Search...

FreeBSD : xapian-omega -- XSS vulnerability (b46f3a1e-a052-11de-a649-000c2955660f)

2009-09-14T00:00:00

ID FREEBSD_PKG_B46F3A1EA05211DEA649000C2955660F.NASL
Type nessus
Reporter This script is Copyright (C) 2009-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
Modified 2009-09-14T00:00:00

Description

Olly Betts reports :

There's a cross-site scripting issue in Omega - exception messages don't currently get HTML entities escaped, but can contain CGI parameter values in some cases.

                                        
                                            #%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from the FreeBSD VuXML database :
#
# Copyright 2003-2018 Jacques Vidrine and contributors
#
# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,
# HTML, PDF, PostScript, RTF and so forth) with or without modification,
# are permitted provided that the following conditions are met:
# 1. Redistributions of source code (VuXML) must retain the above
#    copyright notice, this list of conditions and the following
#    disclaimer as the first lines of this file unmodified.
# 2. Redistributions in compiled form (transformed to other DTDs,
#    published online in any format, converted to PDF, PostScript,
#    RTF and other formats) must reproduce the above copyright
#    notice, this list of conditions and the following disclaimer
#    in the documentation and/or other materials provided with the
#    distribution.
# 
# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS "AS IS"
# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS
# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT
# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,
# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(40958);
  script_version("1.13");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/06");

  script_cve_id("CVE-2009-2947");

  script_name(english:"FreeBSD : xapian-omega -- XSS vulnerability (b46f3a1e-a052-11de-a649-000c2955660f)");
  script_summary(english:"Checks for updated package in pkg_info output");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote FreeBSD host is missing a security-related update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Olly Betts reports :

There's a cross-site scripting issue in Omega - exception messages
don't currently get HTML entities escaped, but can contain CGI
parameter values in some cases."
  );
  # http://lists.xapian.org/pipermail/xapian-discuss/2009-September/007115.html
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?e6a80c1a"
  );
  # https://vuxml.freebsd.org/freebsd/b46f3a1e-a052-11de-a649-000c2955660f.html
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?57e22fb8"
  );
  script_set_attribute(attribute:"solution", value:"Update the affected package.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N");
  script_cwe_id(79);

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:xapian-omega");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:freebsd:freebsd");

  script_set_attribute(attribute:"vuln_publication_date", value:"2009/09/09");
  script_set_attribute(attribute:"patch_publication_date", value:"2009/09/13");
  script_set_attribute(attribute:"plugin_publication_date", value:"2009/09/14");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2009-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"FreeBSD Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/FreeBSD/release", "Host/FreeBSD/pkg_info");

  exit(0);
}


include("audit.inc");
include("freebsd_package.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/FreeBSD/release")) audit(AUDIT_OS_NOT, "FreeBSD");
if (!get_kb_item("Host/FreeBSD/pkg_info")) audit(AUDIT_PACKAGE_LIST_MISSING);


flag = 0;

if (pkg_test(save_report:TRUE, pkg:"xapian-omega&lt;1.0.16")) flag++;

if (flag)
{
  if (report_verbosity &gt; 0) security_warning(port:0, extra:pkg_report_get());
  else security_warning(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");

JSON Vulners Source

Initial Source

{"id": "FREEBSD_PKG_B46F3A1EA05211DEA649000C2955660F.NASL", "bulletinFamily": "scanner", "title": "FreeBSD : xapian-omega -- XSS vulnerability (b46f3a1e-a052-11de-a649-000c2955660f)", "description": "Olly Betts reports :\n\nThere's a cross-site scripting issue in Omega - exception messages\ndon't currently get HTML entities escaped, but can contain CGI\nparameter values in some cases.", "published": "2009-09-14T00:00:00", "modified": "2009-09-14T00:00:00", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "href": "https://www.tenable.com/plugins/nessus/40958", "reporter": "This script is Copyright (C) 2009-2021 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["http://www.nessus.org/u?57e22fb8", "http://www.nessus.org/u?e6a80c1a"], "cvelist": ["CVE-2009-2947"], "type": "nessus", "lastseen": "2021-01-07T10:49:16", "edition": 26, "viewCount": 1, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2009-2947"]}, {"type": "openvas", "idList": ["OPENVAS:136141256231064865", "OPENVAS:64896", "OPENVAS:136141256231064896", "OPENVAS:64865"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:10224", "SECURITYVULNS:DOC:22441"]}, {"type": "debian", "idList": ["DEBIAN:DSA-1882-1:0E501"]}, {"type": "freebsd", "idList": ["B46F3A1E-A052-11DE-A649-000C2955660F"]}, {"type": "nessus", "idList": ["DEBIAN_DSA-1882.NASL"]}], "modified": "2021-01-07T10:49:16", "rev": 2}, "score": {"value": 5.1, "vector": "NONE", "modified": "2021-01-07T10:49:16", "rev": 2}, "vulnersScore": 5.1}, "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(40958);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2009-2947\");\n\n script_name(english:\"FreeBSD : xapian-omega -- XSS vulnerability (b46f3a1e-a052-11de-a649-000c2955660f)\");\n script_summary(english:\"Checks for updated package in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote FreeBSD host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Olly Betts reports :\n\nThere's a cross-site scripting issue in Omega - exception messages\ndon't currently get HTML entities escaped, but can contain CGI\nparameter values in some cases.\"\n );\n # http://lists.xapian.org/pipermail/xapian-discuss/2009-September/007115.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?e6a80c1a\"\n );\n # https://vuxml.freebsd.org/freebsd/b46f3a1e-a052-11de-a649-000c2955660f.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?57e22fb8\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_cwe_id(79);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:xapian-omega\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2009/09/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/09/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/09/14\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"xapian-omega<1.0.16\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "naslFamily": "FreeBSD Local Security Checks", "pluginID": "40958", "cpe": ["cpe:/o:freebsd:freebsd", "p-cpe:/a:freebsd:freebsd:xapian-omega"], "scheme": null}

{"cve": [{"lastseen": "2020-12-09T19:31:21", "description": "Cross-site scripting (XSS) vulnerability in Xapian Omega before 1.0.16 allows remote attackers to inject arbitrary web script or HTML via unspecified CGI parameter values, which are sometimes included in exception messages.", "edition": 5, "cvss3": {}, "published": "2009-09-14T16:30:00", "title": "CVE-2009-2947", "type": "cve", "cwe": ["CWE-79"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2009-2947"], "modified": "2018-08-13T21:47:00", "cpe": ["cpe:/a:xapian:omega:0.8.2", "cpe:/a:xapian:omega:1.0.6", "cpe:/a:xapian:omega:0.9.6", "cpe:/a:xapian:omega:0.8.1", "cpe:/a:xapian:omega:0.8.3", "cpe:/a:xapian:omega:0.8.0", "cpe:/a:xapian:omega:1.0.15", "cpe:/a:xapian:omega:1.0.5", "cpe:/a:xapian:omega:0.9.5", "cpe:/a:xapian:omega:1.0.3", "cpe:/a:xapian:omega:0.9.8", "cpe:/a:xapian:omega:0.9.3", "cpe:/a:xapian:omega:1.0.0", "cpe:/a:xapian:omega:1.0.4", "cpe:/a:xapian:omega:0.8.4", "cpe:/a:xapian:omega:0.9.7", "cpe:/a:xapian:omega:1.0.7", "cpe:/a:xapian:omega:1.0.2", "cpe:/a:xapian:omega:1.0.8", "cpe:/a:xapian:omega:0.9.1", "cpe:/a:xapian:omega:0.9.9", "cpe:/a:xapian:omega:1.0.12", "cpe:/a:xapian:omega:1.0.13", "cpe:/a:xapian:omega:0.8.5", "cpe:/a:xapian:omega:0.9.10", "cpe:/a:xapian:omega:0.9.0", "cpe:/a:xapian:omega:1.0.11", "cpe:/a:xapian:omega:1.0.14", "cpe:/a:xapian:omega:0.9.4", "cpe:/a:xapian:omega:1.0.9", "cpe:/a:xapian:omega:0.9.2", "cpe:/a:xapian:omega:1.0.10"], "id": "CVE-2009-2947", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-2947", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "cpe23": ["cpe:2.3:a:xapian:omega:0.9.3:*:*:*:*:*:*:*", "cpe:2.3:a:xapian:omega:0.9.2:*:*:*:*:*:*:*", "cpe:2.3:a:xapian:omega:1.0.11:*:*:*:*:*:*:*", "cpe:2.3:a:xapian:omega:0.8.4:*:*:*:*:*:*:*", "cpe:2.3:a:xapian:omega:1.0.13:*:*:*:*:*:*:*", "cpe:2.3:a:xapian:omega:1.0.10:*:*:*:*:*:*:*", "cpe:2.3:a:xapian:omega:0.9.10:*:*:*:*:*:*:*", "cpe:2.3:a:xapian:omega:0.9.4:*:*:*:*:*:*:*", "cpe:2.3:a:xapian:omega:0.8.3:*:*:*:*:*:*:*", "cpe:2.3:a:xapian:omega:0.9.8:*:*:*:*:*:*:*", "cpe:2.3:a:xapian:omega:0.8.2:*:*:*:*:*:*:*", "cpe:2.3:a:xapian:omega:0.9.5:*:*:*:*:*:*:*", "cpe:2.3:a:xapian:omega:0.8.5:*:*:*:*:*:*:*", "cpe:2.3:a:xapian:omega:1.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:xapian:omega:1.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:xapian:omega:0.9.7:*:*:*:*:*:*:*", "cpe:2.3:a:xapian:omega:0.8.0:*:*:*:*:*:*:*", "cpe:2.3:a:xapian:omega:0.9.6:*:*:*:*:*:*:*", "cpe:2.3:a:xapian:omega:1.0.15:*:*:*:*:*:*:*", "cpe:2.3:a:xapian:omega:1.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:xapian:omega:1.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:xapian:omega:1.0.14:*:*:*:*:*:*:*", "cpe:2.3:a:xapian:omega:0.8.1:*:*:*:*:*:*:*", "cpe:2.3:a:xapian:omega:0.9.1:*:*:*:*:*:*:*", "cpe:2.3:a:xapian:omega:1.0.12:*:*:*:*:*:*:*", "cpe:2.3:a:xapian:omega:1.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:xapian:omega:1.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:xapian:omega:0.9.0:*:*:*:*:*:*:*", "cpe:2.3:a:xapian:omega:0.9.9:*:*:*:*:*:*:*", "cpe:2.3:a:xapian:omega:1.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:xapian:omega:1.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:xapian:omega:1.0.2:*:*:*:*:*:*:*"]}], "openvas": [{"lastseen": "2017-07-24T12:56:48", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-2947"], "description": "The remote host is missing an update to xapian-omega\nannounced via advisory DSA 1882-1.", "modified": "2017-07-07T00:00:00", "published": "2009-09-15T00:00:00", "id": "OPENVAS:64865", "href": "http://plugins.openvas.org/nasl.php?oid=64865", "type": "openvas", "title": "Debian Security Advisory DSA 1882-1 (xapian-omega)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_1882_1.nasl 6615 2017-07-07 12:09:52Z cfischer $\n# Description: Auto-generated from advisory DSA 1882-1 (xapian-omega)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"It was discovered that xapian-omega, a CGI interface for searching xapian\ndatabases, is not properly escaping user supplied input when printing\nexceptions. An attacker can use this to conduct cross-site scripting\nattacks via crafted search queries resulting in an exception and steal\npotentially sensitive data from web applications running on the same domain\nor embedding the search engine into a website.\n\nFor the oldstable distribution (etch), this problem has been fixed in\nversion 0.9.9-1+etch1.\n\nFor the stable distribution (lenny), this problem has been fixed in\nversion 1.0.7-3+lenny1.\n\nFor the testing (squeeze) and unstable (sid) distribution, this problem\nwill be fixed soon.\n\n\nWe recommend that you upgrade your xapian-omega packages.\";\ntag_summary = \"The remote host is missing an update to xapian-omega\nannounced via advisory DSA 1882-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201882-1\";\n\n\nif(description)\n{\n script_id(64865);\n script_version(\"$Revision: 6615 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:09:52 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-09-15 22:46:32 +0200 (Tue, 15 Sep 2009)\");\n script_cve_id(\"CVE-2009-2947\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_name(\"Debian Security Advisory DSA 1882-1 (xapian-omega)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"xapian-omega\", ver:\"0.9.9-1+etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"xapian-omega\", ver:\"1.0.7-3+lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2017-07-02T21:14:06", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-2947"], "description": "The remote host is missing an update to the system\nas announced in the referenced advisory.", "modified": "2016-12-28T00:00:00", "published": "2009-09-15T00:00:00", "id": "OPENVAS:64896", "href": "http://plugins.openvas.org/nasl.php?oid=64896", "type": "openvas", "title": "FreeBSD Ports: xapian-omega", "sourceData": "#\n#VID b46f3a1e-a052-11de-a649-000c2955660f\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from VID b46f3a1e-a052-11de-a649-000c2955660f\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The following package is affected: xapian-omega\";\ntag_solution = \"Update your system with the appropriate patches or\nsoftware upgrades.\n\nhttp://lists.xapian.org/pipermail/xapian-discuss/2009-September/007115.html\nhttp://www.vuxml.org/freebsd/b46f3a1e-a052-11de-a649-000c2955660f.html\";\ntag_summary = \"The remote host is missing an update to the system\nas announced in the referenced advisory.\";\n\n\n\nif(description)\n{\n script_id(64896);\n script_version(\"$Revision: 4865 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2016-12-28 17:16:43 +0100 (Wed, 28 Dec 2016) $\");\n script_tag(name:\"creation_date\", value:\"2009-09-15 22:46:32 +0200 (Tue, 15 Sep 2009)\");\n script_cve_id(\"CVE-2009-2947\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_name(\"FreeBSD Ports: xapian-omega\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"FreeBSD Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/freebsdrel\", \"login/SSH/success\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-bsd.inc\");\n\ntxt = \"\";\nvuln = 0;\nbver = portver(pkg:\"xapian-omega\");\nif(!isnull(bver) && revcomp(a:bver, b:\"1.0.16\")<0) {\n txt += 'Package xapian-omega version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\n\nif(vuln) {\n security_message(data:string(txt));\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-04-06T11:39:13", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-2947"], "description": "The remote host is missing an update to the system\nas announced in the referenced advisory.", "modified": "2018-04-06T00:00:00", "published": "2009-09-15T00:00:00", "id": "OPENVAS:136141256231064896", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231064896", "type": "openvas", "title": "FreeBSD Ports: xapian-omega", "sourceData": "#\n#VID b46f3a1e-a052-11de-a649-000c2955660f\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from VID b46f3a1e-a052-11de-a649-000c2955660f\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The following package is affected: xapian-omega\";\ntag_solution = \"Update your system with the appropriate patches or\nsoftware upgrades.\n\nhttp://lists.xapian.org/pipermail/xapian-discuss/2009-September/007115.html\nhttp://www.vuxml.org/freebsd/b46f3a1e-a052-11de-a649-000c2955660f.html\";\ntag_summary = \"The remote host is missing an update to the system\nas announced in the referenced advisory.\";\n\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.64896\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-09-15 22:46:32 +0200 (Tue, 15 Sep 2009)\");\n script_cve_id(\"CVE-2009-2947\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_name(\"FreeBSD Ports: xapian-omega\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"FreeBSD Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/freebsdrel\", \"login/SSH/success\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-bsd.inc\");\n\ntxt = \"\";\nvuln = 0;\nbver = portver(pkg:\"xapian-omega\");\nif(!isnull(bver) && revcomp(a:bver, b:\"1.0.16\")<0) {\n txt += 'Package xapian-omega version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\n\nif(vuln) {\n security_message(data:string(txt));\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-04-06T11:39:24", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-2947"], "description": "The remote host is missing an update to xapian-omega\nannounced via advisory DSA 1882-1.", "modified": "2018-04-06T00:00:00", "published": "2009-09-15T00:00:00", "id": "OPENVAS:136141256231064865", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231064865", "type": "openvas", "title": "Debian Security Advisory DSA 1882-1 (xapian-omega)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_1882_1.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory DSA 1882-1 (xapian-omega)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"It was discovered that xapian-omega, a CGI interface for searching xapian\ndatabases, is not properly escaping user supplied input when printing\nexceptions. An attacker can use this to conduct cross-site scripting\nattacks via crafted search queries resulting in an exception and steal\npotentially sensitive data from web applications running on the same domain\nor embedding the search engine into a website.\n\nFor the oldstable distribution (etch), this problem has been fixed in\nversion 0.9.9-1+etch1.\n\nFor the stable distribution (lenny), this problem has been fixed in\nversion 1.0.7-3+lenny1.\n\nFor the testing (squeeze) and unstable (sid) distribution, this problem\nwill be fixed soon.\n\n\nWe recommend that you upgrade your xapian-omega packages.\";\ntag_summary = \"The remote host is missing an update to xapian-omega\nannounced via advisory DSA 1882-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201882-1\";\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.64865\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-09-15 22:46:32 +0200 (Tue, 15 Sep 2009)\");\n script_cve_id(\"CVE-2009-2947\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_name(\"Debian Security Advisory DSA 1882-1 (xapian-omega)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"xapian-omega\", ver:\"0.9.9-1+etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"xapian-omega\", ver:\"1.0.7-3+lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:31", "bulletinFamily": "software", "cvelist": ["CVE-2009-2947"], "description": "-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n- --------------------------------------------------------------------------\r\nDebian Security Advisory DSA-1882-1 security@debian.org\r\nhttp://www.debian.org/security/ Nico Golde\r\nSeptember 9th, 2009 http://www.debian.org/security/faq\r\n- --------------------------------------------------------------------------\r\n\r\nPackage : xapian-omega\r\nVulnerability : missing input sanitization\r\nProblem type : remote\r\nDebian-specific: no\r\nCVE ID : CVE-2009-2947\r\n\r\nIt was discovered that xapian-omega, a CGI interface for searching xapian\r\ndatabases, is not properly escaping user supplied input when printing\r\nexceptions. An attacker can use this to conduct cross-site scripting\r\nattacks via crafted search queries resulting in an exception and steal\r\npotentially sensitive data from web applications running on the same domain\r\nor embedding the search engine into a website.\r\n\r\nFor the oldstable distribution (etch), this problem has been fixed in\r\nversion 0.9.9-1+etch1.\r\n\r\nFor the stable distribution (lenny), this problem has been fixed in\r\nversion 1.0.7-3+lenny1.\r\n\r\nFor the testing (squeeze) and unstable (sid) distribution, this problem\r\nwill be fixed soon.\r\n\r\n\r\nWe recommend that you upgrade your xapian-omega packages.\r\n\r\nUpgrade instructions\r\n- --------------------\r\n\r\nwget url\r\n will fetch the file for you\r\ndpkg -i file.deb\r\n will install the referenced file.\r\n\r\nIf you are using the apt-get package manager, use the line for\r\nsources.list as given below:\r\n\r\napt-get update\r\n will update the internal database\r\napt-get upgrade\r\n will install corrected packages\r\n\r\nYou may use an automated update by adding the resources from the\r\nfooter to the proper configuration.\r\n\r\n\r\nDebian GNU/Linux 4.0 alias etch\r\n- -------------------------------\r\n\r\nDebian (oldstable)\r\n- ------------------\r\n\r\nOldstable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.\r\n\r\nSource archives:\r\n\r\n http://security.debian.org/pool/updates/main/x/xapian-omega/xapian-omega_0.9.9-1+etch1.dsc\r\n Size/MD5 checksum: 1309 5a6c3eb3466e76a5cd0195da96d646c8\r\n http://security.debian.org/pool/updates/main/x/xapian-omega/xapian-omega_0.9.9-1+etch1.diff.gz\r\n Size/MD5 checksum: 7283 fa1327788649c4b702555552484298ca\r\n http://security.debian.org/pool/updates/main/x/xapian-omega/xapian-omega_0.9.9.orig.tar.gz\r\n Size/MD5 checksum: 456940 cf2cfa2d98948ba6c5440db5e5baabc6\r\n\r\nalpha architecture (DEC Alpha)\r\n\r\n http://security.debian.org/pool/updates/main/x/xapian-omega/xapian-omega_0.9.9-1+etch1_alpha.deb\r\n Size/MD5 checksum: 264408 37050849b159d950718961ee8c9fc53a\r\n\r\namd64 architecture (AMD x86_64 (AMD64))\r\n\r\n http://security.debian.org/pool/updates/main/x/xapian-omega/xapian-omega_0.9.9-1+etch1_amd64.deb\r\n Size/MD5 checksum: 243398 039ab294a191863a6f11f9461d442fdb\r\n\r\narm architecture (ARM)\r\n\r\n http://security.debian.org/pool/updates/main/x/xapian-omega/xapian-omega_0.9.9-1+etch1_arm.deb\r\n Size/MD5 checksum: 271312 71c448519cc2952134c3c604d46e364b\r\n\r\nhppa architecture (HP PA RISC)\r\n\r\n http://security.debian.org/pool/updates/main/x/xapian-omega/xapian-omega_0.9.9-1+etch1_hppa.deb\r\n Size/MD5 checksum: 261640 6ec25e571ae0f72f2ce677d02f7a33c0\r\n\r\ni386 architecture (Intel ia32)\r\n\r\n http://security.debian.org/pool/updates/main/x/xapian-omega/xapian-omega_0.9.9-1+etch1_i386.deb\r\n Size/MD5 checksum: 247156 79d32ec1534b0c47306adc9e34ff7a2c\r\n\r\nia64 architecture (Intel ia64)\r\n\r\n http://security.debian.org/pool/updates/main/x/xapian-omega/xapian-omega_0.9.9-1+etch1_ia64.deb\r\n Size/MD5 checksum: 295998 0d0b0e45a813c5c3384beea87bf67d70\r\n\r\nmips architecture (MIPS (Big Endian))\r\n\r\n http://security.debian.org/pool/updates/main/x/xapian-omega/xapian-omega_0.9.9-1+etch1_mips.deb\r\n Size/MD5 checksum: 242622 75cbb4b5d4ccb7b17ebc5e43d3964550\r\n\r\nmipsel architecture (MIPS (Little Endian))\r\n\r\n http://security.debian.org/pool/updates/main/x/xapian-omega/xapian-omega_0.9.9-1+etch1_mipsel.deb\r\n Size/MD5 checksum: 242346 ea46d3fee9009a61628a40d548677579\r\n\r\npowerpc architecture (PowerPC)\r\n\r\n http://security.debian.org/pool/updates/main/x/xapian-omega/xapian-omega_0.9.9-1+etch1_powerpc.deb\r\n Size/MD5 checksum: 249362 13726168ebf17a82cde5d53b839b4921\r\n\r\ns390 architecture (IBM S/390)\r\n\r\n http://security.debian.org/pool/updates/main/x/xapian-omega/xapian-omega_0.9.9-1+etch1_s390.deb\r\n Size/MD5 checksum: 235796 1190383d3c937065802b81fae40fdaa1\r\n\r\nsparc architecture (Sun SPARC/UltraSPARC)\r\n\r\n http://security.debian.org/pool/updates/main/x/xapian-omega/xapian-omega_0.9.9-1+etch1_sparc.deb\r\n Size/MD5 checksum: 242226 b7d5339d30fb2c16fcd2efe4364b36f7\r\n\r\n\r\nDebian GNU/Linux 5.0 alias lenny\r\n- --------------------------------\r\n\r\nDebian (stable)\r\n- ---------------\r\n\r\nStable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.\r\n\r\nSource archives:\r\n\r\n http://security.debian.org/pool/updates/main/x/xapian-omega/xapian-omega_1.0.7-3+lenny1.dsc\r\n Size/MD5 checksum: 1802 cfe788a8d23049aa8424c4c6ff572989\r\n http://security.debian.org/pool/updates/main/x/xapian-omega/xapian-omega_1.0.7.orig.tar.gz\r\n Size/MD5 checksum: 498784 8a143dcee3f6463277dc63cd1c9ef39d\r\n http://security.debian.org/pool/updates/main/x/xapian-omega/xapian-omega_1.0.7-3+lenny1.diff.gz\r\n Size/MD5 checksum: 9310 57f3cb25f1a6b8355e0922d083cb8e54\r\n\r\nalpha architecture (DEC Alpha)\r\n\r\n http://security.debian.org/pool/updates/main/x/xapian-omega/xapian-omega_1.0.7-3+lenny1_alpha.deb\r\n Size/MD5 checksum: 280398 374175b22352fd3375430756f134e392\r\n\r\namd64 architecture (AMD x86_64 (AMD64))\r\n\r\n http://security.debian.org/pool/updates/main/x/xapian-omega/xapian-omega_1.0.7-3+lenny1_amd64.deb\r\n Size/MD5 checksum: 255794 da184e290012863e97bb0b91bb7e61c3\r\n\r\narm architecture (ARM)\r\n\r\n http://security.debian.org/pool/updates/main/x/xapian-omega/xapian-omega_1.0.7-3+lenny1_arm.deb\r\n Size/MD5 checksum: 270630 55379e802f6532e59e78d75300d86093\r\n\r\narmel architecture (ARM EABI)\r\n\r\n http://security.debian.org/pool/updates/main/x/xapian-omega/xapian-omega_1.0.7-3+lenny1_armel.deb\r\n Size/MD5 checksum: 243456 f2020f9eb2927a0688bacde831f6e8c7\r\n\r\nhppa architecture (HP PA RISC)\r\n\r\n http://security.debian.org/pool/updates/main/x/xapian-omega/xapian-omega_1.0.7-3+lenny1_hppa.deb\r\n Size/MD5 checksum: 274178 2f08d1aebded06cd3fae819f1395fc70\r\n\r\ni386 architecture (Intel ia32)\r\n\r\n http://security.debian.org/pool/updates/main/x/xapian-omega/xapian-omega_1.0.7-3+lenny1_i386.deb\r\n Size/MD5 checksum: 255186 f482f45caaef44e4b69009652f61dc4f\r\n\r\nia64 architecture (Intel ia64)\r\n\r\n http://security.debian.org/pool/updates/main/x/xapian-omega/xapian-omega_1.0.7-3+lenny1_ia64.deb\r\n Size/MD5 checksum: 303624 e4d9ed8617e10e1f7d3f65181f13b4fd\r\n\r\nmips architecture (MIPS (Big Endian))\r\n\r\n http://security.debian.org/pool/updates/main/x/xapian-omega/xapian-omega_1.0.7-3+lenny1_mips.deb\r\n Size/MD5 checksum: 251162 dbf38b5195aa541201fab2a5a4dbcfc6\r\n\r\nmipsel architecture (MIPS (Little Endian))\r\n\r\n http://security.debian.org/pool/updates/main/x/xapian-omega/xapian-omega_1.0.7-3+lenny1_mipsel.deb\r\n Size/MD5 checksum: 249966 f9e4ef33ba44d55a4f7d6b7cf400a4c7\r\n\r\npowerpc architecture (PowerPC)\r\n\r\n http://security.debian.org/pool/updates/main/x/xapian-omega/xapian-omega_1.0.7-3+lenny1_powerpc.deb\r\n Size/MD5 checksum: 265718 6b631cbffaa25046e9772f933fd7c18e\r\n\r\ns390 architecture (IBM S/390)\r\n\r\n http://security.debian.org/pool/updates/main/x/xapian-omega/xapian-omega_1.0.7-3+lenny1_s390.deb\r\n Size/MD5 checksum: 253984 5d2b17a735cb2775559bde3dc7f74048\r\n\r\nsparc architecture (Sun SPARC/UltraSPARC)\r\n\r\n http://security.debian.org/pool/updates/main/x/xapian-omega/xapian-omega_1.0.7-3+lenny1_sparc.deb\r\n Size/MD5 checksum: 259420 fc3bc1f75ed01b7e8ea723d0e4f6b822\r\n\r\n\r\n These files will probably be moved into the stable distribution on\r\n its next update.\r\n\r\n- ---------------------------------------------------------------------------------\r\nFor apt-get: deb http://security.debian.org/ stable/updates main\r\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\r\nMailing list: debian-security-announce@lists.debian.org\r\nPackage info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.9 (GNU/Linux)\r\n\r\niEYEARECAAYFAkqnrekACgkQHYflSXNkfP8DbgCgoD7kFKcBAWh+pn720fNct5A0\r\nrgwAoIPhlz0aYW9OV9Hn9V4h1us82Oe9\r\n=89aO\r\n-----END PGP SIGNATURE-----", "edition": 1, "modified": "2009-09-10T00:00:00", "published": "2009-09-10T00:00:00", "id": "SECURITYVULNS:DOC:22441", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:22441", "title": "[SECURITY] [DSA 1882-1] New xapian-omega packages fix cross-site scripting", "type": "securityvulns", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-08-31T11:09:34", "bulletinFamily": "software", "cvelist": ["CVE-2009-2947"], "description": "PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.", "edition": 1, "modified": "2009-09-10T00:00:00", "published": "2009-09-10T00:00:00", "id": "SECURITYVULNS:VULN:10224", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:10224", "title": "Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)", "type": "securityvulns", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}], "debian": [{"lastseen": "2019-05-30T02:22:03", "bulletinFamily": "unix", "cvelist": ["CVE-2009-2947"], "description": "- --------------------------------------------------------------------------\nDebian Security Advisory DSA-1882-1 security@debian.org\nhttp://www.debian.org/security/ Nico Golde\nSeptember 9th, 2009 http://www.debian.org/security/faq\n- --------------------------------------------------------------------------\n\nPackage : xapian-omega\nVulnerability : missing input sanitization\nProblem type : remote\nDebian-specific: no\nCVE ID : CVE-2009-2947\n\nIt was discovered that xapian-omega, a CGI interface for searching xapian\ndatabases, is not properly escaping user supplied input when printing\nexceptions. An attacker can use this to conduct cross-site scripting\nattacks via crafted search queries resulting in an exception and steal\npotentially sensitive data from web applications running on the same domain\nor embedding the search engine into a website.\n\nFor the oldstable distribution (etch), this problem has been fixed in\nversion 0.9.9-1+etch1.\n\nFor the stable distribution (lenny), this problem has been fixed in\nversion 1.0.7-3+lenny1.\n\nFor the testing (squeeze) and unstable (sid) distribution, this problem\nwill be fixed soon.\n\n\nWe recommend that you upgrade your xapian-omega packages.\n\nUpgrade instructions\n- --------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file.\n\nIf you are using the apt-get package manager, use the line for\nsources.list as given below:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration.\n\n\nDebian GNU/Linux 4.0 alias etch\n- -------------------------------\n\nDebian (oldstable)\n- ------------------\n\nOldstable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.\n\nSource archives:\n\n http://security.debian.org/pool/updates/main/x/xapian-omega/xapian-omega_0.9.9-1+etch1.dsc\n Size/MD5 checksum: 1309 5a6c3eb3466e76a5cd0195da96d646c8\n http://security.debian.org/pool/updates/main/x/xapian-omega/xapian-omega_0.9.9-1+etch1.diff.gz\n Size/MD5 checksum: 7283 fa1327788649c4b702555552484298ca\n http://security.debian.org/pool/updates/main/x/xapian-omega/xapian-omega_0.9.9.orig.tar.gz\n Size/MD5 checksum: 456940 cf2cfa2d98948ba6c5440db5e5baabc6\n\nalpha architecture (DEC Alpha)\n\n http://security.debian.org/pool/updates/main/x/xapian-omega/xapian-omega_0.9.9-1+etch1_alpha.deb\n Size/MD5 checksum: 264408 37050849b159d950718961ee8c9fc53a\n\namd64 architecture (AMD x86_64 (AMD64))\n\n http://security.debian.org/pool/updates/main/x/xapian-omega/xapian-omega_0.9.9-1+etch1_amd64.deb\n Size/MD5 checksum: 243398 039ab294a191863a6f11f9461d442fdb\n\narm architecture (ARM)\n\n http://security.debian.org/pool/updates/main/x/xapian-omega/xapian-omega_0.9.9-1+etch1_arm.deb\n Size/MD5 checksum: 271312 71c448519cc2952134c3c604d46e364b\n\nhppa architecture (HP PA RISC)\n\n http://security.debian.org/pool/updates/main/x/xapian-omega/xapian-omega_0.9.9-1+etch1_hppa.deb\n Size/MD5 checksum: 261640 6ec25e571ae0f72f2ce677d02f7a33c0\n\ni386 architecture (Intel ia32)\n\n http://security.debian.org/pool/updates/main/x/xapian-omega/xapian-omega_0.9.9-1+etch1_i386.deb\n Size/MD5 checksum: 247156 79d32ec1534b0c47306adc9e34ff7a2c\n\nia64 architecture (Intel ia64)\n\n http://security.debian.org/pool/updates/main/x/xapian-omega/xapian-omega_0.9.9-1+etch1_ia64.deb\n Size/MD5 checksum: 295998 0d0b0e45a813c5c3384beea87bf67d70\n\nmips architecture (MIPS (Big Endian))\n\n http://security.debian.org/pool/updates/main/x/xapian-omega/xapian-omega_0.9.9-1+etch1_mips.deb\n Size/MD5 checksum: 242622 75cbb4b5d4ccb7b17ebc5e43d3964550\n\nmipsel architecture (MIPS (Little Endian))\n\n http://security.debian.org/pool/updates/main/x/xapian-omega/xapian-omega_0.9.9-1+etch1_mipsel.deb\n Size/MD5 checksum: 242346 ea46d3fee9009a61628a40d548677579\n\npowerpc architecture (PowerPC)\n\n http://security.debian.org/pool/updates/main/x/xapian-omega/xapian-omega_0.9.9-1+etch1_powerpc.deb\n Size/MD5 checksum: 249362 13726168ebf17a82cde5d53b839b4921\n\ns390 architecture (IBM S/390)\n\n http://security.debian.org/pool/updates/main/x/xapian-omega/xapian-omega_0.9.9-1+etch1_s390.deb\n Size/MD5 checksum: 235796 1190383d3c937065802b81fae40fdaa1\n\nsparc architecture (Sun SPARC/UltraSPARC)\n\n http://security.debian.org/pool/updates/main/x/xapian-omega/xapian-omega_0.9.9-1+etch1_sparc.deb\n Size/MD5 checksum: 242226 b7d5339d30fb2c16fcd2efe4364b36f7\n\n\nDebian GNU/Linux 5.0 alias lenny\n- --------------------------------\n\nDebian (stable)\n- ---------------\n\nStable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.\n\nSource archives:\n\n http://security.debian.org/pool/updates/main/x/xapian-omega/xapian-omega_1.0.7-3+lenny1.dsc\n Size/MD5 checksum: 1802 cfe788a8d23049aa8424c4c6ff572989\n http://security.debian.org/pool/updates/main/x/xapian-omega/xapian-omega_1.0.7.orig.tar.gz\n Size/MD5 checksum: 498784 8a143dcee3f6463277dc63cd1c9ef39d\n http://security.debian.org/pool/updates/main/x/xapian-omega/xapian-omega_1.0.7-3+lenny1.diff.gz\n Size/MD5 checksum: 9310 57f3cb25f1a6b8355e0922d083cb8e54\n\nalpha architecture (DEC Alpha)\n\n http://security.debian.org/pool/updates/main/x/xapian-omega/xapian-omega_1.0.7-3+lenny1_alpha.deb\n Size/MD5 checksum: 280398 374175b22352fd3375430756f134e392\n\namd64 architecture (AMD x86_64 (AMD64))\n\n http://security.debian.org/pool/updates/main/x/xapian-omega/xapian-omega_1.0.7-3+lenny1_amd64.deb\n Size/MD5 checksum: 255794 da184e290012863e97bb0b91bb7e61c3\n\narm architecture (ARM)\n\n http://security.debian.org/pool/updates/main/x/xapian-omega/xapian-omega_1.0.7-3+lenny1_arm.deb\n Size/MD5 checksum: 270630 55379e802f6532e59e78d75300d86093\n\narmel architecture (ARM EABI)\n\n http://security.debian.org/pool/updates/main/x/xapian-omega/xapian-omega_1.0.7-3+lenny1_armel.deb\n Size/MD5 checksum: 243456 f2020f9eb2927a0688bacde831f6e8c7\n\nhppa architecture (HP PA RISC)\n\n http://security.debian.org/pool/updates/main/x/xapian-omega/xapian-omega_1.0.7-3+lenny1_hppa.deb\n Size/MD5 checksum: 274178 2f08d1aebded06cd3fae819f1395fc70\n\ni386 architecture (Intel ia32)\n\n http://security.debian.org/pool/updates/main/x/xapian-omega/xapian-omega_1.0.7-3+lenny1_i386.deb\n Size/MD5 checksum: 255186 f482f45caaef44e4b69009652f61dc4f\n\nia64 architecture (Intel ia64)\n\n http://security.debian.org/pool/updates/main/x/xapian-omega/xapian-omega_1.0.7-3+lenny1_ia64.deb\n Size/MD5 checksum: 303624 e4d9ed8617e10e1f7d3f65181f13b4fd\n\nmips architecture (MIPS (Big Endian))\n\n http://security.debian.org/pool/updates/main/x/xapian-omega/xapian-omega_1.0.7-3+lenny1_mips.deb\n Size/MD5 checksum: 251162 dbf38b5195aa541201fab2a5a4dbcfc6\n\nmipsel architecture (MIPS (Little Endian))\n\n http://security.debian.org/pool/updates/main/x/xapian-omega/xapian-omega_1.0.7-3+lenny1_mipsel.deb\n Size/MD5 checksum: 249966 f9e4ef33ba44d55a4f7d6b7cf400a4c7\n\npowerpc architecture (PowerPC)\n\n http://security.debian.org/pool/updates/main/x/xapian-omega/xapian-omega_1.0.7-3+lenny1_powerpc.deb\n Size/MD5 checksum: 265718 6b631cbffaa25046e9772f933fd7c18e\n\ns390 architecture (IBM S/390)\n\n http://security.debian.org/pool/updates/main/x/xapian-omega/xapian-omega_1.0.7-3+lenny1_s390.deb\n Size/MD5 checksum: 253984 5d2b17a735cb2775559bde3dc7f74048\n\nsparc architecture (Sun SPARC/UltraSPARC)\n\n http://security.debian.org/pool/updates/main/x/xapian-omega/xapian-omega_1.0.7-3+lenny1_sparc.deb\n Size/MD5 checksum: 259420 fc3bc1f75ed01b7e8ea723d0e4f6b822\n\n\n These files will probably be moved into the stable distribution on\n its next update.\n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>\n", "edition": 2, "modified": "2009-09-09T13:35:08", "published": "2009-09-09T13:35:08", "id": "DEBIAN:DSA-1882-1:0E501", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2009/msg00201.html", "title": "[SECURITY] [DSA 1882-1] New xapian-omega packages fix cross-site scripting", "type": "debian", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}], "nessus": [{"lastseen": "2021-01-06T09:45:39", "description": "It was discovered that xapian-omega, a CGI interface for searching\nxapian databases, is not properly escaping user-supplied input when\nprinting exceptions. An attacker can use this to conduct cross-site\nscripting attacks via crafted search queries resulting in an exception\nand steal potentially sensitive data from web applications running on\nthe same domain or embedding the search engine into a website.", "edition": 26, "published": "2010-02-24T00:00:00", "title": "Debian DSA-1882-1 : xapian-omega - missing input sanitization", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-2947"], "modified": "2010-02-24T00:00:00", "cpe": ["cpe:/o:debian:debian_linux:4.0", "cpe:/o:debian:debian_linux:5.0", "p-cpe:/a:debian:debian_linux:xapian-omega"], "id": "DEBIAN_DSA-1882.NASL", "href": "https://www.tenable.com/plugins/nessus/44747", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-1882. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(44747);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2009-2947\");\n script_xref(name:\"DSA\", value:\"1882\");\n\n script_name(english:\"Debian DSA-1882-1 : xapian-omega - missing input sanitization\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that xapian-omega, a CGI interface for searching\nxapian databases, is not properly escaping user-supplied input when\nprinting exceptions. An attacker can use this to conduct cross-site\nscripting attacks via crafted search queries resulting in an exception\nand steal potentially sensitive data from web applications running on\nthe same domain or embedding the search engine into a website.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2009/dsa-1882\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the xapian-omega packages.\n\nFor the oldstable distribution (etch), this problem has been fixed in\nversion 0.9.9-1+etch1.\n\nFor the stable distribution (lenny), this problem has been fixed in\nversion 1.0.7-3+lenny1.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_cwe_id(79);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:xapian-omega\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:4.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:5.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/09/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/02/24\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"4.0\", prefix:\"xapian-omega\", reference:\"0.9.9-1+etch1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"xapian-omega\", reference:\"1.0.7-3+lenny1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}], "freebsd": [{"lastseen": "2019-05-29T18:34:12", "bulletinFamily": "unix", "cvelist": ["CVE-2009-2947"], "description": "\nOlly Betts reports:\n\nThere's a cross-site scripting issue in Omega - exception\n\t messages don't currently get HTML entities escaped, but can\n\t contain CGI parameter values in some cases.\n\n", "edition": 4, "modified": "2009-09-09T00:00:00", "published": "2009-09-09T00:00:00", "id": "B46F3A1E-A052-11DE-A649-000C2955660F", "href": "https://vuxml.freebsd.org/freebsd/b46f3a1e-a052-11de-a649-000c2955660f.html", "title": "xapian-omega -- cross-site scripting vulnerability", "type": "freebsd", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}]}

FreeBSD : xapian-omega -- XSS vulnerability (b46f3a1e-a052-11de-a649-000c2955660f)

Description

Olly Betts reports : There's a cross-site scripting issue in Omega - exception messages don't currently get HTML entities escaped, but can contain CGI parameter values in some cases.

Olly Betts reports :

There's a cross-site scripting issue in Omega - exception messages don't currently get HTML entities escaped, but can contain CGI parameter values in some cases.