ID GENTOO_GLSA-201312-07.NASL Type nessus Reporter Tenable Modified 2018-07-12T00:00:00
Description
The remote host is affected by the vulnerability described in GLSA-201312-07 (OpenEXR: Multiple Vulnerabilities)
Multiple vulnerabilities have been discovered in OpenEXR. Please review the CVE identifiers referenced below for details.
Impact :
A context-dependent attacker could execute arbitrary code or cause a Denial of Service condition via unspecified vectors.
Workaround :
There is no known workaround at this time.
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Gentoo Linux Security Advisory GLSA 201312-07.
#
# The advisory text is Copyright (C) 2001-2017 Gentoo Foundation, Inc.
# and licensed under the Creative Commons - Attribution / Share Alike
# license. See http://creativecommons.org/licenses/by-sa/3.0/
#
include("compat.inc");
if (description)
{
script_id(71259);
script_version("1.7");
script_cvs_date("Date: 2018/07/12 19:01:15");
script_cve_id("CVE-2009-1720", "CVE-2009-1721");
script_xref(name:"GLSA", value:"201312-07");
script_name(english:"GLSA-201312-07 : OpenEXR: Multiple Vulnerabilities");
script_summary(english:"Checks for updated package(s) in /var/db/pkg");
script_set_attribute(
attribute:"synopsis",
value:
"The remote Gentoo host is missing one or more security-related
patches."
);
script_set_attribute(
attribute:"description",
value:
"The remote host is affected by the vulnerability described in GLSA-201312-07
(OpenEXR: Multiple Vulnerabilities)
Multiple vulnerabilities have been discovered in OpenEXR. Please review
the CVE identifiers referenced below for details.
Impact :
A context-dependent attacker could execute arbitrary code or cause a
Denial of Service condition via unspecified vectors.
Workaround :
There is no known workaround at this time."
);
script_set_attribute(
attribute:"see_also",
value:"https://security.gentoo.org/glsa/201312-07"
);
script_set_attribute(
attribute:"solution",
value:
"All OpenEXR users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose '>=media-libs/openexr-1.7.0'
Packages which depend on this library may need to be recompiled. Tools
such as revdep-rebuild may assist in identifying some of these packages.
NOTE: This is a legacy GLSA. Updates for all affected architectures are
available since December 08, 2010. It is likely that your system is
already no longer affected by this issue."
);
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_cwe_id(16, 189);
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:openexr");
script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux");
script_set_attribute(attribute:"patch_publication_date", value:"2013/12/09");
script_set_attribute(attribute:"plugin_publication_date", value:"2013/12/09");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2013-2018 Tenable Network Security, Inc.");
script_family(english:"Gentoo Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("qpkg.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo");
if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
flag = 0;
if (qpkg_check(package:"media-libs/openexr", unaffected:make_list("ge 1.7.0"), vulnerable:make_list("lt 1.7.0"))) flag++;
if (flag)
{
if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());
else security_hole(0);
exit(0);
}
else
{
tested = qpkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "OpenEXR");
}
{"id": "GENTOO_GLSA-201312-07.NASL", "bulletinFamily": "scanner", "title": "GLSA-201312-07 : OpenEXR: Multiple Vulnerabilities", "description": "The remote host is affected by the vulnerability described in GLSA-201312-07 (OpenEXR: Multiple Vulnerabilities)\n\n Multiple vulnerabilities have been discovered in OpenEXR. Please review the CVE identifiers referenced below for details.\n Impact :\n\n A context-dependent attacker could execute arbitrary code or cause a Denial of Service condition via unspecified vectors.\n Workaround :\n\n There is no known workaround at this time.", "published": "2013-12-09T00:00:00", "modified": "2018-07-12T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=71259", "reporter": "Tenable", "references": ["https://security.gentoo.org/glsa/201312-07"], "cvelist": ["CVE-2009-1721", "CVE-2009-1720"], "type": "nessus", "lastseen": "2018-07-13T10:24:15", "history": [{"bulletin": {"bulletinFamily": "scanner", "cpe": ["cpe:/o:gentoo:linux", "p-cpe:/a:gentoo:linux:openexr"], "cvelist": ["CVE-2009-1721", "CVE-2009-1720"], "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "description": "The remote host is affected by the vulnerability described in GLSA-201312-07 (OpenEXR: Multiple Vulnerabilities)\n\n Multiple vulnerabilities have been discovered in OpenEXR. Please review the CVE identifiers referenced below for details.\n Impact :\n\n A context-dependent attacker could execute arbitrary code or cause a Denial of Service condition via unspecified vectors.\n Workaround :\n\n There is no known workaround at this time.", "edition": 4, "enchantments": {"score": {"value": 7.5, "vector": "NONE"}}, "hash": "36af9c2609425ca7edef309dc8b36c33c35f7d6db0aa84f0923fa210b8909267", "hashmap": [{"hash": "f126abc8d3cdb9aa705dbe8c78a9f3e1", "key": "cvelist"}, {"hash": "e790cc8e072d9c7ad1ac925a7dc3597f", "key": "references"}, {"hash": "a05c96ae506cbd1d89c863716b039ddf", "key": "pluginID"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "e5d275b3ebd62646b78320753699e02e", "key": "cvss"}, {"hash": "05ea14c879b4f8c177f84a7e3c3112ab", "key": "title"}, {"hash": "9454c5bae4ec02ecbfe86c68d5f044d4", "key": "cpe"}, {"hash": "ad56a3c16b02b4b5807b2eeefb7e8d03", "key": "description"}, {"hash": "e818d5554b76b767c31d7c6e365a1acc", "key": "published"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "f478e465a9d1ce381b39eadfab9ca8cc", "key": "sourceData"}, {"hash": "cf18d881f0f76f23f322ed3f861d3616", "key": "naslFamily"}, {"hash": "6561e7f0cbf888bba052bd3a00991a64", "key": "modified"}, {"hash": "e1f630b03e77a2436cc93715f3dec414", "key": "href"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=71259", "id": "GENTOO_GLSA-201312-07.NASL", "lastseen": "2017-10-29T13:45:16", "modified": "2017-08-14T00:00:00", "naslFamily": "Gentoo Local Security Checks", "objectVersion": "1.3", "pluginID": "71259", "published": "2013-12-09T00:00:00", "references": ["https://security.gentoo.org/glsa/201312-07"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 201312-07.\n#\n# The advisory text is Copyright (C) 2001-2017 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(71259);\n script_version(\"$Revision: 1.6 $\");\n script_cvs_date(\"$Date: 2017/08/14 14:20:59 $\");\n\n script_cve_id(\"CVE-2009-1720\", \"CVE-2009-1721\");\n script_osvdb_id(56707, 56708);\n script_xref(name:\"GLSA\", value:\"201312-07\");\n\n script_name(english:\"GLSA-201312-07 : OpenEXR: Multiple Vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-201312-07\n(OpenEXR: Multiple Vulnerabilities)\n\n Multiple vulnerabilities have been discovered in OpenEXR. Please review\n the CVE identifiers referenced below for details.\n \nImpact :\n\n A context-dependent attacker could execute arbitrary code or cause a\n Denial of Service condition via unspecified vectors.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/201312-07\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All OpenEXR users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=media-libs/openexr-1.7.0'\n Packages which depend on this library may need to be recompiled. Tools\n such as revdep-rebuild may assist in identifying some of these packages.\n NOTE: This is a legacy GLSA. Updates for all affected architectures are\n available since December 08, 2010. It is likely that your system is\n already no longer affected by this issue.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:ND/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(16, 189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:openexr\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/12/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/12/09\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2017 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"media-libs/openexr\", unaffected:make_list(\"ge 1.7.0\"), vulnerable:make_list(\"lt 1.7.0\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"OpenEXR\");\n}\n", "title": "GLSA-201312-07 : OpenEXR: Multiple Vulnerabilities", "type": "nessus", "viewCount": 0}, "differentElements": ["modified", "sourceData"], "edition": 4, "lastseen": "2017-10-29T13:45:16"}, {"bulletin": {"bulletinFamily": "exploit", "cvelist": ["CVE-2009-1721", "CVE-2009-1720"], "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "description": "The remote host is affected by the vulnerability described in GLSA-201312-07 (OpenEXR: Multiple Vulnerabilities)\n\n Multiple vulnerabilities have been discovered in OpenEXR. Please review the CVE identifiers referenced below for details.\n Impact :\n\n A context-dependent attacker could execute arbitrary code or cause a Denial of Service condition via unspecified vectors.\n Workaround :\n\n There is no known workaround at this time.", "edition": 1, "hash": "09d209d3d6835e1c00a800623c9c30b18cbc98460103406476f09734f7fc5bf8", "hashmap": [{"hash": "f126abc8d3cdb9aa705dbe8c78a9f3e1", "key": "cvelist"}, {"hash": "708697c63f7eb369319c6523380bdf7a", "key": "bulletinFamily"}, {"hash": "e790cc8e072d9c7ad1ac925a7dc3597f", "key": "references"}, {"hash": "a05c96ae506cbd1d89c863716b039ddf", "key": "pluginID"}, {"hash": "592685f0c6049d143dfd305538351481", "key": "sourceData"}, {"hash": "56765472680401499c79732468ba4340", "key": "objectVersion"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "e5d275b3ebd62646b78320753699e02e", "key": "cvss"}, {"hash": "05ea14c879b4f8c177f84a7e3c3112ab", "key": "title"}, {"hash": "ad56a3c16b02b4b5807b2eeefb7e8d03", "key": "description"}, {"hash": "326af443ca0c41e91daa171ff124ce60", "key": "modified"}, {"hash": "e818d5554b76b767c31d7c6e365a1acc", "key": "published"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "cf18d881f0f76f23f322ed3f861d3616", "key": "naslFamily"}, {"hash": "e1f630b03e77a2436cc93715f3dec414", "key": "href"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=71259", "id": "GENTOO_GLSA-201312-07.NASL", "lastseen": "2016-09-26T17:26:34", "modified": "2015-04-13T00:00:00", "naslFamily": "Gentoo Local Security Checks", "objectVersion": "1.2", "pluginID": "71259", "published": "2013-12-09T00:00:00", "references": ["https://security.gentoo.org/glsa/201312-07"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 201312-07.\n#\n# The advisory text is Copyright (C) 2001-2015 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(71259);\n script_version(\"$Revision: 1.4 $\");\n script_cvs_date(\"$Date: 2015/04/13 14:27:07 $\");\n\n script_cve_id(\"CVE-2009-1720\", \"CVE-2009-1721\");\n script_osvdb_id(56707, 56708);\n script_xref(name:\"GLSA\", value:\"201312-07\");\n\n script_name(english:\"GLSA-201312-07 : OpenEXR: Multiple Vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-201312-07\n(OpenEXR: Multiple Vulnerabilities)\n\n Multiple vulnerabilities have been discovered in OpenEXR. Please review\n the CVE identifiers referenced below for details.\n \nImpact :\n\n A context-dependent attacker could execute arbitrary code or cause a\n Denial of Service condition via unspecified vectors.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/201312-07\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All OpenEXR users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=media-libs/openexr-1.7.0'\n Packages which depend on this library may need to be recompiled. Tools\n such as revdep-rebuild may assist in identifying some of these packages.\n NOTE: This is a legacy GLSA. Updates for all affected architectures are\n available since December 08, 2010. It is likely that your system is\n already no longer affected by this issue.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_cwe_id(16);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:openexr\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/12/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/12/09\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2015 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"media-libs/openexr\", unaffected:make_list(\"ge 1.7.0\"), vulnerable:make_list(\"lt 1.7.0\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"OpenEXR\");\n}\n", "title": "GLSA-201312-07 : OpenEXR: Multiple Vulnerabilities", "type": "nessus", "viewCount": 0}, "differentElements": ["modified", "sourceData"], "edition": 1, "lastseen": "2016-09-26T17:26:34"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": [], "cvelist": ["CVE-2009-1721", "CVE-2009-1720"], "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "description": "The remote host is affected by the vulnerability described in GLSA-201312-07 (OpenEXR: Multiple Vulnerabilities)\n\n Multiple vulnerabilities have been discovered in OpenEXR. Please review the CVE identifiers referenced below for details.\n Impact :\n\n A context-dependent attacker could execute arbitrary code or cause a Denial of Service condition via unspecified vectors.\n Workaround :\n\n There is no known workaround at this time.", "edition": 3, "enchantments": {}, "hash": "ef488f67952c2514ec9eed171588d4868087f76fa6ced88455a2c7cabfdf88d8", "hashmap": [{"hash": "f126abc8d3cdb9aa705dbe8c78a9f3e1", "key": "cvelist"}, {"hash": "e790cc8e072d9c7ad1ac925a7dc3597f", "key": "references"}, {"hash": "a05c96ae506cbd1d89c863716b039ddf", "key": "pluginID"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "e5d275b3ebd62646b78320753699e02e", "key": "cvss"}, {"hash": "05ea14c879b4f8c177f84a7e3c3112ab", "key": "title"}, {"hash": "ad56a3c16b02b4b5807b2eeefb7e8d03", "key": "description"}, {"hash": "e818d5554b76b767c31d7c6e365a1acc", "key": "published"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "f478e465a9d1ce381b39eadfab9ca8cc", "key": "sourceData"}, {"hash": "cf18d881f0f76f23f322ed3f861d3616", "key": "naslFamily"}, {"hash": "6561e7f0cbf888bba052bd3a00991a64", "key": "modified"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe"}, {"hash": "e1f630b03e77a2436cc93715f3dec414", "key": "href"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=71259", "id": "GENTOO_GLSA-201312-07.NASL", "lastseen": "2017-08-15T00:06:21", "modified": "2017-08-14T00:00:00", "naslFamily": "Gentoo Local Security Checks", "objectVersion": "1.3", "pluginID": "71259", "published": "2013-12-09T00:00:00", "references": ["https://security.gentoo.org/glsa/201312-07"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 201312-07.\n#\n# The advisory text is Copyright (C) 2001-2017 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(71259);\n script_version(\"$Revision: 1.6 $\");\n script_cvs_date(\"$Date: 2017/08/14 14:20:59 $\");\n\n script_cve_id(\"CVE-2009-1720\", \"CVE-2009-1721\");\n script_osvdb_id(56707, 56708);\n script_xref(name:\"GLSA\", value:\"201312-07\");\n\n script_name(english:\"GLSA-201312-07 : OpenEXR: Multiple Vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-201312-07\n(OpenEXR: Multiple Vulnerabilities)\n\n Multiple vulnerabilities have been discovered in OpenEXR. Please review\n the CVE identifiers referenced below for details.\n \nImpact :\n\n A context-dependent attacker could execute arbitrary code or cause a\n Denial of Service condition via unspecified vectors.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/201312-07\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All OpenEXR users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=media-libs/openexr-1.7.0'\n Packages which depend on this library may need to be recompiled. Tools\n such as revdep-rebuild may assist in identifying some of these packages.\n NOTE: This is a legacy GLSA. Updates for all affected architectures are\n available since December 08, 2010. It is likely that your system is\n already no longer affected by this issue.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:ND/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(16, 189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:openexr\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/12/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/12/09\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2017 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"media-libs/openexr\", unaffected:make_list(\"ge 1.7.0\"), vulnerable:make_list(\"lt 1.7.0\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"OpenEXR\");\n}\n", "title": "GLSA-201312-07 : OpenEXR: Multiple Vulnerabilities", "type": "nessus", "viewCount": 0}, "differentElements": ["cpe"], "edition": 3, "lastseen": "2017-08-15T00:06:21"}, {"bulletin": {"bulletinFamily": "scanner", "cvelist": ["CVE-2009-1721", "CVE-2009-1720"], "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "description": "The remote host is affected by the vulnerability described in GLSA-201312-07 (OpenEXR: Multiple Vulnerabilities)\n\n Multiple vulnerabilities have been discovered in OpenEXR. Please review the CVE identifiers referenced below for details.\n Impact :\n\n A context-dependent attacker could execute arbitrary code or cause a Denial of Service condition via unspecified vectors.\n Workaround :\n\n There is no known workaround at this time.", "edition": 2, "enchantments": {}, "hash": "51fc6bbedd435ce1d4c7e5abf89824f6308fe4942524ae0347f2ffb25deee210", "hashmap": [{"hash": "f126abc8d3cdb9aa705dbe8c78a9f3e1", "key": "cvelist"}, {"hash": "e790cc8e072d9c7ad1ac925a7dc3597f", "key": "references"}, {"hash": "a05c96ae506cbd1d89c863716b039ddf", "key": "pluginID"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "e5d275b3ebd62646b78320753699e02e", "key": "cvss"}, {"hash": "5e1b3f8f8b01df3dc5d564e21beec332", "key": "modified"}, {"hash": "05ea14c879b4f8c177f84a7e3c3112ab", "key": "title"}, {"hash": "ad56a3c16b02b4b5807b2eeefb7e8d03", "key": "description"}, {"hash": "e818d5554b76b767c31d7c6e365a1acc", "key": "published"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "a0fd847db76f895bae5309bd47a6785b", "key": "sourceData"}, {"hash": "cf18d881f0f76f23f322ed3f861d3616", "key": "naslFamily"}, {"hash": "e1f630b03e77a2436cc93715f3dec414", "key": "href"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=71259", "id": "GENTOO_GLSA-201312-07.NASL", "lastseen": "2016-11-12T05:27:38", "modified": "2016-11-11T00:00:00", "naslFamily": "Gentoo Local Security Checks", "objectVersion": "1.2", "pluginID": "71259", "published": "2013-12-09T00:00:00", "references": ["https://security.gentoo.org/glsa/201312-07"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 201312-07.\n#\n# The advisory text is Copyright (C) 2001-2016 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(71259);\n script_version(\"$Revision: 1.5 $\");\n script_cvs_date(\"$Date: 2016/11/11 20:19:25 $\");\n\n script_cve_id(\"CVE-2009-1720\", \"CVE-2009-1721\");\n script_osvdb_id(56707, 56708);\n script_xref(name:\"GLSA\", value:\"201312-07\");\n\n script_name(english:\"GLSA-201312-07 : OpenEXR: Multiple Vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-201312-07\n(OpenEXR: Multiple Vulnerabilities)\n\n Multiple vulnerabilities have been discovered in OpenEXR. Please review\n the CVE identifiers referenced below for details.\n \nImpact :\n\n A context-dependent attacker could execute arbitrary code or cause a\n Denial of Service condition via unspecified vectors.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/201312-07\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All OpenEXR users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=media-libs/openexr-1.7.0'\n Packages which depend on this library may need to be recompiled. Tools\n such as revdep-rebuild may assist in identifying some of these packages.\n NOTE: This is a legacy GLSA. Updates for all affected architectures are\n available since December 08, 2010. It is likely that your system is\n already no longer affected by this issue.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_cwe_id(16, 189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:openexr\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/12/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/12/09\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2016 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"media-libs/openexr\", unaffected:make_list(\"ge 1.7.0\"), vulnerable:make_list(\"lt 1.7.0\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"OpenEXR\");\n}\n", "title": "GLSA-201312-07 : OpenEXR: Multiple Vulnerabilities", "type": "nessus", "viewCount": 0}, "differentElements": ["modified", "sourceData"], "edition": 2, "lastseen": "2016-11-12T05:27:38"}], "edition": 5, "hashmap": [{"key": "bulletinFamily", "hash": "bbdaea376f500d25f6b0c1050311dd07"}, {"key": "cpe", "hash": "9454c5bae4ec02ecbfe86c68d5f044d4"}, {"key": "cvelist", "hash": "f126abc8d3cdb9aa705dbe8c78a9f3e1"}, {"key": "cvss", "hash": "e5d275b3ebd62646b78320753699e02e"}, {"key": "description", "hash": "ad56a3c16b02b4b5807b2eeefb7e8d03"}, {"key": "href", "hash": "e1f630b03e77a2436cc93715f3dec414"}, {"key": "modified", "hash": "f5e850f1985da305c7f9475708cd4d52"}, {"key": "naslFamily", "hash": "cf18d881f0f76f23f322ed3f861d3616"}, {"key": "pluginID", "hash": "a05c96ae506cbd1d89c863716b039ddf"}, {"key": "published", "hash": "e818d5554b76b767c31d7c6e365a1acc"}, {"key": "references", "hash": "e790cc8e072d9c7ad1ac925a7dc3597f"}, {"key": "reporter", "hash": "9cf00d658b687f030ebe173a0528c567"}, {"key": "sourceData", "hash": "143b23902ee8be182f8ff1c58d7996cb"}, {"key": "title", "hash": "05ea14c879b4f8c177f84a7e3c3112ab"}, {"key": "type", "hash": "5e0bd03bec244039678f2b955a2595aa"}], "hash": "fadc62bfc70b90857348397b7fa5f11bb88e199d3d8df227226ccf5614f34371", "viewCount": 0, "enchantments": {"score": {"value": 7.5, "vector": "NONE"}, "vulnersScore": 7.5}, "objectVersion": "1.3", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 201312-07.\n#\n# The advisory text is Copyright (C) 2001-2017 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(71259);\n script_version(\"1.7\");\n script_cvs_date(\"Date: 2018/07/12 19:01:15\");\n\n script_cve_id(\"CVE-2009-1720\", \"CVE-2009-1721\");\n script_xref(name:\"GLSA\", value:\"201312-07\");\n\n script_name(english:\"GLSA-201312-07 : OpenEXR: Multiple Vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-201312-07\n(OpenEXR: Multiple Vulnerabilities)\n\n Multiple vulnerabilities have been discovered in OpenEXR. Please review\n the CVE identifiers referenced below for details.\n \nImpact :\n\n A context-dependent attacker could execute arbitrary code or cause a\n Denial of Service condition via unspecified vectors.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/201312-07\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All OpenEXR users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=media-libs/openexr-1.7.0'\n Packages which depend on this library may need to be recompiled. Tools\n such as revdep-rebuild may assist in identifying some of these packages.\n NOTE: This is a legacy GLSA. Updates for all affected architectures are\n available since December 08, 2010. It is likely that your system is\n already no longer affected by this issue.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(16, 189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:openexr\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/12/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/12/09\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"media-libs/openexr\", unaffected:make_list(\"ge 1.7.0\"), vulnerable:make_list(\"lt 1.7.0\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"OpenEXR\");\n}\n", "naslFamily": "Gentoo Local Security Checks", "pluginID": "71259", "cpe": ["cpe:/o:gentoo:linux", "p-cpe:/a:gentoo:linux:openexr"]}
{"result": {"cve": [{"lastseen": "2016-09-03T12:25:02", "references": ["https://www.redhat.com/archives/fedora-package-announce/2009-July/msg01286.html", "http://www.ubuntu.com/usn/USN-831-1", "http://www.vupen.com/english/advisories/2009/2172", "http://www.mandriva.com/security/advisories?name=MDVSA-2009:191", "http://www.us-cert.gov/cas/techalerts/TA09-218A.html", "http://security.debian.org/pool/updates/main/o/openexr/openexr_1.2.2-4.3+etch2.diff.gz", "http://release.debian.org/proposed-updates/stable_diffs/openexr_1.6.1-3%2Blenny3.debdiff", "http://lists.apple.com/archives/security-announce/2009/Aug/msg00001.html", "http://support.apple.com/kb/HT3757", "http://www.debian.org/security/2009/dsa-1842", "http://www.mandriva.com/security/advisories?name=MDVSA-2009:190", "http://www.securitytracker.com/id?1022674", "http://security.debian.org/pool/updates/main/o/openexr/openexr_1.6.1-3+lenny3.diff.gz", "http://www.securityfocus.com/bid/35838", "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg01290.html", "http://www.vupen.com/english/advisories/2009/2035"], "edition": 1, "description": "The decompression implementation in the Imf::hufUncompress function in OpenEXR 1.2.2 and 1.6.1 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors that trigger a free of an uninitialized pointer.", "reporter": "NVD", "published": "2009-07-31T15:00:01", "type": "cve", "title": "CVE-2009-1721", "enchantments": {"score": {"modified": "2016-09-03T12:25:02", "vector": "NONE", "value": 7.5}}, "assessment": {"system": "", "name": "", "href": ""}, "bulletinFamily": "NVD", "cvelist": ["CVE-2009-1721"], "scanner": [], "modified": "2012-10-22T23:06:36", "cpe": ["cpe:/a:openexr:openexr:1.2.2", "cpe:/a:openexr:openexr:1.6.1"], "id": "CVE-2009-1721", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1721", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2016-09-03T12:25:01", "references": ["https://www.redhat.com/archives/fedora-package-announce/2009-July/msg01286.html", "http://www.ubuntu.com/usn/USN-831-1", "http://www.vupen.com/english/advisories/2009/2172", "http://www.mandriva.com/security/advisories?name=MDVSA-2009:191", "http://www.us-cert.gov/cas/techalerts/TA09-218A.html", "http://security.debian.org/pool/updates/main/o/openexr/openexr_1.2.2-4.3+etch2.diff.gz", "http://release.debian.org/proposed-updates/stable_diffs/openexr_1.6.1-3%2Blenny3.debdiff", "http://lists.apple.com/archives/security-announce/2009/Aug/msg00001.html", "http://support.apple.com/kb/HT3757", "http://www.debian.org/security/2009/dsa-1842", "http://www.mandriva.com/security/advisories?name=MDVSA-2009:190", "http://www.securitytracker.com/id?1022674", "http://security.debian.org/pool/updates/main/o/openexr/openexr_1.6.1-3+lenny3.diff.gz", "http://www.securityfocus.com/bid/35838", "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg01290.html", "http://www.vupen.com/english/advisories/2009/2035"], "edition": 1, "description": "Multiple integer overflows in OpenEXR 1.2.2 and 1.6.1 allow context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unspecified vectors that trigger heap-based buffer overflows, related to (1) the Imf::PreviewImage::PreviewImage function and (2) compressor constructors. NOTE: some of these details are obtained from third party information.", "reporter": "NVD", "published": "2009-07-31T15:00:01", "type": "cve", "title": "CVE-2009-1720", "enchantments": {"score": {"modified": "2016-09-03T12:25:01", "vector": "NONE", "value": 7.5}}, "assessment": {"system": "", "name": "", "href": ""}, "bulletinFamily": "NVD", "cvelist": ["CVE-2009-1720"], "scanner": [], "modified": "2012-10-22T23:06:35", "cpe": ["cpe:/a:openexr:openexr:1.2.2", "cpe:/a:openexr:openexr:1.6.1"], "id": "CVE-2009-1720", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1720", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "gentoo": [{"lastseen": "2016-09-06T19:46:06", "references": ["http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1720", "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1721", "https://bugs.gentoo.org/show_bug.cgi?id=277202"], "affectedPackage": [{"OS": "Gentoo", "OSVersion": "any", "packageVersion": "1.7.0", "packageName": "media-libs/openexr", "packageFilename": "UNKNOWN", "arch": "all", "operator": "lt"}], "description": "### Background\n\nOpenEXR is a high dynamic-range (HDR) image file format developed by Industrial Light & Magic for use in computer imaging applications. \n\n### Description\n\nMultiple vulnerabilities have been discovered in OpenEXR. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nA context-dependent attacker could execute arbitrary code or cause a Denial of Service condition via unspecified vectors. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll OpenEXR users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=media-libs/openexr-1.7.0\"\n \n\nPackages which depend on this library may need to be recompiled. Tools such as revdep-rebuild may assist in identifying some of these packages. \n\nNOTE: This is a legacy GLSA. Updates for all affected architectures are available since December 08, 2010. It is likely that your system is already no longer affected by this issue.", "edition": 1, "reporter": "Gentoo Foundation", "published": "2013-12-09T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 6.8}}, "type": "gentoo", "title": "OpenEXR: Multiple Vulnerabilities", "bulletinFamily": "unix", "cvelist": ["CVE-2009-1721", "CVE-2009-1720"], "modified": "2013-12-09T00:00:00", "id": "GLSA-201312-07", "href": "https://security.gentoo.org/glsa/201312-07", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "openvas": [{"lastseen": "2018-04-06T11:37:15", "references": ["https://bugzilla.novell.com/show_bug.cgi?id=527539"], "pluginID": "136141256231065713", "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n OpenEXR\n\n\nMore details may also be found by searching for the SuSE\nEnterprise Server 11 patch database located at\nhttp://download.novell.com/patch/finder/", "edition": 1, "reporter": "Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com", "published": "2009-10-11T00:00:00", "type": "openvas", "title": "SLES11: Security update for OpenEXR", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "SuSE Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-1721", "CVE-2009-1720"], "modified": "2018-04-06T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231065713", "id": "OPENVAS:136141256231065713", "sourceData": "#\n#VID a9d4fc04f93289a20122dfbd5edb2ce0\n# OpenVAS Vulnerability Test\n# $\n# Description: Security update for OpenEXR\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n OpenEXR\n\n\nMore details may also be found by searching for the SuSE\nEnterprise Server 11 patch database located at\nhttp://download.novell.com/patch/finder/\";\n\ntag_solution = \"Please install the updates provided by SuSE.\";\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://bugzilla.novell.com/show_bug.cgi?id=527539\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.65713\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-11 22:58:51 +0200 (Sun, 11 Oct 2009)\");\n script_cve_id(\"CVE-2009-1720\", \"CVE-2009-1721\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"SLES11: Security update for OpenEXR\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse_sles\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"OpenEXR\", rpm:\"OpenEXR~1.6.1~83.17.1\", rls:\"SLES11.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-24T12:56:44", "references": [], "pluginID": "64533", "description": "The remote host is missing an update to OpenEXR\nannounced via advisory MDVSA-2009:190.", "edition": 2, "reporter": "Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com", "published": "2009-08-17T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "title": "Mandrake Security Advisory MDVSA-2009:190 (OpenEXR)", "type": "openvas", "naslFamily": "Mandrake Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-1721", "CVE-2009-1720"], "modified": "2017-07-06T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=64533", "id": "OPENVAS:64533", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: mdksa_2009_190.nasl 6573 2017-07-06 13:10:50Z cfischer $\n# Description: Auto-generated from advisory MDVSA-2009:190 (OpenEXR)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Multiple vulnerabilities has been found and corrected in OpenEXR:\n\nMultiple integer overflows in OpenEXR 1.2.2 and 1.6.1\nallow context-dependent attackers to cause a denial of service\n(application crash) or possibly execute arbitrary code via unspecified\nvectors that trigger heap-based buffer overflows, related to (1)\nthe Imf::PreviewImage::PreviewImage function and (2) compressor\nconstructors. NOTE: some of these details are obtained from third\nparty information (CVE-2009-1720).\n\nThe decompression implementation in the Imf::hufUncompress function in\nOpenEXR 1.2.2 and 1.6.1 allows context-dependent attackers to cause a\ndenial of service (application crash) or possibly execute arbitrary\ncode via vectors that trigger a free of an uninitialized pointer\n(CVE-2009-1721).\n\nThis update provides fixes for these vulnerabilities.\n\nAffected: 2008.1, 2009.0, 2009.1, Enterprise Server 5.0\";\ntag_solution = \"To upgrade automatically use MandrakeUpdate or urpmi. The verification\nof md5 checksums and GPG signatures is performed automatically for you.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=MDVSA-2009:190\";\ntag_summary = \"The remote host is missing an update to OpenEXR\nannounced via advisory MDVSA-2009:190.\";\n\n \n\nif(description)\n{\n script_id(64533);\n script_version(\"$Revision: 6573 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-06 15:10:50 +0200 (Thu, 06 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-08-17 16:54:45 +0200 (Mon, 17 Aug 2009)\");\n script_cve_id(\"CVE-2009-1720\", \"CVE-2009-1721\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Mandrake Security Advisory MDVSA-2009:190 (OpenEXR)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"libOpenEXR6\", rpm:\"libOpenEXR6~1.6.1~1.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libOpenEXR-devel\", rpm:\"libOpenEXR-devel~1.6.1~1.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"OpenEXR\", rpm:\"OpenEXR~1.6.1~1.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64OpenEXR6\", rpm:\"lib64OpenEXR6~1.6.1~1.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64OpenEXR-devel\", rpm:\"lib64OpenEXR-devel~1.6.1~1.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libOpenEXR6\", rpm:\"libOpenEXR6~1.6.1~3.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libOpenEXR-devel\", rpm:\"libOpenEXR-devel~1.6.1~3.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"OpenEXR\", rpm:\"OpenEXR~1.6.1~3.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64OpenEXR6\", rpm:\"lib64OpenEXR6~1.6.1~3.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64OpenEXR-devel\", rpm:\"lib64OpenEXR-devel~1.6.1~3.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libOpenEXR6\", rpm:\"libOpenEXR6~1.6.1~3.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libOpenEXR-devel\", rpm:\"libOpenEXR-devel~1.6.1~3.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"OpenEXR\", rpm:\"OpenEXR~1.6.1~3.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64OpenEXR6\", rpm:\"lib64OpenEXR6~1.6.1~3.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64OpenEXR-devel\", rpm:\"lib64OpenEXR-devel~1.6.1~3.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libOpenEXR6\", rpm:\"libOpenEXR6~1.6.1~3.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libOpenEXR-devel\", rpm:\"libOpenEXR-devel~1.6.1~3.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"OpenEXR\", rpm:\"OpenEXR~1.6.1~3.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64OpenEXR6\", rpm:\"lib64OpenEXR6~1.6.1~3.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64OpenEXR-devel\", rpm:\"lib64OpenEXR-devel~1.6.1~3.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-04-09T11:28:29", "references": ["https://security.gentoo.org/glsa/201312-07"], "pluginID": "1361412562310121088", "description": "Gentoo Linux Local Security Checks https://security.gentoo.org/glsa/201312-07", "edition": 3, "reporter": "Eero Volotinen", "published": "2015-09-29T00:00:00", "title": "Gentoo Linux Local Check: https://security.gentoo.org/glsa/201312-07", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "naslFamily": "Gentoo Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-1721", "CVE-2009-1720"], "modified": "2018-04-06T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310121088", "id": "OPENVAS:1361412562310121088", "sourceData": "# OpenVAS Vulnerability Test\n# Description: Gentoo Linux security check\n# $Id: glsa-201312-07.nasl 9374 2018-04-06 08:58:12Z cfischer $\n\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\nif(description)\n {\nscript_oid(\"1.3.6.1.4.1.25623.1.0.121088\");\nscript_version(\"$Revision: 9374 $\");\nscript_tag(name:\"creation_date\", value:\"2015-09-29 11:26:26 +0300 (Tue, 29 Sep 2015)\");\nscript_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:58:12 +0200 (Fri, 06 Apr 2018) $\");\nscript_name(\"Gentoo Linux Local Check: https://security.gentoo.org/glsa/201312-07\");\nscript_tag(name: \"insight\", value: \"Multiple vulnerabilities have been discovered in OpenEXR. Please review the CVE identifiers referenced below for details.\"); \nscript_tag(name : \"solution\", value : \"update software\");\nscript_tag(name : \"solution_type\", value : \"VendorFix\");\nscript_xref(name : \"URL\" , value : \"https://security.gentoo.org/glsa/201312-07\");\nscript_cve_id(\"CVE-2009-1720\",\"CVE-2009-1721\");\nscript_tag(name:\"cvss_base\", value:\"7.5\");\nscript_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\nscript_tag(name:\"qod_type\", value:\"package\");\nscript_dependencies(\"gather-package-list.nasl\");\nscript_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\nscript_category(ACT_GATHER_INFO);\nscript_tag(name:\"summary\", value:\"Gentoo Linux Local Security Checks https://security.gentoo.org/glsa/201312-07\");\nscript_copyright(\"Eero Volotinen\");\nscript_family(\"Gentoo Local Security Checks\");\nexit(0);\n}\ninclude(\"revisions-lib.inc\");\n\ninclude(\"pkg-lib-gentoo.inc\");\n\nres = \"\";\nreport = \"\";\n\nif((res=ispkgvuln(pkg:\"media-libs/openexr\", unaffected: make_list(\"ge 1.7.0\"), vulnerable: make_list(\"lt 1.7.0\"))) != NULL) {\n\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-26T08:56:02", "references": [], "pluginID": "65946", "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n OpenEXR\n OpenEXR-devel\n\n\nMore details may also be found by searching for the SuSE\nEnterprise Server 10 patch database located at\nhttp://download.novell.com/patch/finder/", "edition": 2, "reporter": "Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com", "published": "2009-10-13T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "title": "SLES10: Security update for OpenEXR", "type": "openvas", "naslFamily": "SuSE Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-1721", "CVE-2009-1720"], "modified": "2017-07-11T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=65946", "id": "OPENVAS:65946", "sourceData": "#\n#VID slesp2-OpenEXR-6392\n# OpenVAS Vulnerability Test\n# $\n# Description: Security update for OpenEXR\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n OpenEXR\n OpenEXR-devel\n\n\nMore details may also be found by searching for the SuSE\nEnterprise Server 10 patch database located at\nhttp://download.novell.com/patch/finder/\";\n\ntag_solution = \"Please install the updates provided by SuSE.\";\n\nif(description)\n{\n script_id(65946);\n script_version(\"$Revision: 6666 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-11 15:13:36 +0200 (Tue, 11 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-13 18:25:40 +0200 (Tue, 13 Oct 2009)\");\n script_cve_id(\"CVE-2009-1720\", \"CVE-2009-1721\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"SLES10: Security update for OpenEXR\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse_sles\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"OpenEXR\", rpm:\"OpenEXR~1.2.2~16.7\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"OpenEXR-devel\", rpm:\"OpenEXR-devel~1.2.2~16.7\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-04-06T11:40:48", "references": ["https://bugzilla.redhat.com/show_bug.cgi?id=514003", "https://bugzilla.redhat.com/show_bug.cgi?id=513995"], "pluginID": "136141256231064544", "description": "The remote host is missing an update to OpenEXR\nannounced via advisory FEDORA-2009-8136.", "edition": 1, "reporter": "Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com", "published": "2009-08-17T00:00:00", "title": "Fedora Core 10 FEDORA-2009-8136 (OpenEXR)", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 4.3}}, "naslFamily": "Fedora Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-1721", "CVE-2009-1720"], "modified": "2018-04-06T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231064544", "id": "OPENVAS:136141256231064544", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: fcore_2009_8136.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory FEDORA-2009-8136 (OpenEXR)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"OpenEXR is a high dynamic-range (HDR) image file format developed by Industrial\nLight & Magic for use in computer imaging applications. This package contains\nlibraries and sample applications for handling the format.\n\nChangeLog:\n\n* Wed Jul 29 2009 Rex Dieter 1.6.1-8\n- CVE-2009-1720 OpenEXR: Multiple integer overflows (#513995)\n- CVE-2009-1721 OpenEXR: Invalid pointer free by image decompression (#514003)\n* Fri Jul 24 2009 Fedora Release Engineering - 1.6.1-7\n- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild\n* Mon Feb 23 2009 Fedora Release Engineering - 1.6.1-6\n- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild\n* Fri Dec 12 2008 Caol\u00e1n McNamara 1.6.1-5\n- rebuild to get provides pkgconfig(OpenEXR)\";\ntag_solution = \"Apply the appropriate updates.\n\nThis update can be installed with the yum update program. Use \nsu -c 'yum update OpenEXR' at the command line.\nFor more information, refer to Managing Software with yum,\navailable at http://docs.fedoraproject.org/yum/.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2009-8136\";\ntag_summary = \"The remote host is missing an update to OpenEXR\nannounced via advisory FEDORA-2009-8136.\";\n\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.64544\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-08-17 16:54:45 +0200 (Mon, 17 Aug 2009)\");\n script_cve_id(\"CVE-2009-1720\", \"CVE-2009-1721\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Fedora Core 10 FEDORA-2009-8136 (OpenEXR)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=513995\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=514003\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"OpenEXR\", rpm:\"OpenEXR~1.6.1~8.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"OpenEXR-devel\", rpm:\"OpenEXR-devel~1.6.1~8.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"OpenEXR-libs\", rpm:\"OpenEXR-libs~1.6.1~8.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"OpenEXR-debuginfo\", rpm:\"OpenEXR-debuginfo~1.6.1~8.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-25T10:56:32", "references": ["https://bugzilla.redhat.com/show_bug.cgi?id=514003", "https://bugzilla.redhat.com/show_bug.cgi?id=513995"], "pluginID": "64543", "description": "The remote host is missing an update to OpenEXR\nannounced via advisory FEDORA-2009-8132.", "edition": 2, "reporter": "Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com", "published": "2009-08-17T00:00:00", "title": "Fedora Core 11 FEDORA-2009-8132 (OpenEXR)", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 4.3}}, "naslFamily": "Fedora Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-1721", "CVE-2009-1720"], "modified": "2017-07-10T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=64543", "id": "OPENVAS:64543", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: fcore_2009_8132.nasl 6624 2017-07-10 06:11:55Z cfischer $\n# Description: Auto-generated from advisory FEDORA-2009-8132 (OpenEXR)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"OpenEXR is a high dynamic-range (HDR) image file format developed by Industrial\nLight & Magic for use in computer imaging applications. This package contains\nlibraries and sample applications for handling the format.\n\nChangeLog:\n\n* Wed Jul 29 2009 Rex Dieter 1.6.1-8\n- CVE-2009-1720 OpenEXR: Multiple integer overflows (#513995)\n- CVE-2009-1721 OpenEXR: Invalid pointer free by image decompression (#514003)\n* Fri Jul 24 2009 Fedora Release Engineering - 1.6.1-7\n- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild\";\ntag_solution = \"Apply the appropriate updates.\n\nThis update can be installed with the yum update program. Use \nsu -c 'yum update OpenEXR' at the command line.\nFor more information, refer to Managing Software with yum,\navailable at http://docs.fedoraproject.org/yum/.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2009-8132\";\ntag_summary = \"The remote host is missing an update to OpenEXR\nannounced via advisory FEDORA-2009-8132.\";\n\n\n\nif(description)\n{\n script_id(64543);\n script_version(\"$Revision: 6624 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:11:55 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-08-17 16:54:45 +0200 (Mon, 17 Aug 2009)\");\n script_cve_id(\"CVE-2009-1720\", \"CVE-2009-1721\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Fedora Core 11 FEDORA-2009-8132 (OpenEXR)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=513995\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=514003\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"OpenEXR\", rpm:\"OpenEXR~1.6.1~8.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"OpenEXR-devel\", rpm:\"OpenEXR-devel~1.6.1~8.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"OpenEXR-libs\", rpm:\"OpenEXR-libs~1.6.1~8.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"OpenEXR-debuginfo\", rpm:\"OpenEXR-debuginfo~1.6.1~8.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-04-06T11:38:36", "references": ["https://bugzilla.redhat.com/show_bug.cgi?id=514003", "https://bugzilla.redhat.com/show_bug.cgi?id=513995"], "pluginID": "136141256231064543", "description": "The remote host is missing an update to OpenEXR\nannounced via advisory FEDORA-2009-8132.", "edition": 1, "reporter": "Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com", "published": "2009-08-17T00:00:00", "title": "Fedora Core 11 FEDORA-2009-8132 (OpenEXR)", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 4.3}}, "naslFamily": "Fedora Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-1721", "CVE-2009-1720"], "modified": "2018-04-06T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231064543", "id": "OPENVAS:136141256231064543", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: fcore_2009_8132.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory FEDORA-2009-8132 (OpenEXR)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"OpenEXR is a high dynamic-range (HDR) image file format developed by Industrial\nLight & Magic for use in computer imaging applications. This package contains\nlibraries and sample applications for handling the format.\n\nChangeLog:\n\n* Wed Jul 29 2009 Rex Dieter 1.6.1-8\n- CVE-2009-1720 OpenEXR: Multiple integer overflows (#513995)\n- CVE-2009-1721 OpenEXR: Invalid pointer free by image decompression (#514003)\n* Fri Jul 24 2009 Fedora Release Engineering - 1.6.1-7\n- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild\";\ntag_solution = \"Apply the appropriate updates.\n\nThis update can be installed with the yum update program. Use \nsu -c 'yum update OpenEXR' at the command line.\nFor more information, refer to Managing Software with yum,\navailable at http://docs.fedoraproject.org/yum/.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2009-8132\";\ntag_summary = \"The remote host is missing an update to OpenEXR\nannounced via advisory FEDORA-2009-8132.\";\n\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.64543\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-08-17 16:54:45 +0200 (Mon, 17 Aug 2009)\");\n script_cve_id(\"CVE-2009-1720\", \"CVE-2009-1721\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Fedora Core 11 FEDORA-2009-8132 (OpenEXR)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=513995\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=514003\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"OpenEXR\", rpm:\"OpenEXR~1.6.1~8.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"OpenEXR-devel\", rpm:\"OpenEXR-devel~1.6.1~8.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"OpenEXR-libs\", rpm:\"OpenEXR-libs~1.6.1~8.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"OpenEXR-debuginfo\", rpm:\"OpenEXR-debuginfo~1.6.1~8.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-25T10:57:16", "references": ["https://bugzilla.redhat.com/show_bug.cgi?id=514003", "https://bugzilla.redhat.com/show_bug.cgi?id=513995"], "pluginID": "64544", "description": "The remote host is missing an update to OpenEXR\nannounced via advisory FEDORA-2009-8136.", "edition": 2, "reporter": "Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com", "published": "2009-08-17T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 4.3}}, "title": "Fedora Core 10 FEDORA-2009-8136 (OpenEXR)", "type": "openvas", "naslFamily": "Fedora Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-1721", "CVE-2009-1720"], "modified": "2017-07-10T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=64544", "id": "OPENVAS:64544", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: fcore_2009_8136.nasl 6624 2017-07-10 06:11:55Z cfischer $\n# Description: Auto-generated from advisory FEDORA-2009-8136 (OpenEXR)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"OpenEXR is a high dynamic-range (HDR) image file format developed by Industrial\nLight & Magic for use in computer imaging applications. This package contains\nlibraries and sample applications for handling the format.\n\nChangeLog:\n\n* Wed Jul 29 2009 Rex Dieter 1.6.1-8\n- CVE-2009-1720 OpenEXR: Multiple integer overflows (#513995)\n- CVE-2009-1721 OpenEXR: Invalid pointer free by image decompression (#514003)\n* Fri Jul 24 2009 Fedora Release Engineering - 1.6.1-7\n- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild\n* Mon Feb 23 2009 Fedora Release Engineering - 1.6.1-6\n- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild\n* Fri Dec 12 2008 Caol\u00e1n McNamara 1.6.1-5\n- rebuild to get provides pkgconfig(OpenEXR)\";\ntag_solution = \"Apply the appropriate updates.\n\nThis update can be installed with the yum update program. Use \nsu -c 'yum update OpenEXR' at the command line.\nFor more information, refer to Managing Software with yum,\navailable at http://docs.fedoraproject.org/yum/.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2009-8136\";\ntag_summary = \"The remote host is missing an update to OpenEXR\nannounced via advisory FEDORA-2009-8136.\";\n\n\n\nif(description)\n{\n script_id(64544);\n script_version(\"$Revision: 6624 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:11:55 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-08-17 16:54:45 +0200 (Mon, 17 Aug 2009)\");\n script_cve_id(\"CVE-2009-1720\", \"CVE-2009-1721\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Fedora Core 10 FEDORA-2009-8136 (OpenEXR)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=513995\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=514003\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"OpenEXR\", rpm:\"OpenEXR~1.6.1~8.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"OpenEXR-devel\", rpm:\"OpenEXR-devel~1.6.1~8.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"OpenEXR-libs\", rpm:\"OpenEXR-libs~1.6.1~8.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"OpenEXR-debuginfo\", rpm:\"OpenEXR-debuginfo~1.6.1~8.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-04-06T11:39:10", "references": [], "pluginID": "136141256231064533", "description": "The remote host is missing an update to OpenEXR\nannounced via advisory MDVSA-2009:190.", "edition": 1, "reporter": "Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com", "published": "2009-08-17T00:00:00", "type": "openvas", "title": "Mandrake Security Advisory MDVSA-2009:190 (OpenEXR)", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Mandrake Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-1721", "CVE-2009-1720"], "modified": "2018-04-06T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231064533", "id": "OPENVAS:136141256231064533", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: mdksa_2009_190.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory MDVSA-2009:190 (OpenEXR)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Multiple vulnerabilities has been found and corrected in OpenEXR:\n\nMultiple integer overflows in OpenEXR 1.2.2 and 1.6.1\nallow context-dependent attackers to cause a denial of service\n(application crash) or possibly execute arbitrary code via unspecified\nvectors that trigger heap-based buffer overflows, related to (1)\nthe Imf::PreviewImage::PreviewImage function and (2) compressor\nconstructors. NOTE: some of these details are obtained from third\nparty information (CVE-2009-1720).\n\nThe decompression implementation in the Imf::hufUncompress function in\nOpenEXR 1.2.2 and 1.6.1 allows context-dependent attackers to cause a\ndenial of service (application crash) or possibly execute arbitrary\ncode via vectors that trigger a free of an uninitialized pointer\n(CVE-2009-1721).\n\nThis update provides fixes for these vulnerabilities.\n\nAffected: 2008.1, 2009.0, 2009.1, Enterprise Server 5.0\";\ntag_solution = \"To upgrade automatically use MandrakeUpdate or urpmi. The verification\nof md5 checksums and GPG signatures is performed automatically for you.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=MDVSA-2009:190\";\ntag_summary = \"The remote host is missing an update to OpenEXR\nannounced via advisory MDVSA-2009:190.\";\n\n \n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.64533\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-08-17 16:54:45 +0200 (Mon, 17 Aug 2009)\");\n script_cve_id(\"CVE-2009-1720\", \"CVE-2009-1721\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Mandrake Security Advisory MDVSA-2009:190 (OpenEXR)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"libOpenEXR6\", rpm:\"libOpenEXR6~1.6.1~1.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libOpenEXR-devel\", rpm:\"libOpenEXR-devel~1.6.1~1.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"OpenEXR\", rpm:\"OpenEXR~1.6.1~1.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64OpenEXR6\", rpm:\"lib64OpenEXR6~1.6.1~1.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64OpenEXR-devel\", rpm:\"lib64OpenEXR-devel~1.6.1~1.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libOpenEXR6\", rpm:\"libOpenEXR6~1.6.1~3.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libOpenEXR-devel\", rpm:\"libOpenEXR-devel~1.6.1~3.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"OpenEXR\", rpm:\"OpenEXR~1.6.1~3.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64OpenEXR6\", rpm:\"lib64OpenEXR6~1.6.1~3.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64OpenEXR-devel\", rpm:\"lib64OpenEXR-devel~1.6.1~3.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libOpenEXR6\", rpm:\"libOpenEXR6~1.6.1~3.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libOpenEXR-devel\", rpm:\"libOpenEXR-devel~1.6.1~3.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"OpenEXR\", rpm:\"OpenEXR~1.6.1~3.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64OpenEXR6\", rpm:\"lib64OpenEXR6~1.6.1~3.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64OpenEXR-devel\", rpm:\"lib64OpenEXR-devel~1.6.1~3.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libOpenEXR6\", rpm:\"libOpenEXR6~1.6.1~3.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libOpenEXR-devel\", rpm:\"libOpenEXR-devel~1.6.1~3.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"OpenEXR\", rpm:\"OpenEXR~1.6.1~3.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64OpenEXR6\", rpm:\"lib64OpenEXR6~1.6.1~3.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64OpenEXR-devel\", rpm:\"lib64OpenEXR-devel~1.6.1~3.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-26T08:55:11", "references": ["https://bugzilla.novell.com/show_bug.cgi?id=527539"], "pluginID": "65713", "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n OpenEXR\n\n\nMore details may also be found by searching for the SuSE\nEnterprise Server 11 patch database located at\nhttp://download.novell.com/patch/finder/", "edition": 2, "reporter": "Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com", "published": "2009-10-11T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "title": "SLES11: Security update for OpenEXR", "type": "openvas", "naslFamily": "SuSE Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-1721", "CVE-2009-1720"], "modified": "2017-07-11T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=65713", "id": "OPENVAS:65713", "sourceData": "#\n#VID a9d4fc04f93289a20122dfbd5edb2ce0\n# OpenVAS Vulnerability Test\n# $\n# Description: Security update for OpenEXR\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n OpenEXR\n\n\nMore details may also be found by searching for the SuSE\nEnterprise Server 11 patch database located at\nhttp://download.novell.com/patch/finder/\";\n\ntag_solution = \"Please install the updates provided by SuSE.\";\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://bugzilla.novell.com/show_bug.cgi?id=527539\");\n script_id(65713);\n script_version(\"$Revision: 6666 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-11 15:13:36 +0200 (Tue, 11 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-11 22:58:51 +0200 (Sun, 11 Oct 2009)\");\n script_cve_id(\"CVE-2009-1720\", \"CVE-2009-1721\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"SLES11: Security update for OpenEXR\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse_sles\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"OpenEXR\", rpm:\"OpenEXR~1.6.1~83.17.1\", rls:\"SLES11.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "nessus": [{"lastseen": "2017-10-29T13:42:39", "references": ["https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild", "http://www.nessus.org/u?618a01b9", "https://bugzilla.redhat.com/show_bug.cgi?id=514003", "https://bugzilla.redhat.com/show_bug.cgi?id=513995"], "pluginID": "40452", "description": "- Wed Jul 29 2009 Rex Dieter <rdieter at fedoraproject.org> 1.6.1-8\n\n - CVE-2009-1720 OpenEXR: Multiple integer overflows (#513995)\n\n - CVE-2009-1721 OpenEXR: Invalid pointer free by image decompression (#514003)\n\n - Fri Jul 24 2009 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 1.6.1-7\n\n - Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "edition": 3, "reporter": "Tenable", "published": "2009-08-01T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "type": "nessus", "title": "Fedora 11 : OpenEXR-1.6.1-8.fc11 (2009-8132)", "naslFamily": "Fedora Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-1721", "CVE-2009-1720"], "cpe": ["p-cpe:/a:fedoraproject:fedora:OpenEXR", "cpe:/o:fedoraproject:fedora:11"], "modified": "2016-12-08T00:00:00", "id": "FEDORA_2009-8132.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=40452", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2009-8132.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(40452);\n script_version (\"$Revision: 1.14 $\");\n script_cvs_date(\"$Date: 2016/12/08 20:21:56 $\");\n\n script_cve_id(\"CVE-2009-1720\", \"CVE-2009-1721\");\n script_bugtraq_id(35838);\n script_xref(name:\"FEDORA\", value:\"2009-8132\");\n\n script_name(english:\"Fedora 11 : OpenEXR-1.6.1-8.fc11 (2009-8132)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - Wed Jul 29 2009 Rex Dieter <rdieter at\n fedoraproject.org> 1.6.1-8\n\n - CVE-2009-1720 OpenEXR: Multiple integer overflows\n (#513995)\n\n - CVE-2009-1721 OpenEXR: Invalid pointer free by image\n decompression (#514003)\n\n - Fri Jul 24 2009 Fedora Release Engineering <rel-eng at\n lists.fedoraproject.org> - 1.6.1-7\n\n - Rebuilt for\n https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=513995\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=514003\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2009-July/027215.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?618a01b9\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected OpenEXR package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:ND\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(16, 189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:OpenEXR\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/07/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/08/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2016 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^11([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 11.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC11\", reference:\"OpenEXR-1.6.1-8.fc11\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"OpenEXR\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-10-29T13:34:30", "references": ["http://support.novell.com/security/cve/CVE-2009-1721.html", "http://support.novell.com/security/cve/CVE-2009-1720.html"], "pluginID": "41472", "edition": 3, "description": "This update of OpenEXR fixes several integer overflows (CVE-2009-1720), a denial-of-service (probably execution of arbitrary code) bug (CVE-2009-1721) and another possible remote code execution bug in the compression code. (CVE-2009-1721)", "reporter": "Tenable", "published": "2009-09-24T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "type": "nessus", "title": "SuSE 10 Security Update : OpenEXR (ZYPP Patch Number 6392)", "naslFamily": "SuSE Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-1721", "CVE-2009-1720"], "cpe": ["cpe:/o:suse:suse_linux"], "modified": "2016-12-22T00:00:00", "id": "SUSE_OPENEXR-6392.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=41472", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(41472);\n script_version (\"$Revision: 1.10 $\");\n script_cvs_date(\"$Date: 2016/12/22 20:42:28 $\");\n\n script_cve_id(\"CVE-2009-1720\", \"CVE-2009-1721\");\n\n script_name(english:\"SuSE 10 Security Update : OpenEXR (ZYPP Patch Number 6392)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 10 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update of OpenEXR fixes several integer overflows\n(CVE-2009-1720), a denial-of-service (probably execution of arbitrary\ncode) bug (CVE-2009-1721) and another possible remote code execution\nbug in the compression code. (CVE-2009-1721)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-1720.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-1721.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply ZYPP patch number 6392.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_cwe_id(16, 189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/08/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/09/24\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2016 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 10 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED10\", sp:2, reference:\"OpenEXR-1.2.2-16.7\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:2, reference:\"OpenEXR-devel-1.2.2-16.7\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:2, cpu:\"x86_64\", reference:\"OpenEXR-32bit-1.2.2-16.7\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, reference:\"OpenEXR-1.2.2-16.7\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, reference:\"OpenEXR-devel-1.2.2-16.7\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, cpu:\"x86_64\", reference:\"OpenEXR-32bit-1.2.2-16.7\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-02T07:40:26", "references": [], "pluginID": "40465", "description": "Multiple vulnerabilities has been found and corrected in OpenEXR :\n\nMultiple integer overflows in OpenEXR 1.2.2 and 1.6.1 allow context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unspecified vectors that trigger heap-based buffer overflows, related to (1) the Imf::PreviewImage::PreviewImage function and (2) compressor constructors. NOTE: some of these details are obtained from third party information (CVE-2009-1720).\n\nThe decompression implementation in the Imf::hufUncompress function in OpenEXR 1.2.2 and 1.6.1 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors that trigger a free of an uninitialized pointer (CVE-2009-1721).\n\nThis update provides fixes for these vulnerabilities.", "edition": 6, "reporter": "Tenable", "published": "2009-08-03T00:00:00", "title": "Mandriva Linux Security Advisory : OpenEXR (MDVSA-2009:190)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Mandriva Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-1721", "CVE-2009-1720"], "modified": "2018-07-19T00:00:00", "cpe": ["p-cpe:/a:mandriva:linux:lib64OpenEXR-devel", "cpe:/o:mandriva:linux:2009.0", "p-cpe:/a:mandriva:linux:libOpenEXR6", "cpe:/o:mandriva:linux:2008.1", "p-cpe:/a:mandriva:linux:libOpenEXR-devel", "cpe:/o:mandriva:linux:2009.1", "p-cpe:/a:mandriva:linux:OpenEXR", "p-cpe:/a:mandriva:linux:lib64OpenEXR6"], "id": "MANDRIVA_MDVSA-2009-190.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=40465", "sourceData": "#%NASL_MIN_LEVEL 70103\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2009:190. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(40465);\n script_version(\"1.17\");\n script_cvs_date(\"Date: 2018/07/19 20:59:16\");\n\n script_cve_id(\"CVE-2009-1720\", \"CVE-2009-1721\");\n script_bugtraq_id(35838);\n script_xref(name:\"MDVSA\", value:\"2009:190\");\n\n script_name(english:\"Mandriva Linux Security Advisory : OpenEXR (MDVSA-2009:190)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple vulnerabilities has been found and corrected in OpenEXR :\n\nMultiple integer overflows in OpenEXR 1.2.2 and 1.6.1 allow\ncontext-dependent attackers to cause a denial of service (application\ncrash) or possibly execute arbitrary code via unspecified vectors that\ntrigger heap-based buffer overflows, related to (1) the\nImf::PreviewImage::PreviewImage function and (2) compressor\nconstructors. NOTE: some of these details are obtained from third\nparty information (CVE-2009-1720).\n\nThe decompression implementation in the Imf::hufUncompress function in\nOpenEXR 1.2.2 and 1.6.1 allows context-dependent attackers to cause a\ndenial of service (application crash) or possibly execute arbitrary\ncode via vectors that trigger a free of an uninitialized pointer\n(CVE-2009-1721).\n\nThis update provides fixes for these vulnerabilities.\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(16, 189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:OpenEXR\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64OpenEXR-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64OpenEXR6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libOpenEXR-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libOpenEXR6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2008.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2009.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2009.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/08/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/08/03\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK2008.1\", reference:\"OpenEXR-1.6.1-1.1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", cpu:\"x86_64\", reference:\"lib64OpenEXR-devel-1.6.1-1.1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", cpu:\"x86_64\", reference:\"lib64OpenEXR6-1.6.1-1.1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", cpu:\"i386\", reference:\"libOpenEXR-devel-1.6.1-1.1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", cpu:\"i386\", reference:\"libOpenEXR6-1.6.1-1.1mdv2008.1\", yank:\"mdv\")) flag++;\n\nif (rpm_check(release:\"MDK2009.0\", reference:\"OpenEXR-1.6.1-3.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"x86_64\", reference:\"lib64OpenEXR-devel-1.6.1-3.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"x86_64\", reference:\"lib64OpenEXR6-1.6.1-3.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"i386\", reference:\"libOpenEXR-devel-1.6.1-3.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"i386\", reference:\"libOpenEXR6-1.6.1-3.1mdv2009.0\", yank:\"mdv\")) flag++;\n\nif (rpm_check(release:\"MDK2009.1\", reference:\"OpenEXR-1.6.1-3.1mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", cpu:\"x86_64\", reference:\"lib64OpenEXR-devel-1.6.1-3.1mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", cpu:\"x86_64\", reference:\"lib64OpenEXR6-1.6.1-3.1mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", cpu:\"i386\", reference:\"libOpenEXR-devel-1.6.1-3.1mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", cpu:\"i386\", reference:\"libOpenEXR6-1.6.1-3.1mdv2009.1\", yank:\"mdv\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-10-29T13:34:40", "references": ["https://bugzilla.novell.com/show_bug.cgi?id=527539"], "pluginID": "40845", "description": "This update of OpenEXR fixes seceral integer overflows (CVE-2009-1720) and a denial-of-service (probably execution of arbitrary code) bug (CVE-2009-1721).", "edition": 3, "reporter": "Tenable", "published": "2009-09-02T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "type": "nessus", "title": "openSUSE Security Update : OpenEXR (OpenEXR-1157)", "naslFamily": "SuSE Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-1721", "CVE-2009-1720"], "cpe": ["cpe:/o:novell:opensuse:11.1", "p-cpe:/a:novell:opensuse:OpenEXR-devel", "p-cpe:/a:novell:opensuse:OpenEXR-32bit", "p-cpe:/a:novell:opensuse:OpenEXR"], "modified": "2016-12-21T00:00:00", "id": "SUSE_11_1_OPENEXR-090804.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=40845", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update OpenEXR-1157.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(40845);\n script_version(\"$Revision: 1.7 $\");\n script_cvs_date(\"$Date: 2016/12/21 20:21:18 $\");\n\n script_cve_id(\"CVE-2009-1720\", \"CVE-2009-1721\");\n\n script_name(english:\"openSUSE Security Update : OpenEXR (OpenEXR-1157)\");\n script_summary(english:\"Check for the OpenEXR-1157 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update of OpenEXR fixes seceral integer overflows (CVE-2009-1720)\nand a denial-of-service (probably execution of arbitrary code) bug\n(CVE-2009-1721).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=527539\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected OpenEXR packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_cwe_id(16, 189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:OpenEXR\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:OpenEXR-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:OpenEXR-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/08/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/09/02\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2016 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.1\", reference:\"OpenEXR-1.6.1-83.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"OpenEXR-devel-1.6.1-83.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", cpu:\"x86_64\", reference:\"OpenEXR-32bit-1.6.1-83.13.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"OpenEXR\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-10-29T13:41:05", "references": [], "pluginID": "41987", "description": "This update of OpenEXR fixes seceral integer overflows (CVE-2009-1720) and a denial-of-service (probably execution of arbitrary code) bug (CVE-2009-1721).", "edition": 3, "reporter": "Tenable", "published": "2009-10-06T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "type": "nessus", "title": "openSUSE 10 Security Update : OpenEXR (OpenEXR-6393)", "naslFamily": "SuSE Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-1721", "CVE-2009-1720"], "cpe": ["cpe:/o:novell:opensuse:10.3", "p-cpe:/a:novell:opensuse:OpenEXR-devel", "p-cpe:/a:novell:opensuse:OpenEXR-32bit", "p-cpe:/a:novell:opensuse:OpenEXR"], "modified": "2016-12-22T00:00:00", "id": "SUSE_OPENEXR-6393.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=41987", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update OpenEXR-6393.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(41987);\n script_version (\"$Revision: 1.6 $\");\n script_cvs_date(\"$Date: 2016/12/22 20:42:28 $\");\n\n script_cve_id(\"CVE-2009-1720\", \"CVE-2009-1721\");\n\n script_name(english:\"openSUSE 10 Security Update : OpenEXR (OpenEXR-6393)\");\n script_summary(english:\"Check for the OpenEXR-6393 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update of OpenEXR fixes seceral integer overflows (CVE-2009-1720)\nand a denial-of-service (probably execution of arbitrary code) bug\n(CVE-2009-1721).\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected OpenEXR packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_cwe_id(16, 189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:OpenEXR\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:OpenEXR-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:OpenEXR-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:10.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/08/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/10/06\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2016 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE10\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"10.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE10.3\", reference:\"OpenEXR-1.4.0a-36.2\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"OpenEXR-devel-1.4.0a-36.2\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", cpu:\"x86_64\", reference:\"OpenEXR-32bit-1.4.0a-36.2\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"OpenEXR\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-10-29T13:35:02", "references": ["https://bugzilla.novell.com/show_bug.cgi?id=527539"], "pluginID": "40841", "description": "This update of OpenEXR fixes seceral integer overflows (CVE-2009-1720) and a denial-of-service (probably execution of arbitrary code) bug (CVE-2009-1721).", "edition": 3, "reporter": "Tenable", "published": "2009-09-02T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "type": "nessus", "title": "openSUSE Security Update : OpenEXR (OpenEXR-1157)", "naslFamily": "SuSE Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-1721", "CVE-2009-1720"], "cpe": ["cpe:/o:novell:opensuse:11.0", "p-cpe:/a:novell:opensuse:OpenEXR-devel", "p-cpe:/a:novell:opensuse:OpenEXR-32bit", "p-cpe:/a:novell:opensuse:OpenEXR"], "modified": "2016-12-21T00:00:00", "id": "SUSE_11_0_OPENEXR-090804.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=40841", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update OpenEXR-1157.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(40841);\n script_version(\"$Revision: 1.7 $\");\n script_cvs_date(\"$Date: 2016/12/21 20:09:50 $\");\n\n script_cve_id(\"CVE-2009-1720\", \"CVE-2009-1721\");\n\n script_name(english:\"openSUSE Security Update : OpenEXR (OpenEXR-1157)\");\n script_summary(english:\"Check for the OpenEXR-1157 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update of OpenEXR fixes seceral integer overflows (CVE-2009-1720)\nand a denial-of-service (probably execution of arbitrary code) bug\n(CVE-2009-1721).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=527539\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected OpenEXR packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_cwe_id(16, 189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:OpenEXR\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:OpenEXR-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:OpenEXR-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/08/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/09/02\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2016 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.0)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.0\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.0\", reference:\"OpenEXR-1.6.1-47.2\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"OpenEXR-devel-1.6.1-47.2\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", cpu:\"x86_64\", reference:\"OpenEXR-32bit-1.6.1-47.2\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"OpenEXR\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-10-29T13:45:16", "references": ["https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild", "https://bugzilla.redhat.com/show_bug.cgi?id=514003", "https://bugzilla.redhat.com/show_bug.cgi?id=513995", "http://www.nessus.org/u?3d169805", "https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild"], "pluginID": "40453", "description": "- Wed Jul 29 2009 Rex Dieter <rdieter at fedoraproject.org> 1.6.1-8\n\n - CVE-2009-1720 OpenEXR: Multiple integer overflows (#513995)\n\n - CVE-2009-1721 OpenEXR: Invalid pointer free by image decompression (#514003)\n\n - Fri Jul 24 2009 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 1.6.1-7\n\n - Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild\n\n - Mon Feb 23 2009 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 1.6.1-6\n\n - Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild\n\n - Fri Dec 12 2008 Caolan McNamara <caolanm at redhat.com> 1.6.1-5\n\n - rebuild to get provides pkgconfig(OpenEXR)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "edition": 3, "reporter": "Tenable", "published": "2009-08-01T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "type": "nessus", "title": "Fedora 10 : OpenEXR-1.6.1-8.fc10 (2009-8136)", "naslFamily": "Fedora Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-1721", "CVE-2009-1720"], "cpe": ["cpe:/o:fedoraproject:fedora:10", "p-cpe:/a:fedoraproject:fedora:OpenEXR"], "modified": "2016-12-08T00:00:00", "id": "FEDORA_2009-8136.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=40453", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2009-8136.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(40453);\n script_version (\"$Revision: 1.14 $\");\n script_cvs_date(\"$Date: 2016/12/08 20:21:56 $\");\n\n script_cve_id(\"CVE-2009-1720\", \"CVE-2009-1721\");\n script_bugtraq_id(35838);\n script_xref(name:\"FEDORA\", value:\"2009-8136\");\n\n script_name(english:\"Fedora 10 : OpenEXR-1.6.1-8.fc10 (2009-8136)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - Wed Jul 29 2009 Rex Dieter <rdieter at\n fedoraproject.org> 1.6.1-8\n\n - CVE-2009-1720 OpenEXR: Multiple integer overflows\n (#513995)\n\n - CVE-2009-1721 OpenEXR: Invalid pointer free by image\n decompression (#514003)\n\n - Fri Jul 24 2009 Fedora Release Engineering <rel-eng at\n lists.fedoraproject.org> - 1.6.1-7\n\n - Rebuilt for\n https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild\n\n - Mon Feb 23 2009 Fedora Release Engineering <rel-eng at\n lists.fedoraproject.org> - 1.6.1-6\n\n - Rebuilt for\n https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild\n\n - Fri Dec 12 2008 Caolan McNamara <caolanm at\n redhat.com> 1.6.1-5\n\n - rebuild to get provides pkgconfig(OpenEXR)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=513995\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=514003\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2009-July/027219.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?3d169805\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected OpenEXR package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:ND\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(16, 189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:OpenEXR\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:10\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/07/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/08/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2016 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^10([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 10.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC10\", reference:\"OpenEXR-1.6.1-8.fc10\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"OpenEXR\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-10-29T13:46:05", "references": ["http://support.novell.com/security/cve/CVE-2009-1721.html", "https://bugzilla.novell.com/show_bug.cgi?id=527539", "http://support.novell.com/security/cve/CVE-2009-1720.html"], "pluginID": "41360", "description": "This update of OpenEXR fixes several integer overflows (CVE-2009-1720) and a denial-of-service (probably execution of arbitrary code) bug.\n(CVE-2009-1721)", "edition": 3, "reporter": "Tenable", "published": "2009-09-24T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "type": "nessus", "title": "SuSE 11 Security Update : OpenEXR (SAT Patch Number 1155)", "naslFamily": "SuSE Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-1721", "CVE-2009-1720"], "cpe": ["p-cpe:/a:novell:suse_linux:11:OpenEXR-32bit", "cpe:/o:novell:suse_linux:11", "p-cpe:/a:novell:suse_linux:11:OpenEXR"], "modified": "2016-12-21T00:00:00", "id": "SUSE_11_OPENEXR-090804.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=41360", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from SuSE 11 update information. The text itself is\n# copyright (C) Novell, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(41360);\n script_version(\"$Revision: 1.9 $\");\n script_cvs_date(\"$Date: 2016/12/21 20:21:20 $\");\n\n script_cve_id(\"CVE-2009-1720\", \"CVE-2009-1721\");\n\n script_name(english:\"SuSE 11 Security Update : OpenEXR (SAT Patch Number 1155)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 11 host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update of OpenEXR fixes several integer overflows (CVE-2009-1720)\nand a denial-of-service (probably execution of arbitrary code) bug.\n(CVE-2009-1721)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=527539\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-1720.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-1721.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply SAT patch number 1155.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_cwe_id(16, 189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:OpenEXR\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:OpenEXR-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/08/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/09/24\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2016 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)11\") audit(AUDIT_OS_NOT, \"SuSE 11\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SuSE 11\", cpu);\n\npl = get_kb_item(\"Host/SuSE/patchlevel\");\nif (pl) audit(AUDIT_OS_NOT, \"SuSE 11.0\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"i586\", reference:\"OpenEXR-1.6.1-83.17.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"x86_64\", reference:\"OpenEXR-1.6.1-83.17.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, reference:\"OpenEXR-1.6.1-83.17.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, cpu:\"s390x\", reference:\"OpenEXR-32bit-1.6.1-83.17.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, cpu:\"x86_64\", reference:\"OpenEXR-32bit-1.6.1-83.17.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-02T08:29:13", "references": [], "pluginID": "43075", "description": "Multiple vulnerabilities has been found and corrected in OpenEXR :\n\nMultiple integer overflows in OpenEXR 1.2.2 and 1.6.1 allow context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unspecified vectors that trigger heap-based buffer overflows, related to (1) the Imf::PreviewImage::PreviewImage function and (2) compressor constructors. NOTE: some of these details are obtained from third party information (CVE-2009-1720).\n\nThe decompression implementation in the Imf::hufUncompress function in OpenEXR 1.2.2 and 1.6.1 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors that trigger a free of an uninitialized pointer (CVE-2009-1721).\n\nBuffer overflow in the compression implementation in OpenEXR 1.2.2 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unspecified vectors (CVE-2009-1722).\n\nThis update provides fixes for these vulnerabilities.\n\nUpdate :\n\nPackages for 2008.0 are provided for Corporate Desktop 2008.0 customers", "edition": 4, "reporter": "Tenable", "published": "2009-12-09T00:00:00", "title": "Mandriva Linux Security Advisory : OpenEXR (MDVSA-2009:191-1)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Mandriva Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-1721", "CVE-2009-1720", "CVE-2009-1722"], "modified": "2018-07-19T00:00:00", "cpe": ["p-cpe:/a:mandriva:linux:lib64OpenEXR-devel", "cpe:/o:mandriva:linux:2008.0", "p-cpe:/a:mandriva:linux:libOpenEXR-devel", "p-cpe:/a:mandriva:linux:lib64OpenEXR4", "p-cpe:/a:mandriva:linux:OpenEXR", "p-cpe:/a:mandriva:linux:libOpenEXR4"], "id": "MANDRIVA_MDVSA-2009-191.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=43075", "sourceData": "#%NASL_MIN_LEVEL 70103\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2009:191. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(43075);\n script_version(\"1.13\");\n script_cvs_date(\"Date: 2018/07/19 20:59:16\");\n\n script_cve_id(\"CVE-2009-1720\", \"CVE-2009-1721\", \"CVE-2009-1722\");\n script_bugtraq_id(35838);\n script_xref(name:\"MDVSA\", value:\"2009:191-1\");\n\n script_name(english:\"Mandriva Linux Security Advisory : OpenEXR (MDVSA-2009:191-1)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple vulnerabilities has been found and corrected in OpenEXR :\n\nMultiple integer overflows in OpenEXR 1.2.2 and 1.6.1 allow\ncontext-dependent attackers to cause a denial of service (application\ncrash) or possibly execute arbitrary code via unspecified vectors that\ntrigger heap-based buffer overflows, related to (1) the\nImf::PreviewImage::PreviewImage function and (2) compressor\nconstructors. NOTE: some of these details are obtained from third\nparty information (CVE-2009-1720).\n\nThe decompression implementation in the Imf::hufUncompress function in\nOpenEXR 1.2.2 and 1.6.1 allows context-dependent attackers to cause a\ndenial of service (application crash) or possibly execute arbitrary\ncode via vectors that trigger a free of an uninitialized pointer\n(CVE-2009-1721).\n\nBuffer overflow in the compression implementation in OpenEXR 1.2.2\nallows context-dependent attackers to cause a denial of service\n(application crash) or possibly execute arbitrary code via unspecified\nvectors (CVE-2009-1722).\n\nThis update provides fixes for these vulnerabilities.\n\nUpdate :\n\nPackages for 2008.0 are provided for Corporate Desktop 2008.0\ncustomers\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:ND\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(16, 119, 189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:OpenEXR\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64OpenEXR-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64OpenEXR4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libOpenEXR-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libOpenEXR4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2008.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/12/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/12/09\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK2008.0\", reference:\"OpenEXR-1.4.0-3.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"x86_64\", reference:\"lib64OpenEXR-devel-1.4.0-3.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"x86_64\", reference:\"lib64OpenEXR4-1.4.0-3.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"i386\", reference:\"libOpenEXR-devel-1.4.0-3.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"i386\", reference:\"libOpenEXR4-1.4.0-3.1mdv2008.0\", yank:\"mdv\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-10T17:21:54", "references": [], "pluginID": "40982", "description": "Drew Yao discovered several flaws in the way OpenEXR handled certain malformed EXR image files. If a user were tricked into opening a crafted EXR image file, an attacker could cause a denial of service via application crash, or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2009-1720, CVE-2009-1721)\n\nIt was discovered that OpenEXR did not properly handle certain malformed EXR image files. If a user were tricked into opening a crafted EXR image file, an attacker could cause a denial of service via application crash, or possibly execute arbitrary code with the privileges of the user invoking the program. This issue only affected Ubuntu 8.04 LTS. (CVE-2009-1722).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "edition": 5, "reporter": "Tenable", "published": "2009-09-15T00:00:00", "title": "Ubuntu 8.04 LTS / 8.10 / 9.04 : openexr vulnerabilities (USN-831-1)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 6.8}}, "naslFamily": "Ubuntu Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-1721", "CVE-2009-1720", "CVE-2009-1722"], "modified": "2018-08-06T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:libopenexr6", "p-cpe:/a:canonical:ubuntu_linux:libopenexr-dev", "cpe:/o:canonical:ubuntu_linux:8.04:-:lts", "p-cpe:/a:canonical:ubuntu_linux:openexr", "p-cpe:/a:canonical:ubuntu_linux:libopenexr2ldbl", "cpe:/o:canonical:ubuntu_linux:8.10", "cpe:/o:canonical:ubuntu_linux:9.04"], "id": "UBUNTU_USN-831-1.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=40982", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-831-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(40982);\n script_version(\"1.13\");\n script_cvs_date(\"Date: 2018/08/06 14:03:15\");\n\n script_cve_id(\"CVE-2009-1720\", \"CVE-2009-1721\", \"CVE-2009-1722\");\n script_bugtraq_id(35838);\n script_xref(name:\"USN\", value:\"831-1\");\n\n script_name(english:\"Ubuntu 8.04 LTS / 8.10 / 9.04 : openexr vulnerabilities (USN-831-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Drew Yao discovered several flaws in the way OpenEXR handled certain\nmalformed EXR image files. If a user were tricked into opening a\ncrafted EXR image file, an attacker could cause a denial of service\nvia application crash, or possibly execute arbitrary code with the\nprivileges of the user invoking the program. (CVE-2009-1720,\nCVE-2009-1721)\n\nIt was discovered that OpenEXR did not properly handle certain\nmalformed EXR image files. If a user were tricked into opening a\ncrafted EXR image file, an attacker could cause a denial of service\nvia application crash, or possibly execute arbitrary code with the\nprivileges of the user invoking the program. This issue only affected\nUbuntu 8.04 LTS. (CVE-2009-1722).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(16, 119, 189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libopenexr-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libopenexr2ldbl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libopenexr6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:openexr\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:8.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:8.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:9.04\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/09/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/09/15\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2009-2018 Canonical, Inc. / NASL script (C) 2009-2017 Tenable Network Security, Inc.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! ereg(pattern:\"^(8\\.04|8\\.10|9\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 8.04 / 8.10 / 9.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"8.04\", pkgname:\"libopenexr-dev\", pkgver:\"1.2.2-4.4ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"libopenexr2ldbl\", pkgver:\"1.2.2-4.4ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"openexr\", pkgver:\"1.2.2-4.4ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"libopenexr-dev\", pkgver:\"1.6.1-3ubuntu1.8.10.1\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"libopenexr6\", pkgver:\"1.6.1-3ubuntu1.8.10.1\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"openexr\", pkgver:\"1.6.1-3ubuntu1.8.10.1\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"libopenexr-dev\", pkgver:\"1.6.1-3ubuntu1.9.04.1\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"libopenexr6\", pkgver:\"1.6.1-3ubuntu1.9.04.1\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"openexr\", pkgver:\"1.6.1-3ubuntu1.9.04.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libopenexr-dev / libopenexr2ldbl / libopenexr6 / openexr\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "debian": [{"lastseen": "2016-09-02T18:21:28", "references": [], "affectedPackage": [{"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "1.2.2-4.3+etch2", "packageFilename": "openexr_1.2.2-4.3+etch2_amd64.deb", "arch": "x86-64", "packageName": "openexr", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.6.1-3+lenny3", "packageFilename": "openexr_1.6.1-3+lenny3_i386.deb", "arch": "i686", "packageName": "openexr", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "1.2.2-4.3+etch2", "packageFilename": "libopenexr2c2a_1.2.2-4.3+etch2_s390.deb", "arch": "s390x", "packageName": "libopenexr2c2a", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.6.1-3+lenny3", "packageFilename": "libopenexr-dev_1.6.1-3+lenny3_arm.deb", "arch": "arm", "packageName": "libopenexr-dev", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "1.2.2-4.3+etch2", "packageFilename": "libopenexr2c2a_1.2.2-4.3+etch2_hppa.deb", "arch": "hppa", "packageName": "libopenexr2c2a", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.6.1-3+lenny3", "packageFilename": "libopenexr-dev_1.6.1-3+lenny3_mipsel.deb", "arch": "mipsel", "packageName": "libopenexr-dev", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "1.2.2-4.3+etch2", "packageFilename": "libopenexr-dev_1.2.2-4.3+etch2_alpha.deb", "arch": "alpha", "packageName": "libopenexr-dev", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "1.2.2-4.3+etch2", "packageFilename": "openexr_1.2.2-4.3+etch2_sparc.deb", "arch": "sparc", "packageName": "openexr", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "1.2.2-4.3+etch2", "packageFilename": "libopenexr-dev_1.2.2-4.3+etch2_mipsel.deb", "arch": "mipsel", "packageName": "libopenexr-dev", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.6.1-3+lenny3", "packageFilename": "openexr_1.6.1-3+lenny3_mips.deb", "arch": "mips", "packageName": "openexr", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "1.2.2-4.3+etch2", "packageFilename": "openexr_1.2.2-4.3+etch2_hppa.deb", "arch": "hppa", "packageName": "openexr", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.6.1-3+lenny3", "packageFilename": "libopenexr-dev_1.6.1-3+lenny3_hppa.deb", "arch": "hppa", "packageName": "libopenexr-dev", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "1.2.2-4.3+etch2", "packageFilename": "libopenexr2c2a_1.2.2-4.3+etch2_ia64.deb", "arch": "ia64", "packageName": "libopenexr2c2a", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "1.2.2-4.3+etch2", "packageFilename": "libopenexr-dev_1.2.2-4.3+etch2_arm.deb", "arch": "arm", "packageName": "libopenexr-dev", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.6.1-3+lenny3", "packageFilename": "libopenexr-dev_1.6.1-3+lenny3_i386.deb", "arch": "i686", "packageName": "libopenexr-dev", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.6.1-3+lenny3", "packageFilename": "libopenexr6_1.6.1-3+lenny3_s390.deb", "arch": "s390x", "packageName": "libopenexr6", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.6.1-3+lenny3", "packageFilename": "openexr_1.6.1-3+lenny3_arm.deb", "arch": "arm", "packageName": "openexr", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "1.2.2-4.3+etch2", "packageFilename": "openexr_1.2.2-4.3+etch2.dsc", "arch": "src", "packageName": "openexr", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.6.1-3+lenny3", "packageFilename": "libopenexr6_1.6.1-3+lenny3_arm.deb", "arch": "arm", "packageName": "libopenexr6", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.6.1-3+lenny3", "packageFilename": "openexr_1.6.1-3+lenny3_armel.deb", "arch": "armel", "packageName": "openexr", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "1.2.2-4.3+etch2", "packageFilename": "openexr_1.2.2-4.3+etch2_mipsel.deb", "arch": "mipsel", "packageName": "openexr", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "1.2.2-4.3+etch2", "packageFilename": "openexr_1.2.2-4.3+etch2_ia64.deb", "arch": "ia64", "packageName": "openexr", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "1.2.2-4.3+etch2", "packageFilename": "libopenexr2c2a_1.2.2-4.3+etch2_alpha.deb", "arch": "alpha", "packageName": "libopenexr2c2a", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "1.2.2-4.3+etch2", "packageFilename": "openexr_1.2.2-4.3+etch2_alpha.deb", "arch": "alpha", "packageName": "openexr", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.6.1-3+lenny3", "packageFilename": "openexr_1.6.1-3+lenny3_alpha.deb", "arch": "alpha", "packageName": "openexr", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.6.1-3+lenny3", "packageFilename": "openexr_1.6.1-3+lenny3_amd64.deb", "arch": "x86-64", "packageName": "openexr", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.6.1-3+lenny3", "packageFilename": "libopenexr-dev_1.6.1-3+lenny3_armel.deb", "arch": "armel", "packageName": "libopenexr-dev", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.6.1-3+lenny3", "packageFilename": "openexr_1.6.1-3+lenny3_mipsel.deb", "arch": "mipsel", "packageName": "openexr", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.6.1.orig", "packageFilename": "openexr_1.6.1.orig.tar.gz", "arch": "src", "packageName": "openexr", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.6.1-3+lenny3", "packageFilename": "libopenexr-dev_1.6.1-3+lenny3_powerpc.deb", "arch": "ppc", "packageName": "libopenexr-dev", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "1.2.2-4.3+etch2", "packageFilename": "libopenexr-dev_1.2.2-4.3+etch2_ia64.deb", "arch": "ia64", "packageName": "libopenexr-dev", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "1.2.2-4.3+etch2", "packageFilename": "openexr_1.2.2-4.3+etch2_i386.deb", "arch": "i686", "packageName": "openexr", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.6.1-3+lenny3", "packageFilename": "openexr_1.6.1-3+lenny3_ia64.deb", "arch": "ia64", "packageName": "openexr", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "1.2.2-4.3+etch2", "packageFilename": "openexr_1.2.2-4.3+etch2_powerpc.deb", "arch": "ppc", "packageName": "openexr", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.6.1-3+lenny3", "packageFilename": "libopenexr6_1.6.1-3+lenny3_armel.deb", "arch": "armel", "packageName": "libopenexr6", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "1.2.2-4.3+etch2", "packageFilename": "libopenexr-dev_1.2.2-4.3+etch2_powerpc.deb", "arch": "ppc", "packageName": "libopenexr-dev", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.6.1-3+lenny3", "packageFilename": "libopenexr-dev_1.6.1-3+lenny3_ia64.deb", "arch": "ia64", "packageName": "libopenexr-dev", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "1.2.2-4.3+etch2", "packageFilename": "libopenexr2c2a_1.2.2-4.3+etch2_mipsel.deb", "arch": "mipsel", "packageName": "libopenexr2c2a", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.6.1-3+lenny3", "packageFilename": "openexr_1.6.1-3+lenny3_powerpc.deb", "arch": "ppc", "packageName": "openexr", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.6.1-3+lenny3", "packageFilename": "openexr_1.6.1-3+lenny3_sparc.deb", "arch": "sparc", "packageName": "openexr", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.6.1-3+lenny3", "packageFilename": "libopenexr-dev_1.6.1-3+lenny3_mips.deb", "arch": "mips", "packageName": "libopenexr-dev", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "1.2.2-4.3+etch2", "packageFilename": "libopenexr-dev_1.2.2-4.3+etch2_hppa.deb", "arch": "hppa", "packageName": "libopenexr-dev", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "1.2.2-4.3+etch2", "packageFilename": "openexr_1.2.2-4.3+etch2_arm.deb", "arch": "arm", "packageName": "openexr", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.6.1-3+lenny3", "packageFilename": "openexr_1.6.1-3+lenny3_hppa.deb", "arch": "hppa", "packageName": "openexr", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.6.1-3+lenny3", "packageFilename": "libopenexr6_1.6.1-3+lenny3_powerpc.deb", "arch": "ppc", "packageName": "libopenexr6", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.6.1-3+lenny3", "packageFilename": "openexr_1.6.1-3+lenny3_s390.deb", "arch": "s390x", "packageName": "openexr", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.6.1-3+lenny3", "packageFilename": "libopenexr6_1.6.1-3+lenny3_mips.deb", "arch": "mips", "packageName": "libopenexr6", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "1.2.2-4.3+etch2", "packageFilename": "libopenexr2c2a_1.2.2-4.3+etch2_arm.deb", "arch": "arm", "packageName": "libopenexr2c2a", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.6.1-3+lenny3", "packageFilename": "libopenexr6_1.6.1-3+lenny3_hppa.deb", "arch": "hppa", "packageName": "libopenexr6", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.6.1-3+lenny3", "packageFilename": "libopenexr6_1.6.1-3+lenny3_amd64.deb", "arch": "x86-64", "packageName": "libopenexr6", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "1.2.2-4.3+etch2", "packageFilename": "openexr_1.2.2-4.3+etch2_s390.deb", "arch": "s390x", "packageName": "openexr", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "1.2.2-4.3+etch2", "packageFilename": "libopenexr-dev_1.2.2-4.3+etch2_amd64.deb", "arch": "x86-64", "packageName": "libopenexr-dev", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "1.2.2-4.3+etch2", "packageFilename": "libopenexr2c2a_1.2.2-4.3+etch2_mips.deb", "arch": "mips", "packageName": "libopenexr2c2a", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "1.2.2.orig", "packageFilename": "openexr_1.2.2.orig.tar.gz", "arch": "src", "packageName": "openexr", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "1.2.2-4.3+etch2", "packageFilename": "libopenexr2c2a_1.2.2-4.3+etch2_i386.deb", "arch": "i686", "packageName": "libopenexr2c2a", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.6.1-3+lenny3", "packageFilename": "libopenexr6_1.6.1-3+lenny3_alpha.deb", "arch": "alpha", "packageName": "libopenexr6", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "1.2.2-4.3+etch2", "packageFilename": "libopenexr-dev_1.2.2-4.3+etch2_sparc.deb", "arch": "sparc", "packageName": "libopenexr-dev", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.6.1-3+lenny3", "packageFilename": "libopenexr-dev_1.6.1-3+lenny3_s390.deb", "arch": "s390x", "packageName": "libopenexr-dev", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.6.1-3+lenny3", "packageFilename": "libopenexr-dev_1.6.1-3+lenny3_alpha.deb", "arch": "alpha", "packageName": "libopenexr-dev", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.6.1-3+lenny3", "packageFilename": "libopenexr6_1.6.1-3+lenny3_i386.deb", "arch": "i686", "packageName": "libopenexr6", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.6.1-3+lenny3", "packageFilename": "libopenexr-dev_1.6.1-3+lenny3_sparc.deb", "arch": "sparc", "packageName": "libopenexr-dev", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "1.2.2-4.3+etch2", "packageFilename": "openexr_1.2.2-4.3+etch2_mips.deb", "arch": "mips", "packageName": "openexr", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.6.1-3+lenny3", "packageFilename": "libopenexr6_1.6.1-3+lenny3_mipsel.deb", "arch": "mipsel", "packageName": "libopenexr6", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.6.1-3+lenny3", "packageFilename": "libopenexr6_1.6.1-3+lenny3_sparc.deb", "arch": "sparc", "packageName": "libopenexr6", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "1.2.2-4.3+etch2", "packageFilename": "libopenexr-dev_1.2.2-4.3+etch2_mips.deb", "arch": "mips", "packageName": "libopenexr-dev", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "1.2.2-4.3+etch2", "packageFilename": "libopenexr-dev_1.2.2-4.3+etch2_i386.deb", "arch": "i686", "packageName": "libopenexr-dev", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.6.1-3+lenny3", "packageFilename": "libopenexr-dev_1.6.1-3+lenny3_amd64.deb", "arch": "x86-64", "packageName": "libopenexr-dev", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "1.2.2-4.3+etch2", "packageFilename": "libopenexr-dev_1.2.2-4.3+etch2_s390.deb", "arch": "s390x", "packageName": "libopenexr-dev", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "1.2.2-4.3+etch2", "packageFilename": "libopenexr2c2a_1.2.2-4.3+etch2_amd64.deb", "arch": "x86-64", "packageName": "libopenexr2c2a", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.6.1-3+lenny3", "packageFilename": "openexr_1.6.1-3+lenny3.dsc", "arch": "src", "packageName": "openexr", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.6.1-3+lenny3", "packageFilename": "libopenexr6_1.6.1-3+lenny3_ia64.deb", "arch": "ia64", "packageName": "libopenexr6", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "1.2.2-4.3+etch2", "packageFilename": "libopenexr2c2a_1.2.2-4.3+etch2_sparc.deb", "arch": "sparc", "packageName": "libopenexr2c2a", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "1.6.1-3+lenny3.diff", "packageFilename": "openexr_1.6.1-3+lenny3.diff.gz", "arch": "src", "packageName": "openexr", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "1.2.2-4.3+etch2.diff", "packageFilename": "openexr_1.2.2-4.3+etch2.diff.gz", "arch": "src", "packageName": "openexr", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "1.2.2-4.3+etch2", "packageFilename": "libopenexr2c2a_1.2.2-4.3+etch2_powerpc.deb", "arch": "ppc", "packageName": "libopenexr2c2a", "operator": "lt"}], "edition": 1, "description": "Several vulnerabilities have been discovered in the OpenEXR image library, which can lead to the execution of arbitrary code. The Common Vulnerabilities and Exposures project identifies the following problems:\n\n * [CVE-2009-1720](<https://security-tracker.debian.org/tracker/CVE-2009-1720>)\n\nDrew Yao discovered integer overflows in the preview and compression code.\n\n * [CVE-2009-1721](<https://security-tracker.debian.org/tracker/CVE-2009-1721>)\n\nDrew Yao discovered that an uninitialised pointer could be freed in the decompression code.\n\n * [CVE-2009-1722](<https://security-tracker.debian.org/tracker/CVE-2009-1722>)\n\nA buffer overflow was discovered in the compression code.\n\nFor the old stable distribution (etch), these problems have been fixed in version 1.2.2-4.3+etch2.\n\nFor the stable distribution (lenny), these problems have been fixed in version 1.6.1-3+lenny3.\n\nFor the unstable distribution (sid), these problems will be fixed soon.\n\nWe recommend that you upgrade your openexr packages.", "reporter": "Debian", "published": "2009-07-28T00:00:00", "type": "debian", "title": "openexr -- several vulnerabilities", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "bulletinFamily": "unix", "cvelist": ["CVE-2009-1721", "CVE-2009-1720", "CVE-2009-1722"], "modified": "2009-07-28T00:00:00", "id": "DSA-1842", "href": "http://www.debian.org/security/dsa-1842", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "ubuntu": [{"lastseen": "2018-03-29T18:21:08", "references": ["https://people.canonical.com/~ubuntu-security/cve/CVE-2009-1721", "https://people.canonical.com/~ubuntu-security/cve/CVE-2009-1720", "https://people.canonical.com/~ubuntu-security/cve/CVE-2009-1722"], "affectedPackage": [{"OS": "Ubuntu", "OSVersion": "8.10", "packageVersion": "1.6.1-3ubuntu1.8.10.1", "arch": "noarch", "packageName": "libopenexr6", "packageFilename": "UNKNOWN", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "8.04", "packageVersion": "1.2.2-4.4ubuntu1.1", "arch": "noarch", "packageName": "libopenexr2ldbl", "packageFilename": "UNKNOWN", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "9.04", "packageVersion": "1.6.1-3ubuntu1.9.04.1", "arch": "noarch", "packageName": "libopenexr6", "packageFilename": "UNKNOWN", "operator": "lt"}], "description": "Drew Yao discovered several flaws in the way OpenEXR handled certain malformed EXR image files. If a user were tricked into opening a crafted EXR image file, an attacker could cause a denial of service via application crash, or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2009-1720, CVE-2009-1721)\n\nIt was discovered that OpenEXR did not properly handle certain malformed EXR image files. If a user were tricked into opening a crafted EXR image file, an attacker could cause a denial of service via application crash, or possibly execute arbitrary code with the privileges of the user invoking the program. This issue only affected Ubuntu 8.04 LTS. (CVE-2009-1722)", "edition": 1, "reporter": "Ubuntu", "published": "2009-09-14T00:00:00", "title": "OpenEXR vulnerabilities", "type": "ubuntu", "enchantments": {"score": {"vector": "NONE", "value": 6.8}}, "bulletinFamily": "unix", "cvelist": ["CVE-2009-1721", "CVE-2009-1720", "CVE-2009-1722"], "modified": "2009-09-14T00:00:00", "href": "https://usn.ubuntu.com/831-1/", "id": "USN-831-1", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "seebug": [{"lastseen": "2017-11-19T18:41:10", "_object_types": ["robots.models.base.Bulletin", "robots.models.seebug.SeebugBulletin"], "enchantments_done": [], "references": [], "description": "Bugraq ID: 35954\r\nCVE ID\uff1aCVE-2009-1723\r\nCVE-2009-1726\r\nCVE-2009-1727\r\nCVE-2009-0151\r\nCVE-2009-1728\r\nCVE-2009-2188\r\nCVE-2009-2190\r\nCVE-2009-2191\r\nCVE-2009-2192\r\nCVE-2009-2193\r\nCVE-2009-2194\r\nCNCVE ID\uff1aCNCVE-20091723\r\nCNCVE-20091726\r\nCNCVE-20091727\r\nCNCVE-20090151\r\nCNCVE-20091728\r\nCNCVE-20092188\r\nCNCVE-20092190\r\nCNCVE-20092191\r\nCNCVE-20092192\r\nCNCVE-20092193\r\nCNCVE-20092194\r\n\r\nApple Mac OS X\u662f\u4e00\u6b3e\u57fa\u4e8eBSD\u7684\u64cd\u4f5c\u7cfb\u7edf\u3002\r\nApple Mac OS X\u5b89\u5168\u5347\u7ea72009-003\u4fee\u590d\u591a\u4e2a\u5b89\u5168\u6f0f\u6d1e\uff1a\r\nCVE-ID: CVE-2008-1372\uff1a\r\nCNCVE ID\uff1aCNCVE-20091723\r\nCNCVE-20091726\r\nCNCVE-20091727\r\nCNCVE-20090151\r\nCNCVE-20091728\r\nCNCVE-20092188\r\nCNCVE-20092190\r\nCNCVE-20092191\r\nCNCVE-20092192\r\nCNCVE-20092193\r\nCNCVE-20092194\r\nCNCVE-20081372\r\n \r\nbzip2\u5b58\u5728\u8d8a\u754c\u5185\u5b58\u53d1\u90a3\u4e2a\u543b\u95ee\u9898\uff0c\u6784\u5efa\u6076\u610f\u7684\u538b\u7f29\u6587\u4ef6\uff0c\u8bf1\u4f7f\u7528\u6237\u6253\u5f00\u53ef\u5bfc\u81f4\u5e94\u7528\u7a0b\u5e8f\u5d29\u6e83\u3002\r\nCVE-ID: CVE-2009-1723\uff1a\r\nCNCVE ID\uff1aCNCVE-20091723\r\nCNCVE-20091726\r\nCNCVE-20091727\r\nCNCVE-20090151\r\nCNCVE-20091728\r\nCNCVE-20092188\r\nCNCVE-20092190\r\nCNCVE-20092191\r\nCNCVE-20092192\r\nCNCVE-20092193\r\nCNCVE-20092194\r\nCNCVE-20081372\r\nCNCVE-20091723\r\n \r\n\u5f53Safari\u8bbf\u95ee\u5230\u901a\u8fc7302\u91cd\u5b9a\u5411\u7684WEB\u7ad9\u70b9\u65f6\uff0c\u4f1a\u63d0\u793a\u8bc1\u4e66\u8b66\u544a\uff0c\u6b64\u8b66\u544a\u4f1a\u5305\u542b\u539f\u59cbWEB\u7ad9\u70b9URL\u6765\u4ee3\u66ff\u5f53\u524dWEB\u7ad9\u70b9URL\uff0c\u8fd9\u5141\u8bb8\u6076\u610f\u6784\u5efa\u7684WEB\u7ad9\u70b9\u53ef\u63a7\u5236\u663e\u793a\u5728\u8bc1\u4e66\u8b66\u544a\u4e2d\u7684WEB\u7ad9\u70b9URL\uff0c\u5bfc\u81f4\u7528\u6237\u76f2\u76ee\u4fe1\u4efb\u3002\r\nCVE-ID: CVE-2009-1726\uff1a\r\nCNCVE ID\uff1aCNCVE-20091723\r\nCNCVE-20091726\r\nCNCVE-20091727\r\nCNCVE-20090151\r\nCNCVE-20091728\r\nCNCVE-20092188\r\nCNCVE-20092190\r\nCNCVE-20092191\r\nCNCVE-20092192\r\nCNCVE-20092193\r\nCNCVE-20092194\r\nCNCVE-20081372\r\nCNCVE-20091723\r\nCNCVE-20091726\r\n \r\n\u6253\u5f00\u4e00\u4e2a\u7279\u6b8a\u6784\u5efa\u7684\u4f7f\u7528\u5d4c\u5165\u5f0fColorSync\u914d\u7f6e\u6587\u4ef6\u7684\u56fe\u50cf\u65f6\u53ef\u5bfc\u81f4\u5e94\u7528\u7a0b\u5e8f\u5d29\u6e83\u3002\r\nCVE-ID: CVE-2009-1727\uff1a\r\nCNCVE ID\uff1aCNCVE-20091723\r\nCNCVE-20091726\r\nCNCVE-20091727\r\nCNCVE-20090151\r\nCNCVE-20091728\r\nCNCVE-20092188\r\nCNCVE-20092190\r\nCNCVE-20092191\r\nCNCVE-20092192\r\nCNCVE-20092193\r\nCNCVE-20092194\r\nCNCVE-20081372\r\nCNCVE-20091723\r\nCNCVE-20091726\r\nCNCVE-20091727\r\n \r\n\u6253\u5f00\u90e8\u5206\u4e0d\u5b89\u5168\u5185\u5bb9\u7c7b\u578b\u65f6\u6ca1\u6709\u5bf9\u7528\u6237\u63d0\u793a\u8b66\u544a\uff0c\u53ef\u5bfc\u81f4\u6076\u610f\u811a\u672c\u4ee3\u7801\u8d1f\u8f7d\u6267\u884c\u3002\r\nCVE-ID: CVE-2009-0151\uff1a\r\nCNCVE ID\uff1aCNCVE-20091723\r\nCNCVE-20091726\r\nCNCVE-20091727\r\nCNCVE-20090151\r\nCNCVE-20091728\r\nCNCVE-20092188\r\nCNCVE-20092190\r\nCNCVE-20092191\r\nCNCVE-20092192\r\nCNCVE-20092193\r\nCNCVE-20092194\r\nCNCVE-20081372\r\nCNCVE-20091723\r\nCNCVE-20091726\r\nCNCVE-20091727\r\nCNCVE-20090151\r\n \r\n\u5c4f\u5e55\u4fdd\u62a4\u6ca1\u6709\u6b63\u786e\u963b\u65adfour-finger Multi-Touch gestures\u591a\u70b9\u89e6\u63a7\uff0c\u5141\u8bb8\u7269\u7406\u8bbf\u95ee\u7684\u7528\u6237\u53ef\u7ba1\u7406\u5e94\u7528\u7a0b\u5e8f\u3002\r\nCVE-ID: CVE-2009-1728\uff1a\r\nCNCVE ID\uff1aCNCVE-20091723\r\nCNCVE-20091726\r\nCNCVE-20091727\r\nCNCVE-20090151\r\nCNCVE-20091728\r\nCNCVE-20092188\r\nCNCVE-20092190\r\nCNCVE-20092191\r\nCNCVE-20092192\r\nCNCVE-20092193\r\nCNCVE-20092194\r\nCNCVE-20081372\r\nCNCVE-20091723\r\nCNCVE-20091726\r\nCNCVE-20091727\r\nCNCVE-20090151\r\nCNCVE-20091728\r\n \r\n\u5904\u7406Canon RAW\u56fe\u50cf\u5b58\u5728\u591a\u4e2a\u6808\u7f13\u51b2\u533a\u6ea2\u51fa\u3002\r\nCVE-ID: CVE-2009-1722\uff1a\r\nCNCVE ID\uff1aCNCVE-20091723\r\nCNCVE-20091726\r\nCNCVE-20091727\r\nCNCVE-20090151\r\nCNCVE-20091728\r\nCNCVE-20092188\r\nCNCVE-20092190\r\nCNCVE-20092191\r\nCNCVE-20092192\r\nCNCVE-20092193\r\nCNCVE-20092194\r\nCNCVE-20081372\r\nCNCVE-20091723\r\nCNCVE-20091726\r\nCNCVE-20091727\r\nCNCVE-20090151\r\nCNCVE-20091728\r\nCNCVE-20091722\r\n \r\nImageIO\u5904\u7406OpenEXR\u56fe\u50cf\u5b58\u5728\u5806\u7f13\u51b2\u533a\u6ea2\u51fa\u3002\r\nCVE-ID: CVE-2009-1721\uff1a\r\nCNCVE ID\uff1aCNCVE-20091723\r\nCNCVE-20091726\r\nCNCVE-20091727\r\nCNCVE-20090151\r\nCNCVE-20091728\r\nCNCVE-20092188\r\nCNCVE-20092190\r\nCNCVE-20092191\r\nCNCVE-20092192\r\nCNCVE-20092193\r\nCNCVE-20092194\r\nCNCVE-20081372\r\nCNCVE-20091723\r\nCNCVE-20091726\r\nCNCVE-20091727\r\nCNCVE-20090151\r\nCNCVE-20091728\r\nCNCVE-20091722\r\nCNCVE-20091721\r\n \r\nImageIO\u5904\u7406OpenEXR\u56fe\u50cf\u5b58\u5728\u672a\u521d\u59cb\u5316\u5185\u5b58\u8bbf\u95ee\u95ee\u9898\uff0c\u53ef\u5bfc\u81f4\u5e94\u7528\u7a0b\u5e8f\u5d29\u6e83\u6216\u4efb\u610f\u4ee3\u7801\u6267\u884c\r\n\u3002\r\nCVE-ID: CVE-2009-1720\uff1a\r\nCNCVE ID\uff1aCNCVE-20091723\r\nCNCVE-20091726\r\nCNCVE-20091727\r\nCNCVE-20090151\r\nCNCVE-20091728\r\nCNCVE-20092188\r\nCNCVE-20092190\r\nCNCVE-20092191\r\nCNCVE-20092192\r\nCNCVE-20092193\r\nCNCVE-20092194\r\nCNCVE-20081372\r\nCNCVE-20091723\r\nCNCVE-20091726\r\nCNCVE-20091727\r\nCNCVE-20090151\r\nCNCVE-20091728\r\nCNCVE-20091722\r\nCNCVE-20091721\r\nCNCVE-20091720\r\n \r\nImageIO\u5904\u7406OpenEXR\u56fe\u50cf\u5b58\u5728\u6574\u6570\u6ea2\u51fa\u95ee\u9898\uff0c\u53ef\u5bfc\u81f4\u5e94\u7528\u7a0b\u5e8f\u5d29\u6e83\u6216\u4efb\u610f\u4ee3\u7801\u6267\u884c\u3002\r\nCVE-ID: CVE-2009-2188\uff1a\r\nCNCVE ID\uff1aCNCVE-20091723\r\nCNCVE-20091726\r\nCNCVE-20091727\r\nCNCVE-20090151\r\nCNCVE-20091728\r\nCNCVE-20092188\r\nCNCVE-20092190\r\nCNCVE-20092191\r\nCNCVE-20092192\r\nCNCVE-20092193\r\nCNCVE-20092194\r\nCNCVE-20081372\r\nCNCVE-20091723\r\nCNCVE-20091726\r\nCNCVE-20091727\r\nCNCVE-20090151\r\nCNCVE-20091728\r\nCNCVE-20091722\r\nCNCVE-20091721\r\nCNCVE-20091720\r\nCNCVE-20092188\r\n \r\nImageIO\u5904\u7406EXIF\u5143\u6570\u636e\u5b58\u5728\u7f13\u51b2\u533a\u6ea2\u51fa\u95ee\u9898\uff0c\u53ef\u5bfc\u81f4\u5e94\u7528\u7a0b\u5e8f\u5d29\u6e83\u6216\u4efb\u610f\u4ee3\u7801\u6267\u884c\u3002\r\nCVE-ID: CVE-2009-0040\uff1a\r\nCNCVE ID\uff1aCNCVE-20091723\r\nCNCVE-20091726\r\nCNCVE-20091727\r\nCNCVE-20090151\r\nCNCVE-20091728\r\nCNCVE-20092188\r\nCNCVE-20092190\r\nCNCVE-20092191\r\nCNCVE-20092192\r\nCNCVE-20092193\r\nCNCVE-20092194\r\nCNCVE-20081372\r\nCNCVE-20091723\r\nCNCVE-20091726\r\nCNCVE-20091727\r\nCNCVE-20090151\r\nCNCVE-20091728\r\nCNCVE-20091722\r\nCNCVE-20091721\r\nCNCVE-20091720\r\nCNCVE-20092188\r\nCNCVE-20090040\r\n \r\n\u5904\u7406PNG\u56fe\u50cf\u5b58\u5728\u672a\u521d\u59cb\u5316\u6307\u9488\u95ee\u9898\uff0c\u6784\u5efa\u7279\u6b8a\u7684PNG\u8bf1\u4f7f\u7528\u6237\u5904\u7406\u53ef\u5bfc\u81f4\u5e94\u7528\u7a0b\u5e8f\u5d29\u6e83\u6216\u4efb\u610f\u4ee3\u7801\u6267\u884c\u3002\r\nCVE-ID: CVE-2009-1235\uff1a\r\nCNCVE ID\uff1aCNCVE-20091723\r\nCNCVE-20091726\r\nCNCVE-20091727\r\nCNCVE-20090151\r\nCNCVE-20091728\r\nCNCVE-20092188\r\nCNCVE-20092190\r\nCNCVE-20092191\r\nCNCVE-20092192\r\nCNCVE-20092193\r\nCNCVE-20092194\r\nCNCVE-20081372\r\nCNCVE-20091723\r\nCNCVE-20091726\r\nCNCVE-20091727\r\nCNCVE-20090151\r\nCNCVE-20091728\r\nCNCVE-20091722\r\nCNCVE-20091721\r\nCNCVE-20091720\r\nCNCVE-20092188\r\nCNCVE-20090040\r\nCNCVE-20091235\r\n \r\n\u5185\u6838fcntl\u7cfb\u7edf\u8c03\u7528\u5904\u7406\u5b58\u5728\u5b9e\u73b0\u9519\u8bef\uff0c\u672c\u5730\u653b\u51fb\u8005\u53ef\u4ee5\u8986\u76d6\u5185\u6838\u5185\u5b58\u4ee5\u7cfb\u7edf\u7279\u6743\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002\r\nCVE-ID: CVE-2009-2190\uff1a\r\nCNCVE ID\uff1aCNCVE-20091723\r\nCNCVE-20091726\r\nCNCVE-20091727\r\nCNCVE-20090151\r\nCNCVE-20091728\r\nCNCVE-20092188\r\nCNCVE-20092190\r\nCNCVE-20092191\r\nCNCVE-20092192\r\nCNCVE-20092193\r\nCNCVE-20092194\r\nCNCVE-20081372\r\nCNCVE-20091723\r\nCNCVE-20091726\r\nCNCVE-20091727\r\nCNCVE-20090151\r\nCNCVE-20091728\r\nCNCVE-20091722\r\nCNCVE-20091721\r\nCNCVE-20091720\r\nCNCVE-20092188\r\nCNCVE-20090040\r\nCNCVE-20091235\r\nCNCVE-20092190\r\n \r\n\u5bf9\u57fa\u4e8einetd\u7684launchd\u670d\u52a1\u6253\u5f00\u591a\u4e2a\u8fde\u63a5\uff0c\u53ef\u5bfc\u81f4launchd\u505c\u6b62\u5bf9\u5916\u8fde\u63a5\u7684\u54cd\u5e94\u3002\r\nCVE-ID: CVE-2009-2191\uff1a\r\nCNCVE ID\uff1aCNCVE-20091723\r\nCNCVE-20091726\r\nCNCVE-20091727\r\nCNCVE-20090151\r\nCNCVE-20091728\r\nCNCVE-20092188\r\nCNCVE-20092190\r\nCNCVE-20092191\r\nCNCVE-20092192\r\nCNCVE-20092193\r\nCNCVE-20092194\r\nCNCVE-20081372\r\nCNCVE-20091723\r\nCNCVE-20091726\r\nCNCVE-20091727\r\nCNCVE-20090151\r\nCNCVE-20091728\r\nCNCVE-20091722\r\nCNCVE-20091721\r\nCNCVE-20091720\r\nCNCVE-20092188\r\nCNCVE-20090040\r\nCNCVE-20091235\r\nCNCVE-20092190\r\nCNCVE-20092191\r\n \r\n\u767b\u5f55\u7a97\u53e3\u5904\u7406\u5e94\u7528\u7a0b\u5e8f\u540d\u5b58\u5728\u683c\u5f0f\u4e32\u95ee\u9898\uff0c\u53ef\u5bfc\u81f4\u5e94\u7528\u7a0b\u5e8f\u5d29\u6e83\u6216\u4efb\u610f\u4ee3\u7801\u6267\u884c\u3002\r\nCVE-ID: CVE-2009-2192\uff1a\r\nCNCVE ID\uff1aCNCVE-20091723\r\nCNCVE-20091726\r\nCNCVE-20091727\r\nCNCVE-20090151\r\nCNCVE-20091728\r\nCNCVE-20092188\r\nCNCVE-20092190\r\nCNCVE-20092191\r\nCNCVE-20092192\r\nCNCVE-20092193\r\nCNCVE-20092194\r\nCNCVE-20081372\r\nCNCVE-20091723\r\nCNCVE-20091726\r\nCNCVE-20091727\r\nCNCVE-20090151\r\nCNCVE-20091728\r\nCNCVE-20091722\r\nCNCVE-20091721\r\nCNCVE-20091720\r\nCNCVE-20092188\r\nCNCVE-20090040\r\nCNCVE-20091235\r\nCNCVE-20092190\r\nCNCVE-20092191\r\nCNCVE-20092192\r\n \r\nMobileMe\u5b58\u5728\u4e00\u4e2a\u903b\u8f91\u9519\u8bef\uff0c\u5728\u9000\u51fa\u65f6\u6ca1\u6709\u5220\u9664\u6240\u6709\u51ed\u636e\uff0c\u672c\u5730\u7528\u6237\u53ef\u4ee5\u8bbf\u95ee\u5176\u4ed6MobileMe\u5e10\u6237\u76f8\u5173\u8d44\u6e90\u3002\r\nCVE-ID: CVE-2009-2193\uff1a\r\nCNCVE ID\uff1aCNCVE-20091723\r\nCNCVE-20091726\r\nCNCVE-20091727\r\nCNCVE-20090151\r\nCNCVE-20091728\r\nCNCVE-20092188\r\nCNCVE-20092190\r\nCNCVE-20092191\r\nCNCVE-20092192\r\nCNCVE-20092193\r\nCNCVE-20092194\r\nCNCVE-20081372\r\nCNCVE-20091723\r\nCNCVE-20091726\r\nCNCVE-20091727\r\nCNCVE-20090151\r\nCNCVE-20091728\r\nCNCVE-20091722\r\nCNCVE-20091721\r\nCNCVE-20091720\r\nCNCVE-20092188\r\nCNCVE-20090040\r\nCNCVE-20091235\r\nCNCVE-20092190\r\nCNCVE-20092191\r\nCNCVE-20092192\r\nCNCVE-20092193\r\n \r\n\u5185\u6838\u5904\u7406 AppleTalk\u5e94\u7b54\u62a5\u6587\u5b58\u5728\u7f13\u51b2\u533a\u6ea2\u51fa\uff0c\u53ef\u5bfc\u81f4\u4ee5\u7cfb\u7edf\u6743\u9650\u6267\u884c\u4efb\u610f\u6307\u4ee4\u3002\r\nCVE-ID: CVE-2009-2194\uff1a\r\nCNCVE ID\uff1aCNCVE-20091723\r\nCNCVE-20091726\r\nCNCVE-20091727\r\nCNCVE-20090151\r\nCNCVE-20091728\r\nCNCVE-20092188\r\nCNCVE-20092190\r\nCNCVE-20092191\r\nCNCVE-20092192\r\nCNCVE-20092193\r\nCNCVE-20092194\r\nCNCVE-20081372\r\nCNCVE-20091723\r\nCNCVE-20091726\r\nCNCVE-20091727\r\nCNCVE-20090151\r\nCNCVE-20091728\r\nCNCVE-20091722\r\nCNCVE-20091721\r\nCNCVE-20091720\r\nCNCVE-20092188\r\nCNCVE-20090040\r\nCNCVE-20091235\r\nCNCVE-20092190\r\nCNCVE-20092191\r\nCNCVE-20092192\r\nCNCVE-20092193\r\nCNCVE-20092194\r\n \r\n\u5904\u7406\u901a\u8fc7\u672c\u5730\u5957\u63a5\u5b57\u5171\u4eab\u7684\u6587\u4ef6\u63cf\u8ff0\u7b26\u5b58\u5728\u540c\u6b65\u95ee\u9898\uff0c\u901a\u8fc7\u53d1\u9001\u5305\u542b\u6587\u4ef6\u63cf\u8ff0\u7b26\u7684\u6d88\u606f\u7ed9\u6ca1\u6709\u63a5\u6536\u8005\u7684\u5957\u63a5\u5b57\uff0c\u672c\u5730\u7528\u6237\u53ef\u5bfc\u81f4\u7cfb\u7edf\u5d29\u6e83\u3002\r\nCVE-ID: CVE-2008-0674\uff1a\r\nCNCVE ID\uff1aCNCVE-20091723\r\nCNCVE-20091726\r\nCNCVE-20091727\r\nCNCVE-20090151\r\nCNCVE-20091728\r\nCNCVE-20092188\r\nCNCVE-20092190\r\nCNCVE-20092191\r\nCNCVE-20092192\r\nCNCVE-20092193\r\nCNCVE-20092194\r\nCNCVE-20081372\r\nCNCVE-20091723\r\nCNCVE-20091726\r\nCNCVE-20091727\r\nCNCVE-20090151\r\nCNCVE-20091728\r\nCNCVE-20091722\r\nCNCVE-20091721\r\nCNCVE-20091720\r\nCNCVE-20092188\r\nCNCVE-20090040\r\nCNCVE-20091235\r\nCNCVE-20092190\r\nCNCVE-20092191\r\nCNCVE-20092192\r\nCNCVE-20092193\r\nCNCVE-20092194\r\nCNCVE-20080674\r\n \r\nXQuery\u4f7f\u7528\u7684PCRE\u5e93\u5904\u7406\u89c4\u5219\u8868\u8fbe\u5f0f\u4e2d\u7684\u5b57\u7b26\u7c7b\u5b58\u5728\u7f13\u51b2\u533a\u6ea2\u51fa\uff0c\u6784\u5efa\u6076\u610f\u7684XML\u5185\u5bb9\u8bf1\u4f7f\u7528\u6237\u8bbf\u95ee\u53ef\u89e6\u53d1\u6b64\u6f0f\u6d1e\u3002\n\nApple Mac OS X Server 10.5.7\r\nApple Mac OS X Server 10.5.6\r\nApple Mac OS X Server 10.5.5\r\nApple Mac OS X Server 10.5.4\r\nApple Mac OS X Server 10.5.3\r\nApple Mac OS X Server 10.5.2\r\nApple Mac OS X Server 10.5.1\r\nApple Mac OS X Server 10.4.11\r\nApple Mac OS X Server 10.4.11\r\nApple Mac OS X Server 10.4.10\r\nApple Mac OS X Server 10.4.9\r\nApple Mac OS X Server 10.4.8\r\nApple Mac OS X Server 10.4.7\r\nApple Mac OS X Server 10.4.6\r\nApple Mac OS X Server 10.4.5\r\nApple Mac OS X Server 10.4.4\r\nApple Mac OS X Server 10.4.3\r\nApple Mac OS X Server 10.4.2\r\nApple Mac OS X Server 10.4.1\r\nApple Mac OS X Server 10.4\r\nApple Mac OS X Server 10.5\r\nApple Mac OS X 10.5.7\r\nApple Mac OS X 10.5.6\r\nApple Mac OS X 10.5.5\r\nApple Mac OS X 10.5.4\r\nApple Mac OS X 10.5.3\r\nApple Mac OS X 10.5.2\r\nApple Mac OS X 10.5.1\r\nApple Mac OS X 10.4.11\r\nApple Mac OS X 10.4.11\r\nApple Mac OS X 10.4.10\r\nApple Mac OS X 10.4.9\r\nApple Mac OS X 10.4.8\r\nApple Mac OS X 10.4.7\r\nApple Mac OS X 10.4.6\r\nApple Mac OS X 10.4.5\r\nApple Mac OS X 10.4.4\r\nApple Mac OS X 10.4.3\r\nApple Mac OS X 10.4.2\r\nApple Mac OS X 10.4.1\r\nApple Mac OS X 10.4\r\nApple Mac OS X 10.5\n\u5382\u5546\u89e3\u51b3\u65b9\u6848\r\n\u7528\u6237\u53ef\u8054\u7cfb\u4f9b\u5e94\u5546\u83b7\u5f97\u5347\u7ea7\u8865\u4e01\uff1a\r\nApple Mac OS X Server 10.5\r\nApple MacOSXServerUpdCombo10.5.8.dmg\r\nhttp://www.apple.com/support/downloads/\r\nApple Mac OS X 10.5\r\nApple MacOSXUpdCombo10.5.8.dmg\r\nhttp://www.apple.com/support/downloads/\r\nApple Mac OS X Server 10.4.11\r\nApple SecUpdSrvr2009-003PPC.dmg\r\nPowerPC\r\nhttp://www.apple.com/support/downloads/\r\nApple SecUpdSrvr2009-003Univ.dmg\r\nUniversal\r\nhttp://www.apple.com/support/downloads/\r\nApple Mac OS X 10.4.11\r\nApple SecUpd2009-003Intel.dmg\r\nIntel\r\nhttp://www.apple.com/support/downloads/\r\nApple SecUpd2009-003PPC.dmg\r\nPPC\r\nhttp://www.apple.com/support/downloads/\r\nApple Mac OS X 10.5.1\r\nApple MacOSXUpdCombo10.5.8.dmg\r\nhttp://www.apple.com/support/downloads/\r\nApple Mac OS X Server 10.5.1\r\nApple MacOSXServerUpdCombo10.5.8.dmg\r\nhttp://www.apple.com/support/downloads/\r\nApple Mac OS X 10.5.2\r\nApple MacOSXUpdCombo10.5.8.dmg\r\nhttp://www.apple.com/support/downloads/\r\nApple Mac OS X Server 10.5.2\r\nApple MacOSXServerUpdCombo10.5.8.dmg\r\nhttp://www.apple.com/support/downloads/\r\nApple Mac OS X 10.5.3\r\nApple MacOSXUpdCombo10.5.8.dmg\r\nhttp://www.apple.com/support/downloads/\r\nApple Mac OS X Server 10.5.3\r\nApple MacOSXServerUpdCombo10.5.8.dmg\r\nhttp://www.apple.com/support/downloads/\r\nApple Mac OS X 10.5.4\r\nApple MacOSXUpdCombo10.5.8.dmg\r\nhttp://www.apple.com/support/downloads/\r\nApple Mac OS X Server 10.5.4\r\nApple MacOSXServerUpdCombo10.5.8.dmg\r\nhttp://www.apple.com/support/downloads/\r\nApple Mac OS X Server 10.5.5\r\nApple MacOSXServerUpdCombo10.5.8.dmg\r\nhttp://www.apple.com/support/downloads/\r\nApple Mac OS X 10.5.5\r\nApple MacOSXUpdCombo10.5.8.dmg\r\nhttp://www.apple.com/support/downloads/\r\nApple Mac OS X 10.5.6\r\nApple MacOSXUpdCombo10.5.8.dmg\r\nhttp://www.apple.com/support/downloads/\r\nApple Mac OS X Server 10.5.6\r\nApple MacOSXServerUpdCombo10.5.8.dmg\r\nhttp://www.apple.com/support/downloads/\r\nApple Mac OS X Server 10.5.7\r\nApple MacOSXServerUpd10.5.8.dmg\r\nhttp://www.apple.com/support/downloads/\r\nApple Mac OS X 10.5.7\r\nApple MacOSXUpd10.5.8.dmg\r\nhttp://www.apple.com/support/downloads/", "reporter": "Root", "published": "2009-08-06T00:00:00", "title": "Apple Mac OS X 2009-003\u4fee\u8865\u591a\u4e2a\u5b89\u5168\u6f0f\u6d1e", "type": "seebug", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "exploit", "cvelist": ["CVE-2008-0674", "CVE-2008-1372", "CVE-2009-0040", "CVE-2009-0151", "CVE-2009-1235", "CVE-2009-1720", "CVE-2009-1721", "CVE-2009-1722", "CVE-2009-1723", "CVE-2009-1726", "CVE-2009-1727", "CVE-2009-1728", "CVE-2009-2188", "CVE-2009-2190", "CVE-2009-2191", "CVE-2009-2192", "CVE-2009-2193", "CVE-2009-2194"], "_object_type": "robots.models.seebug.SeebugBulletin", "modified": "2009-08-06T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-11998", "id": "SSV:11998", "sourceData": "", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "sourceHref": "", "status": "details"}]}}
