{"id": "GENTOO_GLSA-200803-29.NASL", "bulletinFamily": "scanner", "title": "GLSA-200803-29 : ViewVC: Multiple vulnerabilities", "description": "The remote host is affected by the vulnerability described in GLSA-200803-29\n(ViewVC: Multiple vulnerabilities)\n\n Multiple unspecified errors were reportedly fixed by the ViewVC\n development team.\n \nImpact :\n\n A remote attacker could send a specially crafted URL to the server to\n list CVS or SVN commits on ", "published": "2008-03-21T00:00:00", "modified": "2019-11-02T00:00:00", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}, "href": "https://www.tenable.com/plugins/nessus/31635", "reporter": "This script is Copyright (C) 2008-2019 Tenable Network Security, Inc.", "references": ["https://security.gentoo.org/glsa/200803-29"], "cvelist": ["CVE-2008-1291", "CVE-2008-1290", "CVE-2008-1292"], "type": "nessus", "lastseen": "2019-11-01T02:40:18", "history": [{"bulletin": {"bulletinFamily": "scanner", "cpe": [], "cvelist": ["CVE-2008-1291", "CVE-2008-1290", "CVE-2008-1292"], "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "description": "The remote host is affected by the vulnerability described in GLSA-200803-29 (ViewVC: Multiple vulnerabilities)\n\n Multiple unspecified errors were reportedly fixed by the ViewVC development team.\n Impact :\n\n A remote attacker could send a specially crafted URL to the server to list CVS or SVN commits on 'all-forbidden' files, access hidden CVSROOT folders, and view restricted content via the revision view, the log history, or the diff view.\n Workaround :\n\n There is no known workaround at this time.", "edition": 1, "enchantments": {}, "hash": "2bb4dcf5ef4cdf5081074d109ca123e647c2fccd9e2764bed3b929708a974aba", "hashmap": [{"hash": "1915f6556ef3ac2c9fd7fef0d0bbba3f", "key": "pluginID"}, {"hash": "cceeed90174cae0cb2e3eea014fe8cc8", "key": "cvelist"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "3c236091754d2db00c1c42f811b3ada4", "key": "cvss"}, {"hash": "b93deb76ef71767987db7b2d670879be", "key": "sourceData"}, {"hash": "8ad5571036a2d595239b1557ac580fc9", "key": "references"}, {"hash": "d544f58fa780616bb8ae1b40eab7397c", "key": "description"}, {"hash": "326af443ca0c41e91daa171ff124ce60", "key": "modified"}, {"hash": "92dde5b724060ab4085ab420ef97a642", "key": "href"}, {"hash": "a19240ee7e57db6949c4780e8ab8d2e6", "key": "title"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "3ff358a4c02a7673cc23ca9901cbef89", "key": "published"}, {"hash": "cf18d881f0f76f23f322ed3f861d3616", "key": "naslFamily"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=31635", "id": "GENTOO_GLSA-200803-29.NASL", "lastseen": "2016-09-26T17:23:51", "modified": "2015-04-13T00:00:00", "naslFamily": "Gentoo Local Security Checks", "objectVersion": "1.2", "pluginID": "31635", "published": "2008-03-21T00:00:00", "references": ["https://security.gentoo.org/glsa/200803-29"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 200803-29.\n#\n# The advisory text is Copyright (C) 2001-2015 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(31635);\n script_version(\"$Revision: 1.11 $\");\n script_cvs_date(\"$Date: 2015/04/13 14:04:25 $\");\n\n script_cve_id(\"CVE-2008-1290\", \"CVE-2008-1291\", \"CVE-2008-1292\");\n script_osvdb_id(43040, 43041, 43042, 43043, 43044);\n script_xref(name:\"GLSA\", value:\"200803-29\");\n\n script_name(english:\"GLSA-200803-29 : ViewVC: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-200803-29\n(ViewVC: Multiple vulnerabilities)\n\n Multiple unspecified errors were reportedly fixed by the ViewVC\n development team.\n \nImpact :\n\n A remote attacker could send a specially crafted URL to the server to\n list CVS or SVN commits on 'all-forbidden' files, access hidden CVSROOT\n folders, and view restricted content via the revision view, the log\n history, or the diff view.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/200803-29\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All ViewVC users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=www-apps/viewvc-1.0.5'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_cwe_id(200);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:viewvc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/03/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/03/21\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2015 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"www-apps/viewvc\", unaffected:make_list(\"ge 1.0.5\"), vulnerable:make_list(\"lt 1.0.5\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:qpkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ViewVC\");\n}\n", "title": "GLSA-200803-29 : ViewVC: Multiple vulnerabilities", "type": "nessus", "viewCount": 0}, "differentElements": ["cpe"], "edition": 1, "lastseen": "2016-09-26T17:23:51"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["cpe:/o:gentoo:linux", "p-cpe:/a:gentoo:linux:viewvc"], "cvelist": ["CVE-2008-1291", "CVE-2008-1290", "CVE-2008-1292"], "cvss": {"score": 0.0, "vector": "NONE"}, "description": "The remote host is affected by the vulnerability described in GLSA-200803-29 (ViewVC: Multiple vulnerabilities)\n\n Multiple unspecified errors were reportedly fixed by the ViewVC development team.\n Impact :\n\n A remote attacker could send a specially crafted URL to the server to list CVS or SVN commits on 'all-forbidden' files, access hidden CVSROOT folders, and view restricted content via the revision view, the log history, or the diff view.\n Workaround :\n\n There is no known workaround at this time.", "edition": 4, "enchantments": {"score": {"value": 5.0, "vector": "NONE"}}, "hash": "e963b1365d0cf1e51907b55635ed93c61888ed7d84541a9c0e4f94dbfc28aa06", "hashmap": [{"hash": "42575c0ae7879511eaaa2dfdea9a2e9c", "key": "sourceData"}, {"hash": "9c6fe61712654f56360b12011e3de300", "key": "modified"}, {"hash": "1915f6556ef3ac2c9fd7fef0d0bbba3f", "key": "pluginID"}, {"hash": "cceeed90174cae0cb2e3eea014fe8cc8", "key": "cvelist"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "8ad5571036a2d595239b1557ac580fc9", "key": "references"}, {"hash": "d544f58fa780616bb8ae1b40eab7397c", "key": "description"}, {"hash": "92dde5b724060ab4085ab420ef97a642", "key": "href"}, {"hash": "8cd4821cb504d25572038ed182587d85", "key": "cvss"}, {"hash": "a19240ee7e57db6949c4780e8ab8d2e6", "key": "title"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "2810fbea02d98cc96ec4d62276e7eaa9", "key": "cpe"}, {"hash": "3ff358a4c02a7673cc23ca9901cbef89", "key": "published"}, {"hash": "cf18d881f0f76f23f322ed3f861d3616", "key": "naslFamily"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=31635", "id": "GENTOO_GLSA-200803-29.NASL", "lastseen": "2018-08-30T19:34:51", "modified": "2018-08-10T00:00:00", "naslFamily": "Gentoo Local Security Checks", "objectVersion": "1.3", "pluginID": "31635", "published": "2008-03-21T00:00:00", "references": ["https://security.gentoo.org/glsa/200803-29"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 200803-29.\n#\n# The advisory text is Copyright (C) 2001-2015 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(31635);\n script_version(\"1.12\");\n script_cvs_date(\"Date: 2018/08/10 18:07:07\");\n\n script_cve_id(\"CVE-2008-1290\", \"CVE-2008-1291\", \"CVE-2008-1292\");\n script_xref(name:\"GLSA\", value:\"200803-29\");\n\n script_name(english:\"GLSA-200803-29 : ViewVC: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-200803-29\n(ViewVC: Multiple vulnerabilities)\n\n Multiple unspecified errors were reportedly fixed by the ViewVC\n development team.\n \nImpact :\n\n A remote attacker could send a specially crafted URL to the server to\n list CVS or SVN commits on 'all-forbidden' files, access hidden CVSROOT\n folders, and view restricted content via the revision view, the log\n history, or the diff view.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/200803-29\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All ViewVC users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=www-apps/viewvc-1.0.5'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_cwe_id(200);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:viewvc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/03/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/03/21\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"www-apps/viewvc\", unaffected:make_list(\"ge 1.0.5\"), vulnerable:make_list(\"lt 1.0.5\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:qpkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ViewVC\");\n}\n", "title": "GLSA-200803-29 : ViewVC: Multiple vulnerabilities", "type": "nessus", "viewCount": 0}, "differentElements": ["cvss"], "edition": 4, "lastseen": "2018-08-30T19:34:51"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["cpe:/o:gentoo:linux", "p-cpe:/a:gentoo:linux:viewvc"], "cvelist": ["CVE-2008-1291", "CVE-2008-1290", "CVE-2008-1292"], "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "description": "The remote host is affected by the vulnerability described in GLSA-200803-29 (ViewVC: Multiple vulnerabilities)\n\n Multiple unspecified errors were reportedly fixed by the ViewVC development team.\n Impact :\n\n A remote attacker could send a specially crafted URL to the server to list CVS or SVN commits on 'all-forbidden' files, access hidden CVSROOT folders, and view restricted content via the revision view, the log history, or the diff view.\n Workaround :\n\n There is no known workaround at this time.", "edition": 3, "enchantments": {"score": {"value": 5.0, "vector": "NONE"}}, "hash": "5ab917ee9f975c8df53ab07d00b492f6f57f3f9179554f459ed8770246a945a8", "hashmap": [{"hash": "42575c0ae7879511eaaa2dfdea9a2e9c", "key": "sourceData"}, {"hash": "9c6fe61712654f56360b12011e3de300", "key": "modified"}, {"hash": "1915f6556ef3ac2c9fd7fef0d0bbba3f", "key": "pluginID"}, {"hash": "cceeed90174cae0cb2e3eea014fe8cc8", "key": "cvelist"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "3c236091754d2db00c1c42f811b3ada4", "key": "cvss"}, {"hash": "8ad5571036a2d595239b1557ac580fc9", "key": "references"}, {"hash": "d544f58fa780616bb8ae1b40eab7397c", "key": "description"}, {"hash": "92dde5b724060ab4085ab420ef97a642", "key": "href"}, {"hash": "a19240ee7e57db6949c4780e8ab8d2e6", "key": "title"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "2810fbea02d98cc96ec4d62276e7eaa9", "key": "cpe"}, {"hash": "3ff358a4c02a7673cc23ca9901cbef89", "key": "published"}, {"hash": "cf18d881f0f76f23f322ed3f861d3616", "key": "naslFamily"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=31635", "id": "GENTOO_GLSA-200803-29.NASL", "lastseen": "2018-08-11T09:02:48", "modified": "2018-08-10T00:00:00", "naslFamily": "Gentoo Local Security Checks", "objectVersion": "1.3", "pluginID": "31635", "published": "2008-03-21T00:00:00", "references": ["https://security.gentoo.org/glsa/200803-29"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 200803-29.\n#\n# The advisory text is Copyright (C) 2001-2015 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(31635);\n script_version(\"1.12\");\n script_cvs_date(\"Date: 2018/08/10 18:07:07\");\n\n script_cve_id(\"CVE-2008-1290\", \"CVE-2008-1291\", \"CVE-2008-1292\");\n script_xref(name:\"GLSA\", value:\"200803-29\");\n\n script_name(english:\"GLSA-200803-29 : ViewVC: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-200803-29\n(ViewVC: Multiple vulnerabilities)\n\n Multiple unspecified errors were reportedly fixed by the ViewVC\n development team.\n \nImpact :\n\n A remote attacker could send a specially crafted URL to the server to\n list CVS or SVN commits on 'all-forbidden' files, access hidden CVSROOT\n folders, and view restricted content via the revision view, the log\n history, or the diff view.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/200803-29\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All ViewVC users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=www-apps/viewvc-1.0.5'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_cwe_id(200);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:viewvc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/03/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/03/21\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"www-apps/viewvc\", unaffected:make_list(\"ge 1.0.5\"), vulnerable:make_list(\"lt 1.0.5\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:qpkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ViewVC\");\n}\n", "title": "GLSA-200803-29 : ViewVC: Multiple vulnerabilities", "type": "nessus", "viewCount": 0}, "differentElements": ["cvss"], "edition": 3, "lastseen": "2018-08-11T09:02:48"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["cpe:/o:gentoo:linux", "p-cpe:/a:gentoo:linux:viewvc"], "cvelist": ["CVE-2008-1291", "CVE-2008-1290", "CVE-2008-1292"], "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}, "description": "The remote host is affected by the vulnerability described in GLSA-200803-29\n(ViewVC: Multiple vulnerabilities)\n\n Multiple unspecified errors were reportedly fixed by the ViewVC\n development team.\n \nImpact :\n\n A remote attacker could send a specially crafted URL to the server to\n list CVS or SVN commits on ", "edition": 8, "enchantments": {"dependencies": {"modified": "2019-10-28T20:23:54", "references": [{"idList": ["SUSE-SA:2008:039"], "type": "suse"}, {"idList": ["GLSA-200803-29"], "type": "gentoo"}, {"idList": ["SECURITYVULNS:VULN:8806", "SECURITYVULNS:DOC:19458"], "type": "securityvulns"}, {"idList": ["CVE-2008-1291", "CVE-2008-1290", "CVE-2008-1292"], "type": "cve"}, {"idList": ["OPENVAS:850042", "OPENVAS:60621"], "type": "openvas"}, {"idList": ["SUSE_11_0_VIEWVC-080616.NASL", "SUSE_CVS2SVN-5362.NASL", "SUSE_VIEWVC-5358.NASL", "VIEWVC_CVSROOT_DISCLOSURE.NASL"], "type": "nessus"}]}, "score": {"modified": "2019-10-28T20:23:54", "value": 7.5, "vector": "NONE"}}, "hash": "d26c90d8ffdcfad8742cc50207c601b9f7f79c77d155e291803bfc57776bd9a0", "hashmap": [{"hash": "b4aaf55d0f3b49f1f86aeb0f1c864afc", "key": "reporter"}, {"hash": "9b31f22845a0dca137b1349ae1ad2f7d", "key": "sourceData"}, {"hash": "1915f6556ef3ac2c9fd7fef0d0bbba3f", "key": "pluginID"}, {"hash": "cceeed90174cae0cb2e3eea014fe8cc8", "key": "cvelist"}, {"hash": "03af0b19192025300baed13529447046", "key": "description"}, {"hash": "c5400d28217c2012291a7d95ddf84ee4", "key": "href"}, {"hash": "8ad5571036a2d595239b1557ac580fc9", "key": "references"}, {"hash": "a19240ee7e57db6949c4780e8ab8d2e6", "key": "title"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "0bafb6325bcaf483a25404f785191cc5", "key": "modified"}, {"hash": "2810fbea02d98cc96ec4d62276e7eaa9", "key": "cpe"}, {"hash": "3ff358a4c02a7673cc23ca9901cbef89", "key": "published"}, {"hash": "876f47c4ebc2b9e0dd17afaa22819f2a", "key": "cvss"}, {"hash": "cf18d881f0f76f23f322ed3f861d3616", "key": "naslFamily"}], "history": [], "href": "https://www.tenable.com/plugins/nessus/31635", "id": "GENTOO_GLSA-200803-29.NASL", "lastseen": "2019-10-28T20:23:54", "modified": "2019-10-02T00:00:00", "naslFamily": "Gentoo Local Security Checks", "objectVersion": "1.3", "pluginID": "31635", "published": "2008-03-21T00:00:00", "references": ["https://security.gentoo.org/glsa/200803-29"], "reporter": "This script is Copyright (C) 2008-2019 Tenable Network Security, Inc.", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 200803-29.\n#\n# The advisory text is Copyright (C) 2001-2015 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(31635);\n script_version(\"1.13\");\n script_cvs_date(\"Date: 2019/08/02 13:32:44\");\n\n script_cve_id(\"CVE-2008-1290\", \"CVE-2008-1291\", \"CVE-2008-1292\");\n script_xref(name:\"GLSA\", value:\"200803-29\");\n\n script_name(english:\"GLSA-200803-29 : ViewVC: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-200803-29\n(ViewVC: Multiple vulnerabilities)\n\n Multiple unspecified errors were reportedly fixed by the ViewVC\n development team.\n \nImpact :\n\n A remote attacker could send a specially crafted URL to the server to\n list CVS or SVN commits on 'all-forbidden' files, access hidden CVSROOT\n folders, and view restricted content via the revision view, the log\n history, or the diff view.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/200803-29\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All ViewVC users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=www-apps/viewvc-1.0.5'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_cwe_id(200);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:viewvc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/03/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/03/21\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2019 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"www-apps/viewvc\", unaffected:make_list(\"ge 1.0.5\"), vulnerable:make_list(\"lt 1.0.5\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:qpkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ViewVC\");\n}\n", "title": "GLSA-200803-29 : ViewVC: Multiple vulnerabilities", "type": "nessus", "viewCount": 0}, "differentElements": ["modified"], "edition": 8, "lastseen": "2019-10-28T20:23:54"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["cpe:/o:gentoo:linux", "p-cpe:/a:gentoo:linux:viewvc"], "cvelist": ["CVE-2008-1291", "CVE-2008-1290", "CVE-2008-1292"], "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "description": "The remote host is affected by the vulnerability described in GLSA-200803-29 (ViewVC: Multiple vulnerabilities)\n\n Multiple unspecified errors were reportedly fixed by the ViewVC development team.\n Impact :\n\n A remote attacker could send a specially crafted URL to the server to list CVS or SVN commits on 'all-forbidden' files, access hidden CVSROOT folders, and view restricted content via the revision view, the log history, or the diff view.\n Workaround :\n\n There is no known workaround at this time.", "edition": 7, "enchantments": {"dependencies": {"modified": "2019-02-21T01:10:48", "references": [{"idList": ["SUSE-SA:2008:039"], "type": "suse"}, {"idList": ["GLSA-200803-29"], "type": "gentoo"}, {"idList": ["SECURITYVULNS:VULN:8806", "SECURITYVULNS:DOC:19458"], "type": "securityvulns"}, {"idList": ["CVE-2008-1291", "CVE-2008-1290", "CVE-2008-1292"], "type": "cve"}, {"idList": ["OPENVAS:850042", "OPENVAS:60621"], "type": "openvas"}, {"idList": ["SUSE_11_0_VIEWVC-080616.NASL", "SUSE_CVS2SVN-5362.NASL", "SUSE_VIEWVC-5358.NASL", "VIEWVC_CVSROOT_DISCLOSURE.NASL"], "type": "nessus"}]}, "score": {"modified": "2019-02-21T01:10:48", "value": 7.4, "vector": "NONE"}}, "hash": "5ab917ee9f975c8df53ab07d00b492f6f57f3f9179554f459ed8770246a945a8", "hashmap": [{"hash": "42575c0ae7879511eaaa2dfdea9a2e9c", "key": "sourceData"}, {"hash": "9c6fe61712654f56360b12011e3de300", "key": "modified"}, {"hash": "1915f6556ef3ac2c9fd7fef0d0bbba3f", "key": "pluginID"}, {"hash": "cceeed90174cae0cb2e3eea014fe8cc8", "key": "cvelist"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "3c236091754d2db00c1c42f811b3ada4", "key": "cvss"}, {"hash": "8ad5571036a2d595239b1557ac580fc9", "key": "references"}, {"hash": "d544f58fa780616bb8ae1b40eab7397c", "key": "description"}, {"hash": "92dde5b724060ab4085ab420ef97a642", "key": "href"}, {"hash": "a19240ee7e57db6949c4780e8ab8d2e6", "key": "title"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "2810fbea02d98cc96ec4d62276e7eaa9", "key": "cpe"}, {"hash": "3ff358a4c02a7673cc23ca9901cbef89", "key": "published"}, {"hash": "cf18d881f0f76f23f322ed3f861d3616", "key": "naslFamily"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=31635", "id": "GENTOO_GLSA-200803-29.NASL", "lastseen": "2019-02-21T01:10:48", "modified": "2018-08-10T00:00:00", "naslFamily": "Gentoo Local Security Checks", "objectVersion": "1.3", "pluginID": "31635", "published": "2008-03-21T00:00:00", "references": ["https://security.gentoo.org/glsa/200803-29"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 200803-29.\n#\n# The advisory text is Copyright (C) 2001-2015 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(31635);\n script_version(\"1.12\");\n script_cvs_date(\"Date: 2018/08/10 18:07:07\");\n\n script_cve_id(\"CVE-2008-1290\", \"CVE-2008-1291\", \"CVE-2008-1292\");\n script_xref(name:\"GLSA\", value:\"200803-29\");\n\n script_name(english:\"GLSA-200803-29 : ViewVC: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-200803-29\n(ViewVC: Multiple vulnerabilities)\n\n Multiple unspecified errors were reportedly fixed by the ViewVC\n development team.\n \nImpact :\n\n A remote attacker could send a specially crafted URL to the server to\n list CVS or SVN commits on 'all-forbidden' files, access hidden CVSROOT\n folders, and view restricted content via the revision view, the log\n history, or the diff view.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/200803-29\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All ViewVC users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=www-apps/viewvc-1.0.5'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_cwe_id(200);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:viewvc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/03/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/03/21\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"www-apps/viewvc\", unaffected:make_list(\"ge 1.0.5\"), vulnerable:make_list(\"lt 1.0.5\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:qpkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ViewVC\");\n}\n", "title": "GLSA-200803-29 : ViewVC: Multiple vulnerabilities", "type": "nessus", "viewCount": 0}, "differentElements": ["cvss", "description", "reporter", "modified", "sourceData", "href"], "edition": 7, "lastseen": "2019-02-21T01:10:48"}], "edition": 9, "hashmap": [{"key": "bulletinFamily", "hash": "bbdaea376f500d25f6b0c1050311dd07"}, {"key": "cpe", "hash": "2810fbea02d98cc96ec4d62276e7eaa9"}, {"key": "cvelist", "hash": "cceeed90174cae0cb2e3eea014fe8cc8"}, {"key": "cvss", "hash": "876f47c4ebc2b9e0dd17afaa22819f2a"}, {"key": "description", "hash": "03af0b19192025300baed13529447046"}, {"key": "href", "hash": "c5400d28217c2012291a7d95ddf84ee4"}, {"key": "modified", "hash": "abcf9266f425f12dda38f529cd4a94bc"}, {"key": "naslFamily", "hash": "cf18d881f0f76f23f322ed3f861d3616"}, {"key": "pluginID", "hash": "1915f6556ef3ac2c9fd7fef0d0bbba3f"}, {"key": "published", "hash": "3ff358a4c02a7673cc23ca9901cbef89"}, {"key": "references", "hash": "8ad5571036a2d595239b1557ac580fc9"}, {"key": "reporter", "hash": "b4aaf55d0f3b49f1f86aeb0f1c864afc"}, {"key": "sourceData", "hash": "9b31f22845a0dca137b1349ae1ad2f7d"}, {"key": "title", "hash": "a19240ee7e57db6949c4780e8ab8d2e6"}, {"key": "type", "hash": "5e0bd03bec244039678f2b955a2595aa"}], "hash": "daf3352b9be4237d754f5c674bd71d31f389dd8726e04718e8149f924469c75f", "viewCount": 0, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2008-1290", "CVE-2008-1291", "CVE-2008-1292"]}, {"type": "gentoo", "idList": ["GLSA-200803-29"]}, {"type": "nessus", "idList": ["SUSE_11_0_VIEWVC-080616.NASL", "SUSE_CVS2SVN-5362.NASL", "SUSE_VIEWVC-5358.NASL", "VIEWVC_CVSROOT_DISCLOSURE.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:60621", "OPENVAS:850042"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:8806", "SECURITYVULNS:DOC:19458"]}, {"type": "suse", "idList": ["SUSE-SA:2008:039"]}], "modified": "2019-11-01T02:40:18"}, "score": {"value": 7.5, "vector": "NONE", "modified": "2019-11-01T02:40:18"}, "vulnersScore": 7.5}, "objectVersion": "1.3", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 200803-29.\n#\n# The advisory text is Copyright (C) 2001-2015 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(31635);\n script_version(\"1.13\");\n script_cvs_date(\"Date: 2019/08/02 13:32:44\");\n\n script_cve_id(\"CVE-2008-1290\", \"CVE-2008-1291\", \"CVE-2008-1292\");\n script_xref(name:\"GLSA\", value:\"200803-29\");\n\n script_name(english:\"GLSA-200803-29 : ViewVC: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-200803-29\n(ViewVC: Multiple vulnerabilities)\n\n Multiple unspecified errors were reportedly fixed by the ViewVC\n development team.\n \nImpact :\n\n A remote attacker could send a specially crafted URL to the server to\n list CVS or SVN commits on 'all-forbidden' files, access hidden CVSROOT\n folders, and view restricted content via the revision view, the log\n history, or the diff view.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/200803-29\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All ViewVC users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=www-apps/viewvc-1.0.5'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_cwe_id(200);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:viewvc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/03/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/03/21\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2019 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"www-apps/viewvc\", unaffected:make_list(\"ge 1.0.5\"), vulnerable:make_list(\"lt 1.0.5\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:qpkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ViewVC\");\n}\n", "naslFamily": "Gentoo Local Security Checks", "pluginID": "31635", "cpe": ["cpe:/o:gentoo:linux", "p-cpe:/a:gentoo:linux:viewvc"], "scheme": null}

{"cve": [{"lastseen": "2019-05-29T18:09:25", "bulletinFamily": "NVD", "description": "ViewVC before 1.0.5 stores sensitive information under the web root with insufficient access control, which allows remote attackers to read files and list folders under the hidden CVSROOT folder.", "modified": "2009-08-20T05:14:00", "id": "CVE-2008-1291", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-1291", "published": "2008-03-24T17:44:00", "title": "CVE-2008-1291", "type": "cve", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2019-05-29T18:09:25", "bulletinFamily": "NVD", "description": "ViewVC before 1.0.5 includes \"all-forbidden\" files within search results that list CVS or Subversion (SVN) commits, which allows remote attackers to obtain sensitive information.", "modified": "2009-08-20T05:14:00", "id": "CVE-2008-1290", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-1290", "published": "2008-03-24T17:44:00", "title": "CVE-2008-1290", "type": "cve", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2019-05-29T18:09:25", "bulletinFamily": "NVD", "description": "ViewVC before 1.0.5 provides revision metadata without properly checking whether access was intended, which allows remote attackers to obtain sensitive information by reading (1) forbidden pathnames in the revision view, (2) log history that can only be reached by traversing a forbidden object, or (3) forbidden diff view path parameters.", "modified": "2009-08-20T05:14:00", "id": "CVE-2008-1292", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-1292", "published": "2008-03-24T17:44:00", "title": "CVE-2008-1292", "type": "cve", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}], "openvas": [{"lastseen": "2017-07-24T12:50:18", "bulletinFamily": "scanner", "description": "The remote host is missing updates announced in\nadvisory GLSA 200803-29.", "modified": "2017-07-07T00:00:00", "published": "2008-09-24T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=60621", "id": "OPENVAS:60621", "title": "Gentoo Security Advisory GLSA 200803-29 (viewvc)", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from Gentoo's XML based advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Multiple security issues have been reported in ViewVC, which can be\nexploited by malicious people to bypass certain security restrictions.\";\ntag_solution = \"All ViewVC users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=www-apps/viewvc-1.05'\n\nhttp://www.securityspace.com/smysecure/catid.html?in=GLSA%20200803-29\nhttp://bugs.gentoo.org/show_bug.cgi?id=212288\";\ntag_summary = \"The remote host is missing updates announced in\nadvisory GLSA 200803-29.\";\n\n \n\nif(description)\n{\n script_id(60621);\n script_version(\"$Revision: 6596 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 11:21:37 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-09-24 21:14:03 +0200 (Wed, 24 Sep 2008)\");\n script_cve_id(\"CVE-2008-1290\", \"CVE-2008-1291\", \"CVE-2008-1292\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_name(\"Gentoo Security Advisory GLSA 200803-29 (viewvc)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Gentoo Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-gentoo.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = ispkgvuln(pkg:\"www-apps/viewvc\", unaffected: make_list(\"ge 1.05\"), vulnerable: make_list(\"lt 1.05\"))) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2017-12-12T11:20:56", "bulletinFamily": "scanner", "description": "Check for the Version of net-snmp", "modified": "2017-12-08T00:00:00", "published": "2009-01-23T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=850042", "id": "OPENVAS:850042", "title": "SuSE Update for net-snmp SUSE-SA:2008:039", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_suse_2008_039.nasl 8050 2017-12-08 09:34:29Z santu $\n#\n# SuSE Update for net-snmp SUSE-SA:2008:039\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The net-snmp daemon implements the &quot;simple network management protocol&quot;.\n The version 3 of SNMP as implemented in net-snmp uses the length of the\n HMAC in a packet to verify against a local HMAC for authentication.\n An attacker can therefore send a SNMPv3 packet with a one byte HMAC and\n guess the correct first byte of the local HMAC with 256 packets (max).\n\n Additionally a buffer overflow in perl-snmp was fixed that can cause a\n denial-of-service/crash.\";\n\ntag_impact = \"authentication bypass, denial-of-service\";\ntag_affected = \"net-snmp on openSUSE 10.2, openSUSE 10.3, openSUSE 11.0, SUSE SLES 9, Novell Linux Desktop 9, Open Enterprise Server, Novell Linux POS 9, SUSE Linux Enterprise Desktop 10 SP1, SLE SDK 10 SP1, SLE SDK 10 SP2, SUSE Linux Enterprise Server 10 SP1, SUSE Linux Enterprise Desktop 10 SP2, SUSE Linux Enterprise Server 10 SP2\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_id(850042);\n script_version(\"$Revision: 8050 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-08 10:34:29 +0100 (Fri, 08 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-01-23 16:44:26 +0100 (Fri, 23 Jan 2009)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"SUSE-SA\", value: \"2008-039\");\n script_cve_id(\"CVE-2008-0960\", \"CVE-2008-2292\", \"CVE-2008-1290\", \"CVE-2008-1291\", \"CVE-2008-1292\");\n script_name( \"SuSE Update for net-snmp SUSE-SA:2008:039\");\n\n script_summary(\"Check for the Version of net-snmp\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\");\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"openSUSE10.3\")\n{\n\n if ((res = isrpmvuln(pkg:\"libsnmp15\", rpm:\"libsnmp15~5.4.1~19.2\", rls:\"openSUSE10.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"net-snmp\", rpm:\"net-snmp~5.4.1~19.2\", rls:\"openSUSE10.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"net-snmp-devel\", rpm:\"net-snmp-devel~5.4.1~19.2\", rls:\"openSUSE10.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perl-SNMP\", rpm:\"perl-SNMP~5.4.1~19.2\", rls:\"openSUSE10.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"snmp-mibs\", rpm:\"snmp-mibs~5.4.1~19.2\", rls:\"openSUSE10.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"net-snmp-32bit\", rpm:\"net-snmp-32bit~5.4.1~19.2\", rls:\"openSUSE10.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"openSUSE10.2\")\n{\n\n if ((res = isrpmvuln(pkg:\"net-snmp\", rpm:\"net-snmp~5.4.rc2~8\", rls:\"openSUSE10.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"net-snmp-devel\", rpm:\"net-snmp-devel~5.4.rc2~8\", rls:\"openSUSE10.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perl-SNMP\", rpm:\"perl-SNMP~5.4.rc2~8\", rls:\"openSUSE10.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"net-snmp-32bit\", rpm:\"net-snmp-32bit~5.4.rc2~8\", rls:\"openSUSE10.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"SLESDK10SP1\")\n{\n\n if ((res = isrpmvuln(pkg:\"net-snmp\", rpm:\"net-snmp~5.3.0.1~25.26\", rls:\"SLESDK10SP1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"net-snmp-devel\", rpm:\"net-snmp-devel~5.3.0.1~25.26\", rls:\"SLESDK10SP1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perl-SNMP\", rpm:\"perl-SNMP~5.3.0.1~25.26\", rls:\"SLESDK10SP1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"net-snmp-32bit\", rpm:\"net-snmp-32bit~5.3.0.1~25.26\", rls:\"SLESDK10SP1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"net-snmp\", rpm:\"net-snmp~5.3.0.1~25.24.3\", rls:\"SLESDK10SP1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"net-snmp-devel\", rpm:\"net-snmp-devel~5.3.0.1~25.24.3\", rls:\"SLESDK10SP1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perl-SNMP\", rpm:\"perl-SNMP~5.3.0.1~25.24.3\", rls:\"SLESDK10SP1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"net-snmp-32bit\", rpm:\"net-snmp-32bit~5.3.0.1~25.24.3\", rls:\"SLESDK10SP1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"net-snmp\", rpm:\"net-snmp~5.1.3.1~0.22\", rls:\"SLESDK10SP1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"net-snmp-devel\", rpm:\"net-snmp-devel~5.1.3.1~0.22\", rls:\"SLESDK10SP1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perl-SNMP\", rpm:\"perl-SNMP~5.1.3.1~0.22\", rls:\"SLESDK10SP1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"NLPOS9\")\n{\n\n if ((res = isrpmvuln(pkg:\"net-snmp\", rpm:\"net-snmp~5.3.0.1~25.26\", rls:\"NLPOS9\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"net-snmp-devel\", rpm:\"net-snmp-devel~5.3.0.1~25.26\", rls:\"NLPOS9\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perl-SNMP\", rpm:\"perl-SNMP~5.3.0.1~25.26\", rls:\"NLPOS9\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"net-snmp-32bit\", rpm:\"net-snmp-32bit~5.3.0.1~25.26\", rls:\"NLPOS9\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"net-snmp\", rpm:\"net-snmp~5.3.0.1~25.24.3\", rls:\"NLPOS9\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"net-snmp-devel\", rpm:\"net-snmp-devel~5.3.0.1~25.24.3\", rls:\"NLPOS9\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perl-SNMP\", rpm:\"perl-SNMP~5.3.0.1~25.24.3\", rls:\"NLPOS9\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"net-snmp-32bit\", rpm:\"net-snmp-32bit~5.3.0.1~25.24.3\", rls:\"NLPOS9\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"net-snmp\", rpm:\"net-snmp~5.1.3.1~0.22\", rls:\"NLPOS9\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"net-snmp-devel\", rpm:\"net-snmp-devel~5.1.3.1~0.22\", rls:\"NLPOS9\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perl-SNMP\", rpm:\"perl-SNMP~5.1.3.1~0.22\", rls:\"NLPOS9\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"OES\")\n{\n\n if ((res = isrpmvuln(pkg:\"net-snmp\", rpm:\"net-snmp~5.3.0.1~25.26\", rls:\"OES\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"net-snmp-devel\", rpm:\"net-snmp-devel~5.3.0.1~25.26\", rls:\"OES\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perl-SNMP\", rpm:\"perl-SNMP~5.3.0.1~25.26\", rls:\"OES\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"net-snmp-32bit\", rpm:\"net-snmp-32bit~5.3.0.1~25.26\", rls:\"OES\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"net-snmp\", rpm:\"net-snmp~5.3.0.1~25.24.3\", rls:\"OES\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"net-snmp-devel\", rpm:\"net-snmp-devel~5.3.0.1~25.24.3\", rls:\"OES\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perl-SNMP\", rpm:\"perl-SNMP~5.3.0.1~25.24.3\", rls:\"OES\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"net-snmp-32bit\", rpm:\"net-snmp-32bit~5.3.0.1~25.24.3\", rls:\"OES\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"net-snmp\", rpm:\"net-snmp~5.1.3.1~0.22\", rls:\"OES\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"net-snmp-devel\", rpm:\"net-snmp-devel~5.1.3.1~0.22\", rls:\"OES\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perl-SNMP\", rpm:\"perl-SNMP~5.1.3.1~0.22\", rls:\"OES\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"SLES9\")\n{\n\n if ((res = isrpmvuln(pkg:\"net-snmp\", rpm:\"net-snmp~5.3.0.1~25.26\", rls:\"SLES9\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"net-snmp-devel\", rpm:\"net-snmp-devel~5.3.0.1~25.26\", rls:\"SLES9\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perl-SNMP\", rpm:\"perl-SNMP~5.3.0.1~25.26\", rls:\"SLES9\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"net-snmp-32bit\", rpm:\"net-snmp-32bit~5.3.0.1~25.26\", rls:\"SLES9\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"net-snmp\", rpm:\"net-snmp~5.3.0.1~25.24.3\", rls:\"SLES9\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"net-snmp-devel\", rpm:\"net-snmp-devel~5.3.0.1~25.24.3\", rls:\"SLES9\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perl-SNMP\", rpm:\"perl-SNMP~5.3.0.1~25.24.3\", rls:\"SLES9\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"net-snmp-32bit\", rpm:\"net-snmp-32bit~5.3.0.1~25.24.3\", rls:\"SLES9\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"net-snmp\", rpm:\"net-snmp~5.1.3.1~0.22\", rls:\"SLES9\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"net-snmp-devel\", rpm:\"net-snmp-devel~5.1.3.1~0.22\", rls:\"SLES9\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perl-SNMP\", rpm:\"perl-SNMP~5.1.3.1~0.22\", rls:\"SLES9\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"LES10SP2\")\n{\n\n if ((res = isrpmvuln(pkg:\"net-snmp\", rpm:\"net-snmp~5.3.0.1~25.26\", rls:\"LES10SP2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"net-snmp-devel\", rpm:\"net-snmp-devel~5.3.0.1~25.26\", rls:\"LES10SP2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perl-SNMP\", rpm:\"perl-SNMP~5.3.0.1~25.26\", rls:\"LES10SP2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"net-snmp-32bit\", rpm:\"net-snmp-32bit~5.3.0.1~25.26\", rls:\"LES10SP2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"net-snmp\", rpm:\"net-snmp~5.3.0.1~25.24.3\", rls:\"LES10SP2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"net-snmp-devel\", rpm:\"net-snmp-devel~5.3.0.1~25.24.3\", rls:\"LES10SP2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perl-SNMP\", rpm:\"perl-SNMP~5.3.0.1~25.24.3\", rls:\"LES10SP2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"net-snmp-32bit\", rpm:\"net-snmp-32bit~5.3.0.1~25.24.3\", rls:\"LES10SP2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"net-snmp\", rpm:\"net-snmp~5.1.3.1~0.22\", rls:\"LES10SP2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"net-snmp-devel\", rpm:\"net-snmp-devel~5.1.3.1~0.22\", rls:\"LES10SP2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perl-SNMP\", rpm:\"perl-SNMP~5.1.3.1~0.22\", rls:\"LES10SP2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"LES10SP1\")\n{\n\n if ((res = isrpmvuln(pkg:\"net-snmp\", rpm:\"net-snmp~5.3.0.1~25.26\", rls:\"LES10SP1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"net-snmp-devel\", rpm:\"net-snmp-devel~5.3.0.1~25.26\", rls:\"LES10SP1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perl-SNMP\", rpm:\"perl-SNMP~5.3.0.1~25.26\", rls:\"LES10SP1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"net-snmp-32bit\", rpm:\"net-snmp-32bit~5.3.0.1~25.26\", rls:\"LES10SP1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"net-snmp\", rpm:\"net-snmp~5.3.0.1~25.24.3\", rls:\"LES10SP1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"net-snmp-devel\", rpm:\"net-snmp-devel~5.3.0.1~25.24.3\", rls:\"LES10SP1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perl-SNMP\", rpm:\"perl-SNMP~5.3.0.1~25.24.3\", rls:\"LES10SP1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"net-snmp-32bit\", rpm:\"net-snmp-32bit~5.3.0.1~25.24.3\", rls:\"LES10SP1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"net-snmp\", rpm:\"net-snmp~5.1.3.1~0.22\", rls:\"LES10SP1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"net-snmp-devel\", rpm:\"net-snmp-devel~5.1.3.1~0.22\", rls:\"LES10SP1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perl-SNMP\", rpm:\"perl-SNMP~5.1.3.1~0.22\", rls:\"LES10SP1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"NLDk9\")\n{\n\n if ((res = isrpmvuln(pkg:\"net-snmp\", rpm:\"net-snmp~5.3.0.1~25.26\", rls:\"NLDk9\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"net-snmp-devel\", rpm:\"net-snmp-devel~5.3.0.1~25.26\", rls:\"NLDk9\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perl-SNMP\", rpm:\"perl-SNMP~5.3.0.1~25.26\", rls:\"NLDk9\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"net-snmp-32bit\", rpm:\"net-snmp-32bit~5.3.0.1~25.26\", rls:\"NLDk9\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"net-snmp\", rpm:\"net-snmp~5.3.0.1~25.24.3\", rls:\"NLDk9\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"net-snmp-devel\", rpm:\"net-snmp-devel~5.3.0.1~25.24.3\", rls:\"NLDk9\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perl-SNMP\", rpm:\"perl-SNMP~5.3.0.1~25.24.3\", rls:\"NLDk9\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"net-snmp-32bit\", rpm:\"net-snmp-32bit~5.3.0.1~25.24.3\", rls:\"NLDk9\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"net-snmp\", rpm:\"net-snmp~5.1.3.1~0.22\", rls:\"NLDk9\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"net-snmp-devel\", rpm:\"net-snmp-devel~5.1.3.1~0.22\", rls:\"NLDk9\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perl-SNMP\", rpm:\"perl-SNMP~5.1.3.1~0.22\", rls:\"NLDk9\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"SLESDK10SP2\")\n{\n\n if ((res = isrpmvuln(pkg:\"net-snmp\", rpm:\"net-snmp~5.3.0.1~25.26\", rls:\"SLESDK10SP2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"net-snmp-devel\", rpm:\"net-snmp-devel~5.3.0.1~25.26\", rls:\"SLESDK10SP2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perl-SNMP\", rpm:\"perl-SNMP~5.3.0.1~25.26\", rls:\"SLESDK10SP2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"net-snmp-32bit\", rpm:\"net-snmp-32bit~5.3.0.1~25.26\", rls:\"SLESDK10SP2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"net-snmp\", rpm:\"net-snmp~5.3.0.1~25.24.3\", rls:\"SLESDK10SP2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"net-snmp-devel\", rpm:\"net-snmp-devel~5.3.0.1~25.24.3\", rls:\"SLESDK10SP2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perl-SNMP\", rpm:\"perl-SNMP~5.3.0.1~25.24.3\", rls:\"SLESDK10SP2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"net-snmp-32bit\", rpm:\"net-snmp-32bit~5.3.0.1~25.24.3\", rls:\"SLESDK10SP2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"net-snmp\", rpm:\"net-snmp~5.1.3.1~0.22\", rls:\"SLESDK10SP2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"net-snmp-devel\", rpm:\"net-snmp-devel~5.1.3.1~0.22\", rls:\"SLESDK10SP2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perl-SNMP\", rpm:\"perl-SNMP~5.1.3.1~0.22\", rls:\"SLESDK10SP2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"SLESDk10SP1\")\n{\n\n if ((res = isrpmvuln(pkg:\"net-snmp\", rpm:\"net-snmp~5.3.0.1~25.26\", rls:\"SLESDk10SP1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"net-snmp-devel\", rpm:\"net-snmp-devel~5.3.0.1~25.26\", rls:\"SLESDk10SP1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perl-SNMP\", rpm:\"perl-SNMP~5.3.0.1~25.26\", rls:\"SLESDk10SP1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"net-snmp-32bit\", rpm:\"net-snmp-32bit~5.3.0.1~25.26\", rls:\"SLESDk10SP1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"net-snmp\", rpm:\"net-snmp~5.3.0.1~25.24.3\", rls:\"SLESDk10SP1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"net-snmp-devel\", rpm:\"net-snmp-devel~5.3.0.1~25.24.3\", rls:\"SLESDk10SP1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perl-SNMP\", rpm:\"perl-SNMP~5.3.0.1~25.24.3\", rls:\"SLESDk10SP1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"net-snmp-32bit\", rpm:\"net-snmp-32bit~5.3.0.1~25.24.3\", rls:\"SLESDk10SP1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"net-snmp\", rpm:\"net-snmp~5.1.3.1~0.22\", rls:\"SLESDk10SP1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"net-snmp-devel\", rpm:\"net-snmp-devel~5.1.3.1~0.22\", rls:\"SLESDk10SP1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perl-SNMP\", rpm:\"perl-SNMP~5.1.3.1~0.22\", rls:\"SLESDk10SP1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"openSUSE11.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"libsnmp15\", rpm:\"libsnmp15~5.4.1~77.2\", rls:\"openSUSE11.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"net-snmp\", rpm:\"net-snmp~5.4.1~77.2\", rls:\"openSUSE11.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"net-snmp-devel\", rpm:\"net-snmp-devel~5.4.1~77.2\", rls:\"openSUSE11.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perl-SNMP\", rpm:\"perl-SNMP~5.4.1~77.2\", rls:\"openSUSE11.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"snmp-mibs\", rpm:\"snmp-mibs~5.4.1~77.2\", rls:\"openSUSE11.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"net-snmp-32bit\", rpm:\"net-snmp-32bit~5.4.1~77.2\", rls:\"openSUSE11.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"SLESDk10SP2\")\n{\n\n if ((res = isrpmvuln(pkg:\"net-snmp\", rpm:\"net-snmp~5.3.0.1~25.26\", rls:\"SLESDk10SP2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"net-snmp-devel\", rpm:\"net-snmp-devel~5.3.0.1~25.26\", rls:\"SLESDk10SP2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perl-SNMP\", rpm:\"perl-SNMP~5.3.0.1~25.26\", rls:\"SLESDk10SP2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"net-snmp-32bit\", rpm:\"net-snmp-32bit~5.3.0.1~25.26\", rls:\"SLESDk10SP2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"net-snmp\", rpm:\"net-snmp~5.3.0.1~25.24.3\", rls:\"SLESDk10SP2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"net-snmp-devel\", rpm:\"net-snmp-devel~5.3.0.1~25.24.3\", rls:\"SLESDk10SP2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perl-SNMP\", rpm:\"perl-SNMP~5.3.0.1~25.24.3\", rls:\"SLESDk10SP2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"net-snmp-32bit\", rpm:\"net-snmp-32bit~5.3.0.1~25.24.3\", rls:\"SLESDk10SP2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"net-snmp\", rpm:\"net-snmp~5.1.3.1~0.22\", rls:\"SLESDk10SP2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"net-snmp-devel\", rpm:\"net-snmp-devel~5.1.3.1~0.22\", rls:\"SLESDk10SP2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perl-SNMP\", rpm:\"perl-SNMP~5.1.3.1~0.22\", rls:\"SLESDk10SP2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "nessus": [{"lastseen": "2019-11-03T12:29:48", "bulletinFamily": "scanner", "description": "This update of subversion fixes multiple vulnerabilities.\n\n - list CVS or SVN commits on ", "modified": "2019-11-02T00:00:00", "id": "SUSE_CVS2SVN-5362.NASL", "href": "https://www.tenable.com/plugins/nessus/33785", "published": "2008-08-01T00:00:00", "title": "SuSE 10 Security Update : Subversion (ZYPP Patch Number 5362)", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(33785);\n script_version (\"1.14\");\n script_cvs_date(\"Date: 2019/10/25 13:36:32\");\n\n script_cve_id(\"CVE-2008-1290\", \"CVE-2008-1291\", \"CVE-2008-1292\");\n\n script_name(english:\"SuSE 10 Security Update : Subversion (ZYPP Patch Number 5362)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 10 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update of subversion fixes multiple vulnerabilities.\n\n - list CVS or SVN commits on 'all-forbidden' files.\n (CVE-2008-1290)\n\n - directly access hidden CVSROOT folders. (CVE-2008-1291)\n\n - expose restricted content via the revision view, the log\n history, or the diff view. (CVE-2008-1292)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-1290.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-1291.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-1292.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply ZYPP patch number 5362.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_cwe_id(200);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/06/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/08/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2019 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 10 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED10\", sp:1, reference:\"subversion-1.3.1-1.10\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:1, reference:\"subversion-devel-1.3.1-1.10\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:2, reference:\"subversion-1.3.1-1.10\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:2, reference:\"subversion-devel-1.3.1-1.10\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2019-11-03T12:17:25", "bulletinFamily": "scanner", "description": "This update of viewvc fixes multiple vulnerabilities.\n\n - CVE-2008-1290: list CVS or SVN commits on\n ", "modified": "2019-11-02T00:00:00", "id": "SUSE_11_0_VIEWVC-080616.NASL", "href": "https://www.tenable.com/plugins/nessus/40147", "published": "2009-07-21T00:00:00", "title": "openSUSE Security Update : viewvc (viewvc-48)", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update viewvc-48.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(40147);\n script_version(\"1.10\");\n script_cvs_date(\"Date: 2019/10/25 13:36:31\");\n\n script_cve_id(\"CVE-2008-1290\", \"CVE-2008-1291\", \"CVE-2008-1292\");\n\n script_name(english:\"openSUSE Security Update : viewvc (viewvc-48)\");\n script_summary(english:\"Check for the viewvc-48 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update of viewvc fixes multiple vulnerabilities.\n\n - CVE-2008-1290: list CVS or SVN commits on\n 'all-forbidden' files\n\n - CVE-2008-1291: directly access hidden CVSROOT folders\n\n - CVE-2008-1292: expose restricted content via the\n revision view, the log history, or the diff view\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=370197\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected viewvc package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_cwe_id(200);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:viewvc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/06/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/07/21\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2019 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.0)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.0\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.0\", reference:\"viewvc-1.0.5-29.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"viewvc\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2019-11-03T12:30:12", "bulletinFamily": "scanner", "description": "This update of viewvc fixes multiple vulnerabilities.\n\n - CVE-2008-1290: list CVS or SVN commits on\n ", "modified": "2019-11-02T00:00:00", "id": "SUSE_VIEWVC-5358.NASL", "href": "https://www.tenable.com/plugins/nessus/33788", "published": "2008-08-01T00:00:00", "title": "openSUSE 10 Security Update : viewvc (viewvc-5358)", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update viewvc-5358.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(33788);\n script_version (\"1.8\");\n script_cvs_date(\"Date: 2019/10/25 13:36:33\");\n\n script_cve_id(\"CVE-2008-1290\", \"CVE-2008-1291\", \"CVE-2008-1292\");\n\n script_name(english:\"openSUSE 10 Security Update : viewvc (viewvc-5358)\");\n script_summary(english:\"Check for the viewvc-5358 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update of viewvc fixes multiple vulnerabilities.\n\n - CVE-2008-1290: list CVS or SVN commits on\n 'all-forbidden' files\n\n - CVE-2008-1291: directly access hidden CVSROOT folders\n\n - CVE-2008-1292: expose restricted content via the\n revision view, the log history, or the diff view\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected viewvc package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_cwe_id(200);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:viewvc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:10.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:10.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/06/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/08/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2019 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE10\\.2|SUSE10\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"10.2 / 10.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE10.2\", reference:\"viewvc-1.0.1-39.1\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"viewvc-1.0.4-25.2\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"viewvc\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2019-11-03T12:38:22", "bulletinFamily": "scanner", "description": "The remote host is running ViewVC, a web-based tool for browsing CVS\nand Subversion repositories.\n\nThe version of ViewVC installed on the remote host allows the reading \nof the contents of the ", "modified": "2019-11-02T00:00:00", "id": "VIEWVC_CVSROOT_DISCLOSURE.NASL", "href": "https://www.tenable.com/plugins/nessus/32381", "published": "2008-05-19T00:00:00", "title": "ViewVC Direct Request CVSROOT Information Disclosure", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\ninclude(\"compat.inc\");\n\n\nif (description)\n{\n script_id(32381);\n script_version(\"1.18\");\n\n script_cve_id(\"CVE-2008-1291\");\n script_bugtraq_id(28055);\n script_xref(name:\"Secunia\", value:\"29176\");\n\n script_name(english:\"ViewVC Direct Request CVSROOT Information Disclosure\");\n script_summary(english:\"Lists contents of CVSROOT directory\");\n\n script_set_attribute( attribute:\"synopsis\", value:\n\"The remote web server contains a Python application that is affected\nby an information disclosure vulnerability.\" );\n script_set_attribute( attribute:\"description\", value:\n\"The remote host is running ViewVC, a web-based tool for browsing CVS\nand Subversion repositories.\n\nThe version of ViewVC installed on the remote host allows the reading \nof the contents of the 'CVSROOT' directory by navigating to it \ndirectly. An attacker could leverage this issue to retrieve sensitive \ninformation.\n\nNote that there are also reportedly two other information disclosure\nvulnerabilities associated with this version of ViewVC that could\nlead to exposure of restricted content, although Nessus has not\nchecked for them.\" );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://viewvc.tigris.org/source/browse/viewvc/trunk/CHANGES?view=log&pathrev=HEAD\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Upgrade to ViewVC 1.0.5 or later.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No exploit is required\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(200);\n script_set_attribute(attribute:\"plugin_publication_date\", value: \"2008/05/19\");\n script_cvs_date(\"Date: 2018/11/15 20:50:19\");\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\",value:\"cpe:/a:viewvc:viewvc\");\n script_set_attribute(attribute:\"exploited_by_nessus\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CGI abuses\");\n\n script_copyright(english:\"This script is Copyright (C) 2008-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"http_version.nasl\");\n script_exclude_keys(\"Settings/disable_cgi_scanning\");\n script_require_ports(\"Services/www\", 80);\n script_require_keys(\"www/viewvc\");\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\n\n\nport = get_http_port(default:80);\n\n# Loop through various directories.\nif (thorough_tests) dirs = list_uniq(make_list(\"/viewvc\", \"/cgi-bin/viewvc.cgi\", \"/viewvc.cgi\", cgi_dirs()));\nelse dirs = make_list(cgi_dirs());\n\nforeach dir (dirs)\n{\n # Get the directory listing.\n url = string(dir, \"/CVSROOT/\");\n res = http_send_recv3(method:\"GET\", item:url, port:port, exit_on_fail: 1);\n\n # If successful...\n if (\n 'class=\"vc_header\"' >< res[2] &&\n \"Index of /CVSROOT</title\" >< res[2]\n )\n {\n # Make sure it's supposed to be hidden.\n res2 = http_send_recv3(method:\"GET\", item:string(dir, \"/\"), port:port, exit_on_fail: 1);\n\n if (\n 'class=\"vc_header\"' >< res2[2] &&\n 'CVSROOT/\" title=\"View' >!< res2[2]\n )\n {\n if (report_verbosity > 0)\n {\n url = build_url(port: port, host: get_host_name(), qs: url);\n\n report = string(\n \"\\n\",\n \"Nessus was able to obtain a listing of the CVSROOT directory with the\\n\",\n \"following URL :\\n\",\n \"\\n\",\n \" \", url, \"\\n\"\n );\n security_warning(port:port, extra:report);\n }\n else security_warning(port);\n\n exit(0);\n }\n }\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}], "gentoo": [{"lastseen": "2016-09-06T19:46:23", "bulletinFamily": "unix", "description": "### Background\n\nViewVC is a browser interface for CVS and Subversion version control repositories. \n\n### Description\n\nMultiple unspecified errors were reportedly fixed by the ViewVC development team. \n\n### Impact\n\nA remote attacker could send a specially crafted URL to the server to list CVS or SVN commits on \"all-forbidden\" files, access hidden CVSROOT folders, and view restricted content via the revision view, the log history, or the diff view. \n\n### Workaround\n\nThere is no known workaround at this time. \n\n### Resolution\n\nAll ViewVC users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=www-apps/viewvc-1.0.5\"", "modified": "2009-04-01T00:00:00", "published": "2008-03-19T00:00:00", "id": "GLSA-200803-29", "href": "https://security.gentoo.org/glsa/200803-29", "type": "gentoo", "title": "ViewVC: Multiple vulnerabilities", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}], "securityvulns": [{"lastseen": "2018-08-31T11:09:28", "bulletinFamily": "software", "description": "PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.", "modified": "2008-03-20T00:00:00", "published": "2008-03-20T00:00:00", "id": "SECURITYVULNS:VULN:8806", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:8806", "title": "Daily web applications security vulnerabilities summary &#40;PHP, ASP, JSP, CGI, Perl&#41;", "type": "securityvulns", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2018-08-31T11:10:25", "bulletinFamily": "software", "description": "- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\r\nGentoo Linux Security Advisory GLSA 200803-29\r\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\r\n http://security.gentoo.org/\r\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\r\n\r\n Severity: Normal\r\n Title: ViewVC: Multiple vulnerabilities\r\n Date: March 19, 2008\r\n Bugs: #212288\r\n ID: 200803-29\r\n\r\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\r\n\r\nSynopsis\r\n========\r\n\r\nMultiple security issues have been reported in ViewVC, which can be\r\nexploited by malicious people to bypass certain security restrictions.\r\n\r\nBackground\r\n==========\r\n\r\nViewVC is a browser interface for CVS and Subversion version control\r\nrepositories.\r\n\r\nAffected packages\r\n=================\r\n\r\n -------------------------------------------------------------------\r\n Package / Vulnerable / Unaffected\r\n -------------------------------------------------------------------\r\n 1 www-apps/viewvc &lt; 1.05 &gt;= 1.05\r\n\r\nDescription\r\n===========\r\n\r\nMultiple unspecified errors were reportedly fixed by the ViewVC\r\ndevelopment team.\r\n\r\nImpact\r\n======\r\n\r\nA remote attacker could send a specially crafted URL to the server to\r\nlist CVS or SVN commits on &quot;all-forbidden&quot; files, access hidden CVSROOT\r\nfolders, and view restricted content via the revision view, the log\r\nhistory, or the diff view.\r\n\r\nWorkaround\r\n==========\r\n\r\nThere is no known workaround at this time.\r\n\r\nResolution\r\n==========\r\n\r\nAll ViewVC users should upgrade to the latest version:\r\n\r\n # emerge --sync\r\n # emerge --ask --oneshot --verbose &quot;&gt;=www-apps/viewvc-1.05&quot;\r\n\r\nReferences\r\n==========\r\n\r\n [ 1 ] CVE-2008-1290\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1290\r\n [ 2 ] CVE-2008-1291\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1291\r\n [ 3 ] CVE-2008-1292\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1292\r\n\r\nAvailability\r\n============\r\n\r\nThis GLSA and any updates to it are available for viewing at\r\nthe Gentoo Security Website:\r\n\r\n http://security.gentoo.org/glsa/glsa-200803-29.xml\r\n\r\nConcerns?\r\n=========\r\n\r\nSecurity is a primary focus of Gentoo Linux and ensuring the\r\nconfidentiality and security of our users machines is of utmost\r\nimportance to us. Any security concerns should be addressed to\r\nsecurity@gentoo.org or alternatively, you may file a bug at\r\nhttp://bugs.gentoo.org.\r\n\r\nLicense\r\n=======\r\n\r\nCopyright 2008 Gentoo Foundation, Inc; referenced text\r\nbelongs to its owner&#40;s&#41;.\r\n\r\nThe contents of this document are licensed under the\r\nCreative Commons - Attribution / Share Alike license.\r\n\r\nhttp://creativecommons.org/licenses/by-sa/2.5\r\n\r\n", "modified": "2008-03-20T00:00:00", "published": "2008-03-20T00:00:00", "id": "SECURITYVULNS:DOC:19458", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:19458", "title": "[ GLSA 200803-29 ] ViewVC: Multiple vulnerabilities", "type": "securityvulns", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}], "suse": [{"lastseen": "2016-09-04T11:40:57", "bulletinFamily": "unix", "description": "The net-snmp daemon implements the \"simple network management protocol\". The version 3 of SNMP as implemented in net-snmp uses the length of the HMAC in a packet to verify against a local HMAC for authentication. An attacker can therefore send a SNMPv3 packet with a one byte HMAC and guess the correct first byte of the local HMAC with 256 packets (max).\n#### Solution\nPlease install the update package.", "modified": "2008-08-01T13:33:56", "published": "2008-08-01T13:33:56", "id": "SUSE-SA:2008:039", "href": "http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00000.html", "title": "authentication bypass, denial-of-service in net-snmp", "type": "suse", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}