Mac OS X < 10.4.9 Multiple Vulnerabilities (Security Update 2007-003)

2007-03-13T00:00:00

Description

The remote host is running a version of Mac OS X 10.4 which is older than version 10.4.9 or a version of Mac OS X 10.3 which does not have Security Update 2007-003 applied. This update contains several security fixes for the following programs : - ColorSync - CoreGraphics - Crash Reporter - CUPS - Disk Images - DS Plugins - Flash Player - GNU Tar - HFS - HID Family - ImageIO - Kernel - MySQL server - Networking - OpenSSH - Printing - QuickDraw Manager - servermgrd - SMB File Server - Software Update - sudo - WebLog

{"id": "MACOSX_10_4_9.NASL", "vendorId": null, "type": "nessus", "bulletinFamily": "scanner", "title": "Mac OS X < 10.4.9 Multiple Vulnerabilities (Security Update 2007-003)", "description": "The remote host is running a version of Mac OS X 10.4 which is older than version 10.4.9 or a version of Mac OS X 10.3 which does not have Security Update 2007-003 applied.\n\nThis update contains several security fixes for the following programs :\n\n - ColorSync\n - CoreGraphics\n - Crash Reporter\n - CUPS\n - Disk Images\n - DS Plugins\n - Flash Player\n - GNU Tar\n - HFS\n - HID Family\n - ImageIO\n - Kernel\n - MySQL server\n - Networking\n - OpenSSH\n - Printing\n - QuickDraw Manager\n - servermgrd\n - SMB File Server\n - Software Update\n - sudo \n - WebLog", "published": "2007-03-13T00:00:00", "modified": "2018-07-14T00:00:00", "epss": [], "cvss": {"score": 0.0, "vector": "NONE"}, "cvss2": {}, "cvss3": {}, "href": "https://www.tenable.com/plugins/nessus/24811", "reporter": "This script is Copyright (C) 2007-2018 Tenable Network Security, Inc.", "references": ["http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0728", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5679", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3081", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0730", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0236", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5330", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4829", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0300", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0463", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0588", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0467", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5836", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1071", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4031", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0723", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6097", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6130", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6173", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0719", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1517", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1516", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0229", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0299", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5052", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0722", "http://docs.info.apple.com/article.html?artnum=305214", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6062", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3469", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0733", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0318", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6061", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0721", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4226", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0724", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2959", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2753", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0267", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0731", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6129", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5051", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0225", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4924", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0720", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0726"], "cvelist": ["CVE-2005-2959", "CVE-2006-0225", "CVE-2006-0300", "CVE-2006-1516", "CVE-2006-1517", "CVE-2006-2753", "CVE-2006-3081", "CVE-2006-3469", "CVE-2006-4031", "CVE-2006-4226", "CVE-2006-4829", "CVE-2006-4924", "CVE-2006-5051", "CVE-2006-5052", "CVE-2006-5330", "CVE-2006-5679", "CVE-2006-5836", "CVE-2006-6061", "CVE-2006-6062", "CVE-2006-6097", "CVE-2006-6129", "CVE-2006-6130", "CVE-2006-6173", "CVE-2007-0229", "CVE-2007-0236", "CVE-2007-0267", "CVE-2007-0299", "CVE-2007-0318", "CVE-2007-0463", "CVE-2007-0467", "CVE-2007-0588", "CVE-2007-0719", "CVE-2007-0720", "CVE-2007-0721", "CVE-2007-0722", "CVE-2007-0723", "CVE-2007-0724", "CVE-2007-0726", "CVE-2007-0728", "CVE-2007-0730", "CVE-2007-0731", "CVE-2007-0733", "CVE-2007-1071"], "immutableFields": [], "lastseen": "2023-05-18T14:58:45", "viewCount": 23, "enchantments": {"dependencies": {"references": [{"type": "altlinux", "idList": ["51D63D7769574E0262060CB9CD21A84C"]}, {"type": "centos", "idList": ["CESA-2006:0044", "CESA-2006:0232", "CESA-2006:0298", "CESA-2006:0544", "CESA-2006:0697", "CESA-2006:0698-01", "CESA-2006:0749", "CESA-2006:0749-01", "CESA-2007:0123", "CESA-2007:0152", "CESA-2007:0703"]}, {"type": "cert", "idList": ["VU:124280", "VU:214040", "VU:346656", "VU:363112", "VU:367424", "VU:396820", "VU:449440", "VU:515792", "VU:552136", "VU:557064", "VU:559444", "VU:765096", "VU:787448", "VU:851340", "VU:873868"]}, {"type": "checkpoint_advisories", "idList": ["CPAI-2005-53", "CPAI-2006-066", "CPAI-2006-081", "CPAI-2006-130", "CPAI-2006-161", "CPAI-2006-191", "CPAI-2006-192", "CPAI-2006-225", "CPAI-2006-300", "CPAI-2007-059", "CPAI-2014-1034"]}, {"type": "checkpoint_security", "idList": ["CPS:SK32156", "CPS:SK61744"]}, {"type": "cve", "idList": ["CVE-2005-2959", "CVE-2006-0225", "CVE-2006-0300", "CVE-2006-1516", "CVE-2006-1517", "CVE-2006-2753", "CVE-2006-3081", "CVE-2006-3469", "CVE-2006-4031", "CVE-2006-4226", "CVE-2006-4829", "CVE-2006-4924", "CVE-2006-5051", "CVE-2006-5052", "CVE-2006-5330", "CVE-2006-5679", "CVE-2006-5824", "CVE-2006-5836", "CVE-2006-6061", "CVE-2006-6062", "CVE-2006-6097", "CVE-2006-6129", "CVE-2006-6130", "CVE-2006-6173", "CVE-2007-0229", "CVE-2007-0236", "CVE-2007-0267", "CVE-2007-0299", "CVE-2007-0318", "CVE-2007-0463", "CVE-2007-0467", "CVE-2007-0588", "CVE-2007-0719", "CVE-2007-0720", "CVE-2007-0721", "CVE-2007-0722", "CVE-2007-0723", "CVE-2007-0724", "CVE-2007-0726", "CVE-2007-0728", "CVE-2007-0730", "CVE-2007-0731", "CVE-2007-0733", "CVE-2007-1071", "CVE-2007-3717", "CVE-2007-4045", "CVE-2008-4109"]}, {"type": "debian", "idList": ["DEBIAN:DSA-1071-1:5BDE8", "DEBIAN:DSA-1071-1:F1DE3", "DEBIAN:DSA-1073-1:1B9D5", "DEBIAN:DSA-1073-1:5FA93", "DEBIAN:DSA-1079-1:FCFFC", "DEBIAN:DSA-1092-1:A0C84", "DEBIAN:DSA-1112-1:85EF3", "DEBIAN:DSA-1169-1:C4898", "DEBIAN:DSA-1189-1:26174", "DEBIAN:DSA-1212-1:2D867", "DEBIAN:DSA-1212-1:650AF", "DEBIAN:DSA-1223-1:6CE9F", "DEBIAN:DSA-1223-1:6DA89", "DEBIAN:DSA-1638-1:1DBC2", "DEBIAN:DSA-870-1:2FE48", "DEBIAN:DSA-870-1:3BA7E", "DEBIAN:DSA-987-1:0FC63", "DEBIAN:DSA-987-1:F1041"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2005-2959", "DEBIANCVE:CVE-2006-0225", "DEBIANCVE:CVE-2006-0300", "DEBIANCVE:CVE-2006-4924", "DEBIANCVE:CVE-2006-5051", "DEBIANCVE:CVE-2006-5052", "DEBIANCVE:CVE-2006-6097", "DEBIANCVE:CVE-2007-0720", "DEBIANCVE:CVE-2007-4045", "DEBIANCVE:CVE-2008-4109"]}, {"type": "f5", "idList": ["F5:K14742", "F5:K17452", "F5:K6736", "F5:K6876", "F5:K6881", "SOL14742", "SOL15751", "SOL17452", "SOL6736", "SOL6876", "SOL6881"]}, {"type": "fedora", "idList": ["FEDORA:L33LDXTH029752", "FEDORA:LA863ECM010987", "FEDORA:LA9NPFPX013428"]}, {"type": "freebsd", "idList": ["1B725079-9EF6-11DA-B410-000E0C2E438A", "32DB37A5-50C3-11DB-ACF3-000C6EC775D9", "39988EE8-1918-11DC-B6BD-0016179B2DD5", "3DD7EB58-80AE-11DB-B4EC-000854D03344", "44449BF7-C69B-11DB-9F82-000E0C2E438A", "4913886C-E875-11DA-B9F4-00123FFE8333", "6107EFB9-AAE3-11DA-AEA1-000854D03344", "A0E92718-6603-11DB-AB90-000E35FD8194", "FCB90EB0-2ACE-11DB-A6E2-000E0C2E438A"]}, {"type": "freebsd_advisory", "idList": ["FREEBSD_ADVISORY:FREEBSD-SA-06:22.OPENSSH", "FREEBSD_ADVISORY:FREEBSD-SA-06:26.GTAR"]}, {"type": "gentoo", "idList": ["GLSA-200602-11", "GLSA-200603-06", "GLSA-200605-13", "GLSA-200606-13", "GLSA-200608-09", "GLSA-200609-17", "GLSA-200611-06", "GLSA-200612-10", "GLSA-200703-28", "GLSA-201412-11"]}, {"type": "nessus", "idList": ["701165.PRM", "CENTOS_RHSA-2006-0044.NASL", "CENTOS_RHSA-2006-0232.NASL", "CENTOS_RHSA-2006-0298.NASL", "CENTOS_RHSA-2006-0544.NASL", "CENTOS_RHSA-2006-0697.NASL", "CENTOS_RHSA-2006-0749.NASL", "CENTOS_RHSA-2007-0123.NASL", "CENTOS_RHSA-2007-0152.NASL", "CENTOS_RHSA-2007-0703.NASL", "CUPS_SSL_NEGOTIATION_DOS.NASL", "DEBIAN_DSA-1071.NASL", "DEBIAN_DSA-1073.NASL", "DEBIAN_DSA-1079.NASL", "DEBIAN_DSA-1092.NASL", "DEBIAN_DSA-1112.NASL", "DEBIAN_DSA-1169.NASL", "DEBIAN_DSA-1189.NASL", "DEBIAN_DSA-1212.NASL", "DEBIAN_DSA-1223.NASL", "DEBIAN_DSA-1638.NASL", "DEBIAN_DSA-870.NASL", "DEBIAN_DSA-987.NASL", "F5_BIGIP_SOL6736.NASL", "FEDORA_2006-056.NASL", "FEDORA_2006-1011.NASL", "FEDORA_2006-553.NASL", "FEDORA_2006-554.NASL", "FEDORA_2007-1219.NASL", "FEDORA_2007-2982.NASL", "FEDORA_2007-3100.NASL", "FEDORA_2007-394.NASL", "FEDORA_2007-395.NASL", "FLASH_PLAYER_APSB06-18.NASL", "FREEBSD_PKG_1B7250799EF611DAB410000E0C2E438A.NASL", "FREEBSD_PKG_32DB37A550C311DBACF3000C6EC775D9.NASL", "FREEBSD_PKG_39988EE8191811DCB6BD0016179B2DD5.NASL", "FREEBSD_PKG_3DD7EB5880AE11DBB4EC000854D03344.NASL", "FREEBSD_PKG_4913886CE87511DAB9F400123FFE8333.NASL", "FREEBSD_PKG_6107EFB9AAE311DAAEA1000854D03344.NASL", "FREEBSD_PKG_A0E92718660311DBAB90000E35FD8194.NASL", "FREEBSD_PKG_FCB90EB02ACE11DBA6E2000E0C2E438A.NASL", "GENTOO_GLSA-200602-11.NASL", "GENTOO_GLSA-200603-06.NASL", "GENTOO_GLSA-200605-13.NASL", "GENTOO_GLSA-200606-13.NASL", "GENTOO_GLSA-200608-09.NASL", "GENTOO_GLSA-200609-17.NASL", "GENTOO_GLSA-200611-06.NASL", "GENTOO_GLSA-200612-10.NASL", "GENTOO_GLSA-200703-28.NASL", "GENTOO_GLSA-201412-11.NASL", "JUNIPER_NSM_2012_1.NASL", "MACOSX_SECUPD2007-004.NASL", "MANDRAKE_MDKSA-2005-201.NASL", "MANDRAKE_MDKSA-2006-034.NASL", "MANDRAKE_MDKSA-2006-046.NASL", "MANDRAKE_MDKSA-2006-084.NASL", "MANDRAKE_MDKSA-2006-097.NASL", "MANDRAKE_MDKSA-2006-111.NASL", "MANDRAKE_MDKSA-2006-149.NASL", "MANDRAKE_MDKSA-2006-179.NASL", "MANDRAKE_MDKSA-2006-219.NASL", "MANDRAKE_MDKSA-2007-086.NASL", "MANDRIVA_MDVSA-2008-036.NASL", "MYSQL_4_1_21.NASL", "MYSQL_5_0_21.NASL", "MYSQL_5_0_24.NASL", "MYSQL_5_1_11.NASL", "MYSQL_5_1_12.NASL", "MYSQL_5_1_12_SUID.NASL", "MYSQL_5_1_6.NASL", "MYSQL_ANONYMOUS_LOGIN_HANDSHAKE_INFO_LEAKAGE.NASL", "NEWSTART_CGSL_NS-SA-2019-0036_OPENSSH.NASL", "NEWSTART_CGSL_NS-SA-2019-0089_TAR.NASL", "NEWSTART_CGSL_NS-SA-2019-0146_OPENSSH-LATEST.NASL", "NEWSTART_CGSL_NS-SA-2019-0153_TAR.NASL", "OPENSSH_43.NASL", "OPENSSH_44.NASL", "OPENSSH_45.NASL", "ORACLELINUX_ELSA-2006-0697.NASL", "ORACLELINUX_ELSA-2006-0749.NASL", "ORACLELINUX_ELSA-2007-0123.NASL", "ORACLELINUX_ELSA-2007-0152.NASL", "REDHAT-RHSA-2006-0044.NASL", "REDHAT-RHSA-2006-0232.NASL", "REDHAT-RHSA-2006-0298.NASL", "REDHAT-RHSA-2006-0544.NASL", "REDHAT-RHSA-2006-0697.NASL", "REDHAT-RHSA-2006-0698.NASL", "REDHAT-RHSA-2006-0749.NASL", "REDHAT-RHSA-2007-0009.NASL", "REDHAT-RHSA-2007-0123.NASL", "REDHAT-RHSA-2007-0152.NASL", "REDHAT-RHSA-2007-0540.NASL", "REDHAT-RHSA-2007-0703.NASL", "REDHAT-RHSA-2008-0364.NASL", "REDHAT-RHSA-2008-0768.NASL", "SLACKWARE_SSA_2006-045-06.NASL", "SLACKWARE_SSA_2006-129-02.NASL", "SLACKWARE_SSA_2006-155-01.NASL", "SLACKWARE_SSA_2006-211-01.NASL", "SLACKWARE_SSA_2006-272-02.NASL", "SLACKWARE_SSA_2006-335-01.NASL", "SL_20071109_OPENSSH_ON_SL5.NASL", "SL_20071115_OPENSSH_ON_SL4_X.NASL", "SL_20080521_MYSQL_ON_SL5_X.NASL", "SL_20080724_MYSQL_ON_SL4_X.NASL", "SOLARIS10_123324-03.NASL", "SOLARIS10_123324.NASL", "SOLARIS10_139099-04.NASL", "SOLARIS10_139099-07.NASL", "SOLARIS10_139099.NASL", "SOLARIS10_X86_123325-03.NASL", "SOLARIS10_X86_123325.NASL", "SOLARIS10_X86_139100-04.NASL", "SOLARIS10_X86_139100-07.NASL", "SOLARIS10_X86_139100.NASL", "SOLARIS9_113273.NASL", "SOLARIS9_114356.NASL", "SOLARIS9_118191.NASL", "SOLARIS9_X86_114357.NASL", "SOLARIS9_X86_114858.NASL", "SOLARIS9_X86_118192.NASL", "SUNSSH_PLAINTEXT_RECOVERY.NASL", "SUSE_CUPS-3136.NASL", "SUSE_CUPS-3137.NASL", "SUSE_CUPS-3715.NASL", "SUSE_CUPS-3716.NASL", "SUSE_FLASH-PLAYER-2357.NASL", "SUSE_FLASH-PLAYER-2359.NASL", "SUSE_FLASH-PLAYER-2969.NASL", "SUSE_MYSQL-1312.NASL", "SUSE_MYSQL-1593.NASL", "SUSE_MYSQL-2073.NASL", "SUSE_MYSQL-2075.NASL", "SUSE_OPENSSH-2183.NASL", "SUSE_OPENSSH-2184.NASL", "SUSE_SA_2006_008.NASL", "SUSE_SA_2006_036.NASL", "SUSE_SA_2006_062.NASL", "SUSE_SA_2006_077.NASL", "SUSE_TAR-2343.NASL", "SUSE_TAR-2344.NASL", "SUSE_TAR-2351.NASL", "UBUNTU_USN-213-1.NASL", "UBUNTU_USN-255-1.NASL", "UBUNTU_USN-257-1.NASL", "UBUNTU_USN-283-1.NASL", "UBUNTU_USN-288-3.NASL", "UBUNTU_USN-303-1.NASL", "UBUNTU_USN-306-1.NASL", "UBUNTU_USN-321-1.NASL", "UBUNTU_USN-338-1.NASL", "UBUNTU_USN-355-1.NASL", "UBUNTU_USN-385-1.NASL", "UBUNTU_USN-649-1.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310105118", "OPENVAS:1361412562310121297", "OPENVAS:1361412562310122583", "OPENVAS:1361412562310122637", "OPENVAS:1361412562310122709", "OPENVAS:136141256231056294", "OPENVAS:136141256231056730", "OPENVAS:136141256231056861", "OPENVAS:136141256231057167", "OPENVAS:136141256231057492", "OPENVAS:136141256231057704", "OPENVAS:136141256231065019", "OPENVAS:136141256231065105", "OPENVAS:136141256231065248", "OPENVAS:136141256231065312", "OPENVAS:136141256231065492", "OPENVAS:136141256231065502", "OPENVAS:1361412562310830271", "OPENVAS:1361412562310830479", "OPENVAS:1361412562310855023", "OPENVAS:1361412562310855030", "OPENVAS:1361412562310855115", "OPENVAS:1361412562310855178", "OPENVAS:1361412562310855205", "OPENVAS:1361412562310855295", "OPENVAS:1361412562310855348", "OPENVAS:1361412562310855413", "OPENVAS:1361412562310855433", "OPENVAS:1361412562310855516", "OPENVAS:1361412562310855742", "OPENVAS:1361412562310855771", "OPENVAS:1361412562310855835", "OPENVAS:1361412562310855853", "OPENVAS:1361412562310870033", "OPENVAS:1361412562310870069", "OPENVAS:55745", "OPENVAS:56264", "OPENVAS:56294", "OPENVAS:56330", "OPENVAS:56350", "OPENVAS:56393", "OPENVAS:56414", "OPENVAS:56728", "OPENVAS:56730", "OPENVAS:56788", "OPENVAS:56789", "OPENVAS:56833", "OPENVAS:56850", "OPENVAS:56861", "OPENVAS:56924", "OPENVAS:56940", "OPENVAS:57109", "OPENVAS:57167", "OPENVAS:57257", "OPENVAS:57337", "OPENVAS:57470", "OPENVAS:57476", "OPENVAS:57483", "OPENVAS:57492", "OPENVAS:57527", "OPENVAS:57585", "OPENVAS:57678", "OPENVAS:57680", "OPENVAS:57685", "OPENVAS:57704", "OPENVAS:57859", "OPENVAS:57895", "OPENVAS:57919", "OPENVAS:57949", "OPENVAS:58187", "OPENVAS:58841", "OPENVAS:61639", "OPENVAS:65019", "OPENVAS:65105", "OPENVAS:65248", "OPENVAS:65312", "OPENVAS:65492", "OPENVAS:65502", "OPENVAS:830271", "OPENVAS:830479", "OPENVAS:855023", "OPENVAS:855030", "OPENVAS:855115", "OPENVAS:855178", "OPENVAS:855205", "OPENVAS:855295", "OPENVAS:855348", "OPENVAS:855413", "OPENVAS:855433", "OPENVAS:855516", "OPENVAS:855742", "OPENVAS:855771", "OPENVAS:855835", "OPENVAS:855853", "OPENVAS:860996", "OPENVAS:861170", "OPENVAS:861319", "OPENVAS:861592", "OPENVAS:870033", "OPENVAS:870069"]}, {"type": "oraclelinux", "idList": ["ELSA-2006-0697", "ELSA-2006-0749", "ELSA-2007-0123", "ELSA-2007-0152", "ELSA-2007-0540", "ELSA-2007-0703", "ELSA-2008-0364", "ELSA-2008-0768"]}, {"type": "osv", "idList": ["OSV:DSA-1071-1", "OSV:DSA-1073-1", "OSV:DSA-1079-1", "OSV:DSA-1092-1", "OSV:DSA-1112", "OSV:DSA-1169", "OSV:DSA-1189-1", "OSV:DSA-1212", "OSV:DSA-1223-1", "OSV:DSA-1638-1", "OSV:DSA-870-1", "OSV:DSA-987-1"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:41442", "PACKETSTORM:54077"]}, {"type": "redhat", "idList": ["RHSA-2006:0044", "RHSA-2006:0232", "RHSA-2006:0298", "RHSA-2006:0544", "RHSA-2006:0697", "RHSA-2006:0698", "RHSA-2006:0749", "RHSA-2007:0009", "RHSA-2007:0083", "RHSA-2007:0123", "RHSA-2007:0152", "RHSA-2007:0540", "RHSA-2007:0703", "RHSA-2008:0364", "RHSA-2008:0768"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:10036", "SECURITYVULNS:DOC:11548", "SECURITYVULNS:DOC:13037", "SECURITYVULNS:DOC:13656", "SECURITYVULNS:DOC:20554", "SECURITYVULNS:VULN:6657", "SECURITYVULNS:VULN:7040", "SECURITYVULNS:VULN:7059", "SECURITYVULNS:VULN:7102", "SECURITYVULNS:VULN:7124", "SECURITYVULNS:VULN:7127", "SECURITYVULNS:VULN:7299", "SECURITYVULNS:VULN:7426"]}, {"type": "seebug", "idList": ["SSV:1979"]}, {"type": "slackware", "idList": ["SSA-2006-045-06", "SSA-2006-129-02", "SSA-2006-155-01", "SSA-2006-211-01", "SSA-2006-272-02", "SSA-2006-335-01"]}, {"type": "suse", "idList": ["SUSE-SA:2006:008", "SUSE-SA:2006:036", "SUSE-SA:2006:062", "SUSE-SA:2006:077"]}, {"type": "ubuntu", "idList": ["USN-213-1", "USN-255-1", "USN-257-1", "USN-283-1", "USN-288-3", "USN-303-1", "USN-306-1", "USN-321-1", "USN-338-1", "USN-355-1", "USN-385-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2005-2959", "UB:CVE-2006-0225", "UB:CVE-2006-0300", "UB:CVE-2006-1516", "UB:CVE-2006-1517", "UB:CVE-2006-2753", "UB:CVE-2006-3081", "UB:CVE-2006-3469", "UB:CVE-2006-4031", "UB:CVE-2006-4226", "UB:CVE-2006-4924", "UB:CVE-2006-5051", "UB:CVE-2006-5052", "UB:CVE-2006-5330", "UB:CVE-2006-6097", "UB:CVE-2007-0720", "UB:CVE-2007-4045", "UB:CVE-2008-4109"]}, {"type": "veracode", "idList": ["VERACODE:23054", "VERACODE:23055", "VERACODE:23056", "VERACODE:23063", "VERACODE:23082", "VERACODE:23383"]}]}, "score": {"value": 7.6, "vector": "NONE"}, "backreferences": {"references": [{"type": "centos", "idList": ["CESA-2006:0044", "CESA-2006:0232", "CESA-2006:0298", "CESA-2006:0544", "CESA-2006:0697", "CESA-2006:0698-01", "CESA-2006:0749", "CESA-2006:0749-01", "CESA-2007:0123", "CESA-2007:0152", "CESA-2007:0703"]}, {"type": "cert", "idList": ["VU:124280", "VU:214040", "VU:346656", "VU:363112", "VU:367424", "VU:396820", "VU:449440", "VU:515792", "VU:552136", "VU:557064", "VU:559444", "VU:765096", "VU:851340", "VU:873868"]}, {"type": "checkpoint_advisories", "idList": ["CPAI-2006-130", "CPAI-2006-161", "CPAI-2014-1034"]}, {"type": "checkpoint_security", "idList": ["CPS:SK32156", "CPS:SK61744", "CPS:SK65269"]}, {"type": "cve", "idList": ["CVE-2005-2959", "CVE-2006-0225", "CVE-2006-0300", "CVE-2006-1516", "CVE-2006-1517", "CVE-2006-2753", "CVE-2006-3081", "CVE-2006-3469", "CVE-2006-4031", "CVE-2006-4226", "CVE-2006-4829", "CVE-2006-4924", "CVE-2006-5051", "CVE-2006-5052", "CVE-2006-5330", "CVE-2006-5679", "CVE-2006-5836", "CVE-2006-6061", "CVE-2006-6062", "CVE-2006-6097", "CVE-2006-6129", "CVE-2006-6130", "CVE-2006-6173", "CVE-2007-0229", "CVE-2007-0236", "CVE-2007-0267", "CVE-2007-0299", "CVE-2007-0318", "CVE-2007-0463", "CVE-2007-0467", "CVE-2007-0588", "CVE-2007-0719", "CVE-2007-0720", "CVE-2007-0721", "CVE-2007-0722", "CVE-2007-0723", "CVE-2007-0724", "CVE-2007-0726", "CVE-2007-0728", "CVE-2007-0730", "CVE-2007-0731", "CVE-2007-0733", "CVE-2007-1071"]}, {"type": "debian", "idList": ["DEBIAN:DSA-1079-1:FCFFC"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2006-0225", "DEBIANCVE:CVE-2007-0720"]}, {"type": "f5", "idList": ["F5:K6876", "SOL14742", "SOL15751", "SOL17452", "SOL6736", "SOL6876", "SOL6881"]}, {"type": "fedora", "idList": ["FEDORA:LA863ECM010987"]}, {"type": "freebsd", "idList": ["1B725079-9EF6-11DA-B410-000E0C2E438A", "32DB37A5-50C3-11DB-ACF3-000C6EC775D9", "39988EE8-1918-11DC-B6BD-0016179B2DD5", "3DD7EB58-80AE-11DB-B4EC-000854D03344", "44449BF7-C69B-11DB-9F82-000E0C2E438A", "4913886C-E875-11DA-B9F4-00123FFE8333", "6107EFB9-AAE3-11DA-AEA1-000854D03344", "A0E92718-6603-11DB-AB90-000E35FD8194", "FCB90EB0-2ACE-11DB-A6E2-000E0C2E438A"]}, {"type": "gentoo", "idList": ["GLSA-200612-10"]}, {"type": "metasploit", "idList": ["MSF:ILITIES/SUNPATCH-125333/"]}, {"type": "nessus", "idList": ["DEBIAN_DSA-1079.NASL", "FLASH_PLAYER_APSB06-18.NASL", "FREEBSD_PKG_1B7250799EF611DAB410000E0C2E438A.NASL", "FREEBSD_PKG_32DB37A550C311DBACF3000C6EC775D9.NASL", "GENTOO_GLSA-201412-11.NASL", "MYSQL_5_0_21.NASL", "ORACLELINUX_ELSA-2007-0123.NASL", "SLACKWARE_SSA_2006-335-01.NASL", "SOLARIS10_X86_123325-03.NASL", "SOLARIS9_X86_118192.NASL", "SUSE_OPENSSH-2183.NASL", "SUSE_TAR-2351.NASL", "UBUNTU_USN-257-1.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310855115", "OPENVAS:56789", "OPENVAS:57859", "OPENVAS:57895", "OPENVAS:65019", "OPENVAS:830479", "OPENVAS:855178"]}, {"type": "oraclelinux", "idList": ["ELSA-2007-0152", "ELSA-2007-0540"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:54077"]}, {"type": "redhat", "idList": ["RHSA-2007:0152"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:7124"]}, {"type": "slackware", "idList": ["SSA-2006-129-02"]}, {"type": "suse", "idList": ["SUSE-SA:2006:062"]}, {"type": "ubuntu", "idList": ["USN-306-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2005-2959", "UB:CVE-2006-3469"]}]}, "exploitation": null, "epss": [{"cve": "CVE-2005-2959", "epss": 0.00043, "percentile": 0.05902, "modified": "2023-05-06"}, {"cve": "CVE-2006-0225", "epss": 0.00103, "percentile": 0.40802, "modified": "2023-05-06"}, {"cve": "CVE-2006-0300", "epss": 0.29401, "percentile": 0.96251, "modified": "2023-05-06"}, {"cve": "CVE-2006-1516", "epss": 0.92254, "percentile": 0.98439, "modified": "2023-05-06"}, {"cve": "CVE-2006-1517", "epss": 0.15306, "percentile": 0.9501, "modified": "2023-05-06"}, {"cve": "CVE-2006-2753", "epss": 0.00398, "percentile": 0.69619, "modified": "2023-05-06"}, {"cve": "CVE-2006-3081", "epss": 0.02849, "percentile": 0.89184, "modified": "2023-05-06"}, {"cve": "CVE-2006-3469", "epss": 0.94953, "percentile": 0.98866, "modified": "2023-05-06"}, {"cve": "CVE-2006-4031", "epss": 0.00098, "percentile": 0.3952, "modified": "2023-05-06"}, {"cve": "CVE-2006-4226", "epss": 0.0027, "percentile": 0.62958, "modified": "2023-05-06"}, {"cve": "CVE-2006-4829", "epss": 0.05664, "percentile": 0.92119, "modified": "2023-05-06"}, {"cve": "CVE-2006-4924", "epss": 0.9375, "percentile": 0.98645, "modified": "2023-05-06"}, {"cve": "CVE-2006-5051", "epss": 0.40748, "percentile": 0.96723, "modified": "2023-05-06"}, {"cve": "CVE-2006-5052", "epss": 0.0139, "percentile": 0.8437, "modified": "2023-05-06"}, {"cve": "CVE-2006-5330", "epss": 0.00912, "percentile": 0.80517, "modified": "2023-05-06"}, {"cve": "CVE-2006-5679", "epss": 0.00055, "percentile": 0.20636, "modified": "2023-05-06"}, {"cve": "CVE-2006-5836", "epss": 0.00042, "percentile": 0.00487, "modified": "2023-05-06"}, {"cve": "CVE-2006-6061", "epss": 0.02881, "percentile": 0.89229, "modified": "2023-05-06"}, {"cve": "CVE-2006-6062", "epss": 0.08894, "percentile": 0.93635, "modified": "2023-05-06"}, {"cve": "CVE-2006-6097", "epss": 0.00888, "percentile": 0.80265, "modified": "2023-05-06"}, {"cve": "CVE-2006-6129", "epss": 0.00042, "percentile": 0.00487, "modified": "2023-05-06"}, {"cve": "CVE-2006-6130", "epss": 0.00047, "percentile": 0.14276, "modified": "2023-05-06"}, {"cve": "CVE-2006-6173", "epss": 0.00042, "percentile": 0.00487, "modified": "2023-05-06"}, {"cve": "CVE-2007-0229", "epss": 0.97162, "percentile": 0.99656, "modified": "2023-05-06"}, {"cve": "CVE-2007-0236", "epss": 0.1554, "percentile": 0.95046, "modified": "2023-05-06"}, {"cve": "CVE-2007-0267", "epss": 0.00048, "percentile": 0.14712, "modified": "2023-05-06"}, {"cve": "CVE-2007-0299", "epss": 0.01556, "percentile": 0.85246, "modified": "2023-05-06"}, {"cve": "CVE-2007-0318", "epss": 0.01165, "percentile": 0.82847, "modified": "2023-05-06"}, {"cve": "CVE-2007-0463", "epss": 0.36533, "percentile": 0.96574, "modified": "2023-05-06"}, {"cve": "CVE-2007-0467", "epss": 0.00042, "percentile": 0.00487, "modified": "2023-05-06"}, {"cve": "CVE-2007-0588", "epss": 0.771, "percentile": 0.97695, "modified": "2023-05-06"}, {"cve": "CVE-2007-0719", "epss": 0.0386, "percentile": 0.9057, "modified": "2023-05-06"}, {"cve": "CVE-2007-0720", "epss": 0.06481, "percentile": 0.92624, "modified": "2023-05-06"}, {"cve": "CVE-2007-0721", "epss": 0.04785, "percentile": 0.91469, "modified": "2023-05-06"}, {"cve": "CVE-2007-0722", "epss": 0.04555, "percentile": 0.91276, "modified": "2023-05-06"}, {"cve": "CVE-2007-0723", "epss": 0.00683, "percentile": 0.77092, "modified": "2023-05-06"}, {"cve": "CVE-2007-0724", "epss": 0.00042, "percentile": 0.00487, "modified": "2023-05-06"}, {"cve": "CVE-2007-0726", "epss": 0.0325, "percentile": 0.89794, "modified": "2023-05-06"}, {"cve": "CVE-2007-0728", "epss": 0.00043, "percentile": 0.05902, "modified": "2023-05-06"}, {"cve": "CVE-2007-0730", "epss": 0.01833, "percentile": 0.86447, "modified": "2023-05-06"}, {"cve": "CVE-2007-0731", "epss": 0.00422, "percentile": 0.70432, "modified": "2023-05-06"}, {"cve": "CVE-2007-0733", "epss": 0.03925, "percentile": 0.90653, "modified": "2023-05-06"}, {"cve": "CVE-2007-1071", "epss": 0.59175, "percentile": 0.97185, "modified": "2023-05-06"}], "vulnersScore": 7.6}, "_state": {"dependencies": 1684426120, "score": 1684429096, "epss": 0}, "_internal": {"score_hash": "38eed14b72711c914e2c4cfaf5857e3f"}, "pluginID": "24811", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\nif ( ! defined_func(\"bn_random\") ) exit(0);\nif ( NASL_LEVEL < 3004 ) exit(0);\n\n\ninclude(\"compat.inc\");\n\nif(description)\n{\n script_id(24811);\n script_version (\"1.29\");\n\n script_cve_id(\"CVE-2007-0719\", \"CVE-2007-0467\", \"CVE-2007-0720\", \n \"CVE-2007-0721\", \"CVE-2007-0722\", \"CVE-2006-6061\", \n \"CVE-2006-6062\", \"CVE-2006-5679\", \"CVE-2007-0229\", \n \"CVE-2007-0267\", \"CVE-2007-0299\", \"CVE-2007-0723\", \n \"CVE-2006-5330\", \"CVE-2006-0300\", \"CVE-2006-6097\", \n \"CVE-2007-0318\", \"CVE-2007-0724\", \"CVE-2007-1071\", \n \"CVE-2007-0733\", \"CVE-2006-5836\", \"CVE-2006-6129\", \n \"CVE-2006-6173\", \"CVE-2006-1516\", \"CVE-2006-1517\", \n \"CVE-2006-2753\", \"CVE-2006-3081\", \"CVE-2006-4031\", \n \"CVE-2006-4226\", \"CVE-2006-3469\", \"CVE-2006-6130\", \n \"CVE-2007-0236\", \"CVE-2007-0726\", \"CVE-2006-0225\", \n \"CVE-2006-4924\", \"CVE-2006-5051\", \"CVE-2006-5052\", \n \"CVE-2007-0728\", \"CVE-2007-0588\", \"CVE-2007-0730\", \n \"CVE-2007-0731\", \"CVE-2007-0463\", \"CVE-2005-2959\", \n \"CVE-2006-4829\");\n script_bugtraq_id(20982, 21236, 21291, 21349, 22041, 22948);\n\n script_name(english:\"Mac OS X < 10.4.9 Multiple Vulnerabilities (Security Update 2007-003)\");\n \n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host is missing a Mac OS X update which fixes a security\nissue.\" );\n script_set_attribute(attribute:\"description\", value:\n\"The remote host is running a version of Mac OS X 10.4 which is older than\nversion 10.4.9 or a version of Mac OS X 10.3 which does not have \nSecurity Update 2007-003 applied.\n\nThis update contains several security fixes for the following programs :\n\n - ColorSync\n - CoreGraphics\n - Crash Reporter\n - CUPS\n - Disk Images\n - DS Plugins\n - Flash Player\n - GNU Tar\n - HFS\n - HID Family\n - ImageIO\n - Kernel\n - MySQL server\n - Networking\n - OpenSSH\n - Printing\n - QuickDraw Manager\n - servermgrd\n - SMB File Server\n - Software Update\n - sudo \n - WebLog\" );\n script_set_attribute(attribute:\"see_also\", value:\"http://docs.info.apple.com/article.html?artnum=305214\" );\n script_set_attribute(attribute:\"solution\", value:\n\"Mac OS X 10.4 : Upgrade to Mac OS X 10.4.9 :\n\nhttp://www.apple.com/support/downloads/macosxserver1049updateppc.html\nhttp://www.apple.com/support/downloads/macosx1049updateintel.html\nhttp://www.apple.com/support/downloads/macosxserver1049updateuniversal.html\n\nMac OS X 10.3 : Apply Security Update 2007-003 :\n\nhttp://www.apple.com/support/downloads/securityupdate20070031039client.html\nhttp://www.apple.com/support/downloads/securityupdate20070031039server.html\" );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(79, 119, 362, 399);\n\n script_set_attribute(attribute:\"plugin_publication_date\", value: \"2007/03/13\");\n script_set_attribute(attribute:\"vuln_publication_date\", value: \"2005/09/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value: \"2007/03/13\");\n script_cvs_date(\"Date: 2018/07/14 1:59:35\");\nscript_set_attribute(attribute:\"plugin_type\", value:\"combined\");\nscript_set_attribute(attribute:\"cpe\", value:\"cpe:/o:apple:mac_os_x\");\nscript_end_attributes();\n\n script_summary(english:\"Check for the version of Mac OS X\");\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2018 Tenable Network Security, Inc.\");\n script_family(english:\"MacOS X Local Security Checks\");\n script_dependencies(\"ssh_get_info.nasl\", \"os_fingerprint.nasl\");\n exit(0);\n}\n\n\nos = get_kb_item(\"Host/MacOSX/Version\");\nif ( ! os ) {\n\t os = get_kb_item(\"Host/OS\");\n\t confidence = get_kb_item(\"Host/OS/Confidence\");\n\t if ( confidence <= 90 ) exit(0);\n\t}\nif ( ! os ) exit(0);\nif ( ereg(pattern:\"Mac OS X 10\\.4($|\\.[1-8]([^0-9]|$))\", string:os)) security_hole(0);\nelse if ( ereg(pattern:\"Mac OS X 10\\.3\\.\", string:os) )\n{\n packages = get_kb_item(\"Host/MacOSX/packages\");\n if ( ! packages ) exit(0);\n if (!egrep(pattern:\"^SecUpd(Srvr)?2007-003\", string:packages)) security_hole(0);\n}\n", "naslFamily": "MacOS X Local Security Checks", "cpe": ["cpe:/o:apple:mac_os_x"], "solution": "Mac OS X 10.4 : Upgrade to Mac OS X 10.4.9 :\n\nhttp://www.apple.com/support/downloads/macosxserver1049updateppc.html http://www.apple.com/support/downloads/macosx1049updateintel.html http://www.apple.com/support/downloads/macosxserver1049updateuniversal.html\n\nMac OS X 10.3 : Apply Security Update 2007-003 :\n\nhttp://www.apple.com/support/downloads/securityupdate20070031039client.html http://www.apple.com/support/downloads/securityupdate20070031039server.html", "nessusSeverity": "Critical", "cvssScoreSource": "", "vendor_cvss2": {"score": 10, "vector": "CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "vendor_cvss3": {"score": null, "vector": null}, "vpr": {"risk factor": "Medium", "score": "6.7"}, "exploitAvailable": true, "exploitEase": "Exploits are available", "patchPublicationDate": "2007-03-13T00:00:00", "vulnerabilityPublicationDate": "2005-09-28T00:00:00", "exploitableWith": []}

{"securityvulns": [{"lastseen": "2021-06-08T19:03:05", "description": "Mac OS X security update closes a number of vulnerabilities.", "cvss3": {}, "published": "2007-03-18T00:00:00", "type": "securityvulns", "title": "Apple MacOS X multiple security vulnerabilities", "bulletinFamily": "software", "hackapp": {}, "cvss2": {}, "cvelist": ["CVE-2007-0733", "CVE-2007-0730", "CVE-2007-0724", "CVE-2007-0726", "CVE-2007-0723", "CVE-2007-0719", "CVE-2007-0731", "CVE-2007-0720", "CVE-2007-0728", "CVE-2007-0722", "CVE-2007-0721"], "modified": "2007-03-18T00:00:00", "id": "SECURITYVULNS:VULN:7426", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:7426", "sourceData": "", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2021-06-08T18:57:22", "description": "Buffer overflow on oversized DMG volume label in Apple Finder. Integer overflows on UFS DMG image parsing. DoS on processing UFS and HFS+ volumes.", "cvss3": {}, "published": "2007-01-16T00:00:00", "type": "securityvulns", "title": "Mac OS X / Apple Finder multiple file system parsing vulnerabilities", "bulletinFamily": "software", "hackapp": {}, "cvss2": {}, "cvelist": ["CVE-2007-0299", "CVE-2007-0197", "CVE-2007-0267", "CVE-2007-0318", "CVE-2007-0229"], "modified": "2007-01-16T00:00:00", "id": "SECURITYVULNS:VULN:7040", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:7040", "sourceData": "", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:10:14", "description": "-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n- --------------------------------------------------------------------------\r\nDebian Security Advisory DSA 870-1 security@debian.org\r\nhttp://www.debian.org/security/ Martin Schulze\r\nOctober 25th, 2005 http://www.debian.org/security/faq\r\n- --------------------------------------------------------------------------\r\n\r\nPackage : sudo\r\nVulnerability : missing input sanitising\r\nProblem type : local\r\nDebian-specific: no\r\nCVE ID : CVE-2005-2959\r\n\r\nTavis Ormandy noticed that sudo, a program that provides limited super\r\nuser privileges to specific users, does not clean the environment\r\nsufficiently. The SHELLOPTS and PS4 variables are dangerous and are\r\nstill passed through to the program running as privileged user. This\r\ncan result in the execution of arbitrary commands as privileged user\r\nwhen a bash script is executed. These vulnerabilities can only be\r\nexploited by users who have been granted limited super user\r\nprivileges.\r\n\r\nFor the old stable distribution (woody) this problem has been fixed in\r\nversion 1.6.6-1.4.\r\n\r\nFor the stable distribution (sarge) this problem has been fixed in\r\nversion 1.6.8p7-1.2.\r\n\r\nFor the unstable distribution (sid) this problem has been fixed in\r\nversion 1.6.8p9-3.\r\n\r\nWe recommend that you upgrade your sudo package.\r\n\r\n\r\nUpgrade Instructions\r\n- --------------------\r\n\r\nwget url\r\n will fetch the file for you\r\ndpkg -i file.deb\r\n will install the referenced file.\r\n\r\nIf you are using the apt-get package manager, use the line for\r\nsources.list as given below:\r\n\r\napt-get update\r\n will update the internal database\r\napt-get upgrade\r\n will install corrected packages\r\n\r\nYou may use an automated update by adding the resources from the\r\nfooter to the proper configuration.\r\n\r\n\r\nDebian GNU/Linux 3.0 alias woody\r\n- --------------------------------\r\n\r\n Source archives:\r\n\r\n http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.6-1.4.dsc\r\n Size/MD5 checksum: 587 c22d78e545cc41285b70e928baf5ef2a\r\n http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.6-1.4.diff.gz\r\n Size/MD5 checksum: 12353 49b036195d8797105cc48b77343409df\r\n http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.6.orig.tar.gz\r\n Size/MD5 checksum: 333074 4da4bf6cf31634cc7a17ec3b69fdc333\r\n\r\n Alpha architecture:\r\n\r\n http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.6-1.4_alpha.deb\r\n Size/MD5 checksum: 151570 03fce4fe476ae16b4672dab579d5fd69\r\n\r\n ARM architecture:\r\n\r\n http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.6-1.4_arm.deb\r\n Size/MD5 checksum: 141524 9337ba4f86b1bfc23b9c0ac43831e5b8\r\n\r\n Intel IA-32 architecture:\r\n\r\n http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.6-1.4_i386.deb\r\n Size/MD5 checksum: 134978 ad3fa7172bdf1367bcb7ffada5fe8bd1\r\n\r\n Intel IA-64 architecture:\r\n\r\n http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.6-1.4_ia64.deb\r\n Size/MD5 checksum: 172532 a37d469d4b88fbf61ffcf2bfe2ba2ac9\r\n\r\n HP Precision architecture:\r\n\r\n http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.6-1.4_hppa.deb\r\n Size/MD5 checksum: 147642 48ee191d753ce8231406383ddfeca83b\r\n\r\n Motorola 680x0 architecture:\r\n\r\n http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.6-1.4_m68k.deb\r\n Size/MD5 checksum: 132792 661352760c71a856734ed98cf59718f8\r\n\r\n Big endian MIPS architecture:\r\n\r\n http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.6-1.4_mips.deb\r\n Size/MD5 checksum: 144444 8bd20f7ef341e7b4210bf83888288817\r\n\r\n Little endian MIPS architecture:\r\n\r\n http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.6-1.4_mipsel.deb\r\n Size/MD5 checksum: 144320 65cd1110ea9d0a24cfd42a963c2e932c\r\n\r\n PowerPC architecture:\r\n\r\n http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.6-1.4_powerpc.deb\r\n Size/MD5 checksum: 140708 d46cca27fddf5ba89b3a7ccbce87bfd8\r\n\r\n IBM S/390 architecture:\r\n\r\n http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.6-1.4_s390.deb\r\n Size/MD5 checksum: 140294 c2b73dd934d2852bd97395021b82bcb1\r\n\r\n Sun Sparc architecture:\r\n\r\n http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.6-1.4_sparc.deb\r\n Size/MD5 checksum: 143106 7fe864a335c9f438765cedb78b602695\r\n\r\n\r\nDebian GNU/Linux 3.1 alias sarge\r\n- --------------------------------\r\n\r\n Source archives:\r\n\r\n http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.8p7-1.2.dsc\r\n Size/MD5 checksum: 571 ee704f9a7147f4af70b7f98c03fe63ca\r\n http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.8p7-1.2.diff.gz\r\n Size/MD5 checksum: 20291 85b39fe73ce73b17f89077f5baff1061\r\n http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.8p7.orig.tar.gz\r\n Size/MD5 checksum: 585302 ad65d24f20c736597360d242515e412c\r\n\r\n Alpha architecture:\r\n\r\n http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.8p7-1.2_alpha.deb\r\n Size/MD5 checksum: 176516 f3d8c031b827697735e1fb4c6b30aa05\r\n\r\n AMD64 architecture:\r\n\r\n http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.8p7-1.2_amd64.deb\r\n Size/MD5 checksum: 169978 13c5fb4e10b152a0b8c304c9b5070f33\r\n\r\n ARM architecture:\r\n\r\n http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.8p7-1.2_arm.deb\r\n Size/MD5 checksum: 163528 08b9302954e490b86915ba1c77ad2e95\r\n\r\n Intel IA-32 architecture:\r\n\r\n http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.8p7-1.2_i386.deb\r\n Size/MD5 checksum: 159618 b96c7e49de019a22e63b146108d373b2\r\n\r\n Intel IA-64 architecture:\r\n\r\n http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.8p7-1.2_ia64.deb\r\n Size/MD5 checksum: 195042 ea11fb9d63c42cd5e987cbc426b2d850\r\n\r\n HP Precision architecture:\r\n\r\n http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.8p7-1.2_hppa.deb\r\n Size/MD5 checksum: 170464 db7b10db7027d76e9db541e1ecfdf3c5\r\n\r\n Motorola 680x0 architecture:\r\n\r\n http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.8p7-1.2_m68k.deb\r\n Size/MD5 checksum: 154890 984de6ffe0c4148eb4ec2524be48ec93\r\n\r\n Big endian MIPS architecture:\r\n\r\n http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.8p7-1.2_mips.deb\r\n Size/MD5 checksum: 168394 2915f237172414cd34d5a5f9d7bf9f52\r\n\r\n Little endian MIPS architecture:\r\n\r\n http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.8p7-1.2_mipsel.deb\r\n Size/MD5 checksum: 168296 1a69c185ad41d450e4cb0ee593e53779\r\n\r\n PowerPC architecture:\r\n\r\n http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.8p7-1.2_powerpc.deb\r\n Size/MD5 checksum: 165140 4cef8bdb04fb8c91a69d93a41f14a449\r\n\r\n IBM S/390 architecture:\r\n\r\n http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.8p7-1.2_s390.deb\r\n Size/MD5 checksum: 167986 ef2691f0af99039da331c7cc68136a06\r\n\r\n Sun Sparc architecture:\r\n\r\n http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.8p7-1.2_sparc.deb\r\n Size/MD5 checksum: 162382 897dd50a90835ff5ffeaa34a6d499506\r\n\r\n\r\n These files will probably be moved into the stable distribution on\r\n its next update.\r\n\r\n- ---------------------------------------------------------------------------------\r\nFor apt-get: deb http://security.debian.org/ stable/updates main\r\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\r\nMailing list: debian-security-announce@lists.debian.org\r\nPackage info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>\r\n\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.2 (GNU/Linux)\r\n\r\niD8DBQFDXf08W5ql+IAeqTIRAjaOAKCh+NPqF/7J2ehsKIoNKmGtx1g3kgCfcGNs\r\n/5vpyplOheP/GFlXkNXISMg=\r\n=RQDn\r\n-----END PGP SIGNATURE-----\r\n\r\n_______________________________________________\r\nFull-Disclosure - We believe in it.\r\nCharter: http://lists.grok.org.uk/full-disclosure-charter.html\r\nHosted and sponsored by Secunia - http://secunia.com/", "cvss3": {}, "published": "2005-10-25T00:00:00", "type": "securityvulns", "title": "[Full-disclosure] [SECURITY] [DSA 870-1] New sudo packages fix arbitrary command execution", "bulletinFamily": "software", "hackapp": {}, "cvss2": {}, "cvelist": ["CVE-2005-2959"], "modified": "2005-10-25T00:00:00", "id": "SECURITYVULNS:DOC:10036", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:10036", "sourceData": "", "cvss": {"score": 4.6, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "nessus": [{"lastseen": "2023-05-18T14:19:30", "description": "New openssh packages are available for Slackware 8.1, 9.0, 9.1, 10.0, 10.1, 10.2, and -current to fix security issues.", "cvss3": {}, "published": "2006-09-29T00:00:00", "type": "nessus", "title": "Slackware 10.0 / 10.1 / 10.2 / 8.1 / 9.0 / 9.1 / current : openssh (SSA:2006-272-02)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2006-4924", "CVE-2006-5051", "CVE-2006-5052"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:slackware:slackware_linux:openssh", "cpe:/o:slackware:slackware_linux", "cpe:/o:slackware:slackware_linux:10.0", "cpe:/o:slackware:slackware_linux:10.1", "cpe:/o:slackware:slackware_linux:10.2", "cpe:/o:slackware:slackware_linux:8.1", "cpe:/o:slackware:slackware_linux:9.0", "cpe:/o:slackware:slackware_linux:9.1"], "id": "SLACKWARE_SSA_2006-272-02.NASL", "href": "https://www.tenable.com/plugins/nessus/22468", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Slackware Security Advisory 2006-272-02. The text \n# itself is copyright (C) Slackware Linux, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(22468);\n script_version(\"1.18\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2006-4924\", \"CVE-2006-5051\", \"CVE-2006-5052\");\n script_xref(name:\"SSA\", value:\"2006-272-02\");\n\n script_name(english:\"Slackware 10.0 / 10.1 / 10.2 / 8.1 / 9.0 / 9.1 / current : openssh (SSA:2006-272-02)\");\n script_summary(english:\"Checks for updated package in /var/log/packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Slackware host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"New openssh packages are available for Slackware 8.1, 9.0, 9.1, 10.0,\n10.1, 10.2, and -current to fix security issues.\"\n );\n # http://www.slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.592566\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?6b148882\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected openssh package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_cwe_id(362, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:slackware:slackware_linux:openssh\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:10.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:10.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:10.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:8.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:9.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:9.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2006/09/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2006/09/29\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2006/09/25\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2006-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Slackware Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Slackware/release\", \"Host/Slackware/packages\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"slackware.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Slackware/release\")) audit(AUDIT_OS_NOT, \"Slackware\");\nif (!get_kb_item(\"Host/Slackware/packages\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Slackware\", cpu);\n\n\nflag = 0;\nif (slackware_check(osver:\"8.1\", pkgname:\"openssh\", pkgver:\"4.4p1\", pkgarch:\"i386\", pkgnum:\"1_slack8.1\")) flag++;\n\nif (slackware_check(osver:\"9.0\", pkgname:\"openssh\", pkgver:\"4.4p1\", pkgarch:\"i386\", pkgnum:\"1_slack9.0\")) flag++;\n\nif (slackware_check(osver:\"9.1\", pkgname:\"openssh\", pkgver:\"4.4p1\", pkgarch:\"i486\", pkgnum:\"1_slack9.1\")) flag++;\n\nif (slackware_check(osver:\"10.0\", pkgname:\"openssh\", pkgver:\"4.4p1\", pkgarch:\"i486\", pkgnum:\"1_slack10.0\")) flag++;\n\nif (slackware_check(osver:\"10.1\", pkgname:\"openssh\", pkgver:\"4.4p1\", pkgarch:\"i486\", pkgnum:\"1_slack10.1\")) flag++;\n\nif (slackware_check(osver:\"10.2\", pkgname:\"openssh\", pkgver:\"4.4p1\", pkgarch:\"i486\", pkgnum:\"1_slack10.2\")) flag++;\n\nif (slackware_check(osver:\"current\", pkgname:\"openssh\", pkgver:\"4.4p1\", pkgarch:\"i486\", pkgnum:\"1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:slackware_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:19:34", "description": "Updated openssh packages that fix two security flaws are now available for Red Hat Enterprise Linux 3 and 4.\n\nThis update has been rated as having important security impact by the Red Hat Security Response Team.\n\nOpenSSH is OpenBSD's SSH (Secure SHell) protocol implementation. This package includes the core files necessary for both the OpenSSH client and server.\n\nMark Dowd discovered a signal handler race condition in the OpenSSH sshd server. A remote attacker could possibly leverage this flaw to cause a denial of service (crash). (CVE-2006-5051) The OpenSSH project believes the likelihood of successful exploitation leading to arbitrary code execution appears remote. However, the Red Hat Security Response Team have not yet been able to verify this claim due to lack of upstream vulnerability information. We are therefore including a fix for this flaw and have rated it important security severity in the event our continued investigation finds this issue to be exploitable.\n\nTavis Ormandy of the Google Security Team discovered a denial of service bug in the OpenSSH sshd server. A remote attacker can send a specially crafted SSH-1 request to the server causing sshd to consume a large quantity of CPU resources. (CVE-2006-4924)\n\nAll users of openssh should upgrade to these updated packages, which contain backported patches that resolves these issues.", "cvss3": {}, "published": "2006-09-29T00:00:00", "type": "nessus", "title": "RHEL 3 / 4 : openssh (RHSA-2006:0697)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2006-4924", "CVE-2006-5051", "CVE-2006-5052"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:openssh", "p-cpe:/a:redhat:enterprise_linux:openssh-askpass", "p-cpe:/a:redhat:enterprise_linux:openssh-askpass-gnome", "p-cpe:/a:redhat:enterprise_linux:openssh-clients", "p-cpe:/a:redhat:enterprise_linux:openssh-server", "cpe:/o:redhat:enterprise_linux:3", "cpe:/o:redhat:enterprise_linux:4"], "id": "REDHAT-RHSA-2006-0697.NASL", "href": "https://www.tenable.com/plugins/nessus/22473", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2006:0697. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(22473);\n script_version(\"1.27\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2006-4924\", \"CVE-2006-5051\", \"CVE-2006-5052\");\n script_bugtraq_id(20216, 20241);\n script_xref(name:\"RHSA\", value:\"2006:0697\");\n\n script_name(english:\"RHEL 3 / 4 : openssh (RHSA-2006:0697)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated openssh packages that fix two security flaws are now available\nfor Red Hat Enterprise Linux 3 and 4.\n\nThis update has been rated as having important security impact by the\nRed Hat Security Response Team.\n\nOpenSSH is OpenBSD's SSH (Secure SHell) protocol implementation. This\npackage includes the core files necessary for both the OpenSSH client\nand server.\n\nMark Dowd discovered a signal handler race condition in the OpenSSH\nsshd server. A remote attacker could possibly leverage this flaw to\ncause a denial of service (crash). (CVE-2006-5051) The OpenSSH project\nbelieves the likelihood of successful exploitation leading to\narbitrary code execution appears remote. However, the Red Hat Security\nResponse Team have not yet been able to verify this claim due to lack\nof upstream vulnerability information. We are therefore including a\nfix for this flaw and have rated it important security severity in the\nevent our continued investigation finds this issue to be exploitable.\n\nTavis Ormandy of the Google Security Team discovered a denial of\nservice bug in the OpenSSH sshd server. A remote attacker can send a\nspecially crafted SSH-1 request to the server causing sshd to consume\na large quantity of CPU resources. (CVE-2006-4924)\n\nAll users of openssh should upgrade to these updated packages, which\ncontain backported patches that resolves these issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2006-4924\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2006-5051\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2006:0697\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(362, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openssh\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openssh-askpass\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openssh-askpass-gnome\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openssh-clients\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openssh-server\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2006/09/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2006/09/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2006/09/29\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2006-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(3|4)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 3.x / 4.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2006:0697\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL3\", reference:\"openssh-3.6.1p2-33.30.12\")) flag++;\n if (rpm_check(release:\"RHEL3\", reference:\"openssh-askpass-3.6.1p2-33.30.12\")) flag++;\n if (rpm_check(release:\"RHEL3\", reference:\"openssh-askpass-gnome-3.6.1p2-33.30.12\")) flag++;\n if (rpm_check(release:\"RHEL3\", reference:\"openssh-clients-3.6.1p2-33.30.12\")) flag++;\n if (rpm_check(release:\"RHEL3\", reference:\"openssh-server-3.6.1p2-33.30.12\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"openssh-3.9p1-8.RHEL4.17\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"openssh-askpass-3.9p1-8.RHEL4.17\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"openssh-askpass-gnome-3.9p1-8.RHEL4.17\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"openssh-clients-3.9p1-8.RHEL4.17\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"openssh-server-3.9p1-8.RHEL4.17\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssh / openssh-askpass / openssh-askpass-gnome / openssh-clients / etc\");\n }\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-19T14:24:16", "description": "From Red Hat Security Advisory 2006:0697 :\n\nUpdated openssh packages that fix two security flaws are now available for Red Hat Enterprise Linux 3 and 4.\n\nThis update has been rated as having important security impact by the Red Hat Security Response Team.\n\nOpenSSH is OpenBSD's SSH (Secure SHell) protocol implementation. This package includes the core files necessary for both the OpenSSH client and server.\n\nMark Dowd discovered a signal handler race condition in the OpenSSH sshd server. A remote attacker could possibly leverage this flaw to cause a denial of service (crash). (CVE-2006-5051) The OpenSSH project believes the likelihood of successful exploitation leading to arbitrary code execution appears remote. However, the Red Hat Security Response Team have not yet been able to verify this claim due to lack of upstream vulnerability information. We are therefore including a fix for this flaw and have rated it important security severity in the event our continued investigation finds this issue to be exploitable.\n\nTavis Ormandy of the Google Security Team discovered a denial of service bug in the OpenSSH sshd server. A remote attacker can send a specially crafted SSH-1 request to the server causing sshd to consume a large quantity of CPU resources. (CVE-2006-4924)\n\nAll users of openssh should upgrade to these updated packages, which contain backported patches that resolves these issues.", "cvss3": {}, "published": "2013-07-12T00:00:00", "type": "nessus", "title": "Oracle Linux 4 : openssh (ELSA-2006-0697)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2006-4924", "CVE-2006-5051", "CVE-2006-5052"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:openssh", "p-cpe:/a:oracle:linux:openssh-askpass", "p-cpe:/a:oracle:linux:openssh-askpass-gnome", "p-cpe:/a:oracle:linux:openssh-clients", "p-cpe:/a:oracle:linux:openssh-server", "cpe:/o:oracle:linux:4"], "id": "ORACLELINUX_ELSA-2006-0697.NASL", "href": "https://www.tenable.com/plugins/nessus/67412", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2006:0697 and \n# Oracle Linux Security Advisory ELSA-2006-0697 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(67412);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2006-4924\", \"CVE-2006-5051\", \"CVE-2006-5052\");\n script_bugtraq_id(20216, 20241);\n script_xref(name:\"RHSA\", value:\"2006:0697\");\n\n script_name(english:\"Oracle Linux 4 : openssh (ELSA-2006-0697)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2006:0697 :\n\nUpdated openssh packages that fix two security flaws are now available\nfor Red Hat Enterprise Linux 3 and 4.\n\nThis update has been rated as having important security impact by the\nRed Hat Security Response Team.\n\nOpenSSH is OpenBSD's SSH (Secure SHell) protocol implementation. This\npackage includes the core files necessary for both the OpenSSH client\nand server.\n\nMark Dowd discovered a signal handler race condition in the OpenSSH\nsshd server. A remote attacker could possibly leverage this flaw to\ncause a denial of service (crash). (CVE-2006-5051) The OpenSSH project\nbelieves the likelihood of successful exploitation leading to\narbitrary code execution appears remote. However, the Red Hat Security\nResponse Team have not yet been able to verify this claim due to lack\nof upstream vulnerability information. We are therefore including a\nfix for this flaw and have rated it important security severity in the\nevent our continued investigation finds this issue to be exploitable.\n\nTavis Ormandy of the Google Security Team discovered a denial of\nservice bug in the OpenSSH sshd server. A remote attacker can send a\nspecially crafted SSH-1 request to the server causing sshd to consume\na large quantity of CPU resources. (CVE-2006-4924)\n\nAll users of openssh should upgrade to these updated packages, which\ncontain backported patches that resolves these issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2006-November/000010.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected openssh packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(362, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:openssh\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:openssh-askpass\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:openssh-askpass-gnome\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:openssh-clients\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:openssh-server\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:4\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2006/09/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2006/11/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^4([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 4\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL4\", cpu:\"i386\", reference:\"openssh-3.9p1-8.RHEL4.17\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"x86_64\", reference:\"openssh-3.9p1-8.RHEL4.17\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"i386\", reference:\"openssh-askpass-3.9p1-8.RHEL4.17\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"x86_64\", reference:\"openssh-askpass-3.9p1-8.RHEL4.17\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"i386\", reference:\"openssh-askpass-gnome-3.9p1-8.RHEL4.17\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"x86_64\", reference:\"openssh-askpass-gnome-3.9p1-8.RHEL4.17\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"i386\", reference:\"openssh-clients-3.9p1-8.RHEL4.17\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"x86_64\", reference:\"openssh-clients-3.9p1-8.RHEL4.17\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"i386\", reference:\"openssh-server-3.9p1-8.RHEL4.17\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"x86_64\", reference:\"openssh-server-3.9p1-8.RHEL4.17\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssh / openssh-askpass / openssh-askpass-gnome / openssh-clients / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:19:45", "description": "Updated openssh packages that fix two security flaws are now available for Red Hat Enterprise Linux 3 and 4.\n\nThis update has been rated as having important security impact by the Red Hat Security Response Team.\n\nOpenSSH is OpenBSD's SSH (Secure SHell) protocol implementation. This package includes the core files necessary for both the OpenSSH client and server.\n\nMark Dowd discovered a signal handler race condition in the OpenSSH sshd server. A remote attacker could possibly leverage this flaw to cause a denial of service (crash). (CVE-2006-5051) The OpenSSH project believes the likelihood of successful exploitation leading to arbitrary code execution appears remote. However, the Red Hat Security Response Team have not yet been able to verify this claim due to lack of upstream vulnerability information. We are therefore including a fix for this flaw and have rated it important security severity in the event our continued investigation finds this issue to be exploitable.\n\nTavis Ormandy of the Google Security Team discovered a denial of service bug in the OpenSSH sshd server. A remote attacker can send a specially crafted SSH-1 request to the server causing sshd to consume a large quantity of CPU resources. (CVE-2006-4924)\n\nAll users of openssh should upgrade to these updated packages, which contain backported patches that resolves these issues.", "cvss3": {}, "published": "2006-10-02T00:00:00", "type": "nessus", "title": "CentOS 3 / 4 : openssh / openssl (CESA-2006:0697)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2006-4924", "CVE-2006-5051", "CVE-2006-5052"], "modified": "2021-01-04T00:00:00", "cpe": ["cpe:/o:centos:centos:3", "cpe:/o:centos:centos:4", "p-cpe:/a:centos:centos:openssh", "p-cpe:/a:centos:centos:openssh-askpass", "p-cpe:/a:centos:centos:openssh-askpass-gnome", "p-cpe:/a:centos:centos:openssh-clients", "p-cpe:/a:centos:centos:openssh-server", "p-cpe:/a:centos:centos:openssl", "p-cpe:/a:centos:centos:openssl-devel", "p-cpe:/a:centos:centos:openssl-perl", "p-cpe:/a:centos:centos:openssl096b"], "id": "CENTOS_RHSA-2006-0697.NASL", "href": "https://www.tenable.com/plugins/nessus/22485", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2006:0697 and \n# CentOS Errata and Security Advisory 2006:0697 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(22485);\n script_version(\"1.20\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2006-4924\", \"CVE-2006-5051\", \"CVE-2006-5052\");\n script_bugtraq_id(20216, 20241);\n script_xref(name:\"RHSA\", value:\"2006:0697\");\n\n script_name(english:\"CentOS 3 / 4 : openssh / openssl (CESA-2006:0697)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated openssh packages that fix two security flaws are now available\nfor Red Hat Enterprise Linux 3 and 4.\n\nThis update has been rated as having important security impact by the\nRed Hat Security Response Team.\n\nOpenSSH is OpenBSD's SSH (Secure SHell) protocol implementation. This\npackage includes the core files necessary for both the OpenSSH client\nand server.\n\nMark Dowd discovered a signal handler race condition in the OpenSSH\nsshd server. A remote attacker could possibly leverage this flaw to\ncause a denial of service (crash). (CVE-2006-5051) The OpenSSH project\nbelieves the likelihood of successful exploitation leading to\narbitrary code execution appears remote. However, the Red Hat Security\nResponse Team have not yet been able to verify this claim due to lack\nof upstream vulnerability information. We are therefore including a\nfix for this flaw and have rated it important security severity in the\nevent our continued investigation finds this issue to be exploitable.\n\nTavis Ormandy of the Google Security Team discovered a denial of\nservice bug in the OpenSSH sshd server. A remote attacker can send a\nspecially crafted SSH-1 request to the server causing sshd to consume\na large quantity of CPU resources. (CVE-2006-4924)\n\nAll users of openssh should upgrade to these updated packages, which\ncontain backported patches that resolves these issues.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2006-September/013294.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?42ac1cd5\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2006-September/013295.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?8500f549\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2006-September/013296.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?4eca25d6\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2006-September/013300.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?da00f6c1\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2006-September/013301.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?b734a975\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2006-September/013304.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?e63f62ee\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2006-September/013305.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?59033243\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected openssh and / or openssl packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(362, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:openssh\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:openssh-askpass\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:openssh-askpass-gnome\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:openssh-clients\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:openssh-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:openssl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:openssl-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:openssl096b\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:4\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2006/09/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2006/09/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2006/10/02\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2006-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(3|4)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 3.x / 4.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-3\", reference:\"openssh-3.6.1p2-33.30.12\")) flag++;\nif (rpm_check(release:\"CentOS-3\", reference:\"openssh-askpass-3.6.1p2-33.30.12\")) flag++;\nif (rpm_check(release:\"CentOS-3\", reference:\"openssh-askpass-gnome-3.6.1p2-33.30.12\")) flag++;\nif (rpm_check(release:\"CentOS-3\", reference:\"openssh-clients-3.6.1p2-33.30.12\")) flag++;\nif (rpm_check(release:\"CentOS-3\", reference:\"openssh-server-3.6.1p2-33.30.12\")) flag++;\n\nif (rpm_check(release:\"CentOS-4\", reference:\"openssh-3.9p1-8.RHEL4.17\")) flag++;\nif (rpm_check(release:\"CentOS-4\", reference:\"openssh-askpass-3.9p1-8.RHEL4.17\")) flag++;\nif (rpm_check(release:\"CentOS-4\", reference:\"openssh-askpass-gnome-3.9p1-8.RHEL4.17\")) flag++;\nif (rpm_check(release:\"CentOS-4\", reference:\"openssh-clients-3.9p1-8.RHEL4.17\")) flag++;\nif (rpm_check(release:\"CentOS-4\", reference:\"openssh-server-3.9p1-8.RHEL4.17\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"ia64\", reference:\"openssl-0.9.7a-43.14\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"ia64\", reference:\"openssl-devel-0.9.7a-43.14\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"ia64\", reference:\"openssl-perl-0.9.7a-43.14\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"ia64\", reference:\"openssl096b-0.9.6b-22.46\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssh / openssh-askpass / openssh-askpass-gnome / openssh-clients / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:18:07", "description": "New mysql packages are available for Slackware 9.1, 10.0, 10.1, 10.2 and -current to fix security issues. The MySQL packages shipped with Slackware 9.1, 10.0, and 10.1 may possibly leak sensitive information found in uninitialized memory to authenticated users. This is fixed in the new packages, and was already patched in Slackware 10.2 and\n-current. Since the vulnerabilities require a valid login and/or access to the database server, the risk is moderate. Slackware does not provide network access to a MySQL database by default.", "cvss3": {}, "published": "2006-06-05T00:00:00", "type": "nessus", "title": "Slackware 10.0 / 10.1 / 10.2 / 9.1 / current : mysql (SSA:2006-155-01)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2006-1516", "CVE-2006-1517", "CVE-2006-2753"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:slackware:slackware_linux:mysql", "cpe:/o:slackware:slackware_linux", "cpe:/o:slackware:slackware_linux:10.0", "cpe:/o:slackware:slackware_linux:10.1", "cpe:/o:slackware:slackware_linux:10.2", "cpe:/o:slackware:slackware_linux:9.1"], "id": "SLACKWARE_SSA_2006-155-01.NASL", "href": "https://www.tenable.com/plugins/nessus/21639", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Slackware Security Advisory 2006-155-01. The text \n# itself is copyright (C) Slackware Linux, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(21639);\n script_version(\"1.17\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2006-1516\", \"CVE-2006-1517\", \"CVE-2006-2753\");\n script_bugtraq_id(17780);\n script_xref(name:\"SSA\", value:\"2006-155-01\");\n\n script_name(english:\"Slackware 10.0 / 10.1 / 10.2 / 9.1 / current : mysql (SSA:2006-155-01)\");\n script_summary(english:\"Checks for updated package in /var/log/packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Slackware host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"New mysql packages are available for Slackware 9.1, 10.0, 10.1, 10.2\nand -current to fix security issues. The MySQL packages shipped with\nSlackware 9.1, 10.0, and 10.1 may possibly leak sensitive information\nfound in uninitialized memory to authenticated users. This is fixed in\nthe new packages, and was already patched in Slackware 10.2 and\n-current. Since the vulnerabilities require a valid login and/or\naccess to the database server, the risk is moderate. Slackware does\nnot provide network access to a MySQL database by default.\"\n );\n # http://lists.mysql.com/announce/364\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.mysql.com/announce/364\"\n );\n # http://lists.mysql.com/announce/365\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.mysql.com/announce/365\"\n );\n # http://www.slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.599377\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?dd83617d\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected mysql package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:slackware:slackware_linux:mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:10.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:10.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:10.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:9.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2006/06/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2006/06/05\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2006-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Slackware Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Slackware/release\", \"Host/Slackware/packages\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"slackware.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Slackware/release\")) audit(AUDIT_OS_NOT, \"Slackware\");\nif (!get_kb_item(\"Host/Slackware/packages\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Slackware\", cpu);\n\n\nflag = 0;\nif (slackware_check(osver:\"9.1\", pkgname:\"mysql\", pkgver:\"4.0.27\", pkgarch:\"i486\", pkgnum:\"1_slack9.1\")) flag++;\n\nif (slackware_check(osver:\"10.0\", pkgname:\"mysql\", pkgver:\"4.0.27\", pkgarch:\"i486\", pkgnum:\"1_slack10.0\")) flag++;\n\nif (slackware_check(osver:\"10.1\", pkgname:\"mysql\", pkgver:\"4.0.27\", pkgarch:\"i486\", pkgnum:\"1_slack10.1\")) flag++;\n\nif (slackware_check(osver:\"10.2\", pkgname:\"mysql\", pkgver:\"4.1.20\", pkgarch:\"i486\", pkgnum:\"1_slack10.2\")) flag++;\n\nif (slackware_check(osver:\"current\", pkgname:\"mysql\", pkgver:\"5.0.22\", pkgarch:\"i486\", pkgnum:\"1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:slackware_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2022-03-27T14:19:58", "description": "The remote host is missing the patch for the advisory SUSE-SA:2006:062 (openssh).\n\n\nSeveral security problems were fixed in OpenSSH 4.4 and the bug fixes were back ported to the openssh versions in our products.\n\n- CVE-2006-4924: A denial of service problem has been fixed in OpenSSH which could be used to cause lots of CPU consumption on a remote openssh server.\n\n- CVE-2006-4925: If a remote attacker is able to inject network traffic this could be used to cause a client connection to close.\n\n- CVE-2006-5051: Fixed an unsafe signal handler reported by Mark Dowd. The signal handler was vulnerable to a race condition that could be exploited to perform a pre-authentication denial of service. This vulnerability could theoretically lead to pre-authentication remote code execution if GSSAPI authentication is enabled, but the likelihood of successful exploitation appears remote.\n\n- CVE-2006-5052: Fixed a GSSAPI authentication abort that could be used to determine the validity of user names on some platforms.", "cvss3": {}, "published": "2007-02-18T00:00:00", "type": "nessus", "title": "SUSE-SA:2006:062: openssh", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2006-4924", "CVE-2006-4925", "CVE-2006-5051", "CVE-2006-5052"], "modified": "2021-01-14T00:00:00", "cpe": [], "id": "SUSE_SA_2006_062.NASL", "href": "https://www.tenable.com/plugins/nessus/24440", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# This plugin text was extracted from SuSE Security Advisory SUSE-SA:2006:062\n#\n\n\nif ( ! defined_func(\"bn_random\") ) exit(0);\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif(description)\n{\n script_id(24440);\n script_version(\"1.10\");\n \n name[\"english\"] = \"SUSE-SA:2006:062: openssh\";\n \n script_name(english:name[\"english\"]);\n \n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host is missing a vendor-supplied security patch\" );\n script_set_attribute(attribute:\"description\", value:\n\"The remote host is missing the patch for the advisory SUSE-SA:2006:062 (openssh).\n\n\nSeveral security problems were fixed in OpenSSH 4.4 and the bug fixes were\nback ported to the openssh versions in our products.\n\n- CVE-2006-4924: A denial of service problem has been fixed in OpenSSH which could\nbe used to cause lots of CPU consumption on a remote openssh server.\n\n- CVE-2006-4925: If a remote attacker is able to inject network traffic this could\nbe used to cause a client connection to close.\n\n- CVE-2006-5051: Fixed an unsafe signal handler reported by Mark Dowd. The signal\nhandler was vulnerable to a race condition that could be exploited to perform a\npre-authentication denial of service. This vulnerability could theoretically lead to\npre-authentication remote code execution if GSSAPI authentication is enabled,\nbut the likelihood of successful exploitation appears remote.\n\n- CVE-2006-5052: Fixed a GSSAPI authentication abort that could be used to determine\nthe validity of user names on some platforms.\" );\n script_set_attribute(attribute:\"solution\", value:\n\"http://www.novell.com/linux/security/advisories/2006_62_openssh.html\" );\n script_set_attribute(attribute:\"risk_factor\", value:\"High\" );\n\n\n\n script_set_attribute(attribute:\"plugin_publication_date\", value: \"2007/02/18\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n script_end_attributes();\n\n \n summary[\"english\"] = \"Check for the version of the openssh package\";\n script_summary(english:summary[\"english\"]);\n \n script_category(ACT_GATHER_INFO);\n \n script_copyright(english:\"This script is Copyright (C) 2007-2021 Tenable Network Security, Inc.\");\n family[\"english\"] = \"SuSE Local Security Checks\";\n script_family(english:family[\"english\"]);\n \n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/SuSE/rpm-list\");\n exit(0);\n}\n\ninclude(\"rpm.inc\");\nif ( rpm_check( reference:\"openssh-4.1p1-10.9\", release:\"SUSE10.0\") )\n{\n security_hole(0);\n exit(0);\n}\nif ( rpm_check( reference:\"openssh-askpass-4.1p1-10.9\", release:\"SUSE10.0\") )\n{\n security_hole(0);\n exit(0);\n}\nif ( rpm_check( reference:\"openssh-3.9p1-3.10\", release:\"SUSE9.2\") )\n{\n security_hole(0);\n exit(0);\n}\nif ( rpm_check( reference:\"openssh-askpass-3.9p1-3.10\", release:\"SUSE9.2\") )\n{\n security_hole(0);\n exit(0);\n}\nif ( rpm_check( reference:\"openssh-3.9p1-12.8\", release:\"SUSE9.3\") )\n{\n security_hole(0);\n exit(0);\n}\nif ( rpm_check( reference:\"openssh-askpass-3.9p1-12.8\", release:\"SUSE9.3\") )\n{\n security_hole(0);\n exit(0);\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:01:41", "description": "Several security problems were fixed in OpenSSH :\n\n - CVE-2006-4924: A denial of service problem has been fixed in OpenSSH which could be used to cause lots of CPU consumption on a remote openssh server.\n\n - CVE-2006-4925: If a remote attacker is able to inject network traffic this could be used to cause a client connection to close.\n\n - CVE-2006-5051: Fixed an unsafe signal hander reported by Mark Dowd. The signal handler was vulnerable to a race condition that could be exploited to perform a pre-authentication denial of service. This vulnerability could theoretically lead to pre-authentication remote code execution if GSSAPI authentication is enabled, but the likelihood of successful exploitation appears remote.\n\n - CVE-2006-5052: Fixed a GSSAPI authentication abort that could be used to determine the validity of usernames on some platforms.", "cvss3": {}, "published": "2007-10-17T00:00:00", "type": "nessus", "title": "openSUSE 10 Security Update : openssh (openssh-2183)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2006-4924", "CVE-2006-4925", "CVE-2006-5051", "CVE-2006-5052"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:openssh", "p-cpe:/a:novell:opensuse:openssh-askpass", "cpe:/o:novell:opensuse:10.1"], "id": "SUSE_OPENSSH-2183.NASL", "href": "https://www.tenable.com/plugins/nessus/27365", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openssh-2183.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(27365);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2006-4924\", \"CVE-2006-4925\", \"CVE-2006-5051\", \"CVE-2006-5052\");\n\n script_name(english:\"openSUSE 10 Security Update : openssh (openssh-2183)\");\n script_summary(english:\"Check for the openssh-2183 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several security problems were fixed in OpenSSH :\n\n - CVE-2006-4924: A denial of service problem has been\n fixed in OpenSSH which could be used to cause lots of\n CPU consumption on a remote openssh server.\n\n - CVE-2006-4925: If a remote attacker is able to inject\n network traffic this could be used to cause a client\n connection to close.\n\n - CVE-2006-5051: Fixed an unsafe signal hander reported by\n Mark Dowd. The signal handler was vulnerable to a race\n condition that could be exploited to perform a\n pre-authentication denial of service. This vulnerability\n could theoretically lead to pre-authentication remote\n code execution if GSSAPI authentication is enabled, but\n the likelihood of successful exploitation appears\n remote.\n\n - CVE-2006-5052: Fixed a GSSAPI authentication abort that\n could be used to determine the validity of usernames on\n some platforms.\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected openssh packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_cwe_id(362, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:openssh\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:openssh-askpass\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:10.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2006/10/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/10/17\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE10\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"10.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE10.1\", reference:\"openssh-4.2p1-18.9\") ) flag++;\nif ( rpm_check(release:\"SUSE10.1\", reference:\"openssh-askpass-4.2p1-18.9\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssh\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2022-03-27T14:21:58", "description": "- Fri Mar 30 2007 Miloslav Trmac <mitr at redhat.com> - 4.3p2-4.12\n\n - Fix an information leak in Kerberos password authentication (CVE-2006-5052) Resolves: #234640\n\n - Fri Nov 10 2006 Tomas Mraz <tmraz at redhat.com> - 4.3p2-4.11\n\n - CVE-2006-5794 - properly detect failed key verify in monitor (#214641)\n\n - kill all ssh sessions when stop is called in halt or reboot runlevel (#213008)\n\n - remove -TERM option from killproc so we don't race on sshd restart (#213490)\n\n - Mon Oct 2 2006 Tomas Mraz <tmraz at redhat.com> - 4.3p2-4.10\n\n - improve gssapi-no-spnego patch (#208102)\n\n - CVE-2006-4924 - prevent DoS on deattack detector (#207957)\n\n - CVE-2006-5051 - don't call cleanups from signal handler (#208459)\n\n - Wed Sep 13 2006 Tomas Mraz <tmraz at redhat.com> - 4.3p2-4.1\n\n - sync with FC6 version\n\n - build for FC5\n\n - Wed Aug 23 2006 Tomas Mraz <tmraz at redhat.com> - 4.3p2-9\n\n - don't report duplicate syslog messages, use correct local time (#189158)\n\n - don't allow spnego as gssapi mechanism (from upstream)\n\n - fixed memleaks found by Coverity (from upstream)\n\n - allow ip options except source routing (#202856) (patch by HP)\n\n - Tue Aug 8 2006 Tomas Mraz <tmraz at redhat.com> - 4.3p2-8\n\n - drop the pam-session patch from the previous build (#201341)\n\n - don't set IPV6_V6ONLY sock opt when listening on wildcard addr (#201594)\n\n - Thu Jul 20 2006 Tomas Mraz <tmraz at redhat.com> - 4.3p2-7\n\n - dropped old ssh obsoletes\n\n - call the pam_session_open/close from the monitor when privsep is enabled so it is always called as root (patch by Darren Tucker)\n\n - Mon Jul 17 2006 Tomas Mraz <tmraz at redhat.com> - 4.3p2-6\n\n - improve selinux patch (by Jan Kiszka)\n\n - upstream patch for buffer append space error (#191940)\n\n - fixed typo in configure.ac (#198986)\n\n - added pam_keyinit to pam configuration (#198628)\n\n - improved error message when askpass dialog cannot grab keyboard input (#198332)\n\n - buildrequires xauth instead of xorg-x11-xauth\n\n - fixed a few rpmlint warnings\n\n - Wed Jul 12 2006 Jesse Keating <jkeating at redhat.com>\n - 4.3p2-5.1\n\n - rebuild\n\n - Fri Apr 14 2006 Tomas Mraz <tmraz at redhat.com> - 4.3p2-5\n\n - don't request pseudoterminal allocation if stdin is not tty (#188983)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2007-04-05T00:00:00", "type": "nessus", "title": "Fedora Core 5 : openssh-4.3p2-4.12.fc5 (2007-395)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2006-4924", "CVE-2006-5051", "CVE-2006-5052", "CVE-2006-5794"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:openssh", "p-cpe:/a:fedoraproject:fedora:openssh-askpass", "p-cpe:/a:fedoraproject:fedora:openssh-clients", "p-cpe:/a:fedoraproject:fedora:openssh-debuginfo", "p-cpe:/a:fedoraproject:fedora:openssh-server", "cpe:/o:fedoraproject:fedora_core:5"], "id": "FEDORA_2007-395.NASL", "href": "https://www.tenable.com/plugins/nessus/24926", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2007-395.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(24926);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_xref(name:\"FEDORA\", value:\"2007-395\");\n\n script_name(english:\"Fedora Core 5 : openssh-4.3p2-4.12.fc5 (2007-395)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora Core host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - Fri Mar 30 2007 Miloslav Trmac <mitr at redhat.com> -\n 4.3p2-4.12\n\n - Fix an information leak in Kerberos password\n authentication (CVE-2006-5052) Resolves: #234640\n\n - Fri Nov 10 2006 Tomas Mraz <tmraz at redhat.com> -\n 4.3p2-4.11\n\n - CVE-2006-5794 - properly detect failed key verify in\n monitor (#214641)\n\n - kill all ssh sessions when stop is called in halt or\n reboot runlevel (#213008)\n\n - remove -TERM option from killproc so we don't race on\n sshd restart (#213490)\n\n - Mon Oct 2 2006 Tomas Mraz <tmraz at redhat.com> -\n 4.3p2-4.10\n\n - improve gssapi-no-spnego patch (#208102)\n\n - CVE-2006-4924 - prevent DoS on deattack detector\n (#207957)\n\n - CVE-2006-5051 - don't call cleanups from signal\n handler (#208459)\n\n - Wed Sep 13 2006 Tomas Mraz <tmraz at redhat.com> -\n 4.3p2-4.1\n\n - sync with FC6 version\n\n - build for FC5\n\n - Wed Aug 23 2006 Tomas Mraz <tmraz at redhat.com> -\n 4.3p2-9\n\n - don't report duplicate syslog messages, use correct\n local time (#189158)\n\n - don't allow spnego as gssapi mechanism (from upstream)\n\n - fixed memleaks found by Coverity (from upstream)\n\n - allow ip options except source routing (#202856)\n (patch by HP)\n\n - Tue Aug 8 2006 Tomas Mraz <tmraz at redhat.com> -\n 4.3p2-8\n\n - drop the pam-session patch from the previous build\n (#201341)\n\n - don't set IPV6_V6ONLY sock opt when listening on\n wildcard addr (#201594)\n\n - Thu Jul 20 2006 Tomas Mraz <tmraz at redhat.com> -\n 4.3p2-7\n\n - dropped old ssh obsoletes\n\n - call the pam_session_open/close from the monitor when\n privsep is enabled so it is always called as root\n (patch by Darren Tucker)\n\n - Mon Jul 17 2006 Tomas Mraz <tmraz at redhat.com> -\n 4.3p2-6\n\n - improve selinux patch (by Jan Kiszka)\n\n - upstream patch for buffer append space error (#191940)\n\n - fixed typo in configure.ac (#198986)\n\n - added pam_keyinit to pam configuration (#198628)\n\n - improved error message when askpass dialog cannot grab\n keyboard input (#198332)\n\n - buildrequires xauth instead of xorg-x11-xauth\n\n - fixed a few rpmlint warnings\n\n - Wed Jul 12 2006 Jesse Keating <jkeating at redhat.com>\n - 4.3p2-5.1\n\n - rebuild\n\n - Fri Apr 14 2006 Tomas Mraz <tmraz at redhat.com> -\n 4.3p2-5\n\n - don't request pseudoterminal allocation if stdin is\n not tty (#188983)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2007-April/001635.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?6b32df14\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_attribute(attribute:\"risk_factor\", value:\"High\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:openssh\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:openssh-askpass\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:openssh-clients\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:openssh-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:openssh-server\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora_core:5\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/04/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/04/05\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 5.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC5\", reference:\"openssh-4.3p2-4.12.fc5\")) flag++;\nif (rpm_check(release:\"FC5\", reference:\"openssh-askpass-4.3p2-4.12.fc5\")) flag++;\nif (rpm_check(release:\"FC5\", reference:\"openssh-clients-4.3p2-4.12.fc5\")) flag++;\nif (rpm_check(release:\"FC5\", reference:\"openssh-debuginfo-4.3p2-4.12.fc5\")) flag++;\nif (rpm_check(release:\"FC5\", reference:\"openssh-server-4.3p2-4.12.fc5\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssh / openssh-askpass / openssh-clients / openssh-debuginfo / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:18:09", "description": "Updated mysql packages that fix multiple security flaws are now available.\n\nThis update has been rated as having important security impact by the Red Hat Security Response Team.\n\nMySQL is a multi-user, multi-threaded SQL database server. MySQL is a client/server implementation consisting of a server daemon (mysqld) and many different client programs and libraries.\n\nA flaw was found in the way the MySQL mysql_real_escape() function escaped strings when operating in a multibyte character encoding. An attacker could provide an application a carefully crafted string containing invalidly-encoded characters which may be improperly escaped, leading to the injection of malicious SQL commands.\n(CVE-2006-2753)\n\nAn information disclosure flaw was found in the way the MySQL server processed malformed usernames. An attacker could view a small portion of server memory by supplying an anonymous login username which was not null terminated. (CVE-2006-1516)\n\nAn information disclosure flaw was found in the way the MySQL server executed the COM_TABLE_DUMP command. An authenticated malicious user could send a specially crafted packet to the MySQL server which returned random unallocated memory. (CVE-2006-1517)\n\nA log file obfuscation flaw was found in the way the mysql_real_query() function creates log file entries. An attacker with the the ability to call the mysql_real_query() function against a mysql server can obfuscate the entry the server will write to the log file. However, an attacker needed to have complete control over a server in order to attempt this attack. (CVE-2006-0903)\n\nThis update also fixes numerous non-security-related flaws, such as intermittent authentication failures.\n\nAll users of mysql are advised to upgrade to these updated packages containing MySQL version 4.1.20, which is not vulnerable to these issues.", "cvss3": {}, "published": "2006-06-11T00:00:00", "type": "nessus", "title": "RHEL 4 : mysql (RHSA-2006:0544)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2006-0903", "CVE-2006-1516", "CVE-2006-1517", "CVE-2006-2753", "CVE-2006-3081", "CVE-2006-4380"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:mysql", "p-cpe:/a:redhat:enterprise_linux:mysql-bench", "p-cpe:/a:redhat:enterprise_linux:mysql-devel", "p-cpe:/a:redhat:enterprise_linux:mysql-server", "cpe:/o:redhat:enterprise_linux:4"], "id": "REDHAT-RHSA-2006-0544.NASL", "href": "https://www.tenable.com/plugins/nessus/21683", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2006:0544. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(21683);\n script_version(\"1.25\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2006-0903\", \"CVE-2006-1516\", \"CVE-2006-1517\", \"CVE-2006-2753\", \"CVE-2006-3081\", \"CVE-2006-4380\");\n script_bugtraq_id(17780);\n script_xref(name:\"RHSA\", value:\"2006:0544\");\n\n script_name(english:\"RHEL 4 : mysql (RHSA-2006:0544)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated mysql packages that fix multiple security flaws are now\navailable.\n\nThis update has been rated as having important security impact by the\nRed Hat Security Response Team.\n\nMySQL is a multi-user, multi-threaded SQL database server. MySQL is a\nclient/server implementation consisting of a server daemon (mysqld)\nand many different client programs and libraries.\n\nA flaw was found in the way the MySQL mysql_real_escape() function\nescaped strings when operating in a multibyte character encoding. An\nattacker could provide an application a carefully crafted string\ncontaining invalidly-encoded characters which may be improperly\nescaped, leading to the injection of malicious SQL commands.\n(CVE-2006-2753)\n\nAn information disclosure flaw was found in the way the MySQL server\nprocessed malformed usernames. An attacker could view a small portion\nof server memory by supplying an anonymous login username which was\nnot null terminated. (CVE-2006-1516)\n\nAn information disclosure flaw was found in the way the MySQL server\nexecuted the COM_TABLE_DUMP command. An authenticated malicious user\ncould send a specially crafted packet to the MySQL server which\nreturned random unallocated memory. (CVE-2006-1517)\n\nA log file obfuscation flaw was found in the way the\nmysql_real_query() function creates log file entries. An attacker with\nthe the ability to call the mysql_real_query() function against a\nmysql server can obfuscate the entry the server will write to the log\nfile. However, an attacker needed to have complete control over a\nserver in order to attempt this attack. (CVE-2006-0903)\n\nThis update also fixes numerous non-security-related flaws, such as\nintermittent authentication failures.\n\nAll users of mysql are advised to upgrade to these updated packages\ncontaining MySQL version 4.1.20, which is not vulnerable to these\nissues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2006-0903\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2006-1516\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2006-1517\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2006-2753\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2006-3081\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2006-4380\"\n );\n # http://lists.mysql.com/announce/364\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.mysql.com/announce/364\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2006:0544\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mysql-bench\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mysql-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mysql-server\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2006/02/27\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2006/06/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2006/06/11\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2006-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^4([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 4.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2006:0544\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL4\", reference:\"mysql-4.1.20-1.RHEL4.1\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"mysql-bench-4.1.20-1.RHEL4.1\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"mysql-devel-4.1.20-1.RHEL4.1\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"mysql-server-4.1.20-1.RHEL4.1\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"mysql / mysql-bench / mysql-devel / mysql-server\");\n }\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:18:44", "description": "Updated mysql packages that fix multiple security flaws are now available.\n\nThis update has been rated as having important security impact by the Red Hat Security Response Team.\n\nMySQL is a multi-user, multi-threaded SQL database server. MySQL is a client/server implementation consisting of a server daemon (mysqld) and many different client programs and libraries.\n\nA flaw was found in the way the MySQL mysql_real_escape() function escaped strings when operating in a multibyte character encoding. An attacker could provide an application a carefully crafted string containing invalidly-encoded characters which may be improperly escaped, leading to the injection of malicious SQL commands.\n(CVE-2006-2753)\n\nAn information disclosure flaw was found in the way the MySQL server processed malformed usernames. An attacker could view a small portion of server memory by supplying an anonymous login username which was not null terminated. (CVE-2006-1516)\n\nAn information disclosure flaw was found in the way the MySQL server executed the COM_TABLE_DUMP command. An authenticated malicious user could send a specially crafted packet to the MySQL server which returned random unallocated memory. (CVE-2006-1517)\n\nA log file obfuscation flaw was found in the way the mysql_real_query() function creates log file entries. An attacker with the the ability to call the mysql_real_query() function against a mysql server can obfuscate the entry the server will write to the log file. However, an attacker needed to have complete control over a server in order to attempt this attack. (CVE-2006-0903)\n\nThis update also fixes numerous non-security-related flaws, such as intermittent authentication failures.\n\nAll users of mysql are advised to upgrade to these updated packages containing MySQL version 4.1.20, which is not vulnerable to these issues.", "cvss3": {}, "published": "2006-07-05T00:00:00", "type": "nessus", "title": "CentOS 4 : mysql (CESA-2006:0544)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2006-0903", "CVE-2006-1516", "CVE-2006-1517", "CVE-2006-2753", "CVE-2006-3081", "CVE-2006-4380"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:centos:centos:mysql", "p-cpe:/a:centos:centos:mysql-bench", "p-cpe:/a:centos:centos:mysql-devel", "p-cpe:/a:centos:centos:mysql-server", "cpe:/o:centos:centos:4"], "id": "CENTOS_RHSA-2006-0544.NASL", "href": "https://www.tenable.com/plugins/nessus/22000", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2006:0544 and \n# CentOS Errata and Security Advisory 2006:0544 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(22000);\n script_version(\"1.19\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2006-0903\", \"CVE-2006-1516\", \"CVE-2006-1517\", \"CVE-2006-2753\", \"CVE-2006-3081\", \"CVE-2006-4380\");\n script_bugtraq_id(17780);\n script_xref(name:\"RHSA\", value:\"2006:0544\");\n\n script_name(english:\"CentOS 4 : mysql (CESA-2006:0544)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated mysql packages that fix multiple security flaws are now\navailable.\n\nThis update has been rated as having important security impact by the\nRed Hat Security Response Team.\n\nMySQL is a multi-user, multi-threaded SQL database server. MySQL is a\nclient/server implementation consisting of a server daemon (mysqld)\nand many different client programs and libraries.\n\nA flaw was found in the way the MySQL mysql_real_escape() function\nescaped strings when operating in a multibyte character encoding. An\nattacker could provide an application a carefully crafted string\ncontaining invalidly-encoded characters which may be improperly\nescaped, leading to the injection of malicious SQL commands.\n(CVE-2006-2753)\n\nAn information disclosure flaw was found in the way the MySQL server\nprocessed malformed usernames. An attacker could view a small portion\nof server memory by supplying an anonymous login username which was\nnot null terminated. (CVE-2006-1516)\n\nAn information disclosure flaw was found in the way the MySQL server\nexecuted the COM_TABLE_DUMP command. An authenticated malicious user\ncould send a specially crafted packet to the MySQL server which\nreturned random unallocated memory. (CVE-2006-1517)\n\nA log file obfuscation flaw was found in the way the\nmysql_real_query() function creates log file entries. An attacker with\nthe the ability to call the mysql_real_query() function against a\nmysql server can obfuscate the entry the server will write to the log\nfile. However, an attacker needed to have complete control over a\nserver in order to attempt this attack. (CVE-2006-0903)\n\nThis update also fixes numerous non-security-related flaws, such as\nintermittent authentication failures.\n\nAll users of mysql are advised to upgrade to these updated packages\ncontaining MySQL version 4.1.20, which is not vulnerable to these\nissues.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2006-June/012951.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?8862ac3b\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2006-June/012952.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?778eb708\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2006-June/012960.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?153a36e4\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected mysql packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:mysql-bench\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:mysql-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:mysql-server\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:4\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2006/02/27\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2006/06/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2006/07/05\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2006-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^4([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 4.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-4\", reference:\"mysql-4.1.20-1.RHEL4.1\")) flag++;\nif (rpm_check(release:\"CentOS-4\", reference:\"mysql-bench-4.1.20-1.RHEL4.1\")) flag++;\nif (rpm_check(release:\"CentOS-4\", reference:\"mysql-devel-4.1.20-1.RHEL4.1\")) flag++;\nif (rpm_check(release:\"CentOS-4\", reference:\"mysql-server-4.1.20-1.RHEL4.1\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"mysql / mysql-bench / mysql-devel / mysql-server\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:03:24", "description": "Several security problems were fixed in OpenSSH :\n\n - A denial of service problem has been fixed in OpenSSH which could be used to cause lots of CPU consumption on a remote openssh server. (CVE-2006-4924)\n\n - If a remote attacker is able to inject network traffic this could be used to cause a client connection to close. (CVE-2006-4925)\n\n - Fixed an unsafe signal hander reported by Mark Dowd. The signal handler was vulnerable to a race condition that could be exploited to perform a pre-authentication denial of service. This vulnerability could theoretically lead to pre-authentication remote code execution if GSSAPI authentication is enabled, but the likelihood of successful exploitation appears remote.\n (CVE-2006-5051)\n\n - Fixed a GSSAPI authentication abort that could be used to determine the validity of usernames on some platforms. (CVE-2006-5052)", "cvss3": {}, "published": "2007-12-13T00:00:00", "type": "nessus", "title": "SuSE 10 Security Update : OpenSSH (ZYPP Patch Number 2184)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2006-4924", "CVE-2006-4925", "CVE-2006-5051", "CVE-2006-5052"], "modified": "2021-01-14T00:00:00", "cpe": ["cpe:/o:suse:suse_linux"], "id": "SUSE_OPENSSH-2184.NASL", "href": "https://www.tenable.com/plugins/nessus/29538", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(29538);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2006-4924\", \"CVE-2006-4925\", \"CVE-2006-5051\", \"CVE-2006-5052\");\n\n script_name(english:\"SuSE 10 Security Update : OpenSSH (ZYPP Patch Number 2184)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 10 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several security problems were fixed in OpenSSH :\n\n - A denial of service problem has been fixed in OpenSSH\n which could be used to cause lots of CPU consumption on\n a remote openssh server. (CVE-2006-4924)\n\n - If a remote attacker is able to inject network traffic\n this could be used to cause a client connection to\n close. (CVE-2006-4925)\n\n - Fixed an unsafe signal hander reported by Mark Dowd. The\n signal handler was vulnerable to a race condition that\n could be exploited to perform a pre-authentication\n denial of service. This vulnerability could\n theoretically lead to pre-authentication remote code\n execution if GSSAPI authentication is enabled, but the\n likelihood of successful exploitation appears remote.\n (CVE-2006-5051)\n\n - Fixed a GSSAPI authentication abort that could be used\n to determine the validity of usernames on some\n platforms. (CVE-2006-5052)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2006-4924.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2006-4925.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2006-5051.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2006-5052.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply ZYPP patch number 2184.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_cwe_id(362, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2006/10/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/12/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 10 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED10\", sp:0, reference:\"openssh-4.2p1-18.9\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:0, reference:\"openssh-askpass-4.2p1-18.9\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:0, reference:\"openssh-4.2p1-18.9\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:0, reference:\"openssh-askpass-4.2p1-18.9\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:19:21", "description": "Updated openssh packages that fix several security issues in sshd are now available for Red Hat Enterprise Linux 2.1.\n\nThis update has been rated as having important security impact by the Red Hat Security Response Team.\n\nOpenSSH is OpenBSD's SSH (Secure SHell) protocol implementation. This package includes the core files necessary for both the OpenSSH client and server.\n\nMark Dowd discovered a signal handler race condition in the OpenSSH sshd server. A remote attacker could possibly leverage this flaw to cause a denial of service (crash). (CVE-2006-5051) The OpenSSH project believes the likelihood of successful exploitation leading to arbitrary code execution appears remote. However, the Red Hat Security Response Team have not yet been able to verify this claim due to lack of upstream vulnerability information. We are therefore including a fix for this flaw and have rated it important security severity in the event our continued investigation finds this issue to be exploitable.\n\nTavis Ormandy of the Google Security Team discovered a denial of service bug in the OpenSSH sshd server. A remote attacker can send a specially crafted SSH-1 request to the server causing sshd to consume a large quantity of CPU resources. (CVE-2006-4924)\n\nAn arbitrary command execution flaw was discovered in the way scp copies files locally. It is possible for a local attacker to create a file with a carefully crafted name that could execute arbitrary commands as the user running scp to copy files locally.\n(CVE-2006-0225)\n\nThe SSH daemon, when restricting host access by numeric IP addresses and with VerifyReverseMapping disabled, allows remote attackers to bypass 'from=' and 'user@host' address restrictions by connecting to a host from a system whose reverse DNS hostname contains the numeric IP address. (CVE-2003-0386)\n\nAll users of openssh should upgrade to these updated packages, which contain backported patches that resolve these issues.", "cvss3": {}, "published": "2006-09-29T00:00:00", "type": "nessus", "title": "RHEL 2.1 : openssh (RHSA-2006:0698)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2003-0386", "CVE-2006-0225", "CVE-2006-4924", "CVE-2006-5051"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:openssh", "p-cpe:/a:redhat:enterprise_linux:openssh-askpass", "p-cpe:/a:redhat:enterprise_linux:openssh-askpass-gnome", "p-cpe:/a:redhat:enterprise_linux:openssh-clients", "p-cpe:/a:redhat:enterprise_linux:openssh-server", "cpe:/o:redhat:enterprise_linux:2.1"], "id": "REDHAT-RHSA-2006-0698.NASL", "href": "https://www.tenable.com/plugins/nessus/22474", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2006:0698. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(22474);\n script_version(\"1.26\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2003-0386\", \"CVE-2006-0225\", \"CVE-2006-4924\", \"CVE-2006-5051\");\n script_xref(name:\"RHSA\", value:\"2006:0698\");\n\n script_name(english:\"RHEL 2.1 : openssh (RHSA-2006:0698)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated openssh packages that fix several security issues in sshd are\nnow available for Red Hat Enterprise Linux 2.1.\n\nThis update has been rated as having important security impact by the\nRed Hat Security Response Team.\n\nOpenSSH is OpenBSD's SSH (Secure SHell) protocol implementation. This\npackage includes the core files necessary for both the OpenSSH client\nand server.\n\nMark Dowd discovered a signal handler race condition in the OpenSSH\nsshd server. A remote attacker could possibly leverage this flaw to\ncause a denial of service (crash). (CVE-2006-5051) The OpenSSH project\nbelieves the likelihood of successful exploitation leading to\narbitrary code execution appears remote. However, the Red Hat Security\nResponse Team have not yet been able to verify this claim due to lack\nof upstream vulnerability information. We are therefore including a\nfix for this flaw and have rated it important security severity in the\nevent our continued investigation finds this issue to be exploitable.\n\nTavis Ormandy of the Google Security Team discovered a denial of\nservice bug in the OpenSSH sshd server. A remote attacker can send a\nspecially crafted SSH-1 request to the server causing sshd to consume\na large quantity of CPU resources. (CVE-2006-4924)\n\nAn arbitrary command execution flaw was discovered in the way scp\ncopies files locally. It is possible for a local attacker to create a\nfile with a carefully crafted name that could execute arbitrary\ncommands as the user running scp to copy files locally.\n(CVE-2006-0225)\n\nThe SSH daemon, when restricting host access by numeric IP addresses\nand with VerifyReverseMapping disabled, allows remote attackers to\nbypass 'from=' and 'user@host' address restrictions by connecting to a\nhost from a system whose reverse DNS hostname contains the numeric IP\naddress. (CVE-2003-0386)\n\nAll users of openssh should upgrade to these updated packages, which\ncontain backported patches that resolve these issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2003-0386\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2006-0225\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2006-4924\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2006-5051\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2006:0698\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(362, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openssh\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openssh-askpass\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openssh-askpass-gnome\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openssh-clients\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openssh-server\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:2.1\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2003/07/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2006/09/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2006/09/29\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2006-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^2\\.1([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 2.1\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\nif (cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i386\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2006:0698\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"openssh-3.1p1-21\")) flag++;\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"openssh-askpass-3.1p1-21\")) flag++;\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"openssh-askpass-gnome-3.1p1-21\")) flag++;\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"openssh-clients-3.1p1-21\")) flag++;\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"openssh-server-3.1p1-21\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssh / openssh-askpass / openssh-askpass-gnome / openssh-clients / etc\");\n }\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:02:48", "description": "MySQL did not correctly handle NULL as the second argument to the str_to_date() function. An authenticated user could exploit this to crash the server.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2007-11-10T00:00:00", "type": "nessus", "title": "Ubuntu 5.10 : mysql-dfsg-4.1 vulnerability (USN-306-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2006-1516", "CVE-2006-1517", "CVE-2006-1518", "CVE-2006-3081"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:libmysqlclient14", "p-cpe:/a:canonical:ubuntu_linux:libmysqlclient14-dev", "p-cpe:/a:canonical:ubuntu_linux:mysql-client-4.1", "p-cpe:/a:canonical:ubuntu_linux:mysql-common-4.1", "p-cpe:/a:canonical:ubuntu_linux:mysql-server-4.1", "cpe:/o:canonical:ubuntu_linux:5.10"], "id": "UBUNTU_USN-306-1.NASL", "href": "https://www.tenable.com/plugins/nessus/27881", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-306-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(27881);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2006-1516\", \"CVE-2006-1517\", \"CVE-2006-1518\", \"CVE-2006-3081\");\n script_xref(name:\"USN\", value:\"306-1\");\n\n script_name(english:\"Ubuntu 5.10 : mysql-dfsg-4.1 vulnerability (USN-306-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"MySQL did not correctly handle NULL as the second argument to the\nstr_to_date() function. An authenticated user could exploit this to\ncrash the server.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libmysqlclient14\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libmysqlclient14-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:mysql-client-4.1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:mysql-common-4.1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:mysql-server-4.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:5.10\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2006/06/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/11/10\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2006/05/02\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2006-2019 Canonical, Inc. / NASL script (C) 2007-2016 Tenable Network Security, Inc.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! ereg(pattern:\"^(5\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 5.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"5.10\", pkgname:\"libmysqlclient14\", pkgver:\"4.1.12-1ubuntu3.6\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"libmysqlclient14-dev\", pkgver:\"4.1.12-1ubuntu3.6\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"mysql-client-4.1\", pkgver:\"4.1.12-1ubuntu3.6\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"mysql-common-4.1\", pkgver:\"4.1.12-1ubuntu3.6\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"mysql-server-4.1\", pkgver:\"4.1.12-1ubuntu3.6\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libmysqlclient14 / libmysqlclient14-dev / mysql-client-4.1 / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:21:27", "description": "Two denial of service problems have been found in the OpenSSH server.\nThe Common Vulnerabilities and Exposures project identifies the following vulnerabilities :\n\n - CVE-2006-4924 The sshd support for ssh protocol version 1 does not properly handle duplicate incoming blocks. This could allow a remote attacker to cause sshd to consume significant CPU resources leading to a denial of service.\n\n - CVE-2006-5051 A signal handler race condition could potentially allow a remote attacker to crash sshd and could theoretically lead to the ability to execute arbitrary code.", "cvss3": {}, "published": "2006-11-20T00:00:00", "type": "nessus", "title": "Debian DSA-1212-1 : openssh - Denial of service", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2006-4924", "CVE-2006-5051"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:openssh", "cpe:/o:debian:debian_linux:3.1"], "id": "DEBIAN_DSA-1212.NASL", "href": "https://www.tenable.com/plugins/nessus/23661", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-1212. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(23661);\n script_version(\"1.19\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2006-4924\", \"CVE-2006-5051\");\n script_bugtraq_id(20216, 20241);\n script_xref(name:\"DSA\", value:\"1212\");\n\n script_name(english:\"Debian DSA-1212-1 : openssh - Denial of service\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Two denial of service problems have been found in the OpenSSH server.\nThe Common Vulnerabilities and Exposures project identifies the\nfollowing vulnerabilities :\n\n - CVE-2006-4924\n The sshd support for ssh protocol version 1 does not\n properly handle duplicate incoming blocks. This could\n allow a remote attacker to cause sshd to consume\n significant CPU resources leading to a denial of\n service.\n\n - CVE-2006-5051\n A signal handler race condition could potentially allow\n a remote attacker to crash sshd and could theoretically\n lead to the ability to execute arbitrary code.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=392428\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2006-4924\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2006-5051\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.debian.org/security/2006/dsa-1212\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the openssh package.\n\nFor the stable distribution (sarge), these problems have been fixed in\nversion 1:3.8.1p1-8.sarge.6.\n\nFor the unstable and testing distributions, these problems have been\nfixed in version 1:4.3p2-4.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(362, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:openssh\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:3.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2006/11/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2006/11/20\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2006/09/25\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2006-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"3.1\", prefix:\"ssh\", reference:\"1:3.8.1p1-8.sarge.6\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"ssh-askpass-gnome\", reference:\"1:3.8.1p1-8.sarge.6\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-19T14:02:15", "description": "The remote BIG-IP device is missing a patch required by a security advisory.", "cvss3": {}, "published": "2016-01-28T00:00:00", "type": "nessus", "title": "F5 Networks BIG-IP : OpenSSH vulnerabilities (SOL6736)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2006-4924", "CVE-2006-5051"], "modified": "2021-01-11T00:00:00", "cpe": ["cpe:/a:f5:big-ip_application_security_manager", "cpe:/a:f5:big-ip_global_traffic_manager", "cpe:/a:f5:big-ip_link_controller", "cpe:/a:f5:big-ip_local_traffic_manager", "cpe:/h:f5:big-ip"], "id": "F5_BIGIP_SOL6736.NASL", "href": "https://www.tenable.com/plugins/nessus/88441", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from F5 Networks BIG-IP Solution SOL6736.\n#\n# The text description of this plugin is (C) F5 Networks.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(88441);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2006-4924\", \"CVE-2006-5051\");\n script_bugtraq_id(20216, 20241);\n\n script_name(english:\"F5 Networks BIG-IP : OpenSSH vulnerabilities (SOL6736)\");\n script_summary(english:\"Checks the BIG-IP version.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote device is missing a vendor-supplied security patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote BIG-IP device is missing a patch required by a security\nadvisory.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://support.f5.com/csp/article/K6736\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade to one of the non-vulnerable versions listed in the F5\nSolution SOL6736.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(362, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_application_security_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_global_traffic_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_link_controller\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_local_traffic_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/h:f5:big-ip\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2006/10/10\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/01/28\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"F5 Networks Local Security Checks\");\n\n script_dependencies(\"f5_bigip_detect.nbin\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/BIG-IP/hotfix\", \"Host/BIG-IP/modules\", \"Host/BIG-IP/version\");\n\n exit(0);\n}\n\n\ninclude(\"f5_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nversion = get_kb_item(\"Host/BIG-IP/version\");\nif ( ! version ) audit(AUDIT_OS_NOT, \"F5 Networks BIG-IP\");\nif ( isnull(get_kb_item(\"Host/BIG-IP/hotfix\")) ) audit(AUDIT_KB_MISSING, \"Host/BIG-IP/hotfix\");\nif ( ! get_kb_item(\"Host/BIG-IP/modules\") ) audit(AUDIT_KB_MISSING, \"Host/BIG-IP/modules\");\n\nsol = \"SOL6736\";\nvmatrix = make_array();\n\n# ASM\nvmatrix[\"ASM\"] = make_array();\nvmatrix[\"ASM\"][\"affected\" ] = make_list(\"9.2.0-9.2.99\",\"9.4.0-9.4.1\");\nvmatrix[\"ASM\"][\"unaffected\"] = make_list(\"9.3.0\",\"9.4.2-9.4.8\",\"10.0.0\",\"11.0.0\");\n\n# GTM\nvmatrix[\"GTM\"] = make_array();\nvmatrix[\"GTM\"][\"affected\" ] = make_list(\"9.2.0-9.2.99\",\"9.4.0-9.4.1\");\nvmatrix[\"GTM\"][\"unaffected\"] = make_list(\"9.3.0\",\"9.4.2-9.4.8\",\"10.0.0\",\"11.0.0\");\n\n# LC\nvmatrix[\"LC\"] = make_array();\nvmatrix[\"LC\"][\"affected\" ] = make_list(\"9.2.0-9.2.99\",\"9.4.0-9.4.1\");\nvmatrix[\"LC\"][\"unaffected\"] = make_list(\"9.3.0\",\"9.4.2-9.4.8\",\"10.0.0\",\"11.0.0\");\n\n# LTM\nvmatrix[\"LTM\"] = make_array();\nvmatrix[\"LTM\"][\"affected\" ] = make_list(\"9.0.0-9.0.99\",\"9.1.0-9.1.99\",\"9.2.0-9.2.99\",\"9.4.0-9.4.1\");\nvmatrix[\"LTM\"][\"unaffected\"] = make_list(\"9.3.0\",\"9.4.2-9.4.8\",\"9.6.0\",\"10.0.0\",\"11.0.0\");\n\n\nif (bigip_is_affected(vmatrix:vmatrix, sol:sol))\n{\n if (report_verbosity > 0) security_hole(port:0, extra:bigip_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = bigip_get_tested_modules();\n audit_extra = \"For BIG-IP module(s) \" + tested + \",\";\n if (tested) audit(AUDIT_INST_VER_NOT_VULN, audit_extra, version);\n else audit(AUDIT_HOST_NOT, \"running any of the affected modules\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:20:38", "description": "Several remote vulnerabilities have been discovered in OpenSSH, a free implementation of the Secure Shell protocol, which may lead to denial of service and potentially the execution of arbitrary code. The Common Vulnerabilities and Exposures project identifies the following problems :\n\n - CVE-2006-4924 Tavis Ormandy of the Google Security Team discovered a denial of service vulnerability in the mitigation code against complexity attacks, which might lead to increased CPU consumption until a timeout is triggered.\n This is only exploitable if support for SSH protocol version 1 is enabled.\n\n - CVE-2006-5051 Mark Dowd discovered that insecure signal handler usage could potentially lead to execution of arbitrary code through a double free. The Debian Security Team doesn't believe the general openssh package without Kerberos support to be exploitable by this issue. However, due to the complexity of the underlying code we will issue an update to rule out all eventualities.", "cvss3": {}, "published": "2006-10-14T00:00:00", "type": "nessus", "title": "Debian DSA-1189-1 : openssh-krb5 - several vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2006-4924", "CVE-2006-5051"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:openssh-krb5", "cpe:/o:debian:debian_linux:3.1"], "id": "DEBIAN_DSA-1189.NASL", "href": "https://www.tenable.com/plugins/nessus/22731", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-1189. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(22731);\n script_version(\"1.19\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2006-4924\", \"CVE-2006-5051\");\n script_xref(name:\"DSA\", value:\"1189\");\n\n script_name(english:\"Debian DSA-1189-1 : openssh-krb5 - several vulnerabilities\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several remote vulnerabilities have been discovered in OpenSSH, a free\nimplementation of the Secure Shell protocol, which may lead to denial\nof service and potentially the execution of arbitrary code. The Common\nVulnerabilities and Exposures project identifies the following\nproblems :\n\n - CVE-2006-4924\n Tavis Ormandy of the Google Security Team discovered a\n denial of service vulnerability in the mitigation code\n against complexity attacks, which might lead to\n increased CPU consumption until a timeout is triggered.\n This is only exploitable if support for SSH protocol\n version 1 is enabled.\n\n - CVE-2006-5051\n Mark Dowd discovered that insecure signal handler usage\n could potentially lead to execution of arbitrary code\n through a double free. The Debian Security Team doesn't\n believe the general openssh package without Kerberos\n support to be exploitable by this issue. However, due to\n the complexity of the underlying code we will issue an\n update to rule out all eventualities.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2006-4924\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2006-5051\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.debian.org/security/2006/dsa-1189\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the openssh-krb5 packages.\n\nFor the stable distribution (sarge) these problems have been fixed in\nversion 3.8.1p1-7sarge1.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_cwe_id(362, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:openssh-krb5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:3.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2006/10/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2006/10/14\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2006/09/25\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2006-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"3.1\", prefix:\"ssh-krb5\", reference:\"3.8.1p1-7sarge1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2022-03-27T14:15:49", "description": "- Mon Oct 2 2006 Tomas Mraz <tmraz at redhat.com> - 4.3p2-4.10\n\n - improve gssapi-no-spnego patch (#208102)\n\n - CVE-2006-4924 - prevent DoS on deattack detector (#207957)\n\n - CVE-2006-5051 - don't call cleanups from signal handler (#208459)\n\n - Wed Sep 13 2006 Tomas Mraz <tmraz at redhat.com> - 4.3p2-4.1\n\n - sync with FC6 version\n\n - build for FC5\n\n - Wed Aug 23 2006 Tomas Mraz <tmraz at redhat.com> - 4.3p2-9\n\n - don't report duplicate syslog messages, use correct local time (#189158)\n\n - don't allow spnego as gssapi mechanism (from upstream)\n\n - fixed memleaks found by Coverity (from upstream)\n\n - allow ip options except source routing (#202856) (patch by HP)\n\n - Tue Aug 8 2006 Tomas Mraz <tmraz at redhat.com> - 4.3p2-8\n\n - drop the pam-session patch from the previous build (#201341)\n\n - don't set IPV6_V6ONLY sock opt when listening on wildcard addr (#201594)\n\n - Thu Jul 20 2006 Tomas Mraz <tmraz at redhat.com> - 4.3p2-7\n\n - dropped old ssh obsoletes\n\n - call the pam_session_open/close from the monitor when privsep is enabled so it is always called as root (patch by Darren Tucker)\n\n - Mon Jul 17 2006 Tomas Mraz <tmraz at redhat.com> - 4.3p2-6\n\n - improve selinux patch (by Jan Kiszka)\n\n - upstream patch for buffer append space error (#191940)\n\n - fixed typo in configure.ac (#198986)\n\n - added pam_keyinit to pam configuration (#198628)\n\n - improved error message when askpass dialog cannot grab keyboard input (#198332)\n\n - buildrequires xauth instead of xorg-x11-xauth\n\n - fixed a few rpmlint warnings\n\n - Wed Jul 12 2006 Jesse Keating <jkeating at redhat.com>\n - 4.3p2-5.1\n\n - rebuild\n\n - Fri Apr 14 2006 Tomas Mraz <tmraz at redhat.com> - 4.3p2-5\n\n - don't request pseudoterminal allocation if stdin is not tty (#188983)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2007-01-17T00:00:00", "type": "nessus", "title": "Fedora Core 5 : openssh-4.3p2-4.10 (2006-1011)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2006-4924", "CVE-2006-5051"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:openssh", "p-cpe:/a:fedoraproject:fedora:openssh-askpass", "p-cpe:/a:fedoraproject:fedora:openssh-clients", "p-cpe:/a:fedoraproject:fedora:openssh-debuginfo", "p-cpe:/a:fedoraproject:fedora:openssh-server", "cpe:/o:fedoraproject:fedora_core:5"], "id": "FEDORA_2006-1011.NASL", "href": "https://www.tenable.com/plugins/nessus/24029", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2006-1011.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(24029);\n script_version(\"1.17\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_xref(name:\"FEDORA\", value:\"2006-1011\");\n\n script_name(english:\"Fedora Core 5 : openssh-4.3p2-4.10 (2006-1011)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora Core host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - Mon Oct 2 2006 Tomas Mraz <tmraz at redhat.com> -\n 4.3p2-4.10\n\n - improve gssapi-no-spnego patch (#208102)\n\n - CVE-2006-4924 - prevent DoS on deattack detector\n (#207957)\n\n - CVE-2006-5051 - don't call cleanups from signal\n handler (#208459)\n\n - Wed Sep 13 2006 Tomas Mraz <tmraz at redhat.com> -\n 4.3p2-4.1\n\n - sync with FC6 version\n\n - build for FC5\n\n - Wed Aug 23 2006 Tomas Mraz <tmraz at redhat.com> -\n 4.3p2-9\n\n - don't report duplicate syslog messages, use correct\n local time (#189158)\n\n - don't allow spnego as gssapi mechanism (from upstream)\n\n - fixed memleaks found by Coverity (from upstream)\n\n - allow ip options except source routing (#202856)\n (patch by HP)\n\n - Tue Aug 8 2006 Tomas Mraz <tmraz at redhat.com> -\n 4.3p2-8\n\n - drop the pam-session patch from the previous build\n (#201341)\n\n - don't set IPV6_V6ONLY sock opt when listening on\n wildcard addr (#201594)\n\n - Thu Jul 20 2006 Tomas Mraz <tmraz at redhat.com> -\n 4.3p2-7\n\n - dropped old ssh obsoletes\n\n - call the pam_session_open/close from the monitor when\n privsep is enabled so it is always called as root\n (patch by Darren Tucker)\n\n - Mon Jul 17 2006 Tomas Mraz <tmraz at redhat.com> -\n 4.3p2-6\n\n - improve selinux patch (by Jan Kiszka)\n\n - upstream patch for buffer append space error (#191940)\n\n - fixed typo in configure.ac (#198986)\n\n - added pam_keyinit to pam configuration (#198628)\n\n - improved error message when askpass dialog cannot grab\n keyboard input (#198332)\n\n - buildrequires xauth instead of xorg-x11-xauth\n\n - fixed a few rpmlint warnings\n\n - Wed Jul 12 2006 Jesse Keating <jkeating at redhat.com>\n - 4.3p2-5.1\n\n - rebuild\n\n - Fri Apr 14 2006 Tomas Mraz <tmraz at redhat.com> -\n 4.3p2-5\n\n - don't request pseudoterminal allocation if stdin is\n not tty (#188983)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2006-October/000644.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?e3722192\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_attribute(attribute:\"risk_factor\", value:\"High\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:openssh\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:openssh-askpass\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:openssh-clients\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:openssh-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:openssh-server\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora_core:5\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2006/10/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/01/17\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 5.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC5\", reference:\"openssh-4.3p2-4.10\")) flag++;\nif (rpm_check(release:\"FC5\", reference:\"openssh-askpass-4.3p2-4.10\")) flag++;\nif (rpm_check(release:\"FC5\", reference:\"openssh-clients-4.3p2-4.10\")) flag++;\nif (rpm_check(release:\"FC5\", reference:\"openssh-debuginfo-4.3p2-4.10\")) flag++;\nif (rpm_check(release:\"FC5\", reference:\"openssh-server-4.3p2-4.10\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssh / openssh-askpass / openssh-clients / openssh-debuginfo / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:22:35", "description": "MySQL 4.1 before 4.1.21 and 5.0 before 5.0.24 allows a local user to access a table through a previously created MERGE table, even after the user's privileges are revoked for the original table, which might violate intended security policy (CVE-2006-4031).\n\nThe update allows the local admin to override MERGE using the '--skip-merge' option when running mysqld. This can be defined under MYSQLD_OPTIONS in /etc/sysconfig/mysqld. If '--skip-merge' is not used, the old behaviour of MERGE tables is still used.\n\nMySQL 4.1 before 4.1.21, 5.0 before 5.0.25, and 5.1 before 5.1.12, when run on case-sensitive filesystems, allows remote authenticated users to create or access a database when the database name differs only in case from a database for which they have permissions (CVE-2006-4226).\n\nPackages have been patched to correct these issues.", "cvss3": {}, "published": "2006-12-16T00:00:00", "type": "nessus", "title": "Mandrake Linux Security Advisory : MySQL (MDKSA-2006:149)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2006-4031", "CVE-2006-4226"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:mandriva:linux:mysql", "p-cpe:/a:mandriva:linux:mysql-max", "p-cpe:/a:mandriva:linux:mysql-ndb", "p-cpe:/a:mandriva:linux:mysql-bench", "p-cpe:/a:mandriva:linux:mysql-client", "p-cpe:/a:mandriva:linux:mysql-common", "p-cpe:/a:mandriva:linux:lib64mysql14", "p-cpe:/a:mandriva:linux:lib64mysql14-devel", "p-cpe:/a:mandriva:linux:libmysql14", "p-cpe:/a:mandriva:linux:libmysql14-devel", "cpe:/o:mandriva:linux:2006"], "id": "MANDRAKE_MDKSA-2006-149.NASL", "href": "https://www.tenable.com/plugins/nessus/23896", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandrake Linux Security Advisory MDKSA-2006:149. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(23896);\n script_version(\"1.21\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2006-4031\", \"CVE-2006-4226\");\n script_bugtraq_id(19279, 19559);\n script_xref(name:\"MDKSA\", value:\"2006:149\");\n\n script_name(english:\"Mandrake Linux Security Advisory : MySQL (MDKSA-2006:149)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandrake Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"MySQL 4.1 before 4.1.21 and 5.0 before 5.0.24 allows a local user to\naccess a table through a previously created MERGE table, even after\nthe user's privileges are revoked for the original table, which might\nviolate intended security policy (CVE-2006-4031).\n\nThe update allows the local admin to override MERGE using the\n'--skip-merge' option when running mysqld. This can be defined under\nMYSQLD_OPTIONS in /etc/sysconfig/mysqld. If '--skip-merge' is not\nused, the old behaviour of MERGE tables is still used.\n\nMySQL 4.1 before 4.1.21, 5.0 before 5.0.25, and 5.1 before 5.1.12,\nwhen run on case-sensitive filesystems, allows remote authenticated\nusers to create or access a database when the database name differs\nonly in case from a database for which they have permissions\n(CVE-2006-4226).\n\nPackages have been patched to correct these issues.\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:S/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:MySQL\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:MySQL-Max\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:MySQL-NDB\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:MySQL-bench\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:MySQL-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:MySQL-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64mysql14\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64mysql14-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libmysql14\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libmysql14-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2006\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2006/08/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2006/12/16\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2006/07/19\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2006-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK2006.0\", reference:\"MySQL-4.1.12-4.6.20060mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK2006.0\", reference:\"MySQL-Max-4.1.12-4.6.20060mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK2006.0\", reference:\"MySQL-NDB-4.1.12-4.6.20060mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK2006.0\", reference:\"MySQL-bench-4.1.12-4.6.20060mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK2006.0\", reference:\"MySQL-client-4.1.12-4.6.20060mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK2006.0\", reference:\"MySQL-common-4.1.12-4.6.20060mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK2006.0\", cpu:\"x86_64\", reference:\"lib64mysql14-4.1.12-4.6.20060mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK2006.0\", cpu:\"x86_64\", reference:\"lib64mysql14-devel-4.1.12-4.6.20060mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK2006.0\", cpu:\"i386\", reference:\"libmysql14-4.1.12-4.6.20060mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK2006.0\", cpu:\"i386\", reference:\"libmysql14-devel-4.1.12-4.6.20060mdk\", yank:\"mdk\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_note(port:0, extra:rpm_report_get());\n else security_note(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:22:20", "description": "The remote host is affected by the vulnerability described in GLSA-200611-06 (OpenSSH: Multiple Denial of Service vulnerabilities)\n\n Tavis Ormandy of the Google Security Team has discovered a pre-authentication vulnerability, causing sshd to spin until the login grace time has been expired. Mark Dowd found an unsafe signal handler that was vulnerable to a race condition. It has also been discovered that when GSSAPI authentication is enabled, GSSAPI will in certain cases incorrectly abort.\n Impact :\n\n The pre-authentication and signal handler vulnerabilities can cause a Denial of Service in OpenSSH. The vulnerability in the GSSAPI authentication abort could be used to determine the validity of usernames on some platforms.\n Workaround :\n\n There is no known workaround at this time.", "cvss3": {}, "published": "2006-11-20T00:00:00", "type": "nessus", "title": "GLSA-200611-06 : OpenSSH: Multiple Denial of Service vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2006-5051", "CVE-2006-5052"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:gentoo:linux:openssh", "cpe:/o:gentoo:linux"], "id": "GENTOO_GLSA-200611-06.NASL", "href": "https://www.tenable.com/plugins/nessus/23671", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 200611-06.\n#\n# The advisory text is Copyright (C) 2001-2015 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(23671);\n script_version(\"1.17\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2006-5051\", \"CVE-2006-5052\");\n script_bugtraq_id(20241, 20245);\n script_xref(name:\"GLSA\", value:\"200611-06\");\n\n script_name(english:\"GLSA-200611-06 : OpenSSH: Multiple Denial of Service vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-200611-06\n(OpenSSH: Multiple Denial of Service vulnerabilities)\n\n Tavis Ormandy of the Google Security Team has discovered a\n pre-authentication vulnerability, causing sshd to spin until the login\n grace time has been expired. Mark Dowd found an unsafe signal handler\n that was vulnerable to a race condition. It has also been discovered\n that when GSSAPI authentication is enabled, GSSAPI will in certain\n cases incorrectly abort.\n \nImpact :\n\n The pre-authentication and signal handler vulnerabilities can cause a\n Denial of Service in OpenSSH. The vulnerability in the GSSAPI\n authentication abort could be used to determine the validity of\n usernames on some platforms.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.openssh.com/txt/release-4.4\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/200611-06\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All OpenSSH users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=net-misc/openssh-4.4_p1-r5'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(362);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:openssh\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2006/11/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2006/11/20\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2006/09/28\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2006-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"net-misc/openssh\", unaffected:make_list(\"ge 4.4_p1-r5\"), vulnerable:make_list(\"lt 4.4_p1-r5\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"OpenSSH\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-19T14:20:05", "description": "SunOS 5.10_x86: sshd patch.\nDate this patch was last updated by Sun : Jun/21/07", "cvss3": {}, "published": "2018-03-12T00:00:00", "type": "nessus", "title": "Solaris 10 (x86) : 123325-03", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2006-0225", "CVE-2006-4924"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:oracle:solaris:10:123325", "p-cpe:/a:oracle:solaris:10:124443", "p-cpe:/a:oracle:solaris:10:125431", "cpe:/o:oracle:solaris:10"], "id": "SOLARIS10_X86_123325-03.NASL", "href": "https://www.tenable.com/plugins/nessus/107891", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text in this plugin was\n# extracted from the Oracle SunOS Patch Updates.\n#\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(107891);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2006-0225\", \"CVE-2006-4924\");\n\n script_name(english:\"Solaris 10 (x86) : 123325-03\");\n script_summary(english:\"Check for patch 123325-03\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote host is missing Sun Security Patch number 123325-03\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"SunOS 5.10_x86: sshd patch.\nDate this patch was last updated by Sun : Jun/21/07\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://download.oracle.com/sunalerts/1000947.1.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Install patch 123325-03\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:123325\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:124443\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:125431\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:solaris:10\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/06/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/03/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Solaris Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Solaris/showrev\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"solaris.inc\");\n\nshowrev = get_kb_item(\"Host/Solaris/showrev\");\nif (empty_or_null(showrev)) audit(AUDIT_OS_NOT, \"Solaris\");\nos_ver = pregmatch(pattern:\"Release: (\\d+.(\\d+))\", string:showrev);\nif (empty_or_null(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Solaris\");\nfull_ver = os_ver[1];\nos_level = os_ver[2];\nif (full_ver != \"5.10\") audit(AUDIT_OS_NOT, \"Solaris 10\", \"Solaris \" + os_level);\npackage_arch = pregmatch(pattern:\"Application architecture: (\\w+)\", string:showrev);\nif (empty_or_null(package_arch)) audit(AUDIT_UNKNOWN_ARCH);\npackage_arch = package_arch[1];\nif (package_arch != \"i386\") audit(AUDIT_ARCH_NOT, \"i386\", package_arch);\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nif (solaris_check_patch(release:\"5.10_x86\", arch:\"i386\", patch:\"123325-03\", obsoleted_by:\"120012-14 \", package:\"SUNWcslr\", version:\"11.10.0,REV=2005.01.21.16.34\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10_x86\", arch:\"i386\", patch:\"123325-03\", obsoleted_by:\"120012-14 \", package:\"SUNWhea\", version:\"11.10.0,REV=2005.01.21.16.34\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10_x86\", arch:\"i386\", patch:\"123325-03\", obsoleted_by:\"120012-14 \", package:\"SUNWsshcu\", version:\"11.10.0,REV=2005.01.21.16.34\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10_x86\", arch:\"i386\", patch:\"123325-03\", obsoleted_by:\"120012-14 \", package:\"SUNWsshdu\", version:\"11.10.0,REV=2005.01.21.16.34\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10_x86\", arch:\"i386\", patch:\"123325-03\", obsoleted_by:\"120012-14 \", package:\"SUNWsshu\", version:\"11.10.0,REV=2005.01.21.16.34\") < 0) flag++;\n\nif (flag) {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : solaris_get_report()\n );\n} else {\n patch_fix = solaris_patch_fix_get();\n if (!empty_or_null(patch_fix)) audit(AUDIT_PATCH_INSTALLED, patch_fix, \"Solaris 10\");\n tested = solaris_pkg_tests_get();\n if (!empty_or_null(tested)) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n audit(AUDIT_PACKAGE_NOT_INSTALLED, \"SUNWcslr / SUNWhea / SUNWsshcu / SUNWsshdu / SUNWsshu\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:59:58", "description": "SunOS 5.10_x86: sshd patch.\nDate this patch was last updated by Sun : Jun/21/07", "cvss3": {}, "published": "2007-07-02T00:00:00", "type": "nessus", "title": "Solaris 10 (x86) : 123325-03", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2006-0225", "CVE-2006-4924"], "modified": "2021-01-14T00:00:00", "cpe": [], "id": "SOLARIS10_X86_123325.NASL", "href": "https://www.tenable.com/plugins/nessus/25645", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n# @DEPRECATED@\n#\n# This script has been deprecated as the associated patch is not\n# currently a recommended security fix.\n#\n# Disabled on 2011/10/24.\n#\n\n#\n# (C) Tenable Network Security, Inc.\n#\n#\n\nif ( ! defined_func(\"bn_random\") ) exit(0);\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif(description)\n{\n script_id(25645);\n script_version(\"1.23\");\n\n script_name(english: \"Solaris 10 (x86) : 123325-03\");\n script_cve_id(\"CVE-2006-0225\", \"CVE-2006-4924\");\n script_set_attribute(attribute: \"synopsis\", value:\n\"The remote host is missing Sun Security Patch number 123325-03\");\n script_set_attribute(attribute: \"description\", value:\n'SunOS 5.10_x86: sshd patch.\nDate this patch was last updated by Sun : Jun/21/07');\n script_set_attribute(attribute: \"solution\", value:\n\"You should install this patch for your system to be up-to-date.\");\n script_set_attribute(attribute: \"see_also\", value:\n\"http://download.oracle.com/sunalerts/1000947.1.html\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_cwe_id(399);\n script_set_attribute(attribute:\"plugin_publication_date\", value: \"2007/07/02\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n script_set_attribute(attribute:\"vuln_publication_date\", value: \"2005/09/28\");\n script_end_attributes();\n\n script_summary(english: \"Check for patch 123325-03\");\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2021 Tenable Network Security, Inc.\");\n family[\"english\"] = \"Solaris Local Security Checks\";\n script_family(english:family[\"english\"]);\n \n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/Solaris/showrev\");\n exit(0);\n}\n\n# Deprecated.\nexit(0, \"The associated patch is not currently a recommended security fix.\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:26:27", "description": "SunOS 5.10: sshd patch.\nDate this patch was last updated by Sun : Jun/20/07", "cvss3": {}, "published": "2018-03-12T00:00:00", "type": "nessus", "title": "Solaris 10 (sparc) : 123324-03", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2006-0225", "CVE-2006-4924"], "modified": "2021-01-14T00:00:00", "cpe": ["cpe:/o:oracle:solaris:10", "p-cpe:/a:oracle:solaris:10:123324", "p-cpe:/a:oracle:solaris:10:124442", "p-cpe:/a:oracle:solaris:10:125430"], "id": "SOLARIS10_123324-03.NASL", "href": "https://www.tenable.com/plugins/nessus/107389", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text in this plugin was\n# extracted from the Oracle SunOS Patch Updates.\n#\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(107389);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2006-0225\", \"CVE-2006-4924\");\n\n script_name(english:\"Solaris 10 (sparc) : 123324-03\");\n script_summary(english:\"Check for patch 123324-03\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote host is missing Sun Security Patch number 123324-03\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"SunOS 5.10: sshd patch.\nDate this patch was last updated by Sun : Jun/20/07\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://download.oracle.com/sunalerts/1000947.1.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Install patch 123324-03\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:123324\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:124442\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:125430\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:solaris:10\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/06/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/03/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Solaris Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Solaris/showrev\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"solaris.inc\");\n\nshowrev = get_kb_item(\"Host/Solaris/showrev\");\nif (empty_or_null(showrev)) audit(AUDIT_OS_NOT, \"Solaris\");\nos_ver = pregmatch(pattern:\"Release: (\\d+.(\\d+))\", string:showrev);\nif (empty_or_null(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Solaris\");\nfull_ver = os_ver[1];\nos_level = os_ver[2];\nif (full_ver != \"5.10\") audit(AUDIT_OS_NOT, \"Solaris 10\", \"Solaris \" + os_level);\npackage_arch = pregmatch(pattern:\"Application architecture: (\\w+)\", string:showrev);\nif (empty_or_null(package_arch)) audit(AUDIT_UNKNOWN_ARCH);\npackage_arch = package_arch[1];\nif (package_arch != \"sparc\") audit(AUDIT_ARCH_NOT, \"sparc\", package_arch);\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"123324-03\", obsoleted_by:\"120011-14 \", package:\"SUNWcslr\", version:\"11.10.0,REV=2005.01.21.15.53\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"123324-03\", obsoleted_by:\"120011-14 \", package:\"SUNWhea\", version:\"11.10.0,REV=2005.01.21.15.53\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"123324-03\", obsoleted_by:\"120011-14 \", package:\"SUNWsshcu\", version:\"11.10.0,REV=2005.01.21.15.53\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"123324-03\", obsoleted_by:\"120011-14 \", package:\"SUNWsshdu\", version:\"11.10.0,REV=2005.01.21.15.53\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"123324-03\", obsoleted_by:\"120011-14 \", package:\"SUNWsshu\", version:\"11.10.0,REV=2005.01.21.15.53\") < 0) flag++;\n\nif (flag) {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : solaris_get_report()\n );\n} else {\n patch_fix = solaris_patch_fix_get();\n if (!empty_or_null(patch_fix)) audit(AUDIT_PATCH_INSTALLED, patch_fix, \"Solaris 10\");\n tested = solaris_pkg_tests_get();\n if (!empty_or_null(tested)) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n audit(AUDIT_PACKAGE_NOT_INSTALLED, \"SUNWcslr / SUNWhea / SUNWsshcu / SUNWsshdu / SUNWsshu\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:59:54", "description": "SunOS 5.10: sshd patch.\nDate this patch was last updated by Sun : Jun/20/07", "cvss3": {}, "published": "2007-07-02T00:00:00", "type": "nessus", "title": "Solaris 10 (sparc) : 123324-03", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2006-0225", "CVE-2006-4924"], "modified": "2021-01-14T00:00:00", "cpe": [], "id": "SOLARIS10_123324.NASL", "href": "https://www.tenable.com/plugins/nessus/25642", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n# @DEPRECATED@\n#\n# This script has been deprecated as the associated patch is not\n# currently a recommended security fix.\n#\n# Disabled on 2011/10/24.\n#\n\n#\n# (C) Tenable Network Security, Inc.\n#\n#\n\nif ( ! defined_func(\"bn_random\") ) exit(0);\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif(description)\n{\n script_id(25642);\n script_version(\"1.25\");\n\n script_name(english: \"Solaris 10 (sparc) : 123324-03\");\n script_cve_id(\"CVE-2006-0225\", \"CVE-2006-4924\");\n script_set_attribute(attribute: \"synopsis\", value:\n\"The remote host is missing Sun Security Patch number 123324-03\");\n script_set_attribute(attribute: \"description\", value:\n'SunOS 5.10: sshd patch.\nDate this patch was last updated by Sun : Jun/20/07');\n script_set_attribute(attribute: \"solution\", value:\n\"You should install this patch for your system to be up-to-date.\");\n script_set_attribute(attribute: \"see_also\", value:\n\"http://download.oracle.com/sunalerts/1000947.1.html\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_cwe_id(399);\n script_set_attribute(attribute:\"plugin_publication_date\", value: \"2007/07/02\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n script_set_attribute(attribute:\"vuln_publication_date\", value: \"2005/09/28\");\n script_end_attributes();\n\n script_summary(english: \"Check for patch 123324-03\");\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2021 Tenable Network Security, Inc.\");\n family[\"english\"] = \"Solaris Local Security Checks\";\n script_family(english:family[\"english\"]);\n \n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/Solaris/showrev\");\n exit(0);\n}\n\n# Deprecated.\nexit(0, \"The associated patch is not currently a recommended security fix.\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:20:09", "description": "Problem Description The CRC compensation attack detector in the sshd(8) daemon, upon receipt of duplicate blocks, uses CPU time cubic in the number of duplicate blocks received. [CVE-2006-4924]\n\nA race condition exists in a signal handler used by the sshd(8) daemon to handle the LoginGraceTime option, which can potentially cause some cleanup routines to be executed multiple times. [CVE-2006-5051] Impact An attacker sending specially crafted packets to sshd(8) can cause a Denial of Service by using 100% of CPU time until a connection timeout occurs. Since this attack can be performed over multiple connections simultaneously, it is possible to cause up to MaxStartups (10 by default) sshd processes to use all the CPU time they can obtain.\n[CVE-2006-4924]\n\nThe OpenSSH project believe that the race condition can lead to a Denial of Service or potentially remote code execution, but the FreeBSD Security Team has been unable to verify the exact impact.\n[CVE-2006-5051] Workaround The attack against the CRC compensation attack detector can be avoided by disabling SSH Protocol version 1 support in sshd_config(5).\n\nThere is no workaround for the second issue.", "cvss3": {}, "published": "2006-10-02T00:00:00", "type": "nessus", "title": "FreeBSD : openssh -- multiple vulnerabilities (32db37a5-50c3-11db-acf3-000c6ec775d9)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2006-4924", "CVE-2006-5051"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:openssh", "p-cpe:/a:freebsd:freebsd:openssh-portable", "cpe:/o:freebsd:freebsd"], "id": "FREEBSD_PKG_32DB37A550C311DBACF3000C6EC775D9.NASL", "href": "https://www.tenable.com/plugins/nessus/22488", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(22488);\n script_version(\"1.20\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2006-4924\", \"CVE-2006-5051\");\n script_bugtraq_id(20216, 20241);\n script_xref(name:\"FreeBSD\", value:\"SA-06:22.openssh\");\n\n script_name(english:\"FreeBSD : openssh -- multiple vulnerabilities (32db37a5-50c3-11db-acf3-000c6ec775d9)\");\n script_summary(english:\"Checks for updated packages in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote FreeBSD host is missing one or more security-related\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Problem Description The CRC compensation attack detector in the\nsshd(8) daemon, upon receipt of duplicate blocks, uses CPU time cubic\nin the number of duplicate blocks received. [CVE-2006-4924]\n\nA race condition exists in a signal handler used by the sshd(8) daemon\nto handle the LoginGraceTime option, which can potentially cause some\ncleanup routines to be executed multiple times. [CVE-2006-5051] Impact\nAn attacker sending specially crafted packets to sshd(8) can cause a\nDenial of Service by using 100% of CPU time until a connection timeout\noccurs. Since this attack can be performed over multiple connections\nsimultaneously, it is possible to cause up to MaxStartups (10 by\ndefault) sshd processes to use all the CPU time they can obtain.\n[CVE-2006-4924]\n\nThe OpenSSH project believe that the race condition can lead to a\nDenial of Service or potentially remote code execution, but the\nFreeBSD Security Team has been unable to verify the exact impact.\n[CVE-2006-5051] Workaround The attack against the CRC compensation\nattack detector can be avoided by disabling SSH Protocol version 1\nsupport in sshd_config(5).\n\nThere is no workaround for the second issue.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.openssh.com/txt/release-4.4\"\n );\n # https://vuxml.freebsd.org/freebsd/32db37a5-50c3-11db-acf3-000c6ec775d9.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?c045b020\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(362, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:openssh\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:openssh-portable\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2006/09/25\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2006/09/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2006/10/02\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2006-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"openssh<4.4,1\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"openssh-portable<4.4.p1,1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:19:48", "description": "Several local vulnerabilities have been discovered in the MySQL database server, which may lead to denial of service. The Common Vulnerabilities and Exposures project identifies the following problems :\n\n - CVE-2006-3081 'Kanatoko' discovered that the server can be crashed with feeding NULL values to the str_to_date() function.\n\n - CVE-2006-3469 Jean-David Maillefer discovered that the server can be crashed with specially crafted date_format() function calls.", "cvss3": {}, "published": "2006-10-14T00:00:00", "type": "nessus", "title": "Debian DSA-1112-1 : mysql-dfsg-4.1 - several vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2006-3081", "CVE-2006-3469"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:mysql-dfsg-4.1", "cpe:/o:debian:debian_linux:3.1"], "id": "DEBIAN_DSA-1112.NASL", "href": "https://www.tenable.com/plugins/nessus/22654", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-1112. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(22654);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2006-3081\", \"CVE-2006-3469\");\n script_xref(name:\"DSA\", value:\"1112\");\n\n script_name(english:\"Debian DSA-1112-1 : mysql-dfsg-4.1 - several vulnerabilities\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several local vulnerabilities have been discovered in the MySQL\ndatabase server, which may lead to denial of service. The Common\nVulnerabilities and Exposures project identifies the following\nproblems :\n\n - CVE-2006-3081\n 'Kanatoko' discovered that the server can be crashed\n with feeding NULL values to the str_to_date() function.\n\n - CVE-2006-3469\n Jean-David Maillefer discovered that the server can be\n crashed with specially crafted date_format() function\n calls.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=373913\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=375694\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2006-3081\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2006-3469\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.debian.org/security/2006/dsa-1112\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the mysql-dfsg-4.1 packages.\n\nFor the stable distribution (sarge) these problems have been fixed in\nversion 4.1.11a-4sarge5.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:mysql-dfsg-4.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:3.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2006/07/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2006/10/14\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2006/06/27\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2006-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"3.1\", prefix:\"libmysqlclient14\", reference:\"4.1.11a-4sarge5\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"libmysqlclient14-dev\", reference:\"4.1.11a-4sarge5\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"mysql-client-4.1\", reference:\"4.1.11a-4sarge5\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"mysql-common-4.1\", reference:\"4.1.11a-4sarge5\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"mysql-server-4.1\", reference:\"4.1.11a-4sarge5\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:17:28", "description": "Stefano Di Paola discovered an information leak in the login packet parser. By sending a specially crafted malformed login packet, a remote attacker could exploit this to read a random piece of memory, which could potentially reveal sensitive data. (CVE-2006-1516)\n\nStefano Di Paola also found a similar information leak in the parser for the COM_TABLE_DUMP request. (CVE-2006-1517).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2006-05-13T00:00:00", "type": "nessus", "title": "Ubuntu 5.04 / 5.10 : mysql-dfsg-4.1, mysql-dfsg vulnerabilities (USN-283-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2006-1516", "CVE-2006-1517"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:libmysqlclient12", "p-cpe:/a:canonical:ubuntu_linux:libmysqlclient12-dev", "p-cpe:/a:canonical:ubuntu_linux:libmysqlclient14", "p-cpe:/a:canonical:ubuntu_linux:libmysqlclient14-dev", "p-cpe:/a:canonical:ubuntu_linux:mysql-client", "p-cpe:/a:canonical:ubuntu_linux:mysql-client-4.1", "p-cpe:/a:canonical:ubuntu_linux:mysql-common", "p-cpe:/a:canonical:ubuntu_linux:mysql-common-4.1", "p-cpe:/a:canonical:ubuntu_linux:mysql-server", "p-cpe:/a:canonical:ubuntu_linux:mysql-server-4.1", "cpe:/o:canonical:ubuntu_linux:5.04", "cpe:/o:canonical:ubuntu_linux:5.10"], "id": "UBUNTU_USN-283-1.NASL", "href": "https://www.tenable.com/plugins/nessus/21377", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-283-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(21377);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2006-1516\", \"CVE-2006-1517\");\n script_bugtraq_id(17780);\n script_xref(name:\"USN\", value:\"283-1\");\n\n script_name(english:\"Ubuntu 5.04 / 5.10 : mysql-dfsg-4.1, mysql-dfsg vulnerabilities (USN-283-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Stefano Di Paola discovered an information leak in the login packet\nparser. By sending a specially crafted malformed login packet, a\nremote attacker could exploit this to read a random piece of memory,\nwhich could potentially reveal sensitive data. (CVE-2006-1516)\n\nStefano Di Paola also found a similar information leak in the parser\nfor the COM_TABLE_DUMP request. (CVE-2006-1517).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libmysqlclient12\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libmysqlclient12-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libmysqlclient14\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libmysqlclient14-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:mysql-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:mysql-client-4.1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:mysql-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:mysql-common-4.1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:mysql-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:mysql-server-4.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:5.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:5.10\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2006/05/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2006/05/13\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2006/05/02\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2006-2019 Canonical, Inc. / NASL script (C) 2006-2016 Tenable Network Security, Inc.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! ereg(pattern:\"^(5\\.04|5\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 5.04 / 5.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"5.04\", pkgname:\"libmysqlclient12\", pkgver:\"4.0.23-3ubuntu2.3\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"libmysqlclient12-dev\", pkgver:\"4.0.23-3ubuntu2.3\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"mysql-client\", pkgver:\"4.0.23-3ubuntu2.3\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"mysql-common\", pkgver:\"4.0.23-3ubuntu2.3\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"mysql-server\", pkgver:\"4.0.23-3ubuntu2.3\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"libmysqlclient12\", pkgver:\"4.0.24-10ubuntu2.2\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"libmysqlclient12-dev\", pkgver:\"4.0.24-10ubuntu2.2\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"libmysqlclient14\", pkgver:\"4.1.12-1ubuntu3.3\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"libmysqlclient14-dev\", pkgver:\"4.1.12-1ubuntu3.3\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"mysql-client\", pkgver:\"4.0.24-10ubuntu2.2\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"mysql-client-4.1\", pkgver:\"4.1.12-1ubuntu3.3\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"mysql-common\", pkgver:\"4.0.24-10ubuntu2.2\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"mysql-common-4.1\", pkgver:\"4.1.12-1ubuntu3.3\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"mysql-server\", pkgver:\"4.0.24-10ubuntu2.2\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"mysql-server-4.1\", pkgver:\"4.1.12-1ubuntu3.3\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libmysqlclient12 / libmysqlclient12-dev / libmysqlclient14 / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:17:34", "description": "The check_connection function in sql_parse.cc in MySQL 4.0.x up to 4.0.26, 4.1.x up to 4.1.18, and 5.0.x up to 5.0.20 allows remote attackers to read portions of memory via a username without a trailing null byte, which causes a buffer over-read. (CVE-2006-1516)\n\nsql_parse.cc in MySQL 4.0.x up to 4.0.26, 4.1.x up to 4.1.18, and 5.0.x up to 5.0.20 allows remote attackers to obtain sensitive information via a COM_TABLE_DUMP request with an incorrect packet length, which includes portions of memory in an error message.\n(CVE-2006-1517)\n\nUpdated packages have been patched to correct these issues.", "cvss3": {}, "published": "2006-05-13T00:00:00", "type": "nessus", "title": "Mandrake Linux Security Advisory : MySQL (MDKSA-2006:084)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2006-1516", "CVE-2006-1517"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:mandriva:linux:mysql", "p-cpe:/a:mandriva:linux:mysql-max", "p-cpe:/a:mandriva:linux:mysql-ndb", "p-cpe:/a:mandriva:linux:mysql-bench", "p-cpe:/a:mandriva:linux:mysql-client", "p-cpe:/a:mandriva:linux:mysql-common", "p-cpe:/a:mandriva:linux:x11r6-contrib", "p-cpe:/a:mandriva:linux:lib64mysql14", "p-cpe:/a:mandriva:linux:lib64mysql14-devel", "p-cpe:/a:mandriva:linux:libmysql14", "p-cpe:/a:mandriva:linux:libmysql14-devel", "cpe:/o:mandriva:linux:2006", "x-cpe:/o:mandrakesoft:mandrake_linux:le2005"], "id": "MANDRAKE_MDKSA-2006-084.NASL", "href": "https://www.tenable.com/plugins/nessus/21359", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandrake Linux Security Advisory MDKSA-2006:084. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(21359);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2006-1516\", \"CVE-2006-1517\");\n script_xref(name:\"MDKSA\", value:\"2006:084\");\n\n script_name(english:\"Mandrake Linux Security Advisory : MySQL (MDKSA-2006:084)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandrake Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The check_connection function in sql_parse.cc in MySQL 4.0.x up to\n4.0.26, 4.1.x up to 4.1.18, and 5.0.x up to 5.0.20 allows remote\nattackers to read portions of memory via a username without a trailing\nnull byte, which causes a buffer over-read. (CVE-2006-1516)\n\nsql_parse.cc in MySQL 4.0.x up to 4.0.26, 4.1.x up to 4.1.18, and\n5.0.x up to 5.0.20 allows remote attackers to obtain sensitive\ninformation via a COM_TABLE_DUMP request with an incorrect packet\nlength, which includes portions of memory in an error message.\n(CVE-2006-1517)\n\nUpdated packages have been patched to correct these issues.\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:MySQL\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:MySQL-Max\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:MySQL-NDB\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:MySQL-bench\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:MySQL-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:MySQL-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:X11R6-contrib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64mysql14\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64mysql14-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libmysql14\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libmysql14-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2006\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:mandrakesoft:mandrake_linux:le2005\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2006/05/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2006/05/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2006-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK10.2\", reference:\"MySQL-4.1.11-1.4.102mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.2\", reference:\"MySQL-Max-4.1.11-1.4.102mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.2\", reference:\"MySQL-NDB-4.1.11-1.4.102mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.2\", reference:\"MySQL-bench-4.1.11-1.4.102mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.2\", reference:\"MySQL-client-4.1.11-1.4.102mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.2\", reference:\"MySQL-common-4.1.11-1.4.102mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.2\", cpu:\"x86_64\", reference:\"lib64mysql14-4.1.11-1.4.102mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.2\", cpu:\"x86_64\", reference:\"lib64mysql14-devel-4.1.11-1.4.102mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.2\", cpu:\"i386\", reference:\"libmysql14-4.1.11-1.4.102mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.2\", cpu:\"i386\", reference:\"libmysql14-devel-4.1.11-1.4.102mdk\", yank:\"mdk\")) flag++;\n\nif (rpm_check(release:\"MDK2006.0\", reference:\"MySQL-4.1.12-3.2.20060mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK2006.0\", reference:\"MySQL-Max-4.1.12-3.2.20060mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK2006.0\", reference:\"MySQL-NDB-4.1.12-3.2.20060mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK2006.0\", reference:\"MySQL-bench-4.1.12-3.2.20060mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK2006.0\", reference:\"MySQL-client-4.1.12-3.2.20060mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK2006.0\", reference:\"MySQL-common-4.1.12-3.2.20060mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK2006.0\", cpu:\"i386\", reference:\"X11R6-contrib-6.9.0-5.6.20060mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK2006.0\", cpu:\"x86_64\", reference:\"lib64mysql14-4.1.12-3.2.20060mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK2006.0\", cpu:\"x86_64\", reference:\"lib64mysql14-devel-4.1.12-3.2.20060mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK2006.0\", cpu:\"i386\", reference:\"libmysql14-4.1.12-3.2.20060mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK2006.0\", cpu:\"i386\", reference:\"libmysql14-devel-4.1.12-3.2.20060mdk\", yank:\"mdk\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:17:49", "description": "The remote host is affected by the vulnerability described in GLSA-200605-13 (MySQL: Information leakage)\n\n The processing of the COM_TABLE_DUMP command by a MySQL server fails to properly validate packets that arrive from the client via a network socket.\n Impact :\n\n By crafting specific malicious packets an attacker could gather confidential information from the memory of a MySQL server process, for example results of queries by other users or applications. By using PHP code injection or similar techniques it would be possible to exploit this flaw through web applications that use MySQL as a database backend.\n Note that on 5.x versions it is possible to overwrite the stack and execute arbitrary code with this technique. Users of MySQL 5.x are urged to upgrade to the latest available version.\n Workaround :\n\n There is no known workaround at this time.", "cvss3": {}, "published": "2006-05-13T00:00:00", "type": "nessus", "title": "GLSA-200605-13 : MySQL: Information leakage", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2006-1516", "CVE-2006-1517"], "modified": "2021-01-06T00:00:00", "cpe": ["cpe:/o:gentoo:linux", "p-cpe:/a:gentoo:linux:mysql"], "id": "GENTOO_GLSA-200605-13.NASL", "href": "https://www.tenable.com/plugins/nessus/21355", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 200605-13.\n#\n# The advisory text is Copyright (C) 2001-2015 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(21355);\n script_version(\"1.17\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2006-1516\", \"CVE-2006-1517\");\n script_bugtraq_id(17780);\n script_xref(name:\"GLSA\", value:\"200605-13\");\n\n script_name(english:\"GLSA-200605-13 : MySQL: Information leakage\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-200605-13\n(MySQL: Information leakage)\n\n The processing of the COM_TABLE_DUMP command by a MySQL server fails to\n properly validate packets that arrive from the client via a network\n socket.\n \nImpact :\n\n By crafting specific malicious packets an attacker could gather\n confidential information from the memory of a MySQL server process, for\n example results of queries by other users or applications. By using PHP\n code injection or similar techniques it would be possible to exploit\n this flaw through web applications that use MySQL as a database\n backend.\n Note that on 5.x versions it is possible to overwrite the stack and\n execute arbitrary code with this technique. Users of MySQL 5.x are\n urged to upgrade to the latest available version.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n # http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2006-05/msg00041.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?0c8bb2e4\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/200605-13\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All MySQL users should upgrade to the latest version.\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=dev-db/mysql-4.0.27'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2006/05/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2006/05/13\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2006/05/02\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2006-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"dev-db/mysql\", unaffected:make_list(\"ge 4.1.19\", \"rge 4.0.27\"), vulnerable:make_list(\"lt 4.1.19\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:qpkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"MySQL\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:04:08", "description": "This update of mysql fixes several security vulnerabilities.\n(CVE-2006-4031 / CVE-2006-4226 / CVE-2006-4227)", "cvss3": {}, "published": "2007-12-13T00:00:00", "type": "nessus", "title": "SuSE 10 Security Update : mysql (ZYPP Patch Number 2073)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2006-4031", "CVE-2006-4226", "CVE-2006-4227"], "modified": "2021-01-14T00:00:00", "cpe": ["cpe:/o:suse:suse_linux"], "id": "SUSE_MYSQL-2073.NASL", "href": "https://www.tenable.com/plugins/nessus/29524", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(29524);\n script_version(\"1.17\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2006-4031\", \"CVE-2006-4226\", \"CVE-2006-4227\");\n\n script_name(english:\"SuSE 10 Security Update : mysql (ZYPP Patch Number 2073)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 10 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update of mysql fixes several security vulnerabilities.\n(CVE-2006-4031 / CVE-2006-4226 / CVE-2006-4227)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2006-4031.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2006-4226.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2006-4227.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply ZYPP patch number 2073.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P\");\n script_cwe_id(20);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2006/09/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/12/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 10 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED10\", sp:0, reference:\"mysql-5.0.18-20.8\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:0, reference:\"mysql-5.0.18-20.8\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:0, reference:\"mysql-Max-5.0.18-20.8\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-19T14:21:12", "description": "Secunia reports :\n\nMySQL have some vulnerabilities, which can be exploited by malicious users to disclose potentially sensitive information and compromise a vulnerable system.\n\n1) An error within the code that generates an error response to an invalid COM_TABLE_DUMP packet can be exploited by an authenticated client to disclosure certain memory content of the server process.\n\n2) A boundary error within the handling of specially crafted invalid COM_TABLE_DUMP packets can be exploited by an authenticated client to cause a buffer overflow and allows arbitrary code execution.\n\n3) An error within the handling of malformed login packets can be exploited to disclosure certain memory content of the server process in the error messages.", "cvss3": {}, "published": "2006-06-05T00:00:00", "type": "nessus", "title": "FreeBSD : MySQL -- Information Disclosure and Buffer Overflow Vulnerabilities (4913886c-e875-11da-b9f4-00123ffe8333)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2006-1516", "CVE-2006-1517", "CVE-2006-1518"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:mysql-server", "cpe:/o:freebsd:freebsd"], "id": "FREEBSD_PKG_4913886CE87511DAB9F400123FFE8333.NASL", "href": "https://www.tenable.com/plugins/nessus/21633", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(21633);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2006-1516\", \"CVE-2006-1517\", \"CVE-2006-1518\");\n script_xref(name:\"CERT\", value:\"602457\");\n script_xref(name:\"Secunia\", value:\"19929\");\n\n script_name(english:\"FreeBSD : MySQL -- Information Disclosure and Buffer Overflow Vulnerabilities (4913886c-e875-11da-b9f4-00123ffe8333)\");\n script_summary(english:\"Checks for updated packages in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote FreeBSD host is missing one or more security-related\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Secunia reports :\n\nMySQL have some vulnerabilities, which can be exploited by malicious\nusers to disclose potentially sensitive information and compromise a\nvulnerable system.\n\n1) An error within the code that generates an error response to an\ninvalid COM_TABLE_DUMP packet can be exploited by an authenticated\nclient to disclosure certain memory content of the server process.\n\n2) A boundary error within the handling of specially crafted invalid\nCOM_TABLE_DUMP packets can be exploited by an authenticated client to\ncause a buffer overflow and allows arbitrary code execution.\n\n3) An error within the handling of malformed login packets can be\nexploited to disclosure certain memory content of the server process\nin the error messages.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.wisec.it/vulns.php?page=7\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.wisec.it/vulns.php?page=8\"\n );\n # http://dev.mysql.com/doc/refman/4.1/en/news-4-0-27.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://dev.mysql.com/doc/refman/4.1/en/news-4-0-27.html\"\n );\n # http://dev.mysql.com/doc/refman/4.1/en/news-4-1-19.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://dev.mysql.com/doc/refman/4.1/en/news-4-1-19.html\"\n );\n # http://dev.mysql.com/doc/refman/5.1/en/news-5-1-10.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://dev.mysql.com/doc/refman/5.1/en/news-5-1-10.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.vuxml.org/freebsd/a8d8713e-dc83-11da-a22b-000c6ec775d9.html\"\n );\n # https://vuxml.freebsd.org/freebsd/4913886c-e875-11da-b9f4-00123ffe8333.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?01ec0ec8\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:mysql-server\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2006/05/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2006/06/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2006/06/05\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2006-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"mysql-server>4.0<4.0.27\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"mysql-server>4.1<4.1.19\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"mysql-server>5.1<=5.1.9\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:00:54", "description": "This update of mysql fixes several security vulnerabilities.\n(CVE-2006-4031,CVE-2006-4226,CVE-2006-4227)", "cvss3": {}, "published": "2007-10-17T00:00:00", "type": "nessus", "title": "openSUSE 10 Security Update : mysql (mysql-2075)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2006-4031", "CVE-2006-4226", "CVE-2006-4227"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:mysql", "p-cpe:/a:novell:opensuse:mysql-max", "cpe:/o:novell:opensuse:10.1"], "id": "SUSE_MYSQL-2075.NASL", "href": "https://www.tenable.com/plugins/nessus/27358", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update mysql-2075.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(27358);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2006-4031\", \"CVE-2006-4226\", \"CVE-2006-4227\");\n\n script_name(english:\"openSUSE 10 Security Update : mysql (mysql-2075)\");\n script_summary(english:\"Check for the mysql-2075 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update of mysql fixes several security vulnerabilities.\n(CVE-2006-4031,CVE-2006-4226,CVE-2006-4227)\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected mysql packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P\");\n script_cwe_id(20);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mysql-Max\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:10.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2006/09/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/10/17\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE10\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"10.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE10.1\", reference:\"mysql-5.0.18-20.8\") ) flag++;\nif ( rpm_check(release:\"SUSE10.1\", reference:\"mysql-Max-5.0.18-20.8\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"mysql\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:02:50", "description": "Tavis Ormandy discovered that the SSH daemon did not properly handle authentication packets with duplicated blocks. By sending specially crafted packets, a remote attacker could exploit this to cause the ssh daemon to drain all available CPU resources until the login grace time expired. (CVE-2006-4924)\n\nMark Dowd discovered a race condition in the server's signal handling.\nA remote attacker could exploit this to crash the server.\n(CVE-2006-5051).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2007-11-10T00:00:00", "type": "nessus", "title": "Ubuntu 5.04 / 5.10 / 6.06 LTS : openssh vulnerabilities (USN-355-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2006-4924", "CVE-2006-5051", "CVE-2008-4109"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:openssh-client", "p-cpe:/a:canonical:ubuntu_linux:openssh-server", "p-cpe:/a:canonical:ubuntu_linux:ssh", "p-cpe:/a:canonical:ubuntu_linux:ssh-askpass-gnome", "cpe:/o:canonical:ubuntu_linux:5.04", "cpe:/o:canonical:ubuntu_linux:5.10", "cpe:/o:canonical:ubuntu_linux:6.06:-:lts"], "id": "UBUNTU_USN-355-1.NASL", "href": "https://www.tenable.com/plugins/nessus/27935", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-355-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(27935);\n script_version(\"1.18\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2006-4924\", \"CVE-2006-5051\", \"CVE-2008-4109\");\n script_bugtraq_id(20216);\n script_xref(name:\"USN\", value:\"355-1\");\n\n script_name(english:\"Ubuntu 5.04 / 5.10 / 6.06 LTS : openssh vulnerabilities (USN-355-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Tavis Ormandy discovered that the SSH daemon did not properly handle\nauthentication packets with duplicated blocks. By sending specially\ncrafted packets, a remote attacker could exploit this to cause the ssh\ndaemon to drain all available CPU resources until the login grace time\nexpired. (CVE-2006-4924)\n\nMark Dowd discovered a race condition in the server's signal handling.\nA remote attacker could exploit this to crash the server.\n(CVE-2006-5051).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/355-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(264, 362, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:openssh-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:openssh-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:ssh\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:ssh-askpass-gnome\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:5.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:5.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:6.06:-:lts\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2006/10/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/11/10\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2007-2019 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! ereg(pattern:\"^(5\\.04|5\\.10|6\\.06)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 5.04 / 5.10 / 6.06\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"5.04\", pkgname:\"openssh-client\", pkgver:\"3.9p1-1ubuntu2.3\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"openssh-server\", pkgver:\"1:3.9p1-1ubuntu2.3\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"ssh\", pkgver:\"3.9p1-1ubuntu2.3\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"ssh-askpass-gnome\", pkgver:\"3.9p1-1ubuntu2.3\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"openssh-client\", pkgver:\"4.1p1-7ubuntu4.2\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"openssh-server\", pkgver:\"1:4.1p1-7ubuntu4.2\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"ssh\", pkgver:\"4.1p1-7ubuntu4.2\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"ssh-askpass-gnome\", pkgver:\"4.1p1-7ubuntu4.2\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"openssh-client\", pkgver:\"4.2p1-7ubuntu3.1\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"openssh-server\", pkgver:\"1:4.2p1-7ubuntu3.1\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"ssh\", pkgver:\"4.2p1-7ubuntu3.1\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"ssh-askpass-gnome\", pkgver:\"4.2p1-7ubuntu3.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssh-client / openssh-server / ssh / ssh-askpass-gnome\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:01:59", "description": "Attackers could read portions of memory by using a user name with trailing null byte or via COM_TABLE_DUMP command (CVE-2006-1516, CVE-2006-1517). Attackers could execute arbitrary code by causing a buffer overflow via specially crafted COM_TABLE_DUMP packets (CVE-2006-1518).", "cvss3": {}, "published": "2007-10-17T00:00:00", "type": "nessus", "title": "openSUSE 10 Security Update : mysql (mysql-1312)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2006-1516", "CVE-2006-1517", "CVE-2006-1518"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:mysql", "cpe:/o:novell:opensuse:10.1"], "id": "SUSE_MYSQL-1312.NASL", "href": "https://www.tenable.com/plugins/nessus/27356", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update mysql-1312.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(27356);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2006-1516\", \"CVE-2006-1517\", \"CVE-2006-1518\");\n\n script_name(english:\"openSUSE 10 Security Update : mysql (mysql-1312)\");\n script_summary(english:\"Check for the mysql-1312 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Attackers could read portions of memory by using a user name with\ntrailing null byte or via COM_TABLE_DUMP command (CVE-2006-1516,\nCVE-2006-1517). Attackers could execute arbitrary code by causing a\nbuffer overflow via specially crafted COM_TABLE_DUMP packets\n(CVE-2006-1518).\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected mysql package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:10.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2006/05/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/10/17\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE10\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"10.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE10.1\", reference:\"mysql-5.0.18-16.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"mysql\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2022-03-27T14:20:07", "description": "The remote host is missing the patch for the advisory SUSE-SA:2006:036 (mysql).\n\n\nThe database server MySQL was updated to fix the following security problems:\n\n- Attackers could read portions of memory by using a user name with trailing null byte or via COM_TABLE_DUMP command (CVE-2006-1516, CVE-2006-1517).\n\n- Attackers could potentially execute arbitrary code by causing a buffer overflow via specially crafted COM_TABLE_DUMP packets (CVE-2006-1518).\n\nThe mysql server package was released on May 30th already, the mysql-Max server package was released on June 20th after additional bugfixes.", "cvss3": {}, "published": "2007-02-18T00:00:00", "type": "nessus", "title": "SUSE-SA:2006:036: mysql", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2006-1516", "CVE-2006-1517", "CVE-2006-1518"], "modified": "2021-01-14T00:00:00", "cpe": [], "id": "SUSE_SA_2006_036.NASL", "href": "https://www.tenable.com/plugins/nessus/24416", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# This plugin text was extracted from SuSE Security Advisory SUSE-SA:2006:036\n#\n\n\nif ( ! defined_func(\"bn_random\") ) exit(0);\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif(description)\n{\n script_id(24416);\n script_version(\"1.10\");\n \n name[\"english\"] = \"SUSE-SA:2006:036: mysql\";\n \n script_name(english:name[\"english\"]);\n \n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host is missing a vendor-supplied security patch\" );\n script_set_attribute(attribute:\"description\", value:\n\"The remote host is missing the patch for the advisory SUSE-SA:2006:036 (mysql).\n\n\nThe database server MySQL was updated to fix the following security problems:\n\n- Attackers could read portions of memory by using a user name with\ntrailing null byte or via COM_TABLE_DUMP command (CVE-2006-1516,\nCVE-2006-1517).\n\n- Attackers could potentially execute arbitrary code by causing a\nbuffer overflow via specially crafted COM_TABLE_DUMP packets\n(CVE-2006-1518).\n\nThe mysql server package was released on May 30th already, the\nmysql-Max server package was released on June 20th after additional\nbugfixes.\" );\n script_set_attribute(attribute:\"solution\", value:\n\"http://www.novell.com/linux/security/advisories/2006_36_mysql.html\" );\n script_set_attribute(attribute:\"risk_factor\", value:\"High\" );\n\n\n\n script_set_attribute(attribute:\"plugin_publication_date\", value: \"2007/02/18\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n script_end_attributes();\n\n \n summary[\"english\"] = \"Check for the version of the mysql package\";\n script_summary(english:summary[\"english\"]);\n \n script_category(ACT_GATHER_INFO);\n \n script_copyright(english:\"This script is Copyright (C) 2007-2021 Tenable Network Security, Inc.\");\n family[\"english\"] = \"SuSE Local Security Checks\";\n script_family(english:family[\"english\"]);\n \n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/SuSE/rpm-list\");\n exit(0);\n}\n\ninclude(\"rpm.inc\");\nif ( rpm_check( reference:\"mysql-4.1.13-3.4\", release:\"SUSE10.0\") )\n{\n security_hole(0);\n exit(0);\n}\nif ( rpm_check( reference:\"mysql-4.0.18-32.23\", release:\"SUSE9.1\") )\n{\n security_hole(0);\n exit(0);\n}\nif ( rpm_check( reference:\"mysql-Max-4.0.18-32.26\", release:\"SUSE9.1\") )\n{\n security_hole(0);\n exit(0);\n}\nif ( rpm_check( reference:\"mysql-4.0.21-4.8\", release:\"SUSE9.2\") )\n{\n security_hole(0);\n exit(0);\n}\nif ( rpm_check( reference:\"mysql-Max-4.0.21-4.8\", release:\"SUSE9.2\") )\n{\n security_hole(0);\n exit(0);\n}\nif ( rpm_check( reference:\"mysql-4.1.10a-3.6\", release:\"SUSE9.3\") )\n{\n security_hole(0);\n exit(0);\n}\nif ( rpm_check( reference:\"mysql-Max-4.1.10a-3.6\", release:\"SUSE9.3\") )\n{\n security_hole(0);\n exit(0);\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:17:48", "description": "New mysql packages are available for Slackware 10.2 and -current to fix security issues. The MySQL package shipped with Slackware 10.2 may possibly leak sensitive information found in uninitialized memory to authenticated users. The MySQL package previously in Slackware\n-current also suffered from these flaws, but an additional overflow could allow arbitrary code execution. Since the vulnerabilities require a valid login and/or access to the database server, the risk is moderate. Slackware does not provide network access to a MySQL database by default.", "cvss3": {}, "published": "2006-05-13T00:00:00", "type": "nessus", "title": "Slackware 10.2 / current : mysql (SSA:2006-129-02)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2006-1516", "CVE-2006-1517", "CVE-2006-1518"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:slackware:slackware_linux:mysql", "cpe:/o:slackware:slackware_linux", "cpe:/o:slackware:slackware_linux:10.2"], "id": "SLACKWARE_SSA_2006-129-02.NASL", "href": "https://www.tenable.com/plugins/nessus/21345", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Slackware Security Advisory 2006-129-02. The text \n# itself is copyright (C) Slackware Linux, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(21345);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2006-1516\", \"CVE-2006-1517\", \"CVE-2006-1518\");\n script_xref(name:\"SSA\", value:\"2006-129-02\");\n\n script_name(english:\"Slackware 10.2 / current : mysql (SSA:2006-129-02)\");\n script_summary(english:\"Checks for updated package in /var/log/packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Slackware host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"New mysql packages are available for Slackware 10.2 and -current to\nfix security issues. The MySQL package shipped with Slackware 10.2 may\npossibly leak sensitive information found in uninitialized memory to\nauthenticated users. The MySQL package previously in Slackware\n-current also suffered from these flaws, but an additional overflow\ncould allow arbitrary code execution. Since the vulnerabilities\nrequire a valid login and/or access to the database server, the risk\nis moderate. Slackware does not provide network access to a MySQL\ndatabase by default.\"\n );\n # http://www.slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.507293\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?ec112a5f\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected mysql package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:slackware:slackware_linux:mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:10.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2006/05/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2006/05/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2006-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Slackware Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Slackware/release\", \"Host/Slackware/packages\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"slackware.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Slackware/release\")) audit(AUDIT_OS_NOT, \"Slackware\");\nif (!get_kb_item(\"Host/Slackware/packages\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Slackware\", cpu);\n\n\nflag = 0;\nif (slackware_check(osver:\"10.2\", pkgname:\"mysql\", pkgver:\"4.1.19\", pkgarch:\"i486\", pkgnum:\"1\")) flag++;\n\nif (slackware_check(osver:\"current\", pkgname:\"mysql\", pkgver:\"5.0.21\", pkgarch:\"i486\", pkgnum:\"1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:slackware_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:24:15", "description": "The version of MySQL installed on the remote host is earlier than 4.0.27 / 4.1.19 / 5.0.21. As such, it is potentially affected by the following vulnerabilities :\n\n - A remote attacker may be able to read portions of memory by sending a specially crafted login packet in which the username does not have a trailing NULL. (CVE-2006-1516)\n\n - A remote attacker may be able to read portions of memory by sending a specially crafted COM_TABLE_DUMP request with an incorrect packet length. (CVE-2006-1517)\n\n - A buffer overflow in the 'open_table()' function could allow a remote, authenticated attacker to execute arbitrary code via specially crafted COM_TABLE_DUMP packets. (CVE-2006-1518)", "cvss3": {}, "published": "2011-11-18T00:00:00", "type": "nessus", "title": "MySQL < 4.0.27 / 4.1.19 / 5.0.21 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2006-1516", "CVE-2006-1517", "CVE-2006-1518"], "modified": "2018-11-15T00:00:00", "cpe": ["cpe:/a:mysql:mysql"], "id": "MYSQL_5_0_21.NASL", "href": "https://www.tenable.com/plugins/nessus/17697", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(17697);\n script_version(\"1.8\");\n script_cvs_date(\"Date: 2018/11/15 20:50:21\");\n\n script_cve_id(\"CVE-2006-1516\", \"CVE-2006-1517\", \"CVE-2006-1518\");\n script_bugtraq_id(17780);\n script_xref(name:\"CERT\", value:\"602457\");\n\n script_name(english:\"MySQL < 4.0.27 / 4.1.19 / 5.0.21 Multiple Vulnerabilities\");\n script_summary(english:\"Checks version of MySQL Server\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote database server is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of MySQL installed on the remote host is earlier than\n4.0.27 / 4.1.19 / 5.0.21. As such, it is potentially affected by the\nfollowing vulnerabilities :\n\n - A remote attacker may be able to read portions of memory\n by sending a specially crafted login packet in which the\n username does not have a trailing NULL. (CVE-2006-1516)\n\n - A remote attacker may be able to read portions of memory\n by sending a specially crafted COM_TABLE_DUMP request \n with an incorrect packet length. (CVE-2006-1517)\n\n - A buffer overflow in the 'open_table()' function could \n allow a remote, authenticated attacker to execute \n arbitrary code via specially crafted COM_TABLE_DUMP \n packets. (CVE-2006-1518)\");\n script_set_attribute(attribute:\"see_also\", value:\"http://dev.mysql.com/doc/refman/4.1/en/news-4-0-27.html\");\n script_set_attribute(attribute:\"see_also\", value:\"http://dev.mysql.com/doc/refman/4.1/en/news-4-1-19.html\");\n script_set_attribute(attribute:\"see_also\", value:\"http://dev.mysql.com/doc/refman/5.0/en/news-5-0-21.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.securityfocus.com/archive/1/archive/1/432734/100/0/threaded\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to MySQL version 4.0.27 / 4.1.19 / 5.0.21 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2006/05/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/11/18\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:mysql:mysql\");\n script_end_attributes();\n \n script_category(ACT_GATHER_INFO);\n script_family(english:\"Databases\");\n\n script_copyright(english:\"This script is Copyright (C) 2011-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"mysql_version.nasl\", \"mysql_login.nasl\");\n script_require_ports(\"Services/mysql\", 3306);\n script_require_keys(\"Settings/ParanoidReport\");\n\n exit(0);\n}\n\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"mysql_func.inc\");\n\n\n# nb: banner checks of open source software are prone to false-\n# positives so only run the check if reporting is paranoid.\nif (report_paranoia < 2)\n exit(1, \"This plugin only runs if 'Report paranoia' is set to 'Paranoid'.\");\n\nport = get_service(svc:\"mysql\", default:3306, exit_on_fail:TRUE);\n\nif (!mysql_init(port:port, exit_on_fail:TRUE) == 1) \n exit(1, \"Can't establish a connection to the MySQL server listening on port \"+port+\".\");\n\nversion = mysql_get_version();\nmysql_close();\nif (!strlen(version)) exit(1, \"Can't get the version of the MySQL server listening on port \"+port+\".\");\n\nif (\n version =~ \"^4\\.0\\.([01]?[0-9]|2[0-6])($|[^0-9])\" ||\n version =~ \"^4\\.1\\.(0?[0-9]|1[0-8])($|[^0-9])\" ||\n version =~ \"^5\\.0\\.([01]?[0-9]|20)($|[^0-9])\"\n)\n{\n if (report_verbosity > 0)\n {\n report = '\\n Installed version : ' + version +\n '\\n Fixed version : 4.0.27 / 4.1.19 / 5.0.21' +\n '\\n';\n datadir = get_kb_item('mysql/' + port + '/datadir');\n if (!empty_or_null(datadir))\n {\n report += ' Data Dir : ' + datadir + '\\n';\n }\n databases = get_kb_item('mysql/' + port + '/databases');\n if (!empty_or_null(databases))\n { \n report += ' Databases :\\n' + databases;\n }\n security_warning(port:port, extra:report);\n }\n else security_warning(port);\n exit(0);\n}\nelse exit(0, \"The MySQL \"+version+\" server listening on port \"+port+\" is not affected.\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:19:22", "description": "According to its banner, the version of OpenSSH installed on the remote host is affected by multiple vulnerabilities :\n\n - A race condition exists that may allow an unauthenticated, remote attacker to crash the service or, on portable OpenSSH, possibly execute code on the affected host. Note that successful exploitation requires that GSSAPI authentication be enabled.\n \n - A flaw exists that may allow an attacker to determine the validity of usernames on some platforms. Note that this issue requires that GSSAPI authentication be enabled.\n\n - When SSH version 1 is used, an issue can be triggered via an SSH packet that contains duplicate blocks that could result in a loss of availability for the service.\n\n - On Fedora Core 6 (and possibly other systems), an unspecified vulnerability in the linux_audit_record_event() function allows remote attackers to inject incorrect information into audit logs.", "cvss3": {}, "published": "2006-09-28T00:00:00", "type": "nessus", "title": "OpenSSH < 4.4 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2006-4924", "CVE-2006-4925", "CVE-2006-5051", "CVE-2006-5052", "CVE-2006-5229", "CVE-2007-3102", "CVE-2008-4109"], "modified": "2018-07-16T00:00:00", "cpe": ["cpe:/a:openbsd:openssh"], "id": "OPENSSH_44.NASL", "href": "https://www.tenable.com/plugins/nessus/22466", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description) \n{\n script_id(22466);\n script_version(\"1.30\");\n script_cvs_date(\"Date: 2018/07/16 14:09:13\");\n\n script_cve_id(\"CVE-2006-4924\", \"CVE-2006-4925\", \"CVE-2006-5051\", \"CVE-2006-5052\", \"CVE-2006-5229\", \"CVE-2007-3102\", \"CVE-2008-4109\");\n script_bugtraq_id(20216, 20241, 20245);\n\n script_name(english:\"OpenSSH < 4.4 Multiple Vulnerabilities\");\n script_summary(english:\"Checks version number of OpenSSH\");\n \n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SSH server is affected by multiple vulnerabilities.\" );\n script_set_attribute(attribute:\"description\", value:\n\"According to its banner, the version of OpenSSH installed on the\nremote host is affected by multiple vulnerabilities :\n\n - A race condition exists that may allow an\n unauthenticated, remote attacker to crash the service \n or, on portable OpenSSH, possibly execute code on the \n affected host. Note that successful exploitation \n requires that GSSAPI authentication be enabled.\n \n - A flaw exists that may allow an attacker to determine \n the validity of usernames on some platforms. Note that \n this issue requires that GSSAPI authentication be \n enabled.\n\n - When SSH version 1 is used, an issue can be triggered \n via an SSH packet that contains duplicate blocks that \n could result in a loss of availability for the service.\n\n - On Fedora Core 6 (and possibly other systems), an\n unspecified vulnerability in the\n linux_audit_record_event() function allows remote\n attackers to inject incorrect information into\n audit logs.\");\n\n script_set_attribute(attribute:\"see_also\", value:\"http://www.openssh.com/txt/release-4.4\" );\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to OpenSSH 4.4 or later.\" );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(264, 362, 399);\n script_set_attribute(attribute:\"plugin_publication_date\", value: \"2006/09/28\");\n script_set_attribute(attribute:\"vuln_publication_date\", value: \"2006/09/28\");\n script_set_attribute(attribute:\"plugin_type\", value: \"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:openbsd:openssh\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n script_copyright(english:\"This script is Copyright (C) 2006-2018 Tenable Network Security, Inc.\");\n script_dependencies(\"ssh_detect.nasl\");\n script_require_ports(\"Services/ssh\", 22);\n exit(0);\n}\n\ninclude(\"backport.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\n# Ensure the port is open.\nport = get_service(svc:\"ssh\", exit_on_fail:TRUE);\n\n# Get banner for service.\nbanner = get_kb_item_or_exit(\"SSH/banner/\"+port);\n\nbp_banner = tolower(get_backport_banner(banner:banner));\nif (\"openssh\" >!< bp_banner) exit(0, \"The SSH service on port \"+port+\" is not OpenSSH.\");\nif (backported) exit(1, \"The banner from the OpenSSH server on port \"+port+\" indicates patches may have been backported.\");\n\nif (!get_kb_item(\"Settings/PCI_DSS\"))\n{\n auth = get_kb_item_or_exit(\"SSH/supportedauth/\" + port);\n if (\"gssapi\" >!< auth) exit(0, \"The SSH service on port \"+port+\" doesn't support GSSAPI.\");\n}\n\nif (bp_banner =~ \"openssh[-_]([0-3]\\.|4\\.[0-3]([^0-9]|$))\")\n security_hole(port);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:45:20", "description": "Updated mysql packages that fix various security issues, several bugs, and add an enhancement are now available for Red Hat Enterprise Linux 4.\n\nThis update has been rated as having moderate security impact by the Red Hat Security Response Team.\n\nMySQL is a multi-user, multi-threaded SQL database server. MySQL is a client/server implementation consisting of a server daemon (mysqld), and many different client programs and libraries.\n\nMySQL did not correctly check directories used as arguments for the DATA DIRECTORY and INDEX DIRECTORY directives. Using this flaw, an authenticated attacker could elevate their access privileges to tables created by other database users. Note: this attack does not work on existing tables. An attacker can only elevate their access to another user's tables as the tables are created. As well, the names of these created tables need to be predicted correctly for this attack to succeed. (CVE-2008-2079)\n\nMySQL did not require the 'DROP' privilege for 'RENAME TABLE' statements. An authenticated user could use this flaw to rename arbitrary tables. (CVE-2007-2691)\n\nMySQL allowed an authenticated user to access a table through a previously created MERGE table, even after the user's privileges were revoked from the original table, which might violate intended security policy. This is addressed by allowing the MERGE storage engine to be disabled, which can be done by running mysqld with the '--skip-merge' option. (CVE-2006-4031)\n\nA flaw in MySQL allowed an authenticated user to cause the MySQL daemon to crash via crafted SQL queries. This only caused a temporary denial of service, as the MySQL daemon is automatically restarted after the crash. (CVE-2006-3469)\n\nAs well, these updated packages fix the following bugs :\n\n* in the previous mysql packages, if a column name was referenced more than once in an 'ORDER BY' section of a query, a segmentation fault occurred.\n\n* when MySQL failed to start, the init script returned a successful (0) exit code. When using the Red Hat Cluster Suite, this may have caused cluster services to report a successful start, even when MySQL failed to start. In these updated packages, the init script returns the correct exit codes, which resolves this issue.\n\n* it was possible to use the mysqld_safe command to specify invalid port numbers (higher than 65536), causing invalid ports to be created, and, in some cases, a 'port number definition: unsigned short' error.\nIn these updated packages, when an invalid port number is specified, the default port number is used.\n\n* when setting 'myisam_repair_threads > 1', any repair set the index cardinality to '1', regardless of the table size.\n\n* the MySQL init script no longer runs 'chmod -R' on the entire database directory tree during every startup.\n\n* when running 'mysqldump' with the MySQL 4.0 compatibility mode option, '--compatible=mysql40', mysqldump created dumps that omitted the 'auto_increment' field.\n\nAs well, the MySQL init script now uses more reliable methods for determining parameters, such as the data directory location.\n\nNote: these updated packages upgrade MySQL to version 4.1.22. For a full list of bug fixes and enhancements, refer to the MySQL release notes: http://dev.mysql.com/doc/refman/4.1/en/news-4-1-22.html\n\nAll mysql users are advised to upgrade to these updated packages, which resolve these issues and add this enhancement.", "cvss3": {}, "published": "2008-07-25T00:00:00", "type": "nessus", "title": "RHEL 4 : mysql (RHSA-2008:0768)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2006-3469", "CVE-2006-4031", "CVE-2007-2691", "CVE-2008-2079"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:mysql", "p-cpe:/a:redhat:enterprise_linux:mysql-bench", "p-cpe:/a:redhat:enterprise_linux:mysql-devel", "p-cpe:/a:redhat:enterprise_linux:mysql-server", "cpe:/o:redhat:enterprise_linux:4"], "id": "REDHAT-RHSA-2008-0768.NASL", "href": "https://www.tenable.com/plugins/nessus/33585", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2008:0768. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(33585);\n script_version(\"1.28\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2006-3469\", \"CVE-2006-4031\", \"CVE-2007-2691\", \"CVE-2008-2079\");\n script_bugtraq_id(19279, 24016, 29106);\n script_xref(name:\"RHSA\", value:\"2008:0768\");\n\n script_name(english:\"RHEL 4 : mysql (RHSA-2008:0768)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated mysql packages that fix various security issues, several bugs,\nand add an enhancement are now available for Red Hat Enterprise Linux\n4.\n\nThis update has been rated as having moderate security impact by the\nRed Hat Security Response Team.\n\nMySQL is a multi-user, multi-threaded SQL database server. MySQL is a\nclient/server implementation consisting of a server daemon (mysqld),\nand many different client programs and libraries.\n\nMySQL did not correctly check directories used as arguments for the\nDATA DIRECTORY and INDEX DIRECTORY directives. Using this flaw, an\nauthenticated attacker could elevate their access privileges to tables\ncreated by other database users. Note: this attack does not work on\nexisting tables. An attacker can only elevate their access to another\nuser's tables as the tables are created. As well, the names of these\ncreated tables need to be predicted correctly for this attack to\nsucceed. (CVE-2008-2079)\n\nMySQL did not require the 'DROP' privilege for 'RENAME TABLE'\nstatements. An authenticated user could use this flaw to rename\narbitrary tables. (CVE-2007-2691)\n\nMySQL allowed an authenticated user to access a table through a\npreviously created MERGE table, even after the user's privileges were\nrevoked from the original table, which might violate intended security\npolicy. This is addressed by allowing the MERGE storage engine to be\ndisabled, which can be done by running mysqld with the '--skip-merge'\noption. (CVE-2006-4031)\n\nA flaw in MySQL allowed an authenticated user to cause the MySQL\ndaemon to crash via crafted SQL queries. This only caused a temporary\ndenial of service, as the MySQL daemon is automatically restarted\nafter the crash. (CVE-2006-3469)\n\nAs well, these updated packages fix the following bugs :\n\n* in the previous mysql packages, if a column name was referenced more\nthan once in an 'ORDER BY' section of a query, a segmentation fault\noccurred.\n\n* when MySQL failed to start, the init script returned a successful\n(0) exit code. When using the Red Hat Cluster Suite, this may have\ncaused cluster services to report a successful start, even when MySQL\nfailed to start. In these updated packages, the init script returns\nthe correct exit codes, which resolves this issue.\n\n* it was possible to use the mysqld_safe command to specify invalid\nport numbers (higher than 65536), causing invalid ports to be created,\nand, in some cases, a 'port number definition: unsigned short' error.\nIn these updated packages, when an invalid port number is specified,\nthe default port number is used.\n\n* when setting 'myisam_repair_threads > 1', any repair set the index\ncardinality to '1', regardless of the table size.\n\n* the MySQL init script no longer runs 'chmod -R' on the entire\ndatabase directory tree during every startup.\n\n* when running 'mysqldump' with the MySQL 4.0 compatibility mode\noption, '--compatible=mysql40', mysqldump created dumps that omitted\nthe 'auto_increment' field.\n\nAs well, the MySQL init script now uses more reliable methods for\ndetermining parameters, such as the data directory location.\n\nNote: these updated packages upgrade MySQL to version 4.1.22. For a\nfull list of bug fixes and enhancements, refer to the MySQL release\nnotes: http://dev.mysql.com/doc/refman/4.1/en/news-4-1-22.html\n\nAll mysql users are advised to upgrade to these updated packages,\nwhich resolve these issues and add this enhancement.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2006-3469\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2006-4031\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2007-2691\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-2079\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2008:0768\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:N/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(264);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mysql-bench\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mysql-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mysql-server\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2006/07/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/07/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/07/25\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^4([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 4.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2008:0768\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL4\", reference:\"mysql-4.1.22-2.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"mysql-bench-4.1.22-2.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"mysql-devel-4.1.22-2.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"mysql-server-4.1.22-2.el4\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"mysql / mysql-bench / mysql-devel / mysql-server\");\n }\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:25:07", "description": "MySQL did not correctly check directories used as arguments for the DATA DIRECTORY and INDEX DIRECTORY directives. Using this flaw, an authenticated attacker could elevate their access privileges to tables created by other database users. Note: this attack does not work on existing tables. An attacker can only elevate their access to another user's tables as the tables are created. As well, the names of these created tables need to be predicted correctly for this attack to succeed. (CVE-2008-2079)\n\nMySQL did not require the 'DROP' privilege for 'RENAME TABLE' statements. An authenticated user could use this flaw to rename arbitrary tables. (CVE-2007-2691)\n\nMySQL allowed an authenticated user to access a table through a previously created MERGE table, even after the user's privileges were revoked from the original table, which might violate intended security policy. This is addressed by allowing the MERGE storage engine to be disabled, which can be done by running mysqld with the '--skip-merge' option. (CVE-2006-4031)\n\nA flaw in MySQL allowed an authenticated user to cause the MySQL daemon to crash via crafted SQL queries. This only caused a temporary denial of service, as the MySQL daemon is automatically restarted after the crash. (CVE-2006-3469)\n\nAs well, these updated packages fix the following bugs :\n\n - in the previous mysql packages, if a column name was referenced more than once in an 'ORDER BY' section of a query, a segmentation fault occurred.\n\n - when MySQL failed to start, the init script returned a successful (0) exit code. When using the Red Hat Cluster Suite, this may have caused cluster services to report a successful start, even when MySQL failed to start. In these updated packages, the init script returns the correct exit codes, which resolves this issue.\n\n - it was possible to use the mysqld_safe command to specify invalid port numbers (higher than 65536), causing invalid ports to be created, and, in some cases, a 'port number definition: unsigned short' error. In these updated packages, when an invalid port number is specified, the default port number is used.\n\n - when setting 'myisam_repair_threads > 1', any repair set the index cardinality to '1', regardless of the table size.\n\n - the MySQL init script no longer runs 'chmod -R' on the entire database directory tree during every startup.\n\n - when running 'mysqldump' with the MySQL 4.0 compatibility mode option, '--compatible=mysql40', mysqldump created dumps that omitted the 'auto_increment' field.\n\nAs well, the MySQL init script now uses more reliable methods for determining parameters, such as the data directory location.\n\nNote: these updated packages upgrade MySQL to version 4.1.22. For a full list of bug fixes and enhancements, refer to the MySQL release notes: http://dev.mysql.com/doc/refman/4.1/en/news-4-1-22.html", "cvss3": {}, "published": "2012-08-01T00:00:00", "type": "nessus", "title": "Scientific Linux Security Update : mysql on SL4.x i386/x86_64", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2006-3469", "CVE-2006-4031", "CVE-2007-2691", "CVE-2008-2079"], "modified": "2021-01-14T00:00:00", "cpe": ["x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20080724_MYSQL_ON_SL4_X.NASL", "href": "https://www.tenable.com/plugins/nessus/60451", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(60451);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2006-3469\", \"CVE-2006-4031\", \"CVE-2007-2691\", \"CVE-2008-2079\");\n\n script_name(english:\"Scientific Linux Security Update : mysql on SL4.x i386/x86_64\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"MySQL did not correctly check directories used as arguments for the\nDATA DIRECTORY and INDEX DIRECTORY directives. Using this flaw, an\nauthenticated attacker could elevate their access privileges to tables\ncreated by other database users. Note: this attack does not work on\nexisting tables. An attacker can only elevate their access to another\nuser's tables as the tables are created. As well, the names of these\ncreated tables need to be predicted correctly for this attack to\nsucceed. (CVE-2008-2079)\n\nMySQL did not require the 'DROP' privilege for 'RENAME TABLE'\nstatements. An authenticated user could use this flaw to rename\narbitrary tables. (CVE-2007-2691)\n\nMySQL allowed an authenticated user to access a table through a\npreviously created MERGE table, even after the user's privileges were\nrevoked from the original table, which might violate intended security\npolicy. This is addressed by allowing the MERGE storage engine to be\ndisabled, which can be done by running mysqld with the '--skip-merge'\noption. (CVE-2006-4031)\n\nA flaw in MySQL allowed an authenticated user to cause the MySQL\ndaemon to crash via crafted SQL queries. This only caused a temporary\ndenial of service, as the MySQL daemon is automatically restarted\nafter the crash. (CVE-2006-3469)\n\nAs well, these updated packages fix the following bugs :\n\n - in the previous mysql packages, if a column name was\n referenced more than once in an 'ORDER BY' section of a\n query, a segmentation fault occurred.\n\n - when MySQL failed to start, the init script returned a\n successful (0) exit code. When using the Red Hat Cluster\n Suite, this may have caused cluster services to report a\n successful start, even when MySQL failed to start. In\n these updated packages, the init script returns the\n correct exit codes, which resolves this issue.\n\n - it was possible to use the mysqld_safe command to\n specify invalid port numbers (higher than 65536),\n causing invalid ports to be created, and, in some cases,\n a 'port number definition: unsigned short' error. In\n these updated packages, when an invalid port number is\n specified, the default port number is used.\n\n - when setting 'myisam_repair_threads > 1', any repair set\n the index cardinality to '1', regardless of the table\n size.\n\n - the MySQL init script no longer runs 'chmod -R' on the\n entire database directory tree during every startup.\n\n - when running 'mysqldump' with the MySQL 4.0\n compatibility mode option, '--compatible=mysql40',\n mysqldump created dumps that omitted the\n 'auto_increment' field.\n\nAs well, the MySQL init script now uses more reliable methods for\ndetermining parameters, such as the data directory location.\n\nNote: these updated packages upgrade MySQL to version 4.1.22. For a\nfull list of bug fixes and enhancements, refer to the MySQL release\nnotes: http://dev.mysql.com/doc/refman/4.1/en/news-4-1-22.html\"\n );\n # http://dev.mysql.com/doc/refman/4.1/en/news-4-1-22.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://dev.mysql.com/doc/refman/4.1/en/news-4-1-22.html\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind0807&L=scientific-linux-errata&T=0&P=2861\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?3990d347\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:N/I:P/A:P\");\n script_cwe_id(264);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2006/07/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/07/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/08/01\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL4\", reference:\"mysql-4.1.22-2.el4\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"mysql-bench-4.1.22-2.el4\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"mysql-devel-4.1.22-2.el4\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"mysql-server-4.1.22-2.el4\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:58:24", "description": "Tavis Ormandy of the Google Security Team discovered a Denial of Service vulnerability in the SSH protocol version 1 CRC compensation attack detector. This could allow a remote unauthenticated attacker to trigger excessive CPU utilization by sending a specially crafted SSH message, which would then deny ssh services to other users or processes (CVE-2006-4924, CVE-2006-4925). Please note that Mandriva ships with only SSH protocol version 2 enabled by default.\n\nNext, an unsafe signal handler was found by Mark Dowd. This signal handler was vulnerable to a race condition that could be exploited to perform a pre-authentication DoS, and theoretically a pre-authentication remote code execution in the case where some authentication methods like GSSAPI are enabled (CVE-2006-5051).\n\nUpdated packages have been patched to correct this issue.", "cvss3": {}, "published": "2007-02-18T00:00:00", "type": "nessus", "title": "Mandrake Linux Security Advisory : openssh (MDKSA-2006:179)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2006-4924", "CVE-2006-4925", "CVE-2006-5051", "CVE-2008-4109"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:mandriva:linux:openssh", "p-cpe:/a:mandriva:linux:openssh-askpass", "p-cpe:/a:mandriva:linux:openssh-askpass-common", "p-cpe:/a:mandriva:linux:openssh-askpass-gnome", "p-cpe:/a:mandriva:linux:openssh-clients", "p-cpe:/a:mandriva:linux:openssh-server", "cpe:/o:mandriva:linux:2006", "cpe:/o:mandriva:linux:2007"], "id": "MANDRAKE_MDKSA-2006-179.NASL", "href": "https://www.tenable.com/plugins/nessus/24565", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandrake Linux Security Advisory MDKSA-2006:179. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(24565);\n script_version(\"1.19\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2006-4924\", \"CVE-2006-4925\", \"CVE-2006-5051\", \"CVE-2008-4109\");\n script_bugtraq_id(20216, 20241);\n script_xref(name:\"MDKSA\", value:\"2006:179\");\n\n script_name(english:\"Mandrake Linux Security Advisory : openssh (MDKSA-2006:179)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandrake Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Tavis Ormandy of the Google Security Team discovered a Denial of\nService vulnerability in the SSH protocol version 1 CRC compensation\nattack detector. This could allow a remote unauthenticated attacker to\ntrigger excessive CPU utilization by sending a specially crafted SSH\nmessage, which would then deny ssh services to other users or\nprocesses (CVE-2006-4924, CVE-2006-4925). Please note that Mandriva\nships with only SSH protocol version 2 enabled by default.\n\nNext, an unsafe signal handler was found by Mark Dowd. This signal\nhandler was vulnerable to a race condition that could be exploited to\nperform a pre-authentication DoS, and theoretically a\npre-authentication remote code execution in the case where some\nauthentication methods like GSSAPI are enabled (CVE-2006-5051).\n\nUpdated packages have been patched to correct this issue.\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(264, 362, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:openssh\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:openssh-askpass\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:openssh-askpass-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:openssh-askpass-gnome\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:openssh-clients\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:openssh-server\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2006\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2007\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2006/10/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/02/18\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK2006.0\", reference:\"openssh-4.3p1-0.3.20060mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK2006.0\", reference:\"openssh-askpass-4.3p1-0.3.20060mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK2006.0\", reference:\"openssh-askpass-gnome-4.3p1-0.3.20060mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK2006.0\", reference:\"openssh-clients-4.3p1-0.3.20060mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK2006.0\", reference:\"openssh-server-4.3p1-0.3.20060mdk\", yank:\"mdk\")) flag++;\n\nif (rpm_check(release:\"MDK2007.0\", reference:\"openssh-4.3p2-12.1mdv2007.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.0\", reference:\"openssh-askpass-4.3p2-12.1mdv2007.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.0\", reference:\"openssh-askpass-common-4.3p2-12.1mdv2007.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.0\", reference:\"openssh-askpass-gnome-4.3p2-12.1mdv2007.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.0\", reference:\"openssh-clients-4.3p2-12.1mdv2007.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.0\", reference:\"openssh-server-4.3p2-12.1mdv2007.0\", yank:\"mdv\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:20:13", "description": "Several vulnerabilities have been discovered in MySQL, a popular SQL database. The Common Vulnerabilities and Exposures Project identifies the following problems :\n\n - CVE-2006-0903 Improper handling of SQL queries containing the NULL character allows local users to bypass logging mechanisms.\n\n - CVE-2006-1516 Usernames without a trailing null byte allow remote attackers to read portions of memory.\n\n - CVE-2006-1517 A request with an incorrect packet length allows remote attackers to obtain sensitive information.\n\n - CVE-2006-1518 Specially crafted request packets with invalid length values allow the execution of arbitrary code.\n\nThe following vulnerability matrix shows which version of MySQL in which distribution has this problem fixed :\n\n woody sarge sid mysql 3.23.49-8.15 n/a n/a mysql-dfsg n/a 4.0.24-10sarge2 n/a mysql-dfsg-4.1 n/a 4.1.11a-4sarge3 n/a mysql-dfsg-5.0 n/a n/a 5.0.21-3", "cvss3": {}, "published": "2006-10-14T00:00:00", "type": "nessus", "title": "Debian DSA-1071-1 : mysql - several vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2006-0903", "CVE-2006-1516", "CVE-2006-1517", "CVE-2006-1518"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:mysql", "cpe:/o:debian:debian_linux:3.0"], "id": "DEBIAN_DSA-1071.NASL", "href": "https://www.tenable.com/plugins/nessus/22613", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-1071. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(22613);\n script_version(\"1.18\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2006-0903\", \"CVE-2006-1516\", \"CVE-2006-1517\", \"CVE-2006-1518\");\n script_bugtraq_id(16850, 17780);\n script_xref(name:\"DSA\", value:\"1071\");\n\n script_name(english:\"Debian DSA-1071-1 : mysql - several vulnerabilities\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several vulnerabilities have been discovered in MySQL, a popular SQL\ndatabase. The Common Vulnerabilities and Exposures Project identifies\nthe following problems :\n\n - CVE-2006-0903\n Improper handling of SQL queries containing the NULL\n character allows local users to bypass logging\n mechanisms.\n\n - CVE-2006-1516\n Usernames without a trailing null byte allow remote\n attackers to read portions of memory.\n\n - CVE-2006-1517\n A request with an incorrect packet length allows remote\n attackers to obtain sensitive information.\n\n - CVE-2006-1518\n Specially crafted request packets with invalid length\n values allow the execution of arbitrary code.\n\nThe following vulnerability matrix shows which version of MySQL in\nwhich distribution has this problem fixed :\n\n woody sarge sid \n mysql 3.23.49-8.15 n/a n/a \n mysql-dfsg n/a 4.0.24-10sarge2 n/a \n mysql-dfsg-4.1 n/a 4.1.11a-4sarge3 n/a \n mysql-dfsg-5.0 n/a n/a 5.0.21-3\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=366044\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=366049\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=366163\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2006-0903\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2006-1516\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2006-1517\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2006-1518\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.debian.org/security/2006/dsa-1071\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade the mysql packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:3.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2006/05/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2006/10/14\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2006/02/25\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2006-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"3.0\", prefix:\"libmysqlclient10\", reference:\"3.23.49-8.15\")) flag++;\nif (deb_check(release:\"3.0\", prefix:\"libmysqlclient10-dev\", reference:\"3.23.49-8.15\")) flag++;\nif (deb_check(release:\"3.0\", prefix:\"mysql-client\", reference:\"3.23.49-8.15\")) flag++;\nif (deb_check(release:\"3.0\", prefix:\"mysql-common\", reference:\"3.23.49-8.15\")) flag++;\nif (deb_check(release:\"3.0\", prefix:\"mysql-doc\", reference:\"3.23.49-8.5\")) flag++;\nif (deb_check(release:\"3.0\", prefix:\"mysql-server\", reference:\"3.23.49-8.15\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2022-03-27T14:16:19", "description": "5.0.21 fixes several moderate-severity security issues: see CVE-2006-0903 CVE-2006-1516 CVE-2006-1517 CVE-2006-1518, and our bugs 181335 182025 189054 190866 190868 190870\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2007-01-17T00:00:00", "type": "nessus", "title": "Fedora Core 5 : mysql-5.0.21-2.FC5.1 (2006-553)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2006-0903", "CVE-2006-1516", "CVE-2006-1517", "CVE-2006-1518"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:mysql", "p-cpe:/a:fedoraproject:fedora:mysql-bench", "p-cpe:/a:fedoraproject:fedora:mysql-devel", "p-cpe:/a:fedoraproject:fedora:mysql-server", "p-cpe:/a:fedoraproject:fedora:mysql-test", "cpe:/o:fedoraproject:fedora_core:5"], "id": "FEDORA_2006-553.NASL", "href": "https://www.tenable.com/plugins/nessus/24105", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2006-553.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(24105);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_xref(name:\"FEDORA\", value:\"2006-553\");\n\n script_name(english:\"Fedora Core 5 : mysql-5.0.21-2.FC5.1 (2006-553)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora Core host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"5.0.21 fixes several moderate-severity security issues: see\nCVE-2006-0903 CVE-2006-1516 CVE-2006-1517 CVE-2006-1518, and our bugs\n181335 182025 189054 190866 190868 190870\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2006-May/000078.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?1af83b43\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_attribute(attribute:\"risk_factor\", value:\"High\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:mysql-bench\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:mysql-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:mysql-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:mysql-test\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora_core:5\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2006/05/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/01/17\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 5.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC5\", reference:\"mysql-5.0.21-2.FC5.1\")) flag++;\nif (rpm_check(release:\"FC5\", reference:\"mysql-bench-5.0.21-2.FC5.1\")) flag++;\nif (rpm_check(release:\"FC5\", reference:\"mysql-devel-5.0.21-2.FC5.1\")) flag++;\nif (rpm_check(release:\"FC5\", reference:\"mysql-server-5.0.21-2.FC5.1\")) flag++;\nif (rpm_check(release:\"FC5\", reference:\"mysql-test-5.0.21-2.FC5.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"mysql / mysql-bench / mysql-devel / mysql-server / mysql-test\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2022-03-27T14:16:02", "description": "4.1.19 fixes several moderate-severity security issues: see CVE-2006-0903 CVE-2006-1516 CVE-2006-1517 CVE-2006-1518, also our bugs 180467 180639 182025 183261 190866 190868 190870\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2007-01-17T00:00:00", "type": "nessus", "title": "Fedora Core 4 : mysql-4.1.19-1.FC4.1 (2006-554)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2006-0903", "CVE-2006-1516", "CVE-2006-1517", "CVE-2006-1518"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:mysql", "p-cpe:/a:fedoraproject:fedora:mysql-bench", "p-cpe:/a:fedoraproject:fedora:mysql-devel", "p-cpe:/a:fedoraproject:fedora:mysql-server", "cpe:/o:fedoraproject:fedora_core:4"], "id": "FEDORA_2006-554.NASL", "href": "https://www.tenable.com/plugins/nessus/24106", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2006-554.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(24106);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_xref(name:\"FEDORA\", value:\"2006-554\");\n\n script_name(english:\"Fedora Core 4 : mysql-4.1.19-1.FC4.1 (2006-554)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora Core host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"4.1.19 fixes several moderate-severity security issues: see\nCVE-2006-0903 CVE-2006-1516 CVE-2006-1517 CVE-2006-1518, also our bugs\n180467 180639 182025 183261 190866 190868 190870\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2006-May/000079.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?917bd654\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_attribute(attribute:\"risk_factor\", value:\"High\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:mysql-bench\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:mysql-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:mysql-server\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora_core:4\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2006/05/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/01/17\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^4([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 4.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC4\", reference:\"mysql-4.1.19-1.FC4.1\")) flag++;\nif (rpm_check(release:\"FC4\", reference:\"mysql-bench-4.1.19-1.FC4.1\")) flag++;\nif (rpm_check(release:\"FC4\", reference:\"mysql-devel-4.1.19-1.FC4.1\")) flag++;\nif (rpm_check(release:\"FC4\", reference:\"mysql-server-4.1.19-1.FC4.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"mysql / mysql-bench / mysql-devel / mysql-server\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:20:35", "description": "Several vulnerabilities have been discovered in MySQL, a popular SQL database. The Common Vulnerabilities and Exposures Project identifies the following problems :\n\n - CVE-2006-0903 Improper handling of SQL queries containing the NULL character allows local users to bypass logging mechanisms.\n\n - CVE-2006-1516 Usernames without a trailing null byte allow remote attackers to read portions of memory.\n\n - CVE-2006-1517 A request with an incorrect packet length allows remote attackers to obtain sensitive information.\n\n - CVE-2006-1518 Specially crafted request packets with invalid length values allow the execution of arbitrary code.\n\nThe following vulnerability matrix shows which version of MySQL in which distribution has this problem fixed :\n\n woody sarge sid mysql 3.23.49-8.15 n/a n/a mysql-dfsg n/a 4.0.24-10sarge2 n/a mysql-dfsg-4.1 n/a 4.1.11a-4sarge3 n/a mysql-dfsg-5.0 n/a n/a 5.0.21-3", "cvss3": {}, "published": "2006-10-14T00:00:00", "type": "nessus", "title": "Debian DSA-1073-1 : mysql-dfsg-4.1 - several vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2006-0903", "CVE-2006-1516", "CVE-2006-1517", "CVE-2006-1518"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:mysql-dfsg-4.1", "cpe:/o:debian:debian_linux:3.1"], "id": "DEBIAN_DSA-1073.NASL", "href": "https://www.tenable.com/plugins/nessus/22615", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-1073. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(22615);\n script_version(\"1.21\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2006-0903\", \"CVE-2006-1516\", \"CVE-2006-1517\", \"CVE-2006-1518\");\n script_bugtraq_id(16850, 17780);\n script_xref(name:\"CERT\", value:\"602457\");\n script_xref(name:\"DSA\", value:\"1073\");\n\n script_name(english:\"Debian DSA-1073-1 : mysql-dfsg-4.1 - several vulnerabilities\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several vulnerabilities have been discovered in MySQL, a popular SQL\ndatabase. The Common Vulnerabilities and Exposures Project identifies\nthe following problems :\n\n - CVE-2006-0903\n Improper handling of SQL queries containing the NULL\n character allows local users to bypass logging\n mechanisms.\n\n - CVE-2006-1516\n Usernames without a trailing null byte allow remote\n attackers to read portions of memory.\n\n - CVE-2006-1517\n A request with an incorrect packet length allows remote\n attackers to obtain sensitive information.\n\n - CVE-2006-1518\n Specially crafted request packets with invalid length\n values allow the execution of arbitrary code.\n\nThe following vulnerability matrix shows which version of MySQL in\nwhich distribution has this problem fixed :\n\n woody sarge sid \n mysql 3.23.49-8.15 n/a n/a \n mysql-dfsg n/a 4.0.24-10sarge2 n/a \n mysql-dfsg-4.1 n/a 4.1.11a-4sarge3 n/a \n mysql-dfsg-5.0 n/a n/a 5.0.21-3\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=366043\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=366048\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=366162\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2006-0903\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2006-1516\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2006-1517\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2006-1518\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.debian.org/security/2006/dsa-1073\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade the mysql packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:mysql-dfsg-4.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:3.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2006/05/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2006/10/14\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2006/02/25\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2006-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"3.1\", prefix:\"libmysqlclient14\", reference:\"4.1.11a-4sarge3\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"libmysqlclient14-dev\", reference:\"4.1.11a-4sarge3\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"mysql-client-4.1\", reference:\"4.1.11a-4sarge3\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"mysql-common-4.1\", reference:\"4.1.11a-4sarge3\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"mysql-server-4.1\", reference:\"4.1.11a-4sarge3\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:20:13", "description": "Several vulnerabilities have been discovered in MySQL, a popular SQL database. The Common Vulnerabilities and Exposures Project identifies the following problems :\n\n - CVE-2006-0903 Improper handling of SQL queries containing the NULL character allows local users to bypass logging mechanisms.\n\n - CVE-2006-1516 Usernames without a trailing null byte allow remote attackers to read portions of memory.\n\n - CVE-2006-1517 A request with an incorrect packet length allows remote attackers to obtain sensitive information.\n\n - CVE-2006-1518 Specially crafted request packets with invalid length values allow the execution of arbitrary code.\n\nThe following vulnerability matrix shows which version of MySQL in which distribution has this problem fixed :\n\n woody sarge sid mysql 3.23.49-8.15 n/a n/a mysql-dfsg n/a 4.0.24-10sarge2 n/a mysql-dfsg-4.1 n/a 4.1.11a-4sarge3 n/a mysql-dfsg-5.0 n/a n/a 5.0.21-3", "cvss3": {}, "published": "2006-10-14T00:00:00", "type": "nessus", "title": "Debian DSA-1079-1 : mysql-dfsg - several vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2006-0903", "CVE-2006-1516", "CVE-2006-1517", "CVE-2006-1518"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:mysql-dfsg", "cpe:/o:debian:debian_linux:3.1"], "id": "DEBIAN_DSA-1079.NASL", "href": "https://www.tenable.com/plugins/nessus/22621", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-1079. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(22621);\n script_version(\"1.20\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2006-0903\", \"CVE-2006-1516\", \"CVE-2006-1517\", \"CVE-2006-1518\");\n script_bugtraq_id(16850, 17780);\n script_xref(name:\"CERT\", value:\"602457\");\n script_xref(name:\"DSA\", value:\"1079\");\n\n script_name(english:\"Debian DSA-1079-1 : mysql-dfsg - several vulnerabilities\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several vulnerabilities have been discovered in MySQL, a popular SQL\ndatabase. The Common Vulnerabilities and Exposures Project identifies\nthe following problems :\n\n - CVE-2006-0903\n Improper handling of SQL queries containing the NULL\n character allows local users to bypass logging\n mechanisms.\n\n - CVE-2006-1516\n Usernames without a trailing null byte allow remote\n attackers to read portions of memory.\n\n - CVE-2006-1517\n A request with an incorrect packet length allows remote\n attackers to obtain sensitive information.\n\n - CVE-2006-1518\n Specially crafted request packets with invalid length\n values allow the execution of arbitrary code.\n\nThe following vulnerability matrix shows which version of MySQL in\nwhich distribution has this problem fixed :\n\n woody sarge sid \n mysql 3.23.49-8.15 n/a n/a \n mysql-dfsg n/a 4.0.24-10sarge2 n/a \n mysql-dfsg-4.1 n/a 4.1.11a-4sarge3 n/a \n mysql-dfsg-5.0 n/a n/a 5.0.21-3\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=366044\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=366049\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=366163\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2006-0903\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2006-1516\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2006-1517\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2006-1518\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.debian.org/security/2006/dsa-1079\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade the mysql packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:mysql-dfsg\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:3.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2006/05/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2006/10/14\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2006/02/25\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2006-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"3.1\", prefix:\"libmysqlclient12\", reference:\"4.0.24-10sarge2\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"libmysqlclient12-dev\", reference:\"4.0.24-10sarge2\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"mysql-client\", reference:\"4.0.24-10sarge2\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"mysql-common\", reference:\"4.0.24-10sarge2\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"mysql-server\", reference:\"4.0.24-10sarge2\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-24T14:27:27", "description": "The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has openssh packages installed that are affected by multiple vulnerabilities:\n\n - scp in OpenSSH 4.2p1 allows attackers to execute arbitrary commands via filenames that contain shell metacharacters or spaces, which are expanded twice.\n (CVE-2006-0225)\n\n - sshd in OpenSSH before 4.4, when using the version 1 SSH protocol, allows remote attackers to cause a denial of service (CPU consumption) via an SSH packet that contains duplicate blocks, which is not properly handled by the CRC compensation attack detector. (CVE-2006-4924)\n\n - Signal handler race condition in OpenSSH before 4.4 allows remote attackers to cause a denial of service (crash), and possibly execute arbitrary code if GSSAPI authentication is enabled, via unspecified vectors that lead to a double-free. (CVE-2006-5051)\n\n - Unspecified vulnerability in the sshd Privilege Separation Monitor in OpenSSH before 4.5 causes weaker verification that authentication has been successful, which might allow attackers to bypass authentication.\n NOTE: as of 20061108, it is believed that this issue is only exploitable by leveraging vulnerabilities in the unprivileged process, which are not known to exist.\n (CVE-2006-5794)\n\n - Unspecified vulnerability in the linux_audit_record_event function in OpenSSH 4.3p2, as used on Fedora Core 6 and possibly other systems, allows remote attackers to write arbitrary characters to an audit log via a crafted username. NOTE: some of these details are obtained from third party information.\n (CVE-2007-3102)\n\n - The (1) remote_glob function in sftp-glob.c and the (2) process_put function in sftp.c in OpenSSH 5.8 and earlier, as used in FreeBSD 7.3 and 8.1, NetBSD 5.0.2, OpenBSD 4.7, and other products, allow remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in SSH_FXP_STAT requests to an sftp daemon, a different vulnerability than CVE-2010-2632.\n (CVE-2010-4755)\n\n - The default configuration of OpenSSH through 6.1 enforces a fixed time limit between establishing a TCP connection and completing a login, which makes it easier for remote attackers to cause a denial of service (connection-slot exhaustion) by periodically making many new TCP connections. (CVE-2010-5107)\n\n - It was found that OpenSSH did not properly handle certain AcceptEnv parameter values with wildcard characters. A remote attacker could use this flaw to bypass intended environment variable restrictions.\n (CVE-2014-2532)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2019-08-12T00:00:00", "type": "nessus", "title": "NewStart CGSL CORE 5.04 / MAIN 5.04 : openssh Multiple Vulnerabilities (NS-SA-2019-0036)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2006-0225", "CVE-2006-4924", "CVE-2006-5051", "CVE-2006-5794", "CVE-2007-3102", "CVE-2010-2632", "CVE-2010-4755", "CVE-2010-5107", "CVE-2014-2532"], "modified": "2022-05-19T00:00:00", "cpe": [], "id": "NEWSTART_CGSL_NS-SA-2019-0036_OPENSSH.NASL", "href": "https://www.tenable.com/plugins/nessus/127206", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\n# The descriptive text and package checks in this plugin were\n# extracted from ZTE advisory NS-SA-2019-0036. The text\n# itself is copyright (C) ZTE, Inc.\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(127206);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/19\");\n\n script_cve_id(\n \"CVE-2006-0225\",\n \"CVE-2006-4924\",\n \"CVE-2006-5051\",\n \"CVE-2006-5794\",\n \"CVE-2007-3102\",\n \"CVE-2010-4755\",\n \"CVE-2010-5107\",\n \"CVE-2014-2532\"\n );\n\n script_name(english:\"NewStart CGSL CORE 5.04 / MAIN 5.04 : openssh Multiple Vulnerabilities (NS-SA-2019-0036)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote machine is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has openssh packages installed that are affected\nby multiple vulnerabilities:\n\n - scp in OpenSSH 4.2p1 allows attackers to execute\n arbitrary commands via filenames that contain shell\n metacharacters or spaces, which are expanded twice.\n (CVE-2006-0225)\n\n - sshd in OpenSSH before 4.4, when using the version 1 SSH\n protocol, allows remote attackers to cause a denial of\n service (CPU consumption) via an SSH packet that\n contains duplicate blocks, which is not properly handled\n by the CRC compensation attack detector. (CVE-2006-4924)\n\n - Signal handler race condition in OpenSSH before 4.4\n allows remote attackers to cause a denial of service\n (crash), and possibly execute arbitrary code if GSSAPI\n authentication is enabled, via unspecified vectors that\n lead to a double-free. (CVE-2006-5051)\n\n - Unspecified vulnerability in the sshd Privilege\n Separation Monitor in OpenSSH before 4.5 causes weaker\n verification that authentication has been successful,\n which might allow attackers to bypass authentication.\n NOTE: as of 20061108, it is believed that this issue is\n only exploitable by leveraging vulnerabilities in the\n unprivileged process, which are not known to exist.\n (CVE-2006-5794)\n\n - Unspecified vulnerability in the\n linux_audit_record_event function in OpenSSH 4.3p2, as\n used on Fedora Core 6 and possibly other systems, allows\n remote attackers to write arbitrary characters to an\n audit log via a crafted username. NOTE: some of these\n details are obtained from third party information.\n (CVE-2007-3102)\n\n - The (1) remote_glob function in sftp-glob.c and the (2)\n process_put function in sftp.c in OpenSSH 5.8 and\n earlier, as used in FreeBSD 7.3 and 8.1, NetBSD 5.0.2,\n OpenBSD 4.7, and other products, allow remote\n authenticated users to cause a denial of service (CPU\n and memory consumption) via crafted glob expressions\n that do not match any pathnames, as demonstrated by glob\n expressions in SSH_FXP_STAT requests to an sftp daemon,\n a different vulnerability than CVE-2010-2632.\n (CVE-2010-4755)\n\n - The default configuration of OpenSSH through 6.1\n enforces a fixed time limit between establishing a TCP\n connection and completing a login, which makes it easier\n for remote attackers to cause a denial of service\n (connection-slot exhaustion) by periodically making many\n new TCP connections. (CVE-2010-5107)\n\n - It was found that OpenSSH did not properly handle\n certain AcceptEnv parameter values with wildcard\n characters. A remote attacker could use this flaw to\n bypass intended environment variable restrictions.\n (CVE-2014-2532)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/notice/NS-SA-2019-0036\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade the vulnerable CGSL openssh packages. Note that updated packages may not be available yet. Please contact ZTE\nfor more information.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2006-5051\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2014-2532\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(362, 399);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2006/01/25\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/07/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/08/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"NewStart CGSL Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/ZTE-CGSL/release\", \"Host/ZTE-CGSL/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/ZTE-CGSL/release\");\nif (isnull(release) || release !~ \"^CGSL (MAIN|CORE)\") audit(AUDIT_OS_NOT, \"NewStart Carrier Grade Server Linux\");\n\nif (release !~ \"CGSL CORE 5.04\" &&\n release !~ \"CGSL MAIN 5.04\")\n audit(AUDIT_OS_NOT, 'NewStart CGSL CORE 5.04 / NewStart CGSL MAIN 5.04');\n\nif (!get_kb_item(\"Host/ZTE-CGSL/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"NewStart Carrier Grade Server Linux\", cpu);\n\nflag = 0;\n\npkgs = {\n \"CGSL CORE 5.04\": [\n \"openssh-7.9p1-1.el7.cgslv5.0.2.gc747ef6\",\n \"openssh-askpass-7.9p1-1.el7.cgslv5.0.2.gc747ef6\",\n \"openssh-cavs-7.9p1-1.el7.cgslv5.0.2.gc747ef6\",\n \"openssh-clients-7.9p1-1.el7.cgslv5.0.2.gc747ef6\",\n \"openssh-debuginfo-7.9p1-1.el7.cgslv5.0.2.gc747ef6\",\n \"openssh-keycat-7.9p1-1.el7.cgslv5.0.2.gc747ef6\",\n \"openssh-ldap-7.9p1-1.el7.cgslv5.0.2.gc747ef6\",\n \"openssh-server-7.9p1-1.el7.cgslv5.0.2.gc747ef6\",\n \"pam_ssh_agent_auth-0.10.3-6.1.el7.cgslv5.0.2.gc747ef6\"\n ],\n \"CGSL MAIN 5.04\": [\n \"openssh-7.9p1-1.el7.cgslv5.0.2.gc747ef6\",\n \"openssh-askpass-7.9p1-1.el7.cgslv5.0.2.gc747ef6\",\n \"openssh-cavs-7.9p1-1.el7.cgslv5.0.2.gc747ef6\",\n \"openssh-clients-7.9p1-1.el7.cgslv5.0.2.gc747ef6\",\n \"openssh-debuginfo-7.9p1-1.el7.cgslv5.0.2.gc747ef6\",\n \"openssh-keycat-7.9p1-1.el7.cgslv5.0.2.gc747ef6\",\n \"openssh-ldap-7.9p1-1.el7.cgslv5.0.2.gc747ef6\",\n \"openssh-server-7.9p1-1.el7.cgslv5.0.2.gc747ef6\",\n \"pam_ssh_agent_auth-0.10.3-6.1.el7.cgslv5.0.2.gc747ef6\"\n ]\n};\npkg_list = pkgs[release];\n\nforeach (pkg in pkg_list)\n if (rpm_check(release:\"ZTE \" + release, reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssh\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:22:46", "description": "Updated tar packages that fix a path traversal flaw are now available.\n\nThis update has been rated as having moderate security impact by the Red Hat Security Response Team.\n\nThe GNU tar program saves many files together in one archive and can restore individual files (or all of the files) from that archive.\n\nTeemu Salmela discovered a path traversal flaw in the way GNU tar extracted archives. A malicious user could create a tar archive that could write to arbitrary files to which the user running GNU tar has write access. (CVE-2006-6097)\n\nUsers of tar should upgrade to this updated package, which contains a replacement backported patch to correct this issue.", "cvss3": {}, "published": "2006-12-30T00:00:00", "type": "nessus", "title": "CentOS 3 / 4 : tar (CESA-2006:0749)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2006-6097"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:centos:centos:tar", "cpe:/o:centos:centos:3", "cpe:/o:centos:centos:4"], "id": "CENTOS_RHSA-2006-0749.NASL", "href": "https://www.tenable.com/plugins/nessus/23941", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2006:0749 and \n# CentOS Errata and Security Advisory 2006:0749 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(23941);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2006-6097\");\n script_xref(name:\"RHSA\", value:\"2006:0749\");\n\n script_name(english:\"CentOS 3 / 4 : tar (CESA-2006:0749)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated tar packages that fix a path traversal flaw are now available.\n\nThis update has been rated as having moderate security impact by the\nRed Hat Security Response Team.\n\nThe GNU tar program saves many files together in one archive and can\nrestore individual files (or all of the files) from that archive.\n\nTeemu Salmela discovered a path traversal flaw in the way GNU tar\nextracted archives. A malicious user could create a tar archive that\ncould write to arbitrary files to which the user running GNU tar has\nwrite access. (CVE-2006-6097)\n\nUsers of tar should upgrade to this updated package, which contains a\nreplacement backported patch to correct this issue.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2006-December/013433.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?d1c3f02a\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2006-December/013434.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?e6a5a8e2\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2006-December/013437.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?5e0cce2d\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2006-December/013439.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?30a3d537\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2006-December/013443.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?977d292e\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2006-December/013444.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?5839e4ad\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected tar package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:N/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:tar\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:4\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2006/11/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2006/12/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2006/12/30\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2006-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(3|4)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 3.x / 4.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-3\", reference:\"tar-1.13.25-15.RHEL3\")) flag++;\n\nif (rpm_check(release:\"CentOS-4\", reference:\"tar-1.14-12.RHEL4\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"tar\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-19T14:22:57", "description": "Teemu Salmela discovered a vulnerability in GNU tar that could allow a malicious user to overwrite arbitrary files by inducing the victim to attempt to extract a specially crafted tar file containing a GNUTYPE_NAMES record with a symbolic link.", "cvss3": {}, "published": "2006-12-04T00:00:00", "type": "nessus", "title": "Debian DSA-1223-1 : tar - input validation error", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2006-6097"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:tar", "cpe:/o:debian:debian_linux:3.1"], "id": "DEBIAN_DSA-1223.NASL", "href": "https://www.tenable.com/plugins/nessus/23765", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-1223. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(23765);\n script_version(\"1.19\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2006-6097\");\n script_bugtraq_id(21235);\n script_xref(name:\"DSA\", value:\"1223\");\n\n script_name(english:\"Debian DSA-1223-1 : tar - input validation error\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Teemu Salmela discovered a vulnerability in GNU tar that could allow a\nmalicious user to overwrite arbitrary files by inducing the victim to\nattempt to extract a specially crafted tar file containing a\nGNUTYPE_NAMES record with a symbolic link.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=399845\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.debian.org/security/2006/dsa-1223\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the tar package.\n\nFor the stable distribution (sarge), this problem has been fixed in\nversion 1.14-2.3.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:N/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:tar\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:3.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2006/12/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2006/12/04\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2006/11/21\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2006-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"3.1\", prefix:\"tar\", reference:\"1.14-2.3\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:02:02", "description": "This security update fixes a directory traversal in tar, where unpacked symlinks could be followed outside of the directory where the tar file is unpacked. (CVE-2006-6097)\n\nThis feature was made optional and needs to be enabled with a commandline option.", "cvss3": {}, "published": "2007-10-17T00:00:00", "type": "nessus", "title": "openSUSE 10 Security Update : tar (tar-2343)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2006-6097"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:tar", "cpe:/o:novell:opensuse:10.1"], "id": "SUSE_TAR-2343.NASL", "href": "https://www.tenable.com/plugins/nessus/27462", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update tar-2343.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(27462);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2006-6097\");\n\n script_name(english:\"openSUSE 10 Security Update : tar (tar-2343)\");\n script_summary(english:\"Check for the tar-2343 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This security update fixes a directory traversal in tar, where\nunpacked symlinks could be followed outside of the directory where the\ntar file is unpacked. (CVE-2006-6097)\n\nThis feature was made optional and needs to be enabled with a\ncommandline option.\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected tar package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:N/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tar\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:10.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2006/12/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/10/17\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE10\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"10.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE10.1\", reference:\"tar-1.15.1-23.5\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"tar\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:02:31", "description": "Teemu Salmela discovered that tar still handled the deprecated GNUTYPE_NAMES record type. This record type could be used to create symlinks that would be followed while unpacking a tar archive. If a user or an automated system were tricked into unpacking a specially crafted tar file, arbitrary files could be overwritten with user privileges.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2007-11-10T00:00:00", "type": "nessus", "title": "Ubuntu 5.10 / 6.06 LTS / 6.10 : tar vulnerability (USN-385-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2006-6097"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:tar", "cpe:/o:canonical:ubuntu_linux:5.10", "cpe:/o:canonical:ubuntu_linux:6.06:-:lts", "cpe:/o:canonical:ubuntu_linux:6.10"], "id": "UBUNTU_USN-385-1.NASL", "href": "https://www.tenable.com/plugins/nessus/27968", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-385-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(27968);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2006-6097\");\n script_xref(name:\"USN\", value:\"385-1\");\n\n script_name(english:\"Ubuntu 5.10 / 6.06 LTS / 6.10 : tar vulnerability (USN-385-1)\");\n script_summary(english:\"Checks dpkg output for updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Ubuntu host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Teemu Salmela discovered that tar still handled the deprecated\nGNUTYPE_NAMES record type. This record type could be used to create\nsymlinks that would be followed while unpacking a tar archive. If a\nuser or an automated system were tricked into unpacking a specially\ncrafted tar file, arbitrary files could be overwritten with user\nprivileges.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/385-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected tar package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:N/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:tar\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:5.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:6.06:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:6.10\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2006/11/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/11/10\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2007-2019 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! ereg(pattern:\"^(5\\.10|6\\.06|6\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 5.10 / 6.06 / 6.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"5.10\", pkgname:\"tar\", pkgver:\"1.15.1-2ubuntu0.2\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"tar\", pkgver:\"1.15.1-2ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"tar\", pkgver:\"1.15.91-2ubuntu0.3\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"tar\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:19:09", "description": "The remote host is affected by the vulnerability described in GLSA-200608-09 (MySQL: Denial of Service)\n\n Jean-David Maillefer discovered a format string vulnerability in time.cc where MySQL fails to properly handle specially formatted user input to the date_format function.\n Impact :\n\n By specifying a format string as the first parameter to the date_format function, an authenticated attacker could cause MySQL to crash, resulting in a Denial of Service.\n Workaround :\n\n There is no known workaround at this time.", "cvss3": {}, "published": "2006-08-07T00:00:00", "type": "nessus", "title": "GLSA-200608-09 : MySQL: Denial of Service", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2006-3469"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:gentoo:linux:mysql", "cpe:/o:gentoo:linux"], "id": "GENTOO_GLSA-200608-09.NASL", "href": "https://www.tenable.com/plugins/nessus/22167", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 200608-09.\n#\n# The advisory text is Copyright (C) 2001-2015 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(22167);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2006-3469\");\n script_xref(name:\"GLSA\", value:\"200608-09\");\n\n script_name(english:\"GLSA-200608-09 : MySQL: Denial of Service\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-200608-09\n(MySQL: Denial of Service)\n\n Jean-David Maillefer discovered a format string vulnerability in\n time.cc where MySQL fails to properly handle specially formatted user\n input to the date_format function.\n \nImpact :\n\n By specifying a format string as the first parameter to the date_format\n function, an authenticated attacker could cause MySQL to crash,\n resulting in a Denial of Service.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/200608-09\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All MySQL users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --verbose --oneshot '>=dev-db/mysql-4.1.21'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2006/08/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2006/08/07\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2006/06/27\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2006-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"dev-db/mysql\", unaffected:make_list(\"ge 4.1.21\", \"lt 4.1.0\"), vulnerable:make_list(\"lt 4.1.21\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:qpkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"MySQL\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:22:38", "description": "The remote host is affected by the vulnerability described in GLSA-200612-10 (Tar: Directory traversal vulnerability)\n\n Tar does not properly extract archive elements using the GNUTYPE_NAMES record name, allowing files to be created at arbitrary locations using symlinks. Once a symlink is extracted, files after the symlink in the archive will be extracted to the destination of the symlink.\n Impact :\n\n An attacker could entice a user to extract a specially crafted tar archive, possibly allowing for the overwriting of arbitrary files on the system extracting the archive.\n Workaround :\n\n There is no known workaround at this time.", "cvss3": {}, "published": "2006-12-14T00:00:00", "type": "nessus", "title": "GLSA-200612-10 : Tar: Directory traversal vulnerability", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2006-6097"], "modified": "2021-01-06T00:00:00", "cpe": ["cpe:/o:gentoo:linux", "p-cpe:/a:gentoo:linux:tar"], "id": "GENTOO_GLSA-200612-10.NASL", "href": "https://www.tenable.com/plugins/nessus/23862", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 200612-10.\n#\n# The advisory text is Copyright (C) 2001-2015 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(23862);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2006-6097\");\n script_xref(name:\"GLSA\", value:\"200612-10\");\n\n script_name(english:\"GLSA-200612-10 : Tar: Directory traversal vulnerability\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-200612-10\n(Tar: Directory traversal vulnerability)\n\n Tar does not properly extract archive elements using the GNUTYPE_NAMES\n record name, allowing files to be created at arbitrary locations using\n symlinks. Once a symlink is extracted, files after the symlink in the\n archive will be extracted to the destination of the symlink.\n \nImpact :\n\n An attacker could entice a user to extract a specially crafted tar\n archive, possibly allowing for the overwriting of arbitrary files on\n the system extracting the archive.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/200612-10\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All Tar users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=app-arch/tar-1.16-r2'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:N/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:tar\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2006/12/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2006/12/14\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2006/11/21\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2006-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"app-arch/tar\", unaffected:make_list(\"ge 1.16-r2\"), vulnerable:make_list(\"lt 1.16-r2\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:qpkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"Tar\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-19T14:25:28", "description": "From Red Hat Security Advisory 2006:0749 :\n\nUpdated tar packages that fix a path traversal flaw are now available.\n\nThis update has been rated as having moderate security impact by the Red Hat Security Response Team.\n\nThe GNU tar program saves many files together in one archive and can restore individual files (or all of the files) from that archive.\n\nTeemu Salmela discovered a path traversal flaw in the way GNU tar extracted archives. A malicious user could create a tar archive that could write to arbitrary files to which the user running GNU tar has write access. (CVE-2006-6097)\n\nUsers of tar should upgrade to this updated package, which contains a replacement backported patch to correct this issue.", "cvss3": {}, "published": "2013-07-12T00:00:00", "type": "nessus", "title": "Oracle Linux 3 / 4 : tar (ELSA-2006-0749)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2006-6097"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:tar", "cpe:/o:oracle:linux:3", "cpe:/o:oracle:linux:4"], "id": "ORACLELINUX_ELSA-2006-0749.NASL", "href": "https://www.tenable.com/plugins/nessus/67428", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2006:0749 and \n# Oracle Linux Security Advisory ELSA-2006-0749 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(67428);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2006-6097\");\n script_xref(name:\"RHSA\", value:\"2006:0749\");\n\n script_name(english:\"Oracle Linux 3 / 4 : tar (ELSA-2006-0749)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2006:0749 :\n\nUpdated tar packages that fix a path traversal flaw are now available.\n\nThis update has been rated as having moderate security impact by the\nRed Hat Security Response Team.\n\nThe GNU tar program saves many files together in one archive and can\nrestore individual files (or all of the files) from that archive.\n\nTeemu Salmela discovered a path traversal flaw in the way GNU tar\nextracted archives. A malicious user could create a tar archive that\ncould write to arbitrary files to which the user running GNU tar has\nwrite access. (CVE-2006-6097)\n\nUsers of tar should upgrade to this updated package, which contains a\nreplacement backported patch to correct this issue.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2006-December/000034.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2007-March/000092.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected tar package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:N/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:tar\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:4\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2006/11/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2006/12/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(3|4)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 3 / 4\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL3\", cpu:\"i386\", reference:\"tar-1.13.25-15.RHEL3\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"x86_64\", reference:\"tar-1.13.25-15.RHEL3\")) flag++;\n\nif (rpm_check(release:\"EL4\", cpu:\"i386\", reference:\"tar-1.14-12.RHEL4\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"x86_64\", reference:\"tar-1.14-12.RHEL4\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"tar\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:20:15", "description": "The version of MySQL installed on the remote host is earlier than 4.1.21 / 5.0.24 and thus reportedly allows a local user to access a table after his privileges on it were revoked.", "cvss3": {}, "published": "2012-01-16T00:00:00", "type": "nessus", "title": "MySQL < 4.1.21 / 5.0.24 Privilege Persistence", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2006-4031"], "modified": "2018-07-16T00:00:00", "cpe": ["cpe:/a:mysql:mysql"], "id": "MYSQL_5_0_24.NASL", "href": "https://www.tenable.com/plugins/nessus/17802", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(17802);\n script_version(\"1.5\");\n script_cvs_date(\"Date: 2018/07/16 14:09:12\");\n\n script_cve_id(\"CVE-2006-4031\");\n script_bugtraq_id(19279);\n\n script_name(english:\"MySQL < 4.1.21 / 5.0.24 Privilege Persistence\");\n script_summary(english:\"Checks version of MySQL Server\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote database server allows a local user to access unauthorized\ndata.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of MySQL installed on the remote host is earlier than\n4.1.21 / 5.0.24 and thus reportedly allows a local user to access a\ntable after his privileges on it were revoked.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://dev.mysql.com/doc/refman/4.1/en/news-4-1-21.html\");\n script_set_attribute(attribute:\"see_also\", value:\"http://dev.mysql.com/doc/refman/5.0/en/news-5-0-24.html\");\n # 4.1 has reached its end of life.\n script_set_attribute(attribute:\"solution\", value:\"Upgrade to MySQL version 5.0.24 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2006/08/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/01/16\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:mysql:mysql\");\n script_end_attributes();\n \n script_category(ACT_GATHER_INFO);\n script_family(english:\"Databases\");\n\n script_copyright(english:\"This script is Copyright (C) 2012-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"mysql_version.nasl\", \"mysql_login.nasl\");\n script_require_keys(\"Settings/ParanoidReport\");\n script_require_ports(\"Services/mysql\", 3306);\n\n exit(0);\n}\n\n\ninclude(\"mysql_version.inc\");\n\nmysql_check_version(fixed:make_list('4.1.21', '5.0.24'), severity:SECURITY_NOTE);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:20:54", "description": "SunOS 5.9: /usr/lib/ssh/sshd patch.\nDate this patch was last updated by Sun : Oct/19/07", "cvss3": {}, "published": "2004-07-12T00:00:00", "type": "nessus", "title": "Solaris 9 (sparc) : 113273-16", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2006-4924"], "modified": "2011-09-18T00:00:00", "cpe": [], "id": "SOLARIS9_113273.NASL", "href": "https://www.tenable.com/plugins/nessus/13532", "sourceData": "#%NASL_MIN_LEVEL 999999\n\n# @DEPRECATED@\n#\n# This script has been deprecated as the associated patch is not\n# currently a recommended security fix.\n#\n# Disabled on 2011/09/17.\n\n#\n# (C) Tenable Network Security, Inc.\n#\n#\n\nif ( ! defined_func(\"bn_random\") ) exit(0);\ninclude(\"compat.inc\");\n\nif(description)\n{\n script_id(13532);\n script_version(\"1.54\");\n\n script_name(english: \"Solaris 9 (sparc) : 113273-16\");\n script_cve_id(\"CVE-2006-4924\");\n script_set_attribute(attribute: \"synopsis\", value:\n\"The remote host is missing Sun Security Patch number 113273-16\");\n script_set_attribute(attribute: \"description\", value:\n'SunOS 5.9: /usr/lib/ssh/sshd patch.\nDate this patch was last updated by Sun : Oct/19/07');\n script_set_attribute(attribute: \"solution\", value:\n\"You should install this patch for your system to be up-to-date.\");\n script_set_attribute(attribute: \"see_also\", value:\n\"https://getupdates.oracle.com/readme/113273-16\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_cwe_id(399);\n script_set_attribute(attribute:\"plugin_publication_date\", value: \"2004/07/12\");\n script_cvs_date(\"Date: 2018/08/13 14:32:38\");\n script_set_attribute(attribute:\"vuln_publication_date\", value: \"2006/09/25\");\n script_end_attributes();\n\n script_summary(english: \"Check for patch 113273-16\");\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2004-2018 Tenable Network Security, Inc.\");\n family[\"english\"] = \"Solaris Local Security Checks\";\n script_family(english:family[\"english\"]);\n \n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/Solaris/showrev\");\n exit(0);\n}\n\n\n\n# Deprecated.\nexit(0, \"The associated patch is not currently a recommended security fix.\");\n\ninclude(\"solaris.inc\");\n\ne += solaris_check_patch(release:\"5.9\", arch:\"sparc\", patch:\"113273-16\", obsoleted_by:\"122300-17 \", package:\"SUNWsshcu\", version:\"11.9.0,REV=2002.04.06.15.27\");\ne += solaris_check_patch(release:\"5.9\", arch:\"sparc\", patch:\"113273-16\", obsoleted_by:\"122300-17 \", package:\"SUNWsshdr\", version:\"11.9.0,REV=2002.04.06.15.27\");\ne += solaris_check_patch(release:\"5.9\", arch:\"sparc\", patch:\"113273-16\", obsoleted_by:\"122300-17 \", package:\"SUNWsshdu\", version:\"11.9.0,REV=2002.04.06.15.27\");\ne += solaris_check_patch(release:\"5.9\", arch:\"sparc\", patch:\"113273-16\", obsoleted_by:\"122300-17 \", package:\"SUNWsshr\", version:\"11.9.0,REV=2002.04.06.15.27\");\ne += solaris_check_patch(release:\"5.9\", arch:\"sparc\", patch:\"113273-16\", obsoleted_by:\"122300-17 \", package:\"SUNWsshu\", version:\"11.9.0,REV=2002.04.06.15.27\");\nif ( e < 0 ) { \n\tif ( NASL_LEVEL < 3000 ) \n\t security_hole(0);\n\telse \n\t security_hole(port:0, extra:solaris_get_report());\n\texit(0); \n} \nexit(0, \"Host is not affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:22:41", "description": "Updated tar packages that fix a path traversal flaw are now available.\n\nThis update has been rated as having moderate security impact by the Red Hat Security Response Team.\n\nThe GNU tar program saves many files together in one archive and can restore individual files (or all of the files) from that archive.\n\nTeemu Salmela discovered a path traversal flaw in the way GNU tar extracted archives. A malicious user could create a tar archive that could write to arbitrary files to which the user running GNU tar has write access. (CVE-2006-6097)\n\nUsers of tar should upgrade to this updated package, which contains a replacement backported patch to correct this issue.", "cvss3": {}, "published": "2006-12-30T00:00:00", "type": "nessus", "title": "RHEL 2.1 / 3 / 4 : tar (RHSA-2006:0749)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2006-6097"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:tar", "cpe:/o:redhat:enterprise_linux:2.1", "cpe:/o:redhat:enterprise_linux:3", "cpe:/o:redhat:enterprise_linux:4"], "id": "REDHAT-RHSA-2006-0749.NASL", "href": "https://www.tenable.com/plugins/nessus/23959", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2006:0749. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(23959);\n script_version(\"1.23\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2006-6097\");\n script_xref(name:\"RHSA\", value:\"2006:0749\");\n\n script_name(english:\"RHEL 2.1 / 3 / 4 : tar (RHSA-2006:0749)\");\n script_summary(english:\"Checks the rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated tar packages that fix a path traversal flaw are now available.\n\nThis update has been rated as having moderate security impact by the\nRed Hat Security Response Team.\n\nThe GNU tar program saves many files together in one archive and can\nrestore individual files (or all of the files) from that archive.\n\nTeemu Salmela discovered a path traversal flaw in the way GNU tar\nextracted archives. A malicious user could create a tar archive that\ncould write to arbitrary files to which the user running GNU tar has\nwrite access. (CVE-2006-6097)\n\nUsers of tar should upgrade to this updated package, which contains a\nreplacement backported patch to correct this issue.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2006-6097\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2006:0749\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected tar package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:N/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tar\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:2.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2006/11/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2006/12/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2006/12/30\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2006-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(2\\.1|3|4)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 2.1 / 3.x / 4.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2006:0749\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"tar-1.13.25-6.AS21.1\")) flag++;\n\n if (rpm_check(release:\"RHEL3\", reference:\"tar-1.13.25-15.RHEL3\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"tar-1.14-12.RHEL4\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"tar\");\n }\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:01:15", "description": "This security update fixes a directory traversal in tar, where unpacked symlinks could be followed outside of the directory where the tar file is unpacked. (CVE-2006-6097)\n\nThis feature was made optional and needs to be enabled with a commandline option.", "cvss3": {}, "published": "2007-10-17T00:00:00", "type": "nessus", "title": "openSUSE 10 Security Update : tar (tar-2351)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2006-6097"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:tar", "cpe:/o:novell:opensuse:10.2"], "id": "SUSE_TAR-2351.NASL", "href": "https://www.tenable.com/plugins/nessus/27463", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update tar-2351.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(27463);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2006-6097\");\n\n script_name(english:\"openSUSE 10 Security Update : tar (tar-2351)\");\n script_summary(english:\"Check for the tar-2351 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This security update fixes a directory traversal in tar, where\nunpacked symlinks could be followed outside of the directory where the\ntar file is unpacked. (CVE-2006-6097)\n\nThis feature was made optional and needs to be enabled with a\ncommandline option.\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected tar package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:N/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tar\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:10.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2006/12/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/10/17\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE10\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"10.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE10.2\", reference:\"tar-1.15.1-42.2\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"tar\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:02:29", "description": "Jean-David Maillefer discovered a format string bug in the date_format() function's error reporting. By calling the function with invalid arguments, an authenticated user could exploit this to crash the server.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2007-11-10T00:00:00", "type": "nessus", "title": "Ubuntu 5.10 : mysql-dfsg-4.1 vulnerability (USN-321-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2006-3469"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:libmysqlclient14", "p-cpe:/a:canonical:ubuntu_linux:libmysqlclient14-dev", "p-cpe:/a:canonical:ubuntu_linux:mysql-client-4.1", "p-cpe:/a:canonical:ubuntu_linux:mysql-common-4.1", "p-cpe:/a:canonical:ubuntu_linux:mysql-server-4.1", "cpe:/o:canonical:ubuntu_linux:5.10"], "id": "UBUNTU_USN-321-1.NASL", "href": "https://www.tenable.com/plugins/nessus/27899", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-321-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(27899);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2006-3469\");\n script_xref(name:\"USN\", value:\"321-1\");\n\n script_name(english:\"Ubuntu 5.10 : mysql-dfsg-4.1 vulnerability (USN-321-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Jean-David Maillefer discovered a format string bug in the\ndate_format() function's error reporting. By calling the function with\ninvalid arguments, an authenticated user could exploit this to crash\nthe server.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libmysqlclient14\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libmysqlclient14-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:mysql-client-4.1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:mysql-common-4.1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:mysql-server-4.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:5.10\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2006/07/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/11/10\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2006/06/27\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2006-2019 Canonical, Inc. / NASL script (C) 2007-2016 Tenable Network Security, Inc.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! ereg(pattern:\"^(5\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 5.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"5.10\", pkgname:\"libmysqlclient14\", pkgver:\"4.1.12-1ubuntu3.7\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"libmysqlclient14-dev\", pkgver:\"4.1.12-1ubuntu3.7\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"mysql-client-4.1\", pkgver:\"4.1.12-1ubuntu3.7\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"mysql-common-4.1\", pkgver:\"4.1.12-1ubuntu3.7\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"mysql-server-4.1\", pkgver:\"4.1.12-1ubuntu3.7\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libmysqlclient14 / libmysqlclient14-dev / mysql-client-4.1 / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:20:37", "description": "The version of MySQL installed on the remote host is earlier than 4.1.21 / 5.0 and reportedly allows a remote, authenticated user to crash the server via a format string attack.", "cvss3": {}, "published": "2012-01-16T00:00:00", "type": "nessus", "title": "MySQL < 4.1.21 / 5.0 Denial of Service", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2006-3469"], "modified": "2018-07-16T00:00:00", "cpe": ["cpe:/a:mysql:mysql"], "id": "MYSQL_4_1_21.NASL", "href": "https://www.tenable.com/plugins/nessus/17800", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(17800);\n script_version(\"1.4\");\n script_cvs_date(\"Date: 2018/07/16 14:09:12\");\n\n script_cve_id(\"CVE-2006-3469\");\n script_bugtraq_id(19032);\n\n script_name(english:\"MySQL < 4.1.21 / 5.0 Denial of Service\");\n script_summary(english:\"Checks version of MySQL Server\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote database server is affected by a denial of service\nvulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of MySQL installed on the remote host is earlier than\n4.1.21 / 5.0 and reportedly allows a remote, authenticated user to\ncrash the server via a format string attack.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://bugs.mysql.com/bug.php?id=20729\");\n # 4.1 has reached its end of life\n script_set_attribute(attribute:\"solution\", value:\"Upgrade to MySQL version 5.0 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2006/07/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/01/16\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:mysql:mysql\");\n script_end_attributes();\n \n script_category(ACT_GATHER_INFO);\n script_family(english:\"Databases\");\n\n script_copyright(english:\"This script is Copyright (C) 2012-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"mysql_version.nasl\", \"mysql_login.nasl\");\n script_require_keys(\"Settings/ParanoidReport\");\n script_require_ports(\"Services/mysql\", 3306);\n\n exit(0);\n}\n\n\ninclude(\"mysql_version.inc\");\n\nmysql_check_version(fixed:make_list('4.1.21', '5.0'), severity:SECURITY_WARNING);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:19:05", "description": "Jean-David Maillefer reports a Denial of Service vulnerability within MySQL. The vulnerability is caused by improper checking of the data_format routine, which cause the MySQL server to crash. The crash is triggered by the following code:'SELECT date_format('%d%s', 1);", "cvss3": {}, "published": "2006-08-14T00:00:00", "type": "nessus", "title": "FreeBSD : mysql -- format string vulnerability (fcb90eb0-2ace-11db-a6e2-000e0c2e438a)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2006-3469"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:mysql-server", "cpe:/o:freebsd:freebsd"], "id": "FREEBSD_PKG_FCB90EB02ACE11DBA6E2000E0C2E438A.NASL", "href": "https://www.tenable.com/plugins/nessus/22213", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(22213);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2006-3469\");\n script_bugtraq_id(19032);\n\n script_name(english:\"FreeBSD : mysql -- format string vulnerability (fcb90eb0-2ace-11db-a6e2-000e0c2e438a)\");\n script_summary(english:\"Checks for updated packages in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote FreeBSD host is missing one or more security-related\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Jean-David Maillefer reports a Denial of Service vulnerability within\nMySQL. The vulnerability is caused by improper checking of the\ndata_format routine, which cause the MySQL server to crash. The crash\nis triggered by the following code:'SELECT date_format('%d%s', 1);\"\n );\n # http://bugs.mysql.com/bug.php?id=20729\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.mysql.com/bug.php?id=20729\"\n );\n # https://vuxml.freebsd.org/freebsd/fcb90eb0-2ace-11db-a6e2-000e0c2e438a.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?ad18f6ce\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:mysql-server\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2006/06/27\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2006/08/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2006/08/14\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2006-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"mysql-server>=5.1<5.1.6\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"mysql-server>=5.0<5.0.19\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"mysql-server>=4.1<4.1.18\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:15:09", "description": "Tavis Ormandy discovered a privilege escalation vulnerability in sudo.\nOn executing shell scripts with sudo, the 'P4' and 'SHELLOPTS' environment variables were not cleaned properly. If sudo is set up to grant limited sudo privileges to normal users this could be exploited to run arbitrary commands as the target user.\n\nUpdated packags for Ubuntu 4.10 :.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2006-01-15T00:00:00", "type": "nessus", "title": "Ubuntu 4.10 / 5.04 / 5.10 : sudo vulnerability (USN-213-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2005-2959"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:sudo", "cpe:/o:canonical:ubuntu_linux:4.10", "cpe:/o:canonical:ubuntu_linux:5.04", "cpe:/o:canonical:ubuntu_linux:5.10"], "id": "UBUNTU_USN-213-1.NASL", "href": "https://www.tenable.com/plugins/nessus/20631", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-213-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(20631);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2005-2959\");\n script_xref(name:\"USN\", value:\"213-1\");\n\n script_name(english:\"Ubuntu 4.10 / 5.04 / 5.10 : sudo vulnerability (USN-213-1)\");\n script_summary(english:\"Checks dpkg output for updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Ubuntu host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Tavis Ormandy discovered a privilege escalation vulnerability in sudo.\nOn executing shell scripts with sudo, the 'P4' and 'SHELLOPTS'\nenvironment variables were not cleaned properly. If sudo is set up to\ngrant limited sudo privileges to normal users this could be exploited\nto run arbitrary commands as the target user.\n\nUpdated packags for Ubuntu 4.10 :.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected sudo package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:sudo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:4.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:5.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:5.10\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2005/10/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2006/01/15\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2005/10/25\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2005-2019 Canonical, Inc. / NASL script (C) 2006-2016 Tenable Network Security, Inc.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! ereg(pattern:\"^(4\\.10|5\\.04|5\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 4.10 / 5.04 / 5.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"4.10\", pkgname:\"sudo\", pkgver:\"1.6.7p5-1ubuntu4.3\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"sudo\", pkgver:\"1.6.7p5-1ubuntu4.3\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"sudo\", pkgver:\"1.6.7p5-1ubuntu4.3\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"sudo\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:17:28", "description": "Tavis Ormandy reports :\n\nThe bash shell uses the value of the PS4 environment variable (after expansion) as a prefix for commands run in execution trace mode.\nExecution trace mode (xtrace) is normally set via bash's -x command line option or interactively by running 'set -o xtrace'. However, it may also be enabled by placing the string 'xtrace' in the SHELLOPTS environment variable before bash is started.\n\nA malicious user with sudo access to a shell script that uses bash can use this feature to run arbitrary commands for each line of the script.", "cvss3": {}, "published": "2006-05-13T00:00:00", "type": "nessus", "title": "FreeBSD : sudo -- arbitrary command execution (1b725079-9ef6-11da-b410-000e0c2e438a)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2005-2959"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:sudo", "cpe:/o:freebsd:freebsd"], "id": "FREEBSD_PKG_1B7250799EF611DAB410000E0C2E438A.NASL", "href": "https://www.tenable.com/plugins/nessus/21392", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(21392);\n script_version(\"1.17\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2005-2959\");\n script_bugtraq_id(15191);\n\n script_name(english:\"FreeBSD : sudo -- arbitrary command execution (1b725079-9ef6-11da-b410-000e0c2e438a)\");\n script_summary(english:\"Checks for updated package in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote FreeBSD host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Tavis Ormandy reports :\n\nThe bash shell uses the value of the PS4 environment variable (after\nexpansion) as a prefix for commands run in execution trace mode.\nExecution trace mode (xtrace) is normally set via bash's -x command\nline option or interactively by running 'set -o xtrace'. However, it\nmay also be enabled by placing the string 'xtrace' in the SHELLOPTS\nenvironment variable before bash is started.\n\nA malicious user with sudo access to a shell script that uses bash can\nuse this feature to run arbitrary commands for each line of the\nscript.\"\n );\n # http://www.courtesan.com/sudo/alerts/bash_env.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.sudo.ws/sudo/alerts/bash_env.html\"\n );\n # https://vuxml.freebsd.org/freebsd/1b725079-9ef6-11da-b410-000e0c2e438a.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?3eaceea2\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:sudo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2005/10/25\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2006/02/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2006/05/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2006-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"sudo<1.6.8.10\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:03:06", "description": "This security update brings the Adobe Flash Player to version 7.0.69.\nIt fixes the following security problem :\n\n - CRLF injection vulnerability in Adobe Flash Player allows remote attackers to modify HTTP headers of client requests and conduct HTTP Request Splitting attacks via CRLF sequences in arguments to the ActionScript functions (1) XML.addRequestHeader and (2) XML.contentType. NOTE: the flexibility of the attack varies depending on the type of web browser being used.\n (CVE-2006-5330)", "cvss3": {}, "published": "2007-12-13T00:00:00", "type": "nessus", "title": "SuSE 10 Security Update : flash-player (ZYPP Patch Number 2357)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2006-5330"], "modified": "2021-01-14T00:00:00", "cpe": ["cpe:/o:suse:suse_linux"], "id": "SUSE_FLASH-PLAYER-2357.NASL", "href": "https://www.tenable.com/plugins/nessus/29433", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(29433);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2006-5330\");\n\n script_name(english:\"SuSE 10 Security Update : flash-player (ZYPP Patch Number 2357)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 10 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This security update brings the Adobe Flash Player to version 7.0.69.\nIt fixes the following security problem :\n\n - CRLF injection vulnerability in Adobe Flash Player\n allows remote attackers to modify HTTP headers of client\n requests and conduct HTTP Request Splitting attacks via\n CRLF sequences in arguments to the ActionScript\n functions (1) XML.addRequestHeader and (2)\n XML.contentType. NOTE: the flexibility of the attack\n varies depending on the type of web browser being used.\n (CVE-2006-5330)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2006-5330.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply ZYPP patch number 2357.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_cwe_id(79);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2006/12/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/12/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 10 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED10\", sp:0, cpu:\"i586\", reference:\"flash-player-7.0.69.0-1.2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:58:39", "description": "New mysql packages are available for Slackware 10.2 to fix security issues (and other bugs). For complete details about the many fixes addressed by this release, you can find MySQL's news article about the MySQL 4.1.21 Community Edition release here:\nhttp://dev.mysql.com/doc/refman/4.1/en/news-4-1-21.html", "cvss3": {}, "published": "2007-02-18T00:00:00", "type": "nessus", "title": "Slackware 10.2 : mysql (SSA:2006-211-01)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2006-3469"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:slackware:slackware_linux:mysql", "cpe:/o:slackware:slackware_linux:10.2"], "id": "SLACKWARE_SSA_2006-211-01.NASL", "href": "https://www.tenable.com/plugins/nessus/24656", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Slackware Security Advisory 2006-211-01. The text \n# itself is copyright (C) Slackware Linux, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(24656);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2006-3469\");\n script_xref(name:\"SSA\", value:\"2006-211-01\");\n\n script_name(english:\"Slackware 10.2 : mysql (SSA:2006-211-01)\");\n script_summary(english:\"Checks for updated package in /var/log/packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Slackware host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"New mysql packages are available for Slackware 10.2 to fix security\nissues (and other bugs). For complete details about the many fixes\naddressed by this release, you can find MySQL's news article about the\nMySQL 4.1.21 Community Edition release here:\nhttp://dev.mysql.com/doc/refman/4.1/en/news-4-1-21.html\"\n );\n # http://dev.mysql.com/doc/refman/4.1/en/news-4-1-21.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://dev.mysql.com/doc/refman/4.1/en/news-4-1-21.html\"\n );\n # http://www.slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.387994\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?200bc6d9\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected mysql package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:slackware:slackware_linux:mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:10.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2006/07/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/02/18\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Slackware Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Slackware/release\", \"Host/Slackware/packages\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"slackware.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Slackware/release\")) audit(AUDIT_OS_NOT, \"Slackware\");\nif (!get_kb_item(\"Host/Slackware/packages\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Slackware\", cpu);\n\n\nflag = 0;\nif (slackware_check(osver:\"10.2\", pkgname:\"mysql\", pkgver:\"4.1.21\", pkgarch:\"i486\", pkgnum:\"1_slack10.2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:slackware_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:19:26", "description": "Tavis Ormandy discovered that sudo does not perform sufficient environment cleaning; in particular the SHELLOPTS and PS4 variables are still passed to the program running as an alternate user which can result in the execution of arbitrary commands as the alternate user when a bash script is executed.\n\nThe updated packages have been patched to correct this problem.", "cvss3": {}, "published": "2005-11-02T00:00:00", "type": "nessus", "title": "Mandrake Linux Security Advisory : sudo (MDKSA-2005:201)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2005-2959"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:mandriva:linux:sudo", "cpe:/o:mandrakesoft:mandrake_linux:10.1", "cpe:/o:mandriva:linux:2006", "x-cpe:/o:mandrakesoft:mandrake_linux:le2005"], "id": "MANDRAKE_MDKSA-2005-201.NASL", "href": "https://www.tenable.com/plugins/nessus/20127", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandrake Linux Security Advisory MDKSA-2005:201. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(20127);\n script_version(\"1.17\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2005-2959\");\n script_xref(name:\"MDKSA\", value:\"2005:201\");\n\n script_name(english:\"Mandrake Linux Security Advisory : sudo (MDKSA-2005:201)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Mandrake Linux host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Tavis Ormandy discovered that sudo does not perform sufficient\nenvironment cleaning; in particular the SHELLOPTS and PS4 variables\nare still passed to the program running as an alternate user which can\nresult in the execution of arbitrary commands as the alternate user\nwhen a bash script is executed.\n\nThe updated packages have been patched to correct this problem.\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected sudo package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:sudo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandrakesoft:mandrake_linux:10.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2006\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:mandrakesoft:mandrake_linux:le2005\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2005/10/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2005/11/02\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2005-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK10.1\", reference:\"sudo-1.6.8p1-1.3.101mdk\", yank:\"mdk\")) flag++;\n\nif (rpm_check(release:\"MDK10.2\", reference:\"sudo-1.6.8p1-2.2.102mdk\", yank:\"mdk\")) flag++;\n\nif (rpm_check(release:\"MDK2006.0\", reference:\"sudo-1.6.8p8-2.1.20060mdk\", yank:\"mdk\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:20:52", "description": "SunOS 5.9_x86: usr/lib/ssh/sshd Patch.\nDate this patch was last updated by Sun : Oct/18/07", "cvss3": {}, "published": "2004-07-12T00:00:00", "type": "nessus", "title": "Solaris 9 (x86) : 114858-13", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2006-4924"], "modified": "2011-09-18T00:00:00", "cpe": [], "id": "SOLARIS9_X86_114858.NASL", "href": "https://www.tenable.com/plugins/nessus/13614", "sourceData": "#%NASL_MIN_LEVEL 999999\n\n# @DEPRECATED@\n#\n# This script has been deprecated as the associated patch is not\n# currently a recommended security fix.\n#\n# Disabled on 2011/09/17.\n\n#\n# (C) Tenable Network Security, Inc.\n#\n#\n\nif ( ! defined_func(\"bn_random\") ) exit(0);\ninclude(\"compat.inc\");\n\nif(description)\n{\n script_id(13614);\n script_version(\"1.44\");\n\n script_name(english: \"Solaris 9 (x86) : 114858-13\");\n script_cve_id(\"CVE-2006-4924\");\n script_set_attribute(attribute: \"synopsis\", value:\n\"The remote host is missing Sun Security Patch number 114858-13\");\n script_set_attribute(attribute: \"description\", value:\n'SunOS 5.9_x86: usr/lib/ssh/sshd Patch.\nDate this patch was last updated by Sun : Oct/18/07');\n script_set_attribute(attribute: \"solution\", value:\n\"You should install this patch for your system to be up-to-date.\");\n script_set_attribute(attribute: \"see_also\", value:\n\"https://getupdates.oracle.com/readme/114858-13\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_cwe_id(399);\n script_set_attribute(attribute:\"plugin_publication_date\", value: \"2004/07/12\");\n script_cvs_date(\"Date: 2018/08/13 14:32:38\");\n script_set_attribute(attribute:\"vuln_publication_date\", value: \"2006/09/25\");\n script_end_attributes();\n\n script_summary(english: \"Check for patch 114858-13\");\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2004-2018 Tenable Network Security, Inc.\");\n family[\"english\"] = \"Solaris Local Security Checks\";\n script_family(english:family[\"english\"]);\n \n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/Solaris/showrev\");\n exit(0);\n}\n\n\n\n# Deprecated.\nexit(0, \"The associated patch is not currently a recommended security fix.\");\n\ninclude(\"solaris.inc\");\n\ne += solaris_check_patch(release:\"5.9_x86\", arch:\"i386\", patch:\"114858-13\", obsoleted_by:\"122301-17 \", package:\"SUNWsshcu\", version:\"11.9.0,REV=2002.11.04.02.51\");\ne += solaris_check_patch(release:\"5.9_x86\", arch:\"i386\", patch:\"114858-13\", obsoleted_by:\"122301-17 \", package:\"SUNWsshdr\", version:\"11.9.0,REV=2002.11.04.02.51\");\ne += solaris_check_patch(release:\"5.9_x86\", arch:\"i386\", patch:\"114858-13\", obsoleted_by:\"122301-17 \", package:\"SUNWsshdu\", version:\"11.9.0,REV=2002.11.04.02.51\");\ne += solaris_check_patch(release:\"5.9_x86\", arch:\"i386\", patch:\"114858-13\", obsoleted_by:\"122301-17 \", package:\"SUNWsshr\", version:\"11.9.0,REV=2002.11.04.02.51\");\ne += solaris_check_patch(release:\"5.9_x86\", arch:\"i386\", patch:\"114858-13\", obsoleted_by:\"122301-17 \", package:\"SUNWsshu\", version:\"11.9.0,REV=2002.11.04.02.51\");\nif ( e < 0 ) { \n\tif ( NASL_LEVEL < 3000 ) \n\t security_hole(0);\n\telse \n\t security_hole(port:0, extra:solaris_get_report());\n\texit(0); \n} \nexit(0, \"Host is not affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:19:40", "description": "The remote host is affected by the vulnerability described in GLSA-200609-17 (OpenSSH: Denial of Service)\n\n Tavis Ormandy of the Google Security Team discovered a Denial of Service vulnerability in the SSH protocol version 1 CRC compensation attack detector.\n Impact :\n\n A remote unauthenticated attacker may be able to trigger excessive CPU usage by sending a pathological SSH message, denying service to other legitimate users or processes.\n Workaround :\n\n The system administrator may disable SSH protocol version 1 in /etc/ssh/sshd_config.", "cvss3": {}, "published": "2006-09-28T00:00:00", "type": "nessus", "title": "GLSA-200609-17 : OpenSSH: Denial of Service", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2006-4924"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:gentoo:linux:openssh", "cpe:/o:gentoo:linux"], "id": "GENTOO_GLSA-200609-17.NASL", "href": "https://www.tenable.com/plugins/nessus/22464", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 200609-17.\n#\n# The advisory text is Copyright (C) 2001-2015 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(22464);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2006-4924\");\n script_bugtraq_id(20216);\n script_xref(name:\"GLSA\", value:\"200609-17\");\n\n script_name(english:\"GLSA-200609-17 : OpenSSH: Denial of Service\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-200609-17\n(OpenSSH: Denial of Service)\n\n Tavis Ormandy of the Google Security Team discovered a Denial of\n Service vulnerability in the SSH protocol version 1 CRC compensation\n attack detector.\n \nImpact :\n\n A remote unauthenticated attacker may be able to trigger excessive CPU\n usage by sending a pathological SSH message, denying service to other\n legitimate users or processes.\n \nWorkaround :\n\n The system administrator may disable SSH protocol version 1 in\n /etc/ssh/sshd_config.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/200609-17\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All OpenSSH users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=net-misc/openssh-4.3_p2-r5'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:openssh\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2006/09/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2006/09/28\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2006/09/25\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2006-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"net-misc/openssh\", unaffected:make_list(\"ge 4.3_p2-r5\"), vulnerable:make_list(\"lt 4.3_p2-r5\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"OpenSSH\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}], "openvas": [{"lastseen": "2019-05-29T18:39:03", "description": "The remote host is missing an update as announced\nvia advisory SSA:2006-272-02.", "cvss3": {}, "published": "2012-09-11T00:00:00", "type": "openvas", "title": "Slackware Advisory SSA:2006-272-02 openssh", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2006-5052", "CVE-2006-5051", "CVE-2006-4924"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:136141256231057492", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231057492", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: esoft_slk_ssa_2006_272_02.nasl 14202 2019-03-15 09:16:15Z cfischer $\n# Description: Auto-generated from the corresponding slackware advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.57492\");\n script_tag(name:\"creation_date\", value:\"2012-09-11 01:34:21 +0200 (Tue, 11 Sep 2012)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 10:16:15 +0100 (Fri, 15 Mar 2019) $\");\n script_cve_id(\"CVE-2006-4924\", \"CVE-2006-5051\", \"CVE-2006-5052\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_version(\"$Revision: 14202 $\");\n script_name(\"Slackware Advisory SSA:2006-272-02 openssh\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Slackware Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/slackware_linux\", \"ssh/login/slackpack\", re:\"ssh/login/release=SLK(8\\.1|9\\.0|9\\.1|10\\.0|10\\.1|10\\.2)\");\n\n script_xref(name:\"URL\", value:\"https://secure1.securityspace.com/smysecure/catid.html?in=SSA:2006-272-02\");\n\n script_tag(name:\"insight\", value:\"New openssh packages are available for Slackware 8.1, 9.0, 9.1, 10.0, 10.1,\n10.2, and -current to fix security issues.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to the new package(s).\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update as announced\nvia advisory SSA:2006-272-02.\");\n\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-slack.inc\");\n\nreport = \"\";\nres = \"\";\n\nif((res = isslkpkgvuln(pkg:\"openssh\", ver:\"4.4p1-i386-1_slack8.1\", rls:\"SLK8.1\")) != NULL) {\n report += res;\n}\nif((res = isslkpkgvuln(pkg:\"openssh\", ver:\"4.4p1-i386-1_slack9.0\", rls:\"SLK9.0\")) != NULL) {\n report += res;\n}\nif((res = isslkpkgvuln(pkg:\"openssh\", ver:\"4.4p1-i486-1_slack9.1\", rls:\"SLK9.1\")) != NULL) {\n report += res;\n}\nif((res = isslkpkgvuln(pkg:\"openssh\", ver:\"4.4p1-i486-1_slack10.0\", rls:\"SLK10.0\")) != NULL) {\n report += res;\n}\nif((res = isslkpkgvuln(pkg:\"openssh\", ver:\"4.4p1-i486-1_slack10.1\", rls:\"SLK10.1\")) != NULL) {\n report += res;\n}\nif((res = isslkpkgvuln(pkg:\"openssh\", ver:\"4.4p1-i486-1_slack10.2\", rls:\"SLK10.2\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2017-07-24T12:51:17", "description": "The remote host is missing an update as announced\nvia advisory SSA:2006-272-02.", "cvss3": {}, "published": "2012-09-11T00:00:00", "type": "openvas", "title": "Slackware Advisory SSA:2006-272-02 openssh", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2006-5052", "CVE-2006-5051", "CVE-2006-4924"], "modified": "2017-07-07T00:00:00", "id": "OPENVAS:57492", "href": "http://plugins.openvas.org/nasl.php?oid=57492", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: esoft_slk_ssa_2006_272_02.nasl 6598 2017-07-07 09:36:44Z cfischer $\n# Description: Auto-generated from the corresponding slackware advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"New openssh packages are available for Slackware 8.1, 9.0, 9.1, 10.0, 10.1,\n10.2, and -current to fix security issues.\";\ntag_summary = \"The remote host is missing an update as announced\nvia advisory SSA:2006-272-02.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=SSA:2006-272-02\";\n \nif(description)\n{\n script_id(57492);\n script_tag(name:\"creation_date\", value:\"2012-09-11 01:34:21 +0200 (Tue, 11 Sep 2012)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 11:36:44 +0200 (Fri, 07 Jul 2017) $\");\n script_cve_id(\"CVE-2006-4924\", \"CVE-2006-5051\", \"CVE-2006-5052\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_version(\"$Revision: 6598 $\");\n name = \"Slackware Advisory SSA:2006-272-02 openssh \";\n script_name(name);\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Slackware Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/slackware_linux\", \"ssh/login/slackpack\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-slack.inc\");\nvuln = 0;\nif(isslkpkgvuln(pkg:\"openssh\", ver:\"4.4p1-i386-1_slack8.1\", rls:\"SLK8.1\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"openssh\", ver:\"4.4p1-i386-1_slack9.0\", rls:\"SLK9.0\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"openssh\", ver:\"4.4p1-i486-1_slack9.1\", rls:\"SLK9.1\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"openssh\", ver:\"4.4p1-i486-1_slack10.0\", rls:\"SLK10.0\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"openssh\", ver:\"4.4p1-i486-1_slack10.1\", rls:\"SLK10.1\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"openssh\", ver:\"4.4p1-i486-1_slack10.2\", rls:\"SLK10.2\")) {\n vuln = 1;\n}\n\nif(vuln) {\n security_message(0);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-24T12:50:39", "description": "The remote host is missing an update as announced\nvia advisory SSA:2006-155-01.", "cvss3": {}, "published": "2012-09-11T00:00:00", "type": "openvas", "title": "Slackware Advisory SSA:2006-155-01 mysql", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2006-1517", "CVE-2006-2753", "CVE-2006-1516"], "modified": "2017-07-07T00:00:00", "id": "OPENVAS:56861", "href": "http://plugins.openvas.org/nasl.php?oid=56861", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: esoft_slk_ssa_2006_155_01.nasl 6598 2017-07-07 09:36:44Z cfischer $\n# Description: Auto-generated from the corresponding slackware advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"New mysql packages are available for Slackware 9.1, 10.0, 10.1,\n10.2 and -current to fix security issues.\n\nThe MySQL packages shipped with Slackware 9.1, 10.0, and 10.1\nmay possibly leak sensitive information found in uninitialized\nmemory to authenticated users. This is fixed in the new packages,\nand was already patched in Slackware 10.2 and -current.\nSince the vulnerabilities require a valid login and/or access to the\ndatabase server, the risk is moderate. Slackware does not provide\nnetwork access to a MySQL database by default.\n\nThe MySQL packages in Slackware 10.2 and -current have been\nupgraded to MySQL 4.1.20 (Slackware 10.2) and MySQL 5.0.22\n(Slackware -current) to fix an SQL injection vulnerability.\n\nFor more details, see the MySQL 4.1.20 release announcement here:\nhttp://lists.mysql.com/announce/364\nAnd the MySQL 5.0.22 release announcement here:\nhttp://lists.mysql.com/announce/365\";\ntag_summary = \"The remote host is missing an update as announced\nvia advisory SSA:2006-155-01.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=SSA:2006-155-01\";\n \nif(description)\n{\n script_id(56861);\n script_tag(name:\"creation_date\", value:\"2012-09-11 01:34:21 +0200 (Tue, 11 Sep 2012)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 11:36:44 +0200 (Fri, 07 Jul 2017) $\");\n script_cve_id(\"CVE-2006-1516\", \"CVE-2006-1517\", \"CVE-2006-2753\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_version(\"$Revision: 6598 $\");\n name = \"Slackware Advisory SSA:2006-155-01 mysql \";\n script_name(name);\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Slackware Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/slackware_linux\", \"ssh/login/slackpack\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-slack.inc\");\nvuln = 0;\nif(isslkpkgvuln(pkg:\"mysql\", ver:\"4.0.27-i486-1_slack9.1\", rls:\"SLK9.1\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"mysql\", ver:\"4.0.27-i486-1_slack10.0\", rls:\"SLK10.0\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"mysql\", ver:\"4.0.27-i486-1_slack10.1\", rls:\"SLK10.1\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"mysql\", ver:\"4.1.20-i486-1_slack10.2\", rls:\"SLK10.2\")) {\n vuln = 1;\n}\n\nif(vuln) {\n security_message(0);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:39:09", "description": "The remote host is missing an update as announced\nvia advisory SSA:2006-155-01.", "cvss3": {}, "published": "2012-09-11T00:00:00", "type": "openvas", "title": "Slackware Advisory SSA:2006-155-01 mysql", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2006-1517", "CVE-2006-2753", "CVE-2006-1516"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:136141256231056861", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231056861", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: esoft_slk_ssa_2006_155_01.nasl 14202 2019-03-15 09:16:15Z cfischer $\n# Description: Auto-generated from the corresponding slackware advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.56861\");\n script_tag(name:\"creation_date\", value:\"2012-09-11 01:34:21 +0200 (Tue, 11 Sep 2012)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 10:16:15 +0100 (Fri, 15 Mar 2019) $\");\n script_cve_id(\"CVE-2006-1516\", \"CVE-2006-1517\", \"CVE-2006-2753\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_version(\"$Revision: 14202 $\");\n script_name(\"Slackware Advisory SSA:2006-155-01 mysql\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Slackware Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/slackware_linux\", \"ssh/login/slackpack\", re:\"ssh/login/release=SLK(9\\.1|10\\.0|10\\.1|10\\.2)\");\n\n script_xref(name:\"URL\", value:\"https://secure1.securityspace.com/smysecure/catid.html?in=SSA:2006-155-01\");\n script_xref(name:\"URL\", value:\"http://lists.mysql.com/announce/364\");\n script_xref(name:\"URL\", value:\"http://lists.mysql.com/announce/365\");\n\n script_tag(name:\"insight\", value:\"New mysql packages are available for Slackware 9.1, 10.0, 10.1,\n10.2 and -current to fix security issues.\n\nThe MySQL packages shipped with Slackware 9.1, 10.0, and 10.1\nmay possibly leak sensitive information found in uninitialized\nmemory to authenticated users. This is fixed in the new packages,\nand was already patched in Slackware 10.2 and -current.\nSince the vulnerabilities require a valid login and/or access to the\ndatabase server, the risk is moderate. Slackware does not provide\nnetwork access to a MySQL database by default.\n\nThe MySQL packages in Slackware 10.2 and -current have been\nupgraded to MySQL 4.1.20 (Slackware 10.2) and MySQL 5.0.22\n(Slackware -current) to fix an SQL injection vulnerability.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to the new package(s).\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update as announced\nvia advisory SSA:2006-155-01.\");\n\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-slack.inc\");\n\nreport = \"\";\nres = \"\";\n\nif((res = isslkpkgvuln(pkg:\"mysql\", ver:\"4.0.27-i486-1_slack9.1\", rls:\"SLK9.1\")) != NULL) {\n report += res;\n}\nif((res = isslkpkgvuln(pkg:\"mysql\", ver:\"4.0.27-i486-1_slack10.0\", rls:\"SLK10.0\")) != NULL) {\n report += res;\n}\nif((res = isslkpkgvuln(pkg:\"mysql\", ver:\"4.0.27-i486-1_slack10.1\", rls:\"SLK10.1\")) != NULL) {\n report += res;\n}\nif((res = isslkpkgvuln(pkg:\"mysql\", ver:\"4.1.20-i486-1_slack10.2\", rls:\"SLK10.2\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2017-07-26T08:56:22", "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n openssh\n openssh-askpass\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5019505 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/", "cvss3": {}, "published": "2009-10-10T00:00:00", "type": "openvas", "title": "SLES9: Security update for OpenSSH", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2006-5052", "CVE-2006-4925", "CVE-2006-5051", "CVE-2006-4924"], "modified": "2017-07-11T00:00:00", "id": "OPENVAS:65248", "href": "http://plugins.openvas.org/nasl.php?oid=65248", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: sles9p5019505.nasl 6666 2017-07-11 13:13:36Z cfischer $\n# Description: Security update for OpenSSH\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n openssh\n openssh-askpass\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5019505 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/\";\n\ntag_solution = \"Please install the updates provided by SuSE.\";\n \nif(description)\n{\n script_id(65248);\n script_version(\"$Revision: 6666 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-11 15:13:36 +0200 (Tue, 11 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-10 16:11:46 +0200 (Sat, 10 Oct 2009)\");\n script_cve_id(\"CVE-2006-4924\", \"CVE-2006-4925\", \"CVE-2006-5051\", \"CVE-2006-5052\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"SLES9: Security update for OpenSSH\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse_sles\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"openssh\", rpm:\"openssh~4.1p1~11.28\", rls:\"SLES9.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-25T10:56:56", "description": "Check for the Version of openssh", "cvss3": {}, "published": "2009-02-27T00:00:00", "type": "openvas", "title": "Fedora Update for openssh FEDORA-2007-395", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2006-5052", "CVE-2006-5051", "CVE-2006-5794", "CVE-2006-4924"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:861319", "href": "http://plugins.openvas.org/nasl.php?oid=861319", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for openssh FEDORA-2007-395\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"SSH (Secure SHell) is a program for logging into and executing\n commands on a remote machine. SSH is intended to replace rlogin and\n rsh, and to provide secure encrypted communications between two\n untrusted hosts over an insecure network. X11 connections and\n arbitrary TCP/IP ports can also be forwarded over the secure channel.\n\n OpenSSH is OpenBSD's version of the last free version of SSH, bringing\n it up to date in terms of security and features, as well as removing\n all patented algorithms to separate libraries.\n \n This package includes the core files necessary for both the OpenSSH\n client and server. To make this package useful, you should also\n install openssh-clients, openssh-server, or both\";\n\ntag_affected = \"openssh on Fedora Core 5\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/fedora-package-announce/2007-April/msg00011.html\");\n script_id(861319);\n script_version(\"$Revision: 6622 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 07:52:50 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-27 16:23:18 +0100 (Fri, 27 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"FEDORA\", value: \"2007-395\");\n script_cve_id(\"CVE-2006-5052\", \"CVE-2006-5794\", \"CVE-2006-4924\", \"CVE-2006-5051\");\n script_name( \"Fedora Update for openssh FEDORA-2007-395\");\n\n script_summary(\"Check for the Version of openssh\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora_core\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC5\")\n{\n\n if ((res = isrpmvuln(pkg:\"openssh\", rpm:\"openssh~4.3p2~4.12.fc5\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x86_64/openssh\", rpm:\"x86_64/openssh~4.3p2~4.12.fc5\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x86_64/openssh-server\", rpm:\"x86_64/openssh-server~4.3p2~4.12.fc5\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x86_64/openssh-clients\", rpm:\"x86_64/openssh-clients~4.3p2~4.12.fc5\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x86_64/openssh-askpass\", rpm:\"x86_64/openssh-askpass~4.3p2~4.12.fc5\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x86_64/debug/openssh-debuginfo\", rpm:\"x86_64/debug/openssh-debuginfo~4.3p2~4.12.fc5\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"i386/openssh-server\", rpm:\"i386/openssh-server~4.3p2~4.12.fc5\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"i386/openssh-askpass\", rpm:\"i386/openssh-askpass~4.3p2~4.12.fc5\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"i386/openssh-clients\", rpm:\"i386/openssh-clients~4.3p2~4.12.fc5\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"i386/debug/openssh-debuginfo\", rpm:\"i386/debug/openssh-debuginfo~4.3p2~4.12.fc5\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"i386/openssh\", rpm:\"i386/openssh~4.3p2~4.12.fc5\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-06T11:40:43", "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n openssh\n openssh-askpass\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5019505 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/", "cvss3": {}, "published": "2009-10-10T00:00:00", "type": "openvas", "title": "SLES9: Security update for OpenSSH", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2006-5052", "CVE-2006-4925", "CVE-2006-5051", "CVE-2006-4924"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:136141256231065248", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231065248", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: sles9p5019505.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Security update for OpenSSH\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n openssh\n openssh-askpass\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5019505 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/\";\n\ntag_solution = \"Please install the updates provided by SuSE.\";\n \nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.65248\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-10 16:11:46 +0200 (Sat, 10 Oct 2009)\");\n script_cve_id(\"CVE-2006-4924\", \"CVE-2006-4925\", \"CVE-2006-5051\", \"CVE-2006-5052\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"SLES9: Security update for OpenSSH\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse_sles\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"openssh\", rpm:\"openssh~4.1p1~11.28\", rls:\"SLES9.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-12-08T11:44:21", "description": "The remote host is missing an update to the system\nas announced in the referenced advisory FreeBSD-SA-06:22.openssh.asc", "cvss3": {}, "published": "2008-09-04T00:00:00", "type": "openvas", "title": "FreeBSD Security Advisory (FreeBSD-SA-06:22.openssh.asc)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2006-5051", "CVE-2006-4924"], "modified": "2017-12-07T00:00:00", "id": "OPENVAS:57476", "href": "http://plugins.openvas.org/nasl.php?oid=57476", "sourceData": "#\n#ADV FreeBSD-SA-06:22.openssh.asc\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from vuxml or freebsd advisories\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n#\n\ntag_insight = \"OpenSSH is an implementation of the SSH protocol suite, providing an\nencrypted, authenticated transport for a variety of services,\nincluding remote shell access.\n\nThe CRC compensation attack detector in the sshd(8) daemon, upon receipt\nof duplicate blocks, uses CPU time cubic in the number of duplicate\nblocks received. [CVE-2006-4924]\n\nA race condition exists in a signal handler used by the sshd(8) daemon\nto handle the LoginGraceTime option, which can potentially cause some\ncleanup routines to be executed multiple times. [CVE-2006-5051]\";\ntag_solution = \"Upgrade your system to the appropriate stable release\nor security branch dated after the correction date\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=FreeBSD-SA-06:22.openssh.asc\";\ntag_summary = \"The remote host is missing an update to the system\nas announced in the referenced advisory FreeBSD-SA-06:22.openssh.asc\";\n\n \nif(description)\n{\n script_id(57476);\n script_version(\"$Revision: 8023 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-07 09:36:26 +0100 (Thu, 07 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-09-04 20:41:11 +0200 (Thu, 04 Sep 2008)\");\n script_cve_id(\"CVE-2006-4924\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n name = \"FreeBSD Security Advisory (FreeBSD-SA-06:22.openssh.asc)\";\n script_name(name);\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2006 E-Soft Inc. http://www.securityspace.com\");\n family = \"FreeBSD Local Security Checks\";\n script_family(family);\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/freebsdpatchlevel\", \"login/SSH/success\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-bsd.inc\");\nvuln = 0;\nif(patchlevelcmp(rel:\"6.1\", patchlevel:\"10\")<0) {\n vuln = 1;\n}\nif(patchlevelcmp(rel:\"6.0\", patchlevel:\"15\")<0) {\n vuln = 1;\n}\nif(patchlevelcmp(rel:\"5.5\", patchlevel:\"8\")<0) {\n vuln = 1;\n}\nif(patchlevelcmp(rel:\"5.4\", patchlevel:\"22\")<0) {\n vuln = 1;\n}\nif(patchlevelcmp(rel:\"5.3\", patchlevel:\"37\")<0) {\n vuln = 1;\n}\nif(patchlevelcmp(rel:\"4.11\", patchlevel:\"25\")<0) {\n vuln = 1;\n}\n\nif(vuln) {\n security_message(0);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-24T12:50:05", "description": "The remote host is missing an update to openssh-krb5\nannounced via advisory DSA 1189-1.\n\nSeveral remote vulnerabilities have been discovered in OpenSSH, a free\nimplementation of the Secure Shell protocol, which may lead to denial of\nservice and potentially the execution of arbitrary code. The Common\nVulnerabilities and Exposures project identifies the following problems:\n\nCVE-2006-4924\n\nTavis Ormandy of the Google Security Team discovered a denial of\nservice vulnerability in the mitigation code against complexity\nattacks, which might lead to increased CPU consumption until a\ntimeout is triggered. This is only exploitable if support for\nSSH protocol version 1 is enabled.\n\nCVE-2006-5051\n\nMark Dowd discovered that insecure signal handler usage could\npotentially lead to execution of arbitrary code through a double\nfree. The Debian Security Team doesn't believe the general openssh\npackage without Kerberos support to be exploitable by this issue.\nHowever, due to the complexity of the underlying code we will\nissue an update to rule out all eventualities.", "cvss3": {}, "published": "2008-01-17T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 1189-1 (openssh-krb5)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2006-5051", "CVE-2006-4924"], "modified": "2017-07-07T00:00:00", "id": "OPENVAS:57483", "href": "http://plugins.openvas.org/nasl.php?oid=57483", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_1189_1.nasl 6616 2017-07-07 12:10:49Z cfischer $\n# Description: Auto-generated from advisory DSA 1189-1\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largerly excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_solution = \"For the stable distribution (sarge) these problems have been fixed in\nversion 3.8.1p1-7sarge1.\n\nFor the unstable distribution (sid) these problems have been fixed in\nversion 4.3p2-4 of openssh. openssh-krb5 will soon be converted towards\na transitional package against openssh.\n\nWe recommend that you upgrade your openssh-krb5 packages.\n\n https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201189-1\";\ntag_summary = \"The remote host is missing an update to openssh-krb5\nannounced via advisory DSA 1189-1.\n\nSeveral remote vulnerabilities have been discovered in OpenSSH, a free\nimplementation of the Secure Shell protocol, which may lead to denial of\nservice and potentially the execution of arbitrary code. The Common\nVulnerabilities and Exposures project identifies the following problems:\n\nCVE-2006-4924\n\nTavis Ormandy of the Google Security Team discovered a denial of\nservice vulnerability in the mitigation code against complexity\nattacks, which might lead to increased CPU consumption until a\ntimeout is triggered. This is only exploitable if support for\nSSH protocol version 1 is enabled.\n\nCVE-2006-5051\n\nMark Dowd discovered that insecure signal handler usage could\npotentially lead to execution of arbitrary code through a double\nfree. The Debian Security Team doesn't believe the general openssh\npackage without Kerberos support to be exploitable by this issue.\nHowever, due to the complexity of the underlying code we will\nissue an update to rule out all eventualities.\";\n\n\nif(description)\n{\n script_id(57483);\n script_version(\"$Revision: 6616 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:10:49 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-01-17 23:13:11 +0100 (Thu, 17 Jan 2008)\");\n script_cve_id(\"CVE-2006-4924\", \"CVE-2006-5051\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"Debian Security Advisory DSA 1189-1 (openssh-krb5)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2006 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"ssh-krb5\", ver:\"3.8.1p1-7sarge1\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-24T12:50:16", "description": "The remote host is missing an update to openssh (1:3.8.1p1-8.sarge.6)\nannounced via advisory DSA 1212-1.\n\nTwo denial of service vulnerabilities have been found in the OpenSSH\nserver.\n\nCVE-2006-4924\nThe sshd support for ssh protcol version 1 does not properly\nhandle duplicate incoming blocks. This could allow a remote\nattacker to cause sshd to consume significant CPU resources\nleading to a denial of service.\n\nCVE-2006-5051\nA signal handler race condition could potentially allow a remote\nattacker to crash sshd and could theoretically lead to the\nability to execute arbitrary code.", "cvss3": {}, "published": "2008-01-17T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 1212-1 (openssh (1:3.8.1p1-8.sarge.6))", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2006-5051", "CVE-2006-4924"], "modified": "2017-07-07T00:00:00", "id": "OPENVAS:57585", "href": "http://plugins.openvas.org/nasl.php?oid=57585", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_1212_1.nasl 6616 2017-07-07 12:10:49Z cfischer $\n# Description: Auto-generated from advisory DSA 1212-1\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largerly excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_solution = \"For the stable distribution (sarge), these problems have been fixed in\nversion 1:3.8.1p1-8.sarge.6\n\nFor the unstable and testing distributions, these problems have been\nfixed in version 1:4.3p2-4\n\nWe recommend that you upgrade your openssh package.\n\n https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201212-1\";\ntag_summary = \"The remote host is missing an update to openssh (1:3.8.1p1-8.sarge.6)\nannounced via advisory DSA 1212-1.\n\nTwo denial of service vulnerabilities have been found in the OpenSSH\nserver.\n\nCVE-2006-4924\nThe sshd support for ssh protcol version 1 does not properly\nhandle duplicate incoming blocks. This could allow a remote\nattacker to cause sshd to consume significant CPU resources\nleading to a denial of service.\n\nCVE-2006-5051\nA signal handler race condition could potentially allow a remote\nattacker to crash sshd and could theoretically lead to the\nability to execute arbitrary code.\";\n\n\nif(description)\n{\n script_id(57585);\n script_version(\"$Revision: 6616 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:10:49 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-01-17 23:17:11 +0100 (Thu, 17 Jan 2008)\");\n script_cve_id(\"CVE-2006-4924\", \"CVE-2006-5051\");\n script_bugtraq_id(20216,20241);\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"Debian Security Advisory DSA 1212-1 (openssh (1:3.8.1p1-8.sarge.6))\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2006 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"ssh-askpass-gnome\", ver:\"3.8.1p1-8.sarge.6\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"ssh\", ver:\"3.8.1p1-8.sarge.6\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-02T21:10:23", "description": "The remote host is missing an update to the system\nas announced in the referenced advisory.", "cvss3": {}, "published": "2008-09-04T00:00:00", "type": "openvas", "title": "FreeBSD Ports: openssh", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2006-5051", "CVE-2006-4924"], "modified": "2016-09-26T00:00:00", "id": "OPENVAS:57470", "href": "http://plugins.openvas.org/nasl.php?oid=57470", "sourceData": "#\n#VID 32db37a5-50c3-11db-acf3-000c6ec775d9\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from vuxml or freebsd advisories\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The following packages are affected:\n openssh openssh-portable\";\ntag_solution = \"Update your system with the appropriate patches or\nsoftware upgrades.\n\nhttp://www.openssh.com/txt/release-4.4\nhttp://www.vuxml.org/freebsd/32db37a5-50c3-11db-acf3-000c6ec775d9.html\";\ntag_summary = \"The remote host is missing an update to the system\nas announced in the referenced advisory.\";\n\n\nif(description)\n{\n script_id(57470);\n script_version(\"$Revision: 4144 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2016-09-26 07:28:56 +0200 (Mon, 26 Sep 2016) $\");\n script_tag(name:\"creation_date\", value:\"2008-09-04 20:41:11 +0200 (Thu, 04 Sep 2008)\");\n script_cve_id(\"CVE-2006-4924\", \"CVE-2006-5051\");\n script_bugtraq_id(20216);\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"FreeBSD Ports: openssh\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2006 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"FreeBSD Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/freebsdrel\", \"login/SSH/success\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-bsd.inc\");\n\ntxt = \"\";\nvuln = 0;\nbver = portver(pkg:\"openssh\");\nif(!isnull(bver) && revcomp(a:bver, b:\"4.4,1\")<0) {\n txt += 'Package openssh version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"openssh-portable\");\nif(!isnull(bver) && revcomp(a:bver, b:\"4.4.p1,1\")<0) {\n txt += 'Package openssh-portable version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\n\nif(vuln) {\n security_message(data:string(txt));\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-24T12:50:20", "description": "The remote host is missing updates announced in\nadvisory GLSA 200611-06.", "cvss3": {}, "published": "2008-09-24T00:00:00", "type": "openvas", "title": "Gentoo Security Advisory GLSA 200611-06 (openssh)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2006-5052", "CVE-2006-5051"], "modified": "2017-07-07T00:00:00", "id": "OPENVAS:57919", "href": "http://plugins.openvas.org/nasl.php?oid=57919", "sourceData": "# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from Gentoo's XML based advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Several Denial of Service vulnerabilities have been identified in OpenSSH.\";\ntag_solution = \"All OpenSSH users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=net-misc/openssh-4.4_p1-r5'\n\nhttp://www.securityspace.com/smysecure/catid.html?in=GLSA%20200611-06\nhttp://bugs.gentoo.org/show_bug.cgi?id=149502\nhttp://www.openssh.com/txt/release-4.4\";\ntag_summary = \"The remote host is missing updates announced in\nadvisory GLSA 200611-06.\";\n\n \n\nif(description)\n{\n script_id(57919);\n script_version(\"$Revision: 6596 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 11:21:37 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-09-24 21:14:03 +0200 (Wed, 24 Sep 2008)\");\n script_cve_id(\"CVE-2006-5051\", \"CVE-2006-5052\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"Gentoo Security Advisory GLSA 200611-06 (openssh)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Gentoo Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-gentoo.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = ispkgvuln(pkg:\"net-misc/openssh\", unaffected: make_list(\"ge 4.4_p1-r5\"), vulnerable: make_list(\"lt 4.4_p1-r5\"))) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-24T12:50:05", "description": "The remote host is missing an update to mysql-dfsg-4.1\nannounced via advisory DSA 1112-1.\n\nSeveral local vulnerabilities have been discovered in the MySQL database\nserver, which may lead to denial of service. The Common\nVulnerabilities and Exposures project identifies the following problems:\n\nCVE-2006-3081\n\nKanatoko discovered that the server can be crashed with feeding\nNULL values to the str_to_date() function.\n\nCVE-2006-3469\n\nJean-David Maillefer discovered that the server can be crashed with\nspecially crafted date_format() function calls.", "cvss3": {}, "published": "2008-01-17T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 1112-1 (mysql-dfsg-4.1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2006-3081", "CVE-2006-3469"], "modified": "2017-07-07T00:00:00", "id": "OPENVAS:57109", "href": "http://plugins.openvas.org/nasl.php?oid=57109", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_1112_1.nasl 6616 2017-07-07 12:10:49Z cfischer $\n# Description: Auto-generated from advisory DSA 1112-1\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largerly excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_solution = \"For the stable distribution (sarge) these problems have been fixed in\nversion 4.1.11a-4sarge5.\n\nFor the unstable distribution (sid) does no longer contain MySQL 4.1\npackages. MySQL 5.0 from sid is not affected.\n\nWe recommend that you upgrade your mysql-dfsg-4.1 packages.\n\n https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201112-1\";\ntag_summary = \"The remote host is missing an update to mysql-dfsg-4.1\nannounced via advisory DSA 1112-1.\n\nSeveral local vulnerabilities have been discovered in the MySQL database\nserver, which may lead to denial of service. The Common\nVulnerabilities and Exposures project identifies the following problems:\n\nCVE-2006-3081\n\nKanatoko discovered that the server can be crashed with feeding\nNULL values to the str_to_date() function.\n\nCVE-2006-3469\n\nJean-David Maillefer discovered that the server can be crashed with\nspecially crafted date_format() function calls.\";\n\n\nif(description)\n{\n script_id(57109);\n script_version(\"$Revision: 6616 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:10:49 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-01-17 23:13:11 +0100 (Thu, 17 Jan 2008)\");\n script_cve_id(\"CVE-2006-3081\", \"CVE-2006-3469\");\n script_tag(name:\"cvss_base\", value:\"4.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:N/I:N/A:P\");\n script_name(\"Debian Security Advisory DSA 1112-1 (mysql-dfsg-4.1)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2006 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"mysql-common-4.1\", ver:\"4.1.11a-4sarge5\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmysqlclient14\", ver:\"4.1.11a-4sarge5\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmysqlclient14-dev\", ver:\"4.1.11a-4sarge5\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mysql-client-4.1\", ver:\"4.1.11a-4sarge5\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mysql-server-4.1\", ver:\"4.1.11a-4sarge5\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 4.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-07-24T12:49:42", "description": "The remote host is missing updates announced in\nadvisory GLSA 200605-13.", "cvss3": {}, "published": "2008-09-24T00:00:00", "type": "openvas", "title": "Gentoo Security Advisory GLSA 200605-13 (MySQL)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2006-1517", "CVE-2006-1516"], "modified": "2017-07-07T00:00:00", "id": "OPENVAS:56728", "href": "http://plugins.openvas.org/nasl.php?oid=56728", "sourceData": "# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from Gentoo's XML based advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"A MySQL server may leak information to unauthorized users.\";\ntag_solution = \"All MySQL users should upgrade to the latest version.\n\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=dev-db/mysql-4.0.27'\n\nhttp://www.securityspace.com/smysecure/catid.html?in=GLSA%20200605-13\nhttp://bugs.gentoo.org/show_bug.cgi?id=132146\nhttp://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2006-05/msg00041.html\";\ntag_summary = \"The remote host is missing updates announced in\nadvisory GLSA 200605-13.\";\n\n \n\nif(description)\n{\n script_id(56728);\n script_version(\"$Revision: 6596 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 11:21:37 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-09-24 21:14:03 +0200 (Wed, 24 Sep 2008)\");\n script_cve_id(\"CVE-2006-1516\", \"CVE-2006-1517\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_name(\"Gentoo Security Advisory GLSA 200605-13 (MySQL)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2006 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Gentoo Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-gentoo.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = ispkgvuln(pkg:\"dev-db/mysql\", unaffected: make_list(\"ge 4.1.19\", \"rge 4.0.27\"), vulnerable: make_list(\"lt 4.1.19\"))) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2017-07-24T12:51:02", "description": "The remote host is missing an update as announced\nvia advisory SSA:2006-129-02.", "cvss3": {}, "published": "2012-09-11T00:00:00", "type": "openvas", "title": "Slackware Advisory SSA:2006-129-02 mysql", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2006-1517", "CVE-2006-1518", "CVE-2006-1516"], "modified": "2017-07-07T00:00:00", "id": "OPENVAS:56730", "href": "http://plugins.openvas.org/nasl.php?oid=56730", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: esoft_slk_ssa_2006_129_02.nasl 6598 2017-07-07 09:36:44Z cfischer $\n# Description: Auto-generated from the corresponding slackware advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"New mysql packages are available for Slackware 10.2 and -current to\nfix security issues. The MySQL package shipped with Slackware 10.2\nmay possibly leak sensitive information found in uninitialized\nmemory to authenticated users. The MySQL package previously in\nSlackware -current also suffered from these flaws, but an additional\noverflow could allow arbitrary code execution.\n\nSince the vulnerabilities require a valid login and/or access to the\ndatabase server, the risk is moderate. Slackware does not provide\nnetwork access to a MySQL database by default.\";\ntag_summary = \"The remote host is missing an update as announced\nvia advisory SSA:2006-129-02.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=SSA:2006-129-02\";\n \nif(description)\n{\n script_id(56730);\n script_tag(name:\"creation_date\", value:\"2012-09-11 01:34:21 +0200 (Tue, 11 Sep 2012)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 11:36:44 +0200 (Fri, 07 Jul 2017) $\");\n script_cve_id(\"CVE-2006-1516\", \"CVE-2006-1517\", \"CVE-2006-1518\");\n script_tag(name:\"cvss_base\", value:\"6.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:P/I:P/A:P\");\n script_version(\"$Revision: 6598 $\");\n name = \"Slackware Advisory SSA:2006-129-02 mysql \";\n script_name(name);\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Slackware Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/slackware_linux\", \"ssh/login/slackpack\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-slack.inc\");\nvuln = 0;\nif(isslkpkgvuln(pkg:\"mysql\", ver:\"4.1.19-i486-1\", rls:\"SLK10.2\")) {\n vuln = 1;\n}\n\nif(vuln) {\n security_message(0);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 6.5, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-02T21:10:24", "description": "The remote host is missing an update to the system\nas announced in the referenced advisory.", "cvss3": {}, "published": "2008-09-04T00:00:00", "type": "openvas", "title": "FreeBSD Ports: mysql-server", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2006-1517", "CVE-2006-1518", "CVE-2006-1516"], "modified": "2016-09-26T00:00:00", "id": "OPENVAS:56850", "href": "http://plugins.openvas.org/nasl.php?oid=56850", "sourceData": "#\n#VID 4913886c-e875-11da-b9f4-00123ffe8333\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from vuxml or freebsd advisories\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The following package is affected: mysql-server\n\nCVE-2006-1516\nThe check_connection function in sql_parse.cc in MySQL 4.0.x up to\n4.0.26, 4.1.x up to 4.1.18, and 5.0.x up to 5.0.20 allows remote\nattackers to read portions of memory via a username without a trailing\nnull byte, which causes a buffer over-read.\n\nCVE-2006-1517\nsql_parse.cc in MySQL 4.0.x up to 4.0.26, 4.1.x up to 4.1.18, and\n5.0.x up to 5.0.20 allows remote attackers to obtain sensitive\ninformation via a COM_TABLE_DUMP request with an incorrect packet\nlength, which includes portions of memory in an error message.\n\nCVE-2006-1518\nBuffer overflow in the open_table function in sql_base.cc in MySQL\n5.0.x up to 5.0.20 might allow remote attackers to execute arbitrary\ncode via crafted COM_TABLE_DUMP packets with invalid length values.\";\ntag_solution = \"Update your system with the appropriate patches or\nsoftware upgrades.\n\nhttp://www.wisec.it/vulns.php?page=7\nhttp://www.wisec.it/vulns.php?page=8\nhttp://dev.mysql.com/doc/refman/4.1/en/news-4-0-27.html\nhttp://dev.mysql.com/doc/refman/4.1/en/news-4-1-19.html\nhttp://dev.mysql.com/doc/refman/5.1/en/news-5-1-10.html\nhttp://secunia.com/advisories/19929/\nhttp://www.vuxml.org/freebsd/a8d8713e-dc83-11da-a22b-000c6ec775d9.html\nhttp://www.vuxml.org/freebsd/4913886c-e875-11da-b9f4-00123ffe8333.html\";\ntag_summary = \"The remote host is missing an update to the system\nas announced in the referenced advisory.\";\n\n\nif(description)\n{\n script_id(56850);\n script_version(\"$Revision: 4144 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2016-09-26 07:28:56 +0200 (Mon, 26 Sep 2016) $\");\n script_tag(name:\"creation_date\", value:\"2008-09-04 20:41:11 +0200 (Thu, 04 Sep 2008)\");\n script_cve_id(\"CVE-2006-1516\", \"CVE-2006-1517\", \"CVE-2006-1518\");\n script_tag(name:\"cvss_base\", value:\"6.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:P/I:P/A:P\");\n script_name(\"FreeBSD Ports: mysql-server\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2006 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"FreeBSD Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/freebsdrel\", \"login/SSH/success\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-bsd.inc\");\n\ntxt = \"\";\nvuln = 0;\nbver = portver(pkg:\"mysql-server\");\nif(!isnull(bver) && revcomp(a:bver, b:\"4.0\")>0 && revcomp(a:bver, b:\"4.0.27\")<0) {\n txt += 'Package mysql-server version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nif(!isnull(bver) && revcomp(a:bver, b:\"4.1\")>0 && revcomp(a:bver, b:\"4.1.19\")<0) {\n txt += 'Package mysql-server version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nif(!isnull(bver) && revcomp(a:bver, b:\"5.1\")>0 && revcomp(a:bver, b:\"5.1.9\")<=0) {\n txt += 'Package mysql-server version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\n\nif(vuln) {\n security_message(data:string(txt));\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 6.5, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:39:06", "description": "The remote host is missing an update as announced\nvia advisory SSA:2006-129-02.", "cvss3": {}, "published": "2012-09-11T00:00:00", "type": "openvas", "title": "Slackware Advisory SSA:2006-129-02 mysql", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2006-1517", "CVE-2006-1518", "CVE-2006-1516"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:136141256231056730", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231056730", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: esoft_slk_ssa_2006_129_02.nasl 14202 2019-03-15 09:16:15Z cfischer $\n# Description: Auto-generated from the corresponding slackware advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.56730\");\n script_tag(name:\"creation_date\", value:\"2012-09-11 01:34:21 +0200 (Tue, 11 Sep 2012)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 10:16:15 +0100 (Fri, 15 Mar 2019) $\");\n script_cve_id(\"CVE-2006-1516\", \"CVE-2006-1517\", \"CVE-2006-1518\");\n script_tag(name:\"cvss_base\", value:\"6.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:P/I:P/A:P\");\n script_version(\"$Revision: 14202 $\");\n script_name(\"Slackware Advisory SSA:2006-129-02 mysql\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Slackware Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/slackware_linux\", \"ssh/login/slackpack\", re:\"ssh/login/release=SLK10\\.2\");\n\n script_xref(name:\"URL\", value:\"https://secure1.securityspace.com/smysecure/catid.html?in=SSA:2006-129-02\");\n\n script_tag(name:\"insight\", value:\"New mysql packages are available for Slackware 10.2 and -current to\nfix security issues. The MySQL package shipped with Slackware 10.2\nmay possibly leak sensitive information found in uninitialized\nmemory to authenticated users. The MySQL package previously in\nSlackware -current also suffered from these flaws, but an additional\noverflow could allow arbitrary code execution.\n\nSince the vulnerabilities require a valid login and/or access to the\ndatabase server, the risk is moderate. Slackware does not provide\nnetwork access to a MySQL database by default.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to the new package(s).\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update as announced\nvia advisory SSA:2006-129-02.\");\n\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-slack.inc\");\n\nreport = \"\";\nres = \"\";\n\nif((res = isslkpkgvuln(pkg:\"mysql\", ver:\"4.1.19-i486-1\", rls:\"SLK10.2\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2017-07-27T10:56:43", "description": "Check for the Version of mysql", "cvss3": {}, "published": "2009-03-06T00:00:00", "type": "openvas", "title": "RedHat Update for mysql RHSA-2008:0768-01", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2006-4031", "CVE-2007-2691", "CVE-2008-2079", "CVE-2006-3469"], "modified": "2017-07-12T00:00:00", "id": "OPENVAS:870033", "href": "http://plugins.openvas.org/nasl.php?oid=870033", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for mysql RHSA-2008:0768-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"MySQL is a multi-user, multi-threaded SQL database server. MySQL is a\n client/server implementation consisting of a server daemon (mysqld), and\n many different client programs and libraries.\n\n MySQL did not correctly check directories used as arguments for the DATA\n DIRECTORY and INDEX DIRECTORY directives. Using this flaw, an authenticated\n attacker could elevate their access privileges to tables created by other\n database users. Note: this attack does not work on existing tables. An\n attacker can only elevate their access to another user's tables as the\n tables are created. As well, the names of these created tables need to be\n predicted correctly for this attack to succeed. (CVE-2008-2079)\n \n MySQL did not require the "DROP" privilege for "RENAME TABLE" statements.\n An authenticated user could use this flaw to rename arbitrary tables.\n (CVE-2007-2691)\n \n MySQL allowed an authenticated user to access a table through a previously\n created MERGE table, even after the user's privileges were revoked from the\n original table, which might violate intended security policy. This is\n addressed by allowing the MERGE storage engine to be disabled, which can be\n done by running mysqld with the "--skip-merge" option. (CVE-2006-4031)\n \n A flaw in MySQL allowed an authenticated user to cause the MySQL daemon to\n crash via crafted SQL queries. This only caused a temporary denial of\n service, as the MySQL daemon is automatically restarted after the crash.\n (CVE-2006-3469)\n \n As well, these updated packages fix the following bugs:\n \n * in the previous mysql packages, if a column name was referenced more\n than once in an "ORDER BY" section of a query, a segmentation fault\n occurred.\n \n * when MySQL failed to start, the init script returned a successful (0)\n exit code. When using the Red Hat Cluster Suite, this may have caused\n cluster services to report a successful start, even when MySQL failed to\n start. In these updated packages, the init script returns the correct exit\n codes, which resolves this issue.\n \n * it was possible to use the mysqld_safe command to specify invalid port\n numbers (higher than 65536), causing invalid ports to be created, and, in\n some cases, a "port number definition: unsigned short" error. In these\n updated packages, when an invalid port number is specified, the default\n port number is used.\n \n * when setting "myisam_repair_threads > 1", any repair set the index\n cardi ... \n\n Description truncated, for more information please check the Reference URL\";\n\ntag_affected = \"mysql on Red Hat Enterprise Linux AS version 4,\n Red Hat Enterprise Linux ES version 4,\n Red Hat Enterprise Linux WS version 4\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/rhsa-announce/2008-July/msg00034.html\");\n script_id(870033);\n script_version(\"$Revision: 6683 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-12 11:41:57 +0200 (Wed, 12 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-03-06 07:30:35 +0100 (Fri, 06 Mar 2009)\");\n script_tag(name:\"cvss_base\", value:\"4.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:S/C:N/I:P/A:P\");\n script_xref(name: \"RHSA\", value: \"2008:0768-01\");\n script_cve_id(\"CVE-2006-3469\", \"CVE-2006-4031\", \"CVE-2007-2691\", \"CVE-2008-2079\");\n script_name( \"RedHat Update for mysql RHSA-2008:0768-01\");\n\n script_summary(\"Check for the Version of mysql\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"RHENT_4\")\n{\n\n if ((res = isrpmvuln(pkg:\"mysql\", rpm:\"mysql~4.1.22~2.el4\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mysql-bench\", rpm:\"mysql-bench~4.1.22~2.el4\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mysql-debuginfo\", rpm:\"mysql-debuginfo~4.1.22~2.el4\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mysql-devel\", rpm:\"mysql-devel~4.1.22~2.el4\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mysql-server\", rpm:\"mysql-server~4.1.22~2.el4\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 4.9, "vector": "AV:NETWORK/AC:MEDIUM/Au:SINGLE_INSTANCE/C:NONE/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-04-09T11:41:29", "description": "Check for the Version of mysql", "cvss3": {}, "published": "2009-03-06T00:00:00", "type": "openvas", "title": "RedHat Update for mysql RHSA-2008:0768-01", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2006-4031", "CVE-2007-2691", "CVE-2008-2079", "CVE-2006-3469"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:1361412562310870033", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310870033", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for mysql RHSA-2008:0768-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"MySQL is a multi-user, multi-threaded SQL database server. MySQL is a\n client/server implementation consisting of a server daemon (mysqld), and\n many different client programs and libraries.\n\n MySQL did not correctly check directories used as arguments for the DATA\n DIRECTORY and INDEX DIRECTORY directives. Using this flaw, an authenticated\n attacker could elevate their access privileges to tables created by other\n database users. Note: this attack does not work on existing tables. An\n attacker can only elevate their access to another user's tables as the\n tables are created. As well, the names of these created tables need to be\n predicted correctly for this attack to succeed. (CVE-2008-2079)\n \n MySQL did not require the "DROP" privilege for "RENAME TABLE" statements.\n An authenticated user could use this flaw to rename arbitrary tables.\n (CVE-2007-2691)\n \n MySQL allowed an authenticated user to access a table through a previously\n created MERGE table, even after the user's privileges were revoked from the\n original table, which might violate intended security policy. This is\n addressed by allowing the MERGE storage engine to be disabled, which can be\n done by running mysqld with the "--skip-merge" option. (CVE-2006-4031)\n \n A flaw in MySQL allowed an authenticated user to cause the MySQL daemon to\n crash via crafted SQL queries. This only caused a temporary denial of\n service, as the MySQL daemon is automatically restarted after the crash.\n (CVE-2006-3469)\n \n As well, these updated packages fix the following bugs:\n \n * in the previous mysql packages, if a column name was referenced more\n than once in an "ORDER BY" section of a query, a segmentation fault\n occurred.\n \n * when MySQL failed to start, the init script returned a successful (0)\n exit code. When using the Red Hat Cluster Suite, this may have caused\n cluster services to report a successful start, even when MySQL failed to\n start. In these updated packages, the init script returns the correct exit\n codes, which resolves this issue.\n \n * it was possible to use the mysqld_safe command to specify invalid port\n numbers (higher than 65536), causing invalid ports to be created, and, in\n some cases, a "port number definition: unsigned short" error. In these\n updated packages, when an invalid port number is specified, the default\n port number is used.\n \n * when setting "myisam_repair_threads > 1", any repair set the index\n cardi ... \n\n Description truncated, for more information please check the Reference URL\";\n\ntag_affected = \"mysql on Red Hat Enterprise Linux AS version 4,\n Red Hat Enterprise Linux ES version 4,\n Red Hat Enterprise Linux WS version 4\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/rhsa-announce/2008-July/msg00034.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.870033\");\n script_version(\"$Revision: 9370 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:53:14 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-03-06 07:30:35 +0100 (Fri, 06 Mar 2009)\");\n script_tag(name:\"cvss_base\", value:\"4.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:S/C:N/I:P/A:P\");\n script_xref(name: \"RHSA\", value: \"2008:0768-01\");\n script_cve_id(\"CVE-2006-3469\", \"CVE-2006-4031\", \"CVE-2007-2691\", \"CVE-2008-2079\");\n script_name( \"RedHat Update for mysql RHSA-2008:0768-01\");\n\n script_tag(name:\"summary\", value:\"Check for the Version of mysql\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"RHENT_4\")\n{\n\n if ((res = isrpmvuln(pkg:\"mysql\", rpm:\"mysql~4.1.22~2.el4\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mysql-bench\", rpm:\"mysql-bench~4.1.22~2.el4\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mysql-debuginfo\", rpm:\"mysql-debuginfo~4.1.22~2.el4\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mysql-devel\", rpm:\"mysql-devel~4.1.22~2.el4\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mysql-server\", rpm:\"mysql-server~4.1.22~2.el4\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 4.9, "vector": "AV:NETWORK/AC:MEDIUM/Au:SINGLE_INSTANCE/C:NONE/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-24T12:50:18", "description": "The remote host is missing an update to mysql-dfsg-4.1\nannounced via advisory DSA 1073-1.", "cvss3": {}, "published": "2008-01-17T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 1073-1 (mysql-dfsg-4.1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2006-1517", "CVE-2006-0903", "CVE-2006-1518", "CVE-2006-1516"], "modified": "2017-07-07T00:00:00", "id": "OPENVAS:56789", "href": "http://plugins.openvas.org/nasl.php?oid=56789", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_1073_1.nasl 6616 2017-07-07 12:10:49Z cfischer $\n# Description: Auto-generated from advisory DSA 1073-1\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largerly excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Several vulnerabilities have been discovered in MySQL, a popular SQL\ndatabase. The Common Vulnerabilities and Exposures Project identifies\nthe following problems:\n\nCVE-2006-0903\n\nImproper handling of SQL queries containing the NULL character\nallow local users to bypass logging mechanisms.\n\nCVE-2006-1516\n\nUsernames without a trailing null byte allow remote attackers to\nread portions of memory.\n\nCVE-2006-1517\n\nA request with an incorrect packet length allows remote attackers\nto obtain sensitive information.\n\nCVE-2006-1518\n\nSpecially crafted request packets with invalid length values allow\nthe execution of arbitrary code.\n\nThe following vulnerability matrix shows which version of MySQL in\nwhich distribution has this problem fixed:\n\nwoody sarge sid\nmysql 3.23.49-8.15 n/a n/a\nmysql-dfsg n/a 4.0.24-10sarge2 n/a\nmysql-dfsg-4.1 n/a 4.1.11a-4sarge3 n/a\nmysql-dfsg-5.0 n/a n/a 5.0.21-3\n\nWe recommend that you upgrade your mysql packages.\";\ntag_summary = \"The remote host is missing an update to mysql-dfsg-4.1\nannounced via advisory DSA 1073-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201073-1\";\n\nif(description)\n{\n script_id(56789);\n script_version(\"$Revision: 6616 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:10:49 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-01-17 23:09:45 +0100 (Thu, 17 Jan 2008)\");\n script_cve_id(\"CVE-2006-0903\", \"CVE-2006-1516\", \"CVE-2006-1517\", \"CVE-2006-1518\");\n script_bugtraq_id(16850,17780);\n script_tag(name:\"cvss_base\", value:\"6.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:P/I:P/A:P\");\n script_name(\"Debian Security Advisory DSA 1073-1 (mysql-dfsg-4.1)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2006 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"mysql-common-4.1\", ver:\"4.1.11a-4sarge3\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmysqlclient14\", ver:\"4.1.11a-4sarge3\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmysqlclient14-dev\", ver:\"4.1.11a-4sarge3\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mysql-client-4.1\", ver:\"4.1.11a-4sarge3\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mysql-server-4.1\", ver:\"4.1.11a-4sarge3\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 6.5, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-24T12:50:09", "description": "The remote host is missing an update to mysql-dfsg\nannounced via advisory DSA 1079-1.", "cvss3": {}, "published": "2008-01-17T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 1079-1 (mysql-dfsg)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2006-1517", "CVE-2006-0903", "CVE-2006-1518", "CVE-2006-1516"], "modified": "2017-07-07T00:00:00", "id": "OPENVAS:56833", "href": "http://plugins.openvas.org/nasl.php?oid=56833", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_1079_1.nasl 6616 2017-07-07 12:10:49Z cfischer $\n# Description: Auto-generated from advisory DSA 1079-1\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largerly excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Several vulnerabilities have been discovered in MySQL, a popular SQL\ndatabase. The Common Vulnerabilities and Exposures Project identifies\nthe following problems:\n\nCVE-2006-0903\n\nImproper handling of SQL queries containing the NULL character\nallow local users to bypass logging mechanisms.\n\nCVE-2006-1516\n\nUsernames without a trailing null byte allow remote attackers to\nread portions of memory.\n\nCVE-2006-1517\n\nA request with an incorrect packet length allows remote attackers\nto obtain sensitive information.\n\nCVE-2006-1518\n\nSpecially crafted request packets with invalid length values allow\nthe execution of arbitrary code.\n\nThe following vulnerability matrix shows which version of MySQL in\nwhich distribution has this problem fixed:\n\nwoody sarge sid\nmysql 3.23.49-8.15 n/a n/a\nmysql-dfsg n/a 4.0.24-10sarge2 n/a\nmysql-dfsg-4.1 n/a 4.1.11a-4sarge3 n/a\nmysql-dfsg-5.0 n/a n/a 5.0.21-3\n\nWe recommend that you upgrade your mysql packages.\";\ntag_summary = \"The remote host is missing an update to mysql-dfsg\nannounced via advisory DSA 1079-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201079-1\";\n\nif(description)\n{\n script_id(56833);\n script_version(\"$Revision: 6616 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:10:49 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-01-17 23:09:45 +0100 (Thu, 17 Jan 2008)\");\n script_cve_id(\"CVE-2006-0903\", \"CVE-2006-1516\", \"CVE-2006-1517\", \"CVE-2006-1518\");\n script_bugtraq_id(16850,17780);\n script_tag(name:\"cvss_base\", value:\"6.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:P/I:P/A:P\");\n script_name(\"Debian Security Advisory DSA 1079-1 (mysql-dfsg)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2006 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"mysql-common\", ver:\"4.0.24-10sarge2\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmysqlclient12\", ver:\"4.0.24-10sarge2\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmysqlclient12-dev\", ver:\"4.0.24-10sarge2\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mysql-client\", ver:\"4.0.24-10sarge2\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mysql-server\", ver:\"4.0.24-10sarge2\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 6.5, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-24T12:50:08", "description": "The remote host is missing an update to mysql\nannounced via advisory DSA 1071-1.", "cvss3": {}, "published": "2008-01-17T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 1071-1 (mysql)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2006-1517", "CVE-2006-0903", "CVE-2006-1518", "CVE-2006-1516"], "modified": "2017-07-07T00:00:00", "id": "OPENVAS:56788", "href": "http://plugins.openvas.org/nasl.php?oid=56788", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_1071_1.nasl 6616 2017-07-07 12:10:49Z cfischer $\n# Description: Auto-generated from advisory DSA 1071-1\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largerly excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Several vulnerabilities have been discovered in MySQL, a popular SQL\ndatabase. The Common Vulnerabilities and Exposures Project identifies\nthe following problems:\n\nCVE-2006-0903\n\nImproper handling of SQL queries containing the NULL character\nallow local users to bypass logging mechanisms.\n\nCVE-2006-1516\n\nUsernames without a trailing null byte allow remote attackers to\nread portions of memory.\n\nCVE-2006-1517\n\nA request with an incorrect packet length allows remote attackers\nto obtain sensitive information.\n\nCVE-2006-1518\n\nSpecially crafted request packets with invalid length values allow\nthe execution of arbitrary code.\n\nThe following vulnerability matrix shows which version of MySQL in\nwhich distribution has this problem fixed:\n\nwoody sarge sid\nmysql 3.23.49-8.15 n/a n/a\nmysql-dfsg n/a 4.0.24-10sarge2 n/a\nmysql-dfsg-4.1 n/a 4.1.11a-4sarge3 n/a\nmysql-dfsg-5.0 n/a n/a 5.0.21-3\n\nWe recommend that you upgrade your mysql packages.\";\ntag_summary = \"The remote host is missing an update to mysql\nannounced via advisory DSA 1071-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201071-1\";\n\nif(description)\n{\n script_id(56788);\n script_version(\"$Revision: 6616 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:10:49 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-01-17 23:09:45 +0100 (Thu, 17 Jan 2008)\");\n script_cve_id(\"CVE-2006-0903\", \"CVE-2006-1516\", \"CVE-2006-1517\", \"CVE-2006-1518\");\n script_bugtraq_id(16850,17780);\n script_tag(name:\"cvss_base\", value:\"6.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:P/I:P/A:P\");\n script_name(\"Debian Security Advisory DSA 1071-1 (mysql)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2006 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"mysql-common\", ver:\"3.23.49-8.15\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mysql-doc\", ver:\"3.23.49-8.5\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmysqlclient10\", ver:\"3.23.49-8.15\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmysqlclient10-dev\", ver:\"3.23.49-8.15\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mysql-client\", ver:\"3.23.49-8.15\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mysql-server\", ver:\"3.23.49-8.15\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 6.5, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-04-06T11:39:05", "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n mysql\n mysql-Max\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5014017 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/", "cvss3": {}, "published": "2009-10-10T00:00:00", "type": "openvas", "title": "SLES9: Security update for mysql", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2006-4031"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:136141256231065502", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231065502", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: sles9p5014017.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Security update for mysql\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n mysql\n mysql-Max\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5014017 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/\";\n\ntag_solution = \"Please install the updates provided by SuSE.\";\n \nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.65502\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-10 16:11:46 +0200 (Sat, 10 Oct 2009)\");\n script_cve_id(\"CVE-2006-4031\");\n script_tag(name:\"cvss_base\", value:\"2.1\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:P/I:N/A:N\");\n script_name(\"SLES9: Security update for mysql\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse_sles\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"mysql\", rpm:\"mysql~4.0.18~32.28\", rls:\"SLES9.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 2.1, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2017-07-26T08:55:49", "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n mysql\n mysql-Max\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5014017 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/", "cvss3": {}, "published": "2009-10-10T00:00:00", "type": "openvas", "title": "SLES9: Security update for mysql", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2006-4031"], "modified": "2017-07-11T00:00:00", "id": "OPENVAS:65502", "href": "http://plugins.openvas.org/nasl.php?oid=65502", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: sles9p5014017.nasl 6666 2017-07-11 13:13:36Z cfischer $\n# Description: Security update for mysql\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n mysql\n mysql-Max\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5014017 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/\";\n\ntag_solution = \"Please install the updates provided by SuSE.\";\n \nif(description)\n{\n script_id(65502);\n script_version(\"$Revision: 6666 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-11 15:13:36 +0200 (Tue, 11 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-10 16:11:46 +0200 (Sat, 10 Oct 2009)\");\n script_cve_id(\"CVE-2006-4031\");\n script_tag(name:\"cvss_base\", value:\"2.1\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:P/I:N/A:N\");\n script_name(\"SLES9: Security update for mysql\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse_sles\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"mysql\", rpm:\"mysql~4.0.18~32.28\", rls:\"SLES9.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 2.1, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2017-07-26T08:55:32", "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n tar\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5016710 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/", "cvss3": {}, "published": "2009-10-10T00:00:00", "type": "openvas", "title": "SLES9: Security update for tar", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2006-6097"], "modified": "2017-07-11T00:00:00", "id": "OPENVAS:65492", "href": "http://plugins.openvas.org/nasl.php?oid=65492", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: sles9p5016710.nasl 6666 2017-07-11 13:13:36Z cfischer $\n# Description: Security update for tar\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n tar\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5016710 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/\";\n\ntag_solution = \"Please install the updates provided by SuSE.\";\n \nif(description)\n{\n script_id(65492);\n script_version(\"$Revision: 6666 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-11 15:13:36 +0200 (Tue, 11 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-10 16:11:46 +0200 (Sat, 10 Oct 2009)\");\n script_cve_id(\"CVE-2006-6097\");\n script_tag(name:\"cvss_base\", value:\"4.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:H/Au:N/C:N/I:P/A:P\");\n script_name(\"SLES9: Security update for tar\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse_sles\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"tar\", rpm:\"tar~1.13.25~325.8\", rls:\"SLES9.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 4.0, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-24T12:50:19", "description": "The remote host is missing updates announced in\nadvisory GLSA 200612-10.", "cvss3": {}, "published": "2008-09-24T00:00:00", "type": "openvas", "title": "Gentoo Security Advisory GLSA 200612-10 (tar)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2006-6097"], "modified": "2017-07-07T00:00:00", "id": "OPENVAS:57949", "href": "http://plugins.openvas.org/nasl.php?oid=57949", "sourceData": "# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from Gentoo's XML based advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Tar is vulnerable to directory traversal possibly allowing for the\noverwriting of arbitrary files.\";\ntag_solution = \"All Tar users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=app-arch/tar-1.16-r2'\n\nhttp://www.securityspace.com/smysecure/catid.html?in=GLSA%20200612-10\nhttp://bugs.gentoo.org/show_bug.cgi?id=155901\";\ntag_summary = \"The remote host is missing updates announced in\nadvisory GLSA 200612-10.\";\n\n \n\nif(description)\n{\n script_id(57949);\n script_version(\"$Revision: 6596 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 11:21:37 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-09-24 21:14:03 +0200 (Wed, 24 Sep 2008)\");\n script_cve_id(\"CVE-2006-6097\");\n script_tag(name:\"cvss_base\", value:\"4.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:H/Au:N/C:N/I:P/A:P\");\n script_name(\"Gentoo Security Advisory GLSA 200612-10 (tar)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Gentoo Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-gentoo.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = ispkgvuln(pkg:\"app-arch/tar\", unaffected: make_list(\"ge 1.16-r2\"), vulnerable: make_list(\"lt 1.16-r2\"))) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 4.0, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-02T21:10:10", "description": "The remote host is missing an update to the system\nas announced in the referenced advisory.", "cvss3": {}, "published": "2008-09-04T00:00:00", "type": "openvas", "title": "FreeBSD Ports: gtar", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2006-6097"], "modified": "2016-09-20T00:00:00", "id": "OPENVAS:57678", "href": "http://plugins.openvas.org/nasl.php?oid=57678", "sourceData": "#\n#VID 3dd7eb58-80ae-11db-b4ec-000854d03344\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from vuxml or freebsd advisories\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The following package is affected: gtar\";\ntag_solution = \"Update your system with the appropriate patches or\nsoftware upgrades.\n\nhttp://archives.neohapsis.com/archives/fulldisclosure/2006-11/0344.html\nhttp://www.vuxml.org/freebsd/3dd7eb58-80ae-11db-b4ec-000854d03344.html\";\ntag_summary = \"The remote host is missing an update to the system\nas announced in the referenced advisory.\";\n\n\nif(description)\n{\n script_id(57678);\n script_version(\"$Revision: 4118 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2016-09-20 07:32:38 +0200 (Tue, 20 Sep 2016) $\");\n script_tag(name:\"creation_date\", value:\"2008-09-04 20:41:11 +0200 (Thu, 04 Sep 2008)\");\n script_cve_id(\"CVE-2006-6097\");\n script_bugtraq_id(21235);\n script_tag(name:\"cvss_base\", value:\"4.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:H/Au:N/C:N/I:P/A:P\");\n script_name(\"FreeBSD Ports: gtar\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2006 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"FreeBSD Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/freebsdrel\", \"login/SSH/success\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-bsd.inc\");\n\ntxt = \"\";\nvuln = 0;\nbver = portver(pkg:\"gtar\");\nif(!isnull(bver) && revcomp(a:bver, b:\"1.16_2\")<0) {\n txt += 'Package gtar version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\n\nif(vuln) {\n security_message(data:string(txt));\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 4.0, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:38:49", "description": "The remote host is missing an update as announced\nvia advisory SSA:2006-211-01.", "cvss3": {}, "published": "2012-09-11T00:00:00", "type": "openvas", "title": "Slackware Advisory SSA:2006-211-01 mysql", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2006-3469"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:136141256231057167", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231057167", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: esoft_slk_ssa_2006_211_01.nasl 14202 2019-03-15 09:16:15Z cfischer $\n# Description: Auto-generated from the corresponding slackware advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.57167\");\n script_tag(name:\"creation_date\", value:\"2012-09-11 01:34:21 +0200 (Tue, 11 Sep 2012)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 10:16:15 +0100 (Fri, 15 Mar 2019) $\");\n script_cve_id(\"CVE-2006-3469\");\n script_tag(name:\"cvss_base\", value:\"4.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:N/I:N/A:P\");\n script_version(\"$Revision: 14202 $\");\n script_name(\"Slackware Advisory SSA:2006-211-01 mysql\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Slackware Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/slackware_linux\", \"ssh/login/slackpack\", re:\"ssh/login/release=SLK10\\.2\");\n\n script_xref(name:\"URL\", value:\"https://secure1.securityspace.com/smysecure/catid.html?in=SSA:2006-211-01\");\n script_xref(name:\"URL\", value:\"http://dev.mysql.com/doc/refman/4.1/en/news-4-1-21.html\");\n\n script_tag(name:\"insight\", value:\"New mysql packages are available for Slackware 10.2 to fix security\nissues (and other bugs). For complete details about the many fixes\naddressed by this release, you can find MySQL's news article about\nthe MySQL 4.1.21 Community Edition release in the references.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to the new package(s).\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update as announced\nvia advisory SSA:2006-211-01.\");\n\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-slack.inc\");\n\nreport = \"\";\nres = \"\";\n\nif((res = isslkpkgvuln(pkg:\"mysql\", ver:\"4.1.21-i486-1_slack10.2\", rls:\"SLK10.2\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P"}}, {"lastseen": "2018-04-06T11:38:14", "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n tar\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5016710 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/", "cvss3": {}, "published": "2009-10-10T00:00:00", "type": "openvas", "title": "SLES9: Security update for tar", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2006-6097"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:136141256231065492", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231065492", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: sles9p5016710.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Security update for tar\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n tar\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5016710 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/\";\n\ntag_solution = \"Please install the updates provided by SuSE.\";\n \nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.65492\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-10 16:11:46 +0200 (Sat, 10 Oct 2009)\");\n script_cve_id(\"CVE-2006-6097\");\n script_tag(name:\"cvss_base\", value:\"4.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:H/Au:N/C:N/I:P/A:P\");\n script_name(\"SLES9: Security update for tar\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse_sles\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"tar\", rpm:\"tar~1.13.25~325.8\", rls:\"SLES9.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 4.0, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-24T12:50:42", "description": "The remote host is missing an update as announced\nvia advisory SSA:2006-335-01.", "cvss3": {}, "published": "2012-09-11T00:00:00", "type": "openvas", "title": "Slackware Advisory SSA:2006-335-01 tar", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2006-6097"], "modified": "2017-07-07T00:00:00", "id": "OPENVAS:57704", "href": "http://plugins.openvas.org/nasl.php?oid=57704", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: esoft_slk_ssa_2006_335_01.nasl 6598 2017-07-07 09:36:44Z cfischer $\n# Description: Auto-generated from the corresponding slackware advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"New tar packages are available for Slackware 8.1, 9.0, 9.1, 10.0, 10.1,\n10.2, and 11.0 to fix a security issue.\";\ntag_summary = \"The remote host is missing an update as announced\nvia advisory SSA:2006-335-01.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=SSA:2006-335-01\";\n \nif(description)\n{\n script_id(57704);\n script_tag(name:\"creation_date\", value:\"2012-09-11 01:34:21 +0200 (Tue, 11 Sep 2012)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 11:36:44 +0200 (Fri, 07 Jul 2017) $\");\n script_cve_id(\"CVE-2006-6097\");\n script_tag(name:\"cvss_base\", value:\"4.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:H/Au:N/C:N/I:P/A:P\");\n script_version(\"$Revision: 6598 $\");\n name = \"Slackware Advisory SSA:2006-335-01 tar \";\n script_name(name);\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Slackware Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/slackware_linux\", \"ssh/login/slackpack\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-slack.inc\");\nvuln = 0;\nif(isslkpkgvuln(pkg:\"tar\", ver:\"1.16-i386-1_slack8.1\", rls:\"SLK8.1\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"tar\", ver:\"1.16-i386-1_slack9.0\", rls:\"SLK9.0\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"tar\", ver:\"1.16-i486-1_slack9.1\", rls:\"SLK9.1\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"tar\", ver:\"1.16-i486-1_slack10.0\", rls:\"SLK10.0\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"tar\", ver:\"1.16-i486-1_slack10.1\", rls:\"SLK10.1\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"tar\", ver:\"1.16-i486-1_slack10.2\", rls:\"SLK10.2\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"tar\", ver:\"1.16-i486-1_slack11.0\", rls:\"SLK11.0\")) {\n vuln = 1;\n}\n\nif(vuln) {\n security_message(0);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 4.0, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-12-08T11:44:20", "description": "The remote host is missing an update to the system\nas announced in the referenced advisory FreeBSD-SA-06:26.gtar.asc", "cvss3": {}, "published": "2008-09-04T00:00:00", "type": "openvas", "title": "FreeBSD Security Advisory (FreeBSD-SA-06:26.gtar.asc)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2006-6097"], "modified": "2017-12-07T00:00:00", "id": "OPENVAS:57680", "href": "http://plugins.openvas.org/nasl.php?oid=57680", "sourceData": "#\n#ADV FreeBSD-SA-06:26.gtar.asc\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from vuxml or freebsd advisories\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n#\n\ntag_insight = \"GNU tar (gtar) is a utility to create and extract tape archives,\ncommonly known as tar files. GNU tar is included in FreeBSD 4.x as\n/usr/bin/tar, and in FreeBSD 5.x as /usr/bin/gtar.\n\nSymlinks created using the GNUTYPE_NAMES tar extension can be\nabsolute due to lack of proper sanity checks.\";\ntag_solution = \"Upgrade your system to the appropriate stable release\nor security branch dated after the correction date\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=FreeBSD-SA-06:26.gtar.asc\";\ntag_summary = \"The remote host is missing an update to the system\nas announced in the referenced advisory FreeBSD-SA-06:26.gtar.asc\";\n\n \nif(description)\n{\n script_id(57680);\n script_version(\"$Revision: 8023 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-07 09:36:26 +0100 (Thu, 07 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-09-04 20:41:11 +0200 (Thu, 04 Sep 2008)\");\n script_cve_id(\"CVE-2006-6097\");\n script_tag(name:\"cvss_base\", value:\"4.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:H/Au:N/C:N/I:P/A:P\");\n name = \"FreeBSD Security Advisory (FreeBSD-SA-06:26.gtar.asc)\";\n script_name(name);\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2006 E-Soft Inc. http://www.securityspace.com\");\n family = \"FreeBSD Local Security Checks\";\n script_family(family);\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/freebsdpatchlevel\", \"login/SSH/success\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-bsd.inc\");\nvuln = 0;\nif(patchlevelcmp(rel:\"5.5\", patchlevel:\"9\")<0) {\n vuln = 1;\n}\nif(patchlevelcmp(rel:\"4.11\", patchlevel:\"26\")<0) {\n vuln = 1;\n}\n\nif(vuln) {\n security_message(0);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 4.0, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-24T12:49:45", "description": "The remote host is missing an update to tar\nannounced via advisory DSA 1223-1.\n\nTeemu Salmela discovered a vulnerability in GNU tar that could allow a\nmalicious user to overwrite arbitrary files by inducing the victim to\nattempt to extract a specially crafted tar file containing a\nGNUTYPE_NAMES record with a symbolic link.", "cvss3": {}, "published": "2008-01-17T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 1223-1 (tar)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2006-6097"], "modified": "2017-07-07T00:00:00", "id": "OPENVAS:57685", "href": "http://plugins.openvas.org/nasl.php?oid=57685", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_1223_1.nasl 6616 2017-07-07 12:10:49Z cfischer $\n# Description: Auto-generated from advisory DSA 1223-1\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largerly excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_solution = \"For the stable distribution (sarge), this problem has been fixed in\nversion 1.14-2.3\n\nFor the unstable distribution (sid) and the forthcoming stable release\n(etch), this problem will be fixed in version 1.16-2.\n\nWe recommend that you upgrade your tar package.\n\n https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201223-1\";\ntag_summary = \"The remote host is missing an update to tar\nannounced via advisory DSA 1223-1.\n\nTeemu Salmela discovered a vulnerability in GNU tar that could allow a\nmalicious user to overwrite arbitrary files by inducing the victim to\nattempt to extract a specially crafted tar file containing a\nGNUTYPE_NAMES record with a symbolic link.\";\n\n\nif(description)\n{\n script_id(57685);\n script_version(\"$Revision: 6616 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:10:49 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-01-17 23:17:11 +0100 (Thu, 17 Jan 2008)\");\n script_cve_id(\"CVE-2006-6097\");\n script_bugtraq_id(21235);\n script_tag(name:\"cvss_base\", value:\"4.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:H/Au:N/C:N/I:P/A:P\");\n script_name(\"Debian Security Advisory DSA 1223-1 (tar)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2006 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"tar\", ver:\"1.14-2.3\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 4.0, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-24T12:49:55", "description": "The remote host is missing updates announced in\nadvisory GLSA 200608-09.", "cvss3": {}, "published": "2008-09-24T00:00:00", "type": "openvas", "title": "Gentoo Security Advisory GLSA 200608-09 (mysql)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2006-3469"], "modified": "2017-07-07T00:00:00", "id": "OPENVAS:57859", "href": "http://plugins.openvas.org/nasl.php?oid=57859", "sourceData": "# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from Gentoo's XML based advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"An authenticated user can crash MySQL through invalid parameters to the\ndate_format function.\";\ntag_solution = \"All MySQL users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --verbose --oneshot '>=dev-db/mysql-4.1.21'\n\nhttp://www.securityspace.com/smysecure/catid.html?in=GLSA%20200608-09\nhttp://bugs.gentoo.org/show_bug.cgi?id=142429\";\ntag_summary = \"The remote host is missing updates announced in\nadvisory GLSA 200608-09.\";\n\n \n\nif(description)\n{\n script_id(57859);\n script_version(\"$Revision: 6596 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 11:21:37 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-09-24 21:14:03 +0200 (Wed, 24 Sep 2008)\");\n script_cve_id(\"CVE-2006-3469\");\n script_tag(name:\"cvss_base\", value:\"4.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:N/I:N/A:P\");\n script_name(\"Gentoo Security Advisory GLSA 200608-09 (mysql)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Gentoo Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-gentoo.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = ispkgvuln(pkg:\"dev-db/mysql\", unaffected: make_list(\"ge 4.1.21\", \"lt 4.1.0\"), vulnerable: make_list(\"lt 4.1.21\"))) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 4.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-07-02T21:10:16", "description": "The remote host is missing an update to the system\nas announced in the referenced advisory.", "cvss3": {}, "published": "2008-09-04T00:00:00", "type": "openvas", "title": "FreeBSD Ports: mysql-server", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2006-3469"], "modified": "2016-09-26T00:00:00", "id": "OPENVAS:57257", "href": "http://plugins.openvas.org/nasl.php?oid=57257", "sourceData": "#\n#VID fcb90eb0-2ace-11db-a6e2-000e0c2e438a\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from vuxml or freebsd advisories\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The following package is affected: mysql-server\n\nCVE-2006-3469\n** RESERVED **\nThis candidate has been reserved by an organization or individual that\nwill use it when announcing a new security problem. When the\ncandidate has been publicized, the details for this candidate will be\nprovided.\";\ntag_solution = \"Update your system with the appropriate patches or\nsoftware upgrades.\n\nhttp://bugs.mysql.com/bug.php?id=20729\nhttp://www.vuxml.org/freebsd/fcb90eb0-2ace-11db-a6e2-000e0c2e438a.html\";\ntag_summary = \"The remote host is missing an update to the system\nas announced in the referenced advisory.\";\n\n\nif(description)\n{\n script_id(57257);\n script_version(\"$Revision: 4144 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2016-09-26 07:28:56 +0200 (Mon, 26 Sep 2016) $\");\n script_tag(name:\"creation_date\", value:\"2008-09-04 20:41:11 +0200 (Thu, 04 Sep 2008)\");\n script_cve_id(\"CVE-2006-3469\");\n script_bugtraq_id(19032);\n script_tag(name:\"cvss_base\", value:\"4.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:N/I:N/A:P\");\n script_name(\"FreeBSD Ports: mysql-server\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2006 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"FreeBSD Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/freebsdrel\", \"login/SSH/success\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-bsd.inc\");\n\ntxt = \"\";\nvuln = 0;\nbver = portver(pkg:\"mysql-server\");\nif(!isnull(bver) && revcomp(a:bver, b:\"5.1\")>=0 && revcomp(a:bver, b:\"5.1.6\")<0) {\n txt += 'Package mysql-server version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nif(!isnull(bver) && revcomp(a:bver, b:\"5.0\")>=0 && revcomp(a:bver, b:\"5.0.19\")<0) {\n txt += 'Package mysql-server version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nif(!isnull(bver) && revcomp(a:bver, b:\"4.1\")>=0 && revcomp(a:bver, b:\"4.1.18\")<0) {\n txt += 'Package mysql-server version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\n\nif(vuln) {\n security_message(data:string(txt));\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 4.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-07-24T12:50:00", "description": "The remote host is missing an update to sudo\nannounced via advisory DSA 870-1.\n\nTavis Ormandy noticed that sudo, a program that provides limited super\nuser privileges to specific users, does not clean the environment\nsufficiently. The SHELLOPTS and PS4 variables are dangerous and are\nstill passed through to the program running as privileged user. This\ncan result in the execution of arbitrary commands as privileged user\nwhen a bash script is executed. These vulnerabilities can only be\nexploited by users who have been granted limited super user\nprivileges.\n\nFor the old stable distribution (woody) this problem has been fixed in\nversion 1.6.6-1.4.", "cvss3": {}, "published": "2008-01-17T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 870-1 (sudo)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2005-2959"], "modified": "2017-07-07T00:00:00", "id": "OPENVAS:55745", "href": "http://plugins.openvas.org/nasl.php?oid=55745", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_870_1.nasl 6616 2017-07-07 12:10:49Z cfischer $\n# Description: Auto-generated from advisory DSA 870-1\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largerly excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_solution = \"For the stable distribution (sarge) this problem has been fixed in\nversion 1.6.8p7-1.2.\n\nFor the unstable distribution (sid) this problem has been fixed in\nversion 1.6.8p9-3.\n\nWe recommend that you upgrade your sudo package.\n\n https://secure1.securityspace.com/smysecure/catid.html?in=DSA%20870-1\";\ntag_summary = \"The remote host is missing an update to sudo\nannounced via advisory DSA 870-1.\n\nTavis Ormandy noticed that sudo, a program that provides limited super\nuser privileges to specific users, does not clean the environment\nsufficiently. The SHELLOPTS and PS4 variables are dangerous and are\nstill passed through to the program running as privileged user. This\ncan result in the execution of arbitrary commands as privileged user\nwhen a bash script is executed. These vulnerabilities can only be\nexploited by users who have been granted limited super user\nprivileges.\n\nFor the old stable distribution (woody) this problem has been fixed in\nversion 1.6.6-1.4.\";\n\n\nif(description)\n{\n script_id(55745);\n script_version(\"$Revision: 6616 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:10:49 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-01-17 23:03:37 +0100 (Thu, 17 Jan 2008)\");\n script_bugtraq_id(15191);\n script_cve_id(\"CVE-2005-2959\");\n script_tag(name:\"cvss_base\", value:\"4.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Debian Security Advisory DSA 870-1 (sudo)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"sudo\", ver:\"1.6.6-1.4\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"sudo\", ver:\"1.6.8p7-1.2\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 4.6, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-02T21:10:19", "description": "The remote host is missing an update to the system\nas announced in the referenced advisory.", "cvss3": {}, "published": "2008-09-04T00:00:00", "type": "openvas", "title": "FreeBSD Ports: sudo", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2005-2959"], "modified": "2016-09-30T00:00:00", "id": "OPENVAS:56264", "href": "http://plugins.openvas.org/nasl.php?oid=56264", "sourceData": "#\n#VID 1b725079-9ef6-11da-b410-000e0c2e438a\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from vuxml or freebsd advisories\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The following package is affected: sudo\n\nCVE-2005-2959\nIncomplete blacklist vulnerability in sudo 1.6.8 and earlier allows\nlocal users to gain privileges via the (1) SHELLOPTS and (2) PS4\nenvironment variables before executing a bash script on behalf of\nanother user, which are not cleared even though other variables are.\";\ntag_solution = \"Update your system with the appropriate patches or\nsoftware upgrades.\n\nhttp://www.courtesan.com/sudo/alerts/bash_env.html\nhttp://www.vuxml.org/freebsd/1b725079-9ef6-11da-b410-000e0c2e438a.html\";\ntag_summary = \"The remote host is missing an update to the system\nas announced in the referenced advisory.\";\n\n\nif(description)\n{\n script_id(56264);\n script_version(\"$Revision: 4188 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2016-09-30 07:56:47 +0200 (Fri, 30 Sep 2016) $\");\n script_tag(name:\"creation_date\", value:\"2008-09-04 20:41:11 +0200 (Thu, 04 Sep 2008)\");\n script_cve_id(\"CVE-2005-2959\");\n script_bugtraq_id(15191);\n script_tag(name:\"cvss_base\", value:\"4.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"FreeBSD Ports: sudo\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2006 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"FreeBSD Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/freebsdrel\", \"login/SSH/success\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-bsd.inc\");\n\ntxt = \"\";\nvuln = 0;\nbver = portver(pkg:\"sudo\");\nif(!isnull(bver) && revcomp(a:bver, b:\"1.6.8.10\")<0) {\n txt += 'Package sudo version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\n\nif(vuln) {\n security_message(data:string(txt));\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 4.6, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-24T12:50:35", "description": "The remote host is missing an update as announced\nvia advisory SSA:2006-211-01.", "cvss3": {}, "published": "2012-09-11T00:00:00", "type": "openvas", "title": "Slackware Advisory SSA:2006-211-01 mysql", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2006-3469"], "modified": "2017-07-07T00:00:00", "id": "OPENVAS:57167", "href": "http://plugins.openvas.org/nasl.php?oid=57167", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: esoft_slk_ssa_2006_211_01.nasl 6598 2017-07-07 09:36:44Z cfischer $\n# Description: Auto-generated from the corresponding slackware advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"New mysql packages are available for Slackware 10.2 to fix security\nissues (and other bugs). For complete details about the many fixes\naddressed by this release, you can find MySQL's news article about\nthe MySQL 4.1.21 Community Edition release here:\n\nhttp://dev.mysql.com/doc/refman/4.1/en/news-4-1-21.html\";\ntag_summary = \"The remote host is missing an update as announced\nvia advisory SSA:2006-211-01.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=SSA:2006-211-01\";\n \nif(description)\n{\n script_id(57167);\n script_tag(name:\"creation_date\", value:\"2012-09-11 01:34:21 +0200 (Tue, 11 Sep 2012)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 11:36:44 +0200 (Fri, 07 Jul 2017) $\");\n script_cve_id(\"CVE-2006-3469\");\n script_tag(name:\"cvss_base\", value:\"4.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:N/I:N/A:P\");\n script_version(\"$Revision: 6598 $\");\n name = \"Slackware Advisory SSA:2006-211-01 mysql \";\n script_name(name);\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Slackware Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/slackware_linux\", \"ssh/login/slackpack\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-slack.inc\");\nvuln = 0;\nif(isslkpkgvuln(pkg:\"mysql\", ver:\"4.1.21-i486-1_slack10.2\", rls:\"SLK10.2\")) {\n vuln = 1;\n}\n\nif(vuln) {\n security_message(0);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 4.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-07-02T21:10:09", "description": "The remote host is missing an update to the system\nas announced in the referenced advisory.", "cvss3": {}, "published": "2008-09-04T00:00:00", "type": "openvas", "title": "FreeBSD Ports: mysql-server", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2006-4226"], "modified": "2016-09-26T00:00:00", "id": "OPENVAS:57527", "href": "http://plugins.openvas.org/nasl.php?oid=57527", "sourceData": "#\n#VID a0e92718-6603-11db-ab90-000e35fd8194\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from vuxml or freebsd advisories\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The following package is affected: mysql-server\";\ntag_solution = \"Update your system with the appropriate patches or\nsoftware upgrades.\n\nhttp://bugs.mysql.com/bug.php?id=17647\nhttp://www.vuxml.org/freebsd/a0e92718-6603-11db-ab90-000e35fd8194.html\";\ntag_summary = \"The remote host is missing an update to the system\nas announced in the referenced advisory.\";\n\n\nif(description)\n{\n script_id(57527);\n script_version(\"$Revision: 4144 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2016-09-26 07:28:56 +0200 (Mon, 26 Sep 2016) $\");\n script_tag(name:\"creation_date\", value:\"2008-09-04 20:41:11 +0200 (Thu, 04 Sep 2008)\");\n script_cve_id(\"CVE-2006-4226\");\n script_bugtraq_id(19559);\n script_tag(name:\"cvss_base\", value:\"3.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:H/Au:S/C:P/I:P/A:N\");\n script_name(\"FreeBSD Ports: mysql-server\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2006 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"FreeBSD Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/freebsdrel\", \"login/SSH/success\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-bsd.inc\");\n\ntxt = \"\";\nvuln = 0;\nbver = portver(pkg:\"mysql-server\");\nif(!isnull(bver) && revcomp(a:bver, b:\"5.1\")>=0 && revcomp(a:bver, b:\"5.1.12\")<0) {\n txt += 'Package mysql-server version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nif(!isnull(bver) && revcomp(a:bver, b:\"5.0\")>=0 && revcomp(a:bver, b:\"5.0.25\")<0) {\n txt += 'Package mysql-server version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nif(!isnull(bver) && revcomp(a:bver, b:\"4.1.21\")<0) {\n txt += 'Package mysql-server version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\n\nif(vuln) {\n security_message(data:string(txt));\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 3.6, "vector": "AV:NETWORK/AC:HIGH/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:NONE/"}}, {"lastseen": "2019-05-29T18:39:13", "description": "The remote host is missing an update as announced\nvia advisory SSA:2006-335-01.", "cvss3": {}, "published": "2012-09-11T00:00:00", "type": "openvas", "title": "Slackware Advisory SSA:2006-335-01 tar", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2006-6097"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:136141256231057704", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231057704", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: esoft_slk_ssa_2006_335_01.nasl 14202 2019-03-15 09:16:15Z cfischer $\n# Description: Auto-generated from the corresponding slackware advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.57704\");\n script_tag(name:\"creation_date\", value:\"2012-09-11 01:34:21 +0200 (Tue, 11 Sep 2012)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 10:16:15 +0100 (Fri, 15 Mar 2019) $\");\n script_cve_id(\"CVE-2006-6097\");\n script_tag(name:\"cvss_base\", value:\"4.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:H/Au:N/C:N/I:P/A:P\");\n script_version(\"$Revision: 14202 $\");\n script_name(\"Slackware Advisory SSA:2006-335-01 tar\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Slackware Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/slackware_linux\", \"ssh/login/slackpack\", re:\"ssh/login/release=SLK(8\\.1|9\\.0|9\\.1|10\\.0|10\\.1|10\\.2|11\\.0)\");\n\n script_xref(name:\"URL\", value:\"https://secure1.securityspace.com/smysecure/catid.html?in=SSA:2006-335-01\");\n\n script_tag(name:\"insight\", value:\"New tar packages are available for Slackware 8.1, 9.0, 9.1, 10.0, 10.1,\n10.2, and 11.0 to fix a security issue.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to the new package(s).\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update as announced\nvia advisory SSA:2006-335-01.\");\n\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-slack.inc\");\n\nreport = \"\";\nres = \"\";\n\nif((res = isslkpkgvuln(pkg:\"tar\", ver:\"1.16-i386-1_slack8.1\", rls:\"SLK8.1\")) != NULL) {\n report += res;\n}\nif((res = isslkpkgvuln(pkg:\"tar\", ver:\"1.16-i386-1_slack9.0\", rls:\"SLK9.0\")) != NULL) {\n report += res;\n}\nif((res = isslkpkgvuln(pkg:\"tar\", ver:\"1.16-i486-1_slack9.1\", rls:\"SLK9.1\")) != NULL) {\n report += res;\n}\nif((res = isslkpkgvuln(pkg:\"tar\", ver:\"1.16-i486-1_slack10.0\", rls:\"SLK10.0\")) != NULL) {\n report += res;\n}\nif((res = isslkpkgvuln(pkg:\"tar\", ver:\"1.16-i486-1_slack10.1\", rls:\"SLK10.1\")) != NULL) {\n report += res;\n}\nif((res = isslkpkgvuln(pkg:\"tar\", ver:\"1.16-i486-1_slack10.2\", rls:\"SLK10.2\")) != NULL) {\n report += res;\n}\nif((res = isslkpkgvuln(pkg:\"tar\", ver:\"1.16-i486-1_slack11.0\", rls:\"SLK11.0\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}", "cvss": {"score": 4.0, "vector": "AV:N/AC:H/Au:N/C:N/I:P/A:P"}}], "slackware": [{"lastseen": "2023-09-24T10:44:49", "description": "New openssh packages are available for Slackware 8.1, 9.0, 9.1, 10.0, 10.1,\n10.2, and -current to fix security issues.\n\nMore details about these issues may be found in the Common\nVulnerabilities and Exposures (CVE) database:\n\n https://vulners.com/cve/CVE-2006-4924\n https://vulners.com/cve/CVE-2006-5051\n https://vulners.com/cve/CVE-2006-5052\n\n\nHere are the details from the Slackware 10.2 ChangeLog:\n\npatches/packages/openssh-4.4p1-i486-1_slack10.2.tgz:\n Upgraded to openssh-4.4p1.\n This fixes a few security related issues. From the release notes found at\n http://www.openssh.com/txt/release-4.4:\n * Fix a pre-authentication denial of service found by Tavis Ormandy,\n that would cause sshd(8) to spin until the login grace time\n expired.\n * Fix an unsafe signal hander reported by Mark Dowd. The signal\n handler was vulnerable to a race condition that could be exploited\n to perform a pre-authentication denial of service. On portable\n OpenSSH, this vulnerability could theoretically lead to\n pre-authentication remote code execution if GSSAPI authentication\n is enabled, but the likelihood of successful exploitation appears\n remote.\n * On portable OpenSSH, fix a GSSAPI authentication abort that could\n be used to determine the validity of usernames on some platforms.\n Links to the CVE entries will be found here:\n https://vulners.com/cve/CVE-2006-4924\n https://vulners.com/cve/CVE-2006-5051\n https://vulners.com/cve/CVE-2006-5052\n After this upgrade, make sure the permissions on /etc/rc.d/rc.sshd are set\n the way you want them. Future upgrades will respect the existing permissions\n settings. Thanks to Manuel Reimer for pointing out that upgrading openssh\n would enable a previously disabled sshd daemon.\n Do better checking of passwd, shadow, and group to avoid adding\n redundant entries to these files. Thanks to Menno Duursma.\n (* Security fix *)\n\nWhere to find the new packages:\n\nHINT: Getting slow download speeds from ftp.slackware.com?\nGive slackware.osuosl.org a try. This is another primary FTP site\nfor Slackware that can be considerably faster than downloading\nfrom ftp.slackware.com.\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating additional FTP and rsync hosting\nto the Slackware project! :-)\n\nAlso see the \"Get Slack\" section on http://slackware.com for\nadditional mirror sites near you.\n\nUpdated package for Slackware 8.1:\nftp://ftp.slackware.com/pub/slackware/slackware-8.1/patches/packages/openssh-4.4p1-i386-1_slack8.1.tgz\n\nUpdated package for Slackware 9.0:\nftp://ftp.slackware.com/pub/slackware/slackware-9.0/patches/packages/openssh-4.4p1-i386-1_slack9.0.tgz\n\nUpdated package for Slackware 9.1:\nftp://ftp.slackware.com/pub/slackware/slackware-9.1/patches/packages/openssh-4.4p1-i486-1_slack9.1.tgz\n\nUpdated package for Slackware 10.0:\nftp://ftp.slackware.com/pub/slackware/slackware-10.0/patches/packages/openssh-4.4p1-i486-1_slack10.0.tgz\n\nUpdated package for Slackware 10.1:\nftp://ftp.slackware.com/pub/slackware/slackware-10.1/patches/packages/openssh-4.4p1-i486-1_slack10.1.tgz\n\nUpdated package for Slackware 10.2:\nftp://ftp.slackware.com/pub/slackware/slackware-10.2/patches/packages/openssh-4.4p1-i486-1_slack10.2.tgz\n\nUpdated package for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/openssh-4.4p1-i486-1.tgz\n\n\n\nMD5 signatures:\n\nSlackware 8.1 package:\n0a42fb286fd722f019dfc5f167d69ced openssh-4.4p1-i386-1_slack8.1.tgz\n\nSlackware 9.0 package:\n92563664845d902251d7b19254b3dda1 openssh-4.4p1-i386-1_slack9.0.tgz\n\nSlackware 9.1 package:\n5814a00eefa0b1e1fe7673862525788e openssh-4.4p1-i486-1_slack9.1.tgz\n\nSlackware 10.0 package:\n24ce8b2013b8759a173e5ccd7db54289 openssh-4.4p1-i486-1_slack10.0.tgz\n\nSlackware 10.1 package:\ne7950e6a357871092514ce07051f055e openssh-4.4p1-i486-1_slack10.1.tgz\n\nSlackware 10.2 package:\nb8d2d67276a662de40d6adf9bfe00bce openssh-4.4p1-i486-1_slack10.2.tgz\n\nSlackware -current package:\n6f2c30b503db9685180af6f4a87eadcc openssh-4.4p1-i486-1.tgz\n\n\nInstallation instructions:\n\nUpgrade the package as root:\n > upgradepkg openssh-4.4p1-i486-1_slack10.2.tgz\n\nIf you are running an sshd daemon, restart it:\n\nsh /etc/rc.d/rc.sshd restart", "cvss3": {}, "published": "2006-09-29T07:57:38", "type": "slackware", "title": "[slackware-security] openssh", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": true, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2006-4924", "CVE-2006-5051", "CVE-2006-5052"], "modified": "2006-09-29T07:57:38", "id": "SSA-2006-272-02", "href": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.592566", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-09-27T10:47:10", "description": "New mysql packages are available for Slackware 9.1, 10.0, 10.1,\n10.2 and -current to fix security issues.\n\n\nThe MySQL packages shipped with Slackware 9.1, 10.0, and 10.1\nmay possibly leak sensitive information found in uninitialized\nmemory to authenticated users. This is fixed in the new packages,\nand was already patched in Slackware 10.2 and -current.\nSince the vulnerabilities require a valid login and/or access to the\ndatabase server, the risk is moderate. Slackware does not provide\nnetwork access to a MySQL database by default.\n\nMore details about the issues may be found in the Common\nVulnerabilities and Exposures (CVE) database.\nFixes that affect Slackware 9.1, 10.0, and 10.1:\n https://vulners.com/cve/CVE-2006-1516\n https://vulners.com/cve/CVE-2006-1517\n\n\nThe MySQL packages in Slackware 10.2 and -current have been\nupgraded to MySQL 4.1.20 (Slackware 10.2) and MySQL 5.0.22\n(Slackware -current) to fix an SQL injection vulnerability.\n\nFor more details, see the MySQL 4.1.20 release announcement here:\n http://lists.mysql.com/announce/364\nAnd the MySQL 5.0.22 release announcement here:\n http://lists.mysql.com/announce/365\nThe CVE entry for this issue can be found here:\n https://vulners.com/cve/CVE-2006-2753\n\n\nHere are the details from the Slackware 10.1 ChangeLog:\n\npatches/packages/mysql-4.0.27-i486-1_slack10.1.tgz:\n Upgraded to mysql-4.0.27.\n This fixes some minor security issues with possible information leakage.\n Note that the information leakage bugs require that the attacker have\n access to an account on the database. Also note that by default,\n Slackware's rc.mysqld script does *not* allow access to the database\n through the outside network (it uses the --skip-networking option).\n If you've enabled network access to MySQL, it is a good idea to filter\n the port (3306) to prevent access from unauthorized machines.\n For more details, see the MySQL 4.0.27 release announcement here:\n http://lists.mysql.com/announce/359\n For more information, see:\n https://vulners.com/cve/CVE-2006-1516\n https://vulners.com/cve/CVE-2006-1517\n (* Security fix *)\n\nHere are the details from the Slackware 10.2 ChangeLog:\n\npatches/packages/mysql-4.1.20-i486-1_slack10.2.tgz:\n Upgraded to mysql-4.1.20. This fixes an SQL injection vulnerability.\n For more details, see the MySQL 4.1.20 release announcement here:\n http://lists.mysql.com/announce/364\n The CVE entry for this issue will be found here:\n https://vulners.com/cve/CVE-2006-2753\n\nWhere to find the new packages:\n\nHINT: Getting slow download speeds from ftp.slackware.com?\nGive slackware.osuosl.org a try. This is another primary FTP site\nfor Slackware that can be considerably faster than downloading\nfrom ftp.slackware.com.\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating additional FTP and rsync hosting\nto the Slackware project! :-)\n\nAlso see the \"Get Slack\" section on http://slackware.com for\nadditional mirror sites near you.\n\nUpdated package for Slackware 9.1:\nftp://ftp.slackware.com/pub/slackware/slackware-9.1/patches/packages/mysql-4.0.27-i486-1_slack9.1.tgz\n\nUpdated package for Slackware 10.0:\nftp://ftp.slackware.com/pub/slackware/slackware-10.0/patches/packages/mysql-4.0.27-i486-1_slack10.0.tgz\n\nUpdated package for Slackware 10.1:\nftp://ftp.slackware.com/pub/slackware/slackware-10.1/patches/packages/mysql-4.0.27-i486-1_slack10.1.tgz\n\nUpdated package for Slackware 10.2:\nftp://ftp.slackware.com/pub/slackware/slackware-10.2/patches/packages/mysql-4.1.20-i486-1_slack10.2.tgz\n\nUpdated package for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/ap/mysql-5.0.22-i486-1.tgz\n\n\nMD5 signatures:\n\nSlackware 9.1 package:\neea73f16715c07de52701b67f037e7ab mysql-4.0.27-i486-1_slack9.1.tgz\n\nSlackware 10.0 package:\n6afab2cdd09adf4b4f822db6c74b167e mysql-4.0.27-i486-1_slack10.0.tgz\n\nSlackware 10.1 package:\ncbe2044d3b75606de6f3796d607e7c0a mysql-4.0.27-i486-1_slack10.1.tgz\n\nSlackware 10.2 package:\n249bc3f4610cbedf8b0a6fc64c28c53f mysql-4.1.20-i486-1_slack10.2.tgz\n\nSlackware -current package:\naf1829c54b901bc01fcd269f27580b21 mysql-5.0.22-i486-1.tgz\n\n\nInstallation instructions:\n\nUpgrade the package as root:\n > upgradepkg mysql-4.1.20-i486-1_slack10.2.tgz\n\nThen, restart the database server:\n > sh /etc/rc.d/rc.mysqld restart", "cvss3": {}, "published": "2006-06-05T08:12:48", "type": "slackware", "title": "[slackware-security] mysql", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": true, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2006-1516", "CVE-2006-1517", "CVE-2006-2753"], "modified": "2006-06-05T08:12:48", "id": "SSA-2006-155-01", "href": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.599377", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-09-27T04:54:52", "description": "New mysql packages are available for Slackware 10.2 and -current to\nfix security issues. The MySQL package shipped with Slackware 10.2\nmay possibly leak sensitive information found in uninitialized\nmemory to authenticated users. The MySQL package previously in\nSlackware -current also suffered from these flaws, but an additional\noverflow could allow arbitrary code execution.\n\nSince the vulnerabilities require a valid login and/or access to the\ndatabase server, the risk is moderate. Slackware does not provide\nnetwork access to a MySQL database by default.\n\n\nMore details about the issues may be found in the Common\nVulnerabilities and Exposures (CVE) database.\nIssues that affect both Slackware 10.2 and -current:\n https://vulners.com/cve/CVE-2006-1516\n https://vulners.com/cve/CVE-2006-1517\n\nAn issue affecting only Slackware -current:\n https://vulners.com/cve/CVE-2006-1518\n\n\nHere are the details from the Slackware 10.2 ChangeLog:\n\npatches/packages/mysql-4.1.19-i486-1.tgz:\n Upgraded to mysql-4.1.19.\n This fixes some minor security issues with possible information leakage.\n Note that the information leakage bugs require that the attacker have\n access to an account on the database. Also note that by default,\n Slackware's rc.mysqld script does *not* allow access to the database\n through the outside network (it uses the --skip-networking option).\n If you've enabled network access to MySQL, it is a good idea to filter\n the port (3306) to prevent access from unauthorized machines.\n For more information, see:\n https://vulners.com/cve/CVE-2006-1516\n https://vulners.com/cve/CVE-2006-1517\n (* Security fix *)\n\nHere are the details from the Slackware -current ChangeLog:\n\nap/mysql-5.0.21-i486-1.tgz: Upgraded to mysql-5.0.21.\n This fixes some security issues, including possible information leakage, and\n execution of arbitrary code. Note that the information leakage bugs require\n that the attacker have access to an account on the database. Also note that\n by default, Slackware's rc.mysqld script does *not* allow access to the\n database through the outside network (it uses the --skip-networking option).\n If you've enabled network access to MySQL, it is a good idea to filter the\n port (3306) to prevent access from unauthorized machines.\n For more information, see:\n https://vulners.com/cve/CVE-2006-1516\n https://vulners.com/cve/CVE-2006-1517\n https://vulners.com/cve/CVE-2006-1518\n (* Security fix *)\n\nWhere to find the new packages:\n\nUpdated package for Slackware 10.2:\nftp://ftp.slackware.com/pub/slackware/slackware-10.2/patches/packages/mysql-4.1.19-i486-1.tgz\n\nUpdated package for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/ap/mysql-5.0.21-i486-1.tgz\n\n\nMD5 signatures:\n\nSlackware 10.2 package:\nc229e19d782404da119be46355a170d2 mysql-4.1.19-i486-1.tgz\n\nSlackware -current package:\n51008b23954c0d82c2670290476d0249 mysql-5.0.21-i486-1.tgz\n\n\nInstallation instructions:\n\nUpgrade the package as root:\n > upgradepkg mysql-4.1.19-i486-1.tgz\n\nThen, restart the database server:\n > sh /etc/rc.d/rc.mysqld restart", "cvss3": {}, "published": "2006-05-09T22:19:51", "type": "slackware", "title": "[slackware-security] mysql", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.5, "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "obtainUserPrivilege": true}, "cvelist": ["CVE-2006-1516", "CVE-2006-1517", "CVE-2006-1518"], "modified": "2006-05-09T22:19:51", "id": "SSA-2006-129-02", "href": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.507293", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2023-09-24T01:26:40", "description": "New mysql packages are available for Slackware 10.2 to fix security\nissues (and other bugs). For complete details about the many fixes\naddressed by this release, you can find MySQL's news article about\nthe MySQL 4.1.21 Community Edition release here:\n\n http://dev.mysql.com/doc/refman/4.1/en/news-4-1-21.html\n\nMore details about this issue may be found in the Common\nVulnerabilities and Exposures (CVE) database:\n\n https://vulners.com/cve/CVE-2006-3469\n\n\nHere are the details from the Slackware 10.2 ChangeLog:\n\npatches/packages/mysql-4.1.21-i486-1_slack10.2.tgz:\n Upgraded to mysql-4.1.21.\n This is a bugfix and security release.\n For more details, see MySQL's news page about MySQL 4.1.21:\n http://dev.mysql.com/doc/refman/4.1/en/news-4-1-21.html\n The CVE entry may be found here:\n https://vulners.com/cve/CVE-2006-3469\n Thanks to Nino Petkov for pointing out this MySQL release to me. :-)\n (* Security fix *)\n\nWhere to find the new packages:\n\nHINT: Getting slow download speeds from ftp.slackware.com?\nGive slackware.osuosl.org a try. This is another primary FTP site\nfor Slackware that can be considerably faster than downloading\nfrom ftp.slackware.com.\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating additional FTP and rsync hosting\nto the Slackware project! :-)\n\nAlso see the \"Get Slack\" section on http://slackware.com for\nadditional mirror sites near you.\n\nUpdated package for Slackware 10.2:\nftp://ftp.slackware.com/pub/slackware/slackware-10.2/patches/packages/mysql-4.1.21-i486-1_slack10.2.tgz\n\n\nMD5 signatures:\n\nSlackware 10.2 package:\n36f6f7f158bf00953e5a0bd29737bc7c mysql-4.1.21-i486-1_slack10.2.tgz\n\n\nInstallation instructions:\n\nUpgrade the package as root:\n > upgradepkg mysql-4.1.21-i486-1_slack10.2.tgz\n\nThen, restart the database server:\n > sh /etc/rc.d/rc.mysqld restart", "cvss3": {}, "published": "2006-07-31T03:23:42", "type": "slackware", "title": "[slackware-security] mysql", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.0, "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2006-3469"], "modified": "2006-07-31T03:23:42", "id": "SSA-2006-211-01", "href": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.387994", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P"}}], "suse": [{"lastseen": "2016-09-04T11:40:17", "description": "Several security problems were fixed in OpenSSH 4.4 and the bug fixes were back ported to the openssh versions in our products.\n#### Solution\nThere is no known workaround, please install the update packages.", "cvss3": {}, "published": "2006-10-20T14:30:36", "type": "suse", "title": "remote denial of service in openssh", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2006-5052", "CVE-2006-4925", "CVE-2006-5051", "CVE-2006-4924"], "modified": "2006-10-20T14:30:36", "id": "SUSE-SA:2006:062", "href": "http://lists.opensuse.org/opensuse-security-announce/2006-10/msg00011.html", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2021-06-08T18:43:26", "description": "The database server MySQL was updated to fix the following security problems:\n#### Solution\nThere is no known workaround, please install the update packages.", "cvss3": {}, "published": "2006-06-23T08:26:58", "type": "suse", "title": "remote code execution in mysql", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2006-1517", "CVE-2006-1518", "CVE-2006-1516"], "modified": "2006-06-23T08:26:58", "id": "SUSE-SA:2006:036", "href": "http://lists.opensuse.org/opensuse-security-announce/2006-06/msg00023.html", "cvss": {"score": 6.5, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "centos": [{"lastseen": "2023-08-23T17:28:37", "description": "**CentOS Errata and Security Advisory** CESA-2006:0698-01\n\n\nOpenSSH is OpenBSD's SSH (Secure SHell) protocol implementation. This\r\npackage includes the core files necessary for both the OpenSSH client and\r\nserver.\r\n\r\nMark Dowd discovered a signal handler race condition in the OpenSSH sshd\r\nserver. A remote attacker could possibly leverage this flaw to cause a\r\ndenial of service (crash). (CVE-2006-5051) The OpenSSH project believes the\r\nlikelihood of successful exploitation leading to arbitrary code execution\r\nappears remote. However, the Red Hat Security Response Team have not yet\r\nbeen able to verify this claim due to lack of upstream vulnerability\r\ninformation. We are therefore including a fix for this flaw and have rated\r\nit important security severity in the event our continued investigation\r\nfinds this issue to be exploitable.\r\n\r\nTavis Ormandy of the Google Security Team discovered a denial of service\r\nbug in the OpenSSH sshd server. A remote attacker can send a specially\r\ncrafted SSH-1 request to the server causing sshd to consume a large\r\nquantity of CPU resources. (CVE-2006-4924)\r\n\r\nAn arbitrary command execution flaw was discovered in the way scp copies\r\nfiles locally. It is possible for a local attacker to create a file with a\r\ncarefully crafted name that could execute arbitrary commands as the user\r\nrunning scp to copy files locally. (CVE-2006-0225)\r\n\r\nThe SSH daemon, when restricting host access by numeric IP addresses and\r\nwith VerifyReverseMapping disabled, allows remote attackers to bypass\r\n\"from=\" and \"user@host\" address restrictions by connecting to a host from a\r\nsystem whose reverse DNS hostname contains the numeric IP address.\r\n(CVE-2003-0386)\r\n\r\nAll users of openssh should upgrade to these updated packages, which\r\ncontain backported patches that resolve these issues.\n\n**Merged security bulletin from advisories:**\nhttps://lists.centos.org/pipermail/centos-announce/2006-October/062785.html\n\n**Affected packages:**\nopenssh\nopenssh-askpass\nopenssh-askpass-gnome\nopenssh-clients\nopenssh-server\n\n", "cvss3": {}, "published": "2006-10-02T01:42:56", "type": "centos", "title": "openssh security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": true, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2003-0386", "CVE-2006-0225", "CVE-2006-4924", "CVE-2006-5051"], "modified": "2006-10-02T01:42:56", "id": "CESA-2006:0698-01", "href": "https://lists.centos.org/pipermail/centos-announce/2006-October/062785.html", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-08-23T17:56:46", "description": "**CentOS Errata and Security Advisory** CESA-2006:0544\n\n\nMySQL is a multi-user, multi-threaded SQL database server. MySQL is a\r\nclient/server implementation consisting of a server daemon (mysqld) and\r\nmany different client programs and libraries.\r\n\r\nA flaw was found in the way the MySQL mysql_real_escape() function escaped\r\nstrings when operating in a multibyte character encoding. An attacker\r\ncould provide an application a carefully crafted string containing\r\ninvalidly-encoded characters which may be improperly escaped, leading to\r\nthe injection of malicious SQL commands. (CVE-2006-2753)\r\n\r\nAn information disclosure flaw was found in the way the MySQL server\r\nprocessed malformed usernames. An attacker could view a small portion\r\nof server memory by supplying an anonymous login username which was not\r\nnull terminated. (CVE-2006-1516)\r\n\r\nAn information disclosure flaw was found in the way the MySQL server\r\nexecuted the COM_TABLE_DUMP command. An authenticated malicious user could\r\nsend a specially crafted packet to the MySQL server which returned\r\nrandom unallocated memory. (CVE-2006-1517)\r\n\r\nA log file obfuscation flaw was found in the way the mysql_real_query()\r\nfunction creates log file entries. An attacker with the the ability to call\r\nthe mysql_real_query() function against a mysql server can obfuscate the\r\nentry the server will write to the log file. However, an attacker needed\r\nto have complete control over a server in order to attempt this attack.\r\n(CVE-2006-0903)\r\n\r\nThis update also fixes numerous non-security-related flaws, such as\r\nintermittent authentication failures.\r\n\r\nAll users of mysql are advised to upgrade to these updated packages\r\ncontaining MySQL version 4.1.20, which is not vulnerable to these issues.\n\n**Merged security bulletin from advisories:**\nhttps://lists.centos.org/pipermail/centos-announce/2006-June/062426.html\nhttps://lists.centos.org/pipermail/centos-announce/2006-June/062427.html\nhttps://lists.centos.org/pipermail/centos-announce/2006-June/062435.html\nhttps://lists.centos.org/pipermail/centos-announce/2006-June/062436.html\nhttps://lists.centos.org/pipermail/centos-announce/2006-June/062437.html\n\n**Affected packages:**\nmysql\nmysql-bench\nmysql-devel\nmysql-server\n\n**Upstream details at:**\nhttps://access.redhat.com/errata/RHSA-2006:0544", "cvss3": {}, "published": "2006-06-09T17:37:00", "type": "centos", "title": "mysql security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": true, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2006-0903", "CVE-2006-1516", "CVE-2006-1517", "CVE-2006-2753", "CVE-2006-3081", "CVE-2006-4380"], "modified": "2006-06-10T06:39:28", "id": "CESA-2006:0544", "href": "https://lists.centos.org/pipermail/centos-announce/2006-June/062426.html", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-08-23T17:42:33", "description": "**CentOS Errata and Security Advisory** CESA-2006:0697\n\n\nOpenSSH is OpenBSD's SSH (Secure SHell) protocol implementation. This\r\npackage includes the core files necessary for both the OpenSSH client and\r\nserver.\r\n\r\nMark Dowd discovered a signal handler race condition in the OpenSSH sshd\r\nserver. A remote attacker could possibly leverage this flaw to cause a\r\ndenial of service (crash). (CVE-2006-5051) The OpenSSH project believes the\r\nlikelihood of successful exploitation leading to arbitrary code execution\r\nappears remote. However, the Red Hat Security Response Team have not yet\r\nbeen able to verify this claim due to lack of upstream vulnerability\r\ninformation. We are therefore including a fix for this flaw and have rated\r\nit important security severity in the event our continued investigation\r\nfinds this issue to be exploitable.\r\n\r\nTavis Ormandy of the Google Security Team discovered a denial of service\r\nbug in the OpenSSH sshd server. A remote attacker can send a specially\r\ncrafted SSH-1 request to the server causing sshd to consume a large\r\nquantity of CPU resources. (CVE-2006-4924)\r\n\r\nAll users of openssh should upgrade to these updated packages, which\r\ncontain backported patches that resolves these issues.\n\n**Merged security bulletin from advisories:**\nhttps://lists.centos.org/pipermail/centos-announce/2006-September/062769.html\nhttps://lists.centos.org/pipermail/centos-announce/2006-September/062770.html\nhttps://lists.centos.org/pipermail/centos-announce/2006-September/062771.html\nhttps://lists.centos.org/pipermail/centos-announce/2006-September/062775.html\nhttps://lists.centos.org/pipermail/centos-announce/2006-September/062776.html\nhttps://lists.centos.org/pipermail/centos-announce/2006-September/062777.html\nhttps://lists.centos.org/pipermail/centos-announce/2006-September/062779.html\nhttps://lists.centos.org/pipermail/centos-announce/2006-September/062780.html\nhttps://lists.centos.org/pipermail/centos-announce/2006-September/062783.html\n\n**Affected packages:**\nopenssh\nopenssh-askpass\nopenssh-askpass-gnome\nopenssh-clients\nopenssh-server\nopenssl\nopenssl-devel\nopenssl-perl\nopenssl096b\n\n**Upstream details at:**\nhttps://access.redhat.com/errata/RHSA-2006:0697", "cvss3": {}, "published": "2006-09-29T03:31:38", "type": "centos", "title": "openssh, openssl, openssl096b security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": true, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2006-4924", "CVE-2006-5051"], "modified": "2006-09-29T17:04:01", "id": "CESA-2006:0697", "href": "https://lists.centos.org/pipermail/centos-announce/2006-September/062769.html", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-08-23T17:19:49", "description": "**CentOS Errata and Security Advisory** CESA-2006:0749\n\n\nThe GNU tar program saves many files together in one archive and can\r\nrestore individual files (or all of the files) from that archive. \r\n\r\nTeemu Salmela discovered a path traversal flaw in the way GNU tar extracted\r\narchives. A malicious user could create a tar archive that could write to\r\narbitrary files to which the user running GNU tar has write access.\r\n(CVE-2006-6097)\r\n\r\nUsers of tar should upgrade to this updated package, which contains a\r\nreplacement backported patch to correct this issue.\n\n**Merged security bulletin from advisories:**\nhttps://lists.centos.org/pipermail/centos-announce/2006-December/062908.html\nhttps://lists.centos.org/pipermail/centos-announce/2006-December/062909.html\nhttps://lists.centos.org/pipermail/centos-announce/2006-December/062912.html\nhttps://lists.centos.org/pipermail/centos-announce/2006-December/062913.html\nhttps://lists.centos.org/pipermail/centos-announce/2006-December/062914.html\nhttps://lists.centos.org/pipermail/centos-announce/2006-December/062915.html\nhttps://lists.centos.org/pipermail/centos-announce/2006-December/062918.html\nhttps://lists.centos.org/pipermail/centos-announce/2006-December/062919.html\n\n**Affected packages:**\ntar\n\n**Upstream details at:**\nhttps://access.redhat.com/errata/RHSA-2006:0749", "cvss3": {}, "published": "2006-12-20T15:42:51", "type": "centos", "title": "tar security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.0, "vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2006-6097"], "modified": "2006-12-23T11:16:19", "id": "CESA-2006:0749", "href": "https://lists.centos.org/pipermail/centos-announce/2006-December/062908.html", "cvss": {"score": 4.0, "vector": "AV:N/AC:H/Au:N/C:N/I:P/A:P"}}, {"lastseen": "2023-08-23T17:18:55", "description": "**CentOS Errata and Security Advisory** CESA-2006:0749-01\n\n\nThe GNU tar program saves many files together in one archive and can\r\nrestore individual files (or all of the files) from that archive. \r\n\r\nTeemu Salmela discovered a path traversal flaw in the way GNU tar extracted\r\narchives. A malicious user could create a tar archive that could write to\r\narbitrary files to which the user running GNU tar has write access.\r\n(CVE-2006-6097)\r\n\r\nUsers of tar should upgrade to this updated package, which contains a\r\nreplacement backported patch to correct this issue.\n\n**Merged security bulletin from advisories:**\nhttps://lists.centos.org/pipermail/centos-announce/2006-December/062906.html\n\n**Affected packages:**\ntar\n\n", "cvss3": {}, "published": "2006-12-20T03:41:54", "type": "centos", "title": "tar security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.0, "vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2006-6097"], "modified": "2006-12-20T03:41:54", "id": "CESA-2006:0749-01", "href": "https://lists.centos.org/pipermail/centos-announce/2006-December/062906.html", "cvss": {"score": 4.0, "vector": "AV:N/AC:H/Au:N/C:N/I:P/A:P"}}], "redhat": [{"lastseen": "2021-10-21T04:43:26", "description": "MySQL is a multi-user, multi-threaded SQL database server. MySQL is a\r\nclient/server implementation consisting of a server daemon (mysqld) and\r\nmany different client programs and libraries.\r\n\r\nA flaw was found in the way the MySQL mysql_real_escape() function escaped\r\nstrings when operating in a multibyte character encoding. An attacker\r\ncould provide an application a carefully crafted string containing\r\ninvalidly-encoded characters which may be improperly escaped, leading to\r\nthe injection of malicious SQL commands. (CVE-2006-2753)\r\n\r\nAn information disclosure flaw was found in the way the MySQL server\r\nprocessed malformed usernames. An attacker could view a small portion\r\nof server memory by supplying an anonymous login username which was not\r\nnull terminated. (CVE-2006-1516)\r\n\r\nAn information disclosure flaw was found in the way the MySQL server\r\nexecuted the COM_TABLE_DUMP command. An authenticated malicious user could\r\nsend a specially crafted packet to the MySQL server which returned\r\nrandom unallocated memory. (CVE-2006-1517)\r\n\r\nA log file obfuscation flaw was found in the way the mysql_real_query()\r\nfunction creates log file entries. An attacker with the the ability to call\r\nthe mysql_real_query() function against a mysql server can obfuscate the\r\nentry the server will write to the log file. However, an attacker needed\r\nto have complete control over a server in order to attempt this attack.\r\n(CVE-2006-0903)\r\n\r\nThis update also fixes numerous non-security-related flaws, such as\r\nintermittent authentication failures.\r\n\r\nAll users of mysql are advised to upgrade to these updated packages\r\ncontaining MySQL version 4.1.20, which is not vulnerable to these issues.", "cvss3": {}, "published": "2006-06-09T00:00:00", "type": "redhat", "title": "(RHSA-2006:0544) mysql security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": true, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2006-0903", "CVE-2006-1516", "CVE-2006-1517", "CVE-2006-2753", "CVE-2006-3081", "CVE-2006-4380"], "modified": "2017-09-08T07:51:30", "id": "RHSA-2006:0544", "href": "https://access.redhat.com/errata/RHSA-2006:0544", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-10-21T04:47:11", "description": "OpenSSH is OpenBSD's SSH (Secure SHell) protocol implementation. This\r\npackage includes the core files necessary for both the OpenSSH client and\r\nserver.\r\n\r\nMark Dowd discovered a signal handler race condition in the OpenSSH sshd\r\nserver. A remote attacker could possibly leverage this flaw to cause a\r\ndenial of service (crash). (CVE-2006-5051) The OpenSSH project believes the\r\nlikelihood of successful exploitation leading to arbitrary code execution\r\nappears remote. However, the Red Hat Security Response Team have not yet\r\nbeen able to verify this claim due to lack of upstream vulnerability\r\ninformation. We are therefore including a fix for this flaw and have rated\r\nit important security severity in the event our continued investigation\r\nfinds this issue to be exploitable.\r\n\r\nTavis Ormandy of the Google Security Team discovered a denial of service\r\nbug in the OpenSSH sshd server. A remote attacker can send a specially\r\ncrafted SSH-1 request to the server causing sshd to consume a large\r\nquantity of CPU resources. (CVE-2006-4924)\r\n\r\nAn arbitrary command execution flaw was discovered in the way scp copies\r\nfiles locally. It is possible for a local attacker to create a file with a\r\ncarefully crafted name that could execute arbitrary commands as the user\r\nrunning scp to copy files locally. (CVE-2006-0225)\r\n\r\nThe SSH daemon, when restricting host access by numeric IP addresses and\r\nwith VerifyReverseMapping disabled, allows remote attackers to bypass\r\n\"from=\" and \"user@host\" address restrictions by connecting to a host from a\r\nsystem whose reverse DNS hostname contains the numeric IP address.\r\n(CVE-2003-0386)\r\n\r\nAll users of openssh should upgrade to these updated packages, which\r\ncontain backported patches that resolve these issues.", "cvss3": {}, "published": "2006-09-28T00:00:00", "type": "redhat", "title": "(RHSA-2006:0698) openssh security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": true, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2003-0386", "CVE-2006-0225", "CVE-2006-4924", "CVE-2006-5051"], "modified": "2018-03-14T15:26:44", "id": "RHSA-2006:0698", "href": "https://access.redhat.com/errata/RHSA-2006:0698", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-10-21T04:43:28", "description": "OpenSSH is OpenBSD's SSH (Secure SHell) protocol implementation. This\r\npackage includes the core files necessary for both the OpenSSH client and\r\nserver.\r\n\r\nMark Dowd discovered a signal handler race condition in the OpenSSH sshd\r\nserver. A remote attacker could possibly leverage this flaw to cause a\r\ndenial of service (crash). (CVE-2006-5051) The OpenSSH project believes the\r\nlikelihood of successful exploitation leading to arbitrary code execution\r\nappears remote. However, the Red Hat Security Response Team have not yet\r\nbeen able to verify this claim due to lack of upstream vulnerability\r\ninformation. We are therefore including a fix for this flaw and have rated\r\nit important security severity in the event our continued investigation\r\nfinds this issue to be exploitable.\r\n\r\nTavis Ormandy of the Google Security Team discovered a denial of service\r\nbug in the OpenSSH sshd server. A remote attacker can send a specially\r\ncrafted SSH-1 request to the server causing sshd to consume a large\r\nquantity of CPU resources. (CVE-2006-4924)\r\n\r\nAll users of openssh should upgrade to these updated packages, which\r\ncontain backported patches that resolves these issues.", "cvss3": {}, "published": "2006-09-28T00:00:00", "type": "redhat", "title": "(RHSA-2006:0697) openssh security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": true, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2006-4924", "CVE-2006-5051"], "modified": "2017-09-08T08:12:02", "id": "RHSA-2006:0697", "href": "https://access.redhat.com/errata/RHSA-2006:0697", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-10-19T20:36:26", "description": "Several minor security issues were found in MySQL:\r\n\r\nMySQL allowed remote authenticated users to create or access a database\r\nwhen the database name differed only in case from a database for which they\r\nhad permissions. (CVE-2006-4226)\r\n\r\nMySQL evaluated arguments in the wrong security context which allowed\r\nremote authenticated users to gain privileges through a routine that had\r\nbeen made available using GRANT EXECUTE. (CVE-2006-4227)\r\n\r\nMySQL allowed a local user to access a table through a previously created\r\nMERGE table, even after the user's privileges were revoked for the original\r\ntable, which might violate intended security policy. (CVE-2006-4031)\r\n\r\nMySQL allowed authenticated users to cause a denial of service (crash) via\r\na NULL second argument to the str_to_date function. (CVE-2006-3081)\r\n\r\nMySQL allowed local authenticated users to bypass logging mechanisms via\r\nSQL queries that contain the NULL character, which were not properly\r\nhandled by the mysql_real_query function. (CVE-2006-0903)\r\n\r\nUsers of MySQL should upgrade to these updated packages, which resolve\r\nthese issues.", "cvss3": {}, "published": "2007-02-19T00:00:00", "type": "redhat", "title": "(RHSA-2007:0083) Low: mysql security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": true, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.5, "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2006-0903", "CVE-2006-3081", "CVE-2006-4031", "CVE-2006-4226", "CVE-2006-4227"], "modified": "2019-03-22T19:44:42", "id": "RHSA-2007:0083", "href": "https://access.redhat.com/errata/RHSA-2007:0083", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2021-10-21T04:45:48", "description": "MySQL is a multi-user, multi-threaded SQL database server. MySQL is a\r\nclient/server implementation consisting of a server daemon (mysqld), and\r\nmany different client programs and libraries.\r\n\r\nMySQL did not correctly check directories used as arguments for the DATA\r\nDIRECTORY and INDEX DIRECTORY directives. Using this flaw, an authenticated\r\nattacker could elevate their access privileges to tables created by other\r\ndatabase users. Note: this attack does not work on existing tables. An\r\nattacker can only elevate their access to another user's tables as the\r\ntables are created. As well, the names of these created tables need to be\r\npredicted correctly for this attack to succeed. (CVE-2008-2079)\r\n\r\nMySQL did not require the \"DROP\" privilege for \"RENAME TABLE\" statements.\r\nAn authenticated user could use this flaw to rename arbitrary tables.\r\n(CVE-2007-2691)\r\n\r\nMySQL allowed an authenticated user to access a table through a previously\r\ncreated MERGE table, even after the user's privileges were revoked from the\r\noriginal table, which might violate intended security policy. This is\r\naddressed by allowing the MERGE storage engine to be disabled, which can be\r\ndone by running mysqld with the \"--skip-merge\" option. (CVE-2006-4031)\r\n\r\nA flaw in MySQL allowed an authenticated user to cause the MySQL daemon to\r\ncrash via crafted SQL queries. This only caused a temporary denial of\r\nservice, as the MySQL daemon is automatically restarted after the crash.\r\n(CVE-2006-3469)\r\n\r\nAs well, these updated packages fix the following bugs:\r\n\r\n* in the previous mysql packages, if a column name was referenced more\r\nthan once in an \"ORDER BY\" section of a query, a segmentation fault\r\noccurred.\r\n\r\n* when MySQL failed to start, the init script returned a successful (0)\r\nexit code. When using the Red Hat Cluster Suite, this may have caused\r\ncluster services to report a successful start, even when MySQL failed to\r\nstart. In these updated packages, the init script returns the correct exit\r\ncodes, which resolves this issue.\r\n\r\n* it was possible to use the mysqld_safe command to specify invalid port\r\nnumbers (higher than 65536), causing invalid ports to be created, and, in\r\nsome cases, a \"port number definition: unsigned short\" error. In these\r\nupdated packages, when an invalid port number is specified, the default\r\nport number is used.\r\n\r\n* when setting \"myisam_repair_threads > 1\", any repair set the index\r\ncardinality to \"1\", regardless of the table size.\r\n\r\n* the MySQL init script no longer runs \"chmod -R\" on the entire database\r\ndirectory tree during every startup.\r\n\r\n* when running \"mysqldump\" with the MySQL 4.0 compatibility mode option,\r\n\"--compatible=mysql40\", mysqldump created dumps that omitted the\r\n\"auto_increment\" field.\r\n\r\nAs well, the MySQL init script now uses more reliable methods for\r\ndetermining parameters, such as the data directory location.\r\n\r\nNote: these updated packages upgrade MySQL to version 4.1.22. For a full\r\nlist of bug fixes and enhancements, refer to the MySQL release notes:\r\nhttp://dev.mysql.com/doc/refman/4.1/en/news-4-1-22.html\r\n\r\nAll mysql users are advised to upgrade to these updated packages, which\r\nresolve these issues and add this enhancement.", "cvss3": {}, "published": "2008-07-24T00:00:00", "type": "redhat", "title": "(RHSA-2008:0768) Moderate: mysql security, bug fix, and enhancement update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.9, "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2006-3469", "CVE-2006-4031", "CVE-2007-2691", "CVE-2008-2079"], "modified": "2017-09-08T07:50:19", "id": "RHSA-2008:0768", "href": "https://access.redhat.com/errata/RHSA-2008:0768", "cvss": {"score": 4.9, "vector": "AV:N/AC:M/Au:S/C:N/I:P/A:P"}}, {"lastseen": "2021-10-19T20:39:16", "description": "The GNU tar program saves many files together in one archive and can\r\nrestore individual files (or all of the files) from that archive. \r\n\r\nTeemu Salmela discovered a path traversal flaw in the way GNU tar extracted\r\narchives. A malicious user could create a tar archive that could write to\r\narbitrary files to which the user running GNU tar has write access.\r\n(CVE-2006-6097)\r\n\r\nUsers of tar should upgrade to this updated package, which contains a\r\nreplacement backported patch to correct this issue.", "cvss3": {}, "published": "2006-12-19T00:00:00", "type": "redhat", "title": "(RHSA-2006:0749) Moderate: tar security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.0, "vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2006-6097"], "modified": "2019-03-22T19:43:08", "id": "RHSA-2006:0749", "href": "https://access.redhat.com/errata/RHSA-2006:0749", "cvss": {"score": 4.0, "vector": "AV:N/AC:H/Au:N/C:N/I:P/A:P"}}], "cve": [{"lastseen": "2023-09-28T15:45:59", "description": "Integer overflow in the ffs_mountfs function in Mac OS X 10.4.8 and FreeBSD 6.1 allows local users to cause a denial of service (panic) and possibly gain privileges via a crafted DMG image that causes \"allocation of a negative size buffer\" leading to a heap-based buffer overflow, a related issue to CVE-2006-5679. NOTE: a third party states that this issue does not cross privilege boundaries in FreeBSD because only root may mount a filesystem.", "cvss3": {}, "published": "2007-01-13T02:28:00", "type": "cve", "title": "CVE-2007-0229", "cwe": ["CWE-189"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": true, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2006-5679", "CVE-2007-0229"], "modified": "2017-07-29T01:30:00", "cpe": ["cpe:/o:freebsd:freebsd:6.1", "cpe:/o:apple:mac_os_x:10.4.8", "cpe:/o:apple:mac_os_x_server:10.4.8"], "id": "CVE-2007-0229", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-0229", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:o:apple:mac_os_x:10.4.8:*:*:*:*:*:*:*", "cpe:2.3:o:freebsd:freebsd:6.1:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.4.8:*:*:*:*:*:*:*"]}, {"lastseen": "2023-09-25T08:09:45", "description": "Integer overflow in the ffs_mountfs function in FreeBSD 6.1 allows local users to cause a denial of service (panic) and possibly execute arbitrary code via a crafted UFS filesystem that causes invalid or large size parameters to be provided to the kmem_alloc function. NOTE: a third party states that this issue does not cross privilege boundaries in FreeBSD because only root may mount a filesystem.", "cvss3": {}, "published": "2006-11-03T22:07:00", "type": "cve", "title": "CVE-2006-5679", "cwe": ["CWE-189"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2006-5679"], "modified": "2011-10-11T04:00:00", "cpe": ["cpe:/o:freebsd:freebsd:6.1"], "id": "CVE-2006-5679", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-5679", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:freebsd:freebsd:6.1:*:*:*:*:*:*:*"]}, {"lastseen": "2023-09-24T08:02:18", "description": "Multiple cross-site scripting (XSS) vulnerabilities in David Czarnecki Blojsom 2.31 allow remote attackers to inject arbitrary web script or HTML via the (1) blog-category-description, (2) blog-entry-title, (3) rss-enclosure-url, (4) technorati-tagsi, or (5) blog-category-name parameter in a blog post.", "cvss3": {}, "published": "2006-09-15T22:07:00", "type": "cve", "title": "CVE-2006-4829", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": true, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2006-4829"], "modified": "2018-10-17T21:39:00", "cpe": ["cpe:/a:blojsom:blojsom:2.31"], "id": "CVE-2006-4829", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-4829", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:blojsom:blojsom:2.31:*:*:*:*:*:*:*"]}, {"lastseen": "2023-09-25T11:36:25", "description": "Buffer overflow in the shared_region_make_private_np function in vm/vm_unix.c in Mac OS X 10.4.6 and earlier allows local users to execute arbitrary code via (1) a small range count, which causes insufficient memory allocation, or (2) a large number of ranges in the shared_region_make_private_np_args parameter.", "cvss3": {}, "published": "2006-11-30T16:28:00", "type": "cve", "title": "CVE-2006-6173", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": true, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2006-6173"], "modified": "2017-07-29T01:29:00", "cpe": ["cpe:/o:apple:mac_os_x:10.4.6"], "id": "CVE-2006-6173", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-6173", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:o:apple:mac_os_x:10.4.6:*:*:*:*:*:*:*"]}, {"lastseen": "2023-09-24T03:14:36", "description": "MySQL 4.1 before 4.1.21 and 5.0 before 5.0.24 allows a local user to access a table through a previously created MERGE table, even after the user's privileges are revoked for the original table, which might violate intended security policy.", "cvss3": {}, "published": "2006-08-09T22:04:00", "type": "cve", "title": "CVE-2006-4031", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2006-4031"], "modified": "2019-12-17T20:16:00", "cpe": ["cpe:/a:oracle:mysql:3.23.32", "cpe:/a:mysql:mysql:5.0.5.0.21", "cpe:/a:oracle:mysql:3.23.53a", "cpe:/a:oracle:mysql:3.23.35", "cpe:/a:oracle:mysql:4.1.2", "cpe:/a:oracle:mysql:3.23.36", "cpe:/a:oracle:mysql:4.0.3", "cpe:/a:mysql:mysql:5.0.1", "cpe:/a:oracle:mysql:4.0.1", "cpe:/a:oracle:mysql:3.23.48", "cpe:/a:oracle:mysql:3.23.57", "cpe:/a:oracle:mysql:3.23.37", "cpe:/a:oracle:mysql:3.23.0", "cpe:/a:oracle:mysql:5.0.9", "cpe:/a:oracle:mysql:3.23.55", "cpe:/a:oracle:mysql:3.23.15", "cpe:/a:mysql:mysql:4.1.10", "cpe:/a:oracle:mysql:5.0.18", "cpe:/a:oracle:mysql:3.22.30", "cpe:/a:oracle:mysql:3.23.12", "cpe:/a:oracle:mysql:3.23.34", "cpe:/a:oracle:mysql:3.23.39", "cpe:/a:oracle:mysql:5.0.3", "cpe:/a:oracle:mysql:4.0.0", "cpe:/a:oracle:mysql:4.0.20", "cpe:/a:mysql:mysql:4.1.0", "cpe:/a:oracle:mysql:4.0.13", "cpe:/a:oracle:mysql:3.23.10", "cpe:/a:oracle:mysql:3.23.21", "cpe:/a:oracle:mysql:4.0.4", "cpe:/a:oracle:mysql:3.23.49", "cpe:/a:mysql:mysql:4.1.8", "cpe:/a:oracle:mysql:4.0.21", "cpe:/a:oracle:mysql:3.23.29", "cpe:/a:oracle:mysql:4.1.16", "cpe:/a:oracle:mysql:4.0.23", "cpe:/a:oracle:mysql:3.23.44", "cpe:/a:oracle:mysql:3.23.20", "cpe:/a:oracle:mysql:4.0.15", "cpe:/a:oracle:mysql:3.23.27", "cpe:/a:mysql:mysql:5.0.10", "cpe:/a:mysql:mysql:5.0.15", "cpe:/a:oracle:mysql:4.0.6", "cpe:/a:mysql:mysql:4.1.2", "cpe:/a:oracle:mysql:4.0.16", "cpe:/a:mysql:mysql:5.0.4", "cpe:/a:oracle:mysql:4.0.19", "cpe:/a:oracle:mysql:4.1.1", "cpe:/a:oracle:mysql:5.0.13", "cpe:/a:oracle:mysql:3.23.31", "cpe:/a:mysql:mysql:5.0.16", "cpe:/a:mysql:mysql:4.1.15", "cpe:/a:oracle:mysql:3.23.4", "cpe:/a:mysql:mysql:5.0.22.1.0.1", "cpe:/a:oracle:mysql:3.23.46", "cpe:/a:oracle:mysql:3.23.38", "cpe:/a:oracle:mysql:5.0.12", "cpe:/a:oracle:mysql:3.23.52", "cpe:/a:oracle:mysql:5.0.21", "cpe:/a:oracle:mysql:3.23.50", "cpe:/a:oracle:mysql:3.23.7", "cpe:/a:oracle:mysql:3.23", "cpe:/a:oracle:mysql:4.1.3", "cpe:/a:oracle:mysql:3.23.14", "cpe:/a:mysql:mysql:5.0.20", "cpe:/a:mysql:mysql:5.0.2", "cpe:/a:oracle:mysql:4.0.10", "cpe:/a:oracle:mysql:3.23.22", "cpe:/a:oracle:mysql:3.23.24", "cpe:/a:oracle:mysql:3.23.40", "cpe:/a:oracle:mysql:3.23.18", "cpe:/a:oracle:mysql:4.0.17", "cpe:/a:mysql:mysql:4.1.12", "cpe:/a:oracle:mysql:3.23.47", "cpe:/a:oracle:mysql:5.0.7", "cpe:/a:oracle:mysql:5.0.14", "cpe:/a:oracle:mysql:3.23.6", "cpe:/a:oracle:mysql:4.1.11", "cpe:/a:oracle:mysql:4.1.6", "cpe:/a:oracle:mysql:4.0.2", "cpe:/a:oracle:mysql:3.23.17", "cpe:/a:oracle:mysql:4.0.14", "cpe:/a:mysql:mysql:4.1.14", "cpe:/a:oracle:mysql:4.1.7", "cpe:/a:oracle:mysql:4.0.5", "cpe:/a:oracle:mysql:5.0.6", "cpe:/a:oracle:mysql:4.0.25", "cpe:/a:oracle:mysql:3.23.25", "cpe:/a:oracle:mysql:3.23.59", "cpe:/a:oracle:mysql:4.1.19", "cpe:/a:oracle:mysql:5.0.22", "cpe:/a:oracle:mysql:3.23.28", "cpe:/a:oracle:mysql:3.23.5", "cpe:/a:oracle:mysql:3.23.8", "cpe:/a:mysql:mysql:4.1.3", "cpe:/a:oracle:mysql:4.1.20", "cpe:/a:oracle:mysql:4.1.17", "cpe:/a:mysql:mysql:5.0.17", "cpe:/a:oracle:mysql:3.23.45", "cpe:/a:oracle:mysql:3.22.32", "cpe:/a:oracle:mysql:4.0.9", "cpe:/a:oracle:mysql:5.0.19", "cpe:/a:oracle:mysql:3.23.30", "cpe:/a:oracle:mysql:3.23.2", "cpe:/a:oracle:mysql:4.0.8", "cpe:/a:oracle:mysql:4.0.5a", "cpe:/a:oracle:mysql:4.0.11", "cpe:/a:oracle:mysql:4.0.26", "cpe:/a:oracle:mysql:4.0.7", "cpe:/a:oracle:mysql:3.23.42", "cpe:/a:mysql:mysql:4.1.13", "cpe:/a:mysql:mysql:5.0.3", "cpe:/a:oracle:mysql:3.23.26", "cpe:/a:oracle:mysql:3.23.58", "cpe:/a:oracle:mysql:4.1.0", "cpe:/a:oracle:mysql:4.1.4", "cpe:/a:oracle:mysql:3.22.27", "cpe:/a:oracle:mysql:3.23.41", "cpe:/a:oracle:mysql:5.0.8", "cpe:/a:oracle:mysql:3.23.9", "cpe:/a:oracle:mysql:3.23.19", "cpe:/a:oracle:mysql:3.23.54", "cpe:/a:oracle:mysql:3.23.53", "cpe:/a:oracle:mysql:5.0.11", "cpe:/a:oracle:mysql:3.22.28", "cpe:/a:oracle:mysql:5.0.0", "cpe:/a:oracle:mysql:4.0.12", "cpe:/a:oracle:mysql:4.1.18", "cpe:/a:oracle:mysql:4.1.5", "cpe:/a:oracle:mysql:3.23.3", "cpe:/a:oracle:mysql:4.1.9", "cpe:/a:oracle:mysql:4.0.18", "cpe:/a:oracle:mysql:3.23.43", "cpe:/a:oracle:mysql:3.23.23", "cpe:/a:oracle:mysql:3.23.1", "cpe:/a:oracle:mysql:3.23.33", "cpe:/a:oracle:mysql:4.0.24", "cpe:/a:oracle:mysql:3.23.54a", "cpe:/a:oracle:mysql:3.23.11", "cpe:/a:oracle:mysql:3.23.56", "cpe:/a:oracle:mysql:3.22.29", "cpe:/a:oracle:mysql:3.23.16", "cpe:/a:oracle:mysql:3.23.51", "cpe:/a:oracle:mysql:3.23.13", "cpe:/a:mysql:mysql:5.0.5", "cpe:/a:oracle:mysql:4.0.27"], "id": "CVE-2006-4031", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-4031", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:a:oracle:mysql:5.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:4.1.20:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:3.23.13:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:3.23.28:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:3.23.36:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:4.0.5a:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:3.23.47:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:3.23.23:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:3.23.45:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:4.1.9:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:4.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:4.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:3.23.20:beta:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:4.0.26:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:3.23.6:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:3.23.28:gamma:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:4.0.11:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:3.23.24:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:3.23.56:*:*:*:*:*:*:*", "cpe:2.3:a:mysql:mysql:5.0.17:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:3.23.25:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:4.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:3.23.22:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:3.23.51:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:4.0.21:*:*:*:*:*:*:*", "cpe:2.3:a:mysql:mysql:4.1.3:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:3.23.54:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:3.23.14:*:*:*:*:*:*:*", "cpe:2.3:a:mysql:mysql:4.1.12:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:3.23.58:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:4.0.15:*:*:*:*:*:*:*", "cpe:2.3:a:mysql:mysql:5.0.22.1.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:3.23.53a:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:4.0.9:gamma:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:3.23.27:*:*:*:*:*:*:*", "cpe:2.3:a:mysql:mysql:5.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:5.0.13:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:3.23.12:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:3.23.33:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:3.23.52:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:3.23:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:4.0.24:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:5.0.22:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:3.23.17:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:4.1.19:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:4.0.20:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:3.23.43:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:4.0.25:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:3.23.46:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:3.23.48:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:4.1.4:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:4.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:3.23.50:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:3.23.34:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:4.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:4.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:3.23.59:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:4.0.7:gamma:*:*:*:*:*:*", "cpe:2.3:a:mysql:mysql:5.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:4.1.7:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:4.1.17:*:*:*:*:*:*:*", "cpe:2.3:a:mysql:mysql:4.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:5.0.12:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:3.22.29:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:4.0.12:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:4.0.11:gamma:*:*:*:*:*:*", "cpe:2.3:a:mysql:mysql:5.0.15:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:4.0.17:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:3.23.35:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:4.1.3:beta:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:3.23.7:*:*:*:*:*:*:*", "cpe:2.3:a:mysql:mysql:5.0.16:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:3.23.55:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:4.0.14:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:4.1.0:alpha:*:*:*:*:*:*", "cpe:2.3:a:mysql:mysql:4.1.13:*:*:*:*:*:*:*", "cpe:2.3:a:mysql:mysql:5.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:4.1.5:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:4.0.8:gamma:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:5.0.11:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:4.1.2:alpha:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:3.23.44:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:5.0.3:beta:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:3.22.28:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:3.23.37:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:3.22.32:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:4.1.6:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:3.23.11:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:4.0.16:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:3.23.4:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:5.0.19:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:3.23.26:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:3.23.9:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:3.23.31:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:3.23.30:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:5.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:4.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:4.0.19:*:*:*:*:*:*:*", "cpe:2.3:a:mysql:mysql:5.0.10:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:3.22.27:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:5.0.21:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:3.23.42:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:4.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:4.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:mysql:mysql:5.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:4.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:4.0.27:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:5.0.18:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:3.23.16:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:3.23.21:*:*:*:*:*:*:*", "cpe:2.3:a:mysql:mysql:4.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:3.23.1:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:3.23.53:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:3.23.8:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:3.23.41:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:4.0.13:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:3.23.40:*:*:*:*:*:*:*", "cpe:2.3:a:mysql:mysql:4.1.15:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:5.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:4.1.11:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:3.23.29:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:4.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:3.23.38:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:4.0.18:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:3.23.10:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:3.22.30:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:3.23.0:alpha:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:3.23.39:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:3.23.2:*:*:*:*:*:*:*", "cpe:2.3:a:mysql:mysql:4.1.10:*:*:*:*:*:*:*", "cpe:2.3:a:mysql:mysql:5.0.20:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:4.1.18:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:3.23.49:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:4.0.10:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:5.0.0:alpha:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:3.23.19:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:3.23.5:*:*:*:*:*:*:*", "cpe:2.3:a:mysql:mysql:4.1.14:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:3.23.32:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:5.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:mysql:mysql:5.0.5.0.21:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:5.0.14:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:3.23.15:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:3.23.18:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:4.1.16:*:*:*:*:*:*:*", "cpe:2.3:a:mysql:mysql:5.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mysql:mysql:4.1.8:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:3.23.3:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:3.23.54a:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:3.23.57:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:4.0.23:*:*:*:*:*:*:*"]}, {"lastseen": "2023-09-25T11:07:42", "description": "Apple Mac OS X AppleTalk allows local users to cause a denial of service (kernel panic) by calling the AIOCREGLOCALZN ioctl command with a crafted data structure on an AppleTalk socket.", "cvss3": {}, "published": "2006-11-28T01:07:00", "type": "cve", "title": "CVE-2006-6130", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 4.9, "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2006-6130"], "modified": "2017-07-29T01:29:00", "cpe": ["cpe:/a:apple:mac_os_x:*"], "id": "CVE-2006-6130", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-6130", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C"}, "cpe23": ["cpe:2.3:a:apple:mac_os_x:*:*:*:*:*:*:*:*"]}, {"lastseen": "2023-09-23T23:33:53", "description": "Format string vulnerability in time.cc in MySQL Server 4.1 before 4.1.21 and 5.0 before 1 April 2006 allows remote authenticated users to cause a denial of service (crash) via a format string instead of a date as the first parameter to the date_format function, which is later used in a formatted print call to display the error message.", "cvss3": {}, "published": "2006-07-21T14:03:00", "type": "cve", "title": "CVE-2006-3469", "cwe": ["CWE-134"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.0, "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2006-3469"], "modified": "2019-12-17T20:16:00", "cpe": ["cpe:/a:mysql:mysql:4.1.14", "cpe:/a:oracle:mysql:4.1.7", "cpe:/a:mysql:mysql:5.0.10", "cpe:/a:mysql:mysql:4.1.13", "cpe:/a:oracle:mysql:5.0.6", "cpe:/a:mysql:mysql:5.0.5.0.21", "cpe:/a:mysql:mysql:5.0.15", "cpe:/a:oracle:mysql:4.1.19", "cpe:/a:oracle:mysql:5.0.13", "cpe:/a:mysql:mysql:5.0.16", "cpe:/a:mysql:mysql:4.1.15", "cpe:/a:oracle:mysql:5.0.11", "cpe:/a:oracle:mysql:5.0.12", "cpe:/a:oracle:mysql:4.1.20", "cpe:/a:oracle:mysql:5.0.9", "cpe:/a:mysql:mysql:5.0.17", "cpe:/a:oracle:mysql:4.1.18", "cpe:/a:oracle:mysql:5.0.18", "cpe:/a:oracle:mysql:4.1.9", "cpe:/a:oracle:mysql:5.0.19", "cpe:/a:mysql:mysql:4.1.12", "cpe:/a:mysql:mysql:4.1.8", "cpe:/a:oracle:mysql:4.1.16", "cpe:/a:oracle:mysql:4.1.11", "cpe:/a:oracle:mysql:4.1.6"], "id": "CVE-2006-3469", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-3469", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:oracle:mysql:5.0.11:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:4.1.20:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:4.1.19:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:4.1.6:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:5.0.19:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:4.1.9:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:4.1.18:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:4.1.7:*:*:*:*:*:*:*", "cpe:2.3:a:mysql:mysql:5.0.10:*:*:*:*:*:*:*", "cpe:2.3:a:mysql:mysql:4.1.14:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:5.0.12:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:5.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:mysql:mysql:5.0.5.0.21:*:*:*:*:*:*:*", "cpe:2.3:a:mysql:mysql:5.0.17:*:*:*:*:*:*:*", "cpe:2.3:a:mysql:mysql:5.0.15:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:5.0.18:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:4.1.16:*:*:*:*:*:*:*", "cpe:2.3:a:mysql:mysql:4.1.8:*:*:*:*:*:*:*", "cpe:2.3:a:mysql:mysql:4.1.12:*:*:*:*:*:*:*", "cpe:2.3:a:mysql:mysql:5.0.16:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:5.0.13:*:*:*:*:*:*:*", "cpe:2.3:a:mysql:mysql:4.1.15:*:*:*:*:*:*:*", "cpe:2.3:a:mysql:mysql:4.1.13:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:5.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:4.1.11:*:*:*:*:*:*:*"]}, {"lastseen": "2023-09-25T11:08:00", "description": "Integer overflow in the fatfile_getarch2 in Apple Mac OS X allows local users to cause a denial of service and possibly execute arbitrary code via a crafted Mach-O Universal program that triggers memory corruption.", "cvss3": {}, "published": "2006-11-27T00:07:00", "type": "cve", "title": "CVE-2006-6129", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": true}, "cvelist": ["CVE-2006-6129"], "modified": "2017-07-29T01:29:00", "cpe": ["cpe:/o:apple:mac_os_x_server:10.4.8", "cpe:/o:apple:mac_os_x:10.4.8"], "id": "CVE-2006-6129", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-6129", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:apple:mac_os_x_server:10.4.8:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.4.8:*:*:*:*:*:*:*"]}, {"lastseen": "2023-09-25T10:39:24", "description": "Unspecified vulnerability in Apple Mac OS X 10.4.8, and possibly other versions, allows remote attackers to cause a denial of service (crash) via a malformed UDTO HFS+ disk image, such as with \"bad sectors,\" which triggers memory corruption.", "cvss3": {}, "published": "2006-11-22T01:07:00", "type": "cve", "title": "CVE-2006-6062", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.1, "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": true}, "cvelist": ["CVE-2006-6062"], "modified": "2017-07-20T01:34:00", "cpe": ["cpe:/o:apple:mac_os_x_server:10.4.8", "cpe:/o:apple:mac_os_x:10.4.8"], "id": "CVE-2006-6062", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-6062", "cvss": {"score": 5.1, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:apple:mac_os_x_server:10.4.8:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.4.8:*:*:*:*:*:*:*"]}, {"lastseen": "2023-09-25T10:44:47", "description": "com.apple.AppleDiskImageController in Apple Mac OS X 10.4.8, and possibly other versions, allows remote attackers to execute arbitrary code via a malformed DMG image that triggers memory corruption. NOTE: the severity of this issue has been disputed by a third party, who states that the impact is limited to a denial of service (kernel panic) due to a vm_fault call with a non-aligned address.", "cvss3": {}, "published": "2006-11-22T01:07:00", "type": "cve", "title": "CVE-2006-6061", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": true, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2006-6061"], "modified": "2017-07-20T01:34:00", "cpe": ["cpe:/o:apple:mac_os_x_server:10.4.8", "cpe:/o:apple:mac_os_x:10.4.8"], "id": "CVE-2006-6061", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-6061", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:o:apple:mac_os_x_server:10.4.8:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.4.8:*:*:*:*:*:*:*"]}, {"lastseen": "2023-09-24T08:55:19", "description": "sshd in OpenSSH before 4.4, when using the version 1 SSH protocol, allows remote attackers to cause a denial of service (CPU consumption) via an SSH packet that contains duplicate blocks, which is not properly handled by the CRC compensation attack detector.", "cvss3": {}, "published": "2006-09-27T01:07:00", "type": "cve", "title": "CVE-2006-4924", "cwe": ["CWE-399"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2006-4924"], "modified": "2018-10-17T21:40:00", "cpe": ["cpe:/a:openbsd:openssh:3.6", "cpe:/a:openbsd:openssh:2.9", "cpe:/a:openbsd:openssh:3.1", "cpe:/a:openbsd:openssh:3.7.1p2", "cpe:/a:openbsd:openssh:3.8", "cpe:/a:openbsd:openssh:4.2p1", "cpe:/a:openbsd:openssh:3.5", "cpe:/a:openbsd:openssh:2.9p1", "cpe:/a:openbsd:openssh:3.0.1", "cpe:/a:openbsd:openssh:2.9.9p2", "cpe:/a:openbsd:openssh:3.6.1p2", "cpe:/a:openbsd:openssh:3.4p1", "cpe:/a:openbsd:openssh:3.7.1", "cpe:/a:openbsd:openssh:3.4", "cpe:/a:openbsd:openssh:3.0.2", "cpe:/a:openbsd:openssh:1.2.2", "cpe:/a:openbsd:openssh:3.1p1", "cpe:/a:openbsd:openssh:4.1p1", "cpe:/a:openbsd:openssh:3.5p1", "cpe:/a:openbsd:openssh:2.9.9", "cpe:/a:openbsd:openssh:4.3p1", "cpe:/a:openbsd:openssh:3.7.1p1", "cpe:/a:openbsd:openssh:2.9p2", "cpe:/a:openbsd:openssh:3.9", "cpe:/a:openbsd:openssh:3.0.1p1", "cpe:/a:openbsd:openssh:3.3", "cpe:/a:openbsd:openssh:1.2", "cpe:/a:openbsd:openssh:3.2.2p1", "cpe:/a:openbsd:openssh:2.5.1", "cpe:/a:openbsd:openssh:3.6.1", "cpe:/a:openbsd:openssh:3.3p1", "cpe:/a:openbsd:openssh:4.0", "cpe:/a:openbsd:openssh:4.0p1", "cpe:/a:openbsd:openssh:2.3", "cpe:/a:openbsd:openssh:2.2", "cpe:/a:openbsd:openssh:1.2.1", "cpe:/a:openbsd:openssh:3.2", "cpe:/a:openbsd:openssh:3.8.1", "cpe:/a:openbsd:openssh:3.7", "cpe:/a:openbsd:openssh:4.2", "cpe:/a:openbsd:openssh:3.9.1", "cpe:/a:openbsd:openssh:2.1", "cpe:/a:openbsd:openssh:2.5.2", "cpe:/a:openbsd:openssh:3.0.2p1", "cpe:/a:openbsd:openssh:3.0", "cpe:/a:openbsd:openssh:4.3", "cpe:/a:openbsd:openssh:3.6.1p1", "cpe:/a:openbsd:openssh:1.2.27", "cpe:/a:openbsd:openssh:3.2.3p1", "cpe:/a:openbsd:openssh:1.2.3", "cpe:/a:openbsd:openssh:3.0p1", "cpe:/a:openbsd:openssh:3.2.2", "cpe:/a:openbsd:openssh:3.8.1p1", "cpe:/a:openbsd:openssh:2.5", "cpe:/a:openbsd:openssh:2.1.1", "cpe:/a:openbsd:openssh:3.9.1p1"], "id": "CVE-2006-4924", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-4924", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}, "cpe23": ["cpe:2.3:a:openbsd:openssh:3.7.1p1:*:*:*:*:*:*:*", "cpe:2.3:a:openbsd:openssh:4.3p1:*:*:*:*:*:*:*", "cpe:2.3:a:openbsd:openssh:3.8.1:*:*:*:*:*:*:*", "cpe:2.3:a:openbsd:openssh:1.2:*:*:*:*:*:*:*", "cpe:2.3:a:openbsd:openssh:3.7.1p2:*:*:*:*:*:*:*", "cpe:2.3:a:openbsd:openssh:4.2:*:*:*:*:*:*:*", "cpe:2.3:a:openbsd:openssh:3.1:*:*:*:*:*:*:*", "cpe:2.3:a:openbsd:openssh:2.5:*:*:*:*:*:*:*", "cpe:2.3:a:openbsd:openssh:3.8:*:*:*:*:*:*:*", "cpe:2.3:a:openbsd:openssh:2.5.2:*:*:*:*:*:*:*", "cpe:2.3:a:openbsd:openssh:3.6.1:*:*:*:*:*:*:*", "cpe:2.3:a:openbsd:openssh:3.8.1p1:*:*:*:*:*:*:*", "cpe:2.3:a:openbsd:openssh:2.2:*:*:*:*:*:*:*", "cpe:2.3:a:openbsd:openssh:4.1p1:*:*:*:*:*:*:*", "cpe:2.3:a:openbsd:openssh:3.6:*:*:*:*:*:*:*", "cpe:2.3:a:openbsd:openssh:3.6.1p2:*:*:*:*:*:*:*", "cpe:2.3:a:openbsd:openssh:3.0p1:*:*:*:*:*:*:*", "cpe:2.3:a:openbsd:openssh:3.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:openbsd:openssh:2.5.1:*:*:*:*:*:*:*", "cpe:2.3:a:openbsd:openssh:3.2.2p1:*:*:*:*:*:*:*", "cpe:2.3:a:openbsd:openssh:1.2.3:*:*:*:*:*:*:*", "cpe:2.3:a:openbsd:openssh:3.4p1:*:*:*:*:*:*:*", "cpe:2.3:a:openbsd:openssh:3.3p1:*:*:*:*:*:*:*", "cpe:2.3:a:openbsd:openssh:3.0.1p1:*:*:*:*:*:*:*", "cpe:2.3:a:openbsd:openssh:3.3:*:*:*:*:*:*:*", "cpe:2.3:a:openbsd:openssh:3.7.1:*:*:*:*:*:*:*", "cpe:2.3:a:openbsd:openssh:3.1p1:*:*:*:*:*:*:*", "cpe:2.3:a:openbsd:openssh:3.4:*:*:*:*:*:*:*", "cpe:2.3:a:openbsd:openssh:4.0:*:*:*:*:*:*:*", "cpe:2.3:a:openbsd:openssh:1.2.2:*:*:*:*:*:*:*", "cpe:2.3:a:openbsd:openssh:3.2.3p1:*:*:*:*:*:*:*", "cpe:2.3:a:openbsd:openssh:3.9:*:*:*:*:*:*:*", "cpe:2.3:a:openbsd:openssh:3.7:*:*:*:*:*:*:*", "cpe:2.3:a:openbsd:openssh:4.2p1:*:*:*:*:*:*:*", "cpe:2.3:a:openbsd:openssh:1.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:openbsd:openssh:4.0p1:*:*:*:*:*:*:*", "cpe:2.3:a:openbsd:openssh:3.5p1:*:*:*:*:*:*:*", "cpe:2.3:a:openbsd:openssh:3.9.1p1:*:*:*:*:*:*:*", "cpe:2.3:a:openbsd:openssh:3.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:openbsd:openssh:2.9p1:*:*:*:*:*:*:*", "cpe:2.3:a:openbsd:openssh:4.3:*:*:*:*:*:*:*", "cpe:2.3:a:openbsd:openssh:3.0.2p1:*:*:*:*:*:*:*", "cpe:2.3:a:openbsd:openssh:3.9.1:*:*:*:*:*:*:*", "cpe:2.3:a:openbsd:openssh:2.9.9p2:*:*:*:*:*:*:*", "cpe:2.3:a:openbsd:openssh:2.9:*:*:*:*:*:*:*", "cpe:2.3:a:openbsd:openssh:2.9p2:*:*:*:*:*:*:*", "cpe:2.3:a:openbsd:openssh:3.0:*:*:*:*:*:*:*", "cpe:2.3:a:openbsd:openssh:3.2:*:*:*:*:*:*:*", "cpe:2.3:a:openbsd:openssh:2.1:*:*:*:*:*:*:*", "cpe:2.3:a:openbsd:openssh:3.6.1p1:*:*:*:*:*:*:*", "cpe:2.3:a:openbsd:openssh:2.9.9:*:*:*:*:*:*:*", "cpe:2.3:a:openbsd:openssh:2.3:*:*:*:*:*:*:*", "cpe:2.3:a:openbsd:openssh:1.2.27:*:*:*:*:*:*:*", "cpe:2.3:a:openbsd:openssh:2.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:openbsd:openssh:3.2.2:*:*:*:*:*:*:*", "cpe:2.3:a:openbsd:openssh:3.5:*:*:*:*:*:*:*"]}, {"lastseen": "2023-09-28T11:36:18", "description": "Incomplete blacklist vulnerability in sudo 1.6.8 and earlier allows local users to gain privileges via the (1) SHELLOPTS and (2) PS4 environment variables before executing a bash script on behalf of another user, which are not cleared even though other variables are.", "cvss3": {}, "published": "2005-10-25T16:02:00", "type": "cve", "title": "CVE-2005-2959", "cwe": ["CWE-264"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": true}, "cvelist": ["CVE-2005-2959"], "modified": "2018-10-03T21:31:00", "cpe": ["cpe:/a:todd_miller:sudo:1.6.3p2", "cpe:/a:todd_miller:sudo:1.6.1", "cpe:/a:todd_miller:sudo:1.6.2", "cpe:/a:todd_miller:sudo:1.6.4p1", "cpe:/a:todd_miller:sudo:1.6.5_p2", "cpe:/a:todd_miller:sudo:1.6.3p3", "cpe:/a:todd_miller:sudo:1.6.5", "cpe:/a:todd_miller:sudo:1.6.3_p5", "cpe:/a:todd_miller:sudo:1.6.3p1", "cpe:/a:todd_miller:sudo:1.6.4p2", "cpe:/a:todd_miller:sudo:1.6.3_p4", "cpe:/a:todd_miller:sudo:1.6.3p4", "cpe:/a:todd_miller:sudo:1.6.5p2", "cpe:/a:todd_miller:sudo:1.6.3p7", "cpe:/a:todd_miller:sudo:1.6.5p1", "cpe:/a:todd_miller:sudo:1.6.3_p2", "cpe:/a:todd_miller:sudo:1.6.6", "cpe:/a:todd_miller:sudo:1.6.3_p1", "cpe:/a:todd_miller:sudo:1.6.5_p1", "cpe:/a:todd_miller:sudo:1.6.3", "cpe:/a:todd_miller:sudo:1.6.8", "cpe:/a:todd_miller:sudo:1.6.7", "cpe:/a:todd_miller:sudo:1.6.7_p5", "cpe:/a:todd_miller:sudo:1.6.4", "cpe:/a:todd_miller:sudo:1.6.4_p1", "cpe:/a:todd_miller:sudo:1.6.4_p2", "cpe:/a:todd_miller:sudo:1.6.3_p7", "cpe:/a:todd_miller:sudo:1.6.3p5", "cpe:/a:todd_miller:sudo:1.6.3_p6", "cpe:/a:todd_miller:sudo:1.6.3_p3", "cpe:/a:todd_miller:sudo:1.6.3p6", "cpe:/a:todd_miller:sudo:1.6"], "id": "CVE-2005-2959", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-2959", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:todd_miller:sudo:1.6.5_p1:*:*:*:*:*:*:*", "cpe:2.3:a:todd_miller:sudo:1.6.4p2:*:*:*:*:*:*:*", "cpe:2.3:a:todd_miller:sudo:1.6:*:*:*:*:*:*:*", "cpe:2.3:a:todd_miller:sudo:1.6.3p5:*:*:*:*:*:*:*", "cpe:2.3:a:todd_miller:sudo:1.6.2:*:*:*:*:*:*:*", "cpe:2.3:a:todd_miller:sudo:1.6.5_p2:*:*:*:*:*:*:*", "cpe:2.3:a:todd_miller:sudo:1.6.1:*:*:*:*:*:*:*", "cpe:2.3:a:todd_miller:sudo:1.6.4_p1:*:*:*:*:*:*:*", "cpe:2.3:a:todd_miller:sudo:1.6.6:*:*:*:*:*:*:*", "cpe:2.3:a:todd_miller:sudo:1.6.3_p4:*:*:*:*:*:*:*", "cpe:2.3:a:todd_miller:sudo:1.6.3_p2:*:*:*:*:*:*:*", "cpe:2.3:a:todd_miller:sudo:1.6.3_p3:*:*:*:*:*:*:*", "cpe:2.3:a:todd_miller:sudo:1.6.4p1:*:*:*:*:*:*:*", "cpe:2.3:a:todd_miller:sudo:1.6.5p2:*:*:*:*:*:*:*", "cpe:2.3:a:todd_miller:sudo:1.6.3:*:*:*:*:*:*:*", "cpe:2.3:a:todd_miller:sudo:1.6.4:*:*:*:*:*:*:*", "cpe:2.3:a:todd_miller:sudo:1.6.3_p6:*:*:*:*:*:*:*", "cpe:2.3:a:todd_miller:sudo:1.6.7:*:*:*:*:*:*:*", "cpe:2.3:a:todd_miller:sudo:1.6.5p1:*:*:*:*:*:*:*", "cpe:2.3:a:todd_miller:sudo:1.6.8:*:*:*:*:*:*:*", "cpe:2.3:a:todd_miller:sudo:1.6.3p1:*:*:*:*:*:*:*", "cpe:2.3:a:todd_miller:sudo:1.6.3p4:*:*:*:*:*:*:*", "cpe:2.3:a:todd_miller:sudo:1.6.3p6:*:*:*:*:*:*:*", "cpe:2.3:a:todd_miller:sudo:1.6.3p3:*:*:*:*:*:*:*", "cpe:2.3:a:todd_miller:sudo:1.6.3p2:*:*:*:*:*:*:*", "cpe:2.3:a:todd_miller:sudo:1.6.3_p7:*:*:*:*:*:*:*", "cpe:2.3:a:todd_miller:sudo:1.6.7_p5:*:*:*:*:*:*:*", "cpe:2.3:a:todd_miller:sudo:1.6.5:*:*:*:*:*:*:*", "cpe:2.3:a:todd_miller:sudo:1.6.4_p2:*:*:*:*:*:*:*", "cpe:2.3:a:todd_miller:sudo:1.6.3_p5:*:*:*:*:*:*:*", "cpe:2.3:a:todd_miller:sudo:1.6.3p7:*:*:*:*:*:*:*", "cpe:2.3:a:todd_miller:sudo:1.6.3_p1:*:*:*:*:*:*:*"]}, {"lastseen": "2023-09-25T09:07:51", "description": "The fpathconf syscall function in bsd/kern/kern_descrip.c in the Darwin kernel (XNU) 8.8.1 in Apple Mac OS X allows local users to cause a denial of service (kernel panic) and possibly execute arbitrary code via a file descriptor with an unrecognized file type.", "cvss3": {}, "published": "2006-11-10T01:07:00", "type": "cve", "title": "CVE-2006-5836", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": true, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2006-5836"], "modified": "2017-07-20T01:34:00", "cpe": ["cpe:/o:opendarwin:darwin_kernel:8.8.1"], "id": "CVE-2006-5836", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-5836", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:o:opendarwin:darwin_kernel:8.8.1:*:*:*:*:*:*:*"]}, {"lastseen": "2023-09-26T20:08:44", "description": "Stack-based buffer overflow in the Apple-specific Samba module (SMB File Server) in Apple Mac OS X 10.4 through 10.4.8 allows context-dependent attackers to execute arbitrary code via a long ACL.", "cvss3": {}, "published": "2007-03-13T22:19:00", "type": "cve", "title": "CVE-2007-0731", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": true, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2007-0731"], "modified": "2017-07-29T01:30:00", "cpe": ["cpe:/o:apple:mac_os_x:10.4.4", "cpe:/o:apple:mac_os_x:10.4.3", "cpe:/o:apple:mac_os_x_server:10.4.7", "cpe:/o:apple:mac_os_x_server:10.4.5", "cpe:/o:apple:mac_os_x:10.4.6", "cpe:/o:apple:mac_os_x:10.4.7", "cpe:/o:apple:mac_os_x_server:10.4.6", "cpe:/o:apple:mac_os_x_server:10.4.3", "cpe:/o:apple:mac_os_x:10.4.8", "cpe:/o:apple:mac_os_x_server:10.4", "cpe:/o:apple:mac_os_x:10.4.1", "cpe:/o:apple:mac_os_x:10.4.2", "cpe:/o:apple:mac_os_x_server:10.4.1", "cpe:/o:apple:mac_os_x:10.4.5", "cpe:/o:apple:mac_os_x_server:10.4.8", "cpe:/o:apple:mac_os_x:10.3.9", "cpe:/o:apple:mac_os_x_server:10.4.2", "cpe:/o:apple:mac_os_x_server:10.4.4"], "id": "CVE-2007-0731", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-0731", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:o:apple:mac_os_x_server:10.4.1:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.4.8:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.4.8:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.4.5:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.3.9:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.4.4:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.4.6:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.4.3:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.4.7:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.4.2:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.4.6:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.4.3:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.4:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.4.1:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.4.4:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.4.7:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.4.5:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.4.2:*:*:*:*:*:*:*"]}, {"lastseen": "2023-09-24T09:31:44", "description": "Signal handler race condition in OpenSSH before 4.4 allows remote attackers to cause a denial of service (crash), and possibly execute arbitrary code if GSSAPI authentication is enabled, via unspecified vectors that lead to a double-free.", "cvss3": {}, "published": "2006-09-27T23:07:00", "type": "cve", "title": "CVE-2006-5051", "cwe": ["CWE-362"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": true, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2006-5051"], "modified": "2017-10-11T01:31:00", "cpe": ["cpe:/a:openbsd:openssh:3.6", "cpe:/a:openbsd:openssh:2.9", "cpe:/a:openbsd:openssh:3.1", "cpe:/a:openbsd:openssh:3.7.1p2", "cpe:/a:openbsd:openssh:3.8", "cpe:/a:openbsd:openssh:4.2p1", "cpe:/a:openbsd:openssh:3.5", "cpe:/a:openbsd:openssh:2.9p1", "cpe:/a:openbsd:openssh:3.0.1", "cpe:/a:openbsd:openssh:2.9.9p2", "cpe:/a:openbsd:openssh:3.6.1p2", "cpe:/a:openbsd:openssh:3.4p1", "cpe:/a:openbsd:openssh:3.7.1", "cpe:/a:openbsd:openssh:3.4", "cpe:/a:openbsd:openssh:3.0.2", "cpe:/a:openbsd:openssh:1.2.2", "cpe:/a:openbsd:openssh:3.1p1", "cpe:/a:openbsd:openssh:4.1p1", &q

Mac OS X &lt; 10.4.9 Multiple Vulnerabilities (Security Update 2007-003)

Description

Related

Mac OS X < 10.4.9 Multiple Vulnerabilities (Security Update 2007-003)