known as the frame injection\nvulnerability. (CVE-2004-0718)\n\nTolga Tarhan reported a flaw that can allow a malicious webpage to use\na redirect sequence to spoof the security lock icon that makes a\nwebpage appear to be encrypted. (CVE-2004-0761)\n\nJesse Ruderman reported a security issue that affects a number of\nbrowsers including Mozilla that could allow malicious websites to\ninstall arbitrary extensions by using interactive events to manipulate\nthe XPInstall Security dialog box. (CVE-2004-0762)\n\nEmmanouel Kellinis discovered a caching flaw in Mozilla which allows\nmalicious websites to spoof certificates of trusted websites via\nredirects and JavaScript that uses the 'onunload' method.\n(CVE-2004-0763)\n\nMozilla allowed malicious websites to hijack the user interface via\nthe 'chrome' flag and XML User Interface Language (XUL) files.\n(CVE-2004-0764)\n\nThe cert_TestHostName function in Mozilla only checks the hostname\nportion of a certificate when the hostname portion of the URI is not a\nfully qualified domain name (FQDN). This flaw could be used for\nspoofing if an attacker had control of machines on a default DNS\nsearch path. (CVE-2004-0765)\n\nAll users are advised to update to these erratum packages which\ncontain a snapshot of Mozilla 1.4.3 including backported fixes and are\nnot vulnerable to these issues.", "edition": 30, "published": "2004-08-05T00:00:00", "title": "RHEL 2.1 / 3 : mozilla (RHSA-2004:421)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2004-0765", "CVE-2004-0762", "CVE-2004-0758", "CVE-2004-0718", "CVE-2004-0764", "CVE-2004-0757", "CVE-2004-0599", "CVE-2004-0597", "CVE-2004-0760", "CVE-2004-0722", "CVE-2004-0759", "CVE-2004-0763", "CVE-2004-0761"], "modified": "2004-08-05T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:3", "cpe:/o:redhat:enterprise_linux:2.1", "p-cpe:/a:redhat:enterprise_linux:mozilla", "p-cpe:/a:redhat:enterprise_linux:mozilla-nspr-devel", "p-cpe:/a:redhat:enterprise_linux:mozilla-js-debugger", "p-cpe:/a:redhat:enterprise_linux:mozilla-chat", "p-cpe:/a:redhat:enterprise_linux:galeon", "p-cpe:/a:redhat:enterprise_linux:mozilla-dom-inspector", "p-cpe:/a:redhat:enterprise_linux:mozilla-devel", "p-cpe:/a:redhat:enterprise_linux:mozilla-nss-devel", "p-cpe:/a:redhat:enterprise_linux:mozilla-nss", "p-cpe:/a:redhat:enterprise_linux:mozilla-mail", "p-cpe:/a:redhat:enterprise_linux:mozilla-nspr"], "id": "REDHAT-RHSA-2004-421.NASL", "href": "https://www.tenable.com/plugins/nessus/14214", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2004:421. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(14214);\n script_version(\"1.36\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2004-0597\", \"CVE-2004-0599\", \"CVE-2004-0718\", \"CVE-2004-0722\", \"CVE-2004-0757\", \"CVE-2004-0758\", \"CVE-2004-0759\", \"CVE-2004-0760\", \"CVE-2004-0761\", \"CVE-2004-0762\", \"CVE-2004-0763\", \"CVE-2004-0764\", \"CVE-2004-0765\");\n script_xref(name:\"RHSA\", value:\"2004:421\");\n\n script_name(english:\"RHEL 2.1 / 3 : mozilla (RHSA-2004:421)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated mozilla packages based on version 1.4.3 that fix a number of\nsecurity issues for Red Hat Enterprise Linux are now available.\n\nMozilla is an open source Web browser, advanced email and newsgroup\nclient, IRC chat client, and HTML editor.\n\nA number of flaws have been found in Mozilla 1.4 that have been fixed\nin the Mozilla 1.4.3 release :\n\nZen Parse reported improper input validation to the SOAPParameter\nobject constructor leading to an integer overflow and controllable\nheap corruption. Malicious JavaScript could be written to utilize this\nflaw and could allow arbitrary code execution. The Common\nVulnerabilities and Exposures project (cve.mitre.org) has assigned the\nname CVE-2004-0722 to this issue.\n\nDuring a source code audit, Chris Evans discovered a buffer overflow\nand integer overflows which affect the libpng code inside Mozilla. An\nattacker could create a carefully crafted PNG file in such a way that\nit would cause Mozilla to crash or execute arbitrary code when the\nimage was viewed. (CVE-2004-0597, CVE-2004-0599)\n\nZen Parse reported a flaw in the POP3 capability. A malicious POP3\nserver could send a carefully crafted response that would cause a heap\noverflow and potentially allow execution of arbitrary code as the user\nrunning Mozilla. (CVE-2004-0757)\n\nMarcel Boesch found a flaw that allows a CA certificate to be imported\nwith a DN the same as that of the built-in CA root certificates, which\ncan cause a denial of service to SSL pages, as the malicious\ncertificate is treated as invalid. (CVE-2004-0758)\n\nMet - Martin Hassman reported a flaw in Mozilla that could allow\nmalicious JavaScript code to upload local files from a users machine\nwithout requiring confirmation. (CVE-2004-0759)\n\nMindlock Security reported a flaw in ftp URI handling. By using a NULL\ncharacter (%00) in a ftp URI, Mozilla can be confused into opening a\nresource as a different MIME type. (CVE-2004-0760)\n\nMozilla does not properly prevent a frame in one domain from injecting\ncontent into a frame that belongs to another domain, which facilitates\nwebsite spoofing and other attacks, also known as the frame injection\nvulnerability. (CVE-2004-0718)\n\nTolga Tarhan reported a flaw that can allow a malicious webpage to use\na redirect sequence to spoof the security lock icon that makes a\nwebpage appear to be encrypted. (CVE-2004-0761)\n\nJesse Ruderman reported a security issue that affects a number of\nbrowsers including Mozilla that could allow malicious websites to\ninstall arbitrary extensions by using interactive events to manipulate\nthe XPInstall Security dialog box. (CVE-2004-0762)\n\nEmmanouel Kellinis discovered a caching flaw in Mozilla which allows\nmalicious websites to spoof certificates of trusted websites via\nredirects and JavaScript that uses the 'onunload' method.\n(CVE-2004-0763)\n\nMozilla allowed malicious websites to hijack the user interface via\nthe 'chrome' flag and XML User Interface Language (XUL) files.\n(CVE-2004-0764)\n\nThe cert_TestHostName function in Mozilla only checks the hostname\nportion of a certificate when the hostname portion of the URI is not a\nfully qualified domain name (FQDN). This flaw could be used for\nspoofing if an attacker had control of machines on a default DNS\nsearch path. (CVE-2004-0765)\n\nAll users are advised to update to these erratum packages which\ncontain a snapshot of Mozilla 1.4.3 including backported fixes and are\nnot vulnerable to these issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2004-0597\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2004-0599\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2004-0718\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2004-0722\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2004-0757\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2004-0758\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2004-0759\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2004-0760\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2004-0761\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2004-0762\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2004-0763\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2004-0764\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2004-0765\"\n );\n # http://bugzilla.mozilla.org/show_bug.cgi?id=236618\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=236618\"\n );\n # http://bugzilla.mozilla.org/show_bug.cgi?id=251381\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=251381\"\n );\n # http://bugzilla.mozilla.org/show_bug.cgi?id=229374\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=229374\"\n );\n # http://bugzilla.mozilla.org/show_bug.cgi?id=249004\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=249004\"\n );\n # http://bugzilla.mozilla.org/show_bug.cgi?id=241924\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=241924\"\n );\n # http://bugzilla.mozilla.org/show_bug.cgi?id=250906\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=250906\"\n );\n # http://bugzilla.mozilla.org/show_bug.cgi?id=246448\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=246448\"\n );\n # http://bugzilla.mozilla.org/show_bug.cgi?id=240053\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=240053\"\n );\n # http://bugzilla.mozilla.org/show_bug.cgi?id=162020\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=162020\"\n );\n # http://bugzilla.mozilla.org/show_bug.cgi?id=253121\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=253121\"\n );\n # http://bugzilla.mozilla.org/show_bug.cgi?id=244965\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=244965\"\n );\n # http://bugzilla.mozilla.org/show_bug.cgi?id=234058\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=234058\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2004:421\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:galeon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mozilla\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mozilla-chat\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mozilla-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mozilla-dom-inspector\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mozilla-js-debugger\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mozilla-mail\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mozilla-nspr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mozilla-nspr-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mozilla-nss\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mozilla-nss-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:2.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:3\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2004/07/27\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2004/08/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2004/08/05\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2004-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(2\\.1|3)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 2.1 / 3.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2004:421\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"galeon-1.2.13-3.2.1\")) flag++;\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"mozilla-1.4.3-2.1.2\")) flag++;\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"mozilla-chat-1.4.3-2.1.2\")) flag++;\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"mozilla-devel-1.4.3-2.1.2\")) flag++;\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"mozilla-dom-inspector-1.4.3-2.1.2\")) flag++;\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"mozilla-js-debugger-1.4.3-2.1.2\")) flag++;\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"mozilla-mail-1.4.3-2.1.2\")) flag++;\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"mozilla-nspr-1.4.3-2.1.2\")) flag++;\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"mozilla-nspr-devel-1.4.3-2.1.2\")) flag++;\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"mozilla-nss-1.4.3-2.1.2\")) flag++;\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"mozilla-nss-devel-1.4.3-2.1.2\")) flag++;\n\n if (rpm_check(release:\"RHEL3\", reference:\"mozilla-1.4.3-3.0.2\")) flag++;\n if (rpm_check(release:\"RHEL3\", reference:\"mozilla-chat-1.4.3-3.0.2\")) flag++;\n if (rpm_check(release:\"RHEL3\", reference:\"mozilla-devel-1.4.3-3.0.2\")) flag++;\n if (rpm_check(release:\"RHEL3\", reference:\"mozilla-dom-inspector-1.4.3-3.0.2\")) flag++;\n if (rpm_check(release:\"RHEL3\", reference:\"mozilla-js-debugger-1.4.3-3.0.2\")) flag++;\n if (rpm_check(release:\"RHEL3\", reference:\"mozilla-mail-1.4.3-3.0.2\")) flag++;\n if (rpm_check(release:\"RHEL3\", reference:\"mozilla-nspr-1.4.3-3.0.2\")) flag++;\n if (rpm_check(release:\"RHEL3\", reference:\"mozilla-nspr-devel-1.4.3-3.0.2\")) flag++;\n if (rpm_check(release:\"RHEL3\", reference:\"mozilla-nss-1.4.3-3.0.2\")) flag++;\n if (rpm_check(release:\"RHEL3\", reference:\"mozilla-nss-devel-1.4.3-3.0.2\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"galeon / mozilla / mozilla-chat / mozilla-devel / etc\");\n }\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-17T09:10:15", "description": "New Mozilla packages are available for Slackware 9.1, 10.0, and\n-current to fix a number of security issues. Slackware 10.0 and\n-current were upgraded to Mozilla 1.7.2, and Slackware 9.1 was\nupgraded to Mozilla 1.4.3. As usual, new versions of Mozilla require\nnew versions of things that link with the Mozilla libraries, so for\nSlackware 10.0 and -current new versions of epiphany, galeon, gaim,\nand mozilla-plugins have also been provided. There don't appear to be\nepiphany and galeon versions that are compatible with Mozilla 1.4.3\nand the GNOME in Slackware 9.1, so these are not provided and Epiphany\nand Galeon will be broken on Slackware 9.1 if the new Mozilla package\nis installed. Furthermore, earlier versions of Mozilla (such as the\n1.3 series) were not fixed upstream, so versions of Slackware earlier\nthan 9.1 will remain vulnerable to these browser issues. If you still\nuse Slackware 9.0 or earlier, you may want to consider removing\nMozilla or upgrading to a newer version.", "edition": 24, "published": "2005-07-13T00:00:00", "title": "Slackware 10.0 / 9.1 / current : Mozilla (SSA:2004-223-01)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2004-0765", "CVE-2004-0762", "CVE-2004-0758", "CVE-2004-0718", "CVE-2004-0764", "CVE-2004-0757", "CVE-2004-0599", "CVE-2004-0597", "CVE-2004-0760", "CVE-2004-0598", "CVE-2004-0722", "CVE-2004-0759", "CVE-2004-0763", "CVE-2004-0761"], "modified": "2005-07-13T00:00:00", "cpe": ["p-cpe:/a:slackware:slackware_linux:mozilla-plugins", "cpe:/o:slackware:slackware_linux:9.1", "p-cpe:/a:slackware:slackware_linux:gaim", "cpe:/o:slackware:slackware_linux:10.0", "p-cpe:/a:slackware:slackware_linux:galeon", "p-cpe:/a:slackware:slackware_linux:epiphany", "cpe:/o:slackware:slackware_linux", "p-cpe:/a:slackware:slackware_linux:mozilla"], "id": "SLACKWARE_SSA_2004-223-01.NASL", "href": "https://www.tenable.com/plugins/nessus/18794", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Slackware Security Advisory 2004-223-01. The text \n# itself is copyright (C) Slackware Linux, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(18794);\n script_version(\"1.18\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2004-0597\", \"CVE-2004-0598\", \"CVE-2004-0599\", \"CVE-2004-0718\", \"CVE-2004-0722\", \"CVE-2004-0757\", \"CVE-2004-0758\", \"CVE-2004-0759\", \"CVE-2004-0760\", \"CVE-2004-0761\", \"CVE-2004-0762\", \"CVE-2004-0763\", \"CVE-2004-0764\", \"CVE-2004-0765\");\n script_xref(name:\"SSA\", value:\"2004-223-01\");\n\n script_name(english:\"Slackware 10.0 / 9.1 / current : Mozilla (SSA:2004-223-01)\");\n script_summary(english:\"Checks for updated packages in /var/log/packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Slackware host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"New Mozilla packages are available for Slackware 9.1, 10.0, and\n-current to fix a number of security issues. Slackware 10.0 and\n-current were upgraded to Mozilla 1.7.2, and Slackware 9.1 was\nupgraded to Mozilla 1.4.3. As usual, new versions of Mozilla require\nnew versions of things that link with the Mozilla libraries, so for\nSlackware 10.0 and -current new versions of epiphany, galeon, gaim,\nand mozilla-plugins have also been provided. There don't appear to be\nepiphany and galeon versions that are compatible with Mozilla 1.4.3\nand the GNOME in Slackware 9.1, so these are not provided and Epiphany\nand Galeon will be broken on Slackware 9.1 if the new Mozilla package\nis installed. Furthermore, earlier versions of Mozilla (such as the\n1.3 series) were not fixed upstream, so versions of Slackware earlier\nthan 9.1 will remain vulnerable to these browser issues. If you still\nuse Slackware 9.0 or earlier, you may want to consider removing\nMozilla or upgrading to a newer version.\"\n );\n # http://www.slackware.com/security/viewer.php?l=slackware-security&y=2004&m=slackware-security.667659\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?38dd43e4\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:slackware:slackware_linux:epiphany\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:slackware:slackware_linux:gaim\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:slackware:slackware_linux:galeon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:slackware:slackware_linux:mozilla\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:slackware:slackware_linux:mozilla-plugins\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:10.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:9.1\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2004/07/27\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2004/08/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2005/07/13\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2005-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Slackware Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Slackware/release\", \"Host/Slackware/packages\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"slackware.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Slackware/release\")) audit(AUDIT_OS_NOT, \"Slackware\");\nif (!get_kb_item(\"Host/Slackware/packages\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Slackware\", cpu);\n\n\nflag = 0;\nif (slackware_check(osver:\"9.1\", pkgname:\"mozilla\", pkgver:\"1.4.3\", pkgarch:\"i486\", pkgnum:\"1\")) flag++;\nif (slackware_check(osver:\"9.1\", pkgname:\"mozilla-plugins\", pkgver:\"1.4.3\", pkgarch:\"noarch\", pkgnum:\"1\")) flag++;\n\nif (slackware_check(osver:\"10.0\", pkgname:\"epiphany\", pkgver:\"1.2.7\", pkgarch:\"i486\", pkgnum:\"1\")) flag++;\nif (slackware_check(osver:\"10.0\", pkgname:\"gaim\", pkgver:\"0.81\", pkgarch:\"i486\", pkgnum:\"1\")) flag++;\nif (slackware_check(osver:\"10.0\", pkgname:\"galeon\", pkgver:\"1.3.17\", pkgarch:\"i486\", pkgnum:\"1\")) flag++;\nif (slackware_check(osver:\"10.0\", pkgname:\"mozilla\", pkgver:\"1.7.2\", pkgarch:\"i486\", pkgnum:\"1\")) flag++;\nif (slackware_check(osver:\"10.0\", pkgname:\"mozilla-plugins\", pkgver:\"1.7.2\", pkgarch:\"noarch\", pkgnum:\"1\")) flag++;\n\nif (slackware_check(osver:\"current\", pkgname:\"epiphany\", pkgver:\"1.2.7\", pkgarch:\"i486\", pkgnum:\"1\")) flag++;\nif (slackware_check(osver:\"current\", pkgname:\"gaim\", pkgver:\"0.81\", pkgarch:\"i486\", pkgnum:\"1\")) flag++;\nif (slackware_check(osver:\"current\", pkgname:\"galeon\", pkgver:\"1.3.17\", pkgarch:\"i486\", pkgnum:\"1\")) flag++;\nif (slackware_check(osver:\"current\", pkgname:\"mozilla\", pkgver:\"1.7.2\", pkgarch:\"i486\", pkgnum:\"1\")) flag++;\nif (slackware_check(osver:\"current\", pkgname:\"mozilla-plugins\", pkgver:\"1.7.2\", pkgarch:\"noarch\", pkgnum:\"1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:slackware_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-07T11:51:22", "description": "A number of security vulnerabilities in mozilla are addressed by this\nupdate for Mandrakelinux 10.0 users, including a fix for frame\nspoofing, a fixed popup XPInstall/security dialog bug, a fix for\nuntrusted chrome calls, a fix for SSL certificate spoofing, a fix for\nstealing secure HTTP Auth passwords via DNS spoofing, a fix for\ninsecure matching of cert names for non-FQDNs, a fix for focus\nredefinition from another domain, a fix for a SOAP parameter overflow,\na fix for text drag on file entry, a fix for certificate DoS, and a\nfix for lock icon and cert spoofing.\n\nAdditionally, mozilla for both Mandrakelinux 9.2 and 10.0 have been\nrebuilt to use the system libjpeg and libpng which addresses\nvulnerabilities discovered in libpng (ref: MDKSA-2004:079).", "edition": 25, "published": "2004-08-22T00:00:00", "title": "Mandrake Linux Security Advisory : mozilla (MDKSA-2004:082)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2004-0765", "CVE-2004-0779", "CVE-2004-0762", "CVE-2004-0758", "CVE-2004-0718", "CVE-2005-1937", "CVE-2004-1449", "CVE-2004-0764", "CVE-2004-0757", "CVE-2004-0599", "CVE-2004-0597", "CVE-2004-0760", "CVE-2004-0598", "CVE-2004-0722", "CVE-2004-0759", "CVE-2004-0763", "CVE-2004-0761"], "modified": "2004-08-22T00:00:00", "cpe": ["p-cpe:/a:mandriva:linux:libnspr4", "p-cpe:/a:mandriva:linux:mozilla-devel", "p-cpe:/a:mandriva:linux:mozilla-enigmime", "p-cpe:/a:mandriva:linux:libnspr4-devel", "p-cpe:/a:mandriva:linux:lib64nspr4-devel", "p-cpe:/a:mandriva:linux:lib64nss3-devel", "cpe:/o:mandrakesoft:mandrake_linux:10.0", "p-cpe:/a:mandriva:linux:lib64nspr4", "cpe:/o:mandrakesoft:mandrake_linux:9.2", "p-cpe:/a:mandriva:linux:lib64nss3", "p-cpe:/a:mandriva:linux:mozilla-irc", "p-cpe:/a:mandriva:linux:mozilla-enigmail", "p-cpe:/a:mandriva:linux:libnss3-devel", "p-cpe:/a:mandriva:linux:libnss3", "p-cpe:/a:mandriva:linux:mozilla-mail", "p-cpe:/a:mandriva:linux:mozilla-spellchecker", "p-cpe:/a:mandriva:linux:mozilla-js-debugger", "p-cpe:/a:mandriva:linux:mozilla-dom-inspector", "p-cpe:/a:mandriva:linux:mozilla"], "id": "MANDRAKE_MDKSA-2004-082.NASL", "href": "https://www.tenable.com/plugins/nessus/14331", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandrake Linux Security Advisory MDKSA-2004:082. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(14331);\n script_version(\"1.21\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2004-0597\", \"CVE-2004-0598\", \"CVE-2004-0599\", \"CVE-2004-0718\", \"CVE-2004-0722\", \"CVE-2004-0757\", \"CVE-2004-0758\", \"CVE-2004-0759\", \"CVE-2004-0760\", \"CVE-2004-0761\", \"CVE-2004-0762\", \"CVE-2004-0763\", \"CVE-2004-0764\", \"CVE-2004-0765\", \"CVE-2004-0779\", \"CVE-2004-1449\", \"CVE-2005-1937\");\n script_xref(name:\"MDKSA\", value:\"2004:082\");\n\n script_name(english:\"Mandrake Linux Security Advisory : mozilla (MDKSA-2004:082)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandrake Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A number of security vulnerabilities in mozilla are addressed by this\nupdate for Mandrakelinux 10.0 users, including a fix for frame\nspoofing, a fixed popup XPInstall/security dialog bug, a fix for\nuntrusted chrome calls, a fix for SSL certificate spoofing, a fix for\nstealing secure HTTP Auth passwords via DNS spoofing, a fix for\ninsecure matching of cert names for non-FQDNs, a fix for focus\nredefinition from another domain, a fix for a SOAP parameter overflow,\na fix for text drag on file entry, a fix for certificate DoS, and a\nfix for lock icon and cert spoofing.\n\nAdditionally, mozilla for both Mandrakelinux 9.2 and 10.0 have been\nrebuilt to use the system libjpeg and libpng which addresses\nvulnerabilities discovered in libpng (ref: MDKSA-2004:079).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=149478\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://bugzilla.mozilla.org/show_bug.cgi?id=162020\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=206859\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=226278\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://bugzilla.mozilla.org/show_bug.cgi?id=229374\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://bugzilla.mozilla.org/show_bug.cgi?id=234058\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://bugzilla.mozilla.org/show_bug.cgi?id=236618\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=239580\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://bugzilla.mozilla.org/show_bug.cgi?id=240053\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://bugzilla.mozilla.org/show_bug.cgi?id=244965\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://bugzilla.mozilla.org/show_bug.cgi?id=246448\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://bugzilla.mozilla.org/show_bug.cgi?id=249004\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://bugzilla.mozilla.org/show_bug.cgi?id=253121\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=86028\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64nspr4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64nspr4-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64nss3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64nss3-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libnspr4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libnspr4-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libnss3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libnss3-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-dom-inspector\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-enigmail\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-enigmime\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-irc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-js-debugger\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-mail\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mozilla-spellchecker\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandrakesoft:mandrake_linux:10.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandrakesoft:mandrake_linux:9.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2004/08/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2004/08/22\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2004-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK10.0\", cpu:\"amd64\", reference:\"lib64nspr4-1.6-12.1.100mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.0\", cpu:\"amd64\", reference:\"lib64nspr4-devel-1.6-12.1.100mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.0\", cpu:\"amd64\", reference:\"lib64nss3-1.6-12.1.100mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.0\", cpu:\"amd64\", reference:\"lib64nss3-devel-1.6-12.1.100mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.0\", cpu:\"i386\", reference:\"libnspr4-1.6-12.1.100mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.0\", cpu:\"i386\", reference:\"libnspr4-devel-1.6-12.1.100mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.0\", cpu:\"i386\", reference:\"libnss3-1.6-12.1.100mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.0\", cpu:\"i386\", reference:\"libnss3-devel-1.6-12.1.100mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.0\", reference:\"mozilla-1.6-12.1.100mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.0\", reference:\"mozilla-devel-1.6-12.1.100mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.0\", reference:\"mozilla-dom-inspector-1.6-12.1.100mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.0\", reference:\"mozilla-enigmail-1.6-12.1.100mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.0\", reference:\"mozilla-enigmime-1.6-12.1.100mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.0\", reference:\"mozilla-irc-1.6-12.1.100mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.0\", reference:\"mozilla-js-debugger-1.6-12.1.100mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.0\", reference:\"mozilla-mail-1.6-12.1.100mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.0\", reference:\"mozilla-spellchecker-1.6-12.1.100mdk\", yank:\"mdk\")) flag++;\n\nif (rpm_check(release:\"MDK9.2\", cpu:\"amd64\", reference:\"lib64nspr4-1.4-13.3.92mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK9.2\", cpu:\"amd64\", reference:\"lib64nspr4-devel-1.4-13.3.92mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK9.2\", cpu:\"amd64\", reference:\"lib64nss3-1.4-13.3.92mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK9.2\", cpu:\"amd64\", reference:\"lib64nss3-devel-1.4-13.3.92mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK9.2\", cpu:\"i386\", reference:\"libnspr4-1.4-13.3.92mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK9.2\", cpu:\"i386\", reference:\"libnspr4-devel-1.4-13.3.92mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK9.2\", cpu:\"i386\", reference:\"libnss3-1.4-13.3.92mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK9.2\", cpu:\"i386\", reference:\"libnss3-devel-1.4-13.3.92mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK9.2\", reference:\"mozilla-1.4-13.3.92mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK9.2\", reference:\"mozilla-devel-1.4-13.3.92mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK9.2\", reference:\"mozilla-dom-inspector-1.4-13.3.92mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK9.2\", reference:\"mozilla-enigmail-1.4-13.3.92mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK9.2\", reference:\"mozilla-enigmime-1.4-13.3.92mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK9.2\", reference:\"mozilla-irc-1.4-13.3.92mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK9.2\", reference:\"mozilla-js-debugger-1.4-13.3.92mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK9.2\", reference:\"mozilla-mail-1.4-13.3.92mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK9.2\", reference:\"mozilla-spellchecker-1.4-13.3.92mdk\", yank:\"mdk\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "slackware": [{"lastseen": "2020-10-25T16:36:03", "bulletinFamily": "unix", "cvelist": ["CVE-2004-0597", "CVE-2004-0598", "CVE-2004-0599", "CVE-2004-0718", "CVE-2004-0722", "CVE-2004-0757", "CVE-2004-0758", "CVE-2004-0759", "CVE-2004-0760", "CVE-2004-0761", "CVE-2004-0762", "CVE-2004-0763", "CVE-2004-0764", "CVE-2004-0765"], "description": "New Mozilla packages are available for Slackware 9.1, 10.0, and -current\nto fix a number of security issues. Slackware 10.0 and -current were\nupgraded to Mozilla 1.7.2, and Slackware 9.1 was upgraded to Mozilla 1.4.3.\nAs usual, new versions of Mozilla require new versions of things that link\nwith the Mozilla libraries, so for Slackware 10.0 and -current new versions\nof epiphany, galeon, gaim, and mozilla-plugins have also been provided.\nThere don't appear to be epiphany and galeon versions that are compatible\nwith Mozilla 1.4.3 and the GNOME in Slackware 9.1, so these are not\nprovided and Epiphany and Galeon will be broken on Slackware 9.1 if the\nnew Mozilla package is installed. Furthermore, earlier versions of\nMozilla (such as the 1.3 series) were not fixed upstream, so versions\nof Slackware earlier than 9.1 will remain vulnerable to these browser\nissues. If you still use Slackware 9.0 or earlier, you may want to\nconsider removing Mozilla or upgrading to a newer version.\n\nMore details about these issues may be found in the Common\nVulnerabilities and Exposures (CVE) database:\n\n Issues fixed in Mozilla 1.7.2:\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0597\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0598\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0599\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0763\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0758\n\n Issues fixed in Mozilla 1.4.3:\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0597\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0718\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0722\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0757\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0758\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0759\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0760\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0761\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0762\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0763\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0764\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0765\n\n\nHere are the details from the Slackware 10.0 ChangeLog:\n\nMon Aug 9 01:56:43 PDT 2004\npatches/packages/epiphany-1.2.7-i486-1.tgz: Upgraded to epiphany-1.2.7.\n (compiled against Mozilla 1.7.2)\npatches/packages/gaim-0.81-i486-1.tgz: Upgraded to gaim-0.81.\n (compiled against Mozilla 1.7.2)\npatches/packages/galeon-1.3.17-i486-1.tgz: Upgraded to galeon-1.3.17.\n (compiled against Mozilla 1.7.2)\npatches/packages/mozilla-1.7.2-i486-1.tgz: Upgraded to Mozilla 1.7.2. This\n fixes three security vulnerabilities. For details, see:\n http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7.2\n (* Security fix *)\npatches/packages/mozilla-plugins-1.7.2-noarch-1.tgz: Changed plugin symlinks\n for Mozilla 1.7.2.\n\nWhere to find the new packages:\n\nUpdated packages for Slackware 9.1:\nftp://ftp.slackware.com/pub/slackware/slackware-9.1/patches/packages/mozilla-1.4.3-i486-1.tgz\nftp://ftp.slackware.com/pub/slackware/slackware-9.1/patches/packages/mozilla-plugins-1.4.3-noarch-1.tgz\n\nUpdated packages for Slackware 10.0:\nftp://ftp.slackware.com/pub/slackware/slackware-10.0/patches/packages/mozilla-1.7.2-i486-1.tgz\nftp://ftp.slackware.com/pub/slackware/slackware-10.0/patches/packages/mozilla-plugins-1.7.2-noarch-1.tgz\nftp://ftp.slackware.com/pub/slackware/slackware-10.0/patches/packages/epiphany-1.2.7-i486-1.tgz\nftp://ftp.slackware.com/pub/slackware/slackware-10.0/patches/packages/gaim-0.81-i486-1.tgz\nftp://ftp.slackware.com/pub/slackware/slackware-10.0/patches/packages/galeon-1.3.17-i486-1.tgz\n\nUpdated packages for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/xap/mozilla-1.7.2-i486-1.tgz\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/xap/mozilla-plugins-1.7.2-noarch-1.tgz\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/gnome/epiphany-1.2.7-i486-1.tgz\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/gnome/galeon-1.3.17-i486-1.tgz\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/xap/gaim-0.81-i486-1.tgz\n\n\nMD5 signatures:\n\nSlackware 9.1 packages:\n29515193166b9b618be405a71b5e9a59 mozilla-1.4.3-i486-1.tgz\n49d537be814de72a3d62a5cc9f6e3b15 mozilla-plugins-1.4.3-noarch-1.tgz\n\nSlackware 10.0 packages:\n612a65758f03fe08a44e004b1ae92d70 mozilla-1.7.2-i486-1.tgz\n55da20d3c7acdd50a3b4abfe12191069 mozilla-plugins-1.7.2-noarch-1.tgz\n86034039fbf6b52584e05701a0598ca4 epiphany-1.2.7-i486-1.tgz\nc3f238fdba8684948d8817d7cf0db567 gaim-0.81-i486-1.tgz\n0e8393b8f1b992dc7804fe925a839755 galeon-1.3.17-i486-1.tgz\n\nSlackware -current packages:\n612a65758f03fe08a44e004b1ae92d70 mozilla-1.7.2-i486-1.tgz\n55da20d3c7acdd50a3b4abfe12191069 mozilla-plugins-1.7.2-noarch-1.tgz\n86034039fbf6b52584e05701a0598ca4 epiphany-1.2.7-i486-1.tgz\n0e8393b8f1b992dc7804fe925a839755 galeon-1.3.17-i486-1.tgz\nddb7281b985c6b7efb20afc69e5c2ffb gaim-0.81-i486-1.tgz\n\n\nInstallation instructions:\n\nUpgrade the packages as root:\n > upgradepkg mozilla-1.7.2-i486-1.tgz \\\n mozilla-plugins-1.7.2-noarch-1.tgz \\\n epiphany-1.2.7-i486-1.tgz \\\n gaim-0.81-i486-1.tgz \\\n galeon-1.3.17-i486-1.tgz", "modified": "2004-08-10T21:17:12", "published": "2004-08-10T21:17:12", "id": "SSA-2004-223-01", "href": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2004&m=slackware-security.667659", "type": "slackware", "title": "[slackware-security] Mozilla", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "suse": [{"lastseen": "2016-09-04T12:45:49", "bulletinFamily": "unix", "cvelist": ["CVE-2004-0765", "CVE-2004-0762", "CVE-2004-0758", "CVE-2004-0718", "CVE-2004-0748", "CVE-2004-0764", "CVE-2004-0757", "CVE-2004-0597", "CVE-2004-0760", "CVE-2004-0722", "CVE-2004-0759", "CVE-2004-0751", "CVE-2004-0763", "CVE-2004-0761"], "description": "The mod_ssl apache module, as part of our apache2 package, enables the apache webserver to handle the HTTPS protocol. Within the mod_ssl module, two Denial of Service conditions in the input filter have been found. The CVE project assigned the identifiers CAN-2004-0748 and CAN-2004-0751 to these issues.\n#### Solution\nAs temporary workaround you may disable the mod_ssl module in your apache configuration and restart the apache process without SSL support.", "edition": 1, "modified": "2004-09-06T13:51:41", "published": "2004-09-06T13:51:41", "id": "SUSE-SA:2004:030", "href": "http://lists.opensuse.org/opensuse-security-announce/2004-09/msg00009.html", "title": "remote DoS condition in apache2", "type": "suse", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T11:41:56", "bulletinFamily": "unix", "cvelist": ["CVE-2004-0558", "CVE-2004-0765", "CVE-2004-0762", "CVE-2004-0758", "CVE-2004-0827", "CVE-2004-0718", "CVE-2004-0764", "CVE-2004-0757", "CVE-2004-0805", "CVE-2004-0801", "CVE-2004-0597", "CVE-2004-0760", "CVE-2004-0722", "CVE-2004-0759", "CVE-2004-0763", "CVE-2004-0761"], "description": "The Common Unix Printing System (CUPS) enables local and remote users to obtain printing functionallity via the Internet Printing Protocol (IPP). Alvaro Martinez Echevarria has found a remote Denial of Service condition within CUPS which allows remote users to make the cups server unresponsive. Additionally the SUSE Security Team has discovered a flaw in the foomatic-rip print filter which is commonly installed along with cups. It allows remote attackers, which are listed in the printing ACLs, to execute arbitrary commands as the printing user 'lp'.\n#### Solution\nIf you use CUPS, we recommend an update in any case. Additionally the IPP port (TCP port 631) should be firewalled and the printing ACLs should be set up in a way to reflect the local security policy.", "edition": 1, "modified": "2004-09-15T14:45:26", "published": "2004-09-15T14:45:26", "id": "SUSE-SA:2004:031", "href": "http://lists.opensuse.org/opensuse-security-announce/2004-09/msg00010.html", "title": "remote code execution in cups", "type": "suse", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T12:10:59", "bulletinFamily": "unix", "cvelist": ["CVE-2004-0765", "CVE-2004-0762", "CVE-2004-0758", "CVE-2004-0691", "CVE-2004-0718", "CVE-2004-0764", "CVE-2004-0815", "CVE-2004-0757", "CVE-2004-0599", "CVE-2004-0746", "CVE-2004-0597", "CVE-2004-0760", "CVE-2004-0598", "CVE-2004-0722", "CVE-2004-0759", "CVE-2004-0763", "CVE-2004-0761"], "description": "The Samba server, which allows to share files and resources via the SMB/CIFS protocol, contains a bug in the sanitation code of path names which allows remote attackers to access files outside of the defined share. In order to access these files, they must be readable by the account used for the SMB session. CAN-2004-0815 has been assigned to this issue.\n#### Solution\nAs a temporary workaround you can set the wide links = no option in smb.conf and restart the samba server. However an update is recommended nevertheless.", "edition": 1, "modified": "2004-10-05T14:57:32", "published": "2004-10-05T14:57:32", "id": "SUSE-SA:2004:035", "href": "http://lists.opensuse.org/opensuse-security-announce/2004-10/msg00005.html", "type": "suse", "title": "remote file disclosure in samba", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-04-13T01:00:44", "bulletinFamily": "unix", "cvelist": ["CVE-2004-0909", "CVE-2004-0765", "CVE-2004-0906", "CVE-2004-0905", "CVE-2004-0903", "CVE-2004-0762", "CVE-2004-0758", "CVE-2004-0908", "CVE-2004-0902", "CVE-2004-0718", "CVE-2004-0764", "CVE-2004-0757", "CVE-2004-0760", "CVE-2004-0904", "CVE-2004-0722", "CVE-2004-0759", "CVE-2004-0763", "CVE-2004-0761"], "description": "During the last months a number of security problems have been fixed in Mozilla and Mozilla based brwosers. These include:\n#### Solution\nSince there is no workaround, we recommend an update in any case if you use the mozilla browser.", "edition": 1, "modified": "2004-10-06T13:11:21", "published": "2004-10-06T13:11:21", "id": "SUSE-SA:2004:036", "href": "http://lists.opensuse.org/opensuse-security-announce/2004-10/msg00006.html", "title": "various vulnerabilities in mozilla", "type": "suse", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T12:19:06", "bulletinFamily": "unix", "cvelist": ["CVE-2004-0788", "CVE-2004-0765", "CVE-2004-0762", "CVE-2004-0758", "CVE-2004-0784", "CVE-2004-0718", "CVE-2004-0764", "CVE-2004-0757", "CVE-2004-0494", "CVE-2004-0782", "CVE-2004-0783", "CVE-2004-0597", "CVE-2004-0722", "CVE-2004-0832", "CVE-2004-0785", "CVE-2004-0759", "CVE-2004-0754", "CVE-2004-0763", "CVE-2004-0761"], "description": "gdk-pixbuf is an image loading and rendering library mostly used by GTK and GNOME applications. It is distributed as a separate package for gtk1 and integrated into the gtk2 package. Chris Evans has discovered a heap based, a stack based and an integer overflow in the XPM and ICO loaders of those libraries. The overflows can be exploited by tricking an application to display a malformed image to make it crash or to execute code.\n#### Solution\nThere is no known workaround, please install the update packages.", "edition": 1, "modified": "2004-09-17T10:02:50", "published": "2004-09-17T10:02:50", "id": "SUSE-SA:2004:033", "href": "http://lists.opensuse.org/opensuse-security-announce/2004-09/msg00012.html", "title": "remote code execution in gtk2, gdk-pixbuf", "type": "suse", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T12:19:39", "bulletinFamily": "unix", "cvelist": ["CVE-2004-0688", "CVE-2004-0765", "CVE-2004-1170", "CVE-2004-0687", "CVE-2004-0762", "CVE-2004-0758", "CVE-2004-0784", "CVE-2004-0807", "CVE-2004-0718", "CVE-2004-0764", "CVE-2004-0757", "CVE-2004-0494", "CVE-2004-0808", "CVE-2004-0597", "CVE-2004-0722", "CVE-2004-0832", "CVE-2004-0785", "CVE-2004-0759", "CVE-2004-0754", "CVE-2004-0763", "CVE-2004-0761"], "description": "Chris Evans reported three vulnerabilities in libXpm which can be exploited remotely by providing malformed XPM image files. The function xpmParseColors() is vulnerable to an integer overflow and a stack-based buffer overflow. The functions ParseAndPutPixels() as well as ParsePixels() is vulnerable to a stack-based buffer overflow too. Additionally Matthieu Herrb found two one-byte buffer overflows.\n#### Solution\nThere is no workaround known.", "edition": 1, "modified": "2004-09-17T13:37:17", "published": "2004-09-17T13:37:17", "id": "SUSE-SA:2004:034", "href": "http://lists.opensuse.org/opensuse-security-announce/2004-09/msg00013.html", "type": "suse", "title": "remote command execution in XFree86-libs, xshared", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T11:57:20", "bulletinFamily": "unix", "cvelist": ["CVE-2004-0788", "CVE-2004-0786", "CVE-2004-0765", "CVE-2004-0747", "CVE-2004-0762", "CVE-2004-0758", "CVE-2004-0784", "CVE-2004-0807", "CVE-2004-0718", "CVE-2004-0764", "CVE-2004-0757", "CVE-2004-0494", "CVE-2004-0808", "CVE-2004-0782", "CVE-2004-0783", "CVE-2004-0597", "CVE-2004-0722", "CVE-2004-0832", "CVE-2004-0785", "CVE-2004-0759", "CVE-2004-0754", "CVE-2004-0763", "CVE-2004-0761"], "description": "The Apache daemon is running on most of the web-servers used in the Internet today. The Red Hat ASF Security-Team and the Swedish IT Incident Center within the National Post and Telecom Agency (SITIC) have found a bug in apache2 each. The first vulnerability appears in the apr_uri_parse() function while handling IPv6 addresses. The affected code passes a negative length argument to the memcpy() function. On BSD systems this can lead to remote command execution due to the nature of the memcpy() implementation. On Linux this bug will result in a remote denial-of-service condition. The second bug is a local buffer overflow that occurs while expanding ${ENVVAR} in the .htaccess and httpd.conf file. Both files are not writeable by normal user by default.\n#### Solution\nThere is no known workaround.", "edition": 1, "modified": "2004-09-15T15:46:39", "published": "2004-09-15T15:46:39", "id": "SUSE-SA:2004:032", "href": "http://lists.opensuse.org/opensuse-security-announce/2004-09/msg00011.html", "title": "remote denial-of-service in apache2", "type": "suse", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}