Search...

GLSA-200504-09 : Axel: Vulnerability in HTTP redirection handling

2005-04-13T00:00:00

ID GENTOO_GLSA-200504-09.NASL
Type nessus
Reporter This script is Copyright (C) 2005-2021 Tenable Network Security, Inc.
Modified 2021-01-06T00:00:00

Description

The remote host is affected by the vulnerability described in GLSA-200504-09 (Axel: Vulnerability in HTTP redirection handling)

A possible buffer overflow has been reported in the HTTP     redirection handling code in conn.c.

Impact :

A remote attacker could exploit this vulnerability by setting up a     malicious site and enticing a user to connect to it. This could     possibly lead to the execution of arbitrary code with the permissions     of the user running Axel.

Workaround :

There is no known workaround at this time.

                                        
                                            #%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Gentoo Linux Security Advisory GLSA 200504-09.
#
# The advisory text is Copyright (C) 2001-2015 Gentoo Foundation, Inc.
# and licensed under the Creative Commons - Attribution / Share Alike 
# license. See http://creativecommons.org/licenses/by-sa/3.0/
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(18031);
  script_version("1.17");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/06");

  script_cve_id("CVE-2005-0390");
  script_xref(name:"GLSA", value:"200504-09");

  script_name(english:"GLSA-200504-09 : Axel: Vulnerability in HTTP redirection handling");
  script_summary(english:"Checks for updated package(s) in /var/db/pkg");

  script_set_attribute(
    attribute:"synopsis", 
    value:
"The remote Gentoo host is missing one or more security-related
patches."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"The remote host is affected by the vulnerability described in GLSA-200504-09
(Axel: Vulnerability in HTTP redirection handling)

    A possible buffer overflow has been reported in the HTTP
    redirection handling code in conn.c.
  
Impact :

    A remote attacker could exploit this vulnerability by setting up a
    malicious site and enticing a user to connect to it. This could
    possibly lead to the execution of arbitrary code with the permissions
    of the user running Axel.
  
Workaround :

    There is no known workaround at this time."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security.gentoo.org/glsa/200504-09"
  );
  script_set_attribute(
    attribute:"solution", 
    value:
"All Axel users should upgrade to the latest version:
    # emerge --sync
    # emerge --ask --oneshot --verbose '&gt;=net-misc/axel-1.0b'"
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:axel");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux");

  script_set_attribute(attribute:"patch_publication_date", value:"2005/04/12");
  script_set_attribute(attribute:"plugin_publication_date", value:"2005/04/13");
  script_set_attribute(attribute:"vuln_publication_date", value:"2005/04/06");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2005-2021 Tenable Network Security, Inc.");
  script_family(english:"Gentoo Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("qpkg.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo");
if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING);


flag = 0;

if (qpkg_check(package:"net-misc/axel", unaffected:make_list("ge 1.0b"), vulnerable:make_list("lt 1.0b"))) flag++;

if (flag)
{
  if (report_verbosity &gt; 0) security_hole(port:0, extra:qpkg_report_get());
  else security_hole(0);
  exit(0);
}
else
{
  tested = qpkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "Axel");
}

JSON Vulners Source

Initial Source

{"id": "GENTOO_GLSA-200504-09.NASL", "type": "nessus", "bulletinFamily": "scanner", "title": "GLSA-200504-09 : Axel: Vulnerability in HTTP redirection handling", "description": "The remote host is affected by the vulnerability described in GLSA-200504-09 (Axel: Vulnerability in HTTP redirection handling)\n\n A possible buffer overflow has been reported in the HTTP redirection handling code in conn.c.\n Impact :\n\n A remote attacker could exploit this vulnerability by setting up a malicious site and enticing a user to connect to it. This could possibly lead to the execution of arbitrary code with the permissions of the user running Axel.\n Workaround :\n\n There is no known workaround at this time.", "published": "2005-04-13T00:00:00", "modified": "2021-01-06T00:00:00", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {}, "cvss3": {"score": null, "vector": null}, "href": "https://www.tenable.com/plugins/nessus/18031", "reporter": "This script is Copyright (C) 2005-2021 Tenable Network Security, Inc.", "references": ["https://security.gentoo.org/glsa/200504-09", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0390"], "cvelist": ["CVE-2005-0390"], "immutableFields": [], "lastseen": "2021-08-19T13:17:27", "viewCount": 0, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2005-0390"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2005-0390"]}, {"type": "freebsd", "idList": ["0163B498-AF54-11D9-ACD0-000854D03344"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:8327"]}, {"type": "debian", "idList": ["DEBIAN:DSA-706-1:42554"]}, {"type": "gentoo", "idList": ["GLSA-200504-09"]}, {"type": "openvas", "idList": ["OPENVAS:53751", "OPENVAS:52131", "OPENVAS:54911"]}, {"type": "osvdb", "idList": ["OSVDB:15310"]}, {"type": "nessus", "idList": ["DEBIAN_DSA-706.NASL", "FREEBSD_PKG_0163B498AF5411D9ACD0000854D03344.NASL", "2803.PRM"]}], "modified": "2021-08-19T13:17:27", "rev": 2}, "score": {"value": 7.8, "vector": "NONE", "modified": "2021-08-19T13:17:27", "rev": 2}, "vulnersScore": 7.8}, "pluginID": "18031", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 200504-09.\n#\n# The advisory text is Copyright (C) 2001-2015 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(18031);\n script_version(\"1.17\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2005-0390\");\n script_xref(name:\"GLSA\", value:\"200504-09\");\n\n script_name(english:\"GLSA-200504-09 : Axel: Vulnerability in HTTP redirection handling\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-200504-09\n(Axel: Vulnerability in HTTP redirection handling)\n\n A possible buffer overflow has been reported in the HTTP\n redirection handling code in conn.c.\n \nImpact :\n\n A remote attacker could exploit this vulnerability by setting up a\n malicious site and enticing a user to connect to it. This could\n possibly lead to the execution of arbitrary code with the permissions\n of the user running Axel.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/200504-09\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All Axel users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=net-misc/axel-1.0b'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:axel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2005/04/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2005/04/13\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2005/04/06\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2005-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"net-misc/axel\", unaffected:make_list(\"ge 1.0b\"), vulnerable:make_list(\"lt 1.0b\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"Axel\");\n}\n", "naslFamily": "Gentoo Local Security Checks", "cpe": ["p-cpe:/a:gentoo:linux:axel", "cpe:/o:gentoo:linux"], "solution": "All Axel users should upgrade to the latest version:\n # emerge --sync # emerge --ask --oneshot --verbose '>=net-misc/axel-1.0b'", "nessusSeverity": "High", "cvssScoreSource": "", "vpr": {"risk factor": "Medium", "score": "5.3"}, "exploitAvailable": false, "exploitEase": "", "patchPublicationDate": "2005-04-12T00:00:00", "vulnerabilityPublicationDate": "2005-04-06T00:00:00", "exploitableWith": []}

{"ubuntucve": [{"id": "UB:CVE-2005-0390", "hash": "bb329261736b273689402f5ed884f61b", "type": "ubuntucve", "bulletinFamily": "info", "title": "CVE-2005-0390", "description": "Buffer overflow in the HTTP redirection capability in conn.c for Axel\nbefore 1.0b may allow remote attackers to execute arbitrary code.", "published": "2005-05-02T00:00:00", "modified": "2005-05-02T00:00:00", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {"cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": true, "severity": "HIGH", "userInteractionRequired": false}, "cvss3": {}, "href": "https://ubuntu.com/security/CVE-2005-0390", "reporter": "ubuntu.com", "references": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0390", "https://nvd.nist.gov/vuln/detail/CVE-2005-0390", "https://launchpad.net/bugs/cve/CVE-2005-0390", "https://security-tracker.debian.org/tracker/CVE-2005-0390"], "cvelist": ["CVE-2005-0390"], "immutableFields": [], "lastseen": "2021-07-31T02:35:14", "history": [{"bulletin": {"id": "UB:CVE-2005-0390", "hash": "5c0028d10ff333a9dd2809eba13df722", "type": "ubuntucve", "bulletinFamily": "info", "title": "CVE-2005-0390", "description": "Buffer overflow in the HTTP redirection capability in conn.c for Axel\nbefore 1.0b may allow remote attackers to execute arbitrary code.", "published": "2005-05-02T00:00:00", "modified": "2005-05-02T00:00:00", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {}, "cvss3": {}, "href": "https://ubuntu.com/security/CVE-2005-0390", "reporter": "ubuntu.com", "references": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0390", "https://nvd.nist.gov/vuln/detail/CVE-2005-0390", "https://launchpad.net/bugs/cve/CVE-2005-0390", "https://security-tracker.debian.org/tracker/CVE-2005-0390"], "cvelist": ["CVE-2005-0390"], "immutableFields": [], "lastseen": "2021-07-01T01:22:56", "history": [], "viewCount": 0, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2005-0390"]}, {"type": "osvdb", "idList": ["OSVDB:15310"]}, {"type": "openvas", "idList": ["OPENVAS:52131", "OPENVAS:53751", "OPENVAS:54911"]}, {"type": "freebsd", "idList": ["0163B498-AF54-11D9-ACD0-000854D03344"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:8327"]}, {"type": "gentoo", "idList": ["GLSA-200504-09"]}, {"type": "debian", "idList": ["DEBIAN:DSA-706-1:42554"]}, {"type": "nessus", "idList": ["DEBIAN_DSA-706.NASL", "GENTOO_GLSA-200504-09.NASL", "FREEBSD_PKG_0163B498AF5411D9ACD0000854D03344.NASL"]}], "modified": "2021-07-01T01:22:56", "rev": 2}, "score": {"value": 8.4, "vector": "NONE", "modified": "2021-07-01T01:22:56", "rev": 2}}, "objectVersion": "1.5", "affectedPackage": [{"OS": "ubuntu", "OSVersion": "Upstream", "arch": "noarch", "packageVersion": "any", "packageFilename": "UNKNOWN", "operator": "lt", "packageName": "axel"}], "bugs": []}, "lastseen": "2021-07-01T01:22:56", "differentElements": ["cvss2"], "edition": 1}], "viewCount": 0, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2005-0390"]}, {"type": "freebsd", "idList": ["0163B498-AF54-11D9-ACD0-000854D03344"]}, {"type": "openvas", "idList": ["OPENVAS:53751", "OPENVAS:54911", "OPENVAS:52131"]}, {"type": "osvdb", "idList": ["OSVDB:15310"]}, {"type": "nessus", "idList": ["DEBIAN_DSA-706.NASL", "GENTOO_GLSA-200504-09.NASL", "2803.PRM", "FREEBSD_PKG_0163B498AF5411D9ACD0000854D03344.NASL"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:8327"]}, {"type": "gentoo", "idList": ["GLSA-200504-09"]}, {"type": "debian", "idList": ["DEBIAN:DSA-706-1:42554"]}], "modified": "2021-07-31T02:35:14", "rev": 2}, "score": {"value": 8.4, "vector": "NONE", "modified": "2021-07-31T02:35:14", "rev": 2}}, "objectVersion": "1.6", "affectedPackage": [{"OS": "ubuntu", "OSVersion": "Upstream", "arch": "noarch", "packageVersion": "any", "packageFilename": "UNKNOWN", "operator": "lt", "packageName": "axel"}], "bugs": [], "_object_type": "robots.models.ubuntucve.UbuntuCVEBulletin", "_object_types": ["robots.models.ubuntucve.UbuntuCVEBulletin", "robots.models.base.Bulletin"]}], "cve": [{"id": "CVE-2005-0390", "bulletinFamily": "NVD", "title": "CVE-2005-0390", "description": "Buffer overflow in the HTTP redirection capability in conn.c for Axel before 1.0b may allow remote attackers to execute arbitrary code.", "published": "2005-05-02T04:00:00", "modified": "2008-09-05T20:46:00", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-0390", "reporter": "security@debian.org", "references": ["http://security.gentoo.org/glsa/glsa-200504-09.xml", "http://www.mail-archive.com/debian-devel-changes@lists.debian.org/msg118978.html", "http://secunia.com/advisories/14831", "http://www.debian.org/security/2005/dsa-706", "http://www.securityfocus.com/bid/13059"], "cvelist": ["CVE-2005-0390"], "type": "cve", "lastseen": "2021-04-21T20:27:28", "history": [{"bulletin": {"affectedConfiguration": [], "affectedSoftware": [{"cpeName": "axel:axel", "name": "axel", "operator": "eq", "version": "1.0a"}], "bulletinFamily": "NVD", "cpe": ["cpe:/a:axel:axel:1.0a"], "cpe23": ["cpe:2.3:a:axel:axel:1.0a:*:*:*:*:*:*:*"], "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"cpe_match": [{"cpe23Uri": "cpe:2.3:a:axel:axel:1.0a:*:*:*:*:*:*:*", "vulnerable": true}], "operator": "OR"}]}, "cvelist": ["CVE-2005-0390"], "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {"cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": true, "severity": "HIGH", "userInteractionRequired": false}, "cvss3": {}, "cwe": ["NVD-CWE-Other"], "description": "Buffer overflow in the HTTP redirection capability in conn.c for Axel before 1.0b may allow remote attackers to execute arbitrary code.", "edition": 4, "enchantments": {"dependencies": {"modified": "2021-02-02T05:24:35", "references": [{"idList": ["DEBIAN:DSA-706-1:42554"], "type": "debian"}, {"idList": ["OSVDB:15310"], "type": "osvdb"}, {"idList": ["SECURITYVULNS:DOC:8327"], "type": "securityvulns"}, {"idList": ["GLSA-200504-09"], "type": "gentoo"}, {"idList": ["GENTOO_GLSA-200504-09.NASL", "FREEBSD_PKG_0163B498AF5411D9ACD0000854D03344.NASL", "DEBIAN_DSA-706.NASL"], "type": "nessus"}, {"idList": ["OPENVAS:54911", "OPENVAS:52131", "OPENVAS:53751"], "type": "openvas"}, {"idList": ["0163B498-AF54-11D9-ACD0-000854D03344"], "type": "freebsd"}], "rev": 2}, "score": {"modified": "2021-02-02T05:24:35", "rev": 2, "value": 7.4, "vector": "NONE"}}, "extraReferences": [{"name": "DSA-706", "refsource": "DEBIAN", "tags": ["Patch", "Vendor Advisory"], "url": "http://www.debian.org/security/2005/dsa-706"}, {"name": "http://www.mail-archive.com/debian-devel-changes@lists.debian.org/msg118978.html", "refsource": "CONFIRM", "tags": [], "url": "http://www.mail-archive.com/debian-devel-changes@lists.debian.org/msg118978.html"}, {"name": "13059", "refsource": "BID", "tags": ["Patch"], "url": "http://www.securityfocus.com/bid/13059"}, {"name": "GLSA-200504-09", "refsource": "GENTOO", "tags": ["Patch", "Vendor Advisory"], "url": "http://security.gentoo.org/glsa/glsa-200504-09.xml"}, {"name": "14831", "refsource": "SECUNIA", "tags": ["Patch"], "url": "http://secunia.com/advisories/14831"}], "hash": "eb64f1e9f2912e65cd91b8f6a95888fcbf76c73fe243f164b3c89ea68f28751a", "hashmap": [{"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "immutableFields"}, {"hash": "2f2fc0a89a52eb343ef962c3a4fa1198", "key": "description"}, {"hash": "190593ab05f070ac47218b11c4dd3173", "key": "references"}, {"hash": "d3729f1b117aa704b49cfd098a3ce084", "key": "extraReferences"}, {"hash": "c11dc2f243a31494a483c9b8ce765df8", "key": "cpe"}, {"hash": "f0f09ac1a6b7c63fb6d65d238539a398", "key": "cpe23"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "affectedConfiguration"}, {"hash": "8493c6510ce02f9050cd2a75fa94ce64", "key": "modified"}, {"hash": "c17b3821b8ef4c2fe974b7f93f0925af", "key": "affectedSoftware"}, {"hash": "78a7a5cbaf09985c14389298e454e7db", "key": "cwe"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvss3"}, {"hash": "a11071654cde664199dac48330e1f990", "key": "cvss2"}, {"hash": "517be570eaa0ad69e35ecf0ccbe1fa5f", "key": "title"}, {"hash": "2183fa7b0b17b5e53b549ab70a56cfc4", "key": "href"}, {"hash": "6005203de11e5063507a7394ffef0e8a", "key": "cvelist"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "7986b65a8d67777b30eb2134175c074e", "key": "cpeConfiguration"}, {"hash": "0b053db5674b87efff89989a8a720df3", "key": "cvss"}, {"hash": "c13cd72b1fb79a3190ca4c56e280fabc", "key": "published"}, {"hash": "444c2b4dda4a55437faa8bef1a141e84", "key": "reporter"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-0390", "id": "CVE-2005-0390", "immutableFields": [], "lastseen": "2021-02-02T05:24:35", "modified": "2008-09-05T20:46:00", "objectVersion": "1.5", "published": "2005-05-02T04:00:00", "references": ["http://security.gentoo.org/glsa/glsa-200504-09.xml", "http://www.mail-archive.com/debian-devel-changes@lists.debian.org/msg118978.html", "http://secunia.com/advisories/14831", "http://www.debian.org/security/2005/dsa-706", "http://www.securityfocus.com/bid/13059"], "reporter": "cve@mitre.org", "title": "CVE-2005-0390", "type": "cve", "viewCount": 3}, "different_elements": ["reporter", "cpeConfiguration"], "edition": 4, "lastseen": "2021-02-02T05:24:35"}, {"bulletin": {"affectedConfiguration": [], "affectedSoftware": [{"cpeName": "axel:axel", "name": "axel", "operator": "eq", "version": "1.0a"}], "bulletinFamily": "NVD", "cpe": ["cpe:/a:axel:axel:1.0a"], "cpe23": ["cpe:2.3:a:axel:axel:1.0a:*:*:*:*:*:*:*"], "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"cpe_match": [{"cpe23Uri": "cpe:2.3:a:axel:axel:1.0a:*:*:*:*:*:*:*", "vulnerable": true}], "operator": "OR"}]}, "cvelist": ["CVE-2005-0390"], "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {"cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": true, "severity": "HIGH", "userInteractionRequired": false}, "cvss3": {}, "cwe": ["NVD-CWE-Other"], "description": "Buffer overflow in the HTTP redirection capability in conn.c for Axel before 1.0b may allow remote attackers to execute arbitrary code.", "edition": 3, "enchantments": {"dependencies": {"modified": "2020-10-03T11:34:53", "references": [{"idList": ["DEBIAN:DSA-706-1:42554"], "type": "debian"}, {"idList": ["OSVDB:15310"], "type": "osvdb"}, {"idList": ["SECURITYVULNS:DOC:8327"], "type": "securityvulns"}, {"idList": ["GLSA-200504-09"], "type": "gentoo"}, {"idList": ["GENTOO_GLSA-200504-09.NASL", "FREEBSD_PKG_0163B498AF5411D9ACD0000854D03344.NASL", "DEBIAN_DSA-706.NASL"], "type": "nessus"}, {"idList": ["OPENVAS:54911", "OPENVAS:52131", "OPENVAS:53751"], "type": "openvas"}, {"idList": ["0163B498-AF54-11D9-ACD0-000854D03344"], "type": "freebsd"}], "rev": 2}, "score": {"modified": "2020-10-03T11:34:53", "rev": 2, "value": 7.4, "vector": "NONE"}}, "extraReferences": [], "hash": "3931d551c0404b056a5cb00c192e85a8928149dd007ff614a6326a9b1a60ffa0", "hashmap": [{"hash": "2f2fc0a89a52eb343ef962c3a4fa1198", "key": "description"}, {"hash": "190593ab05f070ac47218b11c4dd3173", "key": "references"}, {"hash": "c11dc2f243a31494a483c9b8ce765df8", "key": "cpe"}, {"hash": "f0f09ac1a6b7c63fb6d65d238539a398", "key": "cpe23"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "affectedConfiguration"}, {"hash": "8493c6510ce02f9050cd2a75fa94ce64", "key": "modified"}, {"hash": "c17b3821b8ef4c2fe974b7f93f0925af", "key": "affectedSoftware"}, {"hash": "78a7a5cbaf09985c14389298e454e7db", "key": "cwe"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvss3"}, {"hash": "a11071654cde664199dac48330e1f990", "key": "cvss2"}, {"hash": "517be570eaa0ad69e35ecf0ccbe1fa5f", "key": "title"}, {"hash": "2183fa7b0b17b5e53b549ab70a56cfc4", "key": "href"}, {"hash": "6005203de11e5063507a7394ffef0e8a", "key": "cvelist"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "extraReferences"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "7986b65a8d67777b30eb2134175c074e", "key": "cpeConfiguration"}, {"hash": "0b053db5674b87efff89989a8a720df3", "key": "cvss"}, {"hash": "c13cd72b1fb79a3190ca4c56e280fabc", "key": "published"}, {"hash": "444c2b4dda4a55437faa8bef1a141e84", "key": "reporter"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-0390", "id": "CVE-2005-0390", "lastseen": "2020-10-03T11:34:53", "modified": "2008-09-05T20:46:00", "objectVersion": "1.3", "published": "2005-05-02T04:00:00", "references": ["http://security.gentoo.org/glsa/glsa-200504-09.xml", "http://www.mail-archive.com/debian-devel-changes@lists.debian.org/msg118978.html", "http://secunia.com/advisories/14831", "http://www.debian.org/security/2005/dsa-706", "http://www.securityfocus.com/bid/13059"], "reporter": "cve@mitre.org", "title": "CVE-2005-0390", "type": "cve", "viewCount": 2}, "differentElements": ["extraReferences"], "edition": 3, "lastseen": "2020-10-03T11:34:53"}, {"bulletin": {"affectedSoftware": [{"name": "axel axel", "operator": "eq", "version": "1.0a"}], "bulletinFamily": "NVD", "cpe": ["cpe:/a:axel:axel:1.0a"], "cpe23": ["cpe:2.3:a:axel:axel:1.0a:*:*:*:*:*:*:*"], "cvelist": ["CVE-2005-0390"], "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {"cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": true, "severity": "HIGH", "userInteractionRequired": false}, "cvss3": {}, "cwe": ["NVD-CWE-Other"], "description": "Buffer overflow in the HTTP redirection capability in conn.c for Axel before 1.0b may allow remote attackers to execute arbitrary code.", "edition": 1, "enchantments": {"dependencies": {"modified": "2019-05-29T18:08:13", "references": [{"idList": ["DEBIAN:DSA-706-1:42554"], "type": "debian"}, {"idList": ["OSVDB:15310"], "type": "osvdb"}, {"idList": ["SECURITYVULNS:DOC:8327"], "type": "securityvulns"}, {"idList": ["GLSA-200504-09"], "type": "gentoo"}, {"idList": ["GENTOO_GLSA-200504-09.NASL", "FREEBSD_PKG_0163B498AF5411D9ACD0000854D03344.NASL", "DEBIAN_DSA-706.NASL"], "type": "nessus"}, {"idList": ["OPENVAS:54911", "OPENVAS:52131", "OPENVAS:53751"], "type": "openvas"}, {"idList": ["0163B498-AF54-11D9-ACD0-000854D03344"], "type": "freebsd"}], "rev": 2}, "score": {"modified": "2019-05-29T18:08:13", "rev": 2, "value": 7.4, "vector": "NONE"}}, "hash": "82b1bcaa014e8f5bd5ca76ac2f7acd3d1d1f3854bf339c89df7296b6317dcba2", "hashmap": [{"hash": "2f2fc0a89a52eb343ef962c3a4fa1198", "key": "description"}, {"hash": "190593ab05f070ac47218b11c4dd3173", "key": "references"}, {"hash": "c11dc2f243a31494a483c9b8ce765df8", "key": "cpe"}, {"hash": "f0f09ac1a6b7c63fb6d65d238539a398", "key": "cpe23"}, {"hash": "80bac72ca20911833b61cdab35d7034a", "key": "affectedSoftware"}, {"hash": "8493c6510ce02f9050cd2a75fa94ce64", "key": "modified"}, {"hash": "78a7a5cbaf09985c14389298e454e7db", "key": "cwe"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvss3"}, {"hash": "a11071654cde664199dac48330e1f990", "key": "cvss2"}, {"hash": "517be570eaa0ad69e35ecf0ccbe1fa5f", "key": "title"}, {"hash": "2183fa7b0b17b5e53b549ab70a56cfc4", "key": "href"}, {"hash": "6005203de11e5063507a7394ffef0e8a", "key": "cvelist"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "0b053db5674b87efff89989a8a720df3", "key": "cvss"}, {"hash": "c13cd72b1fb79a3190ca4c56e280fabc", "key": "published"}, {"hash": "444c2b4dda4a55437faa8bef1a141e84", "key": "reporter"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-0390", "id": "CVE-2005-0390", "lastseen": "2019-05-29T18:08:13", "modified": "2008-09-05T20:46:00", "objectVersion": "1.3", "published": "2005-05-02T04:00:00", "references": ["http://security.gentoo.org/glsa/glsa-200504-09.xml", "http://www.mail-archive.com/debian-devel-changes@lists.debian.org/msg118978.html", "http://secunia.com/advisories/14831", "http://www.debian.org/security/2005/dsa-706", "http://www.securityfocus.com/bid/13059"], "reporter": "cve@mitre.org", "title": "CVE-2005-0390", "type": "cve", "viewCount": 0}, "differentElements": ["affectedSoftware"], "edition": 1, "lastseen": "2019-05-29T18:08:13"}, {"bulletin": {"affectedConfiguration": [], "affectedSoftware": [{"cpeName": "axel:axel", "name": "axel", "operator": "eq", "version": "1.0a"}], "bulletinFamily": "NVD", "cpe": ["cpe:/a:axel:axel:1.0a"], "cpe23": ["cpe:2.3:a:axel:axel:1.0a:*:*:*:*:*:*:*"], "cpeConfiguration": {}, "cvelist": ["CVE-2005-0390"], "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {"cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": true, "severity": "HIGH", "userInteractionRequired": false}, "cvss3": {}, "cwe": ["NVD-CWE-Other"], "description": "Buffer overflow in the HTTP redirection capability in conn.c for Axel before 1.0b may allow remote attackers to execute arbitrary code.", "edition": 2, "enchantments": {"dependencies": {"modified": "2020-09-21T13:48:36", "references": [{"idList": ["DEBIAN:DSA-706-1:42554"], "type": "debian"}, {"idList": ["OSVDB:15310"], "type": "osvdb"}, {"idList": ["SECURITYVULNS:DOC:8327"], "type": "securityvulns"}, {"idList": ["GLSA-200504-09"], "type": "gentoo"}, {"idList": ["GENTOO_GLSA-200504-09.NASL", "FREEBSD_PKG_0163B498AF5411D9ACD0000854D03344.NASL", "DEBIAN_DSA-706.NASL"], "type": "nessus"}, {"idList": ["OPENVAS:54911", "OPENVAS:52131", "OPENVAS:53751"], "type": "openvas"}, {"idList": ["0163B498-AF54-11D9-ACD0-000854D03344"], "type": "freebsd"}], "rev": 2}, "score": {"modified": "2020-09-21T13:48:36", "rev": 2, "value": 7.4, "vector": "NONE"}}, "hash": "5d769536f22f27d53812390746f0f28c2a0cb81752547f7e1fcd90ca031c1b49", "hashmap": [{"hash": "2f2fc0a89a52eb343ef962c3a4fa1198", "key": "description"}, {"hash": "190593ab05f070ac47218b11c4dd3173", "key": "references"}, {"hash": "c11dc2f243a31494a483c9b8ce765df8", "key": "cpe"}, {"hash": "f0f09ac1a6b7c63fb6d65d238539a398", "key": "cpe23"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "affectedConfiguration"}, {"hash": "8493c6510ce02f9050cd2a75fa94ce64", "key": "modified"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpeConfiguration"}, {"hash": "c17b3821b8ef4c2fe974b7f93f0925af", "key": "affectedSoftware"}, {"hash": "78a7a5cbaf09985c14389298e454e7db", "key": "cwe"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvss3"}, {"hash": "a11071654cde664199dac48330e1f990", "key": "cvss2"}, {"hash": "517be570eaa0ad69e35ecf0ccbe1fa5f", "key": "title"}, {"hash": "2183fa7b0b17b5e53b549ab70a56cfc4", "key": "href"}, {"hash": "6005203de11e5063507a7394ffef0e8a", "key": "cvelist"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "0b053db5674b87efff89989a8a720df3", "key": "cvss"}, {"hash": "c13cd72b1fb79a3190ca4c56e280fabc", "key": "published"}, {"hash": "444c2b4dda4a55437faa8bef1a141e84", "key": "reporter"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-0390", "id": "CVE-2005-0390", "lastseen": "2020-09-21T13:48:36", "modified": "2008-09-05T20:46:00", "objectVersion": "1.3", "published": "2005-05-02T04:00:00", "references": ["http://security.gentoo.org/glsa/glsa-200504-09.xml", "http://www.mail-archive.com/debian-devel-changes@lists.debian.org/msg118978.html", "http://secunia.com/advisories/14831", "http://www.debian.org/security/2005/dsa-706", "http://www.securityfocus.com/bid/13059"], "reporter": "cve@mitre.org", "title": "CVE-2005-0390", "type": "cve", "viewCount": 0}, "differentElements": ["cpeConfiguration"], "edition": 2, "lastseen": "2020-09-21T13:48:36"}], "edition": 5, "hashmap": [{"key": "affectedConfiguration", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "affectedSoftware", "hash": "c17b3821b8ef4c2fe974b7f93f0925af"}, {"key": "bulletinFamily", "hash": "601892ece72be3be2f57266ca2354792"}, {"key": "cpe", "hash": "c11dc2f243a31494a483c9b8ce765df8"}, {"key": "cpe23", "hash": "f0f09ac1a6b7c63fb6d65d238539a398"}, {"key": "cpeConfiguration", "hash": "0003dc3afd7315b749b72f3fe6b49969"}, {"key": "cvelist", "hash": "6005203de11e5063507a7394ffef0e8a"}, {"key": "cvss", "hash": "0b053db5674b87efff89989a8a720df3"}, {"key": "cvss2", "hash": "a11071654cde664199dac48330e1f990"}, {"key": "cvss3", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cwe", "hash": "78a7a5cbaf09985c14389298e454e7db"}, {"key": "description", "hash": "2f2fc0a89a52eb343ef962c3a4fa1198"}, {"key": "extraReferences", "hash": "d3729f1b117aa704b49cfd098a3ce084"}, {"key": "href", "hash": "2183fa7b0b17b5e53b549ab70a56cfc4"}, {"key": "immutableFields", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "modified", "hash": "8493c6510ce02f9050cd2a75fa94ce64"}, {"key": "published", "hash": "c13cd72b1fb79a3190ca4c56e280fabc"}, {"key": "references", "hash": "190593ab05f070ac47218b11c4dd3173"}, {"key": "reporter", "hash": "bd9ab6304743e9c64f26ecb9a8cf1e66"}, {"key": "title", "hash": "517be570eaa0ad69e35ecf0ccbe1fa5f"}, {"key": "type", "hash": "1716b5fcbb7121af74efdc153d0166c5"}], "hash": "8317bac838e067541d058a4021173dfe0fd1407c107aa5d11b049e94172a6975", "viewCount": 8, "enchantments": {"dependencies": {"references": [{"type": "ubuntucve", "idList": ["UB:CVE-2005-0390"]}, {"type": "debian", "idList": ["DEBIAN:DSA-706-1:42554"]}, {"type": "gentoo", "idList": ["GLSA-200504-09"]}, {"type": "freebsd", "idList": ["0163B498-AF54-11D9-ACD0-000854D03344"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:8327"]}, {"type": "openvas", "idList": ["OPENVAS:53751", "OPENVAS:54911", "OPENVAS:52131"]}, {"type": "osvdb", "idList": ["OSVDB:15310"]}, {"type": "nessus", "idList": ["DEBIAN_DSA-706.NASL", "GENTOO_GLSA-200504-09.NASL", "2803.PRM", "FREEBSD_PKG_0163B498AF5411D9ACD0000854D03344.NASL"]}], "modified": "2021-04-21T20:27:28", "rev": 2}, "score": {"value": 7.4, "vector": "NONE", "modified": "2021-04-21T20:27:28", "rev": 2}}, "objectVersion": "1.5", "cpe": ["cpe:/a:axel:axel:1.0a"], "affectedSoftware": [{"cpeName": "axel:axel", "name": "axel", "operator": "eq", "version": "1.0a"}], "cvss2": {"cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": true, "severity": "HIGH", "userInteractionRequired": false}, "cvss3": {}, "cpe23": ["cpe:2.3:a:axel:axel:1.0a:*:*:*:*:*:*:*"], "cwe": ["NVD-CWE-Other"], "scheme": null, "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:a:axel:axel:1.0a:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}], "operator": "OR"}]}, "extraReferences": [{"name": "DSA-706", "refsource": "DEBIAN", "tags": ["Patch", "Vendor Advisory"], "url": "http://www.debian.org/security/2005/dsa-706"}, {"name": "http://www.mail-archive.com/debian-devel-changes@lists.debian.org/msg118978.html", "refsource": "CONFIRM", "tags": [], "url": "http://www.mail-archive.com/debian-devel-changes@lists.debian.org/msg118978.html"}, {"name": "13059", "refsource": "BID", "tags": ["Patch"], "url": "http://www.securityfocus.com/bid/13059"}, {"name": "GLSA-200504-09", "refsource": "GENTOO", "tags": ["Patch", "Vendor Advisory"], "url": "http://security.gentoo.org/glsa/glsa-200504-09.xml"}, {"name": "14831", "refsource": "SECUNIA", "tags": ["Patch"], "url": "http://secunia.com/advisories/14831"}], "immutableFields": []}], "freebsd": [{"id": "0163B498-AF54-11D9-ACD0-000854D03344", "bulletinFamily": "unix", "title": "axel -- remote buffer overflow", "description": "\nA Debian Security Advisory reports:\n\nUlf H\u00c3\u00a4rnhammar from the Debian Security Audit Project\n\t discovered a buffer overflow in axel, a light download\n\t accelerator.\tWhen reading remote input the program did\n\t not check if a part of the input can overflow a buffer\n\t and maybe trigger the execution of arbitrary code.\n\n", "published": "2005-04-16T00:00:00", "modified": "2005-04-16T00:00:00", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "href": "https://vuxml.freebsd.org/freebsd/0163b498-af54-11d9-acd0-000854d03344.html", "reporter": "FreeBSD", "references": ["http://www.debian.org/security/2005/dsa-706"], "cvelist": ["CVE-2005-0390"], "type": "freebsd", "lastseen": "2021-07-28T14:53:39", "history": [{"bulletin": {"affectedPackage": [{"OS": "FreeBSD", "OSVersion": "any", "arch": "noarch", "operator": "lt", "packageFilename": "UNKNOWN", "packageName": "axel", "packageVersion": "1.0a_4"}], "bulletinFamily": "unix", "cvelist": ["CVE-2005-0390"], "cvss": {"score": 0.0, "vector": "NONE"}, "description": "\nA Debian Security Advisory reports:\n\nUlf H\u00c3\u00a4rnhammar from the Debian Security Audit Project\n\t discovered a buffer overflow in axel, a light download\n\t accelerator.\tWhen reading remote input the program did\n\t not check if a part of the input can overflow a buffer\n\t and maybe trigger the execution of arbitrary code.\n\n", "edition": 2, "enchantments": {"score": {"value": 7.5, "vector": "NONE"}}, "hash": "3f8801d8b4e5899e50cbf4622289116316121d2ed3472c1a2167a3d53e60541e", "hashmap": [{"hash": "abe7a7c747126dc0098d80ff05164ed9", "key": "href"}, {"hash": "d9746c99187f62d301a02d3e6ab959d5", "key": "affectedPackage"}, {"hash": "a3dc630729e463135f4e608954fa6e19", "key": "reporter"}, {"hash": "2b14aed83c8e86bb4c5763b743669958", "key": "title"}, {"hash": "9e0c1ba2ec0b4ce6ff796dac2d3401f2", "key": "references"}, {"hash": "52094a4bc27b0a91cf0d4178c4f676a5", "key": "published"}, {"hash": "8cd4821cb504d25572038ed182587d85", "key": "cvss"}, {"hash": "4913a9178621eadcdf191db17915fbcb", "key": "bulletinFamily"}, {"hash": "6005203de11e5063507a7394ffef0e8a", "key": "cvelist"}, {"hash": "1527e888767cdce15d200b870b39cfd0", "key": "type"}, {"hash": "52094a4bc27b0a91cf0d4178c4f676a5", "key": "modified"}, {"hash": "0677937bfeeb0d0bd6d362ef6b6f934e", "key": "description"}], "history": [], "href": "https://vuxml.freebsd.org/freebsd/0163b498-af54-11d9-acd0-000854d03344.html", "id": "0163B498-AF54-11D9-ACD0-000854D03344", "lastseen": "2018-08-30T19:16:20", "modified": "2005-04-16T00:00:00", "objectVersion": "1.3", "published": "2005-04-16T00:00:00", "references": ["http://www.debian.org/security/2005/dsa-706"], "reporter": "FreeBSD", "title": "axel -- remote buffer overflow", "type": "freebsd", "viewCount": 0}, "differentElements": ["cvss"], "edition": 2, "lastseen": "2018-08-30T19:16:20"}, {"bulletin": {"affectedPackage": [{"OS": "FreeBSD", "OSVersion": "any", "arch": "noarch", "operator": "lt", "packageFilename": "UNKNOWN", "packageName": "axel", "packageVersion": "1.0a_4"}], "bulletinFamily": "unix", "cvelist": ["CVE-2005-0390"], "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "description": "\nA Debian Security Advisory reports:\n\nUlf H\u00c3\u00a4rnhammar from the Debian Security Audit Project\n\t discovered a buffer overflow in axel, a light download\n\t accelerator.\tWhen reading remote input the program did\n\t not check if a part of the input can overflow a buffer\n\t and maybe trigger the execution of arbitrary code.\n\n", "edition": 1, "enchantments": {"score": {"value": 7.5, "vector": "NONE"}}, "hash": "0b44bf8d96555ecd2d5b4a6d404ac054d94791d13edd99bd6e9a6842a2f37772", "hashmap": [{"hash": "abe7a7c747126dc0098d80ff05164ed9", "key": "href"}, {"hash": "d9746c99187f62d301a02d3e6ab959d5", "key": "affectedPackage"}, {"hash": "e5d275b3ebd62646b78320753699e02e", "key": "cvss"}, {"hash": "a3dc630729e463135f4e608954fa6e19", "key": "reporter"}, {"hash": "2b14aed83c8e86bb4c5763b743669958", "key": "title"}, {"hash": "9e0c1ba2ec0b4ce6ff796dac2d3401f2", "key": "references"}, {"hash": "52094a4bc27b0a91cf0d4178c4f676a5", "key": "published"}, {"hash": "4913a9178621eadcdf191db17915fbcb", "key": "bulletinFamily"}, {"hash": "6005203de11e5063507a7394ffef0e8a", "key": "cvelist"}, {"hash": "1527e888767cdce15d200b870b39cfd0", "key": "type"}, {"hash": "52094a4bc27b0a91cf0d4178c4f676a5", "key": "modified"}, {"hash": "0677937bfeeb0d0bd6d362ef6b6f934e", "key": "description"}], "history": [], "href": "https://vuxml.freebsd.org/freebsd/0163b498-af54-11d9-acd0-000854d03344.html", "id": "0163B498-AF54-11D9-ACD0-000854D03344", "lastseen": "2016-09-26T17:25:15", "modified": "2005-04-16T00:00:00", "objectVersion": "1.2", "published": "2005-04-16T00:00:00", "references": ["http://www.debian.org/security/2005/dsa-706"], "reporter": "FreeBSD", "title": "axel -- remote buffer overflow", "type": "freebsd", "viewCount": 0}, "differentElements": ["cvss"], "edition": 1, "lastseen": "2016-09-26T17:25:15"}, {"bulletin": {"affectedPackage": [{"OS": "FreeBSD", "OSVersion": "any", "arch": "noarch", "operator": "lt", "packageFilename": "UNKNOWN", "packageName": "axel", "packageVersion": "1.0a_4"}], "bulletinFamily": "unix", "cvelist": ["CVE-2005-0390"], "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "description": "\nA Debian Security Advisory reports:\n\nUlf H\u00c3\u00a4rnhammar from the Debian Security Audit Project\n\t discovered a buffer overflow in axel, a light download\n\t accelerator.\tWhen reading remote input the program did\n\t not check if a part of the input can overflow a buffer\n\t and maybe trigger the execution of arbitrary code.\n\n", "edition": 3, "enchantments": {"dependencies": {"modified": "2018-08-31T01:15:59", "references": [{"idList": ["DEBIAN:DSA-706-1:42554"], "type": "debian"}, {"idList": ["CVE-2005-0390"], "type": "cve"}, {"idList": ["OSVDB:15310"], "type": "osvdb"}, {"idList": ["SECURITYVULNS:DOC:8327"], "type": "securityvulns"}, {"idList": ["GLSA-200504-09"], "type": "gentoo"}, {"idList": ["GENTOO_GLSA-200504-09.NASL", "FREEBSD_PKG_0163B498AF5411D9ACD0000854D03344.NASL", "DEBIAN_DSA-706.NASL"], "type": "nessus"}, {"idList": ["OPENVAS:54911", "OPENVAS:52131", "OPENVAS:53751"], "type": "openvas"}]}, "score": {"value": 7.5, "vector": "NONE"}}, "hash": "0b44bf8d96555ecd2d5b4a6d404ac054d94791d13edd99bd6e9a6842a2f37772", "hashmap": [{"hash": "abe7a7c747126dc0098d80ff05164ed9", "key": "href"}, {"hash": "d9746c99187f62d301a02d3e6ab959d5", "key": "affectedPackage"}, {"hash": "e5d275b3ebd62646b78320753699e02e", "key": "cvss"}, {"hash": "a3dc630729e463135f4e608954fa6e19", "key": "reporter"}, {"hash": "2b14aed83c8e86bb4c5763b743669958", "key": "title"}, {"hash": "9e0c1ba2ec0b4ce6ff796dac2d3401f2", "key": "references"}, {"hash": "52094a4bc27b0a91cf0d4178c4f676a5", "key": "published"}, {"hash": "4913a9178621eadcdf191db17915fbcb", "key": "bulletinFamily"}, {"hash": "6005203de11e5063507a7394ffef0e8a", "key": "cvelist"}, {"hash": "1527e888767cdce15d200b870b39cfd0", "key": "type"}, {"hash": "52094a4bc27b0a91cf0d4178c4f676a5", "key": "modified"}, {"hash": "0677937bfeeb0d0bd6d362ef6b6f934e", "key": "description"}], "history": [], "href": "https://vuxml.freebsd.org/freebsd/0163b498-af54-11d9-acd0-000854d03344.html", "id": "0163B498-AF54-11D9-ACD0-000854D03344", "lastseen": "2018-08-31T01:15:59", "modified": "2005-04-16T00:00:00", "objectVersion": "1.3", "published": "2005-04-16T00:00:00", "references": ["http://www.debian.org/security/2005/dsa-706"], "reporter": "FreeBSD", "title": "axel -- remote buffer overflow", "type": "freebsd", "viewCount": 2}, "differentElements": ["cvss"], "edition": 3, "lastseen": "2018-08-31T01:15:59"}, {"bulletin": {"affectedPackage": [{"OS": "FreeBSD", "OSVersion": "any", "arch": "noarch", "operator": "lt", "packageFilename": "UNKNOWN", "packageName": "axel", "packageVersion": "1.0a_4"}], "bulletinFamily": "unix", "cvelist": ["CVE-2005-0390"], "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {}, "cvss3": {}, "description": "\nA Debian Security Advisory reports:\n\nUlf H\u00c3\u00a4rnhammar from the Debian Security Audit Project\n\t discovered a buffer overflow in axel, a light download\n\t accelerator.\tWhen reading remote input the program did\n\t not check if a part of the input can overflow a buffer\n\t and maybe trigger the execution of arbitrary code.\n\n", "edition": 4, "enchantments": {"dependencies": {"modified": "2019-05-29T18:34:59", "references": [{"idList": ["DEBIAN:DSA-706-1:42554"], "type": "debian"}, {"idList": ["CVE-2005-0390"], "type": "cve"}, {"idList": ["OSVDB:15310"], "type": "osvdb"}, {"idList": ["SECURITYVULNS:DOC:8327"], "type": "securityvulns"}, {"idList": ["UB:CVE-2005-0390"], "type": "ubuntucve"}, {"idList": ["GLSA-200504-09"], "type": "gentoo"}, {"idList": ["GENTOO_GLSA-200504-09.NASL", "FREEBSD_PKG_0163B498AF5411D9ACD0000854D03344.NASL", "DEBIAN_DSA-706.NASL"], "type": "nessus"}, {"idList": ["OPENVAS:54911", "OPENVAS:52131", "OPENVAS:53751"], "type": "openvas"}], "rev": 2}, "score": {"modified": "2019-05-29T18:34:59", "rev": 2, "value": 7.8, "vector": "NONE"}}, "hash": "290ca2a9d912cf6cfe8eae9e12e468cd5bce478ea0158205b720aca577324745", "hashmap": [{"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "immutableFields"}, {"hash": "abe7a7c747126dc0098d80ff05164ed9", "key": "href"}, {"hash": "d9746c99187f62d301a02d3e6ab959d5", "key": "affectedPackage"}, {"hash": "a3dc630729e463135f4e608954fa6e19", "key": "reporter"}, {"hash": "2b14aed83c8e86bb4c5763b743669958", "key": "title"}, {"hash": "9e0c1ba2ec0b4ce6ff796dac2d3401f2", "key": "references"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvss3"}, {"hash": "52094a4bc27b0a91cf0d4178c4f676a5", "key": "published"}, {"hash": "4913a9178621eadcdf191db17915fbcb", "key": "bulletinFamily"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvss2"}, {"hash": "6005203de11e5063507a7394ffef0e8a", "key": "cvelist"}, {"hash": "1527e888767cdce15d200b870b39cfd0", "key": "type"}, {"hash": "52094a4bc27b0a91cf0d4178c4f676a5", "key": "modified"}, {"hash": "0b053db5674b87efff89989a8a720df3", "key": "cvss"}, {"hash": "0677937bfeeb0d0bd6d362ef6b6f934e", "key": "description"}], "history": [], "href": "https://vuxml.freebsd.org/freebsd/0163b498-af54-11d9-acd0-000854d03344.html", "id": "0163B498-AF54-11D9-ACD0-000854D03344", "immutableFields": [], "lastseen": "2019-05-29T18:34:59", "modified": "2005-04-16T00:00:00", "objectVersion": "1.5", "published": "2005-04-16T00:00:00", "references": ["http://www.debian.org/security/2005/dsa-706"], "reporter": "FreeBSD", "title": "axel -- remote buffer overflow", "type": "freebsd", "viewCount": 2}, "different_elements": ["cvss2"], "edition": 4, "lastseen": "2019-05-29T18:34:59"}], "edition": 5, "hashmap": [{"key": "affectedPackage", "hash": "d9746c99187f62d301a02d3e6ab959d5"}, {"key": "bulletinFamily", "hash": "4913a9178621eadcdf191db17915fbcb"}, {"key": "cvelist", "hash": "6005203de11e5063507a7394ffef0e8a"}, {"key": "cvss", "hash": "0b053db5674b87efff89989a8a720df3"}, {"key": "cvss2", "hash": "a11071654cde664199dac48330e1f990"}, {"key": "cvss3", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "description", "hash": "0677937bfeeb0d0bd6d362ef6b6f934e"}, {"key": "href", "hash": "abe7a7c747126dc0098d80ff05164ed9"}, {"key": "immutableFields", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "modified", "hash": "52094a4bc27b0a91cf0d4178c4f676a5"}, {"key": "published", "hash": "52094a4bc27b0a91cf0d4178c4f676a5"}, {"key": "references", "hash": "9e0c1ba2ec0b4ce6ff796dac2d3401f2"}, {"key": "reporter", "hash": "a3dc630729e463135f4e608954fa6e19"}, {"key": "title", "hash": "2b14aed83c8e86bb4c5763b743669958"}, {"key": "type", "hash": "1527e888767cdce15d200b870b39cfd0"}], "hash": "9cb04f1f2097a7fd489f33afc49912094018169c579690d88993b031b41d52f1", "viewCount": 2, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2005-0390"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2005-0390"]}, {"type": "openvas", "idList": ["OPENVAS:53751", "OPENVAS:54911", "OPENVAS:52131"]}, {"type": "nessus", "idList": ["DEBIAN_DSA-706.NASL", "GENTOO_GLSA-200504-09.NASL", "2803.PRM", "FREEBSD_PKG_0163B498AF5411D9ACD0000854D03344.NASL"]}, {"type": "gentoo", "idList": ["GLSA-200504-09"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:8327"]}, {"type": "debian", "idList": ["DEBIAN:DSA-706-1:42554"]}, {"type": "osvdb", "idList": ["OSVDB:15310"]}], "modified": "2021-07-28T14:53:39", "rev": 2}, "score": {"value": 7.8, "vector": "NONE", "modified": "2021-07-28T14:53:39", "rev": 2}}, "objectVersion": "1.6", "affectedPackage": [{"OS": "FreeBSD", "OSVersion": "any", "arch": "noarch", "operator": "lt", "packageFilename": "UNKNOWN", "packageName": "axel", "packageVersion": "1.0a_4"}], "scheme": null, "immutableFields": [], "cvss2": {"cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": true, "severity": "HIGH", "userInteractionRequired": false}, "cvss3": {}}], "securityvulns": [{"id": "SECURITYVULNS:DOC:8327", "bulletinFamily": "software", "title": "[ GLSA 200504-09 ] Axel: Vulnerability in HTTP redirection handling", "description": "- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\r\nGentoo Linux Security Advisory GLSA 200504-09\r\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\r\n http://security.gentoo.org/\r\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\r\n\r\n Severity: Normal\r\n Title: Axel: Vulnerability in HTTP redirection handling\r\n Date: April 12, 2005\r\n Bugs: #88264\r\n ID: 200504-09\r\n\r\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\r\n\r\nSynopsis\r\n========\r\n\r\nA buffer overflow vulnerability has been found in Axel which could lead\r\nto the execution of arbitrary code.\r\n\r\nBackground\r\n==========\r\n\r\nAxel is a console-based FTP/HTTP download accelerator.\r\n\r\nAffected packages\r\n=================\r\n\r\n -------------------------------------------------------------------\r\n Package / Vulnerable / Unaffected\r\n -------------------------------------------------------------------\r\n 1 net-misc/axel < 1.0b >= 1.0b\r\n\r\nDescription\r\n===========\r\n\r\nA possible buffer overflow has been reported in the HTTP redirection\r\nhandling code in conn.c.\r\n\r\nImpact\r\n======\r\n\r\nA remote attacker could exploit this vulnerability by setting up a\r\nmalicious site and enticing a user to connect to it. This could\r\npossibly lead to the execution of arbitrary code with the permissions\r\nof the user running Axel.\r\n\r\nWorkaround\r\n==========\r\n\r\nThere is no known workaround at this time.\r\n\r\nResolution\r\n==========\r\n\r\nAll Axel users should upgrade to the latest version:\r\n\r\n # emerge --sync\r\n # emerge --ask --oneshot --verbose ">=net-misc/axel-1.0b"\r\n\r\nReferences\r\n==========\r\n\r\n [ 1 ] CAN-2005-0390\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0390\r\n\r\nAvailability\r\n============\r\n\r\nThis GLSA and any updates to it are available for viewing at\r\nthe Gentoo Security Website:\r\n\r\n http://security.gentoo.org/glsa/glsa-200504-09.xml\r\n\r\nConcerns?\r\n=========\r\n\r\nSecurity is a primary focus of Gentoo Linux and ensuring the\r\nconfidentiality and security of our users machines is of utmost\r\nimportance to us. Any security concerns should be addressed to\r\nsecurity@gentoo.org or alternatively, you may file a bug at\r\nhttp://bugs.gentoo.org.\r\n\r\nLicense\r\n=======\r\n\r\nCopyright 2005 Gentoo Foundation, Inc; referenced text\r\nbelongs to its owner(s).\r\n\r\nThe contents of this document are licensed under the\r\nCreative Commons - Attribution / Share Alike license.\r\n\r\nhttp://creativecommons.org/licenses/by-sa/2.0", "published": "2005-04-13T00:00:00", "modified": "2005-04-13T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:8327", "reporter": "Securityvulns", "references": [], "cvelist": ["CVE-2005-0390"], "type": "securityvulns", "lastseen": "2018-08-31T11:10:12", "history": [], "edition": 1, "hashmap": [{"key": "affectedSoftware", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "bulletinFamily", "hash": "f9fa10ba956cacf91d7878861139efb9"}, {"key": "cvelist", "hash": "6005203de11e5063507a7394ffef0e8a"}, {"key": "cvss", "hash": "e5d275b3ebd62646b78320753699e02e"}, {"key": "description", "hash": "32aa3d464e79fa3c4987c22c1c03a3ac"}, {"key": "href", "hash": "0b5a47b7d0a1d07199d0c2a5a47757ee"}, {"key": "modified", "hash": "2b59f26550fa05812e711980bc87727a"}, {"key": "published", "hash": "2b59f26550fa05812e711980bc87727a"}, {"key": "references", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "reporter", "hash": "a49ebb2e1a771348dfa0039e0d589df6"}, {"key": "title", "hash": "6894a2e43dfec1a3d390d3ab01f6d06f"}, {"key": "type", "hash": "d54751dd75af2ea0147b462b3e001cd0"}], "hash": "8277d977476eca44f18c48714bd09e8ef5f118c84266d2ccf24871814a49c103", "viewCount": 0, "enchantments": {"score": {"value": 7.1, "vector": "NONE", "modified": "2018-08-31T11:10:12", "rev": 2}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2005-0390"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2005-0390"]}, {"type": "openvas", "idList": ["OPENVAS:53751", "OPENVAS:54911", "OPENVAS:52131"]}, {"type": "osvdb", "idList": ["OSVDB:15310"]}, {"type": "debian", "idList": ["DEBIAN:DSA-706-1:42554"]}, {"type": "freebsd", "idList": ["0163B498-AF54-11D9-ACD0-000854D03344"]}, {"type": "gentoo", "idList": ["GLSA-200504-09"]}, {"type": "nessus", "idList": ["DEBIAN_DSA-706.NASL", "GENTOO_GLSA-200504-09.NASL", "2803.PRM", "FREEBSD_PKG_0163B498AF5411D9ACD0000854D03344.NASL"]}], "modified": "2018-08-31T11:10:12", "rev": 2}}, "objectVersion": "1.5", "affectedSoftware": [], "immutableFields": [], "cvss2": {}, "cvss3": {}}], "debian": [{"id": "DEBIAN:DSA-706-1:42554", "bulletinFamily": "unix", "title": "[SECURITY] [DSA 706-1] New axel packages fix arbitrary code execution", "description": "- --------------------------------------------------------------------------\nDebian Security Advisory DSA 706-1 security@debian.org\nhttp://www.debian.org/security/ Martin Schulze\nApril 13th, 2005 http://www.debian.org/security/faq\n- --------------------------------------------------------------------------\n\nPackage : axel\nVulnerability : buffer overflow\nProblem-Type : remote\nDebian-specific: no\nCVE ID : CAN-2005-0390\nBugTraq ID : 13059\n\nUlf H\u00e4rnhammar from the Debian Security Audit Project discovered a\nbuffer overflow in axel, a light download accellerator. When reading\nremote input the program did not check if a part of the input can\noverflow a buffer and maybe trigger the execution of arbitrary code.\n\nFor the stable distribution (woody) this problem has been fixed in\nversion 1.0a-1woody1.\n\nFor the unstable distribution (sid) this problem has been fixed in\nversion 1.0b-1.\n\nWe recommend that you upgrade your axel package.\n\n\nUpgrade Instructions\n- --------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file.\n\nIf you are using the apt-get package manager, use the line for\nsources.list as given below:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration.\n\n\nDebian GNU/Linux 3.0 alias woody\n- --------------------------------\n\n Source archives:\n\n http://security.debian.org/pool/updates/main/a/axel/axel_1.0a-1woody1.dsc\n Size/MD5 checksum: 562 9e458f6d5f1f008ea845dca78e92683c\n http://security.debian.org/pool/updates/main/a/axel/axel_1.0a-1woody1.diff.gz\n Size/MD5 checksum: 3390 055745f2cf06c3c91aea35186dd83d19\n http://security.debian.org/pool/updates/main/a/axel/axel_1.0a.orig.tar.gz\n Size/MD5 checksum: 44140 2d94c0b36b374834567f1fcec5f89119\n\n Architecture independent components:\n\n http://security.debian.org/pool/updates/main/a/axel/axel-kapt_1.0a-1woody1_all.deb\n Size/MD5 checksum: 3838 954e797b55eb105bbe3ef57972b10071\n\n Alpha architecture:\n\n http://security.debian.org/pool/updates/main/a/axel/axel_1.0a-1woody1_alpha.deb\n Size/MD5 checksum: 41894 460f6ab4e5884cb055cfb37d84029e32\n\n ARM architecture:\n\n http://security.debian.org/pool/updates/main/a/axel/axel_1.0a-1woody1_arm.deb\n Size/MD5 checksum: 33796 e846b964a389aad2e60efca3c0a994e4\n\n Intel IA-32 architecture:\n\n http://security.debian.org/pool/updates/main/a/axel/axel_1.0a-1woody1_i386.deb\n Size/MD5 checksum: 33304 0f7124e13654896568ed1d04b19c221f\n\n Intel IA-64 architecture:\n\n http://security.debian.org/pool/updates/main/a/axel/axel_1.0a-1woody1_ia64.deb\n Size/MD5 checksum: 49084 d50de2a63ec516ca7d420e55c4f66927\n\n HP Precision architecture:\n\n http://security.debian.org/pool/updates/main/a/axel/axel_1.0a-1woody1_hppa.deb\n Size/MD5 checksum: 38552 01fbdbc4a778d6bc1964430567b96dc5\n\n Motorola 680x0 architecture:\n\n http://security.debian.org/pool/updates/main/a/axel/axel_1.0a-1woody1_m68k.deb\n Size/MD5 checksum: 31870 e07bc8f8895a4a03de20dfa3ecb427fe\n\n Big endian MIPS architecture:\n\n http://security.debian.org/pool/updates/main/a/axel/axel_1.0a-1woody1_mips.deb\n Size/MD5 checksum: 37086 0a7a17857b0b2f5d46cae69394bc44aa\n\n Little endian MIPS architecture:\n\n http://security.debian.org/pool/updates/main/a/axel/axel_1.0a-1woody1_mipsel.deb\n Size/MD5 checksum: 37208 e7370f632d2d84e18a59d923b4c48aec\n\n PowerPC architecture:\n\n http://security.debian.org/pool/updates/main/a/axel/axel_1.0a-1woody1_powerpc.deb\n Size/MD5 checksum: 36678 24f2fe3698ce4d4c64b0f266233874a9\n\n IBM S/390 architecture:\n\n http://security.debian.org/pool/updates/main/a/axel/axel_1.0a-1woody1_s390.deb\n Size/MD5 checksum: 34320 2aa3fc2c0e09ba46de4f3fb954580380\n\n Sun Sparc architecture:\n\n http://security.debian.org/pool/updates/main/a/axel/axel_1.0a-1woody1_sparc.deb\n Size/MD5 checksum: 37266 b5193597168fe3430754d480b29f02be\n\n\n These files will probably be moved into the stable distribution on\n its next update.\n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>\n\n", "published": "2005-04-13T00:00:00", "modified": "2005-04-13T00:00:00", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2005/msg00086.html", "reporter": "Debian", "references": [], "cvelist": ["CVE-2005-0390"], "type": "debian", "lastseen": "2020-11-11T13:13:21", "history": [{"bulletin": {"affectedPackage": [{"OS": "Debian", "OSVersion": "3", "arch": "all", "operator": "lt", "packageFilename": "axel-kapt_1.0a-1woody1_all.deb", "packageName": "axel-kapt", "packageVersion": "1.0a-1woody1"}, {"OS": "Debian", "OSVersion": "3", "arch": "all", "operator": "lt", "packageFilename": "axel_1.0a-1woody1_all.deb", "packageName": "axel", "packageVersion": "1.0a-1woody1"}], "bulletinFamily": "unix", "cvelist": ["CVE-2005-0390"], "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "description": "- --------------------------------------------------------------------------\nDebian Security Advisory DSA 706-1 security@debian.org\nhttp://www.debian.org/security/ Martin Schulze\nApril 13th, 2005 http://www.debian.org/security/faq\n- --------------------------------------------------------------------------\n\nPackage : axel\nVulnerability : buffer overflow\nProblem-Type : remote\nDebian-specific: no\nCVE ID : CAN-2005-0390\nBugTraq ID : 13059\n\nUlf H\u00e4rnhammar from the Debian Security Audit Project discovered a\nbuffer overflow in axel, a light download accellerator. When reading\nremote input the program did not check if a part of the input can\noverflow a buffer and maybe trigger the execution of arbitrary code.\n\nFor the stable distribution (woody) this problem has been fixed in\nversion 1.0a-1woody1.\n\nFor the unstable distribution (sid) this problem has been fixed in\nversion 1.0b-1.\n\nWe recommend that you upgrade your axel package.\n\n\nUpgrade Instructions\n- --------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file.\n\nIf you are using the apt-get package manager, use the line for\nsources.list as given below:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration.\n\n\nDebian GNU/Linux 3.0 alias woody\n- --------------------------------\n\n Source archives:\n\n http://security.debian.org/pool/updates/main/a/axel/axel_1.0a-1woody1.dsc\n Size/MD5 checksum: 562 9e458f6d5f1f008ea845dca78e92683c\n http://security.debian.org/pool/updates/main/a/axel/axel_1.0a-1woody1.diff.gz\n Size/MD5 checksum: 3390 055745f2cf06c3c91aea35186dd83d19\n http://security.debian.org/pool/updates/main/a/axel/axel_1.0a.orig.tar.gz\n Size/MD5 checksum: 44140 2d94c0b36b374834567f1fcec5f89119\n\n Architecture independent components:\n\n http://security.debian.org/pool/updates/main/a/axel/axel-kapt_1.0a-1woody1_all.deb\n Size/MD5 checksum: 3838 954e797b55eb105bbe3ef57972b10071\n\n Alpha architecture:\n\n http://security.debian.org/pool/updates/main/a/axel/axel_1.0a-1woody1_alpha.deb\n Size/MD5 checksum: 41894 460f6ab4e5884cb055cfb37d84029e32\n\n ARM architecture:\n\n http://security.debian.org/pool/updates/main/a/axel/axel_1.0a-1woody1_arm.deb\n Size/MD5 checksum: 33796 e846b964a389aad2e60efca3c0a994e4\n\n Intel IA-32 architecture:\n\n http://security.debian.org/pool/updates/main/a/axel/axel_1.0a-1woody1_i386.deb\n Size/MD5 checksum: 33304 0f7124e13654896568ed1d04b19c221f\n\n Intel IA-64 architecture:\n\n http://security.debian.org/pool/updates/main/a/axel/axel_1.0a-1woody1_ia64.deb\n Size/MD5 checksum: 49084 d50de2a63ec516ca7d420e55c4f66927\n\n HP Precision architecture:\n\n http://security.debian.org/pool/updates/main/a/axel/axel_1.0a-1woody1_hppa.deb\n Size/MD5 checksum: 38552 01fbdbc4a778d6bc1964430567b96dc5\n\n Motorola 680x0 architecture:\n\n http://security.debian.org/pool/updates/main/a/axel/axel_1.0a-1woody1_m68k.deb\n Size/MD5 checksum: 31870 e07bc8f8895a4a03de20dfa3ecb427fe\n\n Big endian MIPS architecture:\n\n http://security.debian.org/pool/updates/main/a/axel/axel_1.0a-1woody1_mips.deb\n Size/MD5 checksum: 37086 0a7a17857b0b2f5d46cae69394bc44aa\n\n Little endian MIPS architecture:\n\n http://security.debian.org/pool/updates/main/a/axel/axel_1.0a-1woody1_mipsel.deb\n Size/MD5 checksum: 37208 e7370f632d2d84e18a59d923b4c48aec\n\n PowerPC architecture:\n\n http://security.debian.org/pool/updates/main/a/axel/axel_1.0a-1woody1_powerpc.deb\n Size/MD5 checksum: 36678 24f2fe3698ce4d4c64b0f266233874a9\n\n IBM S/390 architecture:\n\n http://security.debian.org/pool/updates/main/a/axel/axel_1.0a-1woody1_s390.deb\n Size/MD5 checksum: 34320 2aa3fc2c0e09ba46de4f3fb954580380\n\n Sun Sparc architecture:\n\n http://security.debian.org/pool/updates/main/a/axel/axel_1.0a-1woody1_sparc.deb\n Size/MD5 checksum: 37266 b5193597168fe3430754d480b29f02be\n\n\n These files will probably be moved into the stable distribution on\n its next update.\n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>\n\n", "edition": 1, "enchantments": {"dependencies": {"modified": "2018-10-16T22:13:53", "references": [{"idList": ["CVE-2005-0390"], "type": "cve"}, {"idList": ["OSVDB:15310"], "type": "osvdb"}, {"idList": ["SECURITYVULNS:DOC:8327"], "type": "securityvulns"}, {"idList": ["GLSA-200504-09"], "type": "gentoo"}, {"idList": ["GENTOO_GLSA-200504-09.NASL", "FREEBSD_PKG_0163B498AF5411D9ACD0000854D03344.NASL", "DEBIAN_DSA-706.NASL"], "type": "nessus"}, {"idList": ["OPENVAS:54911", "OPENVAS:52131", "OPENVAS:53751"], "type": "openvas"}, {"idList": ["0163B498-AF54-11D9-ACD0-000854D03344"], "type": "freebsd"}]}, "score": {"modified": "2018-10-16T22:13:53", "value": 7.5, "vector": "NONE"}}, "hash": "d2e612ad09cea649c8d08638fbf035289b6faaf4fc39827654d633d29edd5d0e", "hashmap": [{"hash": "2927cd612da11f56b8276fbe06e6a9c6", "key": "title"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "references"}, {"hash": "e5d275b3ebd62646b78320753699e02e", "key": "cvss"}, {"hash": "6fe8b98c53e8d099686936732785d471", "key": "reporter"}, {"hash": "f19bcc80bb11220990ac1e40460d650b", "key": "href"}, {"hash": "2b59f26550fa05812e711980bc87727a", "key": "published"}, {"hash": "dc97a27d3a44822e236c3da55da7ac2c", "key": "description"}, {"hash": "d06457ef64223dbbf1ac13c52404f4e7", "key": "affectedPackage"}, {"hash": "2b59f26550fa05812e711980bc87727a", "key": "modified"}, {"hash": "6e9552c9bd8e61c8f277c21220160234", "key": "type"}, {"hash": "4913a9178621eadcdf191db17915fbcb", "key": "bulletinFamily"}, {"hash": "6005203de11e5063507a7394ffef0e8a", "key": "cvelist"}], "history": [], "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2005/msg00086.html", "id": "DEBIAN:DSA-706-1:42554", "lastseen": "2018-10-16T22:13:53", "modified": "2005-04-13T00:00:00", "objectVersion": "1.3", "published": "2005-04-13T00:00:00", "references": [], "reporter": "Debian", "title": "[SECURITY] [DSA 706-1] New axel packages fix arbitrary code execution", "type": "debian", "viewCount": 0}, "differentElements": ["cvss"], "edition": 1, "lastseen": "2018-10-16T22:13:53"}, {"bulletin": {"bulletinFamily": "unix", "cvelist": ["CVE-2005-0390"], "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {}, "cvss3": {}, "description": "- --------------------------------------------------------------------------\nDebian Security Advisory DSA 706-1 security@debian.org\nhttp://www.debian.org/security/ Martin Schulze\nApril 13th, 2005 http://www.debian.org/security/faq\n- --------------------------------------------------------------------------\n\nPackage : axel\nVulnerability : buffer overflow\nProblem-Type : remote\nDebian-specific: no\nCVE ID : CAN-2005-0390\nBugTraq ID : 13059\n\nUlf H\u00e4rnhammar from the Debian Security Audit Project discovered a\nbuffer overflow in axel, a light download accellerator. When reading\nremote input the program did not check if a part of the input can\noverflow a buffer and maybe trigger the execution of arbitrary code.\n\nFor the stable distribution (woody) this problem has been fixed in\nversion 1.0a-1woody1.\n\nFor the unstable distribution (sid) this problem has been fixed in\nversion 1.0b-1.\n\nWe recommend that you upgrade your axel package.\n\n\nUpgrade Instructions\n- --------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file.\n\nIf you are using the apt-get package manager, use the line for\nsources.list as given below:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration.\n\n\nDebian GNU/Linux 3.0 alias woody\n- --------------------------------\n\n Source archives:\n\n http://security.debian.org/pool/updates/main/a/axel/axel_1.0a-1woody1.dsc\n Size/MD5 checksum: 562 9e458f6d5f1f008ea845dca78e92683c\n http://security.debian.org/pool/updates/main/a/axel/axel_1.0a-1woody1.diff.gz\n Size/MD5 checksum: 3390 055745f2cf06c3c91aea35186dd83d19\n http://security.debian.org/pool/updates/main/a/axel/axel_1.0a.orig.tar.gz\n Size/MD5 checksum: 44140 2d94c0b36b374834567f1fcec5f89119\n\n Architecture independent components:\n\n http://security.debian.org/pool/updates/main/a/axel/axel-kapt_1.0a-1woody1_all.deb\n Size/MD5 checksum: 3838 954e797b55eb105bbe3ef57972b10071\n\n Alpha architecture:\n\n http://security.debian.org/pool/updates/main/a/axel/axel_1.0a-1woody1_alpha.deb\n Size/MD5 checksum: 41894 460f6ab4e5884cb055cfb37d84029e32\n\n ARM architecture:\n\n http://security.debian.org/pool/updates/main/a/axel/axel_1.0a-1woody1_arm.deb\n Size/MD5 checksum: 33796 e846b964a389aad2e60efca3c0a994e4\n\n Intel IA-32 architecture:\n\n http://security.debian.org/pool/updates/main/a/axel/axel_1.0a-1woody1_i386.deb\n Size/MD5 checksum: 33304 0f7124e13654896568ed1d04b19c221f\n\n Intel IA-64 architecture:\n\n http://security.debian.org/pool/updates/main/a/axel/axel_1.0a-1woody1_ia64.deb\n Size/MD5 checksum: 49084 d50de2a63ec516ca7d420e55c4f66927\n\n HP Precision architecture:\n\n http://security.debian.org/pool/updates/main/a/axel/axel_1.0a-1woody1_hppa.deb\n Size/MD5 checksum: 38552 01fbdbc4a778d6bc1964430567b96dc5\n\n Motorola 680x0 architecture:\n\n http://security.debian.org/pool/updates/main/a/axel/axel_1.0a-1woody1_m68k.deb\n Size/MD5 checksum: 31870 e07bc8f8895a4a03de20dfa3ecb427fe\n\n Big endian MIPS architecture:\n\n http://security.debian.org/pool/updates/main/a/axel/axel_1.0a-1woody1_mips.deb\n Size/MD5 checksum: 37086 0a7a17857b0b2f5d46cae69394bc44aa\n\n Little endian MIPS architecture:\n\n http://security.debian.org/pool/updates/main/a/axel/axel_1.0a-1woody1_mipsel.deb\n Size/MD5 checksum: 37208 e7370f632d2d84e18a59d923b4c48aec\n\n PowerPC architecture:\n\n http://security.debian.org/pool/updates/main/a/axel/axel_1.0a-1woody1_powerpc.deb\n Size/MD5 checksum: 36678 24f2fe3698ce4d4c64b0f266233874a9\n\n IBM S/390 architecture:\n\n http://security.debian.org/pool/updates/main/a/axel/axel_1.0a-1woody1_s390.deb\n Size/MD5 checksum: 34320 2aa3fc2c0e09ba46de4f3fb954580380\n\n Sun Sparc architecture:\n\n http://security.debian.org/pool/updates/main/a/axel/axel_1.0a-1woody1_sparc.deb\n Size/MD5 checksum: 37266 b5193597168fe3430754d480b29f02be\n\n\n These files will probably be moved into the stable distribution on\n its next update.\n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>\n\n", "edition": 3, "enchantments": {"dependencies": {"modified": "2020-11-11T13:13:21", "references": [{"idList": ["CVE-2005-0390"], "type": "cve"}, {"idList": ["OSVDB:15310"], "type": "osvdb"}, {"idList": ["SECURITYVULNS:DOC:8327"], "type": "securityvulns"}, {"idList": ["UB:CVE-2005-0390"], "type": "ubuntucve"}, {"idList": ["GLSA-200504-09"], "type": "gentoo"}, {"idList": ["GENTOO_GLSA-200504-09.NASL", "FREEBSD_PKG_0163B498AF5411D9ACD0000854D03344.NASL", "DEBIAN_DSA-706.NASL"], "type": "nessus"}, {"idList": ["OPENVAS:54911", "OPENVAS:52131", "OPENVAS:53751"], "type": "openvas"}, {"idList": ["0163B498-AF54-11D9-ACD0-000854D03344"], "type": "freebsd"}], "rev": 2}, "score": {"modified": "2020-11-11T13:13:21", "rev": 2, "value": 7.8, "vector": "NONE"}}, "hash": "639905290fa26408874fc4f71612981bf1d23ddfef944bd02b1f66265902993c", "hashmap": [{"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "immutableFields"}, {"hash": "2927cd612da11f56b8276fbe06e6a9c6", "key": "title"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "references"}, {"hash": "6fe8b98c53e8d099686936732785d471", "key": "reporter"}, {"hash": "f19bcc80bb11220990ac1e40460d650b", "key": "href"}, {"hash": "2b59f26550fa05812e711980bc87727a", "key": "published"}, {"hash": "dc97a27d3a44822e236c3da55da7ac2c", "key": "description"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvss3"}, {"hash": "2b59f26550fa05812e711980bc87727a", "key": "modified"}, {"hash": "6e9552c9bd8e61c8f277c21220160234", "key": "type"}, {"hash": "4913a9178621eadcdf191db17915fbcb", "key": "bulletinFamily"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvss2"}, {"hash": "6005203de11e5063507a7394ffef0e8a", "key": "cvelist"}, {"hash": "0b053db5674b87efff89989a8a720df3", "key": "cvss"}], "history": [], "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2005/msg00086.html", "id": "DEBIAN:DSA-706-1:42554", "immutableFields": [], "lastseen": "2020-11-11T13:13:21", "modified": "2005-04-13T00:00:00", "objectVersion": "1.5", "published": "2005-04-13T00:00:00", "references": [], "reporter": "Debian", "title": "[SECURITY] [DSA 706-1] New axel packages fix arbitrary code execution", "type": "debian", "viewCount": 0}, "different_elements": ["cvss2"], "edition": 3, "lastseen": "2020-11-11T13:13:21"}, {"bulletin": {"affectedPackage": [{"OS": "Debian", "OSVersion": "3", "arch": "all", "operator": "lt", "packageFilename": "axel-kapt_1.0a-1woody1_all.deb", "packageName": "axel-kapt", "packageVersion": "1.0a-1woody1"}, {"OS": "Debian", "OSVersion": "3", "arch": "all", "operator": "lt", "packageFilename": "axel_1.0a-1woody1_all.deb", "packageName": "axel", "packageVersion": "1.0a-1woody1"}], "bulletinFamily": "unix", "cvelist": ["CVE-2005-0390"], "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "description": "- --------------------------------------------------------------------------\nDebian Security Advisory DSA 706-1 security@debian.org\nhttp://www.debian.org/security/ Martin Schulze\nApril 13th, 2005 http://www.debian.org/security/faq\n- --------------------------------------------------------------------------\n\nPackage : axel\nVulnerability : buffer overflow\nProblem-Type : remote\nDebian-specific: no\nCVE ID : CAN-2005-0390\nBugTraq ID : 13059\n\nUlf H\u00e4rnhammar from the Debian Security Audit Project discovered a\nbuffer overflow in axel, a light download accellerator. When reading\nremote input the program did not check if a part of the input can\noverflow a buffer and maybe trigger the execution of arbitrary code.\n\nFor the stable distribution (woody) this problem has been fixed in\nversion 1.0a-1woody1.\n\nFor the unstable distribution (sid) this problem has been fixed in\nversion 1.0b-1.\n\nWe recommend that you upgrade your axel package.\n\n\nUpgrade Instructions\n- --------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file.\n\nIf you are using the apt-get package manager, use the line for\nsources.list as given below:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration.\n\n\nDebian GNU/Linux 3.0 alias woody\n- --------------------------------\n\n Source archives:\n\n http://security.debian.org/pool/updates/main/a/axel/axel_1.0a-1woody1.dsc\n Size/MD5 checksum: 562 9e458f6d5f1f008ea845dca78e92683c\n http://security.debian.org/pool/updates/main/a/axel/axel_1.0a-1woody1.diff.gz\n Size/MD5 checksum: 3390 055745f2cf06c3c91aea35186dd83d19\n http://security.debian.org/pool/updates/main/a/axel/axel_1.0a.orig.tar.gz\n Size/MD5 checksum: 44140 2d94c0b36b374834567f1fcec5f89119\n\n Architecture independent components:\n\n http://security.debian.org/pool/updates/main/a/axel/axel-kapt_1.0a-1woody1_all.deb\n Size/MD5 checksum: 3838 954e797b55eb105bbe3ef57972b10071\n\n Alpha architecture:\n\n http://security.debian.org/pool/updates/main/a/axel/axel_1.0a-1woody1_alpha.deb\n Size/MD5 checksum: 41894 460f6ab4e5884cb055cfb37d84029e32\n\n ARM architecture:\n\n http://security.debian.org/pool/updates/main/a/axel/axel_1.0a-1woody1_arm.deb\n Size/MD5 checksum: 33796 e846b964a389aad2e60efca3c0a994e4\n\n Intel IA-32 architecture:\n\n http://security.debian.org/pool/updates/main/a/axel/axel_1.0a-1woody1_i386.deb\n Size/MD5 checksum: 33304 0f7124e13654896568ed1d04b19c221f\n\n Intel IA-64 architecture:\n\n http://security.debian.org/pool/updates/main/a/axel/axel_1.0a-1woody1_ia64.deb\n Size/MD5 checksum: 49084 d50de2a63ec516ca7d420e55c4f66927\n\n HP Precision architecture:\n\n http://security.debian.org/pool/updates/main/a/axel/axel_1.0a-1woody1_hppa.deb\n Size/MD5 checksum: 38552 01fbdbc4a778d6bc1964430567b96dc5\n\n Motorola 680x0 architecture:\n\n http://security.debian.org/pool/updates/main/a/axel/axel_1.0a-1woody1_m68k.deb\n Size/MD5 checksum: 31870 e07bc8f8895a4a03de20dfa3ecb427fe\n\n Big endian MIPS architecture:\n\n http://security.debian.org/pool/updates/main/a/axel/axel_1.0a-1woody1_mips.deb\n Size/MD5 checksum: 37086 0a7a17857b0b2f5d46cae69394bc44aa\n\n Little endian MIPS architecture:\n\n http://security.debian.org/pool/updates/main/a/axel/axel_1.0a-1woody1_mipsel.deb\n Size/MD5 checksum: 37208 e7370f632d2d84e18a59d923b4c48aec\n\n PowerPC architecture:\n\n http://security.debian.org/pool/updates/main/a/axel/axel_1.0a-1woody1_powerpc.deb\n Size/MD5 checksum: 36678 24f2fe3698ce4d4c64b0f266233874a9\n\n IBM S/390 architecture:\n\n http://security.debian.org/pool/updates/main/a/axel/axel_1.0a-1woody1_s390.deb\n Size/MD5 checksum: 34320 2aa3fc2c0e09ba46de4f3fb954580380\n\n Sun Sparc architecture:\n\n http://security.debian.org/pool/updates/main/a/axel/axel_1.0a-1woody1_sparc.deb\n Size/MD5 checksum: 37266 b5193597168fe3430754d480b29f02be\n\n\n These files will probably be moved into the stable distribution on\n its next update.\n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>\n\n", "edition": 2, "enchantments": {"dependencies": {"modified": "2019-05-30T02:22:07", "references": [{"idList": ["CVE-2005-0390"], "type": "cve"}, {"idList": ["OSVDB:15310"], "type": "osvdb"}, {"idList": ["SECURITYVULNS:DOC:8327"], "type": "securityvulns"}, {"idList": ["GLSA-200504-09"], "type": "gentoo"}, {"idList": ["GENTOO_GLSA-200504-09.NASL", "FREEBSD_PKG_0163B498AF5411D9ACD0000854D03344.NASL", "DEBIAN_DSA-706.NASL"], "type": "nessus"}, {"idList": ["OPENVAS:54911", "OPENVAS:52131", "OPENVAS:53751"], "type": "openvas"}, {"idList": ["0163B498-AF54-11D9-ACD0-000854D03344"], "type": "freebsd"}], "rev": 2}, "score": {"modified": "2019-05-30T02:22:07", "rev": 2, "value": 7.8, "vector": "NONE"}}, "hash": "251250f0d5cac71a4ab978769703c28e28d1e04fb483cbd9b8e03d8aa98d4e02", "hashmap": [{"hash": "2927cd612da11f56b8276fbe06e6a9c6", "key": "title"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "references"}, {"hash": "6fe8b98c53e8d099686936732785d471", "key": "reporter"}, {"hash": "f19bcc80bb11220990ac1e40460d650b", "key": "href"}, {"hash": "2b59f26550fa05812e711980bc87727a", "key": "published"}, {"hash": "dc97a27d3a44822e236c3da55da7ac2c", "key": "description"}, {"hash": "d06457ef64223dbbf1ac13c52404f4e7", "key": "affectedPackage"}, {"hash": "2b59f26550fa05812e711980bc87727a", "key": "modified"}, {"hash": "6e9552c9bd8e61c8f277c21220160234", "key": "type"}, {"hash": "4913a9178621eadcdf191db17915fbcb", "key": "bulletinFamily"}, {"hash": "6005203de11e5063507a7394ffef0e8a", "key": "cvelist"}, {"hash": "0b053db5674b87efff89989a8a720df3", "key": "cvss"}], "history": [], "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2005/msg00086.html", "id": "DEBIAN:DSA-706-1:42554", "lastseen": "2019-05-30T02:22:07", "modified": "2005-04-13T00:00:00", "objectVersion": "1.3", "published": "2005-04-13T00:00:00", "references": [], "reporter": "Debian", "title": "[SECURITY] [DSA 706-1] New axel packages fix arbitrary code execution", "type": "debian", "viewCount": 0}, "differentElements": ["affectedPackage"], "edition": 2, "lastseen": "2019-05-30T02:22:07"}], "edition": 4, "hashmap": [{"key": "bulletinFamily", "hash": "4913a9178621eadcdf191db17915fbcb"}, {"key": "cvelist", "hash": "6005203de11e5063507a7394ffef0e8a"}, {"key": "cvss", "hash": "0b053db5674b87efff89989a8a720df3"}, {"key": "cvss2", "hash": "a11071654cde664199dac48330e1f990"}, {"key": "cvss3", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "description", "hash": "dc97a27d3a44822e236c3da55da7ac2c"}, {"key": "href", "hash": "f19bcc80bb11220990ac1e40460d650b"}, {"key": "immutableFields", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "modified", "hash": "2b59f26550fa05812e711980bc87727a"}, {"key": "published", "hash": "2b59f26550fa05812e711980bc87727a"}, {"key": "references", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "reporter", "hash": "6fe8b98c53e8d099686936732785d471"}, {"key": "title", "hash": "2927cd612da11f56b8276fbe06e6a9c6"}, {"key": "type", "hash": "6e9552c9bd8e61c8f277c21220160234"}], "hash": "2ef8afb70f8055e227f409f40fdcadf3234c891dac5bc6fcb6e300bcab7a1059", "viewCount": 0, "enchantments": {"dependencies": {"references": [{"type": "ubuntucve", "idList": ["UB:CVE-2005-0390"]}, {"type": "cve", "idList": ["CVE-2005-0390"]}, {"type": "openvas", "idList": ["OPENVAS:53751", "OPENVAS:54911", "OPENVAS:52131"]}, {"type": "osvdb", "idList": ["OSVDB:15310"]}, {"type": "freebsd", "idList": ["0163B498-AF54-11D9-ACD0-000854D03344"]}, {"type": "nessus", "idList": ["DEBIAN_DSA-706.NASL", "GENTOO_GLSA-200504-09.NASL", "2803.PRM", "FREEBSD_PKG_0163B498AF5411D9ACD0000854D03344.NASL"]}, {"type": "gentoo", "idList": ["GLSA-200504-09"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:8327"]}], "modified": "2020-11-11T13:13:21", "rev": 2}, "score": {"value": 7.8, "vector": "NONE", "modified": "2020-11-11T13:13:21", "rev": 2}}, "objectVersion": "1.5", "affectedPackage": [{"OS": "Debian", "OSVersion": "3", "arch": "all", "operator": "lt", "packageFilename": "axel_1.0a-1woody1_all.deb", "packageName": "axel", "packageVersion": "1.0a-1woody1"}], "scheme": null, "immutableFields": [], "cvss2": {"cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": true, "severity": "HIGH", "userInteractionRequired": false}, "cvss3": {}}], "gentoo": [{"published": "2005-04-12T00:00:00", "id": "GLSA-200504-09", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "history": [{"bulletin": {"bulletinFamily": "unix", "cvelist": ["CVE-2005-0390"], "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "cvss2": {}, "cvss3": {}, "description": "### Background\n\nAxel is a console-based FTP/HTTP download accelerator. \n\n### Description\n\nA possible buffer overflow has been reported in the HTTP redirection handling code in conn.c. \n\n### Impact\n\nA remote attacker could exploit this vulnerability by setting up a malicious site and enticing a user to connect to it. This could possibly lead to the execution of arbitrary code with the permissions of the user running Axel. \n\n### Workaround\n\nThere is no known workaround at this time. \n\n### Resolution\n\nAll Axel users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=net-misc/axel-1.0b\"", "edition": 1, "enchantments": {"dependencies": {"modified": "2016-09-06T19:46:14", "references": [{"idList": ["DEBIAN:DSA-706-1:42554"], "type": "debian"}, {"idList": ["CVE-2005-0390"], "type": "cve"}, {"idList": ["OSVDB:15310"], "type": "osvdb"}, {"idList": ["SECURITYVULNS:DOC:8327"], "type": "securityvulns"}, {"idList": ["UB:CVE-2005-0390"], "type": "ubuntucve"}, {"idList": ["GENTOO_GLSA-200504-09.NASL", "FREEBSD_PKG_0163B498AF5411D9ACD0000854D03344.NASL", "DEBIAN_DSA-706.NASL"], "type": "nessus"}, {"idList": ["OPENVAS:54911", "OPENVAS:52131", "OPENVAS:53751"], "type": "openvas"}, {"idList": ["0163B498-AF54-11D9-ACD0-000854D03344"], "type": "freebsd"}], "rev": 2}, "score": {"modified": "2016-09-06T19:46:14", "rev": 2, "value": 7.6, "vector": "NONE"}}, "hash": "93660a8760d9d023b94d9ccbdc08d8228e74e9b1b32a7dbb23832af3b32bd484", "hashmap": [{"hash": "2d41b481943b5e1762dfc8d0f5955adc", "key": "published"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "immutableFields"}, {"hash": "ac1fd6b3deacaf22b54dd1934ae33181", "key": "reporter"}, {"hash": "2329be25f51347498daca761e4132a2e", "key": "title"}, {"hash": "e5d275b3ebd62646b78320753699e02e", "key": "cvss"}, {"hash": "1133b95f804720a24824309199247309", "key": "href"}, {"hash": "365d0fc7d6206ff26e2f2c2a78c91a94", "key": "type"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvss3"}, {"hash": "4913a9178621eadcdf191db17915fbcb", "key": "bulletinFamily"}, {"hash": "139aa890a33bd9ddd62ec4cac67f3405", "key": "description"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvss2"}, {"hash": "6005203de11e5063507a7394ffef0e8a", "key": "cvelist"}, {"hash": "32d74081223a98226a369c447cc42a56", "key": "references"}, {"hash": "2d41b481943b5e1762dfc8d0f5955adc", "key": "modified"}], "history": [], "href": "https://security.gentoo.org/glsa/200504-09", "id": "GLSA-200504-09", "immutableFields": [], "lastseen": "2016-09-06T19:46:14", "modified": "2005-04-12T00:00:00", "objectVersion": "1.5", "published": "2005-04-12T00:00:00", "references": ["https://bugs.gentoo.org/show_bug.cgi?id=88264", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0390"], "reporter": "Gentoo Foundation", "title": "Axel: Vulnerability in HTTP redirection handling", "type": "gentoo", "viewCount": 1}, "different_elements": ["cvss2"], "edition": 1, "lastseen": "2016-09-06T19:46:14"}], "enchantments": {"dependencies": {"references": [{"type": "ubuntucve", "idList": ["UB:CVE-2005-0390"]}, {"type": "cve", "idList": ["CVE-2005-0390"]}, {"type": "debian", "idList": ["DEBIAN:DSA-706-1:42554"]}, {"type": "freebsd", "idList": ["0163B498-AF54-11D9-ACD0-000854D03344"]}, {"type": "openvas", "idList": ["OPENVAS:53751", "OPENVAS:54911", "OPENVAS:52131"]}, {"type": "osvdb", "idList": ["OSVDB:15310"]}, {"type": "nessus", "idList": ["DEBIAN_DSA-706.NASL", "GENTOO_GLSA-200504-09.NASL", "2803.PRM", "FREEBSD_PKG_0163B498AF5411D9ACD0000854D03344.NASL"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:8327"]}], "modified": "2016-09-06T19:46:14", "rev": 2}, "score": {"value": 7.6, "vector": "NONE", "modified": "2016-09-06T19:46:14", "rev": 2}}, "hash": "0d2579349ea92ef9458eaf63c663d8dca29956cd4253a79ebac9fe5032eaaedb", "description": "### Background\n\nAxel is a console-based FTP/HTTP download accelerator. \n\n### Description\n\nA possible buffer overflow has been reported in the HTTP redirection handling code in conn.c. \n\n### Impact\n\nA remote attacker could exploit this vulnerability by setting up a malicious site and enticing a user to connect to it. This could possibly lead to the execution of arbitrary code with the permissions of the user running Axel. \n\n### Workaround\n\nThere is no known workaround at this time. \n\n### Resolution\n\nAll Axel users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=net-misc/axel-1.0b\"", "type": "gentoo", "lastseen": "2016-09-06T19:46:14", "edition": 2, "title": "Axel: Vulnerability in HTTP redirection handling", "href": "https://security.gentoo.org/glsa/200504-09", "modified": "2005-04-12T00:00:00", "bulletinFamily": "unix", "viewCount": 1, "cvelist": ["CVE-2005-0390"], "affectedPackage": [{"packageVersion": "1.0b", "packageName": "net-misc/axel", "packageFilename": "UNKNOWN", "operator": "lt", "OSVersion": "any", "OS": "Gentoo", "arch": "all"}], "references": ["https://bugs.gentoo.org/show_bug.cgi?id=88264", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0390"], "reporter": "Gentoo Foundation", "hashmap": [{"key": "bulletinFamily", "hash": "4913a9178621eadcdf191db17915fbcb"}, {"key": "cvelist", "hash": "6005203de11e5063507a7394ffef0e8a"}, {"key": "cvss", "hash": "e5d275b3ebd62646b78320753699e02e"}, {"key": "cvss2", "hash": "a11071654cde664199dac48330e1f990"}, {"key": "cvss3", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "description", "hash": "139aa890a33bd9ddd62ec4cac67f3405"}, {"key": "href", "hash": "1133b95f804720a24824309199247309"}, {"key": "immutableFields", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "modified", "hash": "2d41b481943b5e1762dfc8d0f5955adc"}, {"key": "published", "hash": "2d41b481943b5e1762dfc8d0f5955adc"}, {"key": "references", "hash": "32d74081223a98226a369c447cc42a56"}, {"key": "reporter", "hash": "ac1fd6b3deacaf22b54dd1934ae33181"}, {"key": "title", "hash": "2329be25f51347498daca761e4132a2e"}, {"key": "type", "hash": "365d0fc7d6206ff26e2f2c2a78c91a94"}], "objectVersion": "1.5", "immutableFields": [], "cvss2": {"cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": true, "severity": "HIGH", "userInteractionRequired": false}, "cvss3": {}, "scheme": null}], "openvas": [{"id": "OPENVAS:54911", "hash": "7c75f0fa63f2453a55cdeca120a964f4", "type": "openvas", "bulletinFamily": "scanner", "title": "Gentoo Security Advisory GLSA 200504-09 (Axel)", "description": "The remote host is missing updates announced in\nadvisory GLSA 200504-09.", "published": "2008-09-24T00:00:00", "modified": "2017-07-07T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=54911", "reporter": "Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com", "references": [], "cvelist": ["CVE-2005-0390"], "lastseen": "2017-07-24T12:50:07", "history": [{"lastseen": "2017-07-02T21:10:19", "differentElements": ["modified", "sourceData"], "edition": 1, "bulletin": {"id": "OPENVAS:54911", "hash": "b1244a4d75e48e4730d9001cedd9084456438f8d97b42e9804aae5f5a83e83c7", "type": "openvas", "bulletinFamily": "scanner", "title": "Gentoo Security Advisory GLSA 200504-09 (Axel)", "description": "The remote host is missing updates announced in\nadvisory GLSA 200504-09.", "published": "2008-09-24T00:00:00", "modified": "2016-10-17T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=54911", "reporter": "Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com", "references": [], "cvelist": ["CVE-2005-0390"], "lastseen": "2017-07-02T21:10:19", "history": [], "viewCount": 0, "enchantments": {}, "objectVersion": "1.4", "pluginID": "54911", "sourceData": "# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from Gentoo's XML based advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"A buffer overflow vulnerability has been found in Axel which could lead to\nthe execution of arbitrary code.\";\ntag_solution = \"All Axel users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=net-misc/axel-1.0b'\n\nhttp://www.securityspace.com/smysecure/catid.html?in=GLSA%20200504-09\nhttp://bugs.gentoo.org/show_bug.cgi?id=88264\";\ntag_summary = \"The remote host is missing updates announced in\nadvisory GLSA 200504-09.\";\n\n \n\nif(description)\n{\n script_id(54911);\n script_version(\"$Revision: 4286 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2016-10-17 09:24:15 +0200 (Mon, 17 Oct 2016) $\");\n script_tag(name:\"creation_date\", value:\"2008-09-24 21:14:03 +0200 (Wed, 24 Sep 2008)\");\n script_bugtraq_id(13059);\n script_cve_id(\"CVE-2005-0390\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Gentoo Security Advisory GLSA 200504-09 (Axel)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Gentoo Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"login/SSH/success\", \"ssh/login/gentoo\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-gentoo.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = ispkgvuln(pkg:\"net-misc/axel\", unaffected: make_list(\"ge 1.0b\"), vulnerable: make_list(\"lt 1.0b\"))) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "naslFamily": "Gentoo Local Security Checks"}}], "viewCount": 0, "enchantments": {"score": {"value": 7.8, "vector": "NONE", "modified": "2017-07-24T12:50:07", "rev": 2}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2005-0390"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2005-0390"]}, {"type": "freebsd", "idList": ["0163B498-AF54-11D9-ACD0-000854D03344"]}, {"type": "osvdb", "idList": ["OSVDB:15310"]}, {"type": "openvas", "idList": ["OPENVAS:53751", "OPENVAS:52131"]}, {"type": "nessus", "idList": ["DEBIAN_DSA-706.NASL", "GENTOO_GLSA-200504-09.NASL", "2803.PRM", "FREEBSD_PKG_0163B498AF5411D9ACD0000854D03344.NASL"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:8327"]}, {"type": "debian", "idList": ["DEBIAN:DSA-706-1:42554"]}, {"type": "gentoo", "idList": ["GLSA-200504-09"]}], "modified": "2017-07-24T12:50:07", "rev": 2}}, "objectVersion": "1.5", "pluginID": "54911", "sourceData": "# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from Gentoo's XML based advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"A buffer overflow vulnerability has been found in Axel which could lead to\nthe execution of arbitrary code.\";\ntag_solution = \"All Axel users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=net-misc/axel-1.0b'\n\nhttp://www.securityspace.com/smysecure/catid.html?in=GLSA%20200504-09\nhttp://bugs.gentoo.org/show_bug.cgi?id=88264\";\ntag_summary = \"The remote host is missing updates announced in\nadvisory GLSA 200504-09.\";\n\n \n\nif(description)\n{\n script_id(54911);\n script_version(\"$Revision: 6596 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 11:21:37 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-09-24 21:14:03 +0200 (Wed, 24 Sep 2008)\");\n script_bugtraq_id(13059);\n script_cve_id(\"CVE-2005-0390\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Gentoo Security Advisory GLSA 200504-09 (Axel)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Gentoo Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-gentoo.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = ispkgvuln(pkg:\"net-misc/axel\", unaffected: make_list(\"ge 1.0b\"), vulnerable: make_list(\"lt 1.0b\"))) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "naslFamily": "Gentoo Local Security Checks", "_object_type": "robots.models.openvas.OpenVASBulletin", "_object_types": ["robots.models.base.Bulletin", "robots.models.openvas.OpenVASBulletin"], "immutableFields": [], "cvss2": {}, "cvss3": {}}, {"id": "OPENVAS:52131", "hash": "a2c248c4f2298cc12b7342655d83bdda", "type": "openvas", "bulletinFamily": "scanner", "title": "FreeBSD Ports: axel", "description": "The remote host is missing an update to the system\nas announced in the referenced advisory.", "published": "2008-09-04T00:00:00", "modified": "2016-09-15T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=52131", "reporter": "Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com", "references": [], "cvelist": ["CVE-2005-0390"], "lastseen": "2017-07-02T21:10:24", "history": [], "viewCount": 0, "enchantments": {"score": {"value": 7.0, "vector": "NONE", "modified": "2017-07-02T21:10:24", "rev": 2}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2005-0390"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2005-0390"]}, {"type": "nessus", "idList": ["DEBIAN_DSA-706.NASL", "GENTOO_GLSA-200504-09.NASL", "2803.PRM", "FREEBSD_PKG_0163B498AF5411D9ACD0000854D03344.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:53751", "OPENVAS:54911"]}, {"type": "gentoo", "idList": ["GLSA-200504-09"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:8327"]}, {"type": "debian", "idList": ["DEBIAN:DSA-706-1:42554"]}, {"type": "osvdb", "idList": ["OSVDB:15310"]}, {"type": "freebsd", "idList": ["0163B498-AF54-11D9-ACD0-000854D03344"]}], "modified": "2017-07-02T21:10:24", "rev": 2}}, "objectVersion": "1.5", "pluginID": "52131", "sourceData": "#\n#VID 0163b498-af54-11d9-acd0-000854d03344\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from vuxml or freebsd advisories\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The following package is affected: axel\n\nCVE-2005-0390\nBuffer overflow in the HTTP redirection capability in conn.c for Axel\nbefore 1.0b may allow remote attackers to execute arbitrary code.\";\ntag_solution = \"Update your system with the appropriate patches or\nsoftware upgrades.\n\nhttp://www.debian.org/security/2005/dsa-706\nhttp://www.vuxml.org/freebsd/0163b498-af54-11d9-acd0-000854d03344.html\";\ntag_summary = \"The remote host is missing an update to the system\nas announced in the referenced advisory.\";\n\n\nif(description)\n{\n script_id(52131);\n script_version(\"$Revision: 4075 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2016-09-15 15:13:05 +0200 (Thu, 15 Sep 2016) $\");\n script_tag(name:\"creation_date\", value:\"2008-09-04 20:41:11 +0200 (Thu, 04 Sep 2008)\");\n script_cve_id(\"CVE-2005-0390\");\n script_bugtraq_id(13059);\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"FreeBSD Ports: axel\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"FreeBSD Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/freebsdrel\", \"login/SSH/success\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-bsd.inc\");\n\ntxt = \"\";\nvuln = 0;\nbver = portver(pkg:\"axel\");\nif(!isnull(bver) && revcomp(a:bver, b:\"1.0a_4\")<0) {\n txt += 'Package axel version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\n\nif(vuln) {\n security_message(data:string(txt));\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "naslFamily": "FreeBSD Local Security Checks", "_object_type": "robots.models.openvas.OpenVASBulletin", "_object_types": ["robots.models.base.Bulletin", "robots.models.openvas.OpenVASBulletin"], "immutableFields": [], "cvss2": {}, "cvss3": {}}, {"id": "OPENVAS:53751", "hash": "21f9dced5c5e1e3b1e9557d3ede36fac", "type": "openvas", "bulletinFamily": "scanner", "title": "Debian Security Advisory DSA 706-1 (axel)", "description": "The remote host is missing an update to axel\nannounced via advisory DSA 706-1.", "published": "2008-01-17T00:00:00", "modified": "2017-07-07T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=53751", "reporter": "Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com", "references": [], "cvelist": ["CVE-2005-0390"], "lastseen": "2017-07-24T12:50:09", "history": [{"lastseen": "2017-07-02T21:10:20", "differentElements": ["modified", "sourceData"], "edition": 1, "bulletin": {"id": "OPENVAS:53751", "hash": "fe901bb0211865ae54d2d756c8fc8af5556dac2b4a2c3a63804565fd23f07763", "type": "openvas", "bulletinFamily": "scanner", "title": "Debian Security Advisory DSA 706-1 (axel)", "description": "The remote host is missing an update to axel\nannounced via advisory DSA 706-1.", "published": "2008-01-17T00:00:00", "modified": "2016-09-09T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=53751", "reporter": "Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com", "references": [], "cvelist": ["CVE-2005-0390"], "lastseen": "2017-07-02T21:10:20", "history": [], "viewCount": 0, "enchantments": {}, "objectVersion": "1.4", "pluginID": "53751", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_706_1.nasl 4015 2016-09-09 05:53:53Z teissa $\n# Description: Auto-generated from advisory DSA 706-1\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largerly excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Ulf H\u00e4rnhammar from the Debian Security Audit Project discovered a\nbuffer overflow in axel, a light download accellerator. When reading\nremote input the program did not check if a part of the input can\noverflow a buffer and maybe trigger the execution of arbitrary code.\n\nFor the stable distribution (woody) this problem has been fixed in\nversion 1.0a-1woody1.\n\nFor the unstable distribution (sid) this problem has been fixed in\nversion 1.0b-1.\n\nWe recommend that you upgrade your axel package.\";\ntag_summary = \"The remote host is missing an update to axel\nannounced via advisory DSA 706-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%20706-1\";\n\nif(description)\n{\n script_id(53751);\n script_version(\"$Revision: 4015 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2016-09-09 07:53:53 +0200 (Fri, 09 Sep 2016) $\");\n script_tag(name:\"creation_date\", value:\"2008-01-17 23:00:53 +0100 (Thu, 17 Jan 2008)\");\n script_cve_id(\"CVE-2005-0390\");\n script_bugtraq_id(13059);\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Debian Security Advisory DSA 706-1 (axel)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"HostDetails/OS/cpe:/o:debian:debian_linux\", \"login/SSH/success\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"axel-kapt\", ver:\"1.0a-1woody1\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"axel\", ver:\"1.0a-1woody1\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "naslFamily": "Debian Local Security Checks"}}], "viewCount": 0, "enchantments": {"score": {"value": 7.9, "vector": "NONE", "modified": "2017-07-24T12:50:09", "rev": 2}, "dependencies": {"references": [{"type": "ubuntucve", "idList": ["UB:CVE-2005-0390"]}, {"type": "cve", "idList": ["CVE-2005-0390"]}, {"type": "openvas", "idList": ["OPENVAS:54911", "OPENVAS:52131"]}, {"type": "osvdb", "idList": ["OSVDB:15310"]}, {"type": "debian", "idList": ["DEBIAN:DSA-706-1:42554"]}, {"type": "freebsd", "idList": ["0163B498-AF54-11D9-ACD0-000854D03344"]}, {"type": "nessus", "idList": ["DEBIAN_DSA-706.NASL", "GENTOO_GLSA-200504-09.NASL", "2803.PRM", "FREEBSD_PKG_0163B498AF5411D9ACD0000854D03344.NASL"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:8327"]}, {"type": "gentoo", "idList": ["GLSA-200504-09"]}], "modified": "2017-07-24T12:50:09", "rev": 2}}, "objectVersion": "1.5", "pluginID": "53751", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_706_1.nasl 6616 2017-07-07 12:10:49Z cfischer $\n# Description: Auto-generated from advisory DSA 706-1\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largerly excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Ulf H\u00e4rnhammar from the Debian Security Audit Project discovered a\nbuffer overflow in axel, a light download accellerator. When reading\nremote input the program did not check if a part of the input can\noverflow a buffer and maybe trigger the execution of arbitrary code.\n\nFor the stable distribution (woody) this problem has been fixed in\nversion 1.0a-1woody1.\n\nFor the unstable distribution (sid) this problem has been fixed in\nversion 1.0b-1.\n\nWe recommend that you upgrade your axel package.\";\ntag_summary = \"The remote host is missing an update to axel\nannounced via advisory DSA 706-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%20706-1\";\n\nif(description)\n{\n script_id(53751);\n script_version(\"$Revision: 6616 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:10:49 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-01-17 23:00:53 +0100 (Thu, 17 Jan 2008)\");\n script_cve_id(\"CVE-2005-0390\");\n script_bugtraq_id(13059);\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Debian Security Advisory DSA 706-1 (axel)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"axel-kapt\", ver:\"1.0a-1woody1\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"axel\", ver:\"1.0a-1woody1\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "naslFamily": "Debian Local Security Checks", "_object_type": "robots.models.openvas.OpenVASBulletin", "_object_types": ["robots.models.base.Bulletin", "robots.models.openvas.OpenVASBulletin"], "immutableFields": [], "cvss2": {}, "cvss3": {}}], "nessus": [{"id": "2803.PRM", "hash": "493f1168857d146e62c6f43d28ae48a3", "type": "nessus", "bulletinFamily": "scanner", "title": "Axel < 1.0b conn.c HTTP Redirection Remote Overflow", "description": "The remote host is running Axel, a download accelerator for FTP and HTTP protocols. This version of Axel is vulnerable to a remote buffer overflow due to the way that it parses server '302' messages. An attacker exploiting this flaw would need to be able to entice an Axel user to browse to their malicious website. Successful exploitation would result in the attacker running arbitrary commands on the system.", "published": "2005-04-07T00:00:00", "modified": "2019-03-06T00:00:00", "cvss": {"score": 7.6, "vector": "CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C"}, "cvss2": {}, "cvss3": {"score": 8.1, "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "href": "https://www.tenable.com/plugins/nnm/2803", "reporter": "Tenable", "references": ["http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0390"], "cvelist": ["CVE-2005-0390"], "immutableFields": [], "lastseen": "2021-08-19T13:17:25", "history": [{"bulletin": {"id": "2803.PRM", "hash": "16931180c35f7dbdd91f59a88fe9a74a", "type": "nessus", "bulletinFamily": "scanner", "title": "Axel < 1.0b conn.c HTTP Redirection Remote Overflow", "description": "The remote host is running Axel, a download accelerator for FTP and HTTP protocols. This version of Axel is vulnerable to a remote buffer overflow due to the way that it parses server '302' messages. An attacker exploiting this flaw would need to be able to entice an Axel user to browse to their malicious website. Successful exploitation would result in the attacker running arbitrary commands on the system.", "published": "2005-04-07T00:00:00", "modified": "2019-03-06T00:00:00", "cvss": {"score": 7.6, "vector": "CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C"}, "cvss2": {}, "cvss3": {"score": 8.1, "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "href": "https://www.tenable.com/plugins/nnm/2803", "reporter": "Tenable", "references": ["http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0390"], "cvelist": ["CVE-2005-0390"], "immutableFields": [], "lastseen": "2021-08-12T13:25:49", "history": [], "viewCount": 0, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2005-0390"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2005-0390"]}, {"type": "debian", "idList": ["DEBIAN:DSA-706-1:42554"]}, {"type": "gentoo", "idList": ["GLSA-200504-09"]}, {"type": "freebsd", "idList": ["0163B498-AF54-11D9-ACD0-000854D03344"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:8327"]}, {"type": "openvas", "idList": ["OPENVAS:53751", "OPENVAS:54911", "OPENVAS:52131"]}, {"type": "osvdb", "idList": ["OSVDB:15310"]}, {"type": "nessus", "idList": ["DEBIAN_DSA-706.NASL", "GENTOO_GLSA-200504-09.NASL", "FREEBSD_PKG_0163B498AF5411D9ACD0000854D03344.NASL"]}], "modified": "2021-08-12T13:25:49", "rev": 2}, "score": {"value": 8.1, "vector": "NONE", "modified": "2021-08-12T13:25:49", "rev": 2}}, "objectVersion": "1.6", "pluginID": "2803", "sourceData": "Binary data 2803.prm", "naslFamily": "Web Clients", "cpe": ["cpe:2.3:a:axel:axel:*:*:*:*:*:*:*:*"], "solution": "Upgrade to version 1.0b or higher.", "nessusSeverity": "", "cvssScoreSource": "", "vpr": {}, "exploitAvailable": false, "exploitEase": "", "patchPublicationDate": null, "vulnerabilityPublicationDate": null, "exploitableWith": []}, "lastseen": "2021-08-12T13:25:49", "differentElements": ["nessusSeverity"], "edition": 1}], "viewCount": 0, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2005-0390"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2005-0390"]}, {"type": "freebsd", "idList": ["0163B498-AF54-11D9-ACD0-000854D03344"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:8327"]}, {"type": "debian", "idList": ["DEBIAN:DSA-706-1:42554"]}, {"type": "gentoo", "idList": ["GLSA-200504-09"]}, {"type": "openvas", "idList": ["OPENVAS:52131", "OPENVAS:54911", "OPENVAS:53751"]}, {"type": "osvdb", "idList": ["OSVDB:15310"]}, {"type": "nessus", "idList": ["GENTOO_GLSA-200504-09.NASL", "DEBIAN_DSA-706.NASL", "FREEBSD_PKG_0163B498AF5411D9ACD0000854D03344.NASL"]}], "modified": "2021-08-19T13:17:25", "rev": 2}, "score": {"value": 8.1, "vector": "NONE", "modified": "2021-08-19T13:17:25", "rev": 2}}, "objectVersion": "1.6", "pluginID": "2803", "sourceData": "Binary data 2803.prm", "naslFamily": "Web Clients", "cpe": ["cpe:2.3:a:axel:axel:*:*:*:*:*:*:*:*"], "solution": "Upgrade to version 1.0b or higher.", "nessusSeverity": "High", "cvssScoreSource": "", "vpr": {}, "exploitAvailable": false, "exploitEase": "", "patchPublicationDate": null, "vulnerabilityPublicationDate": null, "exploitableWith": [], "_object_type": "robots.models.nessus.NessusBulletin", "_object_types": ["robots.models.base.Bulletin", "robots.models.nessus.NessusBulletin"]}, {"id": "FREEBSD_PKG_0163B498AF5411D9ACD0000854D03344.NASL", "hash": "1eb7e87c36b750b1de724de8339859bb", "type": "nessus", "bulletinFamily": "scanner", "title": "FreeBSD : axel -- remote buffer overflow (0163b498-af54-11d9-acd0-000854d03344)", "description": "A Debian Security Advisory reports :\n\nUlf Harnhammar from the Debian Security Audit Project discovered a buffer overflow in axel, a light download accelerator. When reading remote input the program did not check if a part of the input can overflow a buffer and maybe trigger the execution of arbitrary code.", "published": "2005-07-13T00:00:00", "modified": "2021-01-06T00:00:00", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {}, "cvss3": {"score": null, "vector": null}, "href": "https://www.tenable.com/plugins/nessus/18815", "reporter": "This script is Copyright (C) 2005-2021 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0390", "http://www.nessus.org/u?53dd0c0b"], "cvelist": ["CVE-2005-0390"], "immutableFields": [], "lastseen": "2021-08-19T13:16:54", "history": [{"bulletin": {"id": "FREEBSD_PKG_0163B498AF5411D9ACD0000854D03344.NASL", "hash": "4193700837f7845ec30003ac7e1081bfdb6c1322f595dc9c3b3ddce71d08ccbd", "type": "nessus", "bulletinFamily": "scanner", "title": "FreeBSD : axel -- remote buffer overflow (0163b498-af54-11d9-acd0-000854d03344)", "description": "A Debian Security Advisory reports :\n\nUlf Harnhammar from the Debian Security Audit Project discovered a buffer overflow in axel, a light download accelerator. When reading remote input the program did not check if a part of the input can overflow a buffer and maybe trigger the execution of arbitrary code.", "published": "2005-07-13T00:00:00", "modified": "2016-05-26T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "cvss2": {}, "cvss3": {}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=18815", "reporter": "Tenable", "references": ["http://www.nessus.org/u?c8d4465f"], "cvelist": ["CVE-2005-0390"], "immutableFields": [], "lastseen": "2016-09-26T17:26:48", "history": [], "viewCount": 0, "enchantments": {}, "objectVersion": "1.6", "pluginID": "18815", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2016 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(18815);\n script_version(\"$Revision: 1.15 $\");\n script_cvs_date(\"$Date: 2016/05/26 16:04:30 $\");\n\n script_cve_id(\"CVE-2005-0390\");\n script_bugtraq_id(13059);\n script_xref(name:\"DSA\", value:\"706\");\n\n script_name(english:\"FreeBSD : axel -- remote buffer overflow (0163b498-af54-11d9-acd0-000854d03344)\");\n script_summary(english:\"Checks for updated package in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote FreeBSD host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A Debian Security Advisory reports :\n\nUlf Harnhammar from the Debian Security Audit Project discovered a\nbuffer overflow in axel, a light download accelerator. When reading\nremote input the program did not check if a part of the input can\noverflow a buffer and maybe trigger the execution of arbitrary code.\"\n );\n # http://www.freebsd.org/ports/portaudit/0163b498-af54-11d9-acd0-000854d03344.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?c8d4465f\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:axel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2005/04/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2005/04/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2005/07/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2005-2016 Tenable Network Security, Inc.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"axel<1.0a_4\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "naslFamily": "FreeBSD Local Security Checks", "cpe": [], "solution": "", "nessusSeverity": "", "cvssScoreSource": "", "vpr": {}, "exploitAvailable": false, "exploitEase": "", "patchPublicationDate": null, "vulnerabilityPublicationDate": null, "exploitableWith": []}, "lastseen": "2016-09-26T17:26:48", "differentElements": ["cpe", "cvss"], "edition": 1}, {"bulletin": {"id": "FREEBSD_PKG_0163B498AF5411D9ACD0000854D03344.NASL", "hash": "e0dd4931afa945053de1dedc6d4686944688db36d67ed1bc93a88451eab56256", "type": "nessus", "bulletinFamily": "scanner", "title": "FreeBSD : axel -- remote buffer overflow (0163b498-af54-11d9-acd0-000854d03344)", "description": "A Debian Security Advisory reports :\n\nUlf Harnhammar from the Debian Security Audit Project discovered a buffer overflow in axel, a light download accelerator. When reading remote input the program did not check if a part of the input can overflow a buffer and maybe trigger the execution of arbitrary code.", "published": "2005-07-13T00:00:00", "modified": "2016-05-26T00:00:00", "cvss": {"score": 0.0, "vector": "NONE"}, "cvss2": {}, "cvss3": {}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=18815", "reporter": "Tenable", "references": ["http://www.nessus.org/u?c8d4465f"], "cvelist": ["CVE-2005-0390"], "immutableFields": [], "lastseen": "2018-08-30T19:58:52", "history": [], "viewCount": 0, "enchantments": {"score": {"value": 7.5, "vector": "NONE"}}, "objectVersion": "1.6", "pluginID": "18815", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2016 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(18815);\n script_version(\"$Revision: 1.15 $\");\n script_cvs_date(\"$Date: 2016/05/26 16:04:30 $\");\n\n script_cve_id(\"CVE-2005-0390\");\n script_bugtraq_id(13059);\n script_xref(name:\"DSA\", value:\"706\");\n\n script_name(english:\"FreeBSD : axel -- remote buffer overflow (0163b498-af54-11d9-acd0-000854d03344)\");\n script_summary(english:\"Checks for updated package in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote FreeBSD host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A Debian Security Advisory reports :\n\nUlf Harnhammar from the Debian Security Audit Project discovered a\nbuffer overflow in axel, a light download accelerator. When reading\nremote input the program did not check if a part of the input can\noverflow a buffer and maybe trigger the execution of arbitrary code.\"\n );\n # http://www.freebsd.org/ports/portaudit/0163b498-af54-11d9-acd0-000854d03344.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?c8d4465f\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:axel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2005/04/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2005/04/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2005/07/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2005-2016 Tenable Network Security, Inc.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"axel<1.0a_4\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "naslFamily": "FreeBSD Local Security Checks", "cpe": ["cpe:/o:freebsd:freebsd", "p-cpe:/a:freebsd:freebsd:axel"], "solution": "", "nessusSeverity": "", "cvssScoreSource": "", "vpr": {}, "exploitAvailable": false, "exploitEase": "", "patchPublicationDate": null, "vulnerabilityPublicationDate": null, "exploitableWith": []}, "lastseen": "2018-08-30T19:58:52", "differentElements": ["cvss", "description", "href", "modified", "references", "reporter", "sourceData"], "edition": 2}, {"bulletin": {"id": "FREEBSD_PKG_0163B498AF5411D9ACD0000854D03344.NASL", "hash": "6ae7a44e1a27b81b6cf22a4afb676d87c720e9d460a07f3881853bb70d693a11", "type": "nessus", "bulletinFamily": "scanner", "title": "FreeBSD : axel -- remote buffer overflow (0163b498-af54-11d9-acd0-000854d03344)", "description": "A Debian Security Advisory reports :\n\nUlf Harnhammar from the Debian Security Audit Project discovered a\nbuffer overflow in axel, a light download accelerator. When reading\nremote input the program did not check if a part of the input can\noverflow a buffer and maybe trigger the execution of arbitrary code.", "published": "2005-07-13T00:00:00", "modified": "2020-05-02T00:00:00", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {}, "cvss3": {}, "href": "https://www.tenable.com/plugins/nessus/18815", "reporter": "This script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["http://www.nessus.org/u?53dd0c0b"], "cvelist": ["CVE-2005-0390"], "immutableFields": [], "lastseen": "2020-05-01T00:15:57", "history": [], "viewCount": 1, "enchantments": {"dependencies": {"modified": "2020-05-01T00:15:57", "references": [{"idList": ["GENTOO_GLSA-200504-09.NASL", "DEBIAN_DSA-706.NASL"], "type": "nessus"}, {"idList": ["DEBIAN:DSA-706-1:42554"], "type": "debian"}, {"idList": ["CVE-2005-0390"], "type": "cve"}, {"idList": ["OSVDB:15310"], "type": "osvdb"}, {"idList": ["SECURITYVULNS:DOC:8327"], "type": "securityvulns"}, {"idList": ["GLSA-200504-09"], "type": "gentoo"}, {"idList": ["OPENVAS:54911", "OPENVAS:52131", "OPENVAS:53751"], "type": "openvas"}, {"idList": ["0163B498-AF54-11D9-ACD0-000854D03344"], "type": "freebsd"}], "rev": 2}, "score": {"modified": "2020-05-01T00:15:57", "rev": 2, "value": 8.5, "vector": "NONE"}}, "objectVersion": "1.6", "pluginID": "18815", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(18815);\n script_version(\"1.17\");\n script_cvs_date(\"Date: 2019/08/02 13:32:36\");\n\n script_cve_id(\"CVE-2005-0390\");\n script_bugtraq_id(13059);\n script_xref(name:\"DSA\", value:\"706\");\n\n script_name(english:\"FreeBSD : axel -- remote buffer overflow (0163b498-af54-11d9-acd0-000854d03344)\");\n script_summary(english:\"Checks for updated package in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote FreeBSD host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A Debian Security Advisory reports :\n\nUlf Harnhammar from the Debian Security Audit Project discovered a\nbuffer overflow in axel, a light download accelerator. When reading\nremote input the program did not check if a part of the input can\noverflow a buffer and maybe trigger the execution of arbitrary code.\"\n );\n # https://vuxml.freebsd.org/freebsd/0163b498-af54-11d9-acd0-000854d03344.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?53dd0c0b\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:axel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2005/04/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2005/04/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2005/07/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"axel<1.0a_4\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "naslFamily": "FreeBSD Local Security Checks", "cpe": ["cpe:/o:freebsd:freebsd", "p-cpe:/a:freebsd:freebsd:axel"], "solution": "", "nessusSeverity": "", "cvssScoreSource": "", "vpr": {}, "exploitAvailable": false, "exploitEase": "", "patchPublicationDate": null, "vulnerabilityPublicationDate": null, "exploitableWith": []}, "lastseen": "2020-05-01T00:15:57", "differentElements": ["modified"], "edition": 3}, {"bulletin": {"id": "FREEBSD_PKG_0163B498AF5411D9ACD0000854D03344.NASL", "hash": "f3690e3b7de3f3e157f86ba2b5197b2dd2749f80222ee70766274f931b4c756c", "type": "nessus", "bulletinFamily": "scanner", "title": "FreeBSD : axel -- remote buffer overflow (0163b498-af54-11d9-acd0-000854d03344)", "description": "A Debian Security Advisory reports :\n\nUlf Harnhammar from the Debian Security Audit Project discovered a\nbuffer overflow in axel, a light download accelerator. When reading\nremote input the program did not check if a part of the input can\noverflow a buffer and maybe trigger the execution of arbitrary code.", "published": "2005-07-13T00:00:00", "modified": "2020-11-02T00:00:00", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {}, "cvss3": {}, "href": "https://www.tenable.com/plugins/nessus/18815", "reporter": "This script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["http://www.nessus.org/u?53dd0c0b"], "cvelist": ["CVE-2005-0390"], "immutableFields": [], "lastseen": "2020-11-01T06:20:22", "history": [], "viewCount": 1, "enchantments": {"dependencies": {"modified": "2020-11-01T06:20:22", "references": [{"idList": ["GENTOO_GLSA-200504-09.NASL", "DEBIAN_DSA-706.NASL"], "type": "nessus"}, {"idList": ["DEBIAN:DSA-706-1:42554"], "type": "debian"}, {"idList": ["CVE-2005-0390"], "type": "cve"}, {"idList": ["OSVDB:15310"], "type": "osvdb"}, {"idList": ["SECURITYVULNS:DOC:8327"], "type": "securityvulns"}, {"idList": ["GLSA-200504-09"], "type": "gentoo"}, {"idList": ["OPENVAS:54911", "OPENVAS:52131", "OPENVAS:53751"], "type": "openvas"}, {"idList": ["0163B498-AF54-11D9-ACD0-000854D03344"], "type": "freebsd"}], "rev": 2}, "score": {"modified": "2020-11-01T06:20:22", "rev": 2, "value": 8.5, "vector": "NONE"}}, "objectVersion": "1.6", "pluginID": "18815", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(18815);\n script_version(\"1.17\");\n script_cvs_date(\"Date: 2019/08/02 13:32:36\");\n\n script_cve_id(\"CVE-2005-0390\");\n script_bugtraq_id(13059);\n script_xref(name:\"DSA\", value:\"706\");\n\n script_name(english:\"FreeBSD : axel -- remote buffer overflow (0163b498-af54-11d9-acd0-000854d03344)\");\n script_summary(english:\"Checks for updated package in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote FreeBSD host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A Debian Security Advisory reports :\n\nUlf Harnhammar from the Debian Security Audit Project discovered a\nbuffer overflow in axel, a light download accelerator. When reading\nremote input the program did not check if a part of the input can\noverflow a buffer and maybe trigger the execution of arbitrary code.\"\n );\n # https://vuxml.freebsd.org/freebsd/0163b498-af54-11d9-acd0-000854d03344.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?53dd0c0b\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:axel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2005/04/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2005/04/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2005/07/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"axel<1.0a_4\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "naslFamily": "FreeBSD Local Security Checks", "cpe": ["cpe:/o:freebsd:freebsd", "p-cpe:/a:freebsd:freebsd:axel"], "solution": "", "nessusSeverity": "", "cvssScoreSource": "", "vpr": {}, "exploitAvailable": false, "exploitEase": "", "patchPublicationDate": null, "vulnerabilityPublicationDate": null, "exploitableWith": []}, "lastseen": "2020-11-01T06:20:22", "differentElements": ["modified", "reporter", "sourceData"], "edition": 4}, {"bulletin": {"id": "FREEBSD_PKG_0163B498AF5411D9ACD0000854D03344.NASL", "hash": "201702b29194fc1470e5865c56d74114144e844380f316809e3b5655b77fe0e4", "type": "nessus", "bulletinFamily": "scanner", "title": "FreeBSD : axel -- remote buffer overflow (0163b498-af54-11d9-acd0-000854d03344)", "description": "A Debian Security Advisory reports :\n\nUlf Harnhammar from the Debian Security Audit Project discovered a\nbuffer overflow in axel, a light download accelerator. When reading\nremote input the program did not check if a part of the input can\noverflow a buffer and maybe trigger the execution of arbitrary code.", "published": "2005-07-13T00:00:00", "modified": "2005-07-13T00:00:00", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {}, "cvss3": {}, "href": "https://www.tenable.com/plugins/nessus/18815", "reporter": "This script is Copyright (C) 2005-2021 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["http://www.nessus.org/u?53dd0c0b"], "cvelist": ["CVE-2005-0390"], "immutableFields": [], "lastseen": "2021-01-07T10:39:15", "history": [], "viewCount": 1, "enchantments": {"dependencies": {"modified": "2021-01-07T10:39:15", "references": [{"idList": ["GENTOO_GLSA-200504-09.NASL", "DEBIAN_DSA-706.NASL"], "type": "nessus"}, {"idList": ["DEBIAN:DSA-706-1:42554"], "type": "debian"}, {"idList": ["CVE-2005-0390"], "type": "cve"}, {"idList": ["OSVDB:15310"], "type": "osvdb"}, {"idList": ["SECURITYVULNS:DOC:8327"], "type": "securityvulns"}, {"idList": ["UB:CVE-2005-0390"], "type": "ubuntucve"}, {"idList": ["GLSA-200504-09"], "type": "gentoo"}, {"idList": ["OPENVAS:54911", "OPENVAS:52131", "OPENVAS:53751"], "type": "openvas"}, {"idList": ["0163B498-AF54-11D9-ACD0-000854D03344"], "type": "freebsd"}], "rev": 2}, "score": {"modified": "2021-01-07T10:39:15", "rev": 2, "value": 8.6, "vector": "NONE"}}, "objectVersion": "1.6", "pluginID": "18815", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(18815);\n script_version(\"1.18\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2005-0390\");\n script_bugtraq_id(13059);\n script_xref(name:\"DSA\", value:\"706\");\n\n script_name(english:\"FreeBSD : axel -- remote buffer overflow (0163b498-af54-11d9-acd0-000854d03344)\");\n script_summary(english:\"Checks for updated package in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote FreeBSD host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A Debian Security Advisory reports :\n\nUlf Harnhammar from the Debian Security Audit Project discovered a\nbuffer overflow in axel, a light download accelerator. When reading\nremote input the program did not check if a part of the input can\noverflow a buffer and maybe trigger the execution of arbitrary code.\"\n );\n # https://vuxml.freebsd.org/freebsd/0163b498-af54-11d9-acd0-000854d03344.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?53dd0c0b\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:axel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2005/04/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2005/04/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2005/07/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2005-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"axel<1.0a_4\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "naslFamily": "FreeBSD Local Security Checks", "cpe": ["cpe:/o:freebsd:freebsd", "p-cpe:/a:freebsd:freebsd:axel"], "solution": "", "nessusSeverity": "", "cvssScoreSource": "", "vpr": {}, "exploitAvailable": false, "exploitEase": "", "patchPublicationDate": null, "vulnerabilityPublicationDate": null, "exploitableWith": []}, "lastseen": "2021-01-07T10:39:15", "differentElements": ["cvss2"], "edition": 5}, {"bulletin": {"id": "FREEBSD_PKG_0163B498AF5411D9ACD0000854D03344.NASL", "hash": "6ba7c3a16d669772fe8edfda8afcab20", "type": "nessus", "bulletinFamily": "scanner", "title": "FreeBSD : axel -- remote buffer overflow (0163b498-af54-11d9-acd0-000854d03344)", "description": "A Debian Security Advisory reports :\n\nUlf Harnhammar from the Debian Security Audit Project discovered a\nbuffer overflow in axel, a light download accelerator. When reading\nremote input the program did not check if a part of the input can\noverflow a buffer and maybe trigger the execution of arbitrary code.", "published": "2005-07-13T00:00:00", "modified": "2005-07-13T00:00:00", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {"cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": true, "severity": "HIGH", "userInteractionRequired": false}, "cvss3": {}, "href": "https://www.tenable.com/plugins/nessus/18815", "reporter": "This script is Copyright (C) 2005-2021 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["http://www.nessus.org/u?53dd0c0b"], "cvelist": ["CVE-2005-0390"], "immutableFields": [], "lastseen": "2021-07-29T00:04:32", "history": [], "viewCount": 1, "enchantments": {"dependencies": {"references": [{"type": "ubuntucve", "idList": ["UB:CVE-2005-0390"]}, {"type": "cve", "idList": ["CVE-2005-0390"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:8327"]}, {"type": "openvas", "idList": ["OPENVAS:54911", "OPENVAS:53751", "OPENVAS:52131"]}, {"type": "osvdb", "idList": ["OSVDB:15310"]}, {"type": "debian", "idList": ["DEBIAN:DSA-706-1:42554"]}, {"type": "gentoo", "idList": ["GLSA-200504-09"]}, {"type": "freebsd", "idList": ["0163B498-AF54-11D9-ACD0-000854D03344"]}, {"type": "nessus", "idList": ["GENTOO_GLSA-200504-09.NASL", "DEBIAN_DSA-706.NASL"]}], "modified": "2021-07-29T00:04:32", "rev": 2}, "score": {"value": 8.6, "vector": "NONE", "modified": "2021-07-29T00:04:32", "rev": 2}}, "objectVersion": "1.6", "pluginID": "18815", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(18815);\n script_version(\"1.18\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2005-0390\");\n script_bugtraq_id(13059);\n script_xref(name:\"DSA\", value:\"706\");\n\n script_name(english:\"FreeBSD : axel -- remote buffer overflow (0163b498-af54-11d9-acd0-000854d03344)\");\n script_summary(english:\"Checks for updated package in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote FreeBSD host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A Debian Security Advisory reports :\n\nUlf Harnhammar from the Debian Security Audit Project discovered a\nbuffer overflow in axel, a light download accelerator. When reading\nremote input the program did not check if a part of the input can\noverflow a buffer and maybe trigger the execution of arbitrary code.\"\n );\n # https://vuxml.freebsd.org/freebsd/0163b498-af54-11d9-acd0-000854d03344.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?53dd0c0b\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:axel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2005/04/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2005/04/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2005/07/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2005-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"axel<1.0a_4\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "naslFamily": "FreeBSD Local Security Checks", "cpe": ["cpe:/o:freebsd:freebsd", "p-cpe:/a:freebsd:freebsd:axel"], "solution": "", "nessusSeverity": "", "cvssScoreSource": "", "vpr": {}, "exploitAvailable": false, "exploitEase": "", "patchPublicationDate": null, "vulnerabilityPublicationDate": null, "exploitableWith": []}, "lastseen": "2021-07-29T00:04:32", "differentElements": ["cvss2", "cvss3", "description", "exploitEase", "modified", "patchPublicationDate", "references", "solution", "vpr", "vulnerabilityPublicationDate"], "edition": 6}, {"bulletin": {"id": "FREEBSD_PKG_0163B498AF5411D9ACD0000854D03344.NASL", "hash": "f400f9da999b83fb3f4cc63ecc3ff94e", "type": "nessus", "bulletinFamily": "scanner", "title": "FreeBSD : axel -- remote buffer overflow (0163b498-af54-11d9-acd0-000854d03344)", "description": "A Debian Security Advisory reports :\n\nUlf Harnhammar from the Debian Security Audit Project discovered a buffer overflow in axel, a light download accelerator. When reading remote input the program did not check if a part of the input can overflow a buffer and maybe trigger the execution of arbitrary code.", "published": "2005-07-13T00:00:00", "modified": "2021-01-06T00:00:00", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {}, "cvss3": {"score": null, "vector": null}, "href": "https://www.tenable.com/plugins/nessus/18815", "reporter": "This script is Copyright (C) 2005-2021 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0390", "http://www.nessus.org/u?53dd0c0b"], "cvelist": ["CVE-2005-0390"], "immutableFields": [], "lastseen": "2021-08-12T13:24:53", "history": [], "viewCount": 1, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2005-0390"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2005-0390"]}, {"type": "openvas", "idList": ["OPENVAS:53751", "OPENVAS:54911", "OPENVAS:52131"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:8327"]}, {"type": "osvdb", "idList": ["OSVDB:15310"]}, {"type": "debian", "idList": ["DEBIAN:DSA-706-1:42554"]}, {"type": "freebsd", "idList": ["0163B498-AF54-11D9-ACD0-000854D03344"]}, {"type": "gentoo", "idList": ["GLSA-200504-09"]}, {"type": "nessus", "idList": ["DEBIAN_DSA-706.NASL", "GENTOO_GLSA-200504-09.NASL", "2803.PRM"]}], "modified": "2021-08-12T13:24:53", "rev": 2}, "score": {"value": 8.6, "vector": "NONE", "modified": "2021-08-12T13:24:53", "rev": 2}}, "objectVersion": "1.6", "pluginID": "18815", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(18815);\n script_version(\"1.18\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2005-0390\");\n script_bugtraq_id(13059);\n script_xref(name:\"DSA\", value:\"706\");\n\n script_name(english:\"FreeBSD : axel -- remote buffer overflow (0163b498-af54-11d9-acd0-000854d03344)\");\n script_summary(english:\"Checks for updated package in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote FreeBSD host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A Debian Security Advisory reports :\n\nUlf Harnhammar from the Debian Security Audit Project discovered a\nbuffer overflow in axel, a light download accelerator. When reading\nremote input the program did not check if a part of the input can\noverflow a buffer and maybe trigger the execution of arbitrary code.\"\n );\n # https://vuxml.freebsd.org/freebsd/0163b498-af54-11d9-acd0-000854d03344.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?53dd0c0b\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:axel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2005/04/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2005/04/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2005/07/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2005-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"axel<1.0a_4\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "naslFamily": "FreeBSD Local Security Checks", "cpe": ["p-cpe:/a:freebsd:freebsd:axel", "cpe:/o:freebsd:freebsd"], "solution": "Update the affected package.", "nessusSeverity": "", "cvssScoreSource": "", "vpr": {"risk factor": "Medium", "score": "5.3"}, "exploitAvailable": false, "exploitEase": "No known exploits are available", "patchPublicationDate": "2005-04-17T00:00:00", "vulnerabilityPublicationDate": "2005-04-16T00:00:00", "exploitableWith": []}, "lastseen": "2021-08-12T13:24:53", "differentElements": ["nessusSeverity"], "edition": 7}], "viewCount": 1, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2005-0390"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2005-0390"]}, {"type": "freebsd", "idList": ["0163B498-AF54-11D9-ACD0-000854D03344"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:8327"]}, {"type": "debian", "idList": ["DEBIAN:DSA-706-1:42554"]}, {"type": "gentoo", "idList": ["GLSA-200504-09"]}, {"type": "openvas", "idList": ["OPENVAS:53751", "OPENVAS:52131", "OPENVAS:54911"]}, {"type": "osvdb", "idList": ["OSVDB:15310"]}, {"type": "nessus", "idList": ["DEBIAN_DSA-706.NASL", "2803.PRM", "GENTOO_GLSA-200504-09.NASL"]}], "modified": "2021-08-19T13:16:54", "rev": 2}, "score": {"value": 8.6, "vector": "NONE", "modified": "2021-08-19T13:16:54", "rev": 2}}, "objectVersion": "1.6", "pluginID": "18815", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(18815);\n script_version(\"1.18\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2005-0390\");\n script_bugtraq_id(13059);\n script_xref(name:\"DSA\", value:\"706\");\n\n script_name(english:\"FreeBSD : axel -- remote buffer overflow (0163b498-af54-11d9-acd0-000854d03344)\");\n script_summary(english:\"Checks for updated package in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote FreeBSD host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A Debian Security Advisory reports :\n\nUlf Harnhammar from the Debian Security Audit Project discovered a\nbuffer overflow in axel, a light download accelerator. When reading\nremote input the program did not check if a part of the input can\noverflow a buffer and maybe trigger the execution of arbitrary code.\"\n );\n # https://vuxml.freebsd.org/freebsd/0163b498-af54-11d9-acd0-000854d03344.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?53dd0c0b\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:axel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2005/04/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2005/04/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2005/07/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2005-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"axel<1.0a_4\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "naslFamily": "FreeBSD Local Security Checks", "cpe": ["p-cpe:/a:freebsd:freebsd:axel", "cpe:/o:freebsd:freebsd"], "solution": "Update the affected package.", "nessusSeverity": "High", "cvssScoreSource": "", "vpr": {"risk factor": "Medium", "score": "5.3"}, "exploitAvailable": false, "exploitEase": "No known exploits are available", "patchPublicationDate": "2005-04-17T00:00:00", "vulnerabilityPublicationDate": "2005-04-16T00:00:00", "exploitableWith": [], "_object_type": "robots.models.nessus.NessusBulletin", "_object_types": ["robots.models.base.Bulletin", "robots.models.nessus.NessusBulletin"]}, {"id": "DEBIAN_DSA-706.NASL", "hash": "b95ff09de905b6f4091a317ddd5b9188", "type": "nessus", "bulletinFamily": "scanner", "title": "Debian DSA-706-1 : axel - buffer overflow", "description": "Ulf Harnhammar from the Debian Security Audit Project discovered a buffer overflow in axel, a light download accelerator. When reading remote input the program did not check if a part of the input can overflow a buffer and maybe trigger the execution of arbitrary code.", "published": "2005-04-13T00:00:00", "modified": "2021-01-04T00:00:00", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {}, "cvss3": {"score": null, "vector": null}, "href": "https://www.tenable.com/plugins/nessus/18030", "reporter": "This script is Copyright (C) 2005-2021 Tenable Network Security, Inc.", "references": ["http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0390", "http://www.debian.org/security/2005/dsa-706", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0887"], "cvelist": ["CVE-2001-0887", "CVE-2005-0390"], "immutableFields": [], "lastseen": "2021-08-19T13:17:28", "history": [{"bulletin": {"id": "DEBIAN_DSA-706.NASL", "hash": "c7a9f4f59a7d6954dfb507e241e45e29af659bf382acf42d7f18bbe9a47a0c0c", "type": "nessus", "bulletinFamily": "scanner", "title": "Debian DSA-706-1 : axel - buffer overflow", "description": "Ulf Harnhammar from the Debian Security Audit Project discovered a buffer overflow in axel, a light download accelerator. When reading remote input the program did not check if a part of the input can overflow a buffer and maybe trigger the execution of arbitrary code.", "published": "2005-04-13T00:00:00", "modified": "2016-05-26T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "cvss2": {}, "cvss3": {}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=18030", "reporter": "Tenable", "references": ["http://www.debian.org/security/2005/dsa-706"], "cvelist": ["CVE-2005-0390", "CVE-2001-0887"], "immutableFields": [], "lastseen": "2017-10-29T13:44:16", "history": [], "viewCount": 0, "enchantments": {"score": {"value": 7.5, "vector": "NONE"}}, "objectVersion": "1.6", "pluginID": "18030", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-706. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(18030);\n script_version(\"$Revision: 1.19 $\");\n script_cvs_date(\"$Date: 2016/05/26 16:04:30 $\");\n\n script_cve_id(\"CVE-2001-0887\", \"CVE-2005-0390\");\n script_bugtraq_id(13059);\n script_osvdb_id(2005, 15310);\n script_xref(name:\"DSA\", value:\"706\");\n\n script_name(english:\"Debian DSA-706-1 : axel - buffer overflow\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Ulf Harnhammar from the Debian Security Audit Project discovered a\nbuffer overflow in axel, a light download accelerator. When reading\nremote input the program did not check if a part of the input can\noverflow a buffer and maybe trigger the execution of arbitrary code.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.debian.org/security/2005/dsa-706\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the axel package.\n\nFor the stable distribution (woody) this problem has been fixed in\nversion 1.0a-1woody1.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:axel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:3.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2005/04/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2005/04/13\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2001/12/17\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2005-2016 Tenable Network Security, Inc.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"3.0\", prefix:\"axel\", reference:\"1.0a-1woody1\")) flag++;\nif (deb_check(release:\"3.0\", prefix:\"axel-kapt\", reference:\"1.0a-1woody1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "naslFamily": "Debian Local Security Checks", "cpe": ["cpe:/o:debian:debian_linux:3.0", "p-cpe:/a:debian:debian_linux:axel"], "solution": "", "nessusSeverity": "", "cvssScoreSource": "", "vpr": {}, "exploitAvailable": false, "exploitEase": "", "patchPublicationDate": null, "vulnerabilityPublicationDate": null, "exploitableWith": []}, "lastseen": "2017-10-29T13:44:16", "differentElements": ["modified", "sourceData"], "edition": 1}, {"bulletin": {"id": "DEBIAN_DSA-706.NASL", "hash": "d20b3db3ac958f1484ae7b0fafb12d796984f30d94deee114257d24342440285", "type": "nessus", "bulletinFamily": "scanner", "title": "Debian DSA-706-1 : axel - buffer overflow", "description": "Ulf Harnhammar from the Debian Security Audit Project discovered a buffer overflow in axel, a light download accelerator. When reading remote input the program did not check if a part of the input can overflow a buffer and maybe trigger the execution of arbitrary code.", "published": "2005-04-13T00:00:00", "modified": "2018-07-20T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "cvss2": {}, "cvss3": {}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=18030", "reporter": "Tenable", "references": ["http://www.debian.org/security/2005/dsa-706"], "cvelist": ["CVE-2005-0390", "CVE-2001-0887"], "immutableFields": [], "lastseen": "2018-08-02T08:22:07", "history": [], "viewCount": 0, "enchantments": {"score": {"value": 7.5, "vector": "NONE"}}, "objectVersion": "1.6", "pluginID": "18030", "sourceData": "#%NASL_MIN_LEVEL 70103\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-706. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(18030);\n script_version(\"1.21\");\n script_cvs_date(\"Date: 2018/07/20 2:17:11\");\n\n script_cve_id(\"CVE-2001-0887\", \"CVE-2005-0390\");\n script_bugtraq_id(13059);\n script_xref(name:\"DSA\", value:\"706\");\n\n script_name(english:\"Debian DSA-706-1 : axel - buffer overflow\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Ulf Harnhammar from the Debian Security Audit Project discovered a\nbuffer overflow in axel, a light download accelerator. When reading\nremote input the program did not check if a part of the input can\noverflow a buffer and maybe trigger the execution of arbitrary code.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.debian.org/security/2005/dsa-706\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the axel package.\n\nFor the stable distribution (woody) this problem has been fixed in\nversion 1.0a-1woody1.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:axel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:3.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2005/04/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2005/04/13\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2001/12/17\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2005-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"3.0\", prefix:\"axel\", reference:\"1.0a-1woody1\")) flag++;\nif (deb_check(release:\"3.0\", prefix:\"axel-kapt\", reference:\"1.0a-1woody1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "naslFamily": "Debian Local Security Checks", "cpe": ["cpe:/o:debian:debian_linux:3.0", "p-cpe:/a:debian:debian_linux:axel"], "solution": "", "nessusSeverity": "", "cvssScoreSource": "", "vpr": {}, "exploitAvailable": false, "exploitEase": "", "patchPublicationDate": null, "vulnerabilityPublicationDate": null, "exploitableWith": []}, "lastseen": "2018-08-02T08:22:07", "differentElements": ["cvss", "description", "href", "modified", "reporter", "sourceData"], "edition": 2}, {"bulletin": {"id": "DEBIAN_DSA-706.NASL", "hash": "1d709f67bb9f3c801b7a8497d32bd16657d3283b4c97ed65f31864b7d11498a3", "type": "nessus", "bulletinFamily": "scanner", "title": "Debian DSA-706-1 : axel - buffer overflow", "description": "Ulf Harnhammar from the Debian Security Audit Project discovered a\nbuffer overflow in axel, a light download accelerator. When reading\nremote input the program did not check if a part of the input can\noverflow a buffer and maybe trigger the execution of arbitrary code.", "published": "2005-04-13T00:00:00", "modified": "2020-03-02T00:00:00", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {}, "cvss3": {}, "href": "https://www.tenable.com/plugins/nessus/18030", "reporter": "This script is Copyright (C) 2005-2019 Tenable Network Security, Inc.", "references": ["http://www.debian.org/security/2005/dsa-706"], "cvelist": ["CVE-2005-0390", "CVE-2001-0887"], "immutableFields": [], "lastseen": "2020-03-17T23:15:52", "history": [], "viewCount": 0, "enchantments": {"dependencies": {"modified": "2020-03-17T23:15:52", "references": [{"idList": ["DEBIAN:DSA-706-1:42554"], "type": "debian"}, {"idList": ["SECURITYVULNS:DOC:8327"], "type": "securityvulns"}, {"idList": ["GLSA-200504-09"], "type": "gentoo"}, {"idList": ["OSVDB:15310", "OSVDB:2005"], "type": "osvdb"}, {"idList": ["GENTOO_GLSA-200504-09.NASL", "FREEBSD_PKG_0163B498AF5411D9ACD0000854D03344.NASL"], "type": "nessus"}, {"idList": ["OPENVAS:54911", "OPENVAS:52131", "OPENVAS:53751"], "type": "openvas"}, {"idList": ["CVE-2005-0390", "CVE-2001-0887"], "type": "cve"}, {"idList": ["0163B498-AF54-11D9-ACD0-000854D03344"], "type": "freebsd"}]}, "score": {"modified": "2020-03-17T23:15:52", "value": 8.2, "vector": "NONE"}}, "objectVersion": "1.6", "pluginID": "18030", "sourceData": "#%NASL_MIN_LEVEL 80502\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-706. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(18030);\n script_version(\"1.22\");\n script_cvs_date(\"Date: 2019/08/02 13:32:18\");\n\n script_cve_id(\"CVE-2001-0887\", \"CVE-2005-0390\");\n script_bugtraq_id(13059);\n script_xref(name:\"DSA\", value:\"706\");\n\n script_name(english:\"Debian DSA-706-1 : axel - buffer overflow\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Ulf Harnhammar from the Debian Security Audit Project discovered a\nbuffer overflow in axel, a light download accelerator. When reading\nremote input the program did not check if a part of the input can\noverflow a buffer and maybe trigger the execution of arbitrary code.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.debian.org/security/2005/dsa-706\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the axel package.\n\nFor the stable distribution (woody) this problem has been fixed in\nversion 1.0a-1woody1.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:axel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:3.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2005/04/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2005/04/13\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2001/12/17\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2005-2019 Tenable Network Security, Inc.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"3.0\", prefix:\"axel\", reference:\"1.0a-1woody1\")) flag++;\nif (deb_check(release:\"3.0\", prefix:\"axel-kapt\", reference:\"1.0a-1woody1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "naslFamily": "Debian Local Security Checks", "cpe": ["cpe:/o:debian:debian_linux:3.0", "p-cpe:/a:debian:debian_linux:axel"], "solution": "", "nessusSeverity": "", "cvssScoreSource": "", "vpr": {}, "exploitAvailable": false, "exploitEase": "", "patchPublicationDate": null, "vulnerabilityPublicationDate": null, "exploitableWith": []}, "lastseen": "2020-03-17T23:15:52", "differentElements": ["modified", "reporter", "sourceData"], "edition": 3}, {"bulletin": {"id": "DEBIAN_DSA-706.NASL", "hash": "e8b503da8717499b60411dac79954f8006366340dce40a8a2af8826ca765bee2", "type": "nessus", "bulletinFamily": "scanner", "title": "Debian DSA-706-1 : axel - buffer overflow", "description": "Ulf Harnhammar from the Debian Security Audit Project discovered a\nbuffer overflow in axel, a light download accelerator. When reading\nremote input the program did not check if a part of the input can\noverflow a buffer and maybe trigger the execution of arbitrary code.", "published": "2005-04-13T00:00:00", "modified": "2005-04-13T00:00:00", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {}, "cvss3": {}, "href": "https://www.tenable.com/plugins/nessus/18030", "reporter": "This script is Copyright (C) 2005-2021 Tenable Network Security, Inc.", "references": ["http://www.debian.org/security/2005/dsa-706"], "cvelist": ["CVE-2005-0390", "CVE-2001-0887"], "immutableFields": [], "lastseen": "2021-01-06T10:03:18", "history": [], "viewCount": 0, "enchantments": {"dependencies": {"modified": "2021-01-06T10:03:18", "references": [{"idList": ["DEBIAN:DSA-706-1:42554"], "type": "debian"}, {"idList": ["SECURITYVULNS:DOC:8327"], "type": "securityvulns"}, {"idList": ["UB:CVE-2005-0390"], "type": "ubuntucve"}, {"idList": ["GLSA-200504-09"], "type": "gentoo"}, {"idList": ["OSVDB:15310", "OSVDB:2005"], "type": "osvdb"}, {"idList": ["GENTOO_GLSA-200504-09.NASL", "FREEBSD_PKG_0163B498AF5411D9ACD0000854D03344.NASL"], "type": "nessus"}, {"idList": ["OPENVAS:54911", "OPENVAS:52131", "OPENVAS:53751"], "type": "openvas"}, {"idList": ["CVE-2005-0390", "CVE-2001-0887"], "type": "cve"}, {"idList": ["0163B498-AF54-11D9-ACD0-000854D03344"], "type": "freebsd"}], "rev": 2}, "score": {"modified": "2021-01-06T10:03:18", "rev": 2, "value": 8.2, "vector": "NONE"}}, "objectVersion": "1.6", "pluginID": "18030", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-706. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(18030);\n script_version(\"1.23\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2001-0887\", \"CVE-2005-0390\");\n script_bugtraq_id(13059);\n script_xref(name:\"DSA\", value:\"706\");\n\n script_name(english:\"Debian DSA-706-1 : axel - buffer overflow\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Ulf Harnhammar from the Debian Security Audit Project discovered a\nbuffer overflow in axel, a light download accelerator. When reading\nremote input the program did not check if a part of the input can\noverflow a buffer and maybe trigger the execution of arbitrary code.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.debian.org/security/2005/dsa-706\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the axel package.\n\nFor the stable distribution (woody) this problem has been fixed in\nversion 1.0a-1woody1.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:axel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:3.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2005/04/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2005/04/13\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2001/12/17\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2005-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"3.0\", prefix:\"axel\", reference:\"1.0a-1woody1\")) flag++;\nif (deb_check(release:\"3.0\", prefix:\"axel-kapt\", reference:\"1.0a-1woody1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "naslFamily": "Debian Local Security Checks", "cpe": ["cpe:/o:debian:debian_linux:3.0", "p-cpe:/a:debian:debian_linux:axel"], "solution": "", "nessusSeverity": "", "cvssScoreSource": "", "vpr": {}, "exploitAvailable": false, "exploitEase": "", "patchPublicationDate": null, "vulnerabilityPublicationDate": null, "exploitableWith": []}, "lastseen": "2021-01-06T10:03:18", "differentElements": ["cvss2"], "edition": 4}, {"bulletin": {"id": "DEBIAN_DSA-706.NASL", "hash": "6fec3b2c246ab823c1f49dc223d879ec", "type": "nessus", "bulletinFamily": "scanner", "title": "Debian DSA-706-1 : axel - buffer overflow", "description": "Ulf Harnhammar from the Debian Security Audit Project discovered a\nbuffer overflow in axel, a light download accelerator. When reading\nremote input the program did not check if a part of the input can\noverflow a buffer and maybe trigger the execution of arbitrary code.", "published": "2005-04-13T00:00:00", "modified": "2005-04-13T00:00:00", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {"cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": true, "severity": "HIGH", "userInteractionRequired": false}, "cvss3": {}, "href": "https://www.tenable.com/plugins/nessus/18030", "reporter": "This script is Copyright (C) 2005-2021 Tenable Network Security, Inc.", "references": ["http://www.debian.org/security/2005/dsa-706"], "cvelist": ["CVE-2005-0390", "CVE-2001-0887"], "immutableFields": [], "lastseen": "2021-07-28T23:20:34", "history": [], "viewCount": 0, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2005-0390", "CVE-2001-0887"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2005-0390"]}, {"type": "osvdb", "idList": ["OSVDB:2005", "OSVDB:15310"]}, {"type": "openvas", "idList": ["OPENVAS:54911", "OPENVAS:53751", "OPENVAS:52131"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:8327"]}, {"type": "debian", "idList": ["DEBIAN:DSA-706-1:42554"]}, {"type": "freebsd", "idList": ["0163B498-AF54-11D9-ACD0-000854D03344"]}, {"type": "gentoo", "idList": ["GLSA-200504-09"]}, {"type": "nessus", "idList": ["GENTOO_GLSA-200504-09.NASL", "FREEBSD_PKG_0163B498AF5411D9ACD0000854D03344.NASL"]}], "modified": "2021-07-28T23:20:34", "rev": 2}, "score": {"value": 8.2, "vector": "NONE", "modified": "2021-07-28T23:20:34", "rev": 2}}, "objectVersion": "1.6", "pluginID": "18030", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-706. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(18030);\n script_version(\"1.23\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2001-0887\", \"CVE-2005-0390\");\n script_bugtraq_id(13059);\n script_xref(name:\"DSA\", value:\"706\");\n\n script_name(english:\"Debian DSA-706-1 : axel - buffer overflow\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Ulf Harnhammar from the Debian Security Audit Project discovered a\nbuffer overflow in axel, a light download accelerator. When reading\nremote input the program did not check if a part of the input can\noverflow a buffer and maybe trigger the execution of arbitrary code.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.debian.org/security/2005/dsa-706\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the axel package.\n\nFor the stable distribution (woody) this problem has been fixed in\nversion 1.0a-1woody1.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:axel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:3.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2005/04/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2005/04/13\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2001/12/17\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2005-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"3.0\", prefix:\"axel\", reference:\"1.0a-1woody1\")) flag++;\nif (deb_check(release:\"3.0\", prefix:\"axel-kapt\", reference:\"1.0a-1woody1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "naslFamily": "Debian Local Security Checks", "cpe": ["cpe:/o:debian:debian_linux:3.0", "p-cpe:/a:debian:debian_linux:axel"], "solution": "", "nessusSeverity": "", "cvssScoreSource": "", "vpr": {}, "exploitAvailable": false, "exploitEase": "", "patchPublicationDate": null, "vulnerabilityPublicationDate": null, "exploitableWith": []}, "lastseen": "2021-07-28T23:20:34", "differentElements": ["cvss2", "cvss3", "description", "exploitEase", "modified", "patchPublicationDate", "references", "solution", "vpr", "vulnerabilityPublicationDate"], "edition": 5}, {"bulletin": {"id": "DEBIAN_DSA-706.NASL", "hash": "aaf42354e325965894c2422ef61494b8", "type": "nessus", "bulletinFamily": "scanner", "title": "Debian DSA-706-1 : axel - buffer overflow", "description": "Ulf Harnhammar from the Debian Security Audit Project discovered a buffer overflow in axel, a light download accelerator. When reading remote input the program did not check if a part of the input can overflow a buffer and maybe trigger the execution of arbitrary code.", "published": "2005-04-13T00:00:00", "modified": "2021-01-04T00:00:00", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {}, "cvss3": {"score": null, "vector": null}, "href": "https://www.tenable.com/plugins/nessus/18030", "reporter": "This script is Copyright (C) 2005-2021 Tenable Network Security, Inc.", "references": ["http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0887", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0390", "http://www.debian.org/security/2005/dsa-706"], "cvelist": ["CVE-2001-0887", "CVE-2005-0390"], "immutableFields": [], "lastseen": "2021-08-12T13:25:53", "history": [], "viewCount": 0, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2005-0390", "CVE-2001-0887"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2005-0390"]}, {"type": "osvdb", "idList": ["OSVDB:2005", "OSVDB:15310"]}, {"type": "openvas", "idList": ["OPENVAS:53751", "OPENVAS:54911", "OPENVAS:52131"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:8327"]}, {"type": "debian", "idList": ["DEBIAN:DSA-706-1:42554"]}, {"type": "freebsd", "idList": ["0163B498-AF54-11D9-ACD0-000854D03344"]}, {"type": "gentoo", "idList": ["GLSA-200504-09"]}, {"type": "nessus", "idList": ["GENTOO_GLSA-200504-09.NASL", "2803.PRM", "FREEBSD_PKG_0163B498AF5411D9ACD0000854D03344.NASL"]}], "modified": "2021-08-12T13:25:53", "rev": 2}, "score": {"value": 8.2, "vector": "NONE", "modified": "2021-08-12T13:25:53", "rev": 2}}, "objectVersion": "1.6", "pluginID": "18030", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-706. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(18030);\n script_version(\"1.23\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2001-0887\", \"CVE-2005-0390\");\n script_bugtraq_id(13059);\n script_xref(name:\"DSA\", value:\"706\");\n\n script_name(english:\"Debian DSA-706-1 : axel - buffer overflow\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Ulf Harnhammar from the Debian Security Audit Project discovered a\nbuffer overflow in axel, a light download accelerator. When reading\nremote input the program did not check if a part of the input can\noverflow a buffer and maybe trigger the execution of arbitrary code.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.debian.org/security/2005/dsa-706\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the axel package.\n\nFor the stable distribution (woody) this problem has been fixed in\nversion 1.0a-1woody1.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:axel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:3.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2005/04/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2005/04/13\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2001/12/17\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2005-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"3.0\", prefix:\"axel\", reference:\"1.0a-1woody1\")) flag++;\nif (deb_check(release:\"3.0\", prefix:\"axel-kapt\", reference:\"1.0a-1woody1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "naslFamily": "Debian Local Security Checks", "cpe": ["p-cpe:/a:debian:debian_linux:axel", "cpe:/o:debian:debian_linux:3.0"], "solution": "Upgrade the axel package.\n\nFor the stable distribution (woody) this problem has been fixed in version 1.0a-1woody1.", "nessusSeverity": "", "cvssScoreSource": "", "vpr": {"risk factor": "Medium", "score": "5.3"}, "exploitAvailable": false, "exploitEase": "No known exploits are available", "patchPublicationDate": "2005-04-13T00:00:00", "vulnerabilityPublicationDate": "2001-12-17T00:00:00", "exploitableWith": []}, "lastseen": "2021-08-12T13:25:53", "differentElements": ["nessusSeverity"], "edition": 6}], "viewCount": 0, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2001-0887", "CVE-2005-0390"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2005-0390"]}, {"type": "osvdb", "idList": ["OSVDB:15310", "OSVDB:2005"]}, {"type": "freebsd", "idList": ["0163B498-AF54-11D9-ACD0-000854D03344"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:8327"]}, {"type": "debian", "idList": ["DEBIAN:DSA-706-1:42554"]}, {"type": "gentoo", "idList": ["GLSA-200504-09"]}, {"type": "openvas", "idList": ["OPENVAS:53751", "OPENVAS:52131", "OPENVAS:54911"]}, {"type": "nessus", "idList": ["FREEBSD_PKG_0163B498AF5411D9ACD0000854D03344.NASL", "2803.PRM", "GENTOO_GLSA-200504-09.NASL"]}], "modified": "2021-08-19T13:17:28", "rev": 2}, "score": {"value": 8.2, "vector": "NONE", "modified": "2021-08-19T13:17:28", "rev": 2}}, "objectVersion": "1.6", "pluginID": "18030", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-706. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(18030);\n script_version(\"1.23\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2001-0887\", \"CVE-2005-0390\");\n script_bugtraq_id(13059);\n script_xref(name:\"DSA\", value:\"706\");\n\n script_name(english:\"Debian DSA-706-1 : axel - buffer overflow\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Ulf Harnhammar from the Debian Security Audit Project discovered a\nbuffer overflow in axel, a light download accelerator. When reading\nremote input the program did not check if a part of the input can\noverflow a buffer and maybe trigger the execution of arbitrary code.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.debian.org/security/2005/dsa-706\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the axel package.\n\nFor the stable distribution (woody) this problem has been fixed in\nversion 1.0a-1woody1.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:axel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:3.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2005/04/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2005/04/13\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2001/12/17\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2005-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"3.0\", prefix:\"axel\", reference:\"1.0a-1woody1\")) flag++;\nif (deb_check(release:\"3.0\", prefix:\"axel-kapt\", reference:\"1.0a-1woody1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "naslFamily": "Debian Local Security Checks", "cpe": ["p-cpe:/a:debian:debian_linux:axel", "cpe:/o:debian:debian_linux:3.0"], "solution": "Upgrade the axel package.\n\nFor the stable distribution (woody) this problem has been fixed in version 1.0a-1woody1.", "nessusSeverity": "High", "cvssScoreSource": "", "vpr": {"risk factor": "Medium", "score": "5.3"}, "exploitAvailable": false, "exploitEase": "No known exploits are available", "patchPublicationDate": "2005-04-13T00:00:00", "vulnerabilityPublicationDate": "2001-12-17T00:00:00", "exploitableWith": [], "_object_type": "robots.models.nessus.NessusBulletin", "_object_types": ["robots.models.base.Bulletin", "robots.models.nessus.NessusBulletin"]}]}