Mac OS X Multiple Vulnerabilities (Security Update 2009-001)

2009-02-13T00:00:00

Description

The remote host is running a version of Mac OS X 10.5 or 10.4 that does not have Security Update 2009-001 applied. This security update contains fixes for the following products : - AFP Server - Apple Pixlet Video - CarbonCore - CFNetwork - Certificate Assistant - ClamAV - CoreText - CUPS - DS Tools - fetchmail - Folder Manager - FSEvents - Network Time - perl - Printing - python - Remote Apple Events - Safari RSS - servermgrd - SMB - SquirrelMail - X11 - XTerm

{"id": "MACOSX_SECUPD2009-001.NASL", "vendorId": null, "type": "nessus", "bulletinFamily": "scanner", "title": "Mac OS X Multiple Vulnerabilities (Security Update 2009-001)", "description": "The remote host is running a version of Mac OS X 10.5 or 10.4 that does not have Security Update 2009-001 applied.\n\nThis security update contains fixes for the following products :\n\n - AFP Server\n - Apple Pixlet Video\n - CarbonCore\n - CFNetwork\n - Certificate Assistant\n - ClamAV\n - CoreText\n - CUPS\n - DS Tools\n - fetchmail\n - Folder Manager\n - FSEvents\n - Network Time\n - perl\n - Printing\n - python\n - Remote Apple Events\n - Safari RSS\n - servermgrd\n - SMB\n - SquirrelMail\n - X11\n - XTerm", "published": "2009-02-13T00:00:00", "modified": "2018-07-16T00:00:00", "epss": [], "cvss": {"score": 0.0, "vector": "NONE"}, "cvss2": {}, "cvss3": {}, "href": "https://www.tenable.com/plugins/nessus/35684", "reporter": "This script is Copyright (C) 2009-2018 Tenable Network Security, Inc.", "references": ["http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3467", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5314", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5050", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5183", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2360", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0139", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4965", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0015", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1721", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0140", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1861", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2315", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2362", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0137", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1379", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0011", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1351", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1352", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1927", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0012", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0019", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0009", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0018", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3144", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1808", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2711", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4565", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0138", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4864", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2361", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3142", "http://support.apple.com/kb/ht3438", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1377", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0017", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0013", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5031", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1679", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0142", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1887", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2316", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1807", "http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1806", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1667", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0141", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3663", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0020", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2379", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0014"], "cvelist": ["CVE-2006-1861", "CVE-2006-3467", "CVE-2007-1351", "CVE-2007-1352", "CVE-2007-1667", "CVE-2007-4565", "CVE-2007-4965", "CVE-2008-1377", "CVE-2008-1379", "CVE-2008-1679", "CVE-2008-1721", "CVE-2008-1806", "CVE-2008-1807", "CVE-2008-1808", "CVE-2008-1887", "CVE-2008-1927", "CVE-2008-2315", "CVE-2008-2316", "CVE-2008-2360", "CVE-2008-2361", "CVE-2008-2362", "CVE-2008-2379", "CVE-2008-2711", "CVE-2008-3142", "CVE-2008-3144", "CVE-2008-3663", "CVE-2008-4864", "CVE-2008-5031", "CVE-2008-5050", "CVE-2008-5183", "CVE-2008-5314", "CVE-2009-0009", "CVE-2009-0011", "CVE-2009-0012", "CVE-2009-0013", "CVE-2009-0014", "CVE-2009-0015", "CVE-2009-0017", "CVE-2009-0018", "CVE-2009-0019", "CVE-2009-0020", "CVE-2009-0137", "CVE-2009-0138", "CVE-2009-0139", "CVE-2009-0140", "CVE-2009-0141", "CVE-2009-0142"], "immutableFields": [], "lastseen": "2023-05-18T14:19:48", "viewCount": 24, "enchantments": {"dependencies": {"references": [{"type": "altlinux", "idList": ["04E3FAFCC736D46ED1A4BAE02EAE6FCF", "16B72590C134C7EA6CB868CB2D619469", "406DCD60A0E94A77AF44200ABD7B468F", "A19360BE5805149A573145A2DF7B635A", "EA3CF5A171C000543432997BE8A06462"]}, {"type": "centos", "idList": ["CESA-2006:0500", "CESA-2006:0500-01", "CESA-2006:0634", "CESA-2006:0635", "CESA-2006:0635-01", "CESA-2007:0125", "CESA-2007:0125-01", "CESA-2007:0126", "CESA-2007:0150", "CESA-2007:0157", "CESA-2007:1076", "CESA-2008:0502", "CESA-2008:0503", "CESA-2008:0504", "CESA-2008:0512-01", "CESA-2008:0522", "CESA-2008:0556", "CESA-2008:0558-01", "CESA-2008:1029", "CESA-2009:0010", "CESA-2009:0329", "CESA-2009:1176", "CESA-2009:1178", "CESA-2009:1427"]}, {"type": "checkpoint_advisories", "idList": ["CPAI-2008-382"]}, {"type": "cve", "idList": ["CVE-2006-1054", "CVE-2006-1861", "CVE-2006-2493", "CVE-2006-3467", "CVE-2007-1351", "CVE-2007-1352", "CVE-2007-1667", "CVE-2007-1797", "CVE-2007-3408", "CVE-2007-4565", "CVE-2007-4965", "CVE-2008-1377", "CVE-2008-1378", "CVE-2008-1379", "CVE-2008-1679", "CVE-2008-1721", "CVE-2008-1806", "CVE-2008-1807", "CVE-2008-1808", "CVE-2008-1887", "CVE-2008-1927", "CVE-2008-2315", "CVE-2008-2316", "CVE-2008-2360", "CVE-2008-2361", "CVE-2008-2362", "CVE-2008-2379", "CVE-2008-2711", "CVE-2008-3142", "CVE-2008-3144", "CVE-2008-3663", "CVE-2008-4864", "CVE-2008-5031", "CVE-2008-5050", "CVE-2008-5183", "CVE-2008-5314", "CVE-2009-0009", "CVE-2009-0011", "CVE-2009-0012", "CVE-2009-0013", "CVE-2009-0014", "CVE-2009-0015", "CVE-2009-0017", "CVE-2009-0018", "CVE-2009-0019", "CVE-2009-0020", "CVE-2009-0030", "CVE-2009-0137", "CVE-2009-0138", "CVE-2009-0139", "CVE-2009-0140", "CVE-2009-0141", "CVE-2009-0142"]}, {"type": "debian", "idList": ["DEBIAN:2DB49FB5FBA6BBE1D57DC08FF520EB3C:A2C93", "DEBIAN:869C887ED9D0C668D3E16441F60B1A05:A2C93", "DEBIAN:DSA-1095-1:4FF41", "DEBIAN:DSA-1178-1:6AA07", "DEBIAN:DSA-1193-1:C0656", "DEBIAN:DSA-1294-1:BFA66", "DEBIAN:DSA-1377-1:F4A0B", "DEBIAN:DSA-1377-2:20B24", "DEBIAN:DSA-1454-1:2CCE7", "DEBIAN:DSA-1551-1:41B8A", "DEBIAN:DSA-1556-1:DB877", "DEBIAN:DSA-1556-2:B3A5F", "DEBIAN:DSA-1595-1:E19AB", "DEBIAN:DSA-1620-1:7CA52", "DEBIAN:DSA-1635-1:B5B4B", "DEBIAN:DSA-1667-1:B9268", "DEBIAN:DSA-1680-1:5608C", "DEBIAN:DSA-1682-1:7E59C", "DEBIAN:DSA-1858-1:1404B", "DEBIAN:DSA-1903-1:FD736", "DEBIAN:DSA-1977-1:4A5F0", "DEBIAN:DSA-2176-1:CBD37"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2006-1861", "DEBIANCVE:CVE-2006-3467", "DEBIANCVE:CVE-2007-1351", "DEBIANCVE:CVE-2007-1352", "DEBIANCVE:CVE-2007-1667", "DEBIANCVE:CVE-2007-1797", "DEBIANCVE:CVE-2007-3408", "DEBIANCVE:CVE-2007-4565", "DEBIANCVE:CVE-2008-1377", "DEBIANCVE:CVE-2008-1379", "DEBIANCVE:CVE-2008-1806", "DEBIANCVE:CVE-2008-1807", "DEBIANCVE:CVE-2008-1808", "DEBIANCVE:CVE-2008-1927", "DEBIANCVE:CVE-2008-2360", "DEBIANCVE:CVE-2008-2361", "DEBIANCVE:CVE-2008-2362", "DEBIANCVE:CVE-2008-2711", "DEBIANCVE:CVE-2008-5050", "DEBIANCVE:CVE-2008-5183", "DEBIANCVE:CVE-2008-5314"]}, {"type": "exploitpack", "idList": ["EXPLOITPACK:6F4BE7377CBDEC35F258FFC9DEA11116"]}, {"type": "fedora", "idList": ["FEDORA:043B610F8DC", "FEDORA:0FA03208DA4", "FEDORA:1B6B010F884", "FEDORA:1D27B20876F", "FEDORA:3A744208A34", "FEDORA:3F10C10F84E", "FEDORA:40FE810F895", "FEDORA:45570208974", "FEDORA:53F022086F7", "FEDORA:5BE0C10F888", "FEDORA:733C1208CC7", "FEDORA:7920210F854", "FEDORA:7F2C2208D5A", "FEDORA:8386D208203", "FEDORA:9407B10F8B4", "FEDORA:941A010F80E", "FEDORA:9F78410F8A9", "FEDORA:A228A2081FF", "FEDORA:C698B2081FF", "FEDORA:C8A5910F87D", "FEDORA:CF76210F8A7", "FEDORA:L3AGPKWW025234", "FEDORA:L3AGQMS1025678", "FEDORA:L84LQWGQ024974", "FEDORA:L84MAGHD029693", "FEDORA:L9TJ3EEU002671", "FEDORA:M3TLDRTH031174", "FEDORA:M3TLEFCX031327", "FEDORA:M5D2NDOL024434", "FEDORA:M5E4F3XO015007", "FEDORA:M5E4IXD8015398", "FEDORA:M5I3EUBE003662", "FEDORA:M5I3FOSJ003702", "FEDORA:M5SMESRC003240", "FEDORA:M5SMFHKA003295"]}, {"type": "freebsd", "idList": ["0DCCAA28-7F3C-11DD-8DE5-0030843D3802", "168190DF-3E9A-11DD-87BC-000EA69A5213", "1E8E63C0-478A-11DD-A88D-000EA69A5213", "24B64FB0-AF1D-11DD-8A16-001B1116B350", "45500F74-5947-11DC-87C1-000E2E5785AD", "4FB43B2F-46A9-11DD-9D38-00163E000016", "800E8BD5-3ACB-11DD-8842-001302A18722", "A0AFB4B9-89A1-11DD-A65B-00163E000016", "B975763F-5210-11DB-8F1A-000A48049292", "CBFD1874-EFEA-11EB-8FE9-036BD763FF35", "D1CE8A4F-C235-11DD-8CBC-00163E000016", "EC41C3E2-129C-11DD-BAB7-0016179B2DD5"]}, {"type": "gentoo", "idList": ["GLSA-200607-02", "GLSA-200609-04", "GLSA-200705-02", "GLSA-200705-06", "GLSA-200705-10", "GLSA-200710-09", "GLSA-200711-07", "GLSA-200805-17", "GLSA-200806-07", "GLSA-200806-10", "GLSA-200807-01", "GLSA-200807-16", "GLSA-200812-21", "GLSA-200907-16", "GLSA-201006-01", "GLSA-201209-25"]}, {"type": "nessus", "idList": ["4932.PRM", "4937.PRM", "CENTOS_RHSA-2006-0500.NASL", "CENTOS_RHSA-2006-0634.NASL", "CENTOS_RHSA-2006-0635.NASL", "CENTOS_RHSA-2007-0125.NASL", "CENTOS_RHSA-2007-0126.NASL", "CENTOS_RHSA-2007-0150.NASL", "CENTOS_RHSA-2007-0157.NASL", "CENTOS_RHSA-2007-1076.NASL", "CENTOS_RHSA-2008-0502.NASL", "CENTOS_RHSA-2008-0503.NASL", "CENTOS_RHSA-2008-0504.NASL", "CENTOS_RHSA-2008-0522.NASL", "CENTOS_RHSA-2008-0556.NASL", "CENTOS_RHSA-2008-1029.NASL", "CENTOS_RHSA-2009-0010.NASL", "CENTOS_RHSA-2009-0329.NASL", "CENTOS_RHSA-2009-1176.NASL", "CENTOS_RHSA-2009-1178.NASL", "CENTOS_RHSA-2009-1427.NASL", "CLAMAV_0_94_1.NASL", "CLAMAV_0_94_2.NASL", "DEBIAN_DSA-1095.NASL", "DEBIAN_DSA-1178.NASL", "DEBIAN_DSA-1193.NASL", "DEBIAN_DSA-1294.NASL", "DEBIAN_DSA-1377.NASL", "DEBIAN_DSA-1454.NASL", "DEBIAN_DSA-1551.NASL", "DEBIAN_DSA-1556.NASL", "DEBIAN_DSA-1595.NASL", "DEBIAN_DSA-1620.NASL", "DEBIAN_DSA-1635.NASL", "DEBIAN_DSA-1667.NASL", "DEBIAN_DSA-1680.NASL", "DEBIAN_DSA-1682.NASL", "DEBIAN_DSA-1858.NASL", "DEBIAN_DSA-1903.NASL", "DEBIAN_DSA-1977.NASL", "DEBIAN_DSA-2176.NASL", "FEDORA_2006-912.NASL", "FEDORA_2007-1983.NASL", "FEDORA_2007-2663.NASL", "FEDORA_2007-426.NASL", "FEDORA_2007-427.NASL", "FEDORA_2007-689.NASL", "FEDORA_2008-10740.NASL", "FEDORA_2008-10748.NASL", "FEDORA_2008-10895.NASL", "FEDORA_2008-10911.NASL", "FEDORA_2008-10917.NASL", "FEDORA_2008-10918.NASL", "FEDORA_2008-3392.NASL", "FEDORA_2008-3399.NASL", "FEDORA_2008-5254.NASL", "FEDORA_2008-5279.NASL", "FEDORA_2008-5285.NASL", "FEDORA_2008-5425.NASL", "FEDORA_2008-5430.NASL", "FEDORA_2008-5789.NASL", "FEDORA_2008-5800.NASL", "FEDORA_2008-8559.NASL", "FEDORA_2008-9071.NASL", "FEDORA_2008-9644.NASL", "FEDORA_2008-9651.NASL", "FEDORA_2009-4870.NASL", "FEDORA_2009-5350.NASL", "FEDORA_2009-5471.NASL", "FEDORA_2009-5558.NASL", "FEDORA_2009-5644.NASL", "FLASH_PLAYER_APSB09_01.NASL", "FREEBSD_PKG_0DCCAA287F3C11DD8DE50030843D3802.NASL", "FREEBSD_PKG_168190DF3E9A11DD87BC000EA69A5213.NASL", "FREEBSD_PKG_1E8E63C0478A11DDA88D000EA69A5213.NASL", "FREEBSD_PKG_24B64FB0AF1D11DD8A16001B1116B350.NASL", "FREEBSD_PKG_45500F74594711DC87C1000E2E5785AD.NASL", "FREEBSD_PKG_4FB43B2F46A911DD9D3800163E000016.NASL", "FREEBSD_PKG_800E8BD53ACB11DD8842001302A18722.NASL", "FREEBSD_PKG_A0AFB4B989A111DDA65B00163E000016.NASL", "FREEBSD_PKG_B975763F521011DB8F1A000A48049292.NASL", "FREEBSD_PKG_CBFD1874EFEA11EB8FE9036BD763FF35.NASL", "FREEBSD_PKG_D1CE8A4FC23511DD8CBC00163E000016.NASL", "FREEBSD_PKG_EC41C3E2129C11DDBAB70016179B2DD5.NASL", "GENTOO_GLSA-200607-02.NASL", "GENTOO_GLSA-200609-04.NASL", "GENTOO_GLSA-200705-02.NASL", "GENTOO_GLSA-200705-06.NASL", "GENTOO_GLSA-200705-10.NASL", "GENTOO_GLSA-200710-09.NASL", "GENTOO_GLSA-200711-07.NASL", "GENTOO_GLSA-200805-17.NASL", "GENTOO_GLSA-200806-07.NASL", "GENTOO_GLSA-200806-10.NASL", "GENTOO_GLSA-200807-01.NASL", "GENTOO_GLSA-200807-16.NASL", "GENTOO_GLSA-200812-21.NASL", "GENTOO_GLSA-200907-16.NASL", "GENTOO_GLSA-201006-01.NASL", "GENTOO_GLSA-201209-25.NASL", "HPUX_PHSS_34392.NASL", "HPUX_PHSS_37972.NASL", "HPUX_PHSS_38840.NASL", "MACOSX_SECUPD2007-009.NASL", "MANDRAKE_MDKSA-2006-099.NASL", "MANDRAKE_MDKSA-2006-129.NASL", "MANDRAKE_MDKSA-2006-148.NASL", "MANDRAKE_MDKSA-2007-079.NASL", "MANDRAKE_MDKSA-2007-080.NASL", "MANDRAKE_MDKSA-2007-081.NASL", "MANDRAKE_MDKSA-2007-147.NASL", "MANDRAKE_MDKSA-2007-179.NASL", "MANDRIVA_MDVSA-2008-013.NASL", "MANDRIVA_MDVSA-2008-085.NASL", "MANDRIVA_MDVSA-2008-100.NASL", "MANDRIVA_MDVSA-2008-116.NASL", "MANDRIVA_MDVSA-2008-117.NASL", "MANDRIVA_MDVSA-2008-121.NASL", "MANDRIVA_MDVSA-2008-163.NASL", "MANDRIVA_MDVSA-2008-179.NASL", "MANDRIVA_MDVSA-2008-229.NASL", "MANDRIVA_MDVSA-2008-239.NASL", "MANDRIVA_MDVSA-2009-003.NASL", "MANDRIVA_MDVSA-2009-028.NASL", "NEWSTART_CGSL_NS-SA-2019-0008_PYTHON.NASL", "ORACLELINUX_ELSA-2007-0125.NASL", "ORACLELINUX_ELSA-2007-0126.NASL", "ORACLELINUX_ELSA-2007-0132.NASL", "ORACLELINUX_ELSA-2007-0150.NASL", "ORACLELINUX_ELSA-2007-0157.NASL", "ORACLELINUX_ELSA-2007-1076.NASL", "ORACLELINUX_ELSA-2008-0502.NASL", "ORACLELINUX_ELSA-2008-0503.NASL", "ORACLELINUX_ELSA-2008-0504.NASL", "ORACLELINUX_ELSA-2008-0522.NASL", "ORACLELINUX_ELSA-2008-0556.NASL", "ORACLELINUX_ELSA-2008-1029.NASL", "ORACLELINUX_ELSA-2009-0010.NASL", "ORACLELINUX_ELSA-2009-0329.NASL", "ORACLELINUX_ELSA-2009-1176.NASL", "ORACLELINUX_ELSA-2009-1177.NASL", "ORACLELINUX_ELSA-2009-1178.NASL", "ORACLELINUX_ELSA-2009-1427.NASL", "ORACLEVM_OVMSA-2009-0012.NASL", "REDHAT-RHSA-2006-0500.NASL", "REDHAT-RHSA-2006-0634.NASL", "REDHAT-RHSA-2006-0635.NASL", "REDHAT-RHSA-2007-0125.NASL", "REDHAT-RHSA-2007-0126.NASL", "REDHAT-RHSA-2007-0132.NASL", "REDHAT-RHSA-2007-0150.NASL", "REDHAT-RHSA-2007-0157.NASL", "REDHAT-RHSA-2007-1076.NASL", "REDHAT-RHSA-2008-0264.NASL", "REDHAT-RHSA-2008-0502.NASL", "REDHAT-RHSA-2008-0503.NASL", "REDHAT-RHSA-2008-0504.NASL", "REDHAT-RHSA-2008-0512.NASL", "REDHAT-RHSA-2008-0522.NASL", "REDHAT-RHSA-2008-0525.NASL", "REDHAT-RHSA-2008-0556.NASL", "REDHAT-RHSA-2008-0558.NASL", "REDHAT-RHSA-2008-0629.NASL", "REDHAT-RHSA-2008-1029.NASL", "REDHAT-RHSA-2009-0010.NASL", "REDHAT-RHSA-2009-0329.NASL", "REDHAT-RHSA-2009-1062.NASL", "REDHAT-RHSA-2009-1176.NASL", "REDHAT-RHSA-2009-1177.NASL", "REDHAT-RHSA-2009-1178.NASL", "REDHAT-RHSA-2009-1427.NASL", "SAFARI_3_2_2.NASL", "SLACKWARE_SSA_2006-207-02.NASL", "SLACKWARE_SSA_2007-109-01.NASL", "SLACKWARE_SSA_2008-183-01.NASL", "SLACKWARE_SSA_2008-210-01.NASL", "SLACKWARE_SSA_2008-217-01.NASL", "SL_20071210_PYTHON_ON_SL4_X.NASL", "SL_20080611_PERL_ON_SL3_X.NASL", "SL_20080611_XFREE86_ON_SL3_X.NASL", "SL_20080611_XORG_X11_ON_SL4_X.NASL", "SL_20080611_XORG_X11_SERVER_ON_SL5_X.NASL", "SL_20080620_FREETYPE_ON_SL3_X.NASL", "SL_20081215_CUPS_ON_SL3_X.NASL", "SL_20090112_SQUIRRELMAIL_ON_SL3_X.NASL", "SL_20090522_FREETYPE_ON_SL3_X.NASL", "SL_20090727_PYTHON_FOR_SL5_X.NASL", "SL_20090728_PYTHON_FOR_SL_3_0_X.NASL", "SL_20090728_PYTHON_FOR_SL_4_X.NASL", "SL_20090908_FETCHMAIL_ON_SL3_X.NASL", "SOLARIS10_119059-65.NASL", "SOLARIS10_119059-66.NASL", "SOLARIS10_119059-69.NASL", "SOLARIS10_119059-70.NASL", "SOLARIS10_119059-71.NASL", "SOLARIS10_119059-72.NASL", "SOLARIS10_119059-74.NASL", "SOLARIS10_119059.NASL", "SOLARIS10_119059_46.NASL", "SOLARIS10_X86_119060-64.NASL", "SOLARIS10_X86_119060-65.NASL", "SOLARIS10_X86_119060-68.NASL", "SOLARIS10_X86_119060-69.NASL", "SOLARIS10_X86_119060-70.NASL", "SOLARIS10_X86_119060-71.NASL", "SOLARIS10_X86_119060-73.NASL", "SOLARIS10_X86_119060.NASL", "SOLARIS10_X86_119060_45.NASL", "SOLARIS9_X86_124833.NASL", "SQUIRRELMAIL_INSECURE_HTTPS_COOKIE.NASL", "SUSE9_11814.NASL", "SUSE9_12046.NASL", "SUSE9_12170.NASL", "SUSE9_12208.NASL", "SUSE9_12215.NASL", "SUSE9_12292.NASL", "SUSE9_12293.NASL", "SUSE9_12316.NASL", "SUSE9_12318.NASL", "SUSE_11_0_CLAMAV-081114.NASL", "SUSE_11_0_CLAMAV-081204.NASL", "SUSE_11_0_CUPS-081121.NASL", "SUSE_11_0_PERL-080715.NASL", "SUSE_11_0_PYTHON-080801.NASL", "SUSE_11_0_PYTHON-081201.NASL", "SUSE_11_0_XGL-080815.NASL", "SUSE_11_0_XORG-X11-XVNC-080616.NASL", "SUSE_CLAMAV-5768.NASL", "SUSE_CLAMAV-5769.NASL", "SUSE_CLAMAV-5773.NASL", "SUSE_CLAMAV-5842.NASL", "SUSE_CLAMAV-5843.NASL", "SUSE_FETCHMAIL-4462.NASL", "SUSE_FETCHMAIL-4490.NASL", "SUSE_FREETYPE2-1608.NASL", "SUSE_FREETYPE2-1910.NASL", "SUSE_FREETYPE2-1918.NASL", "SUSE_FREETYPE2-3066.NASL", "SUSE_FREETYPE2-3067.NASL", "SUSE_GRAPHICSMAGICK-3129.NASL", "SUSE_IMAGEMAGICK-3130.NASL", "SUSE_IMAGEMAGICK-3131.NASL", "SUSE_NX-4555.NASL", "SUSE_PERL-5443.NASL", "SUSE_PERL-5444.NASL", "SUSE_PYTHON-4900.NASL", "SUSE_PYTHON-4902.NASL", "SUSE_PYTHON-5490.NASL", "SUSE_PYTHON-5491.NASL", "SUSE_PYTHON-5837.NASL", "SUSE_PYTHON-5848.NASL", "SUSE_SQUIRRELMAIL-5778.NASL", "SUSE_SQUIRRELMAIL-5792.NASL", "SUSE_SQUIRRELMAIL-5835.NASL", "SUSE_SQUIRRELMAIL-5860.NASL", "SUSE_SQUIRRELMAIL-5978.NASL", "SUSE_SU-2020-0234-1.NASL", "SUSE_XGL-5526.NASL", "SUSE_XGL-5528.NASL", "SUSE_XORG-X11-SERVER-3082.NASL", "SUSE_XORG-X11-SERVER-3083.NASL", "SUSE_XORG-X11-SERVER-5316.NASL", "SUSE_XORG-X11-XNEST-5321.NASL", "SUSE_XORG-X11-XVNC-5317.NASL", "UBUNTU_USN-291-1.NASL", "UBUNTU_USN-324-1.NASL", "UBUNTU_USN-341-1.NASL", "UBUNTU_USN-448-1.NASL", "UBUNTU_USN-453-1.NASL", "UBUNTU_USN-481-1.NASL", "UBUNTU_USN-520-1.NASL", "UBUNTU_USN-585-1.NASL", "UBUNTU_USN-616-1.NASL", "UBUNTU_USN-632-1.NASL", "UBUNTU_USN-643-1.NASL", "UBUNTU_USN-672-1.NASL", "UBUNTU_USN-684-1.NASL", "UBUNTU_USN-700-1.NASL", "UBUNTU_USN-700-2.NASL", "UBUNTU_USN-707-1.NASL", "UBUNTU_USN-806-1.NASL", "VMWARE_VMSA-2008-0003.NASL", "VMWARE_VMSA-2008-0013.NASL", "VMWARE_VMSA-2008-0014.NASL", "VMWARE_VMSA-2009-0016.NASL", "VMWARE_VMSA-2009-0016_REMOTE.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:102023", "OPENVAS:102026", "OPENVAS:1361412562310102023", "OPENVAS:1361412562310102026", "OPENVAS:1361412562310122440", "OPENVAS:1361412562310122463", "OPENVAS:1361412562310122528", "OPENVAS:1361412562310122537", "OPENVAS:1361412562310122575", "OPENVAS:1361412562310122576", "OPENVAS:1361412562310122577", "OPENVAS:1361412562310122683", "OPENVAS:1361412562310122691", "OPENVAS:136141256231057171", "OPENVAS:136141256231058229", "OPENVAS:136141256231061460", "OPENVAS:136141256231061467", "OPENVAS:136141256231061477", "OPENVAS:136141256231063075", "OPENVAS:136141256231063134", "OPENVAS:136141256231063136", "OPENVAS:136141256231063177", "OPENVAS:136141256231063186", "OPENVAS:136141256231063187", "OPENVAS:136141256231063188", "OPENVAS:136141256231063373", "OPENVAS:136141256231063412", "OPENVAS:136141256231063445", "OPENVAS:136141256231063876", "OPENVAS:136141256231063877", "OPENVAS:136141256231063985", "OPENVAS:136141256231063987", "OPENVAS:136141256231064018", "OPENVAS:136141256231064022", "OPENVAS:136141256231064061", "OPENVAS:136141256231064073", "OPENVAS:136141256231064081", "OPENVAS:136141256231064085", "OPENVAS:136141256231064086", "OPENVAS:136141256231064438", "OPENVAS:136141256231064453", "OPENVAS:136141256231064454", "OPENVAS:136141256231064455", "OPENVAS:136141256231064493", "OPENVAS:136141256231064583", "OPENVAS:136141256231064637", "OPENVAS:136141256231064714", "OPENVAS:136141256231064808", "OPENVAS:136141256231064900", "OPENVAS:136141256231065027", "OPENVAS:136141256231065031", "OPENVAS:136141256231065046", "OPENVAS:136141256231065048", "OPENVAS:136141256231065068", "OPENVAS:136141256231065112", "OPENVAS:136141256231065244", "OPENVAS:136141256231065321", "OPENVAS:136141256231065398", "OPENVAS:136141256231065405", "OPENVAS:136141256231065548", "OPENVAS:136141256231065746", "OPENVAS:136141256231065763", "OPENVAS:136141256231065768", "OPENVAS:136141256231065883", "OPENVAS:136141256231065902", "OPENVAS:136141256231065933", "OPENVAS:136141256231065949", "OPENVAS:136141256231065960", "OPENVAS:136141256231065992", "OPENVAS:136141256231066435", "OPENVAS:136141256231066443", "OPENVAS:136141256231069004", "OPENVAS:136141256231069111", "OPENVAS:136141256231072459", "OPENVAS:1361412562310800052", "OPENVAS:1361412562310800056", "OPENVAS:1361412562310800067", "OPENVAS:1361412562310800079", "OPENVAS:1361412562310800142", "OPENVAS:1361412562310830031", "OPENVAS:1361412562310830033", "OPENVAS:1361412562310830057", "OPENVAS:1361412562310830068", "OPENVAS:1361412562310830139", "OPENVAS:1361412562310830267", "OPENVAS:1361412562310830327", "OPENVAS:1361412562310830338", "OPENVAS:1361412562310830376", "OPENVAS:1361412562310830447", "OPENVAS:1361412562310830493", "OPENVAS:1361412562310830543", "OPENVAS:1361412562310830590", "OPENVAS:1361412562310830600", "OPENVAS:1361412562310830610", "OPENVAS:1361412562310830625", "OPENVAS:1361412562310830647", "OPENVAS:1361412562310830740", "OPENVAS:1361412562310835183", "OPENVAS:1361412562310870038", "OPENVAS:1361412562310870089", "OPENVAS:1361412562310870103", "OPENVAS:1361412562310870110", "OPENVAS:1361412562310870112", "OPENVAS:1361412562310870147", "OPENVAS:1361412562310870148", "OPENVAS:1361412562310870171", "OPENVAS:1361412562310870180", "OPENVAS:1361412562310880009", "OPENVAS:1361412562310880033", "OPENVAS:1361412562310880047", "OPENVAS:1361412562310880102", "OPENVAS:1361412562310880106", "OPENVAS:1361412562310880158", "OPENVAS:1361412562310880209", "OPENVAS:1361412562310880239", "OPENVAS:1361412562310880245", "OPENVAS:1361412562310880263", "OPENVAS:1361412562310880276", "OPENVAS:1361412562310880292", "OPENVAS:1361412562310880297", "OPENVAS:1361412562310880312", "OPENVAS:1361412562310880314", "OPENVAS:1361412562310880338", "OPENVAS:1361412562310880679", "OPENVAS:1361412562310880715", "OPENVAS:1361412562310880721", "OPENVAS:1361412562310880813", "OPENVAS:1361412562310880850", "OPENVAS:1361412562310880879", "OPENVAS:1361412562310880881", "OPENVAS:1361412562310880932", "OPENVAS:1361412562310880936", "OPENVAS:1361412562310900105", "OPENVAS:1361412562310900106", "OPENVAS:56934", "OPENVAS:57118", "OPENVAS:57171", "OPENVAS:57382", "OPENVAS:57465", "OPENVAS:57882", "OPENVAS:58229", "OPENVAS:58252", "OPENVAS:58256", "OPENVAS:58260", "OPENVAS:58615", "OPENVAS:58616", "OPENVAS:58657", "OPENVAS:58696", "OPENVAS:58746", "OPENVAS:58808", "OPENVAS:60109", "OPENVAS:60798", "OPENVAS:60861", "OPENVAS:60864", "OPENVAS:60890", "OPENVAS:61041", "OPENVAS:61051", "OPENVAS:61171", "OPENVAS:61181", "OPENVAS:61184", "OPENVAS:61189", "OPENVAS:61190", "OPENVAS:61216", "OPENVAS:61219", "OPENVAS:61220", "OPENVAS:61372", "OPENVAS:61382", "OPENVAS:61391", "OPENVAS:61460", "OPENVAS:61467", "OPENVAS:61477", "OPENVAS:61593", "OPENVAS:61617", "OPENVAS:61655", "OPENVAS:61877", "OPENVAS:61905", "OPENVAS:62842", "OPENVAS:62844", "OPENVAS:62859", "OPENVAS:63066", "OPENVAS:63075", "OPENVAS:63134", "OPENVAS:63136", "OPENVAS:63177", "OPENVAS:63186", "OPENVAS:63187", "OPENVAS:63188", "OPENVAS:63235", "OPENVAS:63373", "OPENVAS:63412", "OPENVAS:63445", "OPENVAS:63876", "OPENVAS:63877", "OPENVAS:63985", "OPENVAS:63987", "OPENVAS:64018", "OPENVAS:64022", "OPENVAS:64061", "OPENVAS:64073", "OPENVAS:64081", "OPENVAS:64085", "OPENVAS:64086", "OPENVAS:64165", "OPENVAS:64168", "OPENVAS:64438", "OPENVAS:64453", "OPENVAS:64454", "OPENVAS:64455", "OPENVAS:64488", "OPENVAS:64493", "OPENVAS:64583", "OPENVAS:64637", "OPENVAS:64714", "OPENVAS:64808", "OPENVAS:64900", "OPENVAS:65027", "OPENVAS:65031", "OPENVAS:65046", "OPENVAS:65048", "OPENVAS:65068", "OPENVAS:65112", "OPENVAS:65244", "OPENVAS:65321", "OPENVAS:65398", "OPENVAS:65405", "OPENVAS:65548", "OPENVAS:65746", "OPENVAS:65763", "OPENVAS:65768", "OPENVAS:65883", "OPENVAS:65902", "OPENVAS:65933", "OPENVAS:65949", "OPENVAS:65960", "OPENVAS:65992", "OPENVAS:66435", "OPENVAS:66443", "OPENVAS:69004", "OPENVAS:69111", "OPENVAS:72459", "OPENVAS:800052", "OPENVAS:800056", "OPENVAS:800067", "OPENVAS:800079", "OPENVAS:830031", "OPENVAS:830033", "OPENVAS:830057", "OPENVAS:830068", "OPENVAS:830139", "OPENVAS:830267", "OPENVAS:830327", "OPENVAS:830338", "OPENVAS:830376", "OPENVAS:830447", "OPENVAS:830493", "OPENVAS:830543", "OPENVAS:830590", "OPENVAS:830600", "OPENVAS:830610", "OPENVAS:830625", "OPENVAS:830647", "OPENVAS:830740", "OPENVAS:835183", "OPENVAS:840040", "OPENVAS:840056", "OPENVAS:840065", "OPENVAS:840131", "OPENVAS:840132", "OPENVAS:840213", "OPENVAS:840265", "OPENVAS:840299", "OPENVAS:840329", "OPENVAS:840332", "OPENVAS:840343", "OPENVAS:850006", "OPENVAS:850113", "OPENVAS:860048", "OPENVAS:860080", "OPENVAS:860100", "OPENVAS:860106", "OPENVAS:860112", "OPENVAS:860150", "OPENVAS:860198", "OPENVAS:860251", "OPENVAS:860266", "OPENVAS:860284", "OPENVAS:860438", "OPENVAS:860550", "OPENVAS:860587", "OPENVAS:860618", "OPENVAS:860650", "OPENVAS:860656", "OPENVAS:860685", "OPENVAS:860795", "OPENVAS:860918", "OPENVAS:861001", "OPENVAS:861350", "OPENVAS:861387", "OPENVAS:861441", "OPENVAS:861535", "OPENVAS:870038", "OPENVAS:870089", "OPENVAS:870103", "OPENVAS:870110", "OPENVAS:870112", "OPENVAS:870147", "OPENVAS:870148", "OPENVAS:870171", "OPENVAS:870180", "OPENVAS:880009", "OPENVAS:880033", "OPENVAS:880047", "OPENVAS:880102", "OPENVAS:880106", "OPENVAS:880158", "OPENVAS:880209", "OPENVAS:880239", "OPENVAS:880245", "OPENVAS:880263", "OPENVAS:880276", "OPENVAS:880292", "OPENVAS:880297", "OPENVAS:880312", "OPENVAS:880314", "OPENVAS:880338", "OPENVAS:880679", "OPENVAS:880715", "OPENVAS:880721", "OPENVAS:880813", "OPENVAS:880850", "OPENVAS:880879", "OPENVAS:880881", "OPENVAS:880932", "OPENVAS:880936", "OPENVAS:900105", "OPENVAS:900106"]}, {"type": "oraclelinux", "idList": ["ELSA-2007-0002", "ELSA-2007-0125", "ELSA-2007-0126", "ELSA-2007-0132", "ELSA-2007-0150", "ELSA-2007-0157", "ELSA-2007-1076", "ELSA-2008-0502", "ELSA-2008-0503", "ELSA-2008-0504", "ELSA-2008-0522", "ELSA-2008-0556", "ELSA-2008-1029", "ELSA-2009-0010", "ELSA-2009-0057", "ELSA-2009-0329", "ELSA-2009-1176", "ELSA-2009-1177", "ELSA-2009-1178", "ELSA-2009-1427"]}, {"type": "osv", "idList": ["OSV:DSA-1095-1", "OSV:DSA-1178-1", "OSV:DSA-1193-1", "OSV:DSA-1294-1", "OSV:DSA-1377-2", "OSV:DSA-1454-1", "OSV:DSA-1551-1", "OSV:DSA-1556-2", "OSV:DSA-1595-1", "OSV:DSA-1620-1", "OSV:DSA-1635-1", "OSV:DSA-1667-1", "OSV:DSA-1680-1", "OSV:DSA-1682-1", "OSV:DSA-1858-1", "OSV:DSA-1903-1", "OSV:DSA-1977-1", "OSV:DSA-2176-1"]}, {"type": "redhat", "idList": ["RHSA-2006:0500", "RHSA-2006:0634", "RHSA-2006:0635", "RHSA-2007:0125", "RHSA-2007:0126", "RHSA-2007:0132", "RHSA-2007:0150", "RHSA-2007:0157", "RHSA-2007:1076", "RHSA-2008:0264", "RHSA-2008:0502", "RHSA-2008:0503", "RHSA-2008:0504", "RHSA-2008:0512", "RHSA-2008:0522", "RHSA-2008:0525", "RHSA-2008:0532", "RHSA-2008:0556", "RHSA-2008:0558", "RHSA-2008:0629", "RHSA-2008:1029", "RHSA-2009:0010", "RHSA-2009:0329", "RHSA-2009:1062", "RHSA-2009:1176", "RHSA-2009:1177", "RHSA-2009:1178", "RHSA-2009:1427"]}, {"type": "redhatcve", "idList": ["RH:CVE-2021-36386"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:15011", "SECURITYVULNS:DOC:15013", "SECURITYVULNS:DOC:15014", "SECURITYVULNS:DOC:15015", "SECURITYVULNS:DOC:16566", "SECURITYVULNS:DOC:16567", "SECURITYVULNS:DOC:17944", "SECURITYVULNS:DOC:19730", "SECURITYVULNS:DOC:20008", "SECURITYVULNS:DOC:20009", "SECURITYVULNS:DOC:20010", "SECURITYVULNS:DOC:20024", "SECURITYVULNS:DOC:20025", "SECURITYVULNS:DOC:20026", "SECURITYVULNS:DOC:20027", "SECURITYVULNS:DOC:20028", "SECURITYVULNS:DOC:20057", "SECURITYVULNS:DOC:20058", "SECURITYVULNS:DOC:20272", "SECURITYVULNS:DOC:20435", "SECURITYVULNS:DOC:20562", "SECURITYVULNS:VULN:7467", "SECURITYVULNS:VULN:7531", "SECURITYVULNS:VULN:8123", "SECURITYVULNS:VULN:8889", "SECURITYVULNS:VULN:8946", "SECURITYVULNS:VULN:9072", "SECURITYVULNS:VULN:9079", "SECURITYVULNS:VULN:9095", "SECURITYVULNS:VULN:9190", "SECURITYVULNS:VULN:9255", "SECURITYVULNS:VULN:9305", "SECURITYVULNS:VULN:9477"]}, {"type": "seebug", "idList": ["SSV:18331", "SSV:2191", "SSV:3226", "SSV:3423", "SSV:3424", "SSV:3436", "SSV:3787", "SSV:3800", "SSV:4093", "SSV:4526", "SSV:4583", "SSV:4762", "SSV:4796", "SSV:60622", "SSV:60623", "SSV:67092"]}, {"type": "slackware", "idList": ["SSA-2006-207-02", "SSA-2007-109-01", "SSA-2008-183-01", "SSA-2008-210-01", "SSA-2008-217-01"]}, {"type": "suse", "idList": ["SUSE-SA:2006:037", "SUSE-SA:2006:045", "SUSE-SA:2007:027", "SUSE-SA:2008:027"]}, {"type": "ubuntu", "idList": ["USN-291-1", "USN-324-1", "USN-341-1", "USN-448-1", "USN-453-1", "USN-481-1", "USN-520-1", "USN-585-1", "USN-616-1", "USN-632-1", "USN-643-1", "USN-672-1", "USN-684-1", "USN-700-1", "USN-700-2", "USN-707-1", "USN-806-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2006-1861", "UB:CVE-2006-3467", "UB:CVE-2007-1351", "UB:CVE-2007-1352", "UB:CVE-2007-1667", "UB:CVE-2007-1797", "UB:CVE-2007-3408", "UB:CVE-2007-4565", "UB:CVE-2007-4965", "UB:CVE-2008-1377", "UB:CVE-2008-1379", "UB:CVE-2008-1679", "UB:CVE-2008-1721", "UB:CVE-2008-1806", "UB:CVE-2008-1807", "UB:CVE-2008-1808", "UB:CVE-2008-1887", "UB:CVE-2008-1927", "UB:CVE-2008-2315", "UB:CVE-2008-2316", "UB:CVE-2008-2360", "UB:CVE-2008-2361", "UB:CVE-2008-2362", "UB:CVE-2008-2379", "UB:CVE-2008-2711", "UB:CVE-2008-3142", "UB:CVE-2008-3144", "UB:CVE-2008-3663", "UB:CVE-2008-4864", "UB:CVE-2008-5031", "UB:CVE-2008-5050", "UB:CVE-2008-5183", "UB:CVE-2008-5314", "UB:CVE-2009-0030", "UB:CVE-2009-4134", "UB:CVE-2010-1449", "UB:CVE-2010-1450"]}, {"type": "veracode", "idList": ["VERACODE:23041", "VERACODE:23081", "VERACODE:23300", "VERACODE:23301", "VERACODE:23302", "VERACODE:23303", "VERACODE:23304", "VERACODE:23323", "VERACODE:23324", "VERACODE:23325", "VERACODE:23389", "VERACODE:23498", "VERACODE:23606", "VERACODE:23739", "VERACODE:23740", "VERACODE:23741", "VERACODE:23742", "VERACODE:23743", "VERACODE:23745", "VERACODE:23746", "VERACODE:23747", "VERACODE:23783", "VERACODE:23784", "VERACODE:23789", "VERACODE:23790", "VERACODE:23905"]}, {"type": "vmware", "idList": ["VMSA-2007-0005", "VMSA-2008-0003", "VMSA-2008-0003.1", "VMSA-2008-0013", "VMSA-2008-0013.4", "VMSA-2008-0014", "VMSA-2008-0014.3", "VMSA-2009-0016", "VMSA-2009-0016.6"]}]}, "score": {"value": 0.3, "vector": "NONE"}, "backreferences": {"references": [{"type": "centos", "idList": ["CESA-2008:0502", "CESA-2008:0503", "CESA-2008:0504", "CESA-2008:0512-01", "CESA-2008:0522", "CESA-2008:0558-01", "CESA-2008:1029", "CESA-2009:0010", "CESA-2009:0329", "CESA-2009:1176", "CESA-2009:1178", "CESA-2009:1427"]}, {"type": "cve", "idList": ["CVE-2006-1861", "CVE-2006-3467", "CVE-2007-1351", "CVE-2007-1352", "CVE-2007-1667", "CVE-2007-4565", "CVE-2007-4965"]}, {"type": "debian", "idList": ["DEBIAN:DSA-1551-1:41B8A", "DEBIAN:DSA-1556-1:DB877", "DEBIAN:DSA-2176-1:CBD37"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2007-1351", "DEBIANCVE:CVE-2008-5183"]}, {"type": "exploitdb", "idList": ["EDB-ID:10229"]}, {"type": "exploitpack", "idList": ["EXPLOITPACK:6F4BE7377CBDEC35F258FFC9DEA11116"]}, {"type": "fedora", "idList": ["FEDORA:0FA03208DA4"]}, {"type": "freebsd", "idList": ["0DCCAA28-7F3C-11DD-8DE5-0030843D3802", "168190DF-3E9A-11DD-87BC-000EA69A5213", "1E8E63C0-478A-11DD-A88D-000EA69A5213", "24B64FB0-AF1D-11DD-8A16-001B1116B350", "45500F74-5947-11DC-87C1-000E2E5785AD", "4FB43B2F-46A9-11DD-9D38-00163E000016", "800E8BD5-3ACB-11DD-8842-001302A18722", "A0AFB4B9-89A1-11DD-A65B-00163E000016", "B975763F-5210-11DB-8F1A-000A48049292", "D1CE8A4F-C235-11DD-8CBC-00163E000016", "EC41C3E2-129C-11DD-BAB7-0016179B2DD5"]}, {"type": "gentoo", "idList": ["GLSA-200807-01"]}, {"type": "metasploit", "idList": ["MSF:ILITIES/CENTOS_LINUX-CVE-2008-3663/", "MSF:ILITIES/LINUXRPM-ELSA-2008-0504/", "MSF:ILITIES/SUSE-CVE-2008-2360/", "MSF:ILITIES/SUSE-CVE-2008-3663/"]}, {"type": "nessus", "idList": ["CENTOS_RHSA-2007-0157.NASL", "DEBIAN_DSA-1635.NASL", "FEDORA_2009-5644.NASL", "HPUX_PHSS_34392.NASL", "MANDRAKE_MDKSA-2007-081.NASL", "ORACLELINUX_ELSA-2008-0502.NASL", "REDHAT-RHSA-2008-0502.NASL", "REDHAT-RHSA-2008-0522.NASL", "SAFARI_3_2_2.NASL", "SL_20080611_XORG_X11_ON_SL4_X.NASL", "SL_20080611_XORG_X11_SERVER_ON_SL5_X.NASL", "SOLARIS10_119059_46.NASL", "SOLARIS10_X86_119060-68.NASL", "SOLARIS10_X86_119060_45.NASL", "SUSE9_11814.NASL", "SUSE_11_0_PERL-080715.NASL", "SUSE_FREETYPE2-1918.NASL", "SUSE_XGL-5528.NASL", "UBUNTU_USN-453-1.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310122576", "OPENVAS:136141256231061460", "OPENVAS:136141256231061467", "OPENVAS:136141256231064455", "OPENVAS:136141256231064900", "OPENVAS:136141256231065027", "OPENVAS:136141256231065031", "OPENVAS:136141256231065048", "OPENVAS:136141256231065405", "OPENVAS:136141256231069004", "OPENVAS:1361412562310830376", "OPENVAS:57171", "OPENVAS:58746", "OPENVAS:61467", "OPENVAS:63136", "OPENVAS:64900", "OPENVAS:65112", "OPENVAS:65405", "OPENVAS:830033", "OPENVAS:830600", "OPENVAS:840265", "OPENVAS:840299", "OPENVAS:860048", "OPENVAS:860112", "OPENVAS:860685", "OPENVAS:861535", "OPENVAS:880009", "OPENVAS:900106"]}, {"type": "oraclelinux", "idList": ["ELSA-2007-0125", "ELSA-2007-0126", "ELSA-2007-0132", "ELSA-2007-0157", "ELSA-2007-1076", "ELSA-2008-0522", "ELSA-2008-1029"]}, {"type": "redhat", "idList": ["RHSA-2007:0132", "RHSA-2007:0150", "RHSA-2007:0157", "RHSA-2008:0522", "RHSA-2008:1029"]}, {"type": "redhatcve", "idList": ["RH:CVE-2021-36386"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:17944", "SECURITYVULNS:DOC:20010", "SECURITYVULNS:DOC:20058"]}, {"type": "seebug", "idList": ["SSV:60623"]}, {"type": "slackware", "idList": ["SSA-2006-207-02"]}, {"type": "suse", "idList": ["SUSE-SA:2006:037"]}, {"type": "ubuntu", "idList": ["USN-453-1", "USN-672-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2008-1679", "UB:CVE-2008-1721", "UB:CVE-2008-1808", "UB:CVE-2008-1887", "UB:CVE-2008-1927"]}, {"type": "vmware", "idList": ["VMSA-2008-0003.1"]}]}, "exploitation": null, "epss": [{"cve": "CVE-2006-1861", "epss": 0.10292, "percentile": 0.9407, "modified": "2023-05-06"}, {"cve": "CVE-2006-3467", "epss": 0.17486, "percentile": 0.95314, "modified": "2023-05-06"}, {"cve": "CVE-2007-1351", "epss": 0.04285, "percentile": 0.9103, "modified": "2023-05-06"}, {"cve": "CVE-2007-1352", "epss": 0.03727, "percentile": 0.90415, "modified": "2023-05-06"}, {"cve": "CVE-2007-1667", "epss": 0.03965, "percentile": 0.90697, "modified": "2023-05-06"}, {"cve": "CVE-2007-4565", "epss": 0.01271, "percentile": 0.83635, "modified": "2023-05-06"}, {"cve": "CVE-2007-4965", "epss": 0.04991, "percentile": 0.91627, "modified": "2023-05-06"}, {"cve": "CVE-2008-1377", "epss": 0.00517, "percentile": 0.73315, "modified": "2023-05-06"}, {"cve": "CVE-2008-1379", "epss": 0.00249, "percentile": 0.6135, "modified": "2023-05-06"}, {"cve": "CVE-2008-1679", "epss": 0.00404, "percentile": 0.69847, "modified": "2023-05-06"}, {"cve": "CVE-2008-1721", "epss": 0.10081, "percentile": 0.94019, "modified": "2023-05-06"}, {"cve": "CVE-2008-1806", "epss": 0.02057, "percentile": 0.8733, "modified": "2023-05-06"}, {"cve": "CVE-2008-1807", "epss": 0.02024, "percentile": 0.87196, "modified": "2023-05-06"}, {"cve": "CVE-2008-1808", "epss": 0.02057, "percentile": 0.8733, "modified": "2023-05-06"}, {"cve": "CVE-2008-1887", "epss": 0.00434, "percentile": 0.70851, "modified": "2023-05-06"}, {"cve": "CVE-2008-1927", "epss": 0.01018, "percentile": 0.81567, "modified": "2023-05-06"}, {"cve": "CVE-2008-2315", "epss": 0.01471, "percentile": 0.84767, "modified": "2023-05-06"}, {"cve": "CVE-2008-2316", "epss": 0.0165, "percentile": 0.85675, "modified": "2023-05-06"}, {"cve": "CVE-2008-2360", "epss": 0.00489, "percentile": 0.72566, "modified": "2023-05-06"}, {"cve": "CVE-2008-2361", "epss": 0.00348, "percentile": 0.67472, "modified": "2023-05-06"}, {"cve": "CVE-2008-2362", "epss": 0.01805, "percentile": 0.86327, "modified": "2023-05-06"}, {"cve": "CVE-2008-2379", "epss": 0.00329, "percentile": 0.66608, "modified": "2023-05-06"}, {"cve": "CVE-2008-2711", "epss": 0.09856, "percentile": 0.93939, "modified": "2023-05-06"}, {"cve": "CVE-2008-3142", "epss": 0.00227, "percentile": 0.59485, "modified": "2023-05-06"}, {"cve": "CVE-2008-3144", "epss": 0.01313, "percentile": 0.83913, "modified": "2023-05-06"}, {"cve": "CVE-2008-3663", "epss": 0.00462, "percentile": 0.7173, "modified": "2023-05-06"}, {"cve": "CVE-2008-4864", "epss": 0.00703, "percentile": 0.77469, "modified": "2023-05-06"}, {"cve": "CVE-2008-5031", "epss": 0.01165, "percentile": 0.82848, "modified": "2023-05-06"}, {"cve": "CVE-2008-5050", "epss": 0.05915, "percentile": 0.9231, "modified": "2023-05-06"}, {"cve": "CVE-2008-5183", "epss": 0.00467, "percentile": 0.71873, "modified": "2023-05-06"}, {"cve": "CVE-2008-5314", "epss": 0.16206, "percentile": 0.9516, "modified": "2023-05-06"}, {"cve": "CVE-2009-0009", "epss": 0.01591, "percentile": 0.85422, "modified": "2023-05-06"}, {"cve": "CVE-2009-0011", "epss": 0.00042, "percentile": 0.05667, "modified": "2023-05-06"}, {"cve": "CVE-2009-0012", "epss": 0.14396, "percentile": 0.94882, "modified": "2023-05-06"}, {"cve": "CVE-2009-0013", "epss": 0.00042, "percentile": 0.05667, "modified": "2023-05-06"}, {"cve": "CVE-2009-0014", "epss": 0.00042, "percentile": 0.05667, "modified": "2023-05-06"}, {"cve": "CVE-2009-0015", "epss": 0.00042, "percentile": 0.05667, "modified": "2023-05-06"}, {"cve": "CVE-2009-0017", "epss": 0.00042, "percentile": 0.05667, "modified": "2023-05-06"}, {"cve": "CVE-2009-0018", "epss": 0.00533, "percentile": 0.73711, "modified": "2023-05-06"}, {"cve": "CVE-2009-0019", "epss": 0.02015, "percentile": 0.87167, "modified": "2023-05-06"}, {"cve": "CVE-2009-0020", "epss": 0.04151, "percentile": 0.90894, "modified": "2023-05-06"}, {"cve": "CVE-2009-0137", "epss": 0.00624, "percentile": 0.75835, "modified": "2023-05-06"}, {"cve": "CVE-2009-0138", "epss": 0.01565, "percentile": 0.85294, "modified": "2023-05-06"}, {"cve": "CVE-2009-0139", "epss": 0.002, "percentile": 0.56404, "modified": "2023-05-06"}, {"cve": "CVE-2009-0140", "epss": 0.00156, "percentile": 0.50625, "modified": "2023-05-06"}, {"cve": "CVE-2009-0141", "epss": 0.00042, "percentile": 0.05667, "modified": "2023-05-06"}, {"cve": "CVE-2009-0142", "epss": 0.00042, "percentile": 0.05667, "modified": "2023-05-06"}], "vulnersScore": 0.3}, "_state": {"dependencies": 1684423147, "score": 1684426093, "epss": 0}, "_internal": {"score_hash": "2595aaf4b11ee4e67ef28f675bdf67a7"}, "pluginID": "35684", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\nif (!defined_func(\"bn_random\")) exit(0);\nif (NASL_LEVEL < 3004) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(35684);\n script_version(\"1.32\");\n script_cvs_date(\"Date: 2018/07/16 12:48:31\");\n\n script_cve_id(\"CVE-2006-1861\", \"CVE-2006-3467\", \"CVE-2007-1351\", \"CVE-2007-1352\", \"CVE-2007-1667\",\n \"CVE-2007-4565\", \"CVE-2007-4965\", \"CVE-2008-1377\", \"CVE-2008-1379\", \"CVE-2008-1679\",\n \"CVE-2008-1721\", \"CVE-2008-1806\", \"CVE-2008-1807\", \"CVE-2008-1808\", \"CVE-2008-1887\",\n \"CVE-2008-1927\", \"CVE-2008-2315\", \"CVE-2008-2316\", \"CVE-2008-2360\", \"CVE-2008-2361\",\n \"CVE-2008-2362\", \"CVE-2008-2379\", \"CVE-2008-2711\", \"CVE-2008-3142\", \"CVE-2008-3144\",\n \"CVE-2008-3663\", \"CVE-2008-4864\", \"CVE-2008-5031\", \"CVE-2008-5050\", \"CVE-2008-5183\",\n \"CVE-2008-5314\", \"CVE-2009-0009\", \"CVE-2009-0011\", \"CVE-2009-0012\", \"CVE-2009-0013\",\n \"CVE-2009-0014\", \"CVE-2009-0015\", \"CVE-2009-0017\", \"CVE-2009-0018\", \"CVE-2009-0019\",\n \"CVE-2009-0020\", \"CVE-2009-0137\", \"CVE-2009-0138\", \"CVE-2009-0139\", \"CVE-2009-0140\",\n \"CVE-2009-0141\", \"CVE-2009-0142\");\n script_bugtraq_id(25495, 25696, 28715, 28749, 28928, 29705, 30491, 31976, 32207, 32555,\n 33187, 33796, 33798, 33800, 33806, 33808, 33809, 33810, 33811, 33812,\n 33813, 33814, 33815, 33816, 33820, 33821);\n\n script_name(english:\"Mac OS X Multiple Vulnerabilities (Security Update 2009-001)\");\n script_summary(english:\"Check for the presence of Security Update 2009-001\");\n\n script_set_attribute( attribute:\"synopsis\", value:\n\"The remote host is missing a Mac OS X update that fixes various\nsecurity issues.\" );\n script_set_attribute( attribute:\"description\", value:\n\"The remote host is running a version of Mac OS X 10.5 or 10.4 that\ndoes not have Security Update 2009-001 applied.\n\nThis security update contains fixes for the following products :\n\n - AFP Server\n - Apple Pixlet Video\n - CarbonCore\n - CFNetwork\n - Certificate Assistant\n - ClamAV\n - CoreText\n - CUPS\n - DS Tools\n - fetchmail\n - Folder Manager\n - FSEvents\n - Network Time\n - perl\n - Printing\n - python\n - Remote Apple Events\n - Safari RSS\n - servermgrd\n - SMB\n - SquirrelMail\n - X11\n - XTerm\" );\n script_set_attribute(\n attribute:\"see_also\", \n value:\"http://support.apple.com/kb/ht3438\"\n );\n script_set_attribute(\n attribute:\"see_also\", \n value:\"http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html\"\n );\n script_set_attribute( attribute:\"solution\", value:\n \"Install Security Update 2009-001 or later.\" );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_cwe_id(20, 79, 119, 189, 255, 264, 287, 310, 362, 399);\n script_set_attribute(attribute:\"plugin_publication_date\", value: \"2009/02/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value: \"2009/02/12\");\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:apple:mac_os_x\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n script_copyright(english:\"This script is Copyright (C) 2009-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/MacOSX/packages\", \"Host/uname\");\n exit(0);\n}\n\n#\n\nuname = get_kb_item(\"Host/uname\");\nif (!uname) exit(1, \"The 'Host/uname' KB item is missing.\");\n\nif (egrep(pattern:\"Darwin.* (8\\.[0-9]\\.|8\\.1[01]\\.)\", string:uname))\n{\n packages = get_kb_item(\"Host/MacOSX/packages\");\n if (!packages) exit(1, \"The 'Host/MacOSX/packages' KB item is missing.\");\n\n if (egrep(pattern:\"^SecUpd(Srvr)?(2009-00[1-9]|20[1-9][0-9]-)\", string:packages))\n exit(0, \"The host has Security Update 2009-001 or later installed and therefore is not affected.\");\n else\n security_hole(0);\n}\nelse if (egrep(pattern:\"Darwin.* (9\\.[0-6]\\.)\", string:uname))\n{\n packages = get_kb_item(\"Host/MacOSX/packages/boms\");\n if (!packages) exit(1, \"The 'Host/MacOSX/packages/boms' KB item is missing.\");\n\n if (egrep(pattern:\"^com\\.apple\\.pkg\\.update\\.security\\.(2009\\.00[1-9]|20[1-9][0-9]\\.[0-9]+)\\.bom\", string:packages))\n exit(0, \"The host has Security Update 2009-001 or later installed and therefore is not affected.\");\n else\n security_hole(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "naslFamily": "MacOS X Local Security Checks", "cpe": ["cpe:/o:apple:mac_os_x"], "solution": "Install Security Update 2009-001 or later.", "nessusSeverity": "Critical", "cvssScoreSource": "", "vendor_cvss2": {"score": 10, "vector": "CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "vendor_cvss3": {"score": null, "vector": null}, "vpr": {"risk factor": "High", "score": "8.9"}, "exploitAvailable": true, "exploitEase": "Exploits are available", "patchPublicationDate": "2009-02-12T00:00:00", "vulnerabilityPublicationDate": null, "exploitableWith": []}

{"openvas": [{"lastseen": "2017-07-02T21:09:59", "description": "The remote host is missing Security Update 2009-001.\n One or more of the following components are affected:\n\n AFP Server\n Apple Pixlet Video\n CarbonCore\n CFNetwork\n Certificate Assistant\n ClamAV\n CoreText\n CUPS\n DS Tools\n fetchmail\n Folder Manager\n FSEvents\n Network Time\n perl\n Printing\n python\n Remote Apple Events\n Safari RSS\n servermgrd\n SMB\n SquirrelMail\n X11\n XTerm", "cvss3": {}, "published": "2010-05-12T00:00:00", "type": "openvas", "title": "Mac OS X Security Update 2009-001", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-5050", "CVE-2008-2362", "CVE-2009-0137", "CVE-2008-1927", "CVE-2009-0139", "CVE-2009-0017", "CVE-2009-0014", "CVE-2008-1379", "CVE-2008-1721", "CVE-2007-1667", "CVE-2008-4864", "CVE-2009-0138", "CVE-2009-0011", "CVE-2008-2316", "CVE-2009-0019", "CVE-2007-1351", "CVE-2008-3663", "CVE-2008-1808", "CVE-2009-0013", "CVE-2007-4565", "CVE-2007-4965", "CVE-2009-0015", "CVE-2007-1352", "CVE-2008-2711", "CVE-2008-3144", "CVE-2008-5183", "CVE-2009-0018", "CVE-2008-1377", "CVE-2006-3467", "CVE-2008-3142", "CVE-2009-0012", "CVE-2009-0141", "CVE-2006-1861", "CVE-2009-0142", "CVE-2008-2315", "CVE-2008-2379", "CVE-2008-1679", "CVE-2009-0140", "CVE-2008-2361", "CVE-2008-1887", "CVE-2008-2360", "CVE-2008-1807", "CVE-2008-5031", "CVE-2009-0020", "CVE-2008-1806", "CVE-2009-0009", "CVE-2008-5314"], "modified": "2017-02-22T00:00:00", "id": "OPENVAS:102026", "href": "http://plugins.openvas.org/nasl.php?oid=102026", "sourceData": "###################################################################\n# OpenVAS Vulnerability Test\n#\n# Mac OS X Security Update 2009-001\n#\n# LSS-NVT-2010-015\n#\n# Developed by LSS Security Team <http://security.lss.hr>\n#\n# Copyright (C) 2010 LSS <http://www.lss.hr>\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public\n# License along with this program. If not, see\n# <http://www.gnu.org/licenses/>.\n###################################################################\n\ntag_solution = \"Update your Mac OS X operating system.\n\n For more information see:\n http://support.apple.com/kb/HT3438\";\n\ntag_summary = \"The remote host is missing Security Update 2009-001.\n One or more of the following components are affected:\n\n AFP Server\n Apple Pixlet Video\n CarbonCore\n CFNetwork\n Certificate Assistant\n ClamAV\n CoreText\n CUPS\n DS Tools\n fetchmail\n Folder Manager\n FSEvents\n Network Time\n perl\n Printing\n python\n Remote Apple Events\n Safari RSS\n servermgrd\n SMB\n SquirrelMail\n X11\n XTerm\";\n\n\nif(description)\n{\n script_id(102026);\n script_version(\"$Revision: 5394 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-02-22 10:22:42 +0100 (Wed, 22 Feb 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-05-12 14:48:44 +0200 (Wed, 12 May 2010)\");\n script_cve_id(\"CVE-2009-0142\",\"CVE-2009-0009\",\"CVE-2009-0020\",\"CVE-2009-0011\",\"CVE-2008-5050\",\"CVE-2008-5314\",\"CVE-2009-0012\",\"CVE-2008-5183\",\"CVE-2009-0013\",\"CVE-2007-4565\",\"CVE-2008-2711\",\"CVE-2009-0014\",\"CVE-2009-0015\",\"CVE-2008-1927\",\"CVE-2009-0017\",\"CVE-2008-1679\",\"CVE-2008-1721\",\"CVE-2008-1887\",\"CVE-2008-2315\",\"CVE-2008-2316\",\"CVE-2008-3142\",\"CVE-2008-3144\",\"CVE-2008-4864\",\"CVE-2007-4965\",\"CVE-2008-5031\",\"CVE-2009-0018\",\"CVE-2009-0019\",\"CVE-2009-0137\",\"CVE-2009-0138\",\"CVE-2009-0139\",\"CVE-2009-0140\",\"CVE-2008-2379\",\"CVE-2008-3663\",\"CVE-2008-1377\",\"CVE-2008-1379\",\"CVE-2008-2360\",\"CVE-2008-2361\",\"CVE-2008-2362\",\"CVE-2006-1861\",\"CVE-2006-3467\",\"CVE-2007-1351\",\"CVE-2008-1806\",\"CVE-2008-1807\",\"CVE-2008-1808\",\"CVE-2007-1352\",\"CVE-2007-1667\",\"CVE-2009-0141\");\n script_name(\"Mac OS X Security Update 2009-001\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2010 LSS\");\n script_family(\"Mac OS X Local Security Checks\");\n script_require_ports(\"Services/ssh\", 22);\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/osx_name\",\"ssh/login/osx_version\");\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\ninclude(\"pkg-lib-macosx.inc\");\ninclude(\"version_func.inc\");\n\nssh_osx_name = get_kb_item(\"ssh/login/osx_name\");\nif (!ssh_osx_name) exit (0);\n\nssh_osx_ver = get_kb_item(\"ssh/login/osx_version\");\nif (!ssh_osx_ver) exit (0);\n\nssh_osx_rls = ssh_osx_name + ' ' + ssh_osx_ver;\n\npkg_for_ver = make_list(\"Mac OS X 10.5.6\",\"Mac OS X Server 10.5.6\",\"Mac OS X 10.4.11\",\"Mac OS X Server 10.4.11\");\n\nif (rlsnotsupported(rls:ssh_osx_rls, list:pkg_for_ver)) { security_message(0); exit(0);}\n\nif (osx_rls_name(rls:ssh_osx_rls) == osx_rls_name(rls:\"Mac OS X 10.5.6\")) {\n if (version_is_less(version:osx_ver(ver:ssh_osx_rls), test_version:osx_ver(ver:\"Mac OS X 10.5.6\"))) { security_message(0); exit(0);}\n else if ((ssh_osx_ver==osx_ver(ver:\"Mac OS X 10.5.6\")) && (isosxpkgvuln(fixed:\"com.apple.pkg.update.security.\", diff:\"2009.001\"))) { security_message(0); exit(0);}\n}\nif (osx_rls_name(rls:ssh_osx_rls) == osx_rls_name(rls:\"Mac OS X Server 10.5.6\")) {\n if (version_is_less(version:osx_ver(ver:ssh_osx_rls), test_version:osx_ver(ver:\"Mac OS X Server 10.5.6\"))) { security_message(0); exit(0);}\n else if ((ssh_osx_ver==osx_ver(ver:\"Mac OS X Server 10.5.6\")) && (isosxpkgvuln(fixed:\"com.apple.pkg.update.security.\", diff:\"2009.001\"))) { security_message(0); exit(0);}\n}\nif (osx_rls_name(rls:ssh_osx_rls) == osx_rls_name(rls:\"Mac OS X 10.4.11\")) {\n if (version_is_less(version:osx_ver(ver:ssh_osx_rls), test_version:osx_ver(ver:\"Mac OS X 10.4.11\"))) { security_message(0); exit(0);}\n else if ((ssh_osx_ver==osx_ver(ver:\"Mac OS X 10.4.11\")) && (isosxpkgvuln(fixed:\"com.apple.pkg.update.security.\", diff:\"2009.001\"))) { security_message(0); exit(0);}\n}\nif (osx_rls_name(rls:ssh_osx_rls) == osx_rls_name(rls:\"Mac OS X Server 10.4.11\")) {\n if (version_is_less(version:osx_ver(ver:ssh_osx_rls), test_version:osx_ver(ver:\"Mac OS X Server 10.4.11\"))) { security_message(0); exit(0);}\n else if ((ssh_osx_ver==osx_ver(ver:\"Mac OS X Server 10.4.11\")) && (isosxpkgvuln(fixed:\"com.apple.pkg.update.security.\", diff:\"2009.001\"))) { security_message(0); exit(0);}\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:40:09", "description": "The remote host is missing Security Update 2009-001.", "cvss3": {}, "published": "2010-05-12T00:00:00", "type": "openvas", "title": "Mac OS X Security Update 2009-001", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-5050", "CVE-2008-2362", "CVE-2009-0137", "CVE-2008-1927", "CVE-2009-0139", "CVE-2009-0017", "CVE-2009-0014", "CVE-2008-1379", "CVE-2008-1721", "CVE-2007-1667", "CVE-2008-4864", "CVE-2009-0138", "CVE-2009-0011", "CVE-2008-2316", "CVE-2009-0019", "CVE-2007-1351", "CVE-2008-3663", "CVE-2008-1808", "CVE-2009-0013", "CVE-2007-4565", "CVE-2007-4965", "CVE-2009-0015", "CVE-2007-1352", "CVE-2008-2711", "CVE-2008-3144", "CVE-2008-5183", "CVE-2009-0018", "CVE-2008-1377", "CVE-2006-3467", "CVE-2008-3142", "CVE-2009-0012", "CVE-2009-0141", "CVE-2006-1861", "CVE-2009-0142", "CVE-2008-2315", "CVE-2008-2379", "CVE-2008-1679", "CVE-2009-0140", "CVE-2008-2361", "CVE-2008-1887", "CVE-2008-2360", "CVE-2008-1807", "CVE-2008-5031", "CVE-2009-0020", "CVE-2008-1806", "CVE-2009-0009", "CVE-2008-5314"], "modified": "2019-03-19T00:00:00", "id": "OPENVAS:1361412562310102026", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310102026", "sourceData": "###################################################################\n# OpenVAS Vulnerability Test\n# $Id: macosx_secupd_2009-001.nasl 14307 2019-03-19 10:09:27Z cfischer $\n#\n# Mac OS X Security Update 2009-001\n#\n# LSS-NVT-2010-015\n#\n# Developed by LSS Security Team <http://security.lss.hr>\n#\n# Copyright (C) 2010 LSS <http://www.lss.hr>\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public\n# License along with this program. If not, see\n# <http://www.gnu.org/licenses/>.\n###################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.102026\");\n script_version(\"$Revision: 14307 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-19 11:09:27 +0100 (Tue, 19 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2010-05-12 14:48:44 +0200 (Wed, 12 May 2010)\");\n script_cve_id(\"CVE-2009-0142\", \"CVE-2009-0009\", \"CVE-2009-0020\", \"CVE-2009-0011\", \"CVE-2008-5050\",\n \"CVE-2008-5314\", \"CVE-2009-0012\", \"CVE-2008-5183\", \"CVE-2009-0013\", \"CVE-2007-4565\",\n \"CVE-2008-2711\", \"CVE-2009-0014\", \"CVE-2009-0015\", \"CVE-2008-1927\", \"CVE-2009-0017\",\n \"CVE-2008-1679\", \"CVE-2008-1721\", \"CVE-2008-1887\", \"CVE-2008-2315\", \"CVE-2008-2316\",\n \"CVE-2008-3142\", \"CVE-2008-3144\", \"CVE-2008-4864\", \"CVE-2007-4965\", \"CVE-2008-5031\",\n \"CVE-2009-0018\", \"CVE-2009-0019\", \"CVE-2009-0137\", \"CVE-2009-0138\", \"CVE-2009-0139\",\n \"CVE-2009-0140\", \"CVE-2008-2379\", \"CVE-2008-3663\", \"CVE-2008-1377\", \"CVE-2008-1379\",\n \"CVE-2008-2360\", \"CVE-2008-2361\", \"CVE-2008-2362\", \"CVE-2006-1861\", \"CVE-2006-3467\",\n \"CVE-2007-1351\", \"CVE-2008-1806\", \"CVE-2008-1807\", \"CVE-2008-1808\", \"CVE-2007-1352\",\n \"CVE-2007-1667\", \"CVE-2009-0141\");\n script_name(\"Mac OS X Security Update 2009-001\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2010 LSS\");\n script_family(\"Mac OS X Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/osx_name\", \"ssh/login/osx_version\", re:\"ssh/login/osx_version=^10\\.[45]\\.\");\n\n script_xref(name:\"URL\", value:\"http://support.apple.com/kb/HT3438\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing Security Update 2009-001.\");\n\n script_tag(name:\"affected\", value:\"One or more of the following components are affected:\n\n AFP Server\n\n Apple Pixlet Video\n\n CarbonCore\n\n CFNetwork\n\n Certificate Assistant\n\n ClamAV\n\n CoreText\n\n CUPS\n\n DS Tools\n\n fetchmail\n\n Folder Manager\n\n FSEvents\n\n Network Time\n\n perl\n\n Printing\n\n python\n\n Remote Apple Events\n\n Safari RSS\n\n servermgrd\n\n SMB\n\n SquirrelMail\n\n X11\n\n XTerm\");\n\n script_tag(name:\"solution\", value:\"Update your Mac OS X operating system. Please see the references for more information.\");\n\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"pkg-lib-macosx.inc\");\ninclude(\"version_func.inc\");\n\nssh_osx_name = get_kb_item(\"ssh/login/osx_name\");\nif (!ssh_osx_name) exit (0);\n\nssh_osx_ver = get_kb_item(\"ssh/login/osx_version\");\nif (!ssh_osx_ver || ssh_osx_ver !~ \"^10\\.[45]\\.\") exit (0);\n\nssh_osx_rls = ssh_osx_name + ' ' + ssh_osx_ver;\n\npkg_for_ver = make_list(\"Mac OS X 10.5.6\",\"Mac OS X Server 10.5.6\",\"Mac OS X 10.4.11\",\"Mac OS X Server 10.4.11\");\n\nif (rlsnotsupported(rls:ssh_osx_rls, list:pkg_for_ver)) { security_message( port: 0, data: \"The target host was found to be vulnerable\" ); exit(0);}\n\nif (osx_rls_name(rls:ssh_osx_rls) == osx_rls_name(rls:\"Mac OS X 10.5.6\")) {\n if(version_is_less(version:osx_ver(ver:ssh_osx_rls), test_version:osx_ver(ver:\"Mac OS X 10.5.6\"))) { security_message( port: 0, data: \"The target host was found to be vulnerable\" ); exit(0);}\n else if((ssh_osx_ver == osx_ver(ver:\"Mac OS X 10.5.6\")) && (isosxpkgvuln(fixed:\"com.apple.pkg.update.security.\", diff:\"2009.001\"))) { security_message( port: 0, data: \"The target host was found to be vulnerable\" ); exit(0);}\n}\nif (osx_rls_name(rls:ssh_osx_rls) == osx_rls_name(rls:\"Mac OS X Server 10.5.6\")) {\n if(version_is_less(version:osx_ver(ver:ssh_osx_rls), test_version:osx_ver(ver:\"Mac OS X Server 10.5.6\"))) { security_message( port: 0, data: \"The target host was found to be vulnerable\" ); exit(0);}\n else if((ssh_osx_ver == osx_ver(ver:\"Mac OS X Server 10.5.6\")) && (isosxpkgvuln(fixed:\"com.apple.pkg.update.security.\", diff:\"2009.001\"))) { security_message( port: 0, data: \"The target host was found to be vulnerable\" ); exit(0);}\n}\nif (osx_rls_name(rls:ssh_osx_rls) == osx_rls_name(rls:\"Mac OS X 10.4.11\")) {\n if(version_is_less(version:osx_ver(ver:ssh_osx_rls), test_version:osx_ver(ver:\"Mac OS X 10.4.11\"))) { security_message( port: 0, data: \"The target host was found to be vulnerable\" ); exit(0);}\n else if((ssh_osx_ver == osx_ver(ver:\"Mac OS X 10.4.11\")) && (isosxpkgvuln(fixed:\"com.apple.pkg.update.security.\", diff:\"2009.001\"))) { security_message( port: 0, data: \"The target host was found to be vulnerable\" ); exit(0);}\n}\nif (osx_rls_name(rls:ssh_osx_rls) == osx_rls_name(rls:\"Mac OS X Server 10.4.11\")) {\n if(version_is_less(version:osx_ver(ver:ssh_osx_rls), test_version:osx_ver(ver:\"Mac OS X Server 10.4.11\"))) { security_message( port: 0, data: \"The target host was found to be vulnerable\" ); exit(0);}\n else if((ssh_osx_ver == osx_ver(ver:\"Mac OS X Server 10.4.11\")) && (isosxpkgvuln(fixed:\"com.apple.pkg.update.security.\", diff:\"2009.001\"))) { security_message( port: 0, data: \"The target host was found to be vulnerable\" ); exit(0);}\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2017-07-27T10:56:14", "description": "The remote host is missing updates announced in\nadvisory RHSA-2009:1177.\n\nPython is an interpreted, interactive, object-oriented programming\nlanguage.\n\nWhen the assert() system call was disabled, an input sanitization flaw was\nrevealed in the Python string object implementation that led to a buffer\noverflow. The missing check for negative size values meant the Python\nmemory allocator could allocate less memory than expected. This could\nresult in arbitrary code execution with the Python interpreter's\nprivileges. (CVE-2008-1887)\n\nMultiple buffer and integer overflow flaws were found in the Python Unicode\nstring processing and in the Python Unicode and string object\nimplementations. An attacker could use these flaws to cause a denial of\nservice (Python application crash). (CVE-2008-3142, CVE-2008-5031)\n\nMultiple integer overflow flaws were found in the Python imageop module. If\na Python application used the imageop module to process untrusted images,\nit could cause the application to crash or, potentially, execute arbitrary\ncode with the Python interpreter's privileges. (CVE-2008-1679,\nCVE-2008-4864)\n\nMultiple integer underflow and overflow flaws were found in the Python\nsnprintf() wrapper implementation. An attacker could use these flaws to\ncause a denial of service (memory corruption). (CVE-2008-3144)\n\nMultiple integer overflow flaws were found in various Python modules. An\nattacker could use these flaws to cause a denial of service (Python\napplication crash). (CVE-2008-2315, CVE-2008-3143)\n\nAn integer signedness error, leading to a buffer overflow, was found\nin the Python zlib extension module. If a Python application requested\nthe negative byte count be flushed for a decompression stream, it could\ncause the application to crash or, potentially, execute arbitrary code\nwith the Python interpreter's privileges. (CVE-2008-1721)\n\nRed Hat would like to thank David Remahl of the Apple Product Security team\nfor responsibly reporting the CVE-2008-1679 and CVE-2008-2315 issues.\n\nAll Python users should upgrade to these updated packages, which contain\nbackported patches to correct these issues.", "cvss3": {}, "published": "2009-07-29T00:00:00", "type": "openvas", "title": "RedHat Security Advisory RHSA-2009:1177", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-1721", "CVE-2008-3143", "CVE-2008-4864", "CVE-2008-3144", "CVE-2008-3142", "CVE-2008-2315", "CVE-2008-1679", "CVE-2008-1887", "CVE-2008-5031"], "modified": "2017-07-12T00:00:00", "id": "OPENVAS:64454", "href": "http://plugins.openvas.org/nasl.php?oid=64454", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: RHSA_2009_1177.nasl 6683 2017-07-12 09:41:57Z cfischer $\n# Description: Auto-generated from advisory RHSA-2009:1177 ()\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates announced in\nadvisory RHSA-2009:1177.\n\nPython is an interpreted, interactive, object-oriented programming\nlanguage.\n\nWhen the assert() system call was disabled, an input sanitization flaw was\nrevealed in the Python string object implementation that led to a buffer\noverflow. The missing check for negative size values meant the Python\nmemory allocator could allocate less memory than expected. This could\nresult in arbitrary code execution with the Python interpreter's\nprivileges. (CVE-2008-1887)\n\nMultiple buffer and integer overflow flaws were found in the Python Unicode\nstring processing and in the Python Unicode and string object\nimplementations. An attacker could use these flaws to cause a denial of\nservice (Python application crash). (CVE-2008-3142, CVE-2008-5031)\n\nMultiple integer overflow flaws were found in the Python imageop module. If\na Python application used the imageop module to process untrusted images,\nit could cause the application to crash or, potentially, execute arbitrary\ncode with the Python interpreter's privileges. (CVE-2008-1679,\nCVE-2008-4864)\n\nMultiple integer underflow and overflow flaws were found in the Python\nsnprintf() wrapper implementation. An attacker could use these flaws to\ncause a denial of service (memory corruption). (CVE-2008-3144)\n\nMultiple integer overflow flaws were found in various Python modules. An\nattacker could use these flaws to cause a denial of service (Python\napplication crash). (CVE-2008-2315, CVE-2008-3143)\n\nAn integer signedness error, leading to a buffer overflow, was found\nin the Python zlib extension module. If a Python application requested\nthe negative byte count be flushed for a decompression stream, it could\ncause the application to crash or, potentially, execute arbitrary code\nwith the Python interpreter's privileges. (CVE-2008-1721)\n\nRed Hat would like to thank David Remahl of the Apple Product Security team\nfor responsibly reporting the CVE-2008-1679 and CVE-2008-2315 issues.\n\nAll Python users should upgrade to these updated packages, which contain\nbackported patches to correct these issues.\";\n\ntag_solution = \"Please note that this update is available via\nRed Hat Network. To use Red Hat Network, launch the Red\nHat Update Agent with the following command: up2date\";\n\n\n\nif(description)\n{\n script_id(64454);\n script_version(\"$Revision: 6683 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-12 11:41:57 +0200 (Wed, 12 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-07-29 19:28:37 +0200 (Wed, 29 Jul 2009)\");\n script_cve_id(\"CVE-2008-1679\", \"CVE-2008-1721\", \"CVE-2008-1887\", \"CVE-2008-2315\", \"CVE-2008-3142\", \"CVE-2008-3143\", \"CVE-2008-3144\", \"CVE-2008-4864\", \"CVE-2008-5031\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"RedHat Security Advisory RHSA-2009:1177\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"http://rhn.redhat.com/errata/RHSA-2009-1177.html\");\n script_xref(name : \"URL\" , value : \"http://www.redhat.com/security/updates/classification/#moderate\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"python\", rpm:\"python~2.3.4~14.7.el4_8.2\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"python-debuginfo\", rpm:\"python-debuginfo~2.3.4~14.7.el4_8.2\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"python-devel\", rpm:\"python-devel~2.3.4~14.7.el4_8.2\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"python-docs\", rpm:\"python-docs~2.3.4~14.7.el4_8.2\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"python-tools\", rpm:\"python-tools~2.3.4~14.7.el4_8.2\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"tkinter\", rpm:\"tkinter~2.3.4~14.7.el4_8.2\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-06T11:38:55", "description": "The remote host is missing updates announced in\nadvisory RHSA-2009:1177.\n\nPython is an interpreted, interactive, object-oriented programming\nlanguage.\n\nWhen the assert() system call was disabled, an input sanitization flaw was\nrevealed in the Python string object implementation that led to a buffer\noverflow. The missing check for negative size values meant the Python\nmemory allocator could allocate less memory than expected. This could\nresult in arbitrary code execution with the Python interpreter's\nprivileges. (CVE-2008-1887)\n\nMultiple buffer and integer overflow flaws were found in the Python Unicode\nstring processing and in the Python Unicode and string object\nimplementations. An attacker could use these flaws to cause a denial of\nservice (Python application crash). (CVE-2008-3142, CVE-2008-5031)\n\nMultiple integer overflow flaws were found in the Python imageop module. If\na Python application used the imageop module to process untrusted images,\nit could cause the application to crash or, potentially, execute arbitrary\ncode with the Python interpreter's privileges. (CVE-2008-1679,\nCVE-2008-4864)\n\nMultiple integer underflow and overflow flaws were found in the Python\nsnprintf() wrapper implementation. An attacker could use these flaws to\ncause a denial of service (memory corruption). (CVE-2008-3144)\n\nMultiple integer overflow flaws were found in various Python modules. An\nattacker could use these flaws to cause a denial of service (Python\napplication crash). (CVE-2008-2315, CVE-2008-3143)\n\nAn integer signedness error, leading to a buffer overflow, was found\nin the Python zlib extension module. If a Python application requested\nthe negative byte count be flushed for a decompression stream, it could\ncause the application to crash or, potentially, execute arbitrary code\nwith the Python interpreter's privileges. (CVE-2008-1721)\n\nRed Hat would like to thank David Remahl of the Apple Product Security team\nfor responsibly reporting the CVE-2008-1679 and CVE-2008-2315 issues.\n\nAll Python users should upgrade to these updated packages, which contain\nbackported patches to correct these issues.", "cvss3": {}, "published": "2009-07-29T00:00:00", "type": "openvas", "title": "RedHat Security Advisory RHSA-2009:1177", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-1721", "CVE-2008-3143", "CVE-2008-4864", "CVE-2008-3144", "CVE-2008-3142", "CVE-2008-2315", "CVE-2008-1679", "CVE-2008-1887", "CVE-2008-5031"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:136141256231064454", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231064454", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: RHSA_2009_1177.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory RHSA-2009:1177 ()\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates announced in\nadvisory RHSA-2009:1177.\n\nPython is an interpreted, interactive, object-oriented programming\nlanguage.\n\nWhen the assert() system call was disabled, an input sanitization flaw was\nrevealed in the Python string object implementation that led to a buffer\noverflow. The missing check for negative size values meant the Python\nmemory allocator could allocate less memory than expected. This could\nresult in arbitrary code execution with the Python interpreter's\nprivileges. (CVE-2008-1887)\n\nMultiple buffer and integer overflow flaws were found in the Python Unicode\nstring processing and in the Python Unicode and string object\nimplementations. An attacker could use these flaws to cause a denial of\nservice (Python application crash). (CVE-2008-3142, CVE-2008-5031)\n\nMultiple integer overflow flaws were found in the Python imageop module. If\na Python application used the imageop module to process untrusted images,\nit could cause the application to crash or, potentially, execute arbitrary\ncode with the Python interpreter's privileges. (CVE-2008-1679,\nCVE-2008-4864)\n\nMultiple integer underflow and overflow flaws were found in the Python\nsnprintf() wrapper implementation. An attacker could use these flaws to\ncause a denial of service (memory corruption). (CVE-2008-3144)\n\nMultiple integer overflow flaws were found in various Python modules. An\nattacker could use these flaws to cause a denial of service (Python\napplication crash). (CVE-2008-2315, CVE-2008-3143)\n\nAn integer signedness error, leading to a buffer overflow, was found\nin the Python zlib extension module. If a Python application requested\nthe negative byte count be flushed for a decompression stream, it could\ncause the application to crash or, potentially, execute arbitrary code\nwith the Python interpreter's privileges. (CVE-2008-1721)\n\nRed Hat would like to thank David Remahl of the Apple Product Security team\nfor responsibly reporting the CVE-2008-1679 and CVE-2008-2315 issues.\n\nAll Python users should upgrade to these updated packages, which contain\nbackported patches to correct these issues.\";\n\ntag_solution = \"Please note that this update is available via\nRed Hat Network. To use Red Hat Network, launch the Red\nHat Update Agent with the following command: up2date\";\n\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.64454\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-07-29 19:28:37 +0200 (Wed, 29 Jul 2009)\");\n script_cve_id(\"CVE-2008-1679\", \"CVE-2008-1721\", \"CVE-2008-1887\", \"CVE-2008-2315\", \"CVE-2008-3142\", \"CVE-2008-3143\", \"CVE-2008-3144\", \"CVE-2008-4864\", \"CVE-2008-5031\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"RedHat Security Advisory RHSA-2009:1177\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"http://rhn.redhat.com/errata/RHSA-2009-1177.html\");\n script_xref(name : \"URL\" , value : \"http://www.redhat.com/security/updates/classification/#moderate\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"python\", rpm:\"python~2.3.4~14.7.el4_8.2\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"python-debuginfo\", rpm:\"python-debuginfo~2.3.4~14.7.el4_8.2\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"python-devel\", rpm:\"python-devel~2.3.4~14.7.el4_8.2\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"python-docs\", rpm:\"python-docs~2.3.4~14.7.el4_8.2\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"python-tools\", rpm:\"python-tools~2.3.4~14.7.el4_8.2\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"tkinter\", rpm:\"tkinter~2.3.4~14.7.el4_8.2\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:39:06", "description": "The remote host is missing an update as announced\nvia advisory SSA:2008-217-01.", "cvss3": {}, "published": "2012-09-11T00:00:00", "type": "openvas", "title": "Slackware Advisory SSA:2008-217-01 python", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-1721", "CVE-2008-2316", "CVE-2008-3144", "CVE-2008-3142", "CVE-2008-2315", "CVE-2008-1679"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:136141256231061467", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231061467", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: esoft_slk_ssa_2008_217_01.nasl 14202 2019-03-15 09:16:15Z cfischer $\n# Description: Auto-generated from the corresponding slackware advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.61467\");\n script_tag(name:\"creation_date\", value:\"2012-09-11 01:34:21 +0200 (Tue, 11 Sep 2012)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 10:16:15 +0100 (Fri, 15 Mar 2019) $\");\n script_cve_id(\"CVE-2008-1679\", \"CVE-2008-1721\", \"CVE-2008-2315\", \"CVE-2008-2316\", \"CVE-2008-3142\", \"CVE-2008-3144\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_version(\"$Revision: 14202 $\");\n script_name(\"Slackware Advisory SSA:2008-217-01 python\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Slackware Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/slackware_linux\", \"ssh/login/slackpack\", re:\"ssh/login/release=SLK(10\\.1|10\\.2|11\\.0|12\\.0|12\\.1)\");\n\n script_xref(name:\"URL\", value:\"https://secure1.securityspace.com/smysecure/catid.html?in=SSA:2008-217-01\");\n\n script_tag(name:\"insight\", value:\"New python packages are available for Slackware 10.1, 10.2, 11.0, 12.0,\n12.1, and -current to fix security issues.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to the new package(s).\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update as announced\nvia advisory SSA:2008-217-01.\");\n\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-slack.inc\");\n\nreport = \"\";\nres = \"\";\n\nif((res = isslkpkgvuln(pkg:\"python\", ver:\"2.4.5-i486-1_slack10.1\", rls:\"SLK10.1\")) != NULL) {\n report += res;\n}\nif((res = isslkpkgvuln(pkg:\"python-demo\", ver:\"2.4.5-noarch-1_slack10.1\", rls:\"SLK10.1\")) != NULL) {\n report += res;\n}\nif((res = isslkpkgvuln(pkg:\"python-tools\", ver:\"2.4.5-noarch-1_slack10.1\", rls:\"SLK10.1\")) != NULL) {\n report += res;\n}\nif((res = isslkpkgvuln(pkg:\"python\", ver:\"2.4.5-i486-1_slack10.2\", rls:\"SLK10.2\")) != NULL) {\n report += res;\n}\nif((res = isslkpkgvuln(pkg:\"python-demo\", ver:\"2.4.5-noarch-1_slack10.2\", rls:\"SLK10.2\")) != NULL) {\n report += res;\n}\nif((res = isslkpkgvuln(pkg:\"python-tools\", ver:\"2.4.5-noarch-1_slack10.2\", rls:\"SLK10.2\")) != NULL) {\n report += res;\n}\nif((res = isslkpkgvuln(pkg:\"python\", ver:\"2.4.5-i486-1_slack11.0\", rls:\"SLK11.0\")) != NULL) {\n report += res;\n}\nif((res = isslkpkgvuln(pkg:\"python\", ver:\"2.5.2-i486-1_slack12.0\", rls:\"SLK12.0\")) != NULL) {\n report += res;\n}\nif((res = isslkpkgvuln(pkg:\"python\", ver:\"2.5.2-i486-2_slack12.1\", rls:\"SLK12.1\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2017-07-24T12:51:14", "description": "The remote host is missing an update as announced\nvia advisory SSA:2008-217-01.", "cvss3": {}, "published": "2012-09-11T00:00:00", "type": "openvas", "title": "Slackware Advisory SSA:2008-217-01 python", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-1721", "CVE-2008-2316", "CVE-2008-3144", "CVE-2008-3142", "CVE-2008-2315", "CVE-2008-1679"], "modified": "2017-07-07T00:00:00", "id": "OPENVAS:61467", "href": "http://plugins.openvas.org/nasl.php?oid=61467", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: esoft_slk_ssa_2008_217_01.nasl 6598 2017-07-07 09:36:44Z cfischer $\n# Description: Auto-generated from the corresponding slackware advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"New python packages are available for Slackware 10.1, 10.2, 11.0, 12.0,\n12.1, and -current to fix security issues.\";\ntag_summary = \"The remote host is missing an update as announced\nvia advisory SSA:2008-217-01.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=SSA:2008-217-01\";\n \nif(description)\n{\n script_id(61467);\n script_tag(name:\"creation_date\", value:\"2012-09-11 01:34:21 +0200 (Tue, 11 Sep 2012)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 11:36:44 +0200 (Fri, 07 Jul 2017) $\");\n script_cve_id(\"CVE-2008-1679\", \"CVE-2008-1721\", \"CVE-2008-2315\", \"CVE-2008-2316\", \"CVE-2008-3142\", \"CVE-2008-3144\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_version(\"$Revision: 6598 $\");\n name = \"Slackware Advisory SSA:2008-217-01 python \";\n script_name(name);\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Slackware Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/slackware_linux\", \"ssh/login/slackpack\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-slack.inc\");\nvuln = 0;\nif(isslkpkgvuln(pkg:\"python\", ver:\"2.4.5-i486-1_slack10.1\", rls:\"SLK10.1\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"python-demo\", ver:\"2.4.5-noarch-1_slack10.1\", rls:\"SLK10.1\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"python-tools\", ver:\"2.4.5-noarch-1_slack10.1\", rls:\"SLK10.1\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"python\", ver:\"2.4.5-i486-1_slack10.2\", rls:\"SLK10.2\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"python-demo\", ver:\"2.4.5-noarch-1_slack10.2\", rls:\"SLK10.2\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"python-tools\", ver:\"2.4.5-noarch-1_slack10.2\", rls:\"SLK10.2\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"python\", ver:\"2.4.5-i486-1_slack11.0\", rls:\"SLK11.0\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"python\", ver:\"2.5.2-i486-1_slack12.0\", rls:\"SLK12.0\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"python\", ver:\"2.5.2-i486-2_slack12.1\", rls:\"SLK12.1\")) {\n vuln = 1;\n}\n\nif(vuln) {\n security_message(0);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:39:58", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2011-08-09T00:00:00", "type": "openvas", "title": "CentOS Update for python CESA-2009:1178 centos3 i386", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-3143", "CVE-2008-4864", "CVE-2008-3144", "CVE-2008-3142", "CVE-2008-2315", "CVE-2008-1679", "CVE-2008-1887", "CVE-2008-5031"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310880715", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310880715", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for python CESA-2009:1178 centos3 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2009-July/016040.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.880715\");\n script_version(\"$Revision: 14222 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 13:50:48 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-08-09 08:20:34 +0200 (Tue, 09 Aug 2011)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name:\"CESA\", value:\"2009:1178\");\n script_cve_id(\"CVE-2008-1679\", \"CVE-2008-1887\", \"CVE-2008-2315\", \"CVE-2008-3142\", \"CVE-2008-3143\", \"CVE-2008-3144\", \"CVE-2008-4864\", \"CVE-2008-5031\");\n script_name(\"CentOS Update for python CESA-2009:1178 centos3 i386\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'python'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS3\");\n script_tag(name:\"affected\", value:\"python on CentOS 3\");\n script_tag(name:\"insight\", value:\"Python is an interpreted, interactive, object-oriented programming\n language.\n\n When the assert() system call was disabled, an input sanitization flaw was\n revealed in the Python string object implementation that led to a buffer\n overflow. The missing check for negative size values meant the Python\n memory allocator could allocate less memory than expected. This could\n result in arbitrary code execution with the Python interpreter's\n privileges. (CVE-2008-1887)\n\n Multiple buffer and integer overflow flaws were found in the Python Unicode\n string processing and in the Python Unicode and string object\n implementations. An attacker could use these flaws to cause a denial of\n service (Python application crash). (CVE-2008-3142, CVE-2008-5031)\n\n Multiple integer overflow flaws were found in the Python imageop module. If\n a Python application used the imageop module to process untrusted images,\n it could cause the application to crash or, potentially, execute arbitrary\n code with the Python interpreter's privileges. (CVE-2008-1679,\n CVE-2008-4864)\n\n Multiple integer underflow and overflow flaws were found in the Python\n snprintf() wrapper implementation. An attacker could use these flaws to\n cause a denial of service (memory corruption). (CVE-2008-3144)\n\n Multiple integer overflow flaws were found in various Python modules. An\n attacker could use these flaws to cause a denial of service (Python\n application crash). (CVE-2008-2315, CVE-2008-3143)\n\n Red Hat would like to thank David Remahl of the Apple Product Security team\n for responsibly reporting the CVE-2008-1679 and CVE-2008-2315 issues.\n\n All Python users should upgrade to these updated packages, which contain\n backported patches to correct these issues.\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS3\")\n{\n\n if ((res = isrpmvuln(pkg:\"python\", rpm:\"python~2.2.3~6.11\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python-devel\", rpm:\"python-devel~2.2.3~6.11\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python-tools\", rpm:\"python-tools~2.2.3~6.11\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tkinter\", rpm:\"tkinter~2.2.3~6.11\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python-docs\", rpm:\"python-docs~2.2.3~6.11\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2018-04-06T11:40:23", "description": "The remote host is missing updates to python announced in\nadvisory CESA-2009:1178.", "cvss3": {}, "published": "2009-07-29T00:00:00", "type": "openvas", "title": "CentOS Security Advisory CESA-2009:1178 (python)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-3143", "CVE-2008-4864", "CVE-2008-3144", "CVE-2008-3142", "CVE-2008-2315", "CVE-2008-1679", "CVE-2008-1887", "CVE-2008-5031"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:136141256231064493", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231064493", "sourceData": "#CESA-2009:1178 64493 2\n# $Id: ovcesa2009_1178.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory CESA-2009:1178 (python)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"For details on the issues addressed in this update,\nplease visit the referenced security advisories.\";\ntag_solution = \"Update the appropriate packages on your system.\n\nhttp://www.securityspace.com/smysecure/catid.html?in=CESA-2009:1178\nhttp://www.securityspace.com/smysecure/catid.html?in=RHSA-2009:1178\nhttps://rhn.redhat.com/errata/RHSA-2009-1178.html\";\ntag_summary = \"The remote host is missing updates to python announced in\nadvisory CESA-2009:1178.\";\n\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.64493\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-07-29 19:28:37 +0200 (Wed, 29 Jul 2009)\");\n script_cve_id(\"CVE-2008-1679\", \"CVE-2008-1887\", \"CVE-2008-2315\", \"CVE-2008-3142\", \"CVE-2008-3143\", \"CVE-2008-3144\", \"CVE-2008-4864\", \"CVE-2008-5031\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"CentOS Security Advisory CESA-2009:1178 (python)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"python\", rpm:\"python~2.2.3~6.11\", rls:\"CentOS3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"python-devel\", rpm:\"python-devel~2.2.3~6.11\", rls:\"CentOS3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"python-tools\", rpm:\"python-tools~2.2.3~6.11\", rls:\"CentOS3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"tkinter\", rpm:\"tkinter~2.2.3~6.11\", rls:\"CentOS3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"python-docs\", rpm:\"python-docs~2.2.3~6.11\", rls:\"CentOS3\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-27T10:56:43", "description": "The remote host is missing updates announced in\nadvisory RHSA-2009:1178.\n\nPython is an interpreted, interactive, object-oriented programming\nlanguage.\n\nWhen the assert() system call was disabled, an input sanitization flaw was\nrevealed in the Python string object implementation that led to a buffer\noverflow. The missing check for negative size values meant the Python\nmemory allocator could allocate less memory than expected. This could\nresult in arbitrary code execution with the Python interpreter's\nprivileges. (CVE-2008-1887)\n\nMultiple buffer and integer overflow flaws were found in the Python Unicode\nstring processing and in the Python Unicode and string object\nimplementations. An attacker could use these flaws to cause a denial of\nservice (Python application crash). (CVE-2008-3142, CVE-2008-5031)\n\nMultiple integer overflow flaws were found in the Python imageop module. If\na Python application used the imageop module to process untrusted images,\nit could cause the application to crash or, potentially, execute arbitrary\ncode with the Python interpreter's privileges. (CVE-2008-1679,\nCVE-2008-4864)\n\nMultiple integer underflow and overflow flaws were found in the Python\nsnprintf() wrapper implementation. An attacker could use these flaws to\ncause a denial of service (memory corruption). (CVE-2008-3144)\n\nMultiple integer overflow flaws were found in various Python modules. An\nattacker could use these flaws to cause a denial of service (Python\napplication crash). (CVE-2008-2315, CVE-2008-3143)\n\nRed Hat would like to thank David Remahl of the Apple Product Security team\nfor responsibly reporting the CVE-2008-1679 and CVE-2008-2315 issues.\n\nAll Python users should upgrade to these updated packages, which contain\nbackported patches to correct these issues.", "cvss3": {}, "published": "2009-07-29T00:00:00", "type": "openvas", "title": "RedHat Security Advisory RHSA-2009:1178", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-3143", "CVE-2008-4864", "CVE-2008-3144", "CVE-2008-3142", "CVE-2008-2315", "CVE-2008-1679", "CVE-2008-1887", "CVE-2008-5031"], "modified": "2017-07-12T00:00:00", "id": "OPENVAS:64455", "href": "http://plugins.openvas.org/nasl.php?oid=64455", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: RHSA_2009_1178.nasl 6683 2017-07-12 09:41:57Z cfischer $\n# Description: Auto-generated from advisory RHSA-2009:1178 ()\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates announced in\nadvisory RHSA-2009:1178.\n\nPython is an interpreted, interactive, object-oriented programming\nlanguage.\n\nWhen the assert() system call was disabled, an input sanitization flaw was\nrevealed in the Python string object implementation that led to a buffer\noverflow. The missing check for negative size values meant the Python\nmemory allocator could allocate less memory than expected. This could\nresult in arbitrary code execution with the Python interpreter's\nprivileges. (CVE-2008-1887)\n\nMultiple buffer and integer overflow flaws were found in the Python Unicode\nstring processing and in the Python Unicode and string object\nimplementations. An attacker could use these flaws to cause a denial of\nservice (Python application crash). (CVE-2008-3142, CVE-2008-5031)\n\nMultiple integer overflow flaws were found in the Python imageop module. If\na Python application used the imageop module to process untrusted images,\nit could cause the application to crash or, potentially, execute arbitrary\ncode with the Python interpreter's privileges. (CVE-2008-1679,\nCVE-2008-4864)\n\nMultiple integer underflow and overflow flaws were found in the Python\nsnprintf() wrapper implementation. An attacker could use these flaws to\ncause a denial of service (memory corruption). (CVE-2008-3144)\n\nMultiple integer overflow flaws were found in various Python modules. An\nattacker could use these flaws to cause a denial of service (Python\napplication crash). (CVE-2008-2315, CVE-2008-3143)\n\nRed Hat would like to thank David Remahl of the Apple Product Security team\nfor responsibly reporting the CVE-2008-1679 and CVE-2008-2315 issues.\n\nAll Python users should upgrade to these updated packages, which contain\nbackported patches to correct these issues.\";\n\ntag_solution = \"Please note that this update is available via\nRed Hat Network. To use Red Hat Network, launch the Red\nHat Update Agent with the following command: up2date\";\n\n\n\nif(description)\n{\n script_id(64455);\n script_version(\"$Revision: 6683 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-12 11:41:57 +0200 (Wed, 12 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-07-29 19:28:37 +0200 (Wed, 29 Jul 2009)\");\n script_cve_id(\"CVE-2008-1679\", \"CVE-2008-1887\", \"CVE-2008-2315\", \"CVE-2008-3142\", \"CVE-2008-3143\", \"CVE-2008-3144\", \"CVE-2008-4864\", \"CVE-2008-5031\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"RedHat Security Advisory RHSA-2009:1178\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"http://rhn.redhat.com/errata/RHSA-2009-1178.html\");\n script_xref(name : \"URL\" , value : \"http://www.redhat.com/security/updates/classification/#moderate\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"python\", rpm:\"python~2.2.3~6.11\", rls:\"RHENT_3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"python-debuginfo\", rpm:\"python-debuginfo~2.2.3~6.11\", rls:\"RHENT_3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"python-devel\", rpm:\"python-devel~2.2.3~6.11\", rls:\"RHENT_3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"python-tools\", rpm:\"python-tools~2.2.3~6.11\", rls:\"RHENT_3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"tkinter\", rpm:\"tkinter~2.2.3~6.11\", rls:\"RHENT_3\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-25T10:55:49", "description": "Check for the Version of python", "cvss3": {}, "published": "2011-08-09T00:00:00", "type": "openvas", "title": "CentOS Update for python CESA-2009:1178 centos3 i386", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-3143", "CVE-2008-4864", "CVE-2008-3144", "CVE-2008-3142", "CVE-2008-2315", "CVE-2008-1679", "CVE-2008-1887", "CVE-2008-5031"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:880715", "href": "http://plugins.openvas.org/nasl.php?oid=880715", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for python CESA-2009:1178 centos3 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Python is an interpreted, interactive, object-oriented programming\n language.\n\n When the assert() system call was disabled, an input sanitization flaw was\n revealed in the Python string object implementation that led to a buffer\n overflow. The missing check for negative size values meant the Python\n memory allocator could allocate less memory than expected. This could\n result in arbitrary code execution with the Python interpreter's\n privileges. (CVE-2008-1887)\n \n Multiple buffer and integer overflow flaws were found in the Python Unicode\n string processing and in the Python Unicode and string object\n implementations. An attacker could use these flaws to cause a denial of\n service (Python application crash). (CVE-2008-3142, CVE-2008-5031)\n \n Multiple integer overflow flaws were found in the Python imageop module. If\n a Python application used the imageop module to process untrusted images,\n it could cause the application to crash or, potentially, execute arbitrary\n code with the Python interpreter's privileges. (CVE-2008-1679,\n CVE-2008-4864)\n \n Multiple integer underflow and overflow flaws were found in the Python\n snprintf() wrapper implementation. An attacker could use these flaws to\n cause a denial of service (memory corruption). (CVE-2008-3144)\n \n Multiple integer overflow flaws were found in various Python modules. An\n attacker could use these flaws to cause a denial of service (Python\n application crash). (CVE-2008-2315, CVE-2008-3143)\n \n Red Hat would like to thank David Remahl of the Apple Product Security team\n for responsibly reporting the CVE-2008-1679 and CVE-2008-2315 issues.\n \n All Python users should upgrade to these updated packages, which contain\n backported patches to correct these issues.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"python on CentOS 3\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2009-July/016040.html\");\n script_id(880715);\n script_version(\"$Revision: 6653 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 13:46:53 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-08-09 08:20:34 +0200 (Tue, 09 Aug 2011)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"CESA\", value: \"2009:1178\");\n script_cve_id(\"CVE-2008-1679\", \"CVE-2008-1887\", \"CVE-2008-2315\", \"CVE-2008-3142\", \"CVE-2008-3143\", \"CVE-2008-3144\", \"CVE-2008-4864\", \"CVE-2008-5031\");\n script_name(\"CentOS Update for python CESA-2009:1178 centos3 i386\");\n\n script_summary(\"Check for the Version of python\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS3\")\n{\n\n if ((res = isrpmvuln(pkg:\"python\", rpm:\"python~2.2.3~6.11\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python-devel\", rpm:\"python-devel~2.2.3~6.11\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python-tools\", rpm:\"python-tools~2.2.3~6.11\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tkinter\", rpm:\"tkinter~2.2.3~6.11\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python-docs\", rpm:\"python-docs~2.2.3~6.11\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-25T10:57:08", "description": "The remote host is missing updates to python announced in\nadvisory CESA-2009:1178.", "cvss3": {}, "published": "2009-07-29T00:00:00", "type": "openvas", "title": "CentOS Security Advisory CESA-2009:1178 (python)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-3143", "CVE-2008-4864", "CVE-2008-3144", "CVE-2008-3142", "CVE-2008-2315", "CVE-2008-1679", "CVE-2008-1887", "CVE-2008-5031"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:64493", "href": "http://plugins.openvas.org/nasl.php?oid=64493", "sourceData": "#CESA-2009:1178 64493 2\n# $Id: ovcesa2009_1178.nasl 6650 2017-07-10 11:43:12Z cfischer $\n# Description: Auto-generated from advisory CESA-2009:1178 (python)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"For details on the issues addressed in this update,\nplease visit the referenced security advisories.\";\ntag_solution = \"Update the appropriate packages on your system.\n\nhttp://www.securityspace.com/smysecure/catid.html?in=CESA-2009:1178\nhttp://www.securityspace.com/smysecure/catid.html?in=RHSA-2009:1178\nhttps://rhn.redhat.com/errata/RHSA-2009-1178.html\";\ntag_summary = \"The remote host is missing updates to python announced in\nadvisory CESA-2009:1178.\";\n\n\n\nif(description)\n{\n script_id(64493);\n script_version(\"$Revision: 6650 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 13:43:12 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-07-29 19:28:37 +0200 (Wed, 29 Jul 2009)\");\n script_cve_id(\"CVE-2008-1679\", \"CVE-2008-1887\", \"CVE-2008-2315\", \"CVE-2008-3142\", \"CVE-2008-3143\", \"CVE-2008-3144\", \"CVE-2008-4864\", \"CVE-2008-5031\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"CentOS Security Advisory CESA-2009:1178 (python)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"python\", rpm:\"python~2.2.3~6.11\", rls:\"CentOS3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"python-devel\", rpm:\"python-devel~2.2.3~6.11\", rls:\"CentOS3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"python-tools\", rpm:\"python-tools~2.2.3~6.11\", rls:\"CentOS3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"tkinter\", rpm:\"tkinter~2.2.3~6.11\", rls:\"CentOS3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"python-docs\", rpm:\"python-docs~2.2.3~6.11\", rls:\"CentOS3\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-06T11:40:20", "description": "The remote host is missing updates announced in\nadvisory RHSA-2009:1178.\n\nPython is an interpreted, interactive, object-oriented programming\nlanguage.\n\nWhen the assert() system call was disabled, an input sanitization flaw was\nrevealed in the Python string object implementation that led to a buffer\noverflow. The missing check for negative size values meant the Python\nmemory allocator could allocate less memory than expected. This could\nresult in arbitrary code execution with the Python interpreter's\nprivileges. (CVE-2008-1887)\n\nMultiple buffer and integer overflow flaws were found in the Python Unicode\nstring processing and in the Python Unicode and string object\nimplementations. An attacker could use these flaws to cause a denial of\nservice (Python application crash). (CVE-2008-3142, CVE-2008-5031)\n\nMultiple integer overflow flaws were found in the Python imageop module. If\na Python application used the imageop module to process untrusted images,\nit could cause the application to crash or, potentially, execute arbitrary\ncode with the Python interpreter's privileges. (CVE-2008-1679,\nCVE-2008-4864)\n\nMultiple integer underflow and overflow flaws were found in the Python\nsnprintf() wrapper implementation. An attacker could use these flaws to\ncause a denial of service (memory corruption). (CVE-2008-3144)\n\nMultiple integer overflow flaws were found in various Python modules. An\nattacker could use these flaws to cause a denial of service (Python\napplication crash). (CVE-2008-2315, CVE-2008-3143)\n\nRed Hat would like to thank David Remahl of the Apple Product Security team\nfor responsibly reporting the CVE-2008-1679 and CVE-2008-2315 issues.\n\nAll Python users should upgrade to these updated packages, which contain\nbackported patches to correct these issues.", "cvss3": {}, "published": "2009-07-29T00:00:00", "type": "openvas", "title": "RedHat Security Advisory RHSA-2009:1178", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-3143", "CVE-2008-4864", "CVE-2008-3144", "CVE-2008-3142", "CVE-2008-2315", "CVE-2008-1679", "CVE-2008-1887", "CVE-2008-5031"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:136141256231064455", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231064455", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: RHSA_2009_1178.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory RHSA-2009:1178 ()\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates announced in\nadvisory RHSA-2009:1178.\n\nPython is an interpreted, interactive, object-oriented programming\nlanguage.\n\nWhen the assert() system call was disabled, an input sanitization flaw was\nrevealed in the Python string object implementation that led to a buffer\noverflow. The missing check for negative size values meant the Python\nmemory allocator could allocate less memory than expected. This could\nresult in arbitrary code execution with the Python interpreter's\nprivileges. (CVE-2008-1887)\n\nMultiple buffer and integer overflow flaws were found in the Python Unicode\nstring processing and in the Python Unicode and string object\nimplementations. An attacker could use these flaws to cause a denial of\nservice (Python application crash). (CVE-2008-3142, CVE-2008-5031)\n\nMultiple integer overflow flaws were found in the Python imageop module. If\na Python application used the imageop module to process untrusted images,\nit could cause the application to crash or, potentially, execute arbitrary\ncode with the Python interpreter's privileges. (CVE-2008-1679,\nCVE-2008-4864)\n\nMultiple integer underflow and overflow flaws were found in the Python\nsnprintf() wrapper implementation. An attacker could use these flaws to\ncause a denial of service (memory corruption). (CVE-2008-3144)\n\nMultiple integer overflow flaws were found in various Python modules. An\nattacker could use these flaws to cause a denial of service (Python\napplication crash). (CVE-2008-2315, CVE-2008-3143)\n\nRed Hat would like to thank David Remahl of the Apple Product Security team\nfor responsibly reporting the CVE-2008-1679 and CVE-2008-2315 issues.\n\nAll Python users should upgrade to these updated packages, which contain\nbackported patches to correct these issues.\";\n\ntag_solution = \"Please note that this update is available via\nRed Hat Network. To use Red Hat Network, launch the Red\nHat Update Agent with the following command: up2date\";\n\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.64455\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-07-29 19:28:37 +0200 (Wed, 29 Jul 2009)\");\n script_cve_id(\"CVE-2008-1679\", \"CVE-2008-1887\", \"CVE-2008-2315\", \"CVE-2008-3142\", \"CVE-2008-3143\", \"CVE-2008-3144\", \"CVE-2008-4864\", \"CVE-2008-5031\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"RedHat Security Advisory RHSA-2009:1178\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"http://rhn.redhat.com/errata/RHSA-2009-1178.html\");\n script_xref(name : \"URL\" , value : \"http://www.redhat.com/security/updates/classification/#moderate\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"python\", rpm:\"python~2.2.3~6.11\", rls:\"RHENT_3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"python-debuginfo\", rpm:\"python-debuginfo~2.2.3~6.11\", rls:\"RHENT_3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"python-devel\", rpm:\"python-devel~2.2.3~6.11\", rls:\"RHENT_3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"python-tools\", rpm:\"python-tools~2.2.3~6.11\", rls:\"RHENT_3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"tkinter\", rpm:\"tkinter~2.2.3~6.11\", rls:\"RHENT_3\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-12-04T11:29:04", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-632-1", "cvss3": {}, "published": "2009-03-23T00:00:00", "type": "openvas", "title": "Ubuntu Update for python2.4, python2.5 vulnerabilities USN-632-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-1721", "CVE-2008-3143", "CVE-2008-2316", "CVE-2008-3144", "CVE-2008-3142", "CVE-2008-2315", "CVE-2008-1679", "CVE-2008-1887"], "modified": "2017-12-01T00:00:00", "id": "OPENVAS:840343", "href": "http://plugins.openvas.org/nasl.php?oid=840343", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_632_1.nasl 7969 2017-12-01 09:23:16Z santu $\n#\n# Ubuntu Update for python2.4, python2.5 vulnerabilities USN-632-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"It was discovered that there were new integer overflows in the imageop\n module. If an attacker were able to trick a Python application into\n processing a specially crafted image, they could execute arbitrary code\n with user privileges. (CVE-2008-1679)\n\n Justin Ferguson discovered that the zlib module did not correctly\n handle certain archives. If an attacker were able to trick a Python\n application into processing a specially crafted archive file, they could\n execute arbitrary code with user privileges. (CVE-2008-1721)\n \n Justin Ferguson discovered that certain string manipulations in Python\n could be made to overflow. If an attacker were able to pass a specially\n crafted string through the PyString_FromStringAndSize function, they\n could execute arbitrary code with user privileges. (CVE-2008-1887)\n \n Multiple integer overflows were discovered in Python's core and modules\n including hashlib, binascii, pickle, md5, stringobject, unicodeobject,\n bufferobject, longobject, tupleobject, stropmodule, gcmodule, and\n mmapmodule. If an attacker were able to exploit these flaws they could\n execute arbitrary code with user privileges or cause Python applications\n to crash, leading to a denial of service. (CVE-2008-2315, CVE-2008-2316,\n CVE-2008-3142, CVE-2008-3143, CVE-2008-3144).\";\n\ntag_summary = \"Ubuntu Update for Linux kernel vulnerabilities USN-632-1\";\ntag_affected = \"python2.4, python2.5 vulnerabilities on Ubuntu 6.06 LTS ,\n Ubuntu 7.04 ,\n Ubuntu 7.10 ,\n Ubuntu 8.04 LTS\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-632-1/\");\n script_id(840343);\n script_version(\"$Revision: 7969 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-01 10:23:16 +0100 (Fri, 01 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-03-23 10:59:50 +0100 (Mon, 23 Mar 2009)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"USN\", value: \"632-1\");\n script_cve_id(\"CVE-2008-1679\", \"CVE-2008-1721\", \"CVE-2008-1887\", \"CVE-2008-2315\", \"CVE-2008-2316\", \"CVE-2008-3142\", \"CVE-2008-3143\", \"CVE-2008-3144\");\n script_name( \"Ubuntu Update for python2.4, python2.5 vulnerabilities USN-632-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU6.06 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"python2.4-dbg\", ver:\"2.4.3-0ubuntu6.2\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"python2.4-dev\", ver:\"2.4.3-0ubuntu6.2\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"python2.4-gdbm\", ver:\"2.4.3-0ubuntu6.2\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"python2.4-minimal\", ver:\"2.4.3-0ubuntu6.2\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"python2.4-tk\", ver:\"2.4.3-0ubuntu6.2\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"python2.4\", ver:\"2.4.3-0ubuntu6.2\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"idle-python2.4\", ver:\"2.4.3-0ubuntu6.2\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"python2.4-doc\", ver:\"2.4.3-0ubuntu6.2\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"python2.4-examples\", ver:\"2.4.3-0ubuntu6.2\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU7.04\")\n{\n\n if ((res = isdpkgvuln(pkg:\"python2.4-dbg\", ver:\"2.4.4-2ubuntu7.2\", rls:\"UBUNTU7.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"python2.4-dev\", ver:\"2.4.4-2ubuntu7.2\", rls:\"UBUNTU7.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"python2.4-minimal\", ver:\"2.4.4-2ubuntu7.2\", rls:\"UBUNTU7.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"python2.4\", ver:\"2.4.4-2ubuntu7.2\", rls:\"UBUNTU7.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"python2.5-dbg\", ver:\"2.5.1-0ubuntu1.2\", rls:\"UBUNTU7.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"python2.5-dev\", ver:\"2.5.1-0ubuntu1.2\", rls:\"UBUNTU7.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"python2.5-minimal\", ver:\"2.5.1-0ubuntu1.2\", rls:\"UBUNTU7.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"python2.5\", ver:\"2.5.1-0ubuntu1.2\", rls:\"UBUNTU7.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"python2.4-doc\", ver:\"2.4.4-2ubuntu7.2\", rls:\"UBUNTU7.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"python2.4-examples\", ver:\"2.4.4-2ubuntu7.2\", rls:\"UBUNTU7.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"python2.5-doc\", ver:\"2.5.1-0ubuntu1.2\", rls:\"UBUNTU7.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"python2.5-examples\", ver:\"2.5.1-0ubuntu1.2\", rls:\"UBUNTU7.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"idle-python2.4\", ver:\"2.4.4-2ubuntu7.2\", rls:\"UBUNTU7.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"idle-python2.5\", ver:\"2.5.1-0ubuntu1.2\", rls:\"UBUNTU7.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU8.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"python2.4-dbg\", ver:\"2.4.5-1ubuntu4.1\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"python2.4-dev\", ver:\"2.4.5-1ubuntu4.1\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"python2.4-minimal\", ver:\"2.4.5-1ubuntu4.1\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"python2.4\", ver:\"2.4.5-1ubuntu4.1\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"python2.5-dbg\", ver:\"2.5.2-2ubuntu4.1\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"python2.5-dev\", ver:\"2.5.2-2ubuntu4.1\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"python2.5-minimal\", ver:\"2.5.2-2ubuntu4.1\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"python2.5\", ver:\"2.5.2-2ubuntu4.1\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"python2.4-doc\", ver:\"2.4.5-1ubuntu4.1\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"python2.4-examples\", ver:\"2.4.5-1ubuntu4.1\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"python2.5-doc\", ver:\"2.5.2-2ubuntu4.1\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"python2.5-examples\", ver:\"2.5.2-2ubuntu4.1\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"idle-python2.4\", ver:\"2.4.5-1ubuntu4.1\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"idle-python2.5\", ver:\"2.5.2-2ubuntu4.1\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU7.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"python2.4-dbg\", ver:\"2.4.4-6ubuntu4.2\", rls:\"UBUNTU7.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"python2.4-dev\", ver:\"2.4.4-6ubuntu4.2\", rls:\"UBUNTU7.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"python2.4-minimal\", ver:\"2.4.4-6ubuntu4.2\", rls:\"UBUNTU7.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"python2.4\", ver:\"2.4.4-6ubuntu4.2\", rls:\"UBUNTU7.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"python2.5-dbg\", ver:\"2.5.1-5ubuntu5.2\", rls:\"UBUNTU7.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"python2.5-dev\", ver:\"2.5.1-5ubuntu5.2\", rls:\"UBUNTU7.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"python2.5-minimal\", ver:\"2.5.1-5ubuntu5.2\", rls:\"UBUNTU7.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"python2.5\", ver:\"2.5.1-5ubuntu5.2\", rls:\"UBUNTU7.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"python2.4-doc\", ver:\"2.4.4-6ubuntu4.2\", rls:\"UBUNTU7.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"python2.4-examples\", ver:\"2.4.4-6ubuntu4.2\", rls:\"UBUNTU7.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"python2.5-doc\", ver:\"2.5.1-5ubuntu5.2\", rls:\"UBUNTU7.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"python2.5-examples\", ver:\"2.5.1-5ubuntu5.2\", rls:\"UBUNTU7.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"idle-python2.4\", ver:\"2.4.4-6ubuntu4.2\", rls:\"UBUNTU7.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"idle-python2.5\", ver:\"2.5.1-5ubuntu5.2\", rls:\"UBUNTU7.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-06T11:38:07", "description": "The remote host is missing an update to python\nannounced via advisory MDVSA-2009:003.", "cvss3": {}, "published": "2009-01-13T00:00:00", "type": "openvas", "title": "Mandrake Security Advisory MDVSA-2009:003 (python)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-4864", "CVE-2007-4965", "CVE-2008-2315", "CVE-2008-1679", "CVE-2008-5031"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:136141256231063136", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231063136", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: mdksa_2009_003.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory MDVSA-2009:003 (python)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Multiple integer overflows in imageop.c in the imageop module in\nPython 1.5.2 through 2.5.1 allow context-dependent attackers to\nbreak out of the Python VM and execute arbitrary code via large\ninteger values in certain arguments to the crop function, leading to\na buffer overflow, a different vulnerability than CVE-2007-4965 and\nCVE-2008-1679. (CVE-2008-4864)\n\nMultiple integer overflows in Python 2.2.3 through 2.5.1, and 2.6,\nallow context-dependent attackers to have an unknown impact via\na large integer value in the tabsize argument to the expandtabs\nmethod, as implemented by (1) the string_expandtabs function in\nObjects/stringobject.c and (2) the unicode_expandtabs function in\nObjects/unicodeobject.c. NOTE: this vulnerability reportedly exists\nbecause of an incomplete fix for CVE-2008-2315. (CVE-2008-5031)\n\nThe updated Python packages have been patched to correct these issues.\n\nAffected: 2008.0, 2008.1, 2009.0, Corporate 4.0\";\ntag_solution = \"To upgrade automatically use MandrakeUpdate or urpmi. The verification\nof md5 checksums and GPG signatures is performed automatically for you.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=MDVSA-2009:003\";\ntag_summary = \"The remote host is missing an update to python\nannounced via advisory MDVSA-2009:003.\";\n\n \n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.63136\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-01-13 22:38:32 +0100 (Tue, 13 Jan 2009)\");\n script_cve_id(\"CVE-2007-4965\", \"CVE-2008-1679\", \"CVE-2008-4864\", \"CVE-2008-2315\", \"CVE-2008-5031\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Mandrake Security Advisory MDVSA-2009:003 (python)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"libpython2.5\", rpm:\"libpython2.5~2.5.2~2.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libpython2.5-devel\", rpm:\"libpython2.5-devel~2.5.2~2.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"python\", rpm:\"python~2.5.2~2.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"python-base\", rpm:\"python-base~2.5.2~2.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"python-docs\", rpm:\"python-docs~2.5.2~2.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"tkinter\", rpm:\"tkinter~2.5.2~2.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"tkinter-apps\", rpm:\"tkinter-apps~2.5.2~2.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64python2.5\", rpm:\"lib64python2.5~2.5.2~2.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64python2.5-devel\", rpm:\"lib64python2.5-devel~2.5.2~2.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libpython2.5\", rpm:\"libpython2.5~2.5.2~2.3mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libpython2.5-devel\", rpm:\"libpython2.5-devel~2.5.2~2.3mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"python\", rpm:\"python~2.5.2~2.3mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"python-base\", rpm:\"python-base~2.5.2~2.3mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"python-docs\", rpm:\"python-docs~2.5.2~2.3mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"tkinter\", rpm:\"tkinter~2.5.2~2.3mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"tkinter-apps\", rpm:\"tkinter-apps~2.5.2~2.3mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64python2.5\", rpm:\"lib64python2.5~2.5.2~2.3mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64python2.5-devel\", rpm:\"lib64python2.5-devel~2.5.2~2.3mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libpython2.5\", rpm:\"libpython2.5~2.5.2~5.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libpython2.5-devel\", rpm:\"libpython2.5-devel~2.5.2~5.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"python\", rpm:\"python~2.5.2~5.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"python-base\", rpm:\"python-base~2.5.2~5.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"python-docs\", rpm:\"python-docs~2.5.2~5.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"tkinter\", rpm:\"tkinter~2.5.2~5.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"tkinter-apps\", rpm:\"tkinter-apps~2.5.2~5.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64python2.5\", rpm:\"lib64python2.5~2.5.2~5.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64python2.5-devel\", rpm:\"lib64python2.5-devel~2.5.2~5.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libpython2.4\", rpm:\"libpython2.4~2.4.5~0.2.20060mlcs4\", rls:\"MNDK_4.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libpython2.4-devel\", rpm:\"libpython2.4-devel~2.4.5~0.2.20060mlcs4\", rls:\"MNDK_4.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"python\", rpm:\"python~2.4.5~0.2.20060mlcs4\", rls:\"MNDK_4.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"python-base\", rpm:\"python-base~2.4.5~0.2.20060mlcs4\", rls:\"MNDK_4.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"python-docs\", rpm:\"python-docs~2.4.5~0.2.20060mlcs4\", rls:\"MNDK_4.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"tkinter\", rpm:\"tkinter~2.4.5~0.2.20060mlcs4\", rls:\"MNDK_4.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64python2.4\", rpm:\"lib64python2.4~2.4.5~0.2.20060mlcs4\", rls:\"MNDK_4.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64python2.4-devel\", rpm:\"lib64python2.4-devel~2.4.5~0.2.20060mlcs4\", rls:\"MNDK_4.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-06T11:40:01", "description": "The remote host is missing an update to python\nannounced via advisory MDVSA-2009:036.", "cvss3": {}, "published": "2009-02-13T00:00:00", "type": "openvas", "title": "Mandrake Security Advisory MDVSA-2009:036 (python)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-4864", "CVE-2007-4965", "CVE-2008-2315", "CVE-2008-1679", "CVE-2008-5031"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:136141256231063373", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231063373", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: mdksa_2009_036.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory MDVSA-2009:036 (python)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Multiple integer overflows in imageop.c in the imageop module in\nPython 1.5.2 through 2.5.1 allow context-dependent attackers to\nbreak out of the Python VM and execute arbitrary code via large\ninteger values in certain arguments to the crop function, leading to\na buffer overflow, a different vulnerability than CVE-2007-4965 and\nCVE-2008-1679. (CVE-2008-4864)\n\nMultiple integer overflows in Python 2.5.2 and earlier allow\ncontext-dependent attackers to have an unknown impact via vectors\nrelated to the (1) stringobject, (2) unicodeobject, (3) bufferobject,\n(4) longobject, (5) tupleobject, (6) stropmodule, (7) gcmodule, and\n(8) mmapmodule modules. NOTE: The expandtabs integer overflows in\nstringobject and unicodeobject in 2.5.2 are covered by CVE-2008-5031.\n\nMultiple integer overflows in Python 2.2.3 through 2.5.1, and 2.6,\nallow context-dependent attackers to have an unknown impact via\na large integer value in the tabsize argument to the expandtabs\nmethod, as implemented by (1) the string_expandtabs function in\nObjects/stringobject.c and (2) the unicode_expandtabs function in\nObjects/unicodeobject.c. NOTE: this vulnerability reportedly exists\nbecause of an incomplete fix for CVE-2008-2315. (CVE-2008-5031)\n\nThe updated Python packages have been patched to correct these issues.\n\nAffected: Corporate 3.0, Multi Network Firewall 2.0\";\ntag_solution = \"To upgrade automatically use MandrakeUpdate or urpmi. The verification\nof md5 checksums and GPG signatures is performed automatically for you.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=MDVSA-2009:036\";\ntag_summary = \"The remote host is missing an update to python\nannounced via advisory MDVSA-2009:036.\";\n\n \n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.63373\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-13 20:43:17 +0100 (Fri, 13 Feb 2009)\");\n script_cve_id(\"CVE-2007-4965\", \"CVE-2008-1679\", \"CVE-2008-4864\", \"CVE-2008-5031\", \"CVE-2008-2315\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Mandrake Security Advisory MDVSA-2009:036 (python)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"libpython2.3\", rpm:\"libpython2.3~2.3.7~0.2.C30mdk\", rls:\"MNDK_3.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libpython2.3-devel\", rpm:\"libpython2.3-devel~2.3.7~0.2.C30mdk\", rls:\"MNDK_3.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"python\", rpm:\"python~2.3.7~0.2.C30mdk\", rls:\"MNDK_3.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"python-base\", rpm:\"python-base~2.3.7~0.2.C30mdk\", rls:\"MNDK_3.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"python-docs\", rpm:\"python-docs~2.3.7~0.2.C30mdk\", rls:\"MNDK_3.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"tkinter\", rpm:\"tkinter~2.3.7~0.2.C30mdk\", rls:\"MNDK_3.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64python2.3\", rpm:\"lib64python2.3~2.3.7~0.2.C30mdk\", rls:\"MNDK_3.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64python2.3-devel\", rpm:\"lib64python2.3-devel~2.3.7~0.2.C30mdk\", rls:\"MNDK_3.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libpython2.3\", rpm:\"libpython2.3~2.3.7~0.2.M20mdk\", rls:\"MNDK_2.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libpython2.3-devel\", rpm:\"libpython2.3-devel~2.3.7~0.2.M20mdk\", rls:\"MNDK_2.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"python\", rpm:\"python~2.3.7~0.2.M20mdk\", rls:\"MNDK_2.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"python-base\", rpm:\"python-base~2.3.7~0.2.M20mdk\", rls:\"MNDK_2.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"python-docs\", rpm:\"python-docs~2.3.7~0.2.M20mdk\", rls:\"MNDK_2.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"tkinter\", rpm:\"tkinter~2.3.7~0.2.M20mdk\", rls:\"MNDK_2.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-24T12:57:01", "description": "The remote host is missing an update to python\nannounced via advisory MDVSA-2009:036.", "cvss3": {}, "published": "2009-02-13T00:00:00", "type": "openvas", "title": "Mandrake Security Advisory MDVSA-2009:036 (python)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-4864", "CVE-2007-4965", "CVE-2008-2315", "CVE-2008-1679", "CVE-2008-5031"], "modified": "2017-07-07T00:00:00", "id": "OPENVAS:63373", "href": "http://plugins.openvas.org/nasl.php?oid=63373", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: mdksa_2009_036.nasl 6587 2017-07-07 06:35:35Z cfischer $\n# Description: Auto-generated from advisory MDVSA-2009:036 (python)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Multiple integer overflows in imageop.c in the imageop module in\nPython 1.5.2 through 2.5.1 allow context-dependent attackers to\nbreak out of the Python VM and execute arbitrary code via large\ninteger values in certain arguments to the crop function, leading to\na buffer overflow, a different vulnerability than CVE-2007-4965 and\nCVE-2008-1679. (CVE-2008-4864)\n\nMultiple integer overflows in Python 2.5.2 and earlier allow\ncontext-dependent attackers to have an unknown impact via vectors\nrelated to the (1) stringobject, (2) unicodeobject, (3) bufferobject,\n(4) longobject, (5) tupleobject, (6) stropmodule, (7) gcmodule, and\n(8) mmapmodule modules. NOTE: The expandtabs integer overflows in\nstringobject and unicodeobject in 2.5.2 are covered by CVE-2008-5031.\n\nMultiple integer overflows in Python 2.2.3 through 2.5.1, and 2.6,\nallow context-dependent attackers to have an unknown impact via\na large integer value in the tabsize argument to the expandtabs\nmethod, as implemented by (1) the string_expandtabs function in\nObjects/stringobject.c and (2) the unicode_expandtabs function in\nObjects/unicodeobject.c. NOTE: this vulnerability reportedly exists\nbecause of an incomplete fix for CVE-2008-2315. (CVE-2008-5031)\n\nThe updated Python packages have been patched to correct these issues.\n\nAffected: Corporate 3.0, Multi Network Firewall 2.0\";\ntag_solution = \"To upgrade automatically use MandrakeUpdate or urpmi. The verification\nof md5 checksums and GPG signatures is performed automatically for you.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=MDVSA-2009:036\";\ntag_summary = \"The remote host is missing an update to python\nannounced via advisory MDVSA-2009:036.\";\n\n \n\nif(description)\n{\n script_id(63373);\n script_version(\"$Revision: 6587 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 08:35:35 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-13 20:43:17 +0100 (Fri, 13 Feb 2009)\");\n script_cve_id(\"CVE-2007-4965\", \"CVE-2008-1679\", \"CVE-2008-4864\", \"CVE-2008-5031\", \"CVE-2008-2315\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Mandrake Security Advisory MDVSA-2009:036 (python)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"libpython2.3\", rpm:\"libpython2.3~2.3.7~0.2.C30mdk\", rls:\"MNDK_3.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libpython2.3-devel\", rpm:\"libpython2.3-devel~2.3.7~0.2.C30mdk\", rls:\"MNDK_3.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"python\", rpm:\"python~2.3.7~0.2.C30mdk\", rls:\"MNDK_3.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"python-base\", rpm:\"python-base~2.3.7~0.2.C30mdk\", rls:\"MNDK_3.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"python-docs\", rpm:\"python-docs~2.3.7~0.2.C30mdk\", rls:\"MNDK_3.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"tkinter\", rpm:\"tkinter~2.3.7~0.2.C30mdk\", rls:\"MNDK_3.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64python2.3\", rpm:\"lib64python2.3~2.3.7~0.2.C30mdk\", rls:\"MNDK_3.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64python2.3-devel\", rpm:\"lib64python2.3-devel~2.3.7~0.2.C30mdk\", rls:\"MNDK_3.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libpython2.3\", rpm:\"libpython2.3~2.3.7~0.2.M20mdk\", rls:\"MNDK_2.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libpython2.3-devel\", rpm:\"libpython2.3-devel~2.3.7~0.2.M20mdk\", rls:\"MNDK_2.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"python\", rpm:\"python~2.3.7~0.2.M20mdk\", rls:\"MNDK_2.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"python-base\", rpm:\"python-base~2.3.7~0.2.M20mdk\", rls:\"MNDK_2.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"python-docs\", rpm:\"python-docs~2.3.7~0.2.M20mdk\", rls:\"MNDK_2.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"tkinter\", rpm:\"tkinter~2.3.7~0.2.M20mdk\", rls:\"MNDK_2.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-24T12:56:22", "description": "The remote host is missing an update to python\nannounced via advisory MDVSA-2009:003.", "cvss3": {}, "published": "2009-01-13T00:00:00", "type": "openvas", "title": "Mandrake Security Advisory MDVSA-2009:003 (python)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-4864", "CVE-2007-4965", "CVE-2008-2315", "CVE-2008-1679", "CVE-2008-5031"], "modified": "2017-07-06T00:00:00", "id": "OPENVAS:63136", "href": "http://plugins.openvas.org/nasl.php?oid=63136", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: mdksa_2009_003.nasl 6573 2017-07-06 13:10:50Z cfischer $\n# Description: Auto-generated from advisory MDVSA-2009:003 (python)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Multiple integer overflows in imageop.c in the imageop module in\nPython 1.5.2 through 2.5.1 allow context-dependent attackers to\nbreak out of the Python VM and execute arbitrary code via large\ninteger values in certain arguments to the crop function, leading to\na buffer overflow, a different vulnerability than CVE-2007-4965 and\nCVE-2008-1679. (CVE-2008-4864)\n\nMultiple integer overflows in Python 2.2.3 through 2.5.1, and 2.6,\nallow context-dependent attackers to have an unknown impact via\na large integer value in the tabsize argument to the expandtabs\nmethod, as implemented by (1) the string_expandtabs function in\nObjects/stringobject.c and (2) the unicode_expandtabs function in\nObjects/unicodeobject.c. NOTE: this vulnerability reportedly exists\nbecause of an incomplete fix for CVE-2008-2315. (CVE-2008-5031)\n\nThe updated Python packages have been patched to correct these issues.\n\nAffected: 2008.0, 2008.1, 2009.0, Corporate 4.0\";\ntag_solution = \"To upgrade automatically use MandrakeUpdate or urpmi. The verification\nof md5 checksums and GPG signatures is performed automatically for you.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=MDVSA-2009:003\";\ntag_summary = \"The remote host is missing an update to python\nannounced via advisory MDVSA-2009:003.\";\n\n \n\nif(description)\n{\n script_id(63136);\n script_version(\"$Revision: 6573 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-06 15:10:50 +0200 (Thu, 06 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-01-13 22:38:32 +0100 (Tue, 13 Jan 2009)\");\n script_cve_id(\"CVE-2007-4965\", \"CVE-2008-1679\", \"CVE-2008-4864\", \"CVE-2008-2315\", \"CVE-2008-5031\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Mandrake Security Advisory MDVSA-2009:003 (python)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"libpython2.5\", rpm:\"libpython2.5~2.5.2~2.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libpython2.5-devel\", rpm:\"libpython2.5-devel~2.5.2~2.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"python\", rpm:\"python~2.5.2~2.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"python-base\", rpm:\"python-base~2.5.2~2.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"python-docs\", rpm:\"python-docs~2.5.2~2.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"tkinter\", rpm:\"tkinter~2.5.2~2.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"tkinter-apps\", rpm:\"tkinter-apps~2.5.2~2.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64python2.5\", rpm:\"lib64python2.5~2.5.2~2.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64python2.5-devel\", rpm:\"lib64python2.5-devel~2.5.2~2.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libpython2.5\", rpm:\"libpython2.5~2.5.2~2.3mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libpython2.5-devel\", rpm:\"libpython2.5-devel~2.5.2~2.3mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"python\", rpm:\"python~2.5.2~2.3mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"python-base\", rpm:\"python-base~2.5.2~2.3mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"python-docs\", rpm:\"python-docs~2.5.2~2.3mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"tkinter\", rpm:\"tkinter~2.5.2~2.3mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"tkinter-apps\", rpm:\"tkinter-apps~2.5.2~2.3mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64python2.5\", rpm:\"lib64python2.5~2.5.2~2.3mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64python2.5-devel\", rpm:\"lib64python2.5-devel~2.5.2~2.3mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libpython2.5\", rpm:\"libpython2.5~2.5.2~5.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libpython2.5-devel\", rpm:\"libpython2.5-devel~2.5.2~5.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"python\", rpm:\"python~2.5.2~5.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"python-base\", rpm:\"python-base~2.5.2~5.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"python-docs\", rpm:\"python-docs~2.5.2~5.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"tkinter\", rpm:\"tkinter~2.5.2~5.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"tkinter-apps\", rpm:\"tkinter-apps~2.5.2~5.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64python2.5\", rpm:\"lib64python2.5~2.5.2~5.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64python2.5-devel\", rpm:\"lib64python2.5-devel~2.5.2~5.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libpython2.4\", rpm:\"libpython2.4~2.4.5~0.2.20060mlcs4\", rls:\"MNDK_4.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libpython2.4-devel\", rpm:\"libpython2.4-devel~2.4.5~0.2.20060mlcs4\", rls:\"MNDK_4.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"python\", rpm:\"python~2.4.5~0.2.20060mlcs4\", rls:\"MNDK_4.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"python-base\", rpm:\"python-base~2.4.5~0.2.20060mlcs4\", rls:\"MNDK_4.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"python-docs\", rpm:\"python-docs~2.4.5~0.2.20060mlcs4\", rls:\"MNDK_4.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"tkinter\", rpm:\"tkinter~2.4.5~0.2.20060mlcs4\", rls:\"MNDK_4.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64python2.4\", rpm:\"lib64python2.4~2.4.5~0.2.20060mlcs4\", rls:\"MNDK_4.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64python2.4-devel\", rpm:\"lib64python2.4-devel~2.4.5~0.2.20060mlcs4\", rls:\"MNDK_4.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-06T11:37:31", "description": "The remote host is missing updates announced in\nadvisory RHSA-2009:1176.\n\nPython is an interpreted, interactive, object-oriented programming\nlanguage.\n\nWhen the assert() system call was disabled, an input sanitization flaw was\nrevealed in the Python string object implementation that led to a buffer\noverflow. The missing check for negative size values meant the Python\nmemory allocator could allocate less memory than expected. This could\nresult in arbitrary code execution with the Python interpreter's\nprivileges. (CVE-2008-1887)\n\nMultiple buffer and integer overflow flaws were found in the Python Unicode\nstring processing and in the Python Unicode and string object\nimplementations. An attacker could use these flaws to cause a denial of\nservice (Python application crash). (CVE-2008-3142, CVE-2008-5031)\n\nMultiple integer overflow flaws were found in the Python imageop module. If\na Python application used the imageop module to process untrusted images,\nit could cause the application to disclose sensitive information, crash or,\npotentially, execute arbitrary code with the Python interpreter's\nprivileges. (CVE-2007-4965, CVE-2008-4864)\n\nMultiple integer underflow and overflow flaws were found in the Python\nsnprintf() wrapper implementation. An attacker could use these flaws to\ncause a denial of service (memory corruption). (CVE-2008-3144)\n\nMultiple integer overflow flaws were found in various Python modules. An\nattacker could use these flaws to cause a denial of service (Python\napplication crash). (CVE-2008-2315, CVE-2008-3143)\n\nAn integer signedness error, leading to a buffer overflow, was found\nin the Python zlib extension module. If a Python application requested\nthe negative byte count be flushed for a decompression stream, it could\ncause the application to crash or, potentially, execute arbitrary code\nwith the Python interpreter's privileges. (CVE-2008-1721)\n\nA flaw was discovered in the strxfrm() function of the Python locale\nmodule. Strings generated by this function were not properly\nNULL-terminated, which could possibly cause disclosure of data stored in\nthe memory of a Python application using this function. (CVE-2007-2052)\n\nRed Hat would like to thank David Remahl of the Apple Product Security team\nfor responsibly reporting the CVE-2008-2315 issue.\n\nAll Python users should upgrade to these updated packages, which contain\nbackported patches to correct these issues.", "cvss3": {}, "published": "2009-07-29T00:00:00", "type": "openvas", "title": "RedHat Security Advisory RHSA-2009:1176", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2007-2052", "CVE-2008-1721", "CVE-2008-3143", "CVE-2008-4864", "CVE-2007-4965", "CVE-2008-3144", "CVE-2008-3142", "CVE-2008-2315", "CVE-2008-1887", "CVE-2008-5031"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:136141256231064453", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231064453", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: RHSA_2009_1176.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory RHSA-2009:1176 ()\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates announced in\nadvisory RHSA-2009:1176.\n\nPython is an interpreted, interactive, object-oriented programming\nlanguage.\n\nWhen the assert() system call was disabled, an input sanitization flaw was\nrevealed in the Python string object implementation that led to a buffer\noverflow. The missing check for negative size values meant the Python\nmemory allocator could allocate less memory than expected. This could\nresult in arbitrary code execution with the Python interpreter's\nprivileges. (CVE-2008-1887)\n\nMultiple buffer and integer overflow flaws were found in the Python Unicode\nstring processing and in the Python Unicode and string object\nimplementations. An attacker could use these flaws to cause a denial of\nservice (Python application crash). (CVE-2008-3142, CVE-2008-5031)\n\nMultiple integer overflow flaws were found in the Python imageop module. If\na Python application used the imageop module to process untrusted images,\nit could cause the application to disclose sensitive information, crash or,\npotentially, execute arbitrary code with the Python interpreter's\nprivileges. (CVE-2007-4965, CVE-2008-4864)\n\nMultiple integer underflow and overflow flaws were found in the Python\nsnprintf() wrapper implementation. An attacker could use these flaws to\ncause a denial of service (memory corruption). (CVE-2008-3144)\n\nMultiple integer overflow flaws were found in various Python modules. An\nattacker could use these flaws to cause a denial of service (Python\napplication crash). (CVE-2008-2315, CVE-2008-3143)\n\nAn integer signedness error, leading to a buffer overflow, was found\nin the Python zlib extension module. If a Python application requested\nthe negative byte count be flushed for a decompression stream, it could\ncause the application to crash or, potentially, execute arbitrary code\nwith the Python interpreter's privileges. (CVE-2008-1721)\n\nA flaw was discovered in the strxfrm() function of the Python locale\nmodule. Strings generated by this function were not properly\nNULL-terminated, which could possibly cause disclosure of data stored in\nthe memory of a Python application using this function. (CVE-2007-2052)\n\nRed Hat would like to thank David Remahl of the Apple Product Security team\nfor responsibly reporting the CVE-2008-2315 issue.\n\nAll Python users should upgrade to these updated packages, which contain\nbackported patches to correct these issues.\";\n\ntag_solution = \"Please note that this update is available via\nRed Hat Network. To use Red Hat Network, launch the Red\nHat Update Agent with the following command: up2date\";\n\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.64453\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-07-29 19:28:37 +0200 (Wed, 29 Jul 2009)\");\n script_cve_id(\"CVE-2007-2052\", \"CVE-2007-4965\", \"CVE-2008-1721\", \"CVE-2008-1887\", \"CVE-2008-2315\", \"CVE-2008-3142\", \"CVE-2008-3143\", \"CVE-2008-3144\", \"CVE-2008-4864\", \"CVE-2008-5031\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"RedHat Security Advisory RHSA-2009:1176\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"http://rhn.redhat.com/errata/RHSA-2009-1176.html\");\n script_xref(name : \"URL\" , value : \"http://www.redhat.com/security/updates/classification/#moderate\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"python\", rpm:\"python~2.4.3~24.el5_3.6\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"python-debuginfo\", rpm:\"python-debuginfo~2.4.3~24.el5_3.6\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"python-tools\", rpm:\"python-tools~2.4.3~24.el5_3.6\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"tkinter\", rpm:\"tkinter~2.4.3~24.el5_3.6\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"python-devel\", rpm:\"python-devel~2.4.3~24.el5_3.6\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-06T11:37:06", "description": "The remote host is missing updates to python announced in\nadvisory CESA-2009:1176.", "cvss3": {}, "published": "2009-08-17T00:00:00", "type": "openvas", "title": "CentOS Security Advisory CESA-2009:1176 (python)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2007-2052", "CVE-2008-1721", "CVE-2008-3143", "CVE-2008-4864", "CVE-2007-4965", "CVE-2008-3144", "CVE-2008-3142", "CVE-2008-2315", "CVE-2008-1887", "CVE-2008-5031"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:136141256231064583", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231064583", "sourceData": "#CESA-2009:1176 64583 2\n# $Id: ovcesa2009_1176.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory CESA-2009:1176 (python)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"For details on the issues addressed in this update,\nplease visit the referenced security advisories.\";\ntag_solution = \"Update the appropriate packages on your system.\n\nhttp://www.securityspace.com/smysecure/catid.html?in=CESA-2009:1176\nhttp://www.securityspace.com/smysecure/catid.html?in=RHSA-2009:1176\";\ntag_summary = \"The remote host is missing updates to python announced in\nadvisory CESA-2009:1176.\";\n\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.64583\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-08-17 16:54:45 +0200 (Mon, 17 Aug 2009)\");\n script_cve_id(\"CVE-2007-2052\", \"CVE-2007-4965\", \"CVE-2008-1721\", \"CVE-2008-1887\", \"CVE-2008-2315\", \"CVE-2008-3142\", \"CVE-2008-3143\", \"CVE-2008-3144\", \"CVE-2008-4864\", \"CVE-2008-5031\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"CentOS Security Advisory CESA-2009:1176 (python)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"python\", rpm:\"python~2.4.3~24.el5_3.6\", rls:\"CentOS5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"python-devel\", rpm:\"python-devel~2.4.3~24.el5_3.6\", rls:\"CentOS5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"python-tools\", rpm:\"python-tools~2.4.3~24.el5_3.6\", rls:\"CentOS5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"tkinter\", rpm:\"tkinter~2.4.3~24.el5_3.6\", rls:\"CentOS5\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:40:04", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2011-08-09T00:00:00", "type": "openvas", "title": "CentOS Update for python CESA-2009:1176 centos5 i386", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2007-2052", "CVE-2008-1721", "CVE-2008-3143", "CVE-2008-4864", "CVE-2007-4965", "CVE-2008-3144", "CVE-2008-3142", "CVE-2008-2315", "CVE-2008-1887", "CVE-2008-5031"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310880881", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310880881", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for python CESA-2009:1176 centos5 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2009-July/016050.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.880881\");\n script_version(\"$Revision: 14222 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 13:50:48 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-08-09 08:20:34 +0200 (Tue, 09 Aug 2011)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name:\"CESA\", value:\"2009:1176\");\n script_cve_id(\"CVE-2007-2052\", \"CVE-2007-4965\", \"CVE-2008-1721\", \"CVE-2008-1887\", \"CVE-2008-2315\", \"CVE-2008-3142\", \"CVE-2008-3143\", \"CVE-2008-3144\", \"CVE-2008-4864\", \"CVE-2008-5031\");\n script_name(\"CentOS Update for python CESA-2009:1176 centos5 i386\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'python'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS5\");\n script_tag(name:\"affected\", value:\"python on CentOS 5\");\n script_tag(name:\"insight\", value:\"Python is an interpreted, interactive, object-oriented programming\n language.\n\n When the assert() system call was disabled, an input sanitization flaw was\n revealed in the Python string object implementation that led to a buffer\n overflow. The missing check for negative size values meant the Python\n memory allocator could allocate less memory than expected. This could\n result in arbitrary code execution with the Python interpreter's\n privileges. (CVE-2008-1887)\n\n Multiple buffer and integer overflow flaws were found in the Python Unicode\n string processing and in the Python Unicode and string object\n implementations. An attacker could use these flaws to cause a denial of\n service (Python application crash). (CVE-2008-3142, CVE-2008-5031)\n\n Multiple integer overflow flaws were found in the Python imageop module. If\n a Python application used the imageop module to process untrusted images,\n it could cause the application to disclose sensitive information, crash or,\n potentially, execute arbitrary code with the Python interpreter's\n privileges. (CVE-2007-4965, CVE-2008-4864)\n\n Multiple integer underflow and overflow flaws were found in the Python\n snprintf() wrapper implementation. An attacker could use these flaws to\n cause a denial of service (memory corruption). (CVE-2008-3144)\n\n Multiple integer overflow flaws were found in various Python modules. An\n attacker could use these flaws to cause a denial of service (Python\n application crash). (CVE-2008-2315, CVE-2008-3143)\n\n An integer signedness error, leading to a buffer overflow, was found\n in the Python zlib extension module. If a Python application requested\n the negative byte count be flushed for a decompression stream, it could\n cause the application to crash or, potentially, execute arbitrary code\n with the Python interpreter's privileges. (CVE-2008-1721)\n\n A flaw was discovered in the strxfrm() function of the Python locale\n module. Strings generated by this function were not properly\n NULL-terminated, which could possibly cause disclosure of data stored in\n the memory of a Python application using this function. (CVE-2007-2052)\n\n Red Hat would like to thank David Remahl of the Apple Product Security team\n for responsibly reporting the CVE-2008-2315 issue.\n\n All Python users should upgrade to these updated packages, which contain\n backported patches to correct these issues.\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"python\", rpm:\"python~2.4.3~24.el5_3.6\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python-devel\", rpm:\"python-devel~2.4.3~24.el5_3.6\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python-tools\", rpm:\"python-tools~2.4.3~24.el5_3.6\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tkinter\", rpm:\"tkinter~2.4.3~24.el5_3.6\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2017-07-25T10:55:27", "description": "Check for the Version of python", "cvss3": {}, "published": "2011-08-09T00:00:00", "type": "openvas", "title": "CentOS Update for python CESA-2009:1176 centos5 i386", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2007-2052", "CVE-2008-1721", "CVE-2008-3143", "CVE-2008-4864", "CVE-2007-4965", "CVE-2008-3144", "CVE-2008-3142", "CVE-2008-2315", "CVE-2008-1887", "CVE-2008-5031"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:880881", "href": "http://plugins.openvas.org/nasl.php?oid=880881", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for python CESA-2009:1176 centos5 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Python is an interpreted, interactive, object-oriented programming\n language.\n\n When the assert() system call was disabled, an input sanitization flaw was\n revealed in the Python string object implementation that led to a buffer\n overflow. The missing check for negative size values meant the Python\n memory allocator could allocate less memory than expected. This could\n result in arbitrary code execution with the Python interpreter's\n privileges. (CVE-2008-1887)\n \n Multiple buffer and integer overflow flaws were found in the Python Unicode\n string processing and in the Python Unicode and string object\n implementations. An attacker could use these flaws to cause a denial of\n service (Python application crash). (CVE-2008-3142, CVE-2008-5031)\n \n Multiple integer overflow flaws were found in the Python imageop module. If\n a Python application used the imageop module to process untrusted images,\n it could cause the application to disclose sensitive information, crash or,\n potentially, execute arbitrary code with the Python interpreter's\n privileges. (CVE-2007-4965, CVE-2008-4864)\n \n Multiple integer underflow and overflow flaws were found in the Python\n snprintf() wrapper implementation. An attacker could use these flaws to\n cause a denial of service (memory corruption). (CVE-2008-3144)\n \n Multiple integer overflow flaws were found in various Python modules. An\n attacker could use these flaws to cause a denial of service (Python\n application crash). (CVE-2008-2315, CVE-2008-3143)\n \n An integer signedness error, leading to a buffer overflow, was found\n in the Python zlib extension module. If a Python application requested\n the negative byte count be flushed for a decompression stream, it could\n cause the application to crash or, potentially, execute arbitrary code\n with the Python interpreter's privileges. (CVE-2008-1721)\n \n A flaw was discovered in the strxfrm() function of the Python locale\n module. Strings generated by this function were not properly\n NULL-terminated, which could possibly cause disclosure of data stored in\n the memory of a Python application using this function. (CVE-2007-2052)\n \n Red Hat would like to thank David Remahl of the Apple Product Security team\n for responsibly reporting the CVE-2008-2315 issue.\n \n All Python users should upgrade to these updated packages, which contain\n backported patches to correct these issues.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"python on CentOS 5\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2009-July/016050.html\");\n script_id(880881);\n script_version(\"$Revision: 6653 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 13:46:53 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-08-09 08:20:34 +0200 (Tue, 09 Aug 2011)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"CESA\", value: \"2009:1176\");\n script_cve_id(\"CVE-2007-2052\", \"CVE-2007-4965\", \"CVE-2008-1721\", \"CVE-2008-1887\", \"CVE-2008-2315\", \"CVE-2008-3142\", \"CVE-2008-3143\", \"CVE-2008-3144\", \"CVE-2008-4864\", \"CVE-2008-5031\");\n script_name(\"CentOS Update for python CESA-2009:1176 centos5 i386\");\n\n script_summary(\"Check for the Version of python\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"python\", rpm:\"python~2.4.3~24.el5_3.6\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python-devel\", rpm:\"python-devel~2.4.3~24.el5_3.6\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python-tools\", rpm:\"python-tools~2.4.3~24.el5_3.6\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tkinter\", rpm:\"tkinter~2.4.3~24.el5_3.6\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-25T10:55:57", "description": "The remote host is missing updates to python announced in\nadvisory CESA-2009:1176.", "cvss3": {}, "published": "2009-08-17T00:00:00", "type": "openvas", "title": "CentOS Security Advisory CESA-2009:1176 (python)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2007-2052", "CVE-2008-1721", "CVE-2008-3143", "CVE-2008-4864", "CVE-2007-4965", "CVE-2008-3144", "CVE-2008-3142", "CVE-2008-2315", "CVE-2008-1887", "CVE-2008-5031"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:64583", "href": "http://plugins.openvas.org/nasl.php?oid=64583", "sourceData": "#CESA-2009:1176 64583 2\n# $Id: ovcesa2009_1176.nasl 6650 2017-07-10 11:43:12Z cfischer $\n# Description: Auto-generated from advisory CESA-2009:1176 (python)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"For details on the issues addressed in this update,\nplease visit the referenced security advisories.\";\ntag_solution = \"Update the appropriate packages on your system.\n\nhttp://www.securityspace.com/smysecure/catid.html?in=CESA-2009:1176\nhttp://www.securityspace.com/smysecure/catid.html?in=RHSA-2009:1176\";\ntag_summary = \"The remote host is missing updates to python announced in\nadvisory CESA-2009:1176.\";\n\n\n\nif(description)\n{\n script_id(64583);\n script_version(\"$Revision: 6650 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 13:43:12 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-08-17 16:54:45 +0200 (Mon, 17 Aug 2009)\");\n script_cve_id(\"CVE-2007-2052\", \"CVE-2007-4965\", \"CVE-2008-1721\", \"CVE-2008-1887\", \"CVE-2008-2315\", \"CVE-2008-3142\", \"CVE-2008-3143\", \"CVE-2008-3144\", \"CVE-2008-4864\", \"CVE-2008-5031\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"CentOS Security Advisory CESA-2009:1176 (python)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"python\", rpm:\"python~2.4.3~24.el5_3.6\", rls:\"CentOS5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"python-devel\", rpm:\"python-devel~2.4.3~24.el5_3.6\", rls:\"CentOS5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"python-tools\", rpm:\"python-tools~2.4.3~24.el5_3.6\", rls:\"CentOS5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"tkinter\", rpm:\"tkinter~2.4.3~24.el5_3.6\", rls:\"CentOS5\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:36:31", "description": "Oracle Linux Local Security Checks ELSA-2009-1176", "cvss3": {}, "published": "2015-10-08T00:00:00", "type": "openvas", "title": "Oracle Linux Local Check: ELSA-2009-1176", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2007-2052", "CVE-2008-1721", "CVE-2008-3143", "CVE-2008-4864", "CVE-2007-4965", "CVE-2008-3144", "CVE-2008-3142", "CVE-2008-2315", "CVE-2008-1887", "CVE-2008-5031"], "modified": "2018-09-28T00:00:00", "id": "OPENVAS:1361412562310122463", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310122463", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2009-1176.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.122463\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-08 14:45:52 +0300 (Thu, 08 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2009-1176\");\n script_tag(name:\"insight\", value:\"ELSA-2009-1176 - python security update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2009-1176\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2009-1176.html\");\n script_cve_id(\"CVE-2007-2052\", \"CVE-2007-4965\", \"CVE-2008-1721\", \"CVE-2008-1887\", \"CVE-2008-2315\", \"CVE-2008-3142\", \"CVE-2008-3143\", \"CVE-2008-3144\", \"CVE-2008-4864\", \"CVE-2008-5031\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux5\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux5\")\n{\n if ((res = isrpmvuln(pkg:\"python\", rpm:\"python~2.4.3~24.el5_3.6\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"python-devel\", rpm:\"python-devel~2.4.3~24.el5_3.6\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"python-tools\", rpm:\"python-tools~2.4.3~24.el5_3.6\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"tkinter\", rpm:\"tkinter~2.4.3~24.el5_3.6\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2017-07-27T10:55:43", "description": "The remote host is missing updates announced in\nadvisory RHSA-2009:1176.\n\nPython is an interpreted, interactive, object-oriented programming\nlanguage.\n\nWhen the assert() system call was disabled, an input sanitization flaw was\nrevealed in the Python string object implementation that led to a buffer\noverflow. The missing check for negative size values meant the Python\nmemory allocator could allocate less memory than expected. This could\nresult in arbitrary code execution with the Python interpreter's\nprivileges. (CVE-2008-1887)\n\nMultiple buffer and integer overflow flaws were found in the Python Unicode\nstring processing and in the Python Unicode and string object\nimplementations. An attacker could use these flaws to cause a denial of\nservice (Python application crash). (CVE-2008-3142, CVE-2008-5031)\n\nMultiple integer overflow flaws were found in the Python imageop module. If\na Python application used the imageop module to process untrusted images,\nit could cause the application to disclose sensitive information, crash or,\npotentially, execute arbitrary code with the Python interpreter's\nprivileges. (CVE-2007-4965, CVE-2008-4864)\n\nMultiple integer underflow and overflow flaws were found in the Python\nsnprintf() wrapper implementation. An attacker could use these flaws to\ncause a denial of service (memory corruption). (CVE-2008-3144)\n\nMultiple integer overflow flaws were found in various Python modules. An\nattacker could use these flaws to cause a denial of service (Python\napplication crash). (CVE-2008-2315, CVE-2008-3143)\n\nAn integer signedness error, leading to a buffer overflow, was found\nin the Python zlib extension module. If a Python application requested\nthe negative byte count be flushed for a decompression stream, it could\ncause the application to crash or, potentially, execute arbitrary code\nwith the Python interpreter's privileges. (CVE-2008-1721)\n\nA flaw was discovered in the strxfrm() function of the Python locale\nmodule. Strings generated by this function were not properly\nNULL-terminated, which could possibly cause disclosure of data stored in\nthe memory of a Python application using this function. (CVE-2007-2052)\n\nRed Hat would like to thank David Remahl of the Apple Product Security team\nfor responsibly reporting the CVE-2008-2315 issue.\n\nAll Python users should upgrade to these updated packages, which contain\nbackported patches to correct these issues.", "cvss3": {}, "published": "2009-07-29T00:00:00", "type": "openvas", "title": "RedHat Security Advisory RHSA-2009:1176", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2007-2052", "CVE-2008-1721", "CVE-2008-3143", "CVE-2008-4864", "CVE-2007-4965", "CVE-2008-3144", "CVE-2008-3142", "CVE-2008-2315", "CVE-2008-1887", "CVE-2008-5031"], "modified": "2017-07-12T00:00:00", "id": "OPENVAS:64453", "href": "http://plugins.openvas.org/nasl.php?oid=64453", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: RHSA_2009_1176.nasl 6683 2017-07-12 09:41:57Z cfischer $\n# Description: Auto-generated from advisory RHSA-2009:1176 ()\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates announced in\nadvisory RHSA-2009:1176.\n\nPython is an interpreted, interactive, object-oriented programming\nlanguage.\n\nWhen the assert() system call was disabled, an input sanitization flaw was\nrevealed in the Python string object implementation that led to a buffer\noverflow. The missing check for negative size values meant the Python\nmemory allocator could allocate less memory than expected. This could\nresult in arbitrary code execution with the Python interpreter's\nprivileges. (CVE-2008-1887)\n\nMultiple buffer and integer overflow flaws were found in the Python Unicode\nstring processing and in the Python Unicode and string object\nimplementations. An attacker could use these flaws to cause a denial of\nservice (Python application crash). (CVE-2008-3142, CVE-2008-5031)\n\nMultiple integer overflow flaws were found in the Python imageop module. If\na Python application used the imageop module to process untrusted images,\nit could cause the application to disclose sensitive information, crash or,\npotentially, execute arbitrary code with the Python interpreter's\nprivileges. (CVE-2007-4965, CVE-2008-4864)\n\nMultiple integer underflow and overflow flaws were found in the Python\nsnprintf() wrapper implementation. An attacker could use these flaws to\ncause a denial of service (memory corruption). (CVE-2008-3144)\n\nMultiple integer overflow flaws were found in various Python modules. An\nattacker could use these flaws to cause a denial of service (Python\napplication crash). (CVE-2008-2315, CVE-2008-3143)\n\nAn integer signedness error, leading to a buffer overflow, was found\nin the Python zlib extension module. If a Python application requested\nthe negative byte count be flushed for a decompression stream, it could\ncause the application to crash or, potentially, execute arbitrary code\nwith the Python interpreter's privileges. (CVE-2008-1721)\n\nA flaw was discovered in the strxfrm() function of the Python locale\nmodule. Strings generated by this function were not properly\nNULL-terminated, which could possibly cause disclosure of data stored in\nthe memory of a Python application using this function. (CVE-2007-2052)\n\nRed Hat would like to thank David Remahl of the Apple Product Security team\nfor responsibly reporting the CVE-2008-2315 issue.\n\nAll Python users should upgrade to these updated packages, which contain\nbackported patches to correct these issues.\";\n\ntag_solution = \"Please note that this update is available via\nRed Hat Network. To use Red Hat Network, launch the Red\nHat Update Agent with the following command: up2date\";\n\n\n\nif(description)\n{\n script_id(64453);\n script_version(\"$Revision: 6683 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-12 11:41:57 +0200 (Wed, 12 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-07-29 19:28:37 +0200 (Wed, 29 Jul 2009)\");\n script_cve_id(\"CVE-2007-2052\", \"CVE-2007-4965\", \"CVE-2008-1721\", \"CVE-2008-1887\", \"CVE-2008-2315\", \"CVE-2008-3142\", \"CVE-2008-3143\", \"CVE-2008-3144\", \"CVE-2008-4864\", \"CVE-2008-5031\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"RedHat Security Advisory RHSA-2009:1176\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"http://rhn.redhat.com/errata/RHSA-2009-1176.html\");\n script_xref(name : \"URL\" , value : \"http://www.redhat.com/security/updates/classification/#moderate\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"python\", rpm:\"python~2.4.3~24.el5_3.6\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"python-debuginfo\", rpm:\"python-debuginfo~2.4.3~24.el5_3.6\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"python-tools\", rpm:\"python-tools~2.4.3~24.el5_3.6\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"tkinter\", rpm:\"tkinter~2.4.3~24.el5_3.6\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"python-devel\", rpm:\"python-devel~2.4.3~24.el5_3.6\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-06T11:37:18", "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n XFree86-Xprt\n XFree86-Xvfb\n XFree86-Xvnc\n XFree86-server\n XFree86-Xnest\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5027942 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/", "cvss3": {}, "published": "2009-10-10T00:00:00", "type": "openvas", "title": "SLES9: Security update for XFree86", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-2362", "CVE-2008-1379", "CVE-2008-1377", "CVE-2008-2361", "CVE-2008-2360"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:136141256231065321", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231065321", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: sles9p5027942.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Security update for XFree86\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n XFree86-Xprt\n XFree86-Xvfb\n XFree86-Xvnc\n XFree86-server\n XFree86-Xnest\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5027942 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/\";\n\ntag_solution = \"Please install the updates provided by SuSE.\";\n \nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.65321\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-10 16:11:46 +0200 (Sat, 10 Oct 2009)\");\n script_cve_id(\"CVE-2008-2360\", \"CVE-2008-2361\", \"CVE-2008-2362\", \"CVE-2008-1379\", \"CVE-2008-1377\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"SLES9: Security update for XFree86\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse_sles\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"XFree86-Xprt\", rpm:\"XFree86-Xprt~4.3.99.902~43.96\", rls:\"SLES9.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-09T11:39:42", "description": "Check for the Version of x11-server", "cvss3": {}, "published": "2009-04-09T00:00:00", "type": "openvas", "title": "Mandriva Update for x11-server MDVSA-2008:116 (x11-server)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-2362", "CVE-2008-1379", "CVE-2008-1377", "CVE-2008-2361", "CVE-2008-2360"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:1361412562310830493", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310830493", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for x11-server MDVSA-2008:116 (x11-server)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"An input validation flaw was found in X.org's Security and Record\n extensions. A malicious authorized client could exploit the issue\n to cause a denial of service (crash) or possibly execute arbitrary\n code with root privileges on the X.org server (CVE-2008-1377).\n\n An input validation flaw was found in X.org's MIT-SHM extension.\n A client connected to the X.org server could read arbitrary server\n memory, resulting in the disclosure of sensitive data of other users\n of the X.org server (CVE-2008-1379).\n \n Multiple integer overflows were found in X.org's Render extension.\n A malicious authorized client could explot these issues to cause a\n denial of service (crash) or possibly execute arbitrary code with\n root privileges on the X.org server (CVE-2008-2360, CVE-2008-2361,\n CVE-2008-2362).\n \n In addition, this update corrects a problem that could cause memory\n corruption or segfaults in the render code of the vnc server on\n Mandriva Linux 2008.1\n \n The updated packages have been patched to prevent these issues.\";\n\ntag_affected = \"x11-server on Mandriva Linux 2007.1,\n Mandriva Linux 2007.1/X86_64,\n Mandriva Linux 2008.0,\n Mandriva Linux 2008.0/X86_64,\n Mandriva Linux 2008.1,\n Mandriva Linux 2008.1/X86_64\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.mandriva.com/security-announce/2008-06/msg00026.php\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.830493\");\n script_version(\"$Revision: 9370 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:53:14 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-04-09 14:26:37 +0200 (Thu, 09 Apr 2009)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"MDVSA\", value: \"2008:116\");\n script_cve_id(\"CVE-2008-1377\", \"CVE-2008-1379\", \"CVE-2008-2360\", \"CVE-2008-2361\", \"CVE-2008-2362\");\n script_name( \"Mandriva Update for x11-server MDVSA-2008:116 (x11-server)\");\n\n script_tag(name:\"summary\", value:\"Check for the Version of x11-server\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"MNDK_2007.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"x11-server\", rpm:\"x11-server~1.2.0~9.5mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x11-server-common\", rpm:\"x11-server-common~1.2.0~9.5mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x11-server-devel\", rpm:\"x11-server-devel~1.2.0~9.5mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x11-server-xati\", rpm:\"x11-server-xati~1.2.0~9.5mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x11-server-xchips\", rpm:\"x11-server-xchips~1.2.0~9.5mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x11-server-xdmx\", rpm:\"x11-server-xdmx~1.2.0~9.5mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x11-server-xephyr\", rpm:\"x11-server-xephyr~1.2.0~9.5mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x11-server-xepson\", rpm:\"x11-server-xepson~1.2.0~9.5mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x11-server-xfake\", rpm:\"x11-server-xfake~1.2.0~9.5mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x11-server-xfbdev\", rpm:\"x11-server-xfbdev~1.2.0~9.5mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x11-server-xgl\", rpm:\"x11-server-xgl~0.0.1~0.20070105.4.4mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x11-server-xi810\", rpm:\"x11-server-xi810~1.2.0~9.5mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x11-server-xmach64\", rpm:\"x11-server-xmach64~1.2.0~9.5mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x11-server-xmga\", rpm:\"x11-server-xmga~1.2.0~9.5mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x11-server-xneomagic\", rpm:\"x11-server-xneomagic~1.2.0~9.5mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x11-server-xnest\", rpm:\"x11-server-xnest~1.2.0~9.5mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x11-server-xnvidia\", rpm:\"x11-server-xnvidia~1.2.0~9.5mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x11-server-xorg\", rpm:\"x11-server-xorg~1.2.0~9.5mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x11-server-xpm2\", rpm:\"x11-server-xpm2~1.2.0~9.5mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x11-server-xprt\", rpm:\"x11-server-xprt~1.2.0~9.5mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x11-server-xr128\", rpm:\"x11-server-xr128~1.2.0~9.5mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x11-server-xsdl\", rpm:\"x11-server-xsdl~1.2.0~9.5mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x11-server-xsmi\", rpm:\"x11-server-xsmi~1.2.0~9.5mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x11-server-xvesa\", rpm:\"x11-server-xvesa~1.2.0~9.5mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x11-server-xvfb\", rpm:\"x11-server-xvfb~1.2.0~9.5mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x11-server-xvia\", rpm:\"x11-server-xvia~1.2.0~9.5mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x11-server-xvnc\", rpm:\"x11-server-xvnc~1.2.0~9.5mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_2008.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"x11-server\", rpm:\"x11-server~1.3.0.0~24.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x11-server-common\", rpm:\"x11-server-common~1.3.0.0~24.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x11-server-devel\", rpm:\"x11-server-devel~1.3.0.0~24.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x11-server-xati\", rpm:\"x11-server-xati~1.3.0.0~24.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x11-server-xchips\", rpm:\"x11-server-xchips~1.3.0.0~24.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x11-server-xdmx\", rpm:\"x11-server-xdmx~1.3.0.0~24.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x11-server-xephyr\", rpm:\"x11-server-xephyr~1.3.0.0~24.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x11-server-xepson\", rpm:\"x11-server-xepson~1.3.0.0~24.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x11-server-xfake\", rpm:\"x11-server-xfake~1.3.0.0~24.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x11-server-xfbdev\", rpm:\"x11-server-xfbdev~1.3.0.0~24.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x11-server-xgl\", rpm:\"x11-server-xgl~0.0.1~0.20070917.2.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x11-server-xi810\", rpm:\"x11-server-xi810~1.3.0.0~24.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x11-server-xmach64\", rpm:\"x11-server-xmach64~1.3.0.0~24.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x11-server-xmga\", rpm:\"x11-server-xmga~1.3.0.0~24.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x11-server-xneomagic\", rpm:\"x11-server-xneomagic~1.3.0.0~24.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x11-server-xnest\", rpm:\"x11-server-xnest~1.3.0.0~24.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x11-server-xnvidia\", rpm:\"x11-server-xnvidia~1.3.0.0~24.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x11-server-xorg\", rpm:\"x11-server-xorg~1.3.0.0~24.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x11-server-xpm2\", rpm:\"x11-server-xpm2~1.3.0.0~24.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x11-server-xr128\", rpm:\"x11-server-xr128~1.3.0.0~24.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x11-server-xsdl\", rpm:\"x11-server-xsdl~1.3.0.0~24.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x11-server-xsmi\", rpm:\"x11-server-xsmi~1.3.0.0~24.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x11-server-xvesa\", rpm:\"x11-server-xvesa~1.3.0.0~24.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x11-server-xvfb\", rpm:\"x11-server-xvfb~1.3.0.0~24.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x11-server-xvia\", rpm:\"x11-server-xvia~1.3.0.0~24.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x11-server-xvnc\", rpm:\"x11-server-xvnc~1.3.0.0~24.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_2008.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"x11-server\", rpm:\"x11-server~1.4.0.90~13.2mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x11-server-common\", rpm:\"x11-server-common~1.4.0.90~13.2mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x11-server-devel\", rpm:\"x11-server-devel~1.4.0.90~13.2mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x11-server-xati\", rpm:\"x11-server-xati~1.4.0.90~13.2mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x11-server-xchips\", rpm:\"x11-server-xchips~1.4.0.90~13.2mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x11-server-xephyr\", rpm:\"x11-server-xephyr~1.4.0.90~13.2mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x11-server-xepson\", rpm:\"x11-server-xepson~1.4.0.90~13.2mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x11-server-xfake\", rpm:\"x11-server-xfake~1.4.0.90~13.2mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x11-server-xfbdev\", rpm:\"x11-server-xfbdev~1.4.0.90~13.2mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x11-server-xgl\", rpm:\"x11-server-xgl~0.0.1~0.20070917.2.3mdv2008.0\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x11-server-xi810\", rpm:\"x11-server-xi810~1.4.0.90~13.2mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x11-server-xmach64\", rpm:\"x11-server-xmach64~1.4.0.90~13.2mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x11-server-xmga\", rpm:\"x11-server-xmga~1.4.0.90~13.2mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x11-server-xnest\", rpm:\"x11-server-xnest~1.4.0.90~13.2mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x11-server-xnvidia\", rpm:\"x11-server-xnvidia~1.4.0.90~13.2mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x11-server-xorg\", rpm:\"x11-server-xorg~1.4.0.90~13.2mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x11-server-xpm2\", rpm:\"x11-server-xpm2~1.4.0.90~13.2mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x11-server-xr128\", rpm:\"x11-server-xr128~1.4.0.90~13.2mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x11-server-xsdl\", rpm:\"x11-server-xsdl~1.4.0.90~13.2mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x11-server-xsmi\", rpm:\"x11-server-xsmi~1.4.0.90~13.2mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x11-server-xvesa\", rpm:\"x11-server-xvesa~1.4.0.90~13.2mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x11-server-xvfb\", rpm:\"x11-server-xvfb~1.4.0.90~13.2mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x11-server-xvia\", rpm:\"x11-server-xvia~1.4.0.90~13.2mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x11-server-xvnc\", rpm:\"x11-server-xvnc~1.4.0.90~13.2mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:38:36", "description": "The remote host is missing an update as announced\nvia advisory SSA:2008-183-01.", "cvss3": {}, "published": "2012-09-11T00:00:00", "type": "openvas", "title": "Slackware Advisory SSA:2008-183-01 xorg-server", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-2362", "CVE-2008-1379", "CVE-2008-1377", "CVE-2008-2361", "CVE-2008-2360"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:136141256231061460", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231061460", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: esoft_slk_ssa_2008_183_01.nasl 14202 2019-03-15 09:16:15Z cfischer $\n# Description: Auto-generated from the corresponding slackware advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.61460\");\n script_tag(name:\"creation_date\", value:\"2012-09-11 01:34:21 +0200 (Tue, 11 Sep 2012)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 10:16:15 +0100 (Fri, 15 Mar 2019) $\");\n script_cve_id(\"CVE-2008-1377\", \"CVE-2008-1379\", \"CVE-2008-2360\", \"CVE-2008-2361\", \"CVE-2008-2362\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_version(\"$Revision: 14202 $\");\n script_name(\"Slackware Advisory SSA:2008-183-01 xorg-server\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Slackware Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/slackware_linux\", \"ssh/login/slackpack\", re:\"ssh/login/release=SLK12\\.1\");\n\n script_xref(name:\"URL\", value:\"https://secure1.securityspace.com/smysecure/catid.html?in=SSA:2008-183-01\");\n\n script_tag(name:\"insight\", value:\"New xorg-server packages are available for Slackware 12.1 and -current to\nfix security issues in xorg-server 1.4 prior to version 1.4.2.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to the new package(s).\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update as announced\nvia advisory SSA:2008-183-01.\");\n\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-slack.inc\");\n\nreport = \"\";\nres = \"\";\n\nif((res = isslkpkgvuln(pkg:\"xorg-server\", ver:\"1.4.2-i486-1_slack12.1\", rls:\"SLK12.1\")) != NULL) {\n report += res;\n}\nif((res = isslkpkgvuln(pkg:\"xorg-server-xnest\", ver:\"1.4.2-i486-1_slack12.1\", rls:\"SLK12.1\")) != NULL) {\n report += res;\n}\nif((res = isslkpkgvuln(pkg:\"xorg-server-xvfb\", ver:\"1.4.2-i486-1_slack12.1\", rls:\"SLK12.1\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2018-04-09T11:39:31", "description": "Check for the Version of xorg-x11-server", "cvss3": {}, "published": "2009-03-06T00:00:00", "type": "openvas", "title": "RedHat Update for xorg-x11-server RHSA-2008:0504-01", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-2362", "CVE-2008-1379", "CVE-2008-1377", "CVE-2008-2361", "CVE-2008-2360"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:1361412562310870148", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310870148", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for xorg-x11-server RHSA-2008:0504-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"X.Org is an open source implementation of the X Window System. It provides\n basic low-level functionality that full-fledged graphical user interfaces\n are designed upon.\n\n An input validation flaw was discovered in X.org's Security and Record\n extensions. A malicious authorized client could exploit this issue to cause\n a denial of service (crash) or, potentially, execute arbitrary code with\n root privileges on the X.Org server. (CVE-2008-1377)\n \n Multiple integer overflow flaws were found in X.org's Render extension. A\n malicious authorized client could exploit these issues to cause a denial of\n service (crash) or, potentially, execute arbitrary code with root\n privileges on the X.Org server. (CVE-2008-2360, CVE-2008-2361,\n CVE-2008-2362)\n \n An input validation flaw was discovered in X.org's MIT-SHM extension. A\n client connected to the X.org server could read arbitrary server memory.\n This could result in the sensitive data of other users of the X.org server\n being disclosed. (CVE-2008-1379)\n \n Users of xorg-x11-server should upgrade to these updated packages, which\n contain backported patches to resolve these issues.\";\n\ntag_affected = \"xorg-x11-server on Red Hat Enterprise Linux (v. 5 server)\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/rhsa-announce/2008-June/msg00010.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.870148\");\n script_version(\"$Revision: 9370 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:53:14 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-03-06 07:30:35 +0100 (Fri, 06 Mar 2009)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"RHSA\", value: \"2008:0504-01\");\n script_cve_id(\"CVE-2008-1377\", \"CVE-2008-1379\", \"CVE-2008-2360\", \"CVE-2008-2361\", \"CVE-2008-2362\");\n script_name( \"RedHat Update for xorg-x11-server RHSA-2008:0504-01\");\n\n script_tag(name:\"summary\", value:\"Check for the Version of xorg-x11-server\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"RHENT_5\")\n{\n\n if ((res = isrpmvuln(pkg:\"xorg-x11-server-Xdmx\", rpm:\"xorg-x11-server-Xdmx~1.1.1~48.41.el5_2.1\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xorg-x11-server-Xephyr\", rpm:\"xorg-x11-server-Xephyr~1.1.1~48.41.el5_2.1\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xorg-x11-server-Xnest\", rpm:\"xorg-x11-server-Xnest~1.1.1~48.41.el5_2.1\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xorg-x11-server-Xorg\", rpm:\"xorg-x11-server-Xorg~1.1.1~48.41.el5_2.1\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xorg-x11-server-Xvfb\", rpm:\"xorg-x11-server-Xvfb~1.1.1~48.41.el5_2.1\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xorg-x11-server-debuginfo\", rpm:\"xorg-x11-server-debuginfo~1.1.1~48.41.el5_2.1\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xorg-x11-server-randr-source\", rpm:\"xorg-x11-server-randr-source~1.1.1~48.41.el5_2.1\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xorg-x11-server-sdk\", rpm:\"xorg-x11-server-sdk~1.1.1~48.41.el5_2.1\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:36:21", "description": "Oracle Linux Local Security Checks ELSA-2008-0504", "cvss3": {}, "published": "2015-10-08T00:00:00", "type": "openvas", "title": "Oracle Linux Local Check: ELSA-2008-0504", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-2362", "CVE-2008-1379", "CVE-2008-1377", "CVE-2008-2361", "CVE-2008-2360"], "modified": "2018-09-28T00:00:00", "id": "OPENVAS:1361412562310122577", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310122577", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2008-0504.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.122577\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-08 14:48:30 +0300 (Thu, 08 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2008-0504\");\n script_tag(name:\"insight\", value:\"ELSA-2008-0504 - xorg-x11-server security update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2008-0504\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2008-0504.html\");\n script_cve_id(\"CVE-2008-1377\", \"CVE-2008-1379\", \"CVE-2008-2360\", \"CVE-2008-2361\", \"CVE-2008-2362\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux5\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux5\")\n{\n if ((res = isrpmvuln(pkg:\"xorg-x11-server-Xdmx\", rpm:\"xorg-x11-server-Xdmx~1.1.1~48.41.0.1.el5_2.1\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"xorg-x11-server-Xephyr\", rpm:\"xorg-x11-server-Xephyr~1.1.1~48.41.0.1.el5_2.1\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"xorg-x11-server-Xnest\", rpm:\"xorg-x11-server-Xnest~1.1.1~48.41.0.1.el5_2.1\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"xorg-x11-server-Xorg\", rpm:\"xorg-x11-server-Xorg~1.1.1~48.41.0.1.el5_2.1\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"xorg-x11-server-Xvfb\", rpm:\"xorg-x11-server-Xvfb~1.1.1~48.41.0.1.el5_2.1\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"xorg-x11-server-randr-source\", rpm:\"xorg-x11-server-randr-source~1.1.1~48.41.0.1.el5_2.1\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"xorg-x11-server-sdk\", rpm:\"xorg-x11-server-sdk~1.1.1~48.41.0.1.el5_2.1\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2017-07-26T08:55:32", "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n xorg-x11-Xnest\n xorg-x11-Xvfb\n xorg-x11-Xvnc\n xorg-x11-server\n\n\nMore details may also be found by searching for the SuSE\nEnterprise Server 10 patch database located at\nhttp://download.novell.com/patch/finder/", "cvss3": {}, "published": "2009-10-13T00:00:00", "type": "openvas", "title": "SLES10: Security update for X.org", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-2362", "CVE-2008-1379", "CVE-2008-1377", "CVE-2008-2361", "CVE-2008-2360"], "modified": "2017-07-11T00:00:00", "id": "OPENVAS:65763", "href": "http://plugins.openvas.org/nasl.php?oid=65763", "sourceData": "#\n#VID slesp2-xorg-x11-Xnest-5321\n# OpenVAS Vulnerability Test\n# $\n# Description: Security update for X.org\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n xorg-x11-Xnest\n xorg-x11-Xvfb\n xorg-x11-Xvnc\n xorg-x11-server\n\n\nMore details may also be found by searching for the SuSE\nEnterprise Server 10 patch database located at\nhttp://download.novell.com/patch/finder/\";\n\ntag_solution = \"Please install the updates provided by SuSE.\";\n\nif(description)\n{\n script_id(65763);\n script_version(\"$Revision: 6666 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-11 15:13:36 +0200 (Tue, 11 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-13 18:25:40 +0200 (Tue, 13 Oct 2009)\");\n script_cve_id(\"CVE-2008-2360\", \"CVE-2008-2361\", \"CVE-2008-2362\", \"CVE-2008-1379\", \"CVE-2008-1377\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"SLES10: Security update for X.org\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse_sles\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"xorg-x11-Xnest\", rpm:\"xorg-x11-Xnest~6.9.0~50.60\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xorg-x11-Xvfb\", rpm:\"xorg-x11-Xvfb~6.9.0~50.60\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xorg-x11-Xvnc\", rpm:\"xorg-x11-Xvnc~6.9.0~50.60\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xorg-x11-server\", rpm:\"xorg-x11-server~6.9.0~50.60\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-26T08:55:13", "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n XFree86-Xprt\n XFree86-Xvfb\n XFree86-Xvnc\n XFree86-server\n XFree86-Xnest\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5027942 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/", "cvss3": {}, "published": "2009-10-10T00:00:00", "type": "openvas", "title": "SLES9: Security update for XFree86", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-2362", "CVE-2008-1379", "CVE-2008-1377", "CVE-2008-2361", "CVE-2008-2360"], "modified": "2017-07-11T00:00:00", "id": "OPENVAS:65321", "href": "http://plugins.openvas.org/nasl.php?oid=65321", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: sles9p5027942.nasl 6666 2017-07-11 13:13:36Z cfischer $\n# Description: Security update for XFree86\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n XFree86-Xprt\n XFree86-Xvfb\n XFree86-Xvnc\n XFree86-server\n XFree86-Xnest\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5027942 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/\";\n\ntag_solution = \"Please install the updates provided by SuSE.\";\n \nif(description)\n{\n script_id(65321);\n script_version(\"$Revision: 6666 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-11 15:13:36 +0200 (Tue, 11 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-10 16:11:46 +0200 (Sat, 10 Oct 2009)\");\n script_cve_id(\"CVE-2008-2360\", \"CVE-2008-2361\", \"CVE-2008-2362\", \"CVE-2008-1379\", \"CVE-2008-1377\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"SLES9: Security update for XFree86\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse_sles\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"XFree86-Xprt\", rpm:\"XFree86-Xprt~4.3.99.902~43.96\", rls:\"SLES9.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-02T21:10:19", "description": "The remote host is missing an update to the system\nas announced in the referenced advisory.", "cvss3": {}, "published": "2008-09-04T00:00:00", "type": "openvas", "title": "FreeBSD Ports: xorg-server", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-2362", "CVE-2008-1379", "CVE-2008-1377", "CVE-2008-2361", "CVE-2008-2360"], "modified": "2016-10-05T00:00:00", "id": "OPENVAS:61190", "href": "http://plugins.openvas.org/nasl.php?oid=61190", "sourceData": "#\n#VID 800e8bd5-3acb-11dd-8842-001302a18722\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from vuxml or freebsd advisories\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The following package is affected: xorg-server\n\nCVE-2008-1377\nThe (1) SProcRecordCreateContext and (2) SProcRecordRegisterClients\nfunctions in the Record extension and the (3)\nSProcSecurityGenerateAuthorization function in the Security extension\nin the X server 1.4 in X.Org X11R7.3 allow context-dependent attackers\nto execute arbitrary code via requests with crafted length values that\nspecify an arbitrary number of bytes to be swapped on the heap, which\ntriggers heap corruption.\n\nCVE-2008-1379\nInteger overflow in the fbShmPutImage function in the MIT-SHM\nextension in the X server 1.4 in X.Org X11R7.3 allows\ncontext-dependent attackers to read arbitrary process memory via\ncrafted values for a Pixmap width and height.\n\nCVE-2008-2360\nInteger overflow in the AllocateGlyph function in the Render extension\nin the X server 1.4 in X.Org X11R7.3 allows context-dependent\nattackers to execute arbitrary code via unspecified request fields\nthat are used to calculate a heap buffer size, which triggers a\nheap-based buffer overflow.\n\nCVE-2008-2361\nInteger overflow in the ProcRenderCreateCursor function in the Render\nextension in the X server 1.4 in X.Org X11R7.3 allows\ncontext-dependent attackers to cause a denial of service (daemon\ncrash) via unspecified request fields that are used to calculate a\nglyph buffer size, which triggers a dereference of unmapped memory.\n\nCVE-2008-2362\nMultiple integer overflows in the Render extension in the X server 1.4\nin X.Org X11R7.3 allow context-dependent attackers to execute\narbitrary code via a (1) SProcRenderCreateLinearGradient, (2)\nSProcRenderCreateRadialGradient, or (3)\nSProcRenderCreateConicalGradient request with an invalid field\nspecifying the number of bytes to swap in the request data, which\ntriggers heap memory corruption.\";\ntag_solution = \"Update your system with the appropriate patches or\nsoftware upgrades.\n\nhttp://lists.freedesktop.org/archives/xorg/2008-June/036026.html\nhttp://secunia.com/advisories/30627/\nhttp://www.vuxml.org/freebsd/800e8bd5-3acb-11dd-8842-001302a18722.html\";\ntag_summary = \"The remote host is missing an update to the system\nas announced in the referenced advisory.\";\n\n\nif(description)\n{\n script_id(61190);\n script_version(\"$Revision: 4218 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2016-10-05 16:20:48 +0200 (Wed, 05 Oct 2016) $\");\n script_tag(name:\"creation_date\", value:\"2008-09-04 20:41:11 +0200 (Thu, 04 Sep 2008)\");\n script_cve_id(\"CVE-2008-1377\", \"CVE-2008-1379\", \"CVE-2008-2360\", \"CVE-2008-2361\", \"CVE-2008-2362\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"FreeBSD Ports: xorg-server\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"FreeBSD Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/freebsdrel\", \"login/SSH/success\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-bsd.inc\");\n\ntxt = \"\";\nvuln = 0;\nbver = portver(pkg:\"xorg-server\");\nif(!isnull(bver) && revcomp(a:bver, b:\"1.4.2,1\")<0) {\n txt += 'Package xorg-server version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\n\nif(vuln) {\n security_message(data:string(txt));\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-24T12:50:51", "description": "The remote host is missing an update as announced\nvia advisory SSA:2008-183-01.", "cvss3": {}, "published": "2012-09-11T00:00:00", "type": "openvas", "title": "Slackware Advisory SSA:2008-183-01 xorg-server", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-2362", "CVE-2008-1379", "CVE-2008-1377", "CVE-2008-2361", "CVE-2008-2360"], "modified": "2017-07-07T00:00:00", "id": "OPENVAS:61460", "href": "http://plugins.openvas.org/nasl.php?oid=61460", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: esoft_slk_ssa_2008_183_01.nasl 6598 2017-07-07 09:36:44Z cfischer $\n# Description: Auto-generated from the corresponding slackware advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"New xorg-server packages are available for Slackware 12.1 and -current to\nfix security issues in xorg-server 1.4 prior to version 1.4.2.\";\ntag_summary = \"The remote host is missing an update as announced\nvia advisory SSA:2008-183-01.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=SSA:2008-183-01\";\n \nif(description)\n{\n script_id(61460);\n script_tag(name:\"creation_date\", value:\"2012-09-11 01:34:21 +0200 (Tue, 11 Sep 2012)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 11:36:44 +0200 (Fri, 07 Jul 2017) $\");\n script_cve_id(\"CVE-2008-1377\", \"CVE-2008-1379\", \"CVE-2008-2360\", \"CVE-2008-2361\", \"CVE-2008-2362\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_version(\"$Revision: 6598 $\");\n name = \"Slackware Advisory SSA:2008-183-01 xorg-server \";\n script_name(name);\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Slackware Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/slackware_linux\", \"ssh/login/slackpack\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-slack.inc\");\nvuln = 0;\nif(isslkpkgvuln(pkg:\"xorg-server\", ver:\"1.4.2-i486-1_slack12.1\", rls:\"SLK12.1\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"xorg-server-xnest\", ver:\"1.4.2-i486-1_slack12.1\", rls:\"SLK12.1\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"xorg-server-xvfb\", ver:\"1.4.2-i486-1_slack12.1\", rls:\"SLK12.1\")) {\n vuln = 1;\n}\n\nif(vuln) {\n security_message(0);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-24T12:50:24", "description": "The remote host is missing updates announced in\nadvisory GLSA 200806-07.", "cvss3": {}, "published": "2008-09-24T00:00:00", "type": "openvas", "title": "Gentoo Security Advisory GLSA 200806-07 (xorg-server)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-2362", "CVE-2008-1379", "CVE-2008-1377", "CVE-2008-2361", "CVE-2008-2360"], "modified": "2017-07-07T00:00:00", "id": "OPENVAS:61181", "href": "http://plugins.openvas.org/nasl.php?oid=61181", "sourceData": "# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from Gentoo's XML based advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Multiple vulnerabilities have been discovered in the X.Org X server,\npossibly allowing for the remote execution of arbitrary code with root\nprivileges.\";\ntag_solution = \"All X.org X Server users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=x11-base/xorg-server-1.3.0.0-r6'\n\nhttp://www.securityspace.com/smysecure/catid.html?in=GLSA%20200806-07\nhttp://bugs.gentoo.org/show_bug.cgi?id=225419\";\ntag_summary = \"The remote host is missing updates announced in\nadvisory GLSA 200806-07.\";\n\n \n\nif(description)\n{\n script_id(61181);\n script_version(\"$Revision: 6596 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 11:21:37 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-09-24 21:14:03 +0200 (Wed, 24 Sep 2008)\");\n script_cve_id(\"CVE-2008-1377\", \"CVE-2008-1379\", \"CVE-2008-2360\", \"CVE-2008-2361\", \"CVE-2008-2362\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Gentoo Security Advisory GLSA 200806-07 (xorg-server)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Gentoo Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-gentoo.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = ispkgvuln(pkg:\"x11-base/xorg-server\", unaffected: make_list(\"ge 1.3.0.0-r6\"), vulnerable: make_list(\"lt 1.3.0.0-r6\"))) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-06T11:38:14", "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n xorg-x11-Xnest\n xorg-x11-Xvfb\n xorg-x11-Xvnc\n xorg-x11-server\n\n\nMore details may also be found by searching for the SuSE\nEnterprise Server 10 patch database located at\nhttp://download.novell.com/patch/finder/", "cvss3": {}, "published": "2009-10-13T00:00:00", "type": "openvas", "title": "SLES10: Security update for X.org", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-2362", "CVE-2008-1379", "CVE-2008-1377", "CVE-2008-2361", "CVE-2008-2360"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:136141256231065763", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231065763", "sourceData": "#\n#VID slesp2-xorg-x11-Xnest-5321\n# OpenVAS Vulnerability Test\n# $\n# Description: Security update for X.org\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n xorg-x11-Xnest\n xorg-x11-Xvfb\n xorg-x11-Xvnc\n xorg-x11-server\n\n\nMore details may also be found by searching for the SuSE\nEnterprise Server 10 patch database located at\nhttp://download.novell.com/patch/finder/\";\n\ntag_solution = \"Please install the updates provided by SuSE.\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.65763\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-13 18:25:40 +0200 (Tue, 13 Oct 2009)\");\n script_cve_id(\"CVE-2008-2360\", \"CVE-2008-2361\", \"CVE-2008-2362\", \"CVE-2008-1379\", \"CVE-2008-1377\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"SLES10: Security update for X.org\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse_sles\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"xorg-x11-Xnest\", rpm:\"xorg-x11-Xnest~6.9.0~50.60\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xorg-x11-Xvfb\", rpm:\"xorg-x11-Xvfb~6.9.0~50.60\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xorg-x11-Xvnc\", rpm:\"xorg-x11-Xvnc~6.9.0~50.60\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xorg-x11-server\", rpm:\"xorg-x11-server~6.9.0~50.60\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-25T10:56:34", "description": "Check for the Version of xorg-x11-server", "cvss3": {}, "published": "2009-02-17T00:00:00", "type": "openvas", "title": "Fedora Update for xorg-x11-server FEDORA-2008-5285", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-2362", "CVE-2008-1379", "CVE-2008-1377", "CVE-2008-2361", "CVE-2008-2360"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:860284", "href": "http://plugins.openvas.org/nasl.php?oid=860284", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for xorg-x11-server FEDORA-2008-5285\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"xorg-x11-server on Fedora 7\";\ntag_insight = \"X.Org X11 X server\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00556.html\");\n script_id(860284);\n script_version(\"$Revision: 6623 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:10:20 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-17 16:50:22 +0100 (Tue, 17 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"FEDORA\", value: \"2008-5285\");\n script_cve_id(\"CVE-2008-1379\", \"CVE-2008-2362\", \"CVE-2008-1377\", \"CVE-2008-2361\", \"CVE-2008-2360\");\n script_name( \"Fedora Update for xorg-x11-server FEDORA-2008-5285\");\n\n script_summary(\"Check for the Version of xorg-x11-server\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC7\")\n{\n\n if ((res = isrpmvuln(pkg:\"xorg-x11-server\", rpm:\"xorg-x11-server~1.3.0.0~17.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-12-04T11:29:17", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-616-1", "cvss3": {}, "published": "2009-03-23T00:00:00", "type": "openvas", "title": "Ubuntu Update for xorg-server vulnerabilities USN-616-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-2362", "CVE-2008-1379", "CVE-2008-1377", "CVE-2008-2361", "CVE-2008-2360"], "modified": "2017-12-01T00:00:00", "id": "OPENVAS:840329", "href": "http://plugins.openvas.org/nasl.php?oid=840329", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_616_1.nasl 7969 2017-12-01 09:23:16Z santu $\n#\n# Ubuntu Update for xorg-server vulnerabilities USN-616-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Multiple flaws were found in the RENDER, RECORD, and Security\n extensions of X.org which did not correctly validate function arguments.\n An authenticated attacker could send specially crafted requests and gain\n root privileges or crash X. (CVE-2008-1377, CVE-2008-2360, CVE-2008-2361,\n CVE-2008-2362)\n\n It was discovered that the MIT-SHM extension of X.org did not correctly\n validate the location of memory during an image copy. An authenticated\n attacker could exploit this to read arbitrary memory locations within X,\n exposing sensitive information. (CVE-2008-1379)\";\n\ntag_summary = \"Ubuntu Update for Linux kernel vulnerabilities USN-616-1\";\ntag_affected = \"xorg-server vulnerabilities on Ubuntu 6.06 LTS ,\n Ubuntu 7.04 ,\n Ubuntu 7.10 ,\n Ubuntu 8.04 LTS\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-616-1/\");\n script_id(840329);\n script_version(\"$Revision: 7969 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-01 10:23:16 +0100 (Fri, 01 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-03-23 10:59:50 +0100 (Mon, 23 Mar 2009)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"USN\", value: \"616-1\");\n script_cve_id(\"CVE-2008-1377\", \"CVE-2008-1379\", \"CVE-2008-2360\", \"CVE-2008-2361\", \"CVE-2008-2362\");\n script_name( \"Ubuntu Update for xorg-server vulnerabilities USN-616-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU6.06 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"xnest\", ver:\"1.0.2-0ubuntu10.13\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"xserver-xorg-core\", ver:\"1.0.2-0ubuntu10.13\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"xserver-xorg-dev\", ver:\"1.0.2-0ubuntu10.13\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"xvfb\", ver:\"1.0.2-0ubuntu10.13\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"xdmx-tools\", ver:\"1.0.2-0ubuntu10.13\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"xdmx\", ver:\"1.0.2-0ubuntu10.13\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU7.04\")\n{\n\n if ((res = isdpkgvuln(pkg:\"xnest\", ver:\"1.2.0-3ubuntu8.4\", rls:\"UBUNTU7.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"xserver-xorg-core\", ver:\"1.2.0-3ubuntu8.4\", rls:\"UBUNTU7.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"xserver-xorg-dev\", ver:\"1.2.0-3ubuntu8.4\", rls:\"UBUNTU7.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"xvfb\", ver:\"1.2.0-3ubuntu8.4\", rls:\"UBUNTU7.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"xdmx-tools\", ver:\"1.2.0-3ubuntu8.4\", rls:\"UBUNTU7.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"xdmx\", ver:\"1.2.0-3ubuntu8.4\", rls:\"UBUNTU7.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"xserver-xephyr\", ver:\"1.2.0-3ubuntu8.4\", rls:\"UBUNTU7.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU8.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"xnest\", ver:\"1.4.1~git20080131-1ubuntu9.2\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"xserver-xephyr\", ver:\"1.4.1~git20080131-1ubuntu9.2\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"xserver-xorg-core-dbg\", ver:\"1.4.1~git20080131-1ubuntu9.2\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"xserver-xorg-core\", ver:\"1.4.1~git20080131-1ubuntu9.2\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"xserver-xorg-dev\", ver:\"1.4.1~git20080131-1ubuntu9.2\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"xvfb\", ver:\"1.4.1~git20080131-1ubuntu9.2\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU7.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"xnest\", ver:\"1.3.0.0.dfsg-12ubuntu8.4\", rls:\"UBUNTU7.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"xserver-xephyr\", ver:\"1.3.0.0.dfsg-12ubuntu8.4\", rls:\"UBUNTU7.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"xserver-xorg-core-dbg\", ver:\"1.3.0.0.dfsg-12ubuntu8.4\", rls:\"UBUNTU7.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"xserver-xorg-core\", ver:\"1.3.0.0.dfsg-12ubuntu8.4\", rls:\"UBUNTU7.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"xserver-xorg-dev\", ver:\"1.3.0.0.dfsg-12ubuntu8.4\", rls:\"UBUNTU7.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"xvfb\", ver:\"1.3.0.0.dfsg-12ubuntu8.4\", rls:\"UBUNTU7.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"xdmx-tools\", ver:\"1.3.0.0.dfsg-12ubuntu8.4\", rls:\"UBUNTU7.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"xdmx\", ver:\"1.3.0.0.dfsg-12ubuntu8.4\", rls:\"UBUNTU7.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"xprint\", ver:\"1.3.0.0.dfsg-12ubuntu8.4\", rls:\"UBUNTU7.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"xprint-common\", ver:\"1.3.0.0.dfsg-12ubuntu8.4\", rls:\"UBUNTU7.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-24T12:56:28", "description": "Check for the Version of x11-server", "cvss3": {}, "published": "2009-04-09T00:00:00", "type": "openvas", "title": "Mandriva Update for x11-server MDVSA-2008:116 (x11-server)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-2362", "CVE-2008-1379", "CVE-2008-1377", "CVE-2008-2361", "CVE-2008-2360"], "modified": "2017-07-06T00:00:00", "id": "OPENVAS:830493", "href": "http://plugins.openvas.org/nasl.php?oid=830493", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for x11-server MDVSA-2008:116 (x11-server)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"An input validation flaw was found in X.org's Security and Record\n extensions. A malicious authorized client could exploit the issue\n to cause a denial of service (crash) or possibly execute arbitrary\n code with root privileges on the X.org server (CVE-2008-1377).\n\n An input validation flaw was found in X.org's MIT-SHM extension.\n A client connected to the X.org server could read arbitrary server\n memory, resulting in the disclosure of sensitive data of other users\n of the X.org server (CVE-2008-1379).\n \n Multiple integer overflows were found in X.org's Render extension.\n A malicious authorized client could explot these issues to cause a\n denial of service (crash) or possibly execute arbitrary code with\n root privileges on the X.org server (CVE-2008-2360, CVE-2008-2361,\n CVE-2008-2362).\n \n In addition, this update corrects a problem that could cause memory\n corruption or segfaults in the render code of the vnc server on\n Mandriva Linux 2008.1\n \n The updated packages have been patched to prevent these issues.\";\n\ntag_affected = \"x11-server on Mandriva Linux 2007.1,\n Mandriva Linux 2007.1/X86_64,\n Mandriva Linux 2008.0,\n Mandriva Linux 2008.0/X86_64,\n Mandriva Linux 2008.1,\n Mandriva Linux 2008.1/X86_64\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.mandriva.com/security-announce/2008-06/msg00026.php\");\n script_id(830493);\n script_version(\"$Revision: 6568 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-06 15:04:21 +0200 (Thu, 06 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-04-09 14:26:37 +0200 (Thu, 09 Apr 2009)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"MDVSA\", value: \"2008:116\");\n script_cve_id(\"CVE-2008-1377\", \"CVE-2008-1379\", \"CVE-2008-2360\", \"CVE-2008-2361\", \"CVE-2008-2362\");\n script_name( \"Mandriva Update for x11-server MDVSA-2008:116 (x11-server)\");\n\n script_summary(\"Check for the Version of x11-server\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"MNDK_2007.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"x11-server\", rpm:\"x11-server~1.2.0~9.5mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x11-server-common\", rpm:\"x11-server-common~1.2.0~9.5mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x11-server-devel\", rpm:\"x11-server-devel~1.2.0~9.5mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x11-server-xati\", rpm:\"x11-server-xati~1.2.0~9.5mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x11-server-xchips\", rpm:\"x11-server-xchips~1.2.0~9.5mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x11-server-xdmx\", rpm:\"x11-server-xdmx~1.2.0~9.5mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x11-server-xephyr\", rpm:\"x11-server-xephyr~1.2.0~9.5mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x11-server-xepson\", rpm:\"x11-server-xepson~1.2.0~9.5mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x11-server-xfake\", rpm:\"x11-server-xfake~1.2.0~9.5mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x11-server-xfbdev\", rpm:\"x11-server-xfbdev~1.2.0~9.5mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x11-server-xgl\", rpm:\"x11-server-xgl~0.0.1~0.20070105.4.4mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x11-server-xi810\", rpm:\"x11-server-xi810~1.2.0~9.5mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x11-server-xmach64\", rpm:\"x11-server-xmach64~1.2.0~9.5mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x11-server-xmga\", rpm:\"x11-server-xmga~1.2.0~9.5mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x11-server-xneomagic\", rpm:\"x11-server-xneomagic~1.2.0~9.5mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x11-server-xnest\", rpm:\"x11-server-xnest~1.2.0~9.5mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x11-server-xnvidia\", rpm:\"x11-server-xnvidia~1.2.0~9.5mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x11-server-xorg\", rpm:\"x11-server-xorg~1.2.0~9.5mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x11-server-xpm2\", rpm:\"x11-server-xpm2~1.2.0~9.5mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x11-server-xprt\", rpm:\"x11-server-xprt~1.2.0~9.5mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x11-server-xr128\", rpm:\"x11-server-xr128~1.2.0~9.5mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x11-server-xsdl\", rpm:\"x11-server-xsdl~1.2.0~9.5mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x11-server-xsmi\", rpm:\"x11-server-xsmi~1.2.0~9.5mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x11-server-xvesa\", rpm:\"x11-server-xvesa~1.2.0~9.5mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x11-server-xvfb\", rpm:\"x11-server-xvfb~1.2.0~9.5mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x11-server-xvia\", rpm:\"x11-server-xvia~1.2.0~9.5mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x11-server-xvnc\", rpm:\"x11-server-xvnc~1.2.0~9.5mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_2008.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"x11-server\", rpm:\"x11-server~1.3.0.0~24.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x11-server-common\", rpm:\"x11-server-common~1.3.0.0~24.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x11-server-devel\", rpm:\"x11-server-devel~1.3.0.0~24.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x11-server-xati\", rpm:\"x11-server-xati~1.3.0.0~24.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x11-server-xchips\", rpm:\"x11-server-xchips~1.3.0.0~24.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x11-server-xdmx\", rpm:\"x11-server-xdmx~1.3.0.0~24.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x11-server-xephyr\", rpm:\"x11-server-xephyr~1.3.0.0~24.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x11-server-xepson\", rpm:\"x11-server-xepson~1.3.0.0~24.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x11-server-xfake\", rpm:\"x11-server-xfake~1.3.0.0~24.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x11-server-xfbdev\", rpm:\"x11-server-xfbdev~1.3.0.0~24.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x11-server-xgl\", rpm:\"x11-server-xgl~0.0.1~0.20070917.2.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x11-server-xi810\", rpm:\"x11-server-xi810~1.3.0.0~24.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x11-server-xmach64\", rpm:\"x11-server-xmach64~1.3.0.0~24.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x11-server-xmga\", rpm:\"x11-server-xmga~1.3.0.0~24.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x11-server-xneomagic\", rpm:\"x11-server-xneomagic~1.3.0.0~24.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x11-server-xnest\", rpm:\"x11-server-xnest~1.3.0.0~24.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x11-server-xnvidia\", rpm:\"x11-server-xnvidia~1.3.0.0~24.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x11-server-xorg\", rpm:\"x11-server-xorg~1.3.0.0~24.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x11-server-xpm2\", rpm:\"x11-server-xpm2~1.3.0.0~24.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x11-server-xr128\", rpm:\"x11-server-xr128~1.3.0.0~24.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x11-server-xsdl\", rpm:\"x11-server-xsdl~1.3.0.0~24.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x11-server-xsmi\", rpm:\"x11-server-xsmi~1.3.0.0~24.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x11-server-xvesa\", rpm:\"x11-server-xvesa~1.3.0.0~24.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x11-server-xvfb\", rpm:\"x11-server-xvfb~1.3.0.0~24.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x11-server-xvia\", rpm:\"x11-server-xvia~1.3.0.0~24.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x11-server-xvnc\", rpm:\"x11-server-xvnc~1.3.0.0~24.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_2008.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"x11-server\", rpm:\"x11-server~1.4.0.90~13.2mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x11-server-common\", rpm:\"x11-server-common~1.4.0.90~13.2mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x11-server-devel\", rpm:\"x11-server-devel~1.4.0.90~13.2mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x11-server-xati\", rpm:\"x11-server-xati~1.4.0.90~13.2mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x11-server-xchips\", rpm:\"x11-server-xchips~1.4.0.90~13.2mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x11-server-xephyr\", rpm:\"x11-server-xephyr~1.4.0.90~13.2mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x11-server-xepson\", rpm:\"x11-server-xepson~1.4.0.90~13.2mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x11-server-xfake\", rpm:\"x11-server-xfake~1.4.0.90~13.2mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x11-server-xfbdev\", rpm:\"x11-server-xfbdev~1.4.0.90~13.2mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x11-server-xgl\", rpm:\"x11-server-xgl~0.0.1~0.20070917.2.3mdv2008.0\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x11-server-xi810\", rpm:\"x11-server-xi810~1.4.0.90~13.2mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x11-server-xmach64\", rpm:\"x11-server-xmach64~1.4.0.90~13.2mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x11-server-xmga\", rpm:\"x11-server-xmga~1.4.0.90~13.2mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x11-server-xnest\", rpm:\"x11-server-xnest~1.4.0.90~13.2mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x11-server-xnvidia\", rpm:\"x11-server-xnvidia~1.4.0.90~13.2mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x11-server-xorg\", rpm:\"x11-server-xorg~1.4.0.90~13.2mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x11-server-xpm2\", rpm:\"x11-server-xpm2~1.4.0.90~13.2mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x11-server-xr128\", rpm:\"x11-server-xr128~1.4.0.90~13.2mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x11-server-xsdl\", rpm:\"x11-server-xsdl~1.4.0.90~13.2mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x11-server-xsmi\", rpm:\"x11-server-xsmi~1.4.0.90~13.2mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x11-server-xvesa\", rpm:\"x11-server-xvesa~1.4.0.90~13.2mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x11-server-xvfb\", rpm:\"x11-server-xvfb~1.4.0.90~13.2mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x11-server-xvia\", rpm:\"x11-server-xvia~1.4.0.90~13.2mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x11-server-xvnc\", rpm:\"x11-server-xvnc~1.4.0.90~13.2mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-24T12:50:08", "description": "The remote host is missing an update to xorg-server\nannounced via advisory DSA 1595-1.", "cvss3": {}, "published": "2008-06-28T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 1595-1 (xorg-server)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-2362", "CVE-2008-1379", "CVE-2008-1377", "CVE-2008-2361", "CVE-2008-2360"], "modified": "2017-07-07T00:00:00", "id": "OPENVAS:61171", "href": "http://plugins.openvas.org/nasl.php?oid=61171", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_1595_1.nasl 6616 2017-07-07 12:10:49Z cfischer $\n# Description: Auto-generated from advisory DSA 1595-1 (xorg-server)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Several local vulnerabilities have been discovered in the X Window system.\nThe Common Vulnerabilities and Exposures project identifies the following\nproblems:\n\nCVE-2008-1377\n\nLack of validation of the parameters of the\nSProcSecurityGenerateAuthorization SProcRecordCreateContext\nfunctions makes it possible for a specially crafted request to trigger\nthe swapping of bytes outside the parameter of these requests, causing\nmemory corruption.\n\nCVE-2008-1379\n\nAn integer overflow in the validation of the parameters of the\nShmPutImage() request makes it possible to trigger the copy of\narbitrary server memory to a pixmap that can subsequently be read by\nthe client, to read arbitrary parts of the X server memory space.\n\nCVE-2008-2360\n\nAn integer overflow may occur in the computation of the size of the\nglyph to be allocated by the AllocateGlyph() function which will cause\nless memory to be allocated than expected, leading to later heap\noverflow.\n\nCVE-2008-2361\n\nAn integer overflow may occur in the computation of the size of the\nglyph to be allocated by the ProcRenderCreateCursor() function which\nwill cause less memory to be allocated than expected, leading later\nto dereferencing un-mapped memory, causing a crash of the X server.\n\nCVE-2008-2362\n\nInteger overflows can also occur in the code validating the parameters\nfor the SProcRenderCreateLinearGradient, SProcRenderCreateRadialGradient\nand SProcRenderCreateConicalGradient functions, leading to memory\ncorruption by swapping bytes outside of the intended request\nparameters.\n\nFor the stable distribution (etch), these problems have been fixed in version\n2:1.1.1-21etch5.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 2:1.4.1~git20080517-2.\n\nWe recommend that you upgrade your xorg-server package.\";\ntag_summary = \"The remote host is missing an update to xorg-server\nannounced via advisory DSA 1595-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201595-1\";\n\n\nif(description)\n{\n script_id(61171);\n script_version(\"$Revision: 6616 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:10:49 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-06-28 00:42:46 +0200 (Sat, 28 Jun 2008)\");\n script_cve_id(\"CVE-2008-1377\", \"CVE-2008-1379\", \"CVE-2008-2360\", \"CVE-2008-2361\", \"CVE-2008-2362\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Debian Security Advisory DSA 1595-1 (xorg-server)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"xserver-xorg-dev\", ver:\"1.1.1-21etch5\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"xserver-xorg-core\", ver:\"1.1.1-21etch5\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"xdmx\", ver:\"1.1.1-21etch5\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"xnest\", ver:\"1.1.1-21etch5\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"xvfb\", ver:\"1.1.1-21etch5\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"xdmx-tools\", ver:\"1.1.1-21etch5\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"xserver-xephyr\", ver:\"1.1.1-21etch5\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-24T12:50:09", "description": "The remote host is missing updates announced in\nadvisory GLSA 200807-07.", "cvss3": {}, "published": "2008-09-24T00:00:00", "type": "openvas", "title": "Gentoo Security Advisory GLSA 200807-07 (nx, nxnode)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-2362", "CVE-2008-1379", "CVE-2008-1377", "CVE-2008-2361", "CVE-2008-2360"], "modified": "2017-07-07T00:00:00", "id": "OPENVAS:61382", "href": "http://plugins.openvas.org/nasl.php?oid=61382", "sourceData": "# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from Gentoo's XML based advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"NX uses code from the X.org X11 server which is prone to multiple\nvulnerabilities.\";\ntag_solution = \"All NX Node users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=net-misc/nxnode-3.2.0-r3'\n\nAll NX users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=net-misc/nx-3.2.0-r2'\n\nhttp://www.securityspace.com/smysecure/catid.html?in=GLSA%20200807-07\nhttp://bugs.gentoo.org/show_bug.cgi?id=230147\nhttp://www.gentoo.org/security/en/glsa/glsa-200806-07.xml\";\ntag_summary = \"The remote host is missing updates announced in\nadvisory GLSA 200807-07.\";\n\n \n\nif(description)\n{\n script_id(61382);\n script_cve_id(\"CVE-2008-1377\",\"CVE-2008-1379\",\"CVE-2008-2360\",\"CVE-2008-2361\",\"CVE-2008-2362\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_version(\"$Revision: 6596 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 11:21:37 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-09-24 21:14:03 +0200 (Wed, 24 Sep 2008)\");\n script_name(\"Gentoo Security Advisory GLSA 200807-07 (nx, nxnode)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Gentoo Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-gentoo.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = ispkgvuln(pkg:\"net-misc/nxnode\", unaffected: make_list(\"ge 3.2.0-r3\"), vulnerable: make_list(\"lt 3.2.0-r3\"))) != NULL) {\n report += res;\n}\nif ((res = ispkgvuln(pkg:\"net-misc/nx\", unaffected: make_list(\"ge 3.2.0-r2\"), vulnerable: make_list(\"lt 3.2.0-r2\"))) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-25T10:56:09", "description": "Check for the Version of xorg-x11-server", "cvss3": {}, "published": "2009-02-17T00:00:00", "type": "openvas", "title": "Fedora Update for xorg-x11-server FEDORA-2008-5254", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-2362", "CVE-2008-1379", "CVE-2008-1377", "CVE-2008-2361", "CVE-2008-2360"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:860198", "href": "http://plugins.openvas.org/nasl.php?oid=860198", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for xorg-x11-server FEDORA-2008-5254\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"xorg-x11-server on Fedora 9\";\ntag_insight = \"X.Org X11 X server\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00600.html\");\n script_id(860198);\n script_version(\"$Revision: 6623 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:10:20 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-17 16:50:22 +0100 (Tue, 17 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"FEDORA\", value: \"2008-5254\");\n script_cve_id(\"CVE-2008-2360\", \"CVE-2008-2361\", \"CVE-2008-2362\", \"CVE-2008-1379\", \"CVE-2008-1377\");\n script_name( \"Fedora Update for xorg-x11-server FEDORA-2008-5254\");\n\n script_summary(\"Check for the Version of xorg-x11-server\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC9\")\n{\n\n if ((res = isrpmvuln(pkg:\"xorg-x11-server\", rpm:\"xorg-x11-server~1.4.99.902~3.20080612.fc9\", rls:\"FC9\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-25T10:55:57", "description": "Check for the Version of xorg-x11-server", "cvss3": {}, "published": "2009-02-17T00:00:00", "type": "openvas", "title": "Fedora Update for xorg-x11-server FEDORA-2008-5279", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-2362", "CVE-2008-1379", "CVE-2008-1377", "CVE-2008-2361", "CVE-2008-2360"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:860048", "href": "http://plugins.openvas.org/nasl.php?oid=860048", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for xorg-x11-server FEDORA-2008-5279\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"xorg-x11-server on Fedora 8\";\ntag_insight = \"X.Org X11 X server\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00646.html\");\n script_id(860048);\n script_version(\"$Revision: 6623 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:10:20 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-17 16:50:22 +0100 (Tue, 17 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"FEDORA\", value: \"2008-5279\");\n script_cve_id(\"CVE-2008-2361\", \"CVE-2008-2360\", \"CVE-2008-1379\", \"CVE-2008-2362\", \"CVE-2008-1377\");\n script_name( \"Fedora Update for xorg-x11-server FEDORA-2008-5279\");\n\n script_summary(\"Check for the Version of xorg-x11-server\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC8\")\n{\n\n if ((res = isrpmvuln(pkg:\"xorg-x11-server\", rpm:\"xorg-x11-server~1.3.0.0~46.fc8\", rls:\"FC8\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-27T10:55:59", "description": "Check for the Version of xorg-x11-server", "cvss3": {}, "published": "2009-03-06T00:00:00", "type": "openvas", "title": "RedHat Update for xorg-x11-server RHSA-2008:0504-01", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-2362", "CVE-2008-1379", "CVE-2008-1377", "CVE-2008-2361", "CVE-2008-2360"], "modified": "2017-07-12T00:00:00", "id": "OPENVAS:870148", "href": "http://plugins.openvas.org/nasl.php?oid=870148", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for xorg-x11-server RHSA-2008:0504-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"X.Org is an open source implementation of the X Window System. It provides\n basic low-level functionality that full-fledged graphical user interfaces\n are designed upon.\n\n An input validation flaw was discovered in X.org's Security and Record\n extensions. A malicious authorized client could exploit this issue to cause\n a denial of service (crash) or, potentially, execute arbitrary code with\n root privileges on the X.Org server. (CVE-2008-1377)\n \n Multiple integer overflow flaws were found in X.org's Render extension. A\n malicious authorized client could exploit these issues to cause a denial of\n service (crash) or, potentially, execute arbitrary code with root\n privileges on the X.Org server. (CVE-2008-2360, CVE-2008-2361,\n CVE-2008-2362)\n \n An input validation flaw was discovered in X.org's MIT-SHM extension. A\n client connected to the X.org server could read arbitrary server memory.\n This could result in the sensitive data of other users of the X.org server\n being disclosed. (CVE-2008-1379)\n \n Users of xorg-x11-server should upgrade to these updated packages, which\n contain backported patches to resolve these issues.\";\n\ntag_affected = \"xorg-x11-server on Red Hat Enterprise Linux (v. 5 server)\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/rhsa-announce/2008-June/msg00010.html\");\n script_id(870148);\n script_version(\"$Revision: 6683 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-12 11:41:57 +0200 (Wed, 12 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-03-06 07:30:35 +0100 (Fri, 06 Mar 2009)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"RHSA\", value: \"2008:0504-01\");\n script_cve_id(\"CVE-2008-1377\", \"CVE-2008-1379\", \"CVE-2008-2360\", \"CVE-2008-2361\", \"CVE-2008-2362\");\n script_name( \"RedHat Update for xorg-x11-server RHSA-2008:0504-01\");\n\n script_summary(\"Check for the Version of xorg-x11-server\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"RHENT_5\")\n{\n\n if ((res = isrpmvuln(pkg:\"xorg-x11-server-Xdmx\", rpm:\"xorg-x11-server-Xdmx~1.1.1~48.41.el5_2.1\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xorg-x11-server-Xephyr\", rpm:\"xorg-x11-server-Xephyr~1.1.1~48.41.el5_2.1\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xorg-x11-server-Xnest\", rpm:\"xorg-x11-server-Xnest~1.1.1~48.41.el5_2.1\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xorg-x11-server-Xorg\", rpm:\"xorg-x11-server-Xorg~1.1.1~48.41.el5_2.1\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xorg-x11-server-Xvfb\", rpm:\"xorg-x11-server-Xvfb~1.1.1~48.41.el5_2.1\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xorg-x11-server-debuginfo\", rpm:\"xorg-x11-server-debuginfo~1.1.1~48.41.el5_2.1\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xorg-x11-server-randr-source\", rpm:\"xorg-x11-server-randr-source~1.1.1~48.41.el5_2.1\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xorg-x11-server-sdk\", rpm:\"xorg-x11-server-sdk~1.1.1~48.41.el5_2.1\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-09T11:39:40", "description": "Check for the Version of python", "cvss3": {}, "published": "2009-04-09T00:00:00", "type": "openvas", "title": "Mandriva Update for python MDVSA-2008:163 (python)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-3143", "CVE-2008-2316", "CVE-2007-4965", "CVE-2008-3144", "CVE-2008-3142", "CVE-2008-2315", "CVE-2008-1679"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:1361412562310830740", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310830740", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for python MDVSA-2008:163 (python)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Multiple integer overflows in the imageop module in Python prior to\n 2.5.3 allowed context-dependent attackers to cause a denial of service\n (crash) or possibly execute arbitrary code via crafted images that\n trigger heap-based buffer overflows (CVE-2008-1679). This was due\n to an incomplete fix for CVE-2007-4965.\n\n David Remahl of Apple Product Security reported several integer\n overflows in a number of core modules (CVE-2008-2315). He also\n reported an integer overflow in the hashlib module on Python 2.5 that\n lead to unreliable cryptographic digest results (CVE-2008-2316).\n \n Justin Ferguson reported multiple buffer overflows in unicode string\n processing that affected 32bit systems (CVE-2008-3142).\n \n Multiple integer overflows were reported by the Google Security Team\n that had been fixed in Python 2.5.2 (CVE-2008-3143).\n \n Justin Ferguson reported a number of integer overflows and underflows\n in the PyOS_vsnprintf() function, as well as an off-by-one error\n when passing zero-length strings, that led to memory corruption\n (CVE-2008-3144).\n \n The updated packages have been patched to correct these issues.\n As well, Python packages on Mandriva Linux 2007.1 and 2008.0 have\n been updated to version 2.5.2. Due to slight packaging changes on\n Mandriva Linux 2007.1, a new package is available (tkinter-apps) that\n contains binary files (such as /usr/bin/idle) that were previously\n in the tkinter package.\";\n\ntag_affected = \"python on Mandriva Linux 2007.1,\n Mandriva Linux 2007.1/X86_64,\n Mandriva Linux 2008.0,\n Mandriva Linux 2008.0/X86_64,\n Mandriva Linux 2008.1,\n Mandriva Linux 2008.1/X86_64\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.mandriva.com/security-announce/2008-08/msg00004.php\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.830740\");\n script_version(\"$Revision: 9370 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:53:14 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-04-09 14:26:37 +0200 (Thu, 09 Apr 2009)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"MDVSA\", value: \"2008:163\");\n script_cve_id(\"CVE-2008-1679\", \"CVE-2007-4965\", \"CVE-2008-2315\", \"CVE-2008-2316\", \"CVE-2008-3142\", \"CVE-2008-3143\", \"CVE-2008-3144\");\n script_name( \"Mandriva Update for python MDVSA-2008:163 (python)\");\n\n script_tag(name:\"summary\", value:\"Check for the Version of python\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"MNDK_2007.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"libpython2.5\", rpm:\"libpython2.5~2.5.2~2.2mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libpython2.5-devel\", rpm:\"libpython2.5-devel~2.5.2~2.2mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python\", rpm:\"python~2.5.2~2.2mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python-base\", rpm:\"python-base~2.5.2~2.2mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python-docs\", rpm:\"python-docs~2.5.2~2.2mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tkinter\", rpm:\"tkinter~2.5.2~2.2mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tkinter-apps\", rpm:\"tkinter-apps~2.5.2~2.2mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64python2.5\", rpm:\"lib64python2.5~2.5.2~2.2mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64python2.5-devel\", rpm:\"lib64python2.5-devel~2.5.2~2.2mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_2008.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"libpython2.5\", rpm:\"libpython2.5~2.5.2~2.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libpython2.5-devel\", rpm:\"libpython2.5-devel~2.5.2~2.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python\", rpm:\"python~2.5.2~2.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python-base\", rpm:\"python-base~2.5.2~2.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python-docs\", rpm:\"python-docs~2.5.2~2.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tkinter\", rpm:\"tkinter~2.5.2~2.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tkinter-apps\", rpm:\"tkinter-apps~2.5.2~2.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64python2.5\", rpm:\"lib64python2.5~2.5.2~2.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64python2.5-devel\", rpm:\"lib64python2.5-devel~2.5.2~2.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_2008.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"libpython2.5\", rpm:\"libpython2.5~2.5.2~2.2mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libpython2.5-devel\", rpm:\"libpython2.5-devel~2.5.2~2.2mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python\", rpm:\"python~2.5.2~2.2mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python-base\", rpm:\"python-base~2.5.2~2.2mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python-docs\", rpm:\"python-docs~2.5.2~2.2mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tkinter\", rpm:\"tkinter~2.5.2~2.2mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tkinter-apps\", rpm:\"tkinter-apps~2.5.2~2.2mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64python2.5\", rpm:\"lib64python2.5~2.5.2~2.2mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64python2.5-devel\", rpm:\"lib64python2.5-devel~2.5.2~2.2mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-24T12:56:27", "description": "Check for the Version of python", "cvss3": {}, "published": "2009-04-09T00:00:00", "type": "openvas", "title": "Mandriva Update for python MDVSA-2008:163 (python)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-3143", "CVE-2008-2316", "CVE-2007-4965", "CVE-2008-3144", "CVE-2008-3142", "CVE-2008-2315", "CVE-2008-1679"], "modified": "2017-07-06T00:00:00", "id": "OPENVAS:830740", "href": "http://plugins.openvas.org/nasl.php?oid=830740", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for python MDVSA-2008:163 (python)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Multiple integer overflows in the imageop module in Python prior to\n 2.5.3 allowed context-dependent attackers to cause a denial of service\n (crash) or possibly execute arbitrary code via crafted images that\n trigger heap-based buffer overflows (CVE-2008-1679). This was due\n to an incomplete fix for CVE-2007-4965.\n\n David Remahl of Apple Product Security reported several integer\n overflows in a number of core modules (CVE-2008-2315). He also\n reported an integer overflow in the hashlib module on Python 2.5 that\n lead to unreliable cryptographic digest results (CVE-2008-2316).\n \n Justin Ferguson reported multiple buffer overflows in unicode string\n processing that affected 32bit systems (CVE-2008-3142).\n \n Multiple integer overflows were reported by the Google Security Team\n that had been fixed in Python 2.5.2 (CVE-2008-3143).\n \n Justin Ferguson reported a number of integer overflows and underflows\n in the PyOS_vsnprintf() function, as well as an off-by-one error\n when passing zero-length strings, that led to memory corruption\n (CVE-2008-3144).\n \n The updated packages have been patched to correct these issues.\n As well, Python packages on Mandriva Linux 2007.1 and 2008.0 have\n been updated to version 2.5.2. Due to slight packaging changes on\n Mandriva Linux 2007.1, a new package is available (tkinter-apps) that\n contains binary files (such as /usr/bin/idle) that were previously\n in the tkinter package.\";\n\ntag_affected = \"python on Mandriva Linux 2007.1,\n Mandriva Linux 2007.1/X86_64,\n Mandriva Linux 2008.0,\n Mandriva Linux 2008.0/X86_64,\n Mandriva Linux 2008.1,\n Mandriva Linux 2008.1/X86_64\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.mandriva.com/security-announce/2008-08/msg00004.php\");\n script_id(830740);\n script_version(\"$Revision: 6568 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-06 15:04:21 +0200 (Thu, 06 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-04-09 14:26:37 +0200 (Thu, 09 Apr 2009)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"MDVSA\", value: \"2008:163\");\n script_cve_id(\"CVE-2008-1679\", \"CVE-2007-4965\", \"CVE-2008-2315\", \"CVE-2008-2316\", \"CVE-2008-3142\", \"CVE-2008-3143\", \"CVE-2008-3144\");\n script_name( \"Mandriva Update for python MDVSA-2008:163 (python)\");\n\n script_summary(\"Check for the Version of python\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"MNDK_2007.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"libpython2.5\", rpm:\"libpython2.5~2.5.2~2.2mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libpython2.5-devel\", rpm:\"libpython2.5-devel~2.5.2~2.2mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python\", rpm:\"python~2.5.2~2.2mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python-base\", rpm:\"python-base~2.5.2~2.2mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python-docs\", rpm:\"python-docs~2.5.2~2.2mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tkinter\", rpm:\"tkinter~2.5.2~2.2mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tkinter-apps\", rpm:\"tkinter-apps~2.5.2~2.2mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64python2.5\", rpm:\"lib64python2.5~2.5.2~2.2mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64python2.5-devel\", rpm:\"lib64python2.5-devel~2.5.2~2.2mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_2008.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"libpython2.5\", rpm:\"libpython2.5~2.5.2~2.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libpython2.5-devel\", rpm:\"libpython2.5-devel~2.5.2~2.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python\", rpm:\"python~2.5.2~2.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python-base\", rpm:\"python-base~2.5.2~2.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python-docs\", rpm:\"python-docs~2.5.2~2.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tkinter\", rpm:\"tkinter~2.5.2~2.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tkinter-apps\", rpm:\"tkinter-apps~2.5.2~2.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64python2.5\", rpm:\"lib64python2.5~2.5.2~2.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64python2.5-devel\", rpm:\"lib64python2.5-devel~2.5.2~2.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_2008.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"libpython2.5\", rpm:\"libpython2.5~2.5.2~2.2mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libpython2.5-devel\", rpm:\"libpython2.5-devel~2.5.2~2.2mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python\", rpm:\"python~2.5.2~2.2mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python-base\", rpm:\"python-base~2.5.2~2.2mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python-docs\", rpm:\"python-docs~2.5.2~2.2mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tkinter\", rpm:\"tkinter~2.5.2~2.2mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tkinter-apps\", rpm:\"tkinter-apps~2.5.2~2.2mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64python2.5\", rpm:\"lib64python2.5~2.5.2~2.2mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64python2.5-devel\", rpm:\"lib64python2.5-devel~2.5.2~2.2mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-04-06T11:40:28", "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n python\n python-curses\n python-demo\n python-devel\n python-doc\n python-doc-pdf\n python-gdbm\n python-idle\n python-tk\n python-xml\n\n\nMore details may also be found by searching for the SuSE\nEnterprise Server 10 patch database located at\nhttp://download.novell.com/patch/finder/", "cvss3": {}, "published": "2009-10-13T00:00:00", "type": "openvas", "title": "SLES10: Security update for Python", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-3143", "CVE-2008-2316", "CVE-2008-3144", "CVE-2008-3142", "CVE-2008-2315", "CVE-2008-1679", "CVE-2008-1887"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:136141256231065883", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231065883", "sourceData": "#\n#VID slesp2-python-5490\n# OpenVAS Vulnerability Test\n# $\n# Description: Security update for Python\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n python\n python-curses\n python-demo\n python-devel\n python-doc\n python-doc-pdf\n python-gdbm\n python-idle\n python-tk\n python-xml\n\n\nMore details may also be found by searching for the SuSE\nEnterprise Server 10 patch database located at\nhttp://download.novell.com/patch/finder/\";\n\ntag_solution = \"Please install the updates provided by SuSE.\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.65883\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-13 18:25:40 +0200 (Tue, 13 Oct 2009)\");\n script_cve_id(\"CVE-2008-1679\", \"CVE-2008-1887\", \"CVE-2008-3143\", \"CVE-2008-3142\", \"CVE-2008-3144\", \"CVE-2008-2315\", \"CVE-2008-2316\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"SLES10: Security update for Python\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse_sles\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"python\", rpm:\"python~2.4.2~18.22\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"python-curses\", rpm:\"python-curses~2.4.2~18.22\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"python-demo\", rpm:\"python-demo~2.4.2~18.22\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"python-devel\", rpm:\"python-devel~2.4.2~18.22\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"python-doc\", rpm:\"python-doc~2.4.2~18.19\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"python-doc-pdf\", rpm:\"python-doc-pdf~2.4.2~18.19\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"python-gdbm\", rpm:\"python-gdbm~2.4.2~18.22\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"python-idle\", rpm:\"python-idle~2.4.2~18.22\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"python-tk\", rpm:\"python-tk~2.4.2~18.22\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"python-xml\", rpm:\"python-xml~2.4.2~18.22\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-06T11:38:31", "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n python\n python-curses\n python-demo\n python-devel\n python-doc\n python-doc-pdf\n python-gdbm\n python-idle\n python-mpz\n python-tk\n python-xml\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5032900 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/", "cvss3": {}, "published": "2009-10-10T00:00:00", "type": "openvas", "title": "SLES9: Security update for Python", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-3143", "CVE-2008-2316", "CVE-2008-3144", "CVE-2008-3142", "CVE-2008-2315", "CVE-2008-1679", "CVE-2008-1887"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:136141256231065027", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231065027", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: sles9p5032900.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Security update for Python\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n python\n python-curses\n python-demo\n python-devel\n python-doc\n python-doc-pdf\n python-gdbm\n python-idle\n python-mpz\n python-tk\n python-xml\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5032900 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/\";\n\ntag_solution = \"Please install the updates provided by SuSE.\";\n \nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.65027\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-10 16:11:46 +0200 (Sat, 10 Oct 2009)\");\n script_cve_id(\"CVE-2008-1679\", \"CVE-2008-1887\", \"CVE-2008-3143\", \"CVE-2008-3142\", \"CVE-2008-3144\", \"CVE-2008-2315\", \"CVE-2008-2316\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"SLES9: Security update for Python\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse_sles\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"python\", rpm:\"python~2.3.3~88.24\", rls:\"SLES9.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-26T08:56:17", "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n python\n python-curses\n python-demo\n python-devel\n python-doc\n python-doc-pdf\n python-gdbm\n python-idle\n python-tk\n python-xml\n\n\nMore details may also be found by searching for the SuSE\nEnterprise Server 10 patch database located at\nhttp://download.novell.com/patch/finder/", "cvss3": {}, "published": "2009-10-13T00:00:00", "type": "openvas", "title": "SLES10: Security update for Python", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-3143", "CVE-2008-2316", "CVE-2008-3144", "CVE-2008-3142", "CVE-2008-2315", "CVE-2008-1679", "CVE-2008-1887"], "modified": "2017-07-11T00:00:00", "id": "OPENVAS:65883", "href": "http://plugins.openvas.org/nasl.php?oid=65883", "sourceData": "#\n#VID slesp2-python-5490\n# OpenVAS Vulnerability Test\n# $\n# Description: Security update for Python\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n python\n python-curses\n python-demo\n python-devel\n python-doc\n python-doc-pdf\n python-gdbm\n python-idle\n python-tk\n python-xml\n\n\nMore details may also be found by searching for the SuSE\nEnterprise Server 10 patch database located at\nhttp://download.novell.com/patch/finder/\";\n\ntag_solution = \"Please install the updates provided by SuSE.\";\n\nif(description)\n{\n script_id(65883);\n script_version(\"$Revision: 6666 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-11 15:13:36 +0200 (Tue, 11 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-13 18:25:40 +0200 (Tue, 13 Oct 2009)\");\n script_cve_id(\"CVE-2008-1679\", \"CVE-2008-1887\", \"CVE-2008-3143\", \"CVE-2008-3142\", \"CVE-2008-3144\", \"CVE-2008-2315\", \"CVE-2008-2316\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"SLES10: Security update for Python\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse_sles\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"python\", rpm:\"python~2.4.2~18.22\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"python-curses\", rpm:\"python-curses~2.4.2~18.22\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"python-demo\", rpm:\"python-demo~2.4.2~18.22\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"python-devel\", rpm:\"python-devel~2.4.2~18.22\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"python-doc\", rpm:\"python-doc~2.4.2~18.19\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"python-doc-pdf\", rpm:\"python-doc-pdf~2.4.2~18.19\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"python-gdbm\", rpm:\"python-gdbm~2.4.2~18.22\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"python-idle\", rpm:\"python-idle~2.4.2~18.22\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"python-tk\", rpm:\"python-tk~2.4.2~18.22\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"python-xml\", rpm:\"python-xml~2.4.2~18.22\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-26T08:55:38", "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n python\n python-curses\n python-demo\n python-devel\n python-doc\n python-doc-pdf\n python-gdbm\n python-idle\n python-mpz\n python-tk\n python-xml\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5032900 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/", "cvss3": {}, "published": "2009-10-10T00:00:00", "type": "openvas", "title": "SLES9: Security update for Python", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-3143", "CVE-2008-2316", "CVE-2008-3144", "CVE-2008-3142", "CVE-2008-2315", "CVE-2008-1679", "CVE-2008-1887"], "modified": "2017-07-11T00:00:00", "id": "OPENVAS:65027", "href": "http://plugins.openvas.org/nasl.php?oid=65027", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: sles9p5032900.nasl 6666 2017-07-11 13:13:36Z cfischer $\n# Description: Security update for Python\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n python\n python-curses\n python-demo\n python-devel\n python-doc\n python-doc-pdf\n python-gdbm\n python-idle\n python-mpz\n python-tk\n python-xml\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5032900 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/\";\n\ntag_solution = \"Please install the updates provided by SuSE.\";\n \nif(description)\n{\n script_id(65027);\n script_version(\"$Revision: 6666 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-11 15:13:36 +0200 (Tue, 11 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-10 16:11:46 +0200 (Sat, 10 Oct 2009)\");\n script_cve_id(\"CVE-2008-1679\", \"CVE-2008-1887\", \"CVE-2008-3143\", \"CVE-2008-3142\", \"CVE-2008-3144\", \"CVE-2008-2315\", \"CVE-2008-2316\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"SLES9: Security update for Python\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse_sles\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"python\", rpm:\"python~2.3.3~88.24\", rls:\"SLES9.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-09T11:40:03", "description": "Check for the Version of XFree86", "cvss3": {}, "published": "2009-03-06T00:00:00", "type": "openvas", "title": "RedHat Update for XFree86 RHSA-2008:0502-01", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-1379", "CVE-2008-1377", "CVE-2008-2361", "CVE-2008-2360"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:1361412562310870103", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310870103", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for XFree86 RHSA-2008:0502-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"XFree86 is an implementation of the X Window System, which provides the\n core functionality for the Linux graphical desktop.\n\n An input validation flaw was discovered in X.org's Security and Record\n extensions. A malicious authorized client could exploit this issue to cause\n a denial of service (crash) or, potentially, execute arbitrary code with\n root privileges on the X.Org server. (CVE-2008-1377)\n \n Multiple integer overflow flaws were found in X.org's Render extension. A\n malicious authorized client could exploit these issues to cause a denial of\n service (crash) or, potentially, execute arbitrary code with root\n privileges on the X.Org server. (CVE-2008-2360, CVE-2008-2361)\n \n An input validation flaw was discovered in X.org's MIT-SHM extension. A\n client connected to the X.org server could read arbitrary server memory.\n This could result in the sensitive data of other users of the X.org server\n being disclosed. (CVE-2008-1379)\n \n Users of XFree86 are advised to upgrade to these updated packages, which\n contain backported patches to resolve these issues.\";\n\ntag_affected = \"XFree86 on Red Hat Enterprise Linux AS version 3,\n Red Hat Enterprise Linux ES version 3,\n Red Hat Enterprise Linux WS version 3\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/rhsa-announce/2008-June/msg00008.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.870103\");\n script_version(\"$Revision: 9370 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:53:14 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-03-06 07:30:35 +0100 (Fri, 06 Mar 2009)\");\n script_tag(name:\"cvss_base\", value:\"9.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_xref(name: \"RHSA\", value: \"2008:0502-01\");\n script_cve_id(\"CVE-2008-1377\", \"CVE-2008-1379\", \"CVE-2008-2360\", \"CVE-2008-2361\");\n script_name( \"RedHat Update for XFree86 RHSA-2008:0502-01\");\n\n script_tag(name:\"summary\", value:\"Check for the Version of XFree86\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"RHENT_3\")\n{\n\n if ((res = isrpmvuln(pkg:\"XFree86-100dpi-fonts\", rpm:\"XFree86-100dpi-fonts~4.3.0~128.EL\", rls:\"RHENT_3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"XFree86\", rpm:\"XFree86~4.3.0~128.EL\", rls:\"RHENT_3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"XFree86-75dpi-fonts\", rpm:\"XFree86-75dpi-fonts~4.3.0~128.EL\", rls:\"RHENT_3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"XFree86-ISO8859-14-100dpi-fonts\", rpm:\"XFree86-ISO8859-14-100dpi-fonts~4.3.0~128.EL\", rls:\"RHENT_3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"XFree86-ISO8859-14-75dpi-fonts\", rpm:\"XFree86-ISO8859-14-75dpi-fonts~4.3.0~128.EL\", rls:\"RHENT_3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"XFree86-ISO8859-15-100dpi-fonts\", rpm:\"XFree86-ISO8859-15-100dpi-fonts~4.3.0~128.EL\", rls:\"RHENT_3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"XFree86-ISO8859-15-75dpi-fonts\", rpm:\"XFree86-ISO8859-15-75dpi-fonts~4.3.0~128.EL\", rls:\"RHENT_3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"XFree86-ISO8859-2-100dpi-fonts\", rpm:\"XFree86-ISO8859-2-100dpi-fonts~4.3.0~128.EL\", rls:\"RHENT_3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"XFree86-ISO8859-2-75dpi-fonts\", rpm:\"XFree86-ISO8859-2-75dpi-fonts~4.3.0~128.EL\", rls:\"RHENT_3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"XFree86-ISO8859-9-100dpi-fonts\", rpm:\"XFree86-ISO8859-9-100dpi-fonts~4.3.0~128.EL\", rls:\"RHENT_3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"XFree86-ISO8859-9-75dpi-fonts\", rpm:\"XFree86-ISO8859-9-75dpi-fonts~4.3.0~128.EL\", rls:\"RHENT_3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"XFree86-Mesa-libGL\", rpm:\"XFree86-Mesa-libGL~4.3.0~128.EL\", rls:\"RHENT_3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"XFree86-Mesa-libGLU\", rpm:\"XFree86-Mesa-libGLU~4.3.0~128.EL\", rls:\"RHENT_3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"XFree86-Xnest\", rpm:\"XFree86-Xnest~4.3.0~128.EL\", rls:\"RHENT_3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"XFree86-Xvfb\", rpm:\"XFree86-Xvfb~4.3.0~128.EL\", rls:\"RHENT_3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"XFree86-base-fonts\", rpm:\"XFree86-base-fonts~4.3.0~128.EL\", rls:\"RHENT_3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"XFree86-cyrillic-fonts\", rpm:\"XFree86-cyrillic-fonts~4.3.0~128.EL\", rls:\"RHENT_3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"XFree86-devel\", rpm:\"XFree86-devel~4.3.0~128.EL\", rls:\"RHENT_3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"XFree86-doc\", rpm:\"XFree86-doc~4.3.0~128.EL\", rls:\"RHENT_3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"XFree86-font-utils\", rpm:\"XFree86-font-utils~4.3.0~128.EL\", rls:\"RHENT_3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"XFree86-libs\", rpm:\"XFree86-libs~4.3.0~128.EL\", rls:\"RHENT_3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"XFree86-libs-data\", rpm:\"XFree86-libs-data~4.3.0~128.EL\", rls:\"RHENT_3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"XFree86-sdk\", rpm:\"XFree86-sdk~4.3.0~128.EL\", rls:\"RHENT_3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"XFree86-syriac-fonts\", rpm:\"XFree86-syriac-fonts~4.3.0~128.EL\", rls:\"RHENT_3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"XFree86-tools\", rpm:\"XFree86-tools~4.3.0~128.EL\", rls:\"RHENT_3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"XFree86-truetype-fonts\", rpm:\"XFree86-truetype-fonts~4.3.0~128.EL\", rls:\"RHENT_3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"XFree86-twm\", rpm:\"XFree86-twm~4.3.0~128.EL\", rls:\"RHENT_3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"XFree86-xauth\", rpm:\"XFree86-xauth~4.3.0~128.EL\", rls:\"RHENT_3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"XFree86-xdm\", rpm:\"XFree86-xdm~4.3.0~128.EL\", rls:\"RHENT_3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"XFree86-xfs\", rpm:\"XFree86-xfs~4.3.0~128.EL\", rls:\"RHENT_3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 9.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-09T11:40:11", "description": "Check for the Version of xorg-x11", "cvss3": {}, "published": "2009-02-27T00:00:00", "type": "openvas", "title": "CentOS Update for xorg-x11 CESA-2008:0503 centos4 x86_64", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-1379", "CVE-2008-1377", "CVE-2008-2361", "CVE-2008-2360"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:1361412562310880106", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310880106", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for xorg-x11 CESA-2008:0503 centos4 x86_64\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The xorg-x11 packages contain X.Org, an open source implementation of the X\n Window System. It provides the basic low-level functionality that\n full-fledged graphical user interfaces are designed upon.\n\n An input validation flaw was discovered in X.org's Security and Record\n extensions. A malicious authorized client could exploit this issue to cause\n a denial of service (crash) or, potentially, execute arbitrary code with\n root privileges on the X.Org server. (CVE-2008-1377)\n \n Multiple integer overflow flaws were found in X.org's Render extension. A\n malicious authorized client could exploit these issues to cause a denial of\n service (crash) or, potentially, execute arbitrary code with root\n privileges on the X.Org server. (CVE-2008-2360, CVE-2008-2361)\n \n An input validation flaw was discovered in X.org's MIT-SHM extension. A\n client connected to the X.org server could read arbitrary server memory.\n This could result in the sensitive data of other users of the X.org server\n being disclosed. (CVE-2008-1379)\n \n Users of xorg-x11 should upgrade to these updated packages, which contain\n backported patches to resolve these issues.\";\n\ntag_affected = \"xorg-x11 on CentOS 4\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2008-June/015044.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.880106\");\n script_version(\"$Revision: 9370 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:53:14 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-27 08:40:14 +0100 (Fri, 27 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"9.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_xref(name: \"CESA\", value: \"2008:0503\");\n script_cve_id(\"CVE-2008-1377\", \"CVE-2008-1379\", \"CVE-2008-2360\", \"CVE-2008-2361\");\n script_name( \"CentOS Update for xorg-x11 CESA-2008:0503 centos4 x86_64\");\n\n script_tag(name:\"summary\", value:\"Check for the Version of xorg-x11\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS4\")\n{\n\n if ((res = isrpmvuln(pkg:\"xorg-x11\", rpm:\"xorg-x11~6.8.2~1.EL.33.0.4\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xorg-x11-deprecated-libs\", rpm:\"xorg-x11-deprecated-libs~6.8.2~1.EL.33.0.4\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xorg-x11-deprecated-libs-devel\", rpm:\"xorg-x11-deprecated-libs-devel~6.8.2~1.EL.33.0.4\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xorg-x11-devel\", rpm:\"xorg-x11-devel~6.8.2~1.EL.33.0.4\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xorg-x11-doc\", rpm:\"xorg-x11-doc~6.8.2~1.EL.33.0.4\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xorg-x11-font-utils\", rpm:\"xorg-x11-font-utils~6.8.2~1.EL.33.0.4\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xorg-x11-libs\", rpm:\"xorg-x11-libs~6.8.2~1.EL.33.0.4\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xorg-x11-Mesa-libGL\", rpm:\"xorg-x11-Mesa-libGL~6.8.2~1.EL.33.0.4\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xorg-x11-Mesa-libGLU\", rpm:\"xorg-x11-Mesa-libGLU~6.8.2~1.EL.33.0.4\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xorg-x11-sdk\", rpm:\"xorg-x11-sdk~6.8.2~1.EL.33.0.4\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xorg-x11-tools\", rpm:\"xorg-x11-tools~6.8.2~1.EL.33.0.4\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xorg-x11-twm\", rpm:\"xorg-x11-twm~6.8.2~1.EL.33.0.4\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xorg-x11-xauth\", rpm:\"xorg-x11-xauth~6.8.2~1.EL.33.0.4\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xorg-x11-xdm\", rpm:\"xorg-x11-xdm~6.8.2~1.EL.33.0.4\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xorg-x11-Xdmx\", rpm:\"xorg-x11-Xdmx~6.8.2~1.EL.33.0.4\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xorg-x11-xfs\", rpm:\"xorg-x11-xfs~6.8.2~1.EL.33.0.4\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xorg-x11-Xnest\", rpm:\"xorg-x11-Xnest~6.8.2~1.EL.33.0.4\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xorg-x11-Xvfb\", rpm:\"xorg-x11-Xvfb~6.8.2~1.EL.33.0.4\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 9.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-09T11:38:42", "description": "Check for the Version of xorg-x11", "cvss3": {}, "published": "2009-02-27T00:00:00", "type": "openvas", "title": "CentOS Update for xorg-x11 CESA-2008:0503 centos4 i386", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-1379", "CVE-2008-1377", "CVE-2008-2361", "CVE-2008-2360"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:1361412562310880033", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310880033", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for xorg-x11 CESA-2008:0503 centos4 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The xorg-x11 packages contain X.Org, an open source implementation of the X\n Window System. It provides the basic low-level functionality that\n full-fledged graphical user interfaces are designed upon.\n\n An input validation flaw was discovered in X.org's Security and Record\n extensions. A malicious authorized client could exploit this issue to cause\n a denial of service (crash) or, potentially, execute arbitrary code with\n root privileges on the X.Org server. (CVE-2008-1377)\n \n Multiple integer overflow flaws were found in X.org's Render extension. A\n malicious authorized client could exploit these issues to cause a denial of\n service (crash) or, potentially, execute arbitrary code with root\n privileges on the X.Org server. (CVE-2008-2360, CVE-2008-2361)\n \n An input validation flaw was discovered in X.org's MIT-SHM extension. A\n client connected to the X.org server could read arbitrary server memory.\n This could result in the sensitive data of other users of the X.org server\n being disclosed. (CVE-2008-1379)\n \n Users of xorg-x11 should upgrade to these updated packages, which contain\n backported patches to resolve these issues.\";\n\ntag_affected = \"xorg-x11 on CentOS 4\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2008-June/015045.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.880033\");\n script_version(\"$Revision: 9370 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:53:14 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-27 08:40:14 +0100 (Fri, 27 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"9.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_xref(name: \"CESA\", value: \"2008:0503\");\n script_cve_id(\"CVE-2008-1377\", \"CVE-2008-1379\", \"CVE-2008-2360\", \"CVE-2008-2361\");\n script_name( \"CentOS Update for xorg-x11 CESA-2008:0503 centos4 i386\");\n\n script_tag(name:\"summary\", value:\"Check for the Version of xorg-x11\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS4\")\n{\n\n if ((res = isrpmvuln(pkg:\"xorg-x11\", rpm:\"xorg-x11~6.8.2~1.EL.33.0.4\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xorg-x11-deprecated-libs\", rpm:\"xorg-x11-deprecated-libs~6.8.2~1.EL.33.0.4\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xorg-x11-deprecated-libs-devel\", rpm:\"xorg-x11-deprecated-libs-devel~6.8.2~1.EL.33.0.4\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xorg-x11-devel\", rpm:\"xorg-x11-devel~6.8.2~1.EL.33.0.4\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xorg-x11-doc\", rpm:\"xorg-x11-doc~6.8.2~1.EL.33.0.4\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xorg-x11-font-utils\", rpm:\"xorg-x11-font-utils~6.8.2~1.EL.33.0.4\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xorg-x11-libs\", rpm:\"xorg-x11-libs~6.8.2~1.EL.33.0.4\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xorg-x11-Mesa-libGL\", rpm:\"xorg-x11-Mesa-libGL~6.8.2~1.EL.33.0.4\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xorg-x11-Mesa-libGLU\", rpm:\"xorg-x11-Mesa-libGLU~6.8.2~1.EL.33.0.4\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xorg-x11-sdk\", rpm:\"xorg-x11-sdk~6.8.2~1.EL.33.0.4\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xorg-x11-tools\", rpm:\"xorg-x11-tools~6.8.2~1.EL.33.0.4\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xorg-x11-twm\", rpm:\"xorg-x11-twm~6.8.2~1.EL.33.0.4\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xorg-x11-xauth\", rpm:\"xorg-x11-xauth~6.8.2~1.EL.33.0.4\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xorg-x11-xdm\", rpm:\"xorg-x11-xdm~6.8.2~1.EL.33.0.4\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xorg-x11-Xdmx\", rpm:\"xorg-x11-Xdmx~6.8.2~1.EL.33.0.4\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xorg-x11-xfs\", rpm:\"xorg-x11-xfs~6.8.2~1.EL.33.0.4\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xorg-x11-Xnest\", rpm:\"xorg-x11-Xnest~6.8.2~1.EL.33.0.4\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xorg-x11-Xvfb\", rpm:\"xorg-x11-Xvfb~6.8.2~1.EL.33.0.4\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 9.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-09T11:41:34", "description": "Check for the Version of XFree86-100dpi-fonts", "cvss3": {}, "published": "2009-02-27T00:00:00", "type": "openvas", "title": "CentOS Update for XFree86-100dpi-fonts CESA-2008:0502 centos3 x86_64", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-1379", "CVE-2008-1377", "CVE-2008-2361", "CVE-2008-2360"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:1361412562310880263", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310880263", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for XFree86-100dpi-fonts CESA-2008:0502 centos3 x86_64\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"XFree86 is an implementation of the X Window System, which provides the\n core functionality for the Linux graphical desktop.\n\n An input validation flaw was discovered in X.org's Security and Record\n extensions. A malicious authorized client could exploit this issue to cause\n a denial of service (crash) or, potentially, execute arbitrary code with\n root privileges on the X.Org server. (CVE-2008-1377)\n \n Multiple integer overflow flaws were found in X.org's Render extension. A\n malicious authorized client could exploit these issues to cause a denial of\n service (crash) or, potentially, execute arbitrary code with root\n privileges on the X.Org server. (CVE-2008-2360, CVE-2008-2361)\n \n An input validation flaw was discovered in X.org's MIT-SHM extension. A\n client connected to the X.org server could read arbitrary server memory.\n This could result in the sensitive data of other users of the X.org server\n being disclosed. (CVE-2008-1379)\n \n Users of XFree86 are advised to upgrade to these updated packages, which\n contain backported patches to resolve these issues.\";\n\ntag_affected = \"XFree86-100dpi-fonts on CentOS 3\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2008-June/014974.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.880263\");\n script_version(\"$Revision: 9370 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:53:14 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-27 08:40:14 +0100 (Fri, 27 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"9.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_xref(name: \"CESA\", value: \"2008:0502\");\n script_cve_id(\"CVE-2008-1377\", \"CVE-2008-1379\", \"CVE-2008-2360\", \"CVE-2008-2361\");\n script_name( \"CentOS Update for XFree86-100dpi-fonts CESA-2008:0502 centos3 x86_64\");\n\n script_tag(name:\"summary\", value:\"Check for the Version of XFree86-100dpi-fonts\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS3\")\n{\n\n if ((res = isrpmvuln(pkg:\"XFree86-100dpi-fonts\", rpm:\"XFree86-100dpi-fonts~4.3.0~128.EL\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"XFree86\", rpm:\"XFree86~4.3.0~128.EL\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"XFree86-75dpi-fonts\", rpm:\"XFree86-75dpi-fonts~4.3.0~128.EL\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"XFree86-base-fonts\", rpm:\"XFree86-base-fonts~4.3.0~128.EL\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"XFree86-cyrillic-fonts\", rpm:\"XFree86-cyrillic-fonts~4.3.0~128.EL\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"XFree86-devel\", rpm:\"XFree86-devel~4.3.0~128.EL\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"XFree86-doc\", rpm:\"XFree86-doc~4.3.0~128.EL\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"XFree86-font-utils\", rpm:\"XFree86-font-utils~4.3.0~128.EL\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"XFree86-ISO8859-14-100dpi-fonts\", rpm:\"XFree86-ISO8859-14-100dpi-fonts~4.3.0~128.EL\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"XFree86-ISO8859-14-75dpi-fonts\", rpm:\"XFree86-ISO8859-14-75dpi-fonts~4.3.0~128.EL\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"XFree86-ISO8859-15-100dpi-fonts\", rpm:\"XFree86-ISO8859-15-100dpi-fonts~4.3.0~128.EL\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"XFree86-ISO8859-15-75dpi-fonts\", rpm:\"XFree86-ISO8859-15-75dpi-fonts~4.3.0~128.EL\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"XFree86-ISO8859-2-100dpi-fonts\", rpm:\"XFree86-ISO8859-2-100dpi-fonts~4.3.0~128.EL\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"XFree86-ISO8859-2-75dpi-fonts\", rpm:\"XFree86-ISO8859-2-75dpi-fonts~4.3.0~128.EL\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"XFree86-ISO8859-9-100dpi-fonts\", rpm:\"XFree86-ISO8859-9-100dpi-fonts~4.3.0~128.EL\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"XFree86-ISO8859-9-75dpi-fonts\", rpm:\"XFree86-ISO8859-9-75dpi-fonts~4.3.0~128.EL\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"XFree86-libs\", rpm:\"XFree86-libs~4.3.0~128.EL\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"XFree86-libs-data\", rpm:\"XFree86-libs-data~4.3.0~128.EL\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"XFree86-Mesa-libGL\", rpm:\"XFree86-Mesa-libGL~4.3.0~128.EL\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"XFree86-Mesa-libGLU\", rpm:\"XFree86-Mesa-libGLU~4.3.0~128.EL\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"XFree86-sdk\", rpm:\"XFree86-sdk~4.3.0~128.EL\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"XFree86-syriac-fonts\", rpm:\"XFree86-syriac-fonts~4.3.0~128.EL\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"XFree86-tools\", rpm:\"XFree86-tools~4.3.0~128.EL\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"XFree86-truetype-fonts\", rpm:\"XFree86-truetype-fonts~4.3.0~128.EL\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"XFree86-twm\", rpm:\"XFree86-twm~4.3.0~128.EL\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"XFree86-xauth\", rpm:\"XFree86-xauth~4.3.0~128.EL\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"XFree86-xdm\", rpm:\"XFree86-xdm~4.3.0~128.EL\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"XFree86-xfs\", rpm:\"XFree86-xfs~4.3.0~128.EL\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"XFree86-Xnest\", rpm:\"XFree86-Xnest~4.3.0~128.EL\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"XFree86-Xvfb\", rpm:\"XFree86-Xvfb~4.3.0~128.EL\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 9.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-27T10:56:10", "description": "Check for the Version of XFree86", "cvss3": {}, "published": "2009-03-06T00:00:00", "type": "openvas", "title": "RedHat Update for XFree86 RHSA-2008:0502-01", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-1379", "CVE-2008-1377", "CVE-2008-2361", "CVE-2008-2360"], "modified": "2017-07-12T00:00:00", "id": "OPENVAS:870103", "href": "http://plugins.openvas.org/nasl.php?oid=870103", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for XFree86 RHSA-2008:0502-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"XFree86 is an implementation of the X Window System, which provides the\n core functionality for the Linux graphical desktop.\n\n An input validation flaw was discovered in X.org's Security and Record\n extensions. A malicious authorized client could exploit this issue to cause\n a denial of service (crash) or, potentially, execute arbitrary code with\n root privileges on the X.Org server. (CVE-2008-1377)\n \n Multiple integer overflow flaws were found in X.org's Render extension. A\n malicious authorized client could exploit these issues to cause a denial of\n service (crash) or, potentially, execute arbitrary code with root\n privileges on the X.Org server. (CVE-2008-2360, CVE-2008-2361)\n \n An input validation flaw was discovered in X.org's MIT-SHM extension. A\n client connected to the X.org server could read arbitrary server memory.\n This could result in the sensitive data of other users of the X.org server\n being disclosed. (CVE-2008-1379)\n \n Users of XFree86 are advised to upgrade to these updated packages, which\n contain backported patches to resolve these issues.\";\n\ntag_affected = \"XFree86 on Red Hat Enterprise Linux AS version 3,\n Red Hat Enterprise Linux ES version 3,\n Red Hat Enterprise Linux WS version 3\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/rhsa-announce/2008-June/msg00008.html\");\n script_id(870103);\n script_version(\"$Revision: 6683 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-12 11:41:57 +0200 (Wed, 12 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-03-06 07:30:35 +0100 (Fri, 06 Mar 2009)\");\n script_tag(name:\"cvss_base\", value:\"9.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_xref(name: \"RHSA\", value: \"2008:0502-01\");\n script_cve_id(\"CVE-2008-1377\", \"CVE-2008-1379\", \"CVE-2008-2360\", \"CVE-2008-2361\");\n script_name( \"RedHat Update for XFree86 RHSA-2008:0502-01\");\n\n script_summary(\"Check for the Version of XFree86\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"RHENT_3\")\n{\n\n if ((res = isrpmvuln(pkg:\"XFree86-100dpi-fonts\", rpm:\"XFree86-100dpi-fonts~4.3.0~128.EL\", rls:\"RHENT_3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"XFree86\", rpm:\"XFree86~4.3.0~128.EL\", rls:\"RHENT_3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"XFree86-75dpi-fonts\", rpm:\"XFree86-75dpi-fonts~4.3.0~128.EL\", rls:\"RHENT_3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"XFree86-ISO8859-14-100dpi-fonts\", rpm:\"XFree86-ISO8859-14-100dpi-fonts~4.3.0~128.EL\", rls:\"RHENT_3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"XFree86-ISO8859-14-75dpi-fonts\", rpm:\"XFree86-ISO8859-14-75dpi-fonts~4.3.0~128.EL\", rls:\"RHENT_3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"XFree86-ISO8859-15-100dpi-fonts\", rpm:\"XFree86-ISO8859-15-100dpi-fonts~4.3.0~128.EL\", rls:\"RHENT_3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"XFree86-ISO8859-15-75dpi-fonts\", rpm:\"XFree86-ISO8859-15-75dpi-fonts~4.3.0~128.EL\", rls:\"RHENT_3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"XFree86-ISO8859-2-100dpi-fonts\", rpm:\"XFree86-ISO8859-2-100dpi-fonts~4.3.0~128.EL\", rls:\"RHENT_3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"XFree86-ISO8859-2-75dpi-fonts\", rpm:\"XFree86-ISO8859-2-75dpi-fonts~4.3.0~128.EL\", rls:\"RHENT_3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"XFree86-ISO8859-9-100dpi-fonts\", rpm:\"XFree86-ISO8859-9-100dpi-fonts~4.3.0~128.EL\", rls:\"RHENT_3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"XFree86-ISO8859-9-75dpi-fonts\", rpm:\"XFree86-ISO8859-9-75dpi-fonts~4.3.0~128.EL\", rls:\"RHENT_3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"XFree86-Mesa-libGL\", rpm:\"XFree86-Mesa-libGL~4.3.0~128.EL\", rls:\"RHENT_3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"XFree86-Mesa-libGLU\", rpm:\"XFree86-Mesa-libGLU~4.3.0~128.EL\", rls:\"RHENT_3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"XFree86-Xnest\", rpm:\"XFree86-Xnest~4.3.0~128.EL\", rls:\"RHENT_3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"XFree86-Xvfb\", rpm:\"XFree86-Xvfb~4.3.0~128.EL\", rls:\"RHENT_3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"XFree86-base-fonts\", rpm:\"XFree86-base-fonts~4.3.0~128.EL\", rls:\"RHENT_3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"XFree86-cyrillic-fonts\", rpm:\"XFree86-cyrillic-fonts~4.3.0~128.EL\", rls:\"RHENT_3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"XFree86-devel\", rpm:\"XFree86-devel~4.3.0~128.EL\", rls:\"RHENT_3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"XFree86-doc\", rpm:\"XFree86-doc~4.3.0~128.EL\", rls:\"RHENT_3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"XFree86-font-utils\", rpm:\"XFree86-font-utils~4.3.0~128.EL\", rls:\"RHENT_3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"XFree86-libs\", rpm:\"XFree86-libs~4.3.0~128.EL\", rls:\"RHENT_3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"XFree86-libs-data\", rpm:\"XFree86-libs-data~4.3.0~128.EL\", rls:\"RHENT_3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"XFree86-sdk\", rpm:\"XFree86-sdk~4.3.0~128.EL\", rls:\"RHENT_3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"XFree86-syriac-fonts\", rpm:\"XFree86-syriac-fonts~4.3.0~128.EL\", rls:\"RHENT_3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"XFree86-tools\", rpm:\"XFree86-tools~4.3.0~128.EL\", rls:\"RHENT_3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"XFree86-truetype-fonts\", rpm:\"XFree86-truetype-fonts~4.3.0~128.EL\", rls:\"RHENT_3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"XFree86-twm\", rpm:\"XFree86-twm~4.3.0~128.EL\", rls:\"RHENT_3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"XFree86-xauth\", rpm:\"XFree86-xauth~4.3.0~128.EL\", rls:\"RHENT_3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"XFree86-xdm\", rpm:\"XFree86-xdm~4.3.0~128.EL\", rls:\"RHENT_3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"XFree86-xfs\", rpm:\"XFree86-xfs~4.3.0~128.EL\", rls:\"RHENT_3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 9.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-25T10:57:09", "description": "Check for the Version of XFree86-100dpi-fonts", "cvss3": {}, "published": "2009-02-27T00:00:00", "type": "openvas", "title": "CentOS Update for XFree86-100dpi-fonts CESA-2008:0502 centos3 x86_64", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-1379", "CVE-2008-1377", "CVE-2008-2361", "CVE-2008-2360"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:880263", "href": "http://plugins.openvas.org/nasl.php?oid=880263", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for XFree86-100dpi-fonts CESA-2008:0502 centos3 x86_64\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"XFree86 is an implementation of the X Window System, which provides the\n core functionality for the Linux graphical desktop.\n\n An input validation flaw was discovered in X.org's Security and Record\n extensions. A malicious authorized client could exploit this issue to cause\n a denial of service (crash) or, potentially, execute arbitrary code with\n root privileges on the X.Org server. (CVE-2008-1377)\n \n Multiple integer overflow flaws were found in X.org's Render extension. A\n malicious authorized client could exploit these issues to cause a denial of\n service (crash) or, potentially, execute arbitrary code with root\n privileges on the X.Org server. (CVE-2008-2360, CVE-2008-2361)\n \n An input validation flaw was discovered in X.org's MIT-SHM extension. A\n client connected to the X.org server could read arbitrary server memory.\n This could result in the sensitive data of other users of the X.org server\n being disclosed. (CVE-2008-1379)\n \n Users of XFree86 are advised to upgrade to these updated packages, which\n contain backported patches to resolve these issues.\";\n\ntag_affected = \"XFree86-100dpi-fonts on CentOS 3\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2008-June/014974.html\");\n script_id(880263);\n script_version(\"$Revision: 6651 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 13:45:21 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-27 08:40:14 +0100 (Fri, 27 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"9.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_xref(name: \"CESA\", value: \"2008:0502\");\n script_cve_id(\"CVE-2008-1377\", \"CVE-2008-1379\", \"CVE-2008-2360\", \"CVE-2008-2361\");\n script_name( \"CentOS Update for XFree86-100dpi-fonts CESA-2008:0502 centos3 x86_64\");\n\n script_summary(\"Check for the Version of XFree86-100dpi-fonts\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS3\")\n{\n\n if ((res = isrpmvuln(pkg:\"XFree86-100dpi-fonts\", rpm:\"XFree86-100dpi-fonts~4.3.0~128.EL\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"XFree86\", rpm:\"XFree86~4.3.0~128.EL\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"XFree86-75dpi-fonts\", rpm:\"XFree86-75dpi-fonts~4.3.0~128.EL\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"XFree86-base-fonts\", rpm:\"XFree86-base-fonts~4.3.0~128.EL\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"XFree86-cyrillic-fonts\", rpm:\"XFree86-cyrillic-fonts~4.3.0~128.EL\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"XFree86-devel\", rpm:\"XFree86-devel~4.3.0~128.EL\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"XFree86-doc\", rpm:\"XFree86-doc~4.3.0~128.EL\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"XFree86-font-utils\", rpm:\"XFree86-font-utils~4.3.0~128.EL\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"XFree86-ISO8859-14-100dpi-fonts\", rpm:\"XFree86-ISO8859-14-100dpi-fonts~4.3.0~128.EL\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"XFree86-ISO8859-14-75dpi-fonts\", rpm:\"XFree86-ISO8859-14-75dpi-fonts~4.3.0~128.EL\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"XFree86-ISO8859-15-100dpi-fonts\", rpm:\"XFree86-ISO8859-15-100dpi-fonts~4.3.0~128.EL\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"XFree86-ISO8859-15-75dpi-fonts\", rpm:\"XFree86-ISO8859-15-75dpi-fonts~4.3.0~128.EL\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"XFree86-ISO8859-2-100dpi-fonts\", rpm:\"XFree86-ISO8859-2-100dpi-fonts~4.3.0~128.EL\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"XFree86-ISO8859-2-75dpi-fonts\", rpm:\"XFree86-ISO8859-2-75dpi-fonts~4.3.0~128.EL\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"XFree86-ISO8859-9-100dpi-fonts\", rpm:\"XFree86-ISO8859-9-100dpi-fonts~4.3.0~128.EL\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"XFree86-ISO8859-9-75dpi-fonts\", rpm:\"XFree86-ISO8859-9-75dpi-fonts~4.3.0~128.EL\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"XFree86-libs\", rpm:\"XFree86-libs~4.3.0~128.EL\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"XFree86-libs-data\", rpm:\"XFree86-libs-data~4.3.0~128.EL\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"XFree86-Mesa-libGL\", rpm:\"XFree86-Mesa-libGL~4.3.0~128.EL\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"XFree86-Mesa-libGLU\", rpm:\"XFree86-Mesa-libGLU~4.3.0~128.EL\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"XFree86-sdk\", rpm:\"XFree86-sdk~4.3.0~128.EL\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"XFree86-syriac-fonts\", rpm:\"XFree86-syriac-fonts~4.3.0~128.EL\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"XFree86-tools\", rpm:\"XFree86-tools~4.3.0~128.EL\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"XFree86-truetype-fonts\", rpm:\"XFree86-truetype-fonts~4.3.0~128.EL\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"XFree86-twm\", rpm:\"XFree86-twm~4.3.0~128.EL\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"XFree86-xauth\", rpm:\"XFree86-xauth~4.3.0~128.EL\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"XFree86-xdm\", rpm:\"XFree86-xdm~4.3.0~128.EL\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"XFree86-xfs\", rpm:\"XFree86-xfs~4.3.0~128.EL\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"XFree86-Xnest\", rpm:\"XFree86-Xnest~4.3.0~128.EL\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"XFree86-Xvfb\", rpm:\"XFree86-Xvfb~4.3.0~128.EL\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 9.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-25T10:57:06", "description": "Check for the Version of XFree86-100dpi-fonts", "cvss3": {}, "published": "2009-02-27T00:00:00", "type": "openvas", "title": "CentOS Update for XFree86-100dpi-fonts CESA-2008:0502 centos3 i386", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-1379", "CVE-2008-1377", "CVE-2008-2361", "CVE-2008-2360"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:880312", "href": "http://plugins.openvas.org/nasl.php?oid=880312", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for XFree86-100dpi-fonts CESA-2008:0502 centos3 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"XFree86 is an implementation of the X Window System, which provides the\n core functionality for the Linux graphical desktop.\n\n An input validation flaw was discovered in X.org's Security and Record\n extensions. A malicious authorized client could exploit this issue to cause\n a denial of service (crash) or, potentially, execute arbitrary code with\n root privileges on the X.Org server. (CVE-2008-1377)\n \n Multiple integer overflow flaws were found in X.org's Render extension. A\n malicious authorized client could exploit these issues to cause a denial of\n service (crash) or, potentially, execute arbitrary code with root\n privileges on the X.Org server. (CVE-2008-2360, CVE-2008-2361)\n \n An input validation flaw was discovered in X.org's MIT-SHM extension. A\n client connected to the X.org server could read arbitrary server memory.\n This could result in the sensitive data of other users of the X.org server\n being disclosed. (CVE-2008-1379)\n \n Users of XFree86 are advised to upgrade to these updated packages, which\n contain backported patches to resolve these issues.\";\n\ntag_affected = \"XFree86-100dpi-fonts on CentOS 3\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2008-June/014973.html\");\n script_id(880312);\n script_version(\"$Revision: 6651 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 13:45:21 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-27 08:40:14 +0100 (Fri, 27 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"9.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_xref(name: \"CESA\", value: \"2008:0502\");\n script_cve_id(\"CVE-2008-1377\", \"CVE-2008-1379\", \"CVE-2008-2360\", \"CVE-2008-2361\");\n script_name( \"CentOS Update for XFree86-100dpi-fonts CESA-2008:0502 centos3 i386\");\n\n script_summary(\"Check for the Version of XFree86-100dpi-fonts\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS3\")\n{\n\n if ((res = isrpmvuln(pkg:\"XFree86-100dpi-fonts\", rpm:\"XFree86-100dpi-fonts~4.3.0~128.EL\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"XFree86\", rpm:\"XFree86~4.3.0~128.EL\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"XFree86-75dpi-fonts\", rpm:\"XFree86-75dpi-fonts~4.3.0~128.EL\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"XFree86-base-fonts\", rpm:\"XFree86-base-fonts~4.3.0~128.EL\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"XFree86-cyrillic-fonts\", rpm:\"XFree86-cyrillic-fonts~4.3.0~128.EL\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"XFree86-devel\", rpm:\"XFree86-devel~4.3.0~128.EL\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"XFree86-doc\", rpm:\"XFree86-doc~4.3.0~128.EL\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"XFree86-font-utils\", rpm:\"XFree86-font-utils~4.3.0~128.EL\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"XFree86-ISO8859-14-100dpi-fonts\", rpm:\"XFree86-ISO8859-14-100dpi-fonts~4.3.0~128.EL\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"XFree86-ISO8859-14-75dpi-fonts\", rpm:\"XFree86-ISO8859-14-75dpi-fonts~4.3.0~128.EL\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"XFree86-ISO8859-15-100dpi-fonts\", rpm:\"XFree86-ISO8859-15-100dpi-fonts~4.3.0~128.EL\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"XFree86-ISO8859-15-75dpi-fonts\", rpm:\"XFree86-ISO8859-15-75dpi-fonts~4.3.0~128.EL\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"XFree86-ISO8859-2-100dpi-fonts\", rpm:\"XFree86-ISO8859-2-100dpi-fonts~4.3.0~128.EL\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"XFree86-ISO8859-2-75dpi-fonts\", rpm:\"XFree86-ISO8859-2-75dpi-fonts~4.3.0~128.EL\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"XFree86-ISO8859-9-100dpi-fonts\", rpm:\"XFree86-ISO8859-9-100dpi-fonts~4.3.0~128.EL\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"XFree86-ISO8859-9-75dpi-fonts\", rpm:\"XFree86-ISO8859-9-75dpi-fonts~4.3.0~128.EL\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"XFree86-libs\", rpm:\"XFree86-libs~4.3.0~128.EL\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"XFree86-libs-data\", rpm:\"XFree86-libs-data~4.3.0~128.EL\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"XFree86-Mesa-libGL\", rpm:\"XFree86-Mesa-libGL~4.3.0~128.EL\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"XFree86-Mesa-libGLU\", rpm:\"XFree86-Mesa-libGLU~4.3.0~128.EL\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"XFree86-sdk\", rpm:\"XFree86-sdk~4.3.0~128.EL\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"XFree86-syriac-fonts\", rpm:\"XFree86-syriac-fonts~4.3.0~128.EL\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"XFree86-tools\", rpm:\"XFree86-tools~4.3.0~128.EL\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"XFree86-truetype-fonts\", rpm:\"XFree86-truetype-fonts~4.3.0~128.EL\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"XFree86-twm\", rpm:\"XFree86-twm~4.3.0~128.EL\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"XFree86-xauth\", rpm:\"XFree86-xauth~4.3.0~128.EL\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"XFree86-xdm\", rpm:\"XFree86-xdm~4.3.0~128.EL\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"XFree86-xfs\", rpm:\"XFree86-xfs~4.3.0~128.EL\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"XFree86-Xnest\", rpm:\"XFree86-Xnest~4.3.0~128.EL\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"XFree86-Xvfb\", rpm:\"XFree86-Xvfb~4.3.0~128.EL\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 9.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-25T10:56:37", "description": "Check for the Version of xorg-x11", "cvss3": {}, "published": "2009-02-27T00:00:00", "type": "openvas", "title": "CentOS Update for xorg-x11 CESA-2008:0503 centos4 x86_64", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-1379", "CVE-2008-1377", "CVE-2008-2361", "CVE-2008-2360"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:880106", "href": "http://plugins.openvas.org/nasl.php?oid=880106", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for xorg-x11 CESA-2008:0503 centos4 x86_64\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The xorg-x11 packages contain X.Org, an open source implementation of the X\n Window System. It provides the basic low-level functionality that\n full-fledged graphical user interfaces are designed upon.\n\n An input validation flaw was discovered in X.org's Security and Record\n extensions. A malicious authorized client could exploit this issue to cause\n a denial of service (crash) or, potentially, execute arbitrary code with\n root privileges on the X.Org server. (CVE-2008-1377)\n \n Multiple integer overflow flaws were found in X.org's Render extension. A\n malicious authorized client could exploit these issues to cause a denial of\n service (crash) or, potentially, execute arbitrary code with root\n privileges on the X.Org server. (CVE-2008-2360, CVE-2008-2361)\n \n An input validation flaw was discovered in X.org's MIT-SHM extension. A\n client connected to the X.org server could read arbitrary server memory.\n This could result in the sensitive data of other users of the X.org server\n being disclosed. (CVE-2008-1379)\n \n Users of xorg-x11 should upgrade to these updated packages, which contain\n backported patches to resolve these issues.\";\n\ntag_affected = \"xorg-x11 on CentOS 4\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2008-June/015044.html\");\n script_id(880106);\n script_version(\"$Revision: 6651 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 13:45:21 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-27 08:40:14 +0100 (Fri, 27 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"9.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_xref(name: \"CESA\", value: \"2008:0503\");\n script_cve_id(\"CVE-2008-1377\", \"CVE-2008-1379\", \"CVE-2008-2360\", \"CVE-2008-2361\");\n script_name( \"CentOS Update for xorg-x11 CESA-2008:0503 centos4 x86_64\");\n\n script_summary(\"Check for the Version of xorg-x11\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS4\")\n{\n\n if ((res = isrpmvuln(pkg:\"xorg-x11\", rpm:\"xorg-x11~6.8.2~1.EL.33.0.4\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xorg-x11-deprecated-libs\", rpm:\"xorg-x11-deprecated-libs~6.8.2~1.EL.33.0.4\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xorg-x11-deprecated-libs-devel\", rpm:\"xorg-x11-deprecated-libs-devel~6.8.2~1.EL.33.0.4\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xorg-x11-devel\", rpm:\"xorg-x11-devel~6.8.2~1.EL.33.0.4\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xorg-x11-doc\", rpm:\"xorg-x11-doc~6.8.2~1.EL.33.0.4\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xorg-x11-font-utils\", rpm:\"xorg-x11-font-utils~6.8.2~1.EL.33.0.4\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xorg-x11-libs\", rpm:\"xorg-x11-libs~6.8.2~1.EL.33.0.4\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xorg-x11-Mesa-libGL\", rpm:\"xorg-x11-Mesa-libGL~6.8.2~1.EL.33.0.4\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xorg-x11-Mesa-libGLU\", rpm:\"xorg-x11-Mesa-libGLU~6.8.2~1.EL.33.0.4\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xorg-x11-sdk\", rpm:\"xorg-x11-sdk~6.8.2~1.EL.33.0.4\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xorg-x11-tools\", rpm:\"xorg-x11-tools~6.8.2~1.EL.33.0.4\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xorg-x11-twm\", rpm:\"xorg-x11-twm~6.8.2~1.EL.33.0.4\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xorg-x11-xauth\", rpm:\"xorg-x11-xauth~6.8.2~1.EL.33.0.4\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xorg-x11-xdm\", rpm:\"xorg-x11-xdm~6.8.2~1.EL.33.0.4\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xorg-x11-Xdmx\", rpm:\"xorg-x11-Xdmx~6.8.2~1.EL.33.0.4\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xorg-x11-xfs\", rpm:\"xorg-x11-xfs~6.8.2~1.EL.33.0.4\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xorg-x11-Xnest\", rpm:\"xorg-x11-Xnest~6.8.2~1.EL.33.0.4\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xorg-x11-Xvfb\", rpm:\"xorg-x11-Xvfb~6.8.2~1.EL.33.0.4\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 9.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-25T10:56:05", "description": "Check for the Version of xorg-x11", "cvss3": {}, "published": "2009-02-27T00:00:00", "type": "openvas", "title": "CentOS Update for xorg-x11 CESA-2008:0503 centos4 i386", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-1379", "CVE-2008-1377", "CVE-2008-2361", "CVE-2008-2360"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:880033", "href": "http://plugins.openvas.org/nasl.php?oid=880033", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for xorg-x11 CESA-2008:0503 centos4 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The xorg-x11 packages contain X.Org, an open source implementation of the X\n Window System. It provides the basic low-level functionality that\n full-fledged graphical user interfaces are designed upon.\n\n An input validation flaw was discovered in X.org's Security and Record\n extensions. A malicious authorized client could exploit this issue to cause\n a denial of service (crash) or, potentially, execute arbitrary code with\n root privileges on the X.Org server. (CVE-2008-1377)\n \n Multiple integer overflow flaws were found in X.org's Render extension. A\n malicious authorized client could exploit these issues to cause a denial of\n service (crash) or, potentially, execute arbitrary code with root\n privileges on the X.Org server. (CVE-2008-2360, CVE-2008-2361)\n \n An input validation flaw was discovered in X.org's MIT-SHM extension. A\n client connected to the X.org server could read arbitrary server memory.\n This could result in the sensitive data of other users of the X.org server\n being disclosed. (CVE-2008-1379)\n \n Users of xorg-x11 should upgrade to these updated packages, which contain\n backported patches to resolve these issues.\";\n\ntag_affected = \"xorg-x11 on CentOS 4\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2008-June/015045.html\");\n script_id(880033);\n script_version(\"$Revision: 6651 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 13:45:21 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-27 08:40:14 +0100 (Fri, 27 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"9.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_xref(name: \"CESA\", value: \"2008:0503\");\n script_cve_id(\"CVE-2008-1377\", \"CVE-2008-1379\", \"CVE-2008-2360\", \"CVE-2008-2361\");\n script_name( \"CentOS Update for xorg-x11 CESA-2008:0503 centos4 i386\");\n\n script_summary(\"Check for the Version of xorg-x11\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS4\")\n{\n\n if ((res = isrpmvuln(pkg:\"xorg-x11\", rpm:\"xorg-x11~6.8.2~1.EL.33.0.4\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xorg-x11-deprecated-libs\", rpm:\"xorg-x11-deprecated-libs~6.8.2~1.EL.33.0.4\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xorg-x11-deprecated-libs-devel\", rpm:\"xorg-x11-deprecated-libs-devel~6.8.2~1.EL.33.0.4\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xorg-x11-devel\", rpm:\"xorg-x11-devel~6.8.2~1.EL.33.0.4\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xorg-x11-doc\", rpm:\"xorg-x11-doc~6.8.2~1.EL.33.0.4\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xorg-x11-font-utils\", rpm:\"xorg-x11-font-utils~6.8.2~1.EL.33.0.4\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xorg-x11-libs\", rpm:\"xorg-x11-libs~6.8.2~1.EL.33.0.4\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xorg-x11-Mesa-libGL\", rpm:\"xorg-x11-Mesa-libGL~6.8.2~1.EL.33.0.4\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xorg-x11-Mesa-libGLU\", rpm:\"xorg-x11-Mesa-libGLU~6.8.2~1.EL.33.0.4\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xorg-x11-sdk\", rpm:\"xorg-x11-sdk~6.8.2~1.EL.33.0.4\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xorg-x11-tools\", rpm:\"xorg-x11-tools~6.8.2~1.EL.33.0.4\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xorg-x11-twm\", rpm:\"xorg-x11-twm~6.8.2~1.EL.33.0.4\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xorg-x11-xauth\", rpm:\"xorg-x11-xauth~6.8.2~1.EL.33.0.4\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xorg-x11-xdm\", rpm:\"xorg-x11-xdm~6.8.2~1.EL.33.0.4\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xorg-x11-Xdmx\", rpm:\"xorg-x11-Xdmx~6.8.2~1.EL.33.0.4\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xorg-x11-xfs\", rpm:\"xorg-x11-xfs~6.8.2~1.EL.33.0.4\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xorg-x11-Xnest\", rpm:\"xorg-x11-Xnest~6.8.2~1.EL.33.0.4\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xorg-x11-Xvfb\", rpm:\"xorg-x11-Xvfb~6.8.2~1.EL.33.0.4\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 9.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-09T11:39:36", "description": "Check for the Version of xorg-x11", "cvss3": {}, "published": "2009-03-06T00:00:00", "type": "openvas", "title": "RedHat Update for xorg-x11 RHSA-2008:0503-01", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-1379", "CVE-2008-1377", "CVE-2008-2361", "CVE-2008-2360"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:1361412562310870112", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310870112", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for xorg-x11 RHSA-2008:0503-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The xorg-x11 packages contain X.Org, an open source implementation of the X\n Window System. It provides the basic low-level functionality that\n full-fledged graphical user interfaces are designed upon.\n\n An input validation flaw was discovered in X.org's Security and Record\n extensions. A malicious authorized client could exploit this issue to cause\n a denial of service (crash) or, potentially, execute arbitrary code with\n root privileges on the X.Org server. (CVE-2008-1377)\n \n Multiple integer overflow flaws were found in X.org's Render extension. A\n malicious authorized client could exploit these issues to cause a denial of\n service (crash) or, potentially, execute arbitrary code with root\n privileges on the X.Org server. (CVE-2008-2360, CVE-2008-2361)\n \n An input validation flaw was discovered in X.org's MIT-SHM extension. A\n client connected to the X.org server could read arbitrary server memory.\n This could result in the sensitive data of other users of the X.org server\n being disclosed. (CVE-2008-1379)\n \n Users of xorg-x11 should upgrade to these updated packages, which contain\n backported patches to resolve these issues.\";\n\ntag_affected = \"xorg-x11 on Red Hat Enterprise Linux AS version 4,\n Red Hat Enterprise Linux ES version 4,\n Red Hat Enterprise Linux WS version 4\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/rhsa-announce/2008-June/msg00009.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.870112\");\n script_version(\"$Revision: 9370 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:53:14 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-03-06 07:30:35 +0100 (Fri, 06 Mar 2009)\");\n script_tag(name:\"cvss_base\", value:\"9.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_xref(name: \"RHSA\", value: \"2008:0503-01\");\n script_cve_id(\"CVE-2008-1377\", \"CVE-2008-1379\", \"CVE-2008-2360\", \"CVE-2008-2361\");\n script_name( \"RedHat Update for xorg-x11 RHSA-2008:0503-01\");\n\n script_tag(name:\"summary\", value:\"Check for the Version of xorg-x11\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"RHENT_4\")\n{\n\n if ((res = isrpmvuln(pkg:\"xorg-x11\", rpm:\"xorg-x11~6.8.2~1.EL.33.0.4\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xorg-x11-Mesa-libGL\", rpm:\"xorg-x11-Mesa-libGL~6.8.2~1.EL.33.0.4\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xorg-x11-Mesa-libGLU\", rpm:\"xorg-x11-Mesa-libGLU~6.8.2~1.EL.33.0.4\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xorg-x11-Xdmx\", rpm:\"xorg-x11-Xdmx~6.8.2~1.EL.33.0.4\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xorg-x11-Xnest\", rpm:\"xorg-x11-Xnest~6.8.2~1.EL.33.0.4\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xorg-x11-Xvfb\", rpm:\"xorg-x11-Xvfb~6.8.2~1.EL.33.0.4\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xorg-x11-deprecated-libs\", rpm:\"xorg-x11-deprecated-libs~6.8.2~1.EL.33.0.4\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xorg-x11-deprecated-libs-devel\", rpm:\"xorg-x11-deprecated-libs-devel~6.8.2~1.EL.33.0.4\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xorg-x11-devel\", rpm:\"xorg-x11-devel~6.8.2~1.EL.33.0.4\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xorg-x11-doc\", rpm:\"xorg-x11-doc~6.8.2~1.EL.33.0.4\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xorg-x11-font-utils\", rpm:\"xorg-x11-font-utils~6.8.2~1.EL.33.0.4\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xorg-x11-libs\", rpm:\"xorg-x11-libs~6.8.2~1.EL.33.0.4\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xorg-x11-sdk\", rpm:\"xorg-x11-sdk~6.8.2~1.EL.33.0.4\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xorg-x11-tools\", rpm:\"xorg-x11-tools~6.8.2~1.EL.33.0.4\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xorg-x11-twm\", rpm:\"xorg-x11-twm~6.8.2~1.EL.33.0.4\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xorg-x11-xauth\", rpm:\"xorg-x11-xauth~6.8.2~1.EL.33.0.4\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xorg-x11-xdm\", rpm:\"xorg-x11-xdm~6.8.2~1.EL.33.0.4\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xorg-x11-xfs\", rpm:\"xorg-x11-xfs~6.8.2~1.EL.33.0.4\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 9.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-09T11:41:26", "description": "Check for the Version of XFree86-100dpi-fonts", "cvss3": {}, "published": "2009-02-27T00:00:00", "type": "openvas", "title": "CentOS Update for XFree86-100dpi-fonts CESA-2008:0502 centos3 i386", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-1379", "CVE-2008-1377", "CVE-2008-2361", "CVE-2008-2360"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:1361412562310880312", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310880312", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for XFree86-100dpi-fonts CESA-2008:0502 centos3 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"XFree86 is an implementation of the X Window System, which provides the\n core functionality for the Linux graphical desktop.\n\n An input validation flaw was discovered in X.org's Security and Record\n extensions. A malicious authorized client could exploit this issue to cause\n a denial of service (crash) or, potentially, execute arbitrary code with\n root privileges on the X.Org server. (CVE-2008-1377)\n \n Multiple integer overflow flaws were found in X.org's Render extension. A\n malicious authorized client could exploit these issues to cause a denial of\n service (crash) or, potentially, execute arbitrary code with root\n privileges on the X.Org server. (CVE-2008-2360, CVE-2008-2361)\n \n An input validation flaw was discovered in X.org's MIT-SHM extension. A\n client connected to the X.org server could read arbitrary server memory.\n This could result in the sensitive data of other users of the X.org server\n being disclosed. (CVE-2008-1379)\n \n Users of XFree86 are advised to upgrade to these updated packages, which\n contain backported patches to resolve these issues.\";\n\ntag_affected = \"XFree86-100dpi-fonts on CentOS 3\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2008-June/014973.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.880312\");\n script_version(\"$Revision: 9370 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:53:14 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-27 08:40:14 +0100 (Fri, 27 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"9.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_xref(name: \"CESA\", value: \"2008:0502\");\n script_cve_id(\"CVE-2008-1377\", \"CVE-2008-1379\", \"CVE-2008-2360\", \"CVE-2008-2361\");\n script_name( \"CentOS Update for XFree86-100dpi-fonts CESA-2008:0502 centos3 i386\");\n\n script_tag(name:\"summary\", value:\"Check for the Version of XFree86-100dpi-fonts\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS3\")\n{\n\n if ((res = isrpmvuln(pkg:\"XFree86-100dpi-fonts\", rpm:\"XFree86-100dpi-fonts~4.3.0~128.EL\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"XFree86\", rpm:\"XFree86~4.3.0~128.EL\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"XFree86-75dpi-fonts\", rpm:\"XFree86-75dpi-fonts~4.3.0~128.EL\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"XFree86-base-fonts\", rpm:\"XFree86-base-fonts~4.3.0~128.EL\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"XFree86-cyrillic-fonts\", rpm:\"XFree86-cyrillic-fonts~4.3.0~128.EL\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"XFree86-devel\", rpm:\"XFree86-devel~4.3.0~128.EL\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"XFree86-doc\", rpm:\"XFree86-doc~4.3.0~128.EL\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"XFree86-font-utils\", rpm:\"XFree86-font-utils~4.3.0~128.EL\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"XFree86-ISO8859-14-100dpi-fonts\", rpm:\"XFree86-ISO8859-14-100dpi-fonts~4.3.0~128.EL\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"XFree86-ISO8859-14-75dpi-fonts\", rpm:\"XFree86-ISO8859-14-75dpi-fonts~4.3.0~128.EL\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"XFree86-ISO8859-15-100dpi-fonts\", rpm:\"XFree86-ISO8859-15-100dpi-fonts~4.3.0~128.EL\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"XFree86-ISO8859-15-75dpi-fonts\", rpm:\"XFree86-ISO8859-15-75dpi-fonts~4.3.0~128.EL\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"XFree86-ISO8859-2-100dpi-fonts\", rpm:\"XFree86-ISO8859-2-100dpi-fonts~4.3.0~128.EL\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"XFree86-ISO8859-2-75dpi-fonts\", rpm:\"XFree86-ISO8859-2-75dpi-fonts~4.3.0~128.EL\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"XFree86-ISO8859-9-100dpi-fonts\", rpm:\"XFree86-ISO8859-9-100dpi-fonts~4.3.0~128.EL\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"XFree86-ISO8859-9-75dpi-fonts\", rpm:\"XFree86-ISO8859-9-75dpi-fonts~4.3.0~128.EL\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"XFree86-libs\", rpm:\"XFree86-libs~4.3.0~128.EL\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"XFree86-libs-data\", rpm:\"XFree86-libs-data~4.3.0~128.EL\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"XFree86-Mesa-libGL\", rpm:\"XFree86-Mesa-libGL~4.3.0~128.EL\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"XFree86-Mesa-libGLU\", rpm:\"XFree86-Mesa-libGLU~4.3.0~128.EL\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"XFree86-sdk\", rpm:\"XFree86-sdk~4.3.0~128.EL\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"XFree86-syriac-fonts\", rpm:\"XFree86-syriac-fonts~4.3.0~128.EL\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"XFree86-tools\", rpm:\"XFree86-tools~4.3.0~128.EL\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"XFree86-truetype-fonts\", rpm:\"XFree86-truetype-fonts~4.3.0~128.EL\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"XFree86-twm\", rpm:\"XFree86-twm~4.3.0~128.EL\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"XFree86-xauth\", rpm:\"XFree86-xauth~4.3.0~128.EL\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"XFree86-xdm\", rpm:\"XFree86-xdm~4.3.0~128.EL\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"XFree86-xfs\", rpm:\"XFree86-xfs~4.3.0~128.EL\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"XFree86-Xnest\", rpm:\"XFree86-Xnest~4.3.0~128.EL\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"XFree86-Xvfb\", rpm:\"XFree86-Xvfb~4.3.0~128.EL\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 9.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-27T10:56:01", "description": "Check for the Version of xorg-x11", "cvss3": {}, "published": "2009-03-06T00:00:00", "type": "openvas", "title": "RedHat Update for xorg-x11 RHSA-2008:0503-01", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-1379", "CVE-2008-1377", "CVE-2008-2361", "CVE-2008-2360"], "modified": "2017-07-12T00:00:00", "id": "OPENVAS:870112", "href": "http://plugins.openvas.org/nasl.php?oid=870112", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for xorg-x11 RHSA-2008:0503-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The xorg-x11 packages contain X.Org, an open source implementation of the X\n Window System. It provides the basic low-level functionality that\n full-fledged graphical user interfaces are designed upon.\n\n An input validation flaw was discovered in X.org's Security and Record\n extensions. A malicious authorized client could exploit this issue to cause\n a denial of service (crash) or, potentially, execute arbitrary code with\n root privileges on the X.Org server. (CVE-2008-1377)\n \n Multiple integer overflow flaws were found in X.org's Render extension. A\n malicious authorized client could exploit these issues to cause a denial of\n service (crash) or, potentially, execute arbitrary code with root\n privileges on the X.Org server. (CVE-2008-2360, CVE-2008-2361)\n \n An input validation flaw was discovered in X.org's MIT-SHM extension. A\n client connected to the X.org server could read arbitrary server memory.\n This could result in the sensitive data of other users of the X.org server\n being disclosed. (CVE-2008-1379)\n \n Users of xorg-x11 should upgrade to these updated packages, which contain\n backported patches to resolve these issues.\";\n\ntag_affected = \"xorg-x11 on Red Hat Enterprise Linux AS version 4,\n Red Hat Enterprise Linux ES version 4,\n Red Hat Enterprise Linux WS version 4\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/rhsa-announce/2008-June/msg00009.html\");\n script_id(870112);\n script_version(\"$Revision: 6683 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-12 11:41:57 +0200 (Wed, 12 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-03-06 07:30:35 +0100 (Fri, 06 Mar 2009)\");\n script_tag(name:\"cvss_base\", value:\"9.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_xref(name: \"RHSA\", value: \"2008:0503-01\");\n script_cve_id(\"CVE-2008-1377\", \"CVE-2008-1379\", \"CVE-2008-2360\", \"CVE-2008-2361\");\n script_name( \"RedHat Update for xorg-x11 RHSA-2008:0503-01\");\n\n script_summary(\"Check for the Version of xorg-x11\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"RHENT_4\")\n{\n\n if ((res = isrpmvuln(pkg:\"xorg-x11\", rpm:\"xorg-x11~6.8.2~1.EL.33.0.4\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xorg-x11-Mesa-libGL\", rpm:\"xorg-x11-Mesa-libGL~6.8.2~1.EL.33.0.4\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xorg-x11-Mesa-libGLU\", rpm:\"xorg-x11-Mesa-libGLU~6.8.2~1.EL.33.0.4\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xorg-x11-Xdmx\", rpm:\"xorg-x11-Xdmx~6.8.2~1.EL.33.0.4\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xorg-x11-Xnest\", rpm:\"xorg-x11-Xnest~6.8.2~1.EL.33.0.4\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xorg-x11-Xvfb\", rpm:\"xorg-x11-Xvfb~6.8.2~1.EL.33.0.4\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xorg-x11-deprecated-libs\", rpm:\"xorg-x11-deprecated-libs~6.8.2~1.EL.33.0.4\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xorg-x11-deprecated-libs-devel\", rpm:\"xorg-x11-deprecated-libs-devel~6.8.2~1.EL.33.0.4\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xorg-x11-devel\", rpm:\"xorg-x11-devel~6.8.2~1.EL.33.0.4\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xorg-x11-doc\", rpm:\"xorg-x11-doc~6.8.2~1.EL.33.0.4\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xorg-x11-font-utils\", rpm:\"xorg-x11-font-utils~6.8.2~1.EL.33.0.4\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xorg-x11-libs\", rpm:\"xorg-x11-libs~6.8.2~1.EL.33.0.4\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xorg-x11-sdk\", rpm:\"xorg-x11-sdk~6.8.2~1.EL.33.0.4\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xorg-x11-tools\", rpm:\"xorg-x11-tools~6.8.2~1.EL.33.0.4\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xorg-x11-twm\", rpm:\"xorg-x11-twm~6.8.2~1.EL.33.0.4\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xorg-x11-xauth\", rpm:\"xorg-x11-xauth~6.8.2~1.EL.33.0.4\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xorg-x11-xdm\", rpm:\"xorg-x11-xdm~6.8.2~1.EL.33.0.4\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xorg-x11-xfs\", rpm:\"xorg-x11-xfs~6.8.2~1.EL.33.0.4\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 9.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-09T11:39:37", "description": "Check for the Version of metisse", "cvss3": {}, "published": "2009-04-09T00:00:00", "type": "openvas", "title": "Mandriva Update for metisse MDVSA-2008:179 (metisse)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-2362", "CVE-2008-1379", "CVE-2008-2361", "CVE-2008-2360"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:1361412562310830376", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310830376", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for metisse MDVSA-2008:179 (metisse)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"An input validation flaw was found in X.org's MIT-SHM extension.\n A client connected to the X.org server could read arbitrary server\n memory, resulting in the disclosure of sensitive data of other users\n of the X.org server (CVE-2008-1379).\n\n Multiple integer overflows were found in X.org's Render extension.\n A malicious authorized client could explot these issues to cause a\n denial of service (crash) or possibly execute arbitrary code with\n root privileges on the X.org server (CVE-2008-2360, CVE-2008-2361,\n CVE-2008-2362).\n \n The Metisse program is likewise affected by these issues; the updated\n packages have been patched to prevent them.\";\n\ntag_affected = \"metisse on Mandriva Linux 2008.0,\n Mandriva Linux 2008.0/X86_64,\n Mandriva Linux 2008.1,\n Mandriva Linux 2008.1/X86_64\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.mandriva.com/security-announce/2008-08/msg00022.php\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.830376\");\n script_version(\"$Revision: 9370 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:53:14 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-04-09 14:26:37 +0200 (Thu, 09 Apr 2009)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"MDVSA\", value: \"2008:179\");\n script_cve_id(\"CVE-2008-1379\", \"CVE-2008-2360\", \"CVE-2008-2361\", \"CVE-2008-2362\");\n script_name( \"Mandriva Update for metisse MDVSA-2008:179 (metisse)\");\n\n script_tag(name:\"summary\", value:\"Check for the Version of metisse\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"MNDK_2008.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"libmetisse1\", rpm:\"libmetisse1~0.4.0~1.rc4.10.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libmetisse1-devel\", rpm:\"libmetisse1-devel~0.4.0~1.rc4.10.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"metisse\", rpm:\"metisse~0.4.0~1.rc4.10.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"metisse-fvwm\", rpm:\"metisse-fvwm~2.5.20~1.rc4.10.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x11-server-xmetisse\", rpm:\"x11-server-xmetisse~0.4.0~1.rc4.10.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64metisse1\", rpm:\"lib64metisse1~0.4.0~1.rc4.10.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64metisse1-devel\", rpm:\"lib64metisse1-devel~0.4.0~1.rc4.10.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_2008.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"libmetisse1\", rpm:\"libmetisse1~0.4.0~1.rc4.10.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libmetisse1-devel\", rpm:\"libmetisse1-devel~0.4.0~1.rc4.10.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"metisse\", rpm:\"metisse~0.4.0~1.rc4.10.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"metisse-fvwm\", rpm:\"metisse-fvwm~2.5.20~1.rc4.10.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x11-server-xmetisse\", rpm:\"x11-server-xmetisse~0.4.0~1.rc4.10.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64metisse1\", rpm:\"lib64metisse1~0.4.0~1.rc4.10.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64metisse1-devel\", rpm:\"lib64metisse1-devel~0.4.0~1.rc4.10.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-24T12:56:26", "description": "Check for the Version of metisse", "cvss3": {}, "published": "2009-04-09T00:00:00", "type": "openvas", "title": "Mandriva Update for metisse MDVSA-2008:179 (metisse)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-2362", "CVE-2008-1379", "CVE-2008-2361", "CVE-2008-2360"], "modified": "2017-07-06T00:00:00", "id": "OPENVAS:830376", "href": "http://plugins.openvas.org/nasl.php?oid=830376", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for metisse MDVSA-2008:179 (metisse)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"An input validation flaw was found in X.org's MIT-SHM extension.\n A client connected to the X.org server could read arbitrary server\n memory, resulting in the disclosure of sensitive data of other users\n of the X.org server (CVE-2008-1379).\n\n Multiple integer overflows were found in X.org's Render extension.\n A malicious authorized client could explot these issues to cause a\n denial of service (crash) or possibly execute arbitrary code with\n root privileges on the X.org server (CVE-2008-2360, CVE-2008-2361,\n CVE-2008-2362).\n \n The Metisse program is likewise affected by these issues; the updated\n packages have been patched to prevent them.\";\n\ntag_affected = \"metisse on Mandriva Linux 2008.0,\n Mandriva Linux 2008.0/X86_64,\n Mandriva Linux 2008.1,\n Mandriva Linux 2008.1/X86_64\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.mandriva.com/security-announce/2008-08/msg00022.php\");\n script_id(830376);\n script_version(\"$Revision: 6568 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-06 15:04:21 +0200 (Thu, 06 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-04-09 14:26:37 +0200 (Thu, 09 Apr 2009)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"MDVSA\", value: \"2008:179\");\n script_cve_id(\"CVE-2008-1379\", \"CVE-2008-2360\", \"CVE-2008-2361\", \"CVE-2008-2362\");\n script_name( \"Mandriva Update for metisse MDVSA-2008:179 (metisse)\");\n\n script_summary(\"Check for the Version of metisse\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"MNDK_2008.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"libmetisse1\", rpm:\"libmetisse1~0.4.0~1.rc4.10.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libmetisse1-devel\", rpm:\"libmetisse1-devel~0.4.0~1.rc4.10.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"metisse\", rpm:\"metisse~0.4.0~1.rc4.10.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"metisse-fvwm\", rpm:\"metisse-fvwm~2.5.20~1.rc4.10.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x11-server-xmetisse\", rpm:\"x11-server-xmetisse~0.4.0~1.rc4.10.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64metisse1\", rpm:\"lib64metisse1~0.4.0~1.rc4.10.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64metisse1-devel\", rpm:\"lib64metisse1-devel~0.4.0~1.rc4.10.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_2008.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"libmetisse1\", rpm:\"libmetisse1~0.4.0~1.rc4.10.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libmetisse1-devel\", rpm:\"libmetisse1-devel~0.4.0~1.rc4.10.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"metisse\", rpm:\"metisse~0.4.0~1.rc4.10.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"metisse-fvwm\", rpm:\"metisse-fvwm~2.5.20~1.rc4.10.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x11-server-xmetisse\", rpm:\"x11-server-xmetisse~0.4.0~1.rc4.10.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64metisse1\", rpm:\"lib64metisse1~0.4.0~1.rc4.10.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64metisse1-devel\", rpm:\"lib64metisse1-devel~0.4.0~1.rc4.10.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-02T21:10:16", "description": "The remote host is missing an update to the system\nas announced in the referenced advisory.", "cvss3": {}, "published": "2008-09-17T00:00:00", "type": "openvas", "title": "FreeBSD Ports: python24", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-2316", "CVE-2008-3144", "CVE-2008-3142", "CVE-2008-2315"], "modified": "2016-09-28T00:00:00", "id": "OPENVAS:61617", "href": "http://plugins.openvas.org/nasl.php?oid=61617", "sourceData": "#\n#VID 0dccaa28-7f3c-11dd-8de5-0030843d3802\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from VID 0dccaa28-7f3c-11dd-8de5-0030843d3802\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The following packages are affected:\n python24\n python25\n python23\n\nCVE-2008-2315\nMultiple integer overflows in Python 2.5.2 and earlier allow\ncontext-dependent attackers to have an unknown impact via vectors\nrelated to the (1) stringobject, (2) unicodeobject, (3) bufferobject,\n(4) longobject, (5) tupleobject, (6) stropmodule, (7) gcmodule, and\n(8) mmapmodule modules.\nCVE-2008-2316\nInteger overflow in _hashopenssl.c in the hashlib module in Python\n2.5.2 and earlier might allow context-dependent attackers to defeat\ncryptographic digests, related to 'partial hashlib hashing of data\nexceeding 4GB.'\nCVE-2008-3142\nMultiple buffer overflows in Python 2.5.2 and earlier on 32bit\nplatforms allow context-dependent attackers to cause a denial of\nservice (crash) or have unspecified other impact via a long string\nthat leads to incorrect memory allocation during Unicode string\nprocessing, related to the unicode_resize function and the\nPyMem_RESIZE macro.\nCVE-2008-3144\nMultiple integer overflows in the PyOS_vsnprintf function in\nPython/mysnprintf.c in Python 2.5.2 and earlier allow\ncontext-dependent attackers to cause a denial of service (memory\ncorruption) or have unspecified other impact via crafted input to\nstring formatting operations. NOTE: the handling of certain integer\nvalues is also affected by related integer underflows and an\noff-by-one error.\";\ntag_solution = \"Update your system with the appropriate patches or\nsoftware upgrades.\n\nhttp://bugs.python.org/issue2620\nhttp://bugs.python.org/issue2588\nhttp://bugs.python.org/issue2589\nhttp://secunia.com/advisories/31305\nhttp://mail.python.org/pipermail/python-checkins/2008-July/072276.html\nhttp://mail.python.org/pipermail/python-checkins/2008-July/072174.html\nhttp://mail.python.org/pipermail/python-checkins/2008-June/070481.html\nhttp://www.vuxml.org/freebsd/0dccaa28-7f3c-11dd-8de5-0030843d3802.html\";\ntag_summary = \"The remote host is missing an update to the system\nas announced in the referenced advisory.\";\n\n\n\nif(description)\n{\n script_id(61617);\n script_version(\"$Revision: 4164 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2016-09-28 09:03:16 +0200 (Wed, 28 Sep 2016) $\");\n script_tag(name:\"creation_date\", value:\"2008-09-17 04:23:15 +0200 (Wed, 17 Sep 2008)\");\n script_cve_id(\"CVE-2008-2315\", \"CVE-2008-2316\", \"CVE-2008-3142\", \"CVE-2008-3144\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"FreeBSD Ports: python24\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"FreeBSD Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/freebsdrel\", \"login/SSH/success\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-bsd.inc\");\n\ntxt = \"\";\nvuln = 0;\nbver = portver(pkg:\"python24\");\nif(!isnull(bver) && revcomp(a:bver, b:\"2.4.5_2\")<0) {\n txt += 'Package python24 version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"python25\");\nif(!isnull(bver) && revcomp(a:bver, b:\"2.5.2_3\")<0) {\n txt += 'Package python25 version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"python23\");\nif(!isnull(bver) && revcomp(a:bver, b:\"0\")>0) {\n txt += 'Package python23 version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\n\nif(vuln) {\n security_message(data:string(txt));\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-12-12T11:19:48", "description": "Check for the Version of xorg-x11,XFree86", "cvss3": {}, "published": "2009-01-23T00:00:00", "type": "openvas", "title": "SuSE Update for xorg-x11,XFree86 SUSE-SA:2008:027", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-2362", "CVE-2008-1379", "CVE-2008-1377", "CVE-2007-3920", "CVE-2008-2361", "CVE-2008-2360"], "modified": "2017-12-08T00:00:00", "id": "OPENVAS:850006", "href": "http://plugins.openvas.org/nasl.php?oid=850006", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_suse_2008_027.nasl 8050 2017-12-08 09:34:29Z santu $\n#\n# SuSE Update for xorg-x11,XFree86 SUSE-SA:2008:027\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Multiple vulnerabilities in the X.org X Server were reported by iDefense\n and fixed:\n - CVE-2008-2360 - RENDER Extension heap buffer overflow\n - CVE-2008-2361 - RENDER Extension crash\n - CVE-2008-2362 - RENDER Extension memory corruption\n - CVE-2008-1379 - MIT-SHM arbitrary memory read\n - CVE-2008-1377 - RECORD and Security extensions memory corruption\n\n Additionally the updated packages include fixes for:\n - XvReputImage crashes due to Nulled PortPriv->pDraw\n - gnome-screensaver loses keyboard focus lock under compiz CVE-2007-3920\";\n\ntag_impact = \"local code execution\";\ntag_affected = \"xorg-x11,XFree86 on openSUSE 10.2, openSUSE 10.3, SUSE SLES 9, Novell Linux Desktop 9, Open Enterprise Server, Novell Linux POS 9, SUSE Linux Enterprise Desktop 10 SP1, SLE SDK 10 SP1, SLE SDK 10 SP2, SUSE Linux Enterprise Server 10 SP1, SUSE Linux Enterprise Desktop 10 SP2, SUSE Linux Enterprise Server 10 SP2\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_id(850006);\n script_version(\"$Revision: 8050 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-08 10:34:29 +0100 (Fri, 08 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-01-23 16:44:26 +0100 (Fri, 23 Jan 2009)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"SUSE-SA\", value: \"2008-027\");\n script_cve_id(\"CVE-2007-3920\", \"CVE-2008-1377\", \"CVE-2008-1379\", \"CVE-2008-2360\", \"CVE-2008-2361\", \"CVE-2008-2362\");\n script_name( \"SuSE Update for xorg-x11,XFree86 SUSE-SA:2008:027\");\n\n script_summary(\"Check for the Version of xorg-x11,XFree86\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\");\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"openSUSE10.3\")\n{\n\n if ((res = isrpmvuln(pkg:\"xorg-x11-Xvnc\", rpm:\"xorg-x11-Xvnc~7.1~91.3\", rls:\"openSUSE10.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xorg-x11-server\", rpm:\"xorg-x11-server~7.2~143.13\", rls:\"openSUSE10.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xorg-x11-server-extra\", rpm:\"xorg-x11-server-extra~7.2~143.13\", rls:\"openSUSE10.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xorg-x11-server-sdk\", rpm:\"xorg-x11-server-sdk~7.2~143.13\", rls:\"openSUSE10.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"openSUSE10.2\")\n{\n\n if ((res = isrpmvuln(pkg:\"xorg-x11-server\", rpm:\"xorg-x11-server~7.2~30.15\", rls:\"openSUSE10.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xorg-x11-server-sdk\", rpm:\"xorg-x11-server-sdk~7.2~30.15\", rls:\"openSUSE10.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"SLESDK10SP1\")\n{\n\n if ((res = isrpmvuln(pkg:\"xorg-x11-server\", rpm:\"xorg-x11-server~6.9.0~50.54.11\", rls:\"SLESDK10SP1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xorg-x11-Xnest\", rpm:\"xorg-x11-Xnest~6.9.0~50.54.11\", rls:\"SLESDK10SP1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xorg-x11-Xvfb\", rpm:\"xorg-x11-Xvfb~6.9.0~50.54.11\", rls:\"SLESDK10SP1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xorg-x11-Xvnc\", rpm:\"xorg-x11-Xvnc~6.9.0~50.54.11\", rls:\"SLESDK10SP1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xorg-x11-server\", rpm:\"xorg-x11-server~6.9.0~50.60\", rls:\"SLESDK10SP1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xorg-x11-Xnest\", rpm:\"xorg-x11-Xnest~6.9.0~50.60\", rls:\"SLESDK10SP1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xorg-x11-Xvfb\", rpm:\"xorg-x11-Xvfb~6.9.0~50.60\", rls:\"SLESDK10SP1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xorg-x11-Xvnc\", rpm:\"xorg-x11-Xvnc~6.9.0~50.60\", rls:\"SLESDK10SP1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"NLPOS9\")\n{\n\n if ((res = isrpmvuln(pkg:\"XFree86-server\", rpm:\"XFree86-server~4.3.99.902~43.96\", rls:\"NLPOS9\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"XFree86-Xnest\", rpm:\"XFree86-Xnest~4.3.99.902~43.96\", rls:\"NLPOS9\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"XFree86-Xprt\", rpm:\"XFree86-Xprt~4.3.99.902~43.96\", rls:\"NLPOS9\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"XFree86-Xvfb\", rpm:\"XFree86-Xvfb~4.3.99.902~43.96\", rls:\"NLPOS9\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"XFree86-Xvnc\", rpm:\"XFree86-Xvnc~4.3.99.902~43.96\", rls:\"NLPOS9\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"OES\")\n{\n\n if ((res = isrpmvuln(pkg:\"XFree86-server\", rpm:\"XFree86-server~4.3.99.902~43.96\", rls:\"OES\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"XFree86-Xnest\", rpm:\"XFree86-Xnest~4.3.99.902~43.96\", rls:\"OES\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"XFree86-Xprt\", rpm:\"XFree86-Xprt~4.3.99.902~43.96\", rls:\"OES\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"XFree86-Xvfb\", rpm:\"XFree86-Xvfb~4.3.99.902~43.96\", rls:\"OES\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"XFree86-Xvnc\", rpm:\"XFree86-Xvnc~4.3.99.902~43.96\", rls:\"OES\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"SLES9\")\n{\n\n if ((res = isrpmvuln(pkg:\"XFree86-server\", rpm:\"XFree86-server~4.3.99.902~43.96\", rls:\"SLES9\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"XFree86-Xnest\", rpm:\"XFree86-Xnest~4.3.99.902~43.96\", rls:\"SLES9\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"XFree86-Xprt\", rpm:\"XFree86-Xprt~4.3.99.902~43.96\", rls:\"SLES9\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"XFree86-Xvfb\", rpm:\"XFree86-Xvfb~4.3.99.902~43.96\", rls:\"SLES9\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"XFree86-Xvnc\", rpm:\"XFree86-Xvnc~4.3.99.902~43.96\", rls:\"SLES9\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"LES10SP2\")\n{\n\n if ((res = isrpmvuln(pkg:\"xorg-x11-server\", rpm:\"xorg-x11-server~6.9.0~50.54.11\", rls:\"LES10SP2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xorg-x11-Xnest\", rpm:\"xorg-x11-Xnest~6.9.0~50.54.11\", rls:\"LES10SP2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xorg-x11-Xvfb\", rpm:\"xorg-x11-Xvfb~6.9.0~50.54.11\", rls:\"LES10SP2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xorg-x11-Xvnc\", rpm:\"xorg-x11-Xvnc~6.9.0~50.54.11\", rls:\"LES10SP2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xorg-x11-server\", rpm:\"xorg-x11-server~6.9.0~50.60\", rls:\"LES10SP2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xorg-x11-Xnest\", rpm:\"xorg-x11-Xnest~6.9.0~50.60\", rls:\"LES10SP2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xorg-x11-Xvfb\", rpm:\"xorg-x11-Xvfb~6.9.0~50.60\", rls:\"LES10SP2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xorg-x11-Xvnc\", rpm:\"xorg-x11-Xvnc~6.9.0~50.60\", rls:\"LES10SP2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"LES10SP1\")\n{\n\n if ((res = isrpmvuln(pkg:\"xorg-x11-server\", rpm:\"xorg-x11-server~6.9.0~50.54.11\", rls:\"LES10SP1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xorg-x11-Xnest\", rpm:\"xorg-x11-Xnest~6.9.0~50.54.11\", rls:\"LES10SP1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xorg-x11-Xvfb\", rpm:\"xorg-x11-Xvfb~6.9.0~50.54.11\", rls:\"LES10SP1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xorg-x11-Xvnc\", rpm:\"xorg-x11-Xvnc~6.9.0~50.54.11\", rls:\"LES10SP1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xorg-x11-server\", rpm:\"xorg-x11-server~6.9.0~50.60\", rls:\"LES10SP1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xorg-x11-Xnest\", rpm:\"xorg-x11-Xnest~6.9.0~50.60\", rls:\"LES10SP1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xorg-x11-Xvfb\", rpm:\"xorg-x11-Xvfb~6.9.0~50.60\", rls:\"LES10SP1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xorg-x11-Xvnc\", rpm:\"xorg-x11-Xvnc~6.9.0~50.60\", rls:\"LES10SP1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"NLDk9\")\n{\n\n if ((res = isrpmvuln(pkg:\"XFree86-server\", rpm:\"XFree86-server~4.3.99.902~43.96\", rls:\"NLDk9\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"XFree86-Xnest\", rpm:\"XFree86-Xnest~4.3.99.902~43.96\", rls:\"NLDk9\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"XFree86-Xprt\", rpm:\"XFree86-Xprt~4.3.99.902~43.96\", rls:\"NLDk9\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"XFree86-Xvfb\", rpm:\"XFree86-Xvfb~4.3.99.902~43.96\", rls:\"NLDk9\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"XFree86-Xvnc\", rpm:\"XFree86-Xvnc~4.3.99.902~43.96\", rls:\"NLDk9\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"SLESDK10SP2\")\n{\n\n if ((res = isrpmvuln(pkg:\"xorg-x11-server\", rpm:\"xorg-x11-server~6.9.0~50.54.11\", rls:\"SLESDK10SP2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xorg-x11-Xnest\", rpm:\"xorg-x11-Xnest~6.9.0~50.54.11\", rls:\"SLESDK10SP2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xorg-x11-Xvfb\", rpm:\"xorg-x11-Xvfb~6.9.0~50.54.11\", rls:\"SLESDK10SP2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xorg-x11-Xvnc\", rpm:\"xorg-x11-Xvnc~6.9.0~50.54.11\", rls:\"SLESDK10SP2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xorg-x11-server\", rpm:\"xorg-x11-server~6.9.0~50.60\", rls:\"SLESDK10SP2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xorg-x11-Xnest\", rpm:\"xorg-x11-Xnest~6.9.0~50.60\", rls:\"SLESDK10SP2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xorg-x11-Xvfb\", rpm:\"xorg-x11-Xvfb~6.9.0~50.60\", rls:\"SLESDK10SP2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xorg-x11-Xvnc\", rpm:\"xorg-x11-Xvnc~6.9.0~50.60\", rls:\"SLESDK10SP2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"SLESDk10SP1\")\n{\n\n if ((res = isrpmvuln(pkg:\"xorg-x11-server\", rpm:\"xorg-x11-server~6.9.0~50.54.11\", rls:\"SLESDk10SP1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xorg-x11-Xnest\", rpm:\"xorg-x11-Xnest~6.9.0~50.54.11\", rls:\"SLESDk10SP1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xorg-x11-Xvfb\", rpm:\"xorg-x11-Xvfb~6.9.0~50.54.11\", rls:\"SLESDk10SP1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xorg-x11-Xvnc\", rpm:\"xorg-x11-Xvnc~6.9.0~50.54.11\", rls:\"SLESDk10SP1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xorg-x11-server\", rpm:\"xorg-x11-server~6.9.0~50.60\", rls:\"SLESDk10SP1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xorg-x11-Xnest\", rpm:\"xorg-x11-Xnest~6.9.0~50.60\", rls:\"SLESDk10SP1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xorg-x11-Xvfb\", rpm:\"xorg-x11-Xvfb~6.9.0~50.60\", rls:\"SLESDk10SP1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xorg-x11-Xvnc\", rpm:\"xorg-x11-Xvnc~6.9.0~50.60\", rls:\"SLESDk10SP1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"SLESDk10SP2\")\n{\n\n if ((res = isrpmvuln(pkg:\"xorg-x11-server\", rpm:\"xorg-x11-server~6.9.0~50.54.11\", rls:\"SLESDk10SP2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xorg-x11-Xnest\", rpm:\"xorg-x11-Xnest~6.9.0~50.54.11\", rls:\"SLESDk10SP2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xorg-x11-Xvfb\", rpm:\"xorg-x11-Xvfb~6.9.0~50.54.11\", rls:\"SLESDk10SP2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xorg-x11-Xvnc\", rpm:\"xorg-x11-Xvnc~6.9.0~50.54.11\", rls:\"SLESDk10SP2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xorg-x11-server\", rpm:\"xorg-x11-server~6.9.0~50.60\", rls:\"SLESDk10SP2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xorg-x11-Xnest\", rpm:\"xorg-x11-Xnest~6.9.0~50.60\", rls:\"SLESDk10SP2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xorg-x11-Xvfb\", rpm:\"xorg-x11-Xvfb~6.9.0~50.60\", rls:\"SLESDk10SP2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xorg-x11-Xvnc\", rpm:\"xorg-x11-Xvnc~6.9.0~50.60\", rls:\"SLESDk10SP2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-24T12:49:52", "description": "The remote host is missing an update to python2.5\nannounced via advisory DSA 1620-1.", "cvss3": {}, "published": "2008-08-15T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 1620-1 (python2.5)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2007-2052", "CVE-2008-1721", "CVE-2007-4965", "CVE-2008-1679", "CVE-2008-1887"], "modified": "2017-07-07T00:00:00", "id": "OPENVAS:61372", "href": "http://plugins.openvas.org/nasl.php?oid=61372", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_1620_1.nasl 6616 2017-07-07 12:10:49Z cfischer $\n# Description: Auto-generated from advisory DSA 1620-1 (python2.5)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Several vulnerabilities have been discovered in the interpreter for the\nPython language. The Common Vulnerabilities and Exposures project identifies\nthe following problems:\n\nCVE-2007-2052\n\nPiotr Engelking discovered that the strxfrm() function of the locale\nmodule miscalculates the length of an internal buffer, which may\nresult in a minor information disclosure.\n\nCVE-2007-4965\n\nIt was discovered that several integer overflows in the imageop\nmodule may lead to the execution of arbitrary code, if a user is\ntricked into processing malformed images. This issue is also\ntracked as CVE-2008-1679 due to an initially incomplete patch.\n\nCVE-2008-1721\n\nJustin Ferguson discovered that a buffer overflow in the zlib\nmodule may lead to the execution of arbitrary code.\n\nCVE-2008-1887\n\nJustin Ferguson discovered that insufficient input validation in\nPyString_FromStringAndSize() may lead to the execution of arbitrary\ncode.\n\nFor the stable distribution (etch), these problems have been fixed in\nversion 2.5-5+etch1.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 2.5.2-3.\n\nWe recommend that you upgrade your python2.5 packages.\";\ntag_summary = \"The remote host is missing an update to python2.5\nannounced via advisory DSA 1620-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201620-1\";\n\n\nif(description)\n{\n script_id(61372);\n script_version(\"$Revision: 6616 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:10:49 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-08-15 15:52:52 +0200 (Fri, 15 Aug 2008)\");\n script_cve_id(\"CVE-2007-2052\", \"CVE-2007-4965\", \"CVE-2008-1679\", \"CVE-2008-1721\", \"CVE-2008-1887\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"Debian Security Advisory DSA 1620-1 (python2.5)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"python2.5-examples\", ver:\"2.5-5+etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"idle-python2.5\", ver:\"2.5-5+etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"python2.5-minimal\", ver:\"2.5-5+etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"python2.5-dev\", ver:\"2.5-5+etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"python2.5\", ver:\"2.5-5+etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"python2.5-dbg\", ver:\"2.5-5+etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-24T12:49:45", "description": "The remote host is missing an update to python2.4\nannounced via advisory DSA 1551-1.", "cvss3": {}, "published": "2008-04-21T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 1551-1 (python2.4)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2007-2052", "CVE-2008-1721", "CVE-2007-4965", "CVE-2008-1679", "CVE-2008-1887"], "modified": "2017-07-07T00:00:00", "id": "OPENVAS:60798", "href": "http://plugins.openvas.org/nasl.php?oid=60798", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_1551_1.nasl 6616 2017-07-07 12:10:49Z cfischer $\n# Description: Auto-generated from advisory DSA 1551-1 (python2.4)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Several vulnerabilities have been discovered in the interpreter for the\nPython language. The Common Vulnerabilities and Exposures project identifies\nthe following problems:\n\nCVE-2007-2052\n\nPiotr Engelking discovered that the strxfrm() function of the locale\nmodule miscalculates the length of an internal buffer, which may\nresult in a minor information disclosure.\n\nCVE-2007-4965\n\nIt was discovered that several integer overflows in the imageop\nmodule may lead to the execution of arbitrary code, if a user is\ntricked into processing malformed images. This issue is also\ntracked as CVE-2008-1679 due to an initially incomplete patch.\n\nCVE-2008-1721\n\nJustin Ferguson discovered that a buffer overflow in the zlib\nmodule may lead to the execution of arbitrary code.\n\nCVE-2008-1887\n\nJustin Ferguson discovered that insufficient input validation in\nPyString_FromStringAndSize() may lead to the execution of arbitrary\ncode.\n\nFor the stable distribution (etch), these problems have been fixed in\nversion 2.4.4-3+etch1.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 2.4.5-2.\n\nWe recommend that you upgrade your python2.4 packages.\";\ntag_summary = \"The remote host is missing an update to python2.4\nannounced via advisory DSA 1551-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201551-1\";\n\n\nif(description)\n{\n script_id(60798);\n script_version(\"$Revision: 6616 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:10:49 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-04-21 20:40:14 +0200 (Mon, 21 Apr 2008)\");\n script_cve_id(\"CVE-2007-2052\", \"CVE-2007-4965\", \"CVE-2008-1679\", \"CVE-2008-1721\", \"CVE-2008-1887\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"Debian Security Advisory DSA 1551-1 (python2.4)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"python2.4-examples\", ver:\"2.4.4-3+etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"idle-python2.4\", ver:\"2.4.4-3+etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"python2.4\", ver:\"2.4.4-3+etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"python2.4-dev\", ver:\"2.4.4-3+etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"python2.4-dbg\", ver:\"2.4.4-3+etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"python2.4-minimal\", ver:\"2.4.4-3+etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2020-04-07T16:39:37", "description": "The host is installed Python, which is prone to multiple vulnerabilities.\n\n This NVT has been replaced by various LSCs.", "cvss3": {}, "published": "2008-08-22T00:00:00", "type": "openvas", "title": "Python Multiple Vulnerabilities (Linux)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-3143", "CVE-2008-2316", "CVE-2008-3144", "CVE-2008-3142", "CVE-2008-2315"], "modified": "2020-04-02T00:00:00", "id": "OPENVAS:1361412562310900106", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310900106", "sourceData": "##############################################################################\n# OpenVAS Vulnerability Test\n#\n# Python Multiple Vulnerabilities (Linux)\n#\n# Authors:\n# Sharath S <sharaths@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2008 SecPod, http://www.secpod.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n##############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.900106\");\n script_version(\"2020-04-02T11:36:28+0000\");\n script_tag(name:\"deprecated\", value:TRUE);\n script_tag(name:\"last_modification\", value:\"2020-04-02 11:36:28 +0000 (Thu, 02 Apr 2020)\");\n script_tag(name:\"creation_date\", value:\"2008-08-22 10:29:01 +0200 (Fri, 22 Aug 2008)\");\n script_bugtraq_id(30491);\n script_cve_id(\"CVE-2008-2315\", \"CVE-2008-2316\", \"CVE-2008-3142\",\n \"CVE-2008-3143\", \"CVE-2008-3144\");\n script_copyright(\"Copyright (C) 2008 SecPod\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_category(ACT_GATHER_INFO);\n script_family(\"Buffer overflow\");\n script_name(\"Python Multiple Vulnerabilities (Linux)\");\n\n script_xref(name:\"URL\", value:\"http://bugs.python.org/issue2588\");\n script_xref(name:\"URL\", value:\"http://bugs.python.org/issue2589\");\n script_xref(name:\"URL\", value:\"http://bugs.python.org/issue2620\");\n\n script_tag(name:\"summary\", value:\"The host is installed Python, which is prone to multiple vulnerabilities.\n\n This NVT has been replaced by various LSCs.\");\n\n script_tag(name:\"insight\", value:\"The flaws exist due to integer overflow in,\n\n - hashlib module, which can lead to an unreliable cryptographic digest results.\n\n - the processing of unicode strings.\n\n - the PyOS_vsnprintf() function on architectures that do not have a vsnprintf() function.\n\n - the PyOS_vsnprintf() function when passing zero-length strings can lead to memory corruption.\");\n\n script_tag(name:\"affected\", value:\"Python 2.5.2 and prior on Linux (All).\");\n\n script_tag(name:\"solution\", value:\"Fix is available in the SVN repository.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation could potentially causes attackers to\n execute arbitrary code or create a denial of service condition.\");\n\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\nexit(66); ## Addressed by various LSCs\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-11-13T20:25:14", "description": "The host is installed with Python and is prone to multiple\n vulnerabilities.", "cvss3": {}, "published": "2008-08-22T00:00:00", "type": "openvas", "title": "Python <= 2.5.2 Multiple Vulnerabilities (Windows)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-3143", "CVE-2008-2316", "CVE-2008-3144", "CVE-2008-3142", "CVE-2008-2315"], "modified": "2019-11-12T00:00:00", "id": "OPENVAS:1361412562310900105", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310900105", "sourceData": "# Copyright (C) 2008 SecPod, http://www.secpod.com\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nCPE = \"cpe:/a:python:python\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.900105\");\n script_version(\"2019-11-12T13:34:01+0000\");\n script_bugtraq_id(30491);\n script_cve_id(\"CVE-2008-2315\", \"CVE-2008-2316\", \"CVE-2008-3142\", \"CVE-2008-3143\", \"CVE-2008-3144\");\n script_tag(name:\"last_modification\", value:\"2019-11-12 13:34:01 +0000 (Tue, 12 Nov 2019)\");\n script_tag(name:\"creation_date\", value:\"2008-08-22 10:29:01 +0200 (Fri, 22 Aug 2008)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_copyright(\"Copyright (C) 2008 SecPod\");\n script_category(ACT_GATHER_INFO);\n script_family(\"Buffer overflow\");\n script_name(\"Python <= 2.5.2 Multiple Vulnerabilities (Windows)\");\n script_dependencies(\"gb_python_detect_win.nasl\");\n script_mandatory_keys(\"python/win/detected\");\n\n script_xref(name:\"URL\", value:\"http://bugs.python.org/issue2588\");\n script_xref(name:\"URL\", value:\"http://bugs.python.org/issue2589\");\n script_xref(name:\"URL\", value:\"http://bugs.python.org/issue2620\");\n\n script_tag(name:\"summary\", value:\"The host is installed with Python and is prone to multiple\n vulnerabilities.\");\n\n script_tag(name:\"insight\", value:\"The flaws exist due to multiple integer overflows in:\n\n - hashlib module, which can lead to an unreliable cryptographic digest\n results.\n\n - the processing of unicode strings.\n\n - the PyOS_vsnprintf() function on architectures that do not have a\n vsnprintf() function.\n\n - the PyOS_vsnprintf() function when passing zero-length strings can\n lead to memory corruption.\");\n\n script_tag(name:\"affected\", value:\"Python 2.5.2 and prior on Windows (All).\");\n\n script_tag(name:\"solution\", value:\"A fix is available, please see the references for more information.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation would allow attackers to\n execute arbitrary code or create a denial of service condition.\");\n\n script_tag(name:\"qod_type\", value:\"registry\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude( \"version_func.inc\" );\ninclude( \"host_details.inc\" );\n\nif( ! infos = get_app_version_and_location( cpe:CPE, exit_no_version:TRUE ) )\n exit( 0 );\n\nvers = infos['version'];\npath = infos['location'];\n\nif( version_is_less_equal( version:vers, test_version:\"2.5.2\" ) ) {\n report = report_fixed_ver( installed_version:vers, fixed_version:\"See references\", install_path:path );\n security_message( port:0, data:report );\n}\n\nexit( 99 );\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2017-09-19T11:57:24", "description": "The host is installed with Python, which is prone to multiple\n vulnerabilities.", "cvss3": {}, "published": "2008-08-22T00:00:00", "type": "openvas", "title": "Python Multiple Vulnerabilities (Windows)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-3143", "CVE-2008-2316", "CVE-2008-3144", "CVE-2008-3142", "CVE-2008-2315"], "modified": "2017-09-18T00:00:00", "id": "OPENVAS:900105", "href": "http://plugins.openvas.org/nasl.php?oid=900105", "sourceData": "##############################################################################\n# OpenVAS Vulnerability Test\n# $Id: secpod_python_mult_vuln_win_900105.nasl 7174 2017-09-18 11:48:08Z asteins $\n# Description: Python Multiple Vulnerabilities (Windows)\n#\n# Authors:\n# Sharath S <sharaths@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2008 SecPod, http://www.secpod.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n##############################################################################\n\ntag_impact = \"Successful exploitation could potentially causes attackers to\n execute arbitrary code or create a denial of service condition.\n Impact Level : Application\";\n\ntag_solution = \"Fix is available in the SVN repository,\n http://svn.python.org\";\n\ntag_affected = \"Python 2.5.2 and prior on Linux (All).\";\n\ntag_insight = \"The flaws exist due to integer overflow in,\n - hashlib module, which can lead to an unreliable cryptographic digest\n results.\n - the processing of unicode strings.\n - the PyOS_vsnprintf() function on architectures that do not have a\n vsnprintf() function.\n - the PyOS_vsnprintf() function when passing zero-length strings can\n lead to memory corruption.\";\n\n\ntag_summary = \"The host is installed with Python, which is prone to multiple\n vulnerabilities.\";\n\n\nif(description)\n{\n script_id(900105);\n script_version(\"$Revision: 7174 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-09-18 13:48:08 +0200 (Mon, 18 Sep 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-08-22 10:29:01 +0200 (Fri, 22 Aug 2008)\");\n script_bugtraq_id(30491);\n script_cve_id(\"CVE-2008-2315\", \"CVE-2008-2316\", \"CVE-2008-3142\", \n\t \"CVE-2008-3143\",\"CVE-2008-3144\");\n script_copyright(\"Copyright (C) 2008 SecPod\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"qod_type\", value:\"registry\");\n script_family(\"Buffer overflow\");\n script_name(\"Python Multiple Vulnerabilities (Windows)\");\n script_dependencies(\"secpod_reg_enum.nasl\");\n script_mandatory_keys(\"SMB/WindowsVersion\");\n script_require_ports(139, 445);\n script_xref(name : \"URL\" , value : \"http://bugs.python.org/issue2588\");\n script_xref(name : \"URL\" , value : \"http://bugs.python.org/issue2589\");\n script_xref(name : \"URL\" , value : \"http://bugs.python.org/issue2620\");\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"impact\" , value : tag_impact);\n exit(0);\n}\n\n\n include(\"smb_nt.inc\");\n\n if(!(get_kb_item(\"SMB/WindowsVersion\"))){\n exit(0);\n }\n\n name = kb_smb_name();\n login = kb_smb_login();\n domain = kb_smb_domain();\n pass = kb_smb_password();\n port = kb_smb_transport();\n\n soc = open_sock_tcp(port);\n if(!soc){\n exit(0);\n }\n\n r = smb_session_request(soc:soc, remote:name);\n if(!r)\n {\n close(soc);\n exit(0);\n }\n\n prot = smb_neg_prot(soc:soc);\n if(!prot)\n {\n close(soc);\n exit(0);\n }\n\n r = smb_session_setup(soc:soc, login:login, password:pass, domain:domain, prot:prot);\n if(!r)\n {\n\tclose(soc);\n exit(0);\n }\n\n uid = session_extract_uid(reply:r);\n if(!uid)\n {\n\tclose(soc);\n exit(0);\n }\n\n r = smb_tconx(soc:soc, name:name, uid:uid, share:\"IPC$\");\n if(!r)\n {\n\tclose(soc);\n exit(0);\n }\n\n tid = tconx_extract_tid(reply:r);\n if(!tid)\n {\n close(soc);\n exit(0);\n }\n \n r = smbntcreatex(soc:soc, uid:uid, tid:tid, name:\"\\winreg\");\n if(!r)\n {\n close(soc);\n exit(0);\n }\n\n pipe = smbntcreatex_extract_pipe(reply:r);\n if(!pipe)\n {\n \tclose(soc);\n\texit(0);\n }\n\n r = pipe_accessible_registry(soc:soc, uid:uid, tid:tid, pipe:pipe);\n if(!r)\n {\n close(soc);\n exit(0);\n }\n\n handle = registry_open_hklm(soc:soc, uid:uid, tid:tid, pipe:pipe);\n if(!handle)\n {\n close(soc);\n exit(0);\n }\n\n key = \"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\\";\n pyKey = registry_get_key(soc:soc, uid:uid, tid:tid, pipe:pipe, key:key, reply:handle);\n if(!pyKey)\n {\n\tclose(soc);\n exit(0);\n }\n\n entries = registry_enum_key(soc:soc, uid:uid, tid:tid, pipe:pipe, reply:pyKey);\n close(soc);\n\n foreach entry (entries)\n {\n pyName = registry_get_sz(key:key + entry, item:\"DisplayName\");\n if(\"Python\" >< pyName)\n {\n \tif(egrep(pattern:\"Python ([01]\\..*|2\\.([0-4]\\..*|5\\.[0-2]))$\",\n\t\t\t string:pyName)){\n \tsecurity_message(0);\n\t\t}\n exit(0);\n }\n }\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-11-21T11:05:29", "description": "The host is installed Python, which is prone to multiple vulnerabilities.\n\n This NVT has been replaced by NVT gb_CESA-2009_1176_python_centos5_i386.nasl\n (OID:1.3.6.1.4.1.25623.1.0.880881), gb_CESA-2009_1178_python_centos3_i386.nasl\n (OID:1.3.6.1.4.1.25623.1.0.880715).", "cvss3": {}, "published": "2008-08-22T00:00:00", "type": "openvas", "title": "Python Multiple Vulnerabilities (Linux)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-3143", "CVE-2008-2316", "CVE-2008-3144", "CVE-2008-3142", "CVE-2008-2315"], "modified": "2017-11-20T00:00:00", "id": "OPENVAS:900106", "href": "http://plugins.openvas.org/nasl.php?oid=900106", "sourceData": "##############################################################################\n# OpenVAS Vulnerability Test\n# $Id: secpod_python_mult_vuln_lin_900106.nasl 7823 2017-11-20 08:54:04Z cfischer $\n# Description: Python Multiple Vulnerabilities (Linux)\n#\n# Authors:\n# Sharath S <sharaths@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2008 SecPod, http://www.secpod.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n##############################################################################\n\ntag_impact = \"Successful exploitation could potentially causes attackers to\n execute arbitrary code or create a denial of service condition.\n Impact Level : Application\";\n\ntag_solution = \"Fix is available in the SVN repository,\n http://svn.python.org\";\n\ntag_affected = \"Python 2.5.2 and prior on Linux (All).\";\n\ntag_insight = \"The flaws exist due to integer overflow in,\n - hashlib module, which can lead to an unreliable cryptographic digest \n results.\n - the processing of unicode strings.\n - the PyOS_vsnprintf() function on architectures that do not have a \n vsnprintf() function.\n - the PyOS_vsnprintf() function when passing zero-length strings can \n lead to memory corruption.\";\n\n\ntag_summary = \"The host is installed Python, which is prone to multiple vulnerabilities.\n\n This NVT has been replaced by NVT gb_CESA-2009_1176_python_centos5_i386.nasl\n (OID:1.3.6.1.4.1.25623.1.0.880881), gb_CESA-2009_1178_python_centos3_i386.nasl\n (OID:1.3.6.1.4.1.25623.1.0.880715).\";\n\nif(description)\n{\n script_id(900106);\n script_version(\"$Revision: 7823 $\");\n script_tag(name:\"deprecated\", value:TRUE);\n script_tag(name:\"last_modification\", value:\"$Date: 2017-11-20 09:54:04 +0100 (Mon, 20 Nov 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-08-22 10:29:01 +0200 (Fri, 22 Aug 2008)\");\n script_bugtraq_id(30491);\n script_cve_id(\"CVE-2008-2315\", \"CVE-2008-2316\", \"CVE-2008-3142\",\n\t\t\"CVE-2008-3143\",\"CVE-2008-3144\");\n script_copyright(\"Copyright (C) 2008 SecPod\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_family(\"Buffer overflow\");\n script_name(\"Python Multiple Vulnerabilities (Linux)\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"login/SSH/success\");\n script_exclude_keys(\"ssh/no_linux_shell\");\n\n script_xref(name : \"URL\" , value : \"http://bugs.python.org/issue2588\");\n script_xref(name : \"URL\" , value : \"http://bugs.python.org/issue2589\");\n script_xref(name : \"URL\" , value : \"http://bugs.python.org/issue2620\");\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"impact\" , value : tag_impact);\n exit(0);\n}\n\nexit(66); ## This NVT is deprecated as addressed in gb_CESA-2009_1176_python_centos5_i386.nasl\n ## gb_CESA-2009_1178_python_centos3_i386.nasl\n\n include(\"ssh_func.inc\");\n\n foreach item (get_kb_list(\"ssh/login/rpms\"))\n {\n if(\"python\" >< item)\n {\n if(egrep(pattern:\"python-.*~([01]\\..*|2\\.([0-4]\\..*|5\\.[0-2]))[^.0-9]\",\n\t\t\t string:item)){\n security_message(0); \n }\n\t\texit(0);\n }\n }\n\n sock = ssh_login_or_reuse_connection();\n if(!sock){\n exit(0);\n }\n\n pyVer = ssh_cmd(socket:sock, cmd:\"python -V\");\n ssh_close_connection();\n\n if(!pyVer){\n exit(0);\n }\n\n if(egrep(pattern:\"^Python ([01]\\..*|2\\.([0-4]\\..*|5\\.[0-2]))$\", string:pyVer)){\n security_message(0);\n }\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-24T12:50:03", "description": "The remote host is missing updates announced in\nadvisory GLSA 200807-16.", "cvss3": {}, "published": "2008-09-24T00:00:00", "type": "openvas", "title": "Gentoo Security Advisory GLSA 200807-16 (python)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-3143", "CVE-2008-2316", "CVE-2008-3144", "CVE-2008-3142", "CVE-2008-2315"], "modified": "2017-07-07T00:00:00", "id": "OPENVAS:61391", "href": "http://plugins.openvas.org/nasl.php?oid=61391", "sourceData": "# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from Gentoo's XML based advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Multiple vulnerabilities in Python may allow for the execution of arbitrary\ncode.\";\ntag_solution = \"All Python 2.4 users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=dev-lang/python-2.4.4-r14'\n\nAll Python 2.5 users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=dev-lang/python-2.5.2-r6'\n\nPlease note that Python 2.3 is masked since June 24, and we will not be\nreleasing updates to it. It will be removed from the tree in the near\nfuture.\n\nhttp://www.securityspace.com/smysecure/catid.html?in=GLSA%20200807-16\nhttp://bugs.gentoo.org/show_bug.cgi?id=230640\nhttp://bugs.gentoo.org/show_bug.cgi?id=232137\";\ntag_summary = \"The remote host is missing updates announced in\nadvisory GLSA 200807-16.\";\n\n \n\nif(description)\n{\n script_id(61391);\n script_version(\"$Revision: 6596 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 11:21:37 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-09-24 21:14:03 +0200 (Wed, 24 Sep 2008)\");\n script_cve_id(\"CVE-2008-2315\", \"CVE-2008-2316\", \"CVE-2008-3142\", \"CVE-2008-3143\", \"CVE-2008-3144\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Gentoo Security Advisory GLSA 200807-16 (python)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Gentoo Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-gentoo.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = ispkgvuln(pkg:\"dev-lang/python\", unaffected: make_list(\"rge 2.4.4-r14\", \"ge 2.5.2-r6\"), vulnerable: make_list(\"lt 2.5.2-r6\"))) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-04-09T11:41:06", "description": "Check for the Version of freetype", "cvss3": {}, "published": "2009-02-27T00:00:00", "type": "openvas", "title": "CentOS Update for freetype CESA-2008:0556 centos4 i386", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-1808", "CVE-2008-1807", "CVE-2008-1806"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:1361412562310880009", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310880009", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for freetype CESA-2008:0556 centos4 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"FreeType is a free, high-quality, portable font engine that can open and\n manage font files, as well as efficiently load, hint and render individual\n glyphs.\n\n Multiple flaws were discovered in FreeType's Printer Font Binary (PFB)\n font-file format parser. If a user loaded a carefully crafted font-file\n with a program linked against FreeType, it could cause the application to\n crash, or possibly execute arbitrary code. (CVE-2008-1806, CVE-2008-1807,\n CVE-2008-1808)\n \n Note: the flaw in FreeType's TrueType Font (TTF) font-file format parser,\n covered by CVE-2008-1808, did not affect the freetype packages as shipped\n in Red Hat Enterprise Linux 3, 4, and 5, as they are not compiled with TTF\n Byte Code Interpreter (BCI) support.\n \n Users of freetype should upgrade to these updated packages, which contain\n backported patches to resolve these issues.\";\n\ntag_affected = \"freetype on CentOS 4\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2008-June/015000.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.880009\");\n script_version(\"$Revision: 9370 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:53:14 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-27 08:40:14 +0100 (Fri, 27 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"CESA\", value: \"2008:0556\");\n script_cve_id(\"CVE-2008-1806\", \"CVE-2008-1807\", \"CVE-2008-1808\");\n script_name( \"CentOS Update for freetype CESA-2008:0556 centos4 i386\");\n\n script_tag(name:\"summary\", value:\"Check for the Version of freetype\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS4\")\n{\n\n if ((res = isrpmvuln(pkg:\"freetype\", rpm:\"freetype~2.1.9~7.el4.6\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"freetype-demos\", rpm:\"freetype-demos~2.1.9~7.el4.6\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"freetype-devel\", rpm:\"freetype-devel~2.1.9~7.el4.6\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"freetype-utils\", rpm:\"freetype-utils~2.1.9~7.el4.6\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-04-09T11:41:19", "description": "Check for the Version of freetype", "cvss3": {}, "published": "2009-03-06T00:00:00", "type": "openvas", "title": "RedHat Update for freetype RHSA-2008:0558-01", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-1808", "CVE-2008-1807", "CVE-2008-1806"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:1361412562310870038", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310870038", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for freetype RHSA-2008:0558-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"FreeType is a free, high-quality, portable font engine that can open and\n manage font files, as well as efficiently load, hint and render individual\n glyphs.\n\n Multiple flaws were discovered in FreeType's Printer Font Binary (PFB) and\n TrueType Font (TTF) font-file format parsers. If a user loaded a carefully\n crafted font-file with a program linked against FreeType, it could cause\n the application to crash, or possibly execute arbitrary code.\n (CVE-2008-1806, CVE-2008-1807, CVE-2008-1808)\n \n Note: the flaw in FreeType's TrueType Font (TTF) font-file format parser,\n covered by CVE-2008-1808, only affected the FreeType 1 library (libttf),\n shipped in the freetype packages in Red Hat Enterprise Linux 2.1. The\n FreeType 2 library (libfreetype) is not affected, as it is not compiled\n with TTF Byte Code Interpreter (BCI) support.\n \n Users of freetype should upgrade to these updated packages, which contain\n backported patches to resolve these issues.\";\n\ntag_affected = \"freetype on Red Hat Enterprise Linux AS (Advanced Server) version 2.1,\n Red Hat Enterprise Linux ES version 2.1,\n Red Hat Enterprise Linux WS version 2.1\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/rhsa-announce/2008-June/msg00017.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.870038\");\n script_version(\"$Revision: 9370 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:53:14 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-03-06 07:30:35 +0100 (Fri, 06 Mar 2009)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"RHSA\", value: \"2008:0558-01\");\n script_cve_id(\"CVE-2008-1806\", \"CVE-2008-1807\", \"CVE-2008-1808\");\n script_name( \"RedHat Update for freetype RHSA-2008:0558-01\");\n\n script_tag(name:\"summary\", value:\"Check for the Version of freetype\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"RHENT_2.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"freetype\", rpm:\"freetype~2.0.3~13.el21\", rls:\"RHENT_2.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"freetype-devel\", rpm:\"freetype-devel~2.0.3~13.el21\", rls:\"RHENT_2.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"freetype-utils\", rpm:\"freetype-utils~2.0.3~13.el21\", rls:\"RHENT_2.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-04-09T11:41:07", "description": "Check for the Version of freetype", "cvss3": {}, "published": "2009-02-27T00:00:00", "type": "openvas", "title": "CentOS Update for freetype CESA-2008:0558-01 centos2 i386", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-1808", "CVE-2008-1807", "CVE-2008-1806"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:1361412562310880239", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310880239", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for freetype CESA-2008:0558-01 centos2 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"FreeType is a free, high-quality, portable font engine that can open and\n manage font files, as well as efficiently load, hint and render individual\n glyphs.\n\n Multiple flaws were discovered in FreeType's Printer Font Binary (PFB) and\n TrueType Font (TTF) font-file format parsers. If a user loaded a carefully\n crafted font-file with a program linked against FreeType, it could cause\n the application to crash, or possibly execute arbitrary code.\n (CVE-2008-1806, CVE-2008-1807, CVE-2008-1808)\n \n Note: the flaw in FreeType's TrueType Font (TTF) font-file format parser,\n covered by CVE-2008-1808, only affected the FreeType 1 library (libttf),\n shipped in the freetype packages in Red Hat Enterprise Linux 2.1. The\n FreeType 2 library (libfreetype) is not affected, as it is not compiled\n with TTF Byte Code Interpreter (BCI) support.\n \n Users of freetype should upgrade to these updated packages, which contain\n backported patches to resolve these issues.\";\n\ntag_affected = \"freetype on CentOS 2\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2008-June/014998.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.880239\");\n script_version(\"$Revision: 9370 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:53:14 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-27 08:40:14 +0100 (Fri, 27 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"CESA\", value: \"2008:0558-01\");\n script_cve_id(\"CVE-2008-1806\", \"CVE-2008-1807\", \"CVE-2008-1808\");\n script_name( \"CentOS Update for freetype CESA-2008:0558-01 centos2 i386\");\n\n script_tag(name:\"summary\", value:\"Check for the Version of freetype\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS2\")\n{\n\n if ((res = isrpmvuln(pkg:\"freetype-utils-0\", rpm:\"freetype-utils-0~2.0.3~10.el21\", rls:\"CentOS2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"freetype-devel-0\", rpm:\"freetype-devel-0~2.0.3~10.el21\", rls:\"CentOS2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"freetype-0\", rpm:\"freetype-0~2.0.3~10.el21\", rls:\"CentOS2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-04-09T11:40:04", "description": "Check for the Version of freetype", "cvss3": {}, "published": "2009-02-27T00:00:00", "type": "openvas", "title": "CentOS Update for freetype CESA-2008:0556 centos3 i386", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-1808", "CVE-2008-1807", "CVE-2008-1806"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:1361412562310880209", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310880209", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for freetype CESA-2008:0556 centos3 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"FreeType is a free, high-quality, portable font engine that can open and\n manage font files, as well as efficiently load, hint and render individual\n glyphs.\n\n Multiple flaws were discovered in FreeType's Printer Font Binary (PFB)\n font-file format parser. If a user loaded a carefully crafted font-file\n with a program linked against FreeType, it could cause the application to\n crash, or possibly execute arbitrary code. (CVE-2008-1806, CVE-2008-1807,\n CVE-2008-1808)\n \n Note: the flaw in FreeType's TrueType Font (TTF) font-file format parser,\n covered by CVE-2008-1808, did not affect the freetype packages as shipped\n in Red Hat Enterprise Linux 3, 4, and 5, as they are not compiled with TTF\n Byte Code Interpreter (BCI) support.\n \n Users of freetype should upgrade to these updated packages, which contain\n backported patches to resolve these issues.\";\n\ntag_affected = \"freetype on CentOS 3\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2008-June/015006.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.880209\");\n script_version(\"$Revision: 9370 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:53:14 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-27 08:40:14 +0100 (Fri, 27 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"CESA\", value: \"2008:0556\");\n script_cve_id(\"CVE-2008-1806\", \"CVE-2008-1807\", \"CVE-2008-1808\");\n script_name( \"CentOS Update for freetype CESA-2008:0556 centos3 i386\");\n\n script_tag(name:\"summary\", value:\"Check for the Version of freetype\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS3\")\n{\n\n if ((res = isrpmvuln(pkg:\"freetype\", rpm:\"freetype~2.1.4~10.el3\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"freetype-devel\", rpm:\"freetype-devel~2.1.4~10.el3\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"freetype-demos\", rpm:\"freetype-demos~2.1.4~10.el3\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"freetype-utils\", rpm:\"freetype-utils~2.1.4~10.el3\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-04-09T11:41:39", "description": "Check for the Version of freetype2", "cvss3": {}, "published": "2009-04-09T00:00:00", "type": "openvas", "title": "Mandriva Update for freetype2 MDVSA-2008:121 (freetype2)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-1808", "CVE-2008-1807", "CVE-2008-1806"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:1361412562310830600", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310830600", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for freetype2 MDVSA-2008:121 (freetype2)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Multiple vulnerabilities were discovered in FreeType's Printer\n Font Binary (PFB) font-file format parser. If a user were to load a\n carefully crafted font file with a program linked against FreeType, it\n could cause the application to crash or potentially execute arbitrary\n code (CVE-2008-1806, CVE-2008-1807, CVE-2008-1808).\n\n The updated packages have been patched to prevent this issue.\";\n\ntag_affected = \"freetype2 on Mandriva Linux 2007.1,\n Mandriva Linux 2007.1/X86_64,\n Mandriva Linux 2008.0,\n Mandriva Linux 2008.0/X86_64,\n Mandriva Linux 2008.1,\n Mandriva Linux 2008.1/X86_64\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.mandriva.com/security-announce/2008-06/msg00031.php\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.830600\");\n script_version(\"$Revision: 9370 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:53:14 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-04-09 14:26:37 +0200 (Thu, 09 Apr 2009)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"MDVSA\", value: \"2008:121\");\n script_cve_id(\"CVE-2008-1806\", \"CVE-2008-1807\", \"CVE-2008-1808\");\n script_name( \"Mandriva Update for freetype2 MDVSA-2008:121 (freetype2)\");\n\n script_tag(name:\"summary\", value:\"Check for the Version of freetype2\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"MNDK_2007.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"libfreetype6\", rpm:\"libfreetype6~2.3.1~3.3mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libfreetype6-devel\", rpm:\"libfreetype6-devel~2.3.1~3.3mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libfreetype6-static-devel\", rpm:\"libfreetype6-static-devel~2.3.1~3.3mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"freetype2\", rpm:\"freetype2~2.3.1~3.3mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64freetype6\", rpm:\"lib64freetype6~2.3.1~3.3mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64freetype6-devel\", rpm:\"lib64freetype6-devel~2.3.1~3.3mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64freetype6-static-devel\", rpm:\"lib64freetype6-static-devel~2.3.1~3.3mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_2008.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"libfreetype6\", rpm:\"libfreetype6~2.3.5~2.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libfreetype6-devel\", rpm:\"libfreetype6-devel~2.3.5~2.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libfreetype6-static-devel\", rpm:\"libfreetype6-static-devel~2.3.5~2.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"freetype2\", rpm:\"freetype2~2.3.5~2.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64freetype6\", rpm:\"lib64freetype6~2.3.5~2.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64freetype6-devel\", rpm:\"lib64freetype6-devel~2.3.5~2.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64freetype6-static-devel\", rpm:\"lib64freetype6-static-devel~2.3.5~2.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_2008.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"libfreetype6\", rpm:\"libfreetype6~2.3.5~2.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libfreetype6-devel\", rpm:\"libfreetype6-devel~2.3.5~2.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libfreetype6-static-devel\", rpm:\"libfreetype6-static-devel~2.3.5~2.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"freetype2\", rpm:\"freetype2~2.3.5~2.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64freetype6\", rpm:\"lib64freetype6~2.3.5~2.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64freetype6-devel\", rpm:\"lib64freetype6-devel~2.3.5~2.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64freetype6-static-devel\", rpm:\"lib64freetype6-static-devel~2.3.5~2.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-04-09T11:39:40", "description": "Check for the Version of freetype", "cvss3": {}, "published": "2009-02-27T00:00:00", "type": "openvas", "title": "CentOS Update for freetype CESA-2008:0556 centos4 x86_64", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-1808", "CVE-2008-1807", "CVE-2008-1806"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:1361412562310880158", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310880158", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for freetype CESA-2008:0556 centos4 x86_64\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"FreeType is a free, high-quality, portable font engine that can open and\n manage font files, as well as efficiently load, hint and render individual\n glyphs.\n\n Multiple flaws were discovered in FreeType's Printer Font Binary (PFB)\n font-file format parser. If a user loaded a carefully crafted font-file\n with a program linked against FreeType, it could cause the application to\n crash, or possibly execute arbitrary code. (CVE-2008-1806, CVE-2008-1807,\n CVE-2008-1808)\n \n Note: the flaw in FreeType's TrueType Font (TTF) font-file format parser,\n covered by CVE-2008-1808, did not affect the freetype packages as shipped\n in Red Hat Enterprise Linux 3, 4, and 5, as they are not compiled with TTF\n Byte Code Interpreter (BCI) support.\n \n Users of freetype should upgrade to these updated packages, which contain\n backported patches to resolve these issues.\";\n\ntag_affected = \"freetype on CentOS 4\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2008-June/015001.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.880158\");\n script_version(\"$Revision: 9370 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:53:14 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-27 08:40:14 +0100 (Fri, 27 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"CESA\", value: \"2008:0556\");\n script_cve_id(\"CVE-2008-1806\", \"CVE-2008-1807\", \"CVE-2008-1808\");\n script_name( \"CentOS Update for freetype CESA-2008:0556 centos4 x86_64\");\n\n script_tag(name:\"summary\", value:\"Check for the Version of freetype\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS4\")\n{\n\n if ((res = isrpmvuln(pkg:\"freetype\", rpm:\"freetype~2.1.9~7.el4.6\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"freetype-demos\", rpm:\"freetype-demos~2.1.9~7.el4.6\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"freetype-devel\", rpm:\"freetype-devel~2.1.9~7.el4.6\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"freetype-utils\", rpm:\"freetype-utils~2.1.9~7.el4.6\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-27T10:56:21", "description": "Check for the Version of freetype", "cvss3": {}, "published": "2009-03-06T00:00:00", "type": "openvas", "title": "RedHat Update for freetype RHSA-2008:0556-01", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-1808", "CVE-2008-1807", "CVE-2008-1806"], "modified": "2017-07-12T00:00:00", "id": "OPENVAS:870171", "href": "http://plugins.openvas.org/nasl.php?oid=870171", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for freetype RHSA-2008:0556-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"FreeType is a free, high-quality, portable font engine that can open and\n manage font files, as well as efficiently load, hint and render individual\n glyphs.\n\n Multiple flaws were discovered in FreeType's Printer Font Binary (PFB)\n font-file format parser. If a user loaded a carefully crafted font-file\n with a program linked against FreeType, it could cause the application to\n crash, or possibly execute arbitrary code. (CVE-2008-1806, CVE-2008-1807,\n CVE-2008-1808)\n \n Note: the flaw in FreeType's TrueType Font (TTF) font-file format parser,\n covered by CVE-2008-1808, did not affect the freetype packages as shipped\n in Red Hat Enterprise Linux 3, 4, and 5, as they are not compiled with TTF\n Byte Code Interpreter (BCI) support.\n \n Users of freetype should upgrade to these updated packages, which contain\n backported patches to resolve these issues.\";\n\ntag_affected = \"freetype on Red Hat Enterprise Linux AS version 3,\n Red Hat Enterprise Linux ES version 3,\n Red Hat Enterprise Linux WS version 3,\n Red Hat Enterprise Linux AS version 4,\n Red Hat Enterprise Linux ES version 4,\n Red Hat Enterprise Linux WS version 4,\n Red Hat Enterprise Linux (v. 5 server)\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/rhsa-announce/2008-June/msg00016.html\");\n script_id(870171);\n script_version(\"$Revision: 6683 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-12 11:41:57 +0200 (Wed, 12 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-03-06 07:30:35 +0100 (Fri, 06 Mar 2009)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"RHSA\", value: \"2008:0556-01\");\n script_cve_id(\"CVE-2008-1806\", \"CVE-2008-1807\", \"CVE-2008-1808\");\n script_name( \"RedHat Update for freetype RHSA-2008:0556-01\");\n\n script_summary(\"Check for the Version of freetype\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"RHENT_5\")\n{\n\n if ((res = isrpmvuln(pkg:\"freetype\", rpm:\"freetype~2.2.1~20.el5_2\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"freetype-debuginfo\", rpm:\"freetype-debuginfo~2.2.1~20.el5_2\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"freetype-demos\", rpm:\"freetype-demos~2.2.1~20.el5_2\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"freetype-devel\", rpm:\"freetype-devel~2.2.1~20.el5_2\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"RHENT_4\")\n{\n\n if ((res = isrpmvuln(pkg:\"freetype\", rpm:\"freetype~2.1.9~7.el4.6\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"freetype-debuginfo\", rpm:\"freetype-debuginfo~2.1.9~7.el4.6\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"freetype-demos\", rpm:\"freetype-demos~2.1.9~7.el4.6\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"freetype-devel\", rpm:\"freetype-devel~2.1.9~7.el4.6\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"freetype-utils\", rpm:\"freetype-utils~2.1.9~7.el4.6\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"RHENT_3\")\n{\n\n if ((res = isrpmvuln(pkg:\"freetype\", rpm:\"freetype~2.1.4~8.el3\", rls:\"RHENT_3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"freetype-debuginfo\", rpm:\"freetype-debuginfo~2.1.4~8.el3\", rls:\"RHENT_3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"freetype-devel\", rpm:\"freetype-devel~2.1.4~8.el3\", rls:\"RHENT_3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-25T10:56:27", "description": "Check for the Version of freetype", "cvss3": {}, "published": "2009-02-27T00:00:00", "type": "openvas", "title": "CentOS Update for freetype CESA-2008:0556 centos4 x86_64", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-1808", "CVE-2008-1807", "CVE-2008-1806"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:880158", "href": "http://plugins.openvas.org/nasl.php?oid=880158", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for freetype CESA-2008:0556 centos4 x86_64\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"FreeType is a free, high-quality, portable font engine that can open and\n manage font files, as well as efficiently load, hint and render individual\n glyphs.\n\n Multiple flaws were discovered in FreeType's Printer Font Binary (PFB)\n font-file format parser. If a user loaded a carefully crafted font-file\n with a program linked against FreeType, it could cause the application to\n crash, or possibly execute arbitrary code. (CVE-2008-1806, CVE-2008-1807,\n CVE-2008-1808)\n \n Note: the flaw in FreeType's TrueType Font (TTF) font-file format parser,\n covered by CVE-2008-1808, did not affect the freetype packages as shipped\n in Red Hat Enterprise Linux 3, 4, and 5, as they are not compiled with TTF\n Byte Code Interpreter (BCI) support.\n \n Users of freetype should upgrade to these updated packages, which contain\n backported patches to resolve these issues.\";\n\ntag_affected = \"freetype on CentOS 4\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2008-June/015001.html\");\n script_id(880158);\n script_version(\"$Revision: 6651 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 13:45:21 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-27 08:40:14 +0100 (Fri, 27 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"CESA\", value: \"2008:0556\");\n script_cve_id(\"CVE-2008-1806\", \"CVE-2008-1807\", \"CVE-2008-1808\");\n script_name( \"CentOS Update for freetype CESA-2008:0556 centos4 x86_64\");\n\n script_summary(\"Check for the Version of freetype\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS4\")\n{\n\n if ((res = isrpmvuln(pkg:\"freetype\", rpm:\"freetype~2.1.9~7.el4.6\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"freetype-demos\", rpm:\"freetype-demos~2.1.9~7.el4.6\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"freetype-devel\", rpm:\"freetype-devel~2.1.9~7.el4.6\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"freetype-utils\", rpm:\"freetype-utils~2.1.9~7.el4.6\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-25T10:56:59", "description": "Check for the Version of freetype", "cvss3": {}, "published": "2009-02-27T00:00:00", "type": "openvas", "title": "CentOS Update for freetype CESA-2008:0558-01 centos2 i386", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-1808", "CVE-2008-1807", "CVE-2008-1806"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:880239", "href": "http://plugins.openvas.org/nasl.php?oid=880239", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for freetype CESA-2008:0558-01 centos2 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"FreeType is a free, high-quality, portable font engine that can open and\n manage font files, as well as efficiently load, hint and render individual\n glyphs.\n\n Multiple flaws were discovered in FreeType's Printer Font Binary (PFB) and\n TrueType Font (TTF) font-file format parsers. If a user loaded a carefully\n crafted font-file with a program linked against FreeType, it could cause\n the application to crash, or possibly execute arbitrary code.\n (CVE-2008-1806, CVE-2008-1807, CVE-2008-1808)\n \n Note: the flaw in FreeType's TrueType Font (TTF) font-file format parser,\n covered by CVE-2008-1808, only affected the FreeType 1 library (libttf),\n shipped in the freetype packages in Red Hat Enterprise Linux 2.1. The\n FreeType 2 library (libfreetype) is not affected, as it is not compiled\n with TTF Byte Code Interpreter (BCI) support.\n \n Users of freetype should upgrade to these updated packages, which contain\n backported patches to resolve these issues.\";\n\ntag_affected = \"freetype on CentOS 2\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2008-June/014998.html\");\n script_id(880239);\n script_version(\"$Revision: 6651 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 13:45:21 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-27 08:40:14 +0100 (Fri, 27 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"CESA\", value: \"2008:0558-01\");\n script_cve_id(\"CVE-2008-1806\", \"CVE-2008-1807\", \"CVE-2008-1808\");\n script_name( \"CentOS Update for freetype CESA-2008:0558-01 centos2 i386\");\n\n script_summary(\"Check for the Version of freetype\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS2\")\n{\n\n if ((res = isrpmvuln(pkg:\"freetype-utils-0\", rpm:\"freetype-utils-0~2.0.3~10.el21\", rls:\"CentOS2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"freetype-devel-0\", rpm:\"freetype-devel-0~2.0.3~10.el21\", rls:\"CentOS2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"freetype-0\", rpm:\"freetype-0~2.0.3~10.el21\", rls:\"CentOS2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-25T10:56:59", "description": "Check for the Version of freetype", "cvss3": {}, "published": "2009-02-27T00:00:00", "type": "openvas", "title": "CentOS Update for freetype CESA-2008:0556 centos3 x86_64", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-1808", "CVE-2008-1807", "CVE-2008-1806"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:880102", "href": "http://plugins.openvas.org/nasl.php?oid=880102", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for freetype CESA-2008:0556 centos3 x86_64\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"FreeType is a free, high-quality, portable font engine that can open and\n manage font files, as well as efficiently load, hint and render individual\n glyphs.\n\n Multiple flaws were discovered in FreeType's Printer Font Binary (PFB)\n font-file format parser. If a user loaded a carefully crafted font-file\n with a program linked against FreeType, it could cause the application to\n crash, or possibly execute arbitrary code. (CVE-2008-1806, CVE-2008-1807,\n CVE-2008-1808)\n \n Note: the flaw in FreeType's TrueType Font (TTF) font-file format parser,\n covered by CVE-2008-1808, did not affect the freetype packages as shipped\n in Red Hat Enterprise Linux 3, 4, and 5, as they are not compiled with TTF\n Byte Code Interpreter (BCI) support.\n \n Users of freetype should upgrade to these updated packages, which contain\n backported patches to resolve these issues.\";\n\ntag_affected = \"freetype on CentOS 3\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2008-June/015007.html\");\n script_id(880102);\n script_version(\"$Revision: 6651 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 13:45:21 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-27 08:40:14 +0100 (Fri, 27 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"CESA\", value: \"2008:0556\");\n script_cve_id(\"CVE-2008-1806\", \"CVE-2008-1807\", \"CVE-2008-1808\");\n script_name( \"CentOS Update for freetype CESA-2008:0556 centos3 x86_64\");\n\n script_summary(\"Check for the Version of freetype\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS3\")\n{\n\n if ((res = isrpmvuln(pkg:\"freetype\", rpm:\"freetype~2.1.4~10.el3\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"freetype-devel\", rpm:\"freetype-devel~2.1.4~10.el3\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"freetype-demos\", rpm:\"freetype-demos~2.1.4~10.el3\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"freetype-utils\", rpm:\"freetype-utils~2.1.4~10.el3\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-25T10:56:35", "description": "Check for the Version of freetype", "cvss3": {}, "published": "2009-02-27T00:00:00", "type": "openvas", "title": "CentOS Update for freetype CESA-2008:0556 centos3 i386", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-1808", "CVE-2008-1807", "CVE-2008-1806"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:880209", "href": "http://plugins.openvas.org/nasl.php?oid=880209", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for freetype CESA-2008:0556 centos3 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"FreeType is a free, high-quality, portable font engine that can open and\n manage font files, as well as efficiently load, hint and render individual\n glyphs.\n\n Multiple flaws were discovered in FreeType's Printer Font Binary (PFB)\n font-file format parser. If a user loaded a carefully crafted font-file\n with a program linked against FreeType, it could cause the application to\n crash, or possibly execute arbitrary code. (CVE-2008-1806, CVE-2008-1807,\n CVE-2008-1808)\n \n Note: the flaw in FreeType's TrueType Font (TTF) font-file format parser,\n covered by CVE-2008-1808, did not affect the freetype packages as shipped\n in Red Hat Enterprise Linux 3, 4, and 5, as they are not compiled with TTF\n Byte Code Interpreter (BCI) support.\n \n Users of freetype should upgrade to these updated packages, which contain\n backported patches to resolve these issues.\";\n\ntag_affected = \"freetype on CentOS 3\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2008-June/015006.html\");\n script_id(880209);\n script_version(\"$Revision: 6651 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 13:45:21 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-27 08:40:14 +0100 (Fri, 27 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"CESA\", value: \"2008:0556\");\n script_cve_id(\"CVE-2008-1806\", \"CVE-2008-1807\", \"CVE-2008-1808\");\n script_name( \"CentOS Update for freetype CESA-2008:0556 centos3 i386\");\n\n script_summary(\"Check for the Version of freetype\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS3\")\n{\n\n if ((res = isrpmvuln(pkg:\"freetype\", rpm:\"freetype~2.1.4~10.el3\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"freetype-devel\", rpm:\"freetype-devel~2.1.4~10.el3\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"freetype-demos\", rpm:\"freetype-demos~2.1.4~10.el3\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"freetype-utils\", rpm:\"freetype-utils~2.1.4~10.el3\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-24T12:50:07", "description": "The remote host is missing updates announced in\nadvisory GLSA 200806-10.", "cvss3": {}, "published": "2008-09-24T00:00:00", "type": "openvas", "title": "Gentoo Security Advisory GLSA 200806-10 (freetype)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-1808", "CVE-2008-1807", "CVE-2008-1806"], "modified": "2017-07-07T00:00:00", "id": "OPENVAS:61184", "href": "http://plugins.openvas.org/nasl.php?oid=61184", "sourceData": "# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from Gentoo's XML based advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Font parsing vulnerabilities in FreeType might lead to user-assisted\nexecution of arbitrary code.\";\ntag_solution = \"All FreeType users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=media-libs/freetype-2.3.6'\n\nhttp://www.securityspace.com/smysecure/catid.html?in=GLSA%20200806-10\nhttp://bugs.gentoo.org/show_bug.cgi?id=225851\";\ntag_summary = \"The remote host is missing updates announced in\nadvisory GLSA 200806-10.\";\n\n \n\nif(description)\n{\n script_id(61184);\n script_version(\"$Revision: 6596 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 11:21:37 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-09-24 21:14:03 +0200 (Wed, 24 Sep 2008)\");\n script_cve_id(\"CVE-2008-1806\", \"CVE-2008-1807\", \"CVE-2008-1808\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Gentoo Security Advisory GLSA 200806-10 (freetype)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Gentoo Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-gentoo.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = ispkgvuln(pkg:\"media-libs/freetype\", unaffected: make_list(\"ge 2.3.6\"), vulnerable: make_list(\"lt 2.3.6\"))) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-02T21:10:22", "description": "The remote host is missing an update to the system\nas announced in the referenced advisory.", "cvss3": {}, "published": "2008-09-04T00:00:00", "type": "openvas", "title": "FreeBSD Ports: freetype2", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-1808", "CVE-2008-1807", "CVE-2008-1806"], "modified": "2016-09-19T00:00:00", "id": "OPENVAS:61219", "href": "http://plugins.openvas.org/nasl.php?oid=61219", "sourceData": "#\n#VID 4fb43b2f-46a9-11dd-9d38-00163e000016\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from vuxml or freebsd advisories\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The following package is affected: freetype2\n\nCVE-2008-1806\nInteger overflow in FreeType2 before 2.3.6 allows context-dependent\nattackers to execute arbitrary code via a crafted set of 16-bit length\nvalues within the Private dictionary table in a Printer Font Binary\n(PFB) file, which triggers a heap-based buffer overflow.\n\nCVE-2008-1807\nFreeType2 before 2.3.6 allow context-dependent attackers to execute\narbitrary code via an invalid 'number of axes' field in a Printer Font\nBinary (PFB) file, which triggers a free of arbitrary memory\nlocations, leading to memory corruption.\n\nCVE-2008-1808\nMultiple off-by-one errors in FreeType2 before 2.3.6 allow\ncontext-dependent attackers to execute arbitrary code via (1) a\ncrafted table in a Printer Font Binary (PFB) file or (2) a crafted SHC\ninstruction in a TrueType Font (TTF) file, which triggers a heap-based\nbuffer overflow.\";\ntag_solution = \"Update your system with the appropriate patches or\nsoftware upgrades.\n\nhttp://secunia.com/advisories/30600\nhttp://sourceforge.net/project/shownotes.php?release_id=605780\nhttp://www.vuxml.org/freebsd/4fb43b2f-46a9-11dd-9d38-00163e000016.html\";\ntag_summary = \"The remote host is missing an update to the system\nas announced in the referenced advisory.\";\n\n\nif(description)\n{\n script_id(61219);\n script_version(\"$Revision: 4112 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2016-09-19 15:17:59 +0200 (Mon, 19 Sep 2016) $\");\n script_tag(name:\"creation_date\", value:\"2008-09-04 20:41:11 +0200 (Thu, 04 Sep 2008)\");\n script_cve_id(\"CVE-2008-1806\", \"CVE-2008-1807\", \"CVE-2008-1808\");\n script_bugtraq_id(29637,29639,29640,29641);\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"FreeBSD Ports: freetype2\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"FreeBSD Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/freebsdrel\", \"login/SSH/success\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-bsd.inc\");\n\ntxt = \"\";\nvuln = 0;\nbver = portver(pkg:\"freetype2\");\nif(!isnull(bver) && revcomp(a:bver, b:\"2.3.6\")<0) {\n txt += 'Package freetype2 version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\n\nif(vuln) {\n security_message(data:string(txt));\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-27T10:56:40", "description": "Check for the Version of freetype", "cvss3": {}, "published": "2009-03-06T00:00:00", "type": "openvas", "title": "RedHat Update for freetype RHSA-2008:0558-01", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-1808", "CVE-2008-1807", "CVE-2008-1806"], "modified": "2017-07-12T00:00:00", "id": "OPENVAS:870038", "href": "http://plugins.openvas.org/nasl.php?oid=870038", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for freetype RHSA-2008:0558-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"FreeType is a free, high-quality, portable font engine that can open and\n manage font files, as well as efficiently load, hint and render individual\n glyphs.\n\n Multiple flaws were discovered in FreeType's Printer Font Binary (PFB) and\n TrueType Font (TTF) font-file format parsers. If a user loaded a carefully\n crafted font-file with a program linked against FreeType, it could cause\n the application to crash, or possibly execute arbitrary code.\n (CVE-2008-1806, CVE-2008-1807, CVE-2008-1808)\n \n Note: the flaw in FreeType's TrueType Font (TTF) font-file format parser,\n covered by CVE-2008-1808, only affected the FreeType 1 library (libttf),\n shipped in the freetype packages in Red Hat Enterprise Linux 2.1. The\n FreeType 2 library (libfreetype) is not affected, as it is not compiled\n with TTF Byte Code Interpreter (BCI) support.\n \n Users of freetype should upgrade to these updated packages, which contain\n backported patches to resolve these issues.\";\n\ntag_affected = \"freetype on Red Hat Enterprise Linux AS (Advanced Server) version 2.1,\n Red Hat Enterprise Linux ES version 2.1,\n Red Hat Enterprise Linux WS version 2.1\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/rhsa-announce/2008-June/msg00017.html\");\n script_id(870038);\n script_version(\"$Revision: 6683 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-12 11:41:57 +0200 (Wed, 12 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-03-06 07:30:35 +0100 (Fri, 06 Mar 2009)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"RHSA\", value: \"2008:0558-01\");\n script_cve_id(\"CVE-2008-1806\", \"CVE-2008-1807\", \"CVE-2008-1808\");\n script_name( \"RedHat Update for freetype RHSA-2008:0558-01\");\n\n script_summary(\"Check for the Version of freetype\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"RHENT_2.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"freetype\", rpm:\"freetype~2.0.3~13.el21\", rls:\"RHENT_2.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"freetype-devel\", rpm:\"freetype-devel~2.0.3~13.el21\", rls:\"RHENT_2.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"freetype-utils\", rpm:\"freetype-utils~2.0.3~13.el21\", rls:\"RHENT_2.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-04-09T11:41:06", "description": "Check for the Version of freetype", "cvss3": {}, "published": "2009-02-27T00:00:00", "type": "openvas", "title": "CentOS Update for freetype CESA-2008:0556 centos3 x86_64", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-1808", "CVE-2008-1807", "CVE-2008-1806"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:1361412562310880102", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310880102", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for freetype CESA-2008:0556 centos3 x86_64\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"FreeType is a free, high-quality, portable font engine that can open and\n manage font files, as well as efficiently load, hint and render individual\n glyphs.\n\n Multiple flaws were discovered in FreeType's Printer Font Binary (PFB)\n font-file format parser. If a user loaded a carefully crafted font-file\n with a program linked against FreeType, it could cause the application to\n crash, or possibly execute arbitrary code. (CVE-2008-1806, CVE-2008-1807,\n CVE-2008-1808)\n \n Note: the flaw in FreeType's TrueType Font (TTF) font-file format parser,\n covered by CVE-2008-1808, did not affect the freetype packages as shipped\n in Red Hat Enterprise Linux 3, 4, and 5, as they are not compiled with TTF\n Byte Code Interpreter (BCI) support.\n \n Users of freetype should upgrade to these updated packages, which contain\n backported patches to resolve these issues.\";\n\ntag_affected = \"freetype on CentOS 3\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2008-June/015007.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.880102\");\n script_version(\"$Revision: 9370 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:53:14 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-27 08:40:14 +0100 (Fri, 27 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"CESA\", value: \"2008:0556\");\n script_cve_id(\"CVE-2008-1806\", \"CVE-2008-1807\", \"CVE-2008-1808\");\n script_name( \"CentOS Update for freetype CESA-2008:0556 centos3 x86_64\");\n\n script_tag(name:\"summary\", value:\"Check for the Version of freetype\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS3\")\n{\n\n if ((res = isrpmvuln(pkg:\"freetype\", rpm:\"freetype~2.1.4~10.el3\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"freetype-devel\", rpm:\"freetype-devel~2.1.4~10.el3\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"freetype-demos\", rpm:\"freetype-demos~2.1.4~10.el3\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"freetype-utils\", rpm:\"freetype-utils~2.1.4~10.el3\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:36:35", "description": "Oracle Linux Local Security Checks ELSA-2008-0556", "cvss3": {}, "published": "2015-10-08T00:00:00", "type": "openvas", "title": "Oracle Linux Local Check: ELSA-2008-0556", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-1808", "CVE-2008-1807", "CVE-2008-1806"], "modified": "2018-09-28T00:00:00", "id": "OPENVAS:1361412562310122575", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310122575", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2008-0556.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.122575\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-08 14:48:27 +0300 (Thu, 08 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2008-0556\");\n script_tag(name:\"insight\", value:\"ELSA-2008-0556 - freetype security update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2008-0556\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2008-0556.html\");\n script_cve_id(\"CVE-2008-1806\", \"CVE-2008-1807\", \"CVE-2008-1808\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux5\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux5\")\n{\n if ((res = isrpmvuln(pkg:\"freetype\", rpm:\"freetype~2.2.1~20.el5_2\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"freetype-demos\", rpm:\"freetype-demos~2.2.1~20.el5_2\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"freetype-devel\", rpm:\"freetype-devel~2.2.1~20.el5_2\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2018-04-09T11:40:31", "description": "Check for the Version of freetype", "cvss3": {}, "published": "2009-03-06T00:00:00", "type": "openvas", "title": "RedHat Update for freetype RHSA-2008:0556-01", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-1808", "CVE-2008-1807", "CVE-2008-1806"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:1361412562310870171", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310870171", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for freetype RHSA-2008:0556-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"FreeType is a free, high-quality, portable font engine that can open and\n manage font files, as well as efficiently load, hint and render individual\n glyphs.\n\n Multiple flaws were discovered in FreeType's Printer Font Binary (PFB)\n font-file format parser. If a user loaded a carefully crafted font-file\n with a program linked against FreeType, it could cause the application to\n crash, or possibly execute arbitrary code. (CVE-2008-1806, CVE-2008-1807,\n CVE-2008-1808)\n \n Note: the flaw in FreeType's TrueType Font (TTF) font-file format parser,\n covered by CVE-2008-1808, did not affect the freetype packages as shipped\n in Red Hat Enterprise Linux 3, 4, and 5, as they are not compiled with TTF\n Byte Code Interpreter (BCI) support.\n \n Users of freetype should upgrade to these updated packages, which contain\n backported patches to resolve these issues.\";\n\ntag_affected = \"freetype on Red Hat Enterprise Linux AS version 3,\n Red Hat Enterprise Linux ES version 3,\n Red Hat Enterprise Linux WS version 3,\n Red Hat Enterprise Linux AS version 4,\n Red Hat Enterprise Linux ES version 4,\n Red Hat Enterprise Linux WS version 4,\n Red Hat Enterprise Linux (v. 5 server)\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/rhsa-announce/2008-June/msg00016.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.870171\");\n script_version(\"$Revision: 9370 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:53:14 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-03-06 07:30:35 +0100 (Fri, 06 Mar 2009)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"RHSA\", value: \"2008:0556-01\");\n script_cve_id(\"CVE-2008-1806\", \"CVE-2008-1807\", \"CVE-2008-1808\");\n script_name( \"RedHat Update for freetype RHSA-2008:0556-01\");\n\n script_tag(name:\"summary\", value:\"Check for the Version of freetype\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"RHENT_5\")\n{\n\n if ((res = isrpmvuln(pkg:\"freetype\", rpm:\"freetype~2.2.1~20.el5_2\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"freetype-debuginfo\", rpm:\"freetype-debuginfo~2.2.1~20.el5_2\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"freetype-demos\", rpm:\"freetype-demos~2.2.1~20.el5_2\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"freetype-devel\", rpm:\"freetype-devel~2.2.1~20.el5_2\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"RHENT_4\")\n{\n\n if ((res = isrpmvuln(pkg:\"freetype\", rpm:\"freetype~2.1.9~7.el4.6\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"freetype-debuginfo\", rpm:\"freetype-debuginfo~2.1.9~7.el4.6\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"freetype-demos\", rpm:\"freetype-demos~2.1.9~7.el4.6\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"freetype-devel\", rpm:\"freetype-devel~2.1.9~7.el4.6\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"freetype-utils\", rpm:\"freetype-utils~2.1.9~7.el4.6\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"RHENT_3\")\n{\n\n if ((res = isrpmvuln(pkg:\"freetype\", rpm:\"freetype~2.1.4~8.el3\", rls:\"RHENT_3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"freetype-debuginfo\", rpm:\"freetype-debuginfo~2.1.4~8.el3\", rls:\"RHENT_3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"freetype-devel\", rpm:\"freetype-devel~2.1.4~8.el3\", rls:\"RHENT_3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-25T10:56:59", "description": "Check for the Version of freetype", "cvss3": {}, "published": "2009-02-27T00:00:00", "type": "openvas", "title": "CentOS Update for freetype CESA-2008:0556 centos4 i386", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-1808", "CVE-2008-1807", "CVE-2008-1806"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:880009", "href": "http://plugins.openvas.org/nasl.php?oid=880009", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for freetype CESA-2008:0556 centos4 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"FreeType is a free, high-quality, portable font engine that can open and\n manage font files, as well as efficiently load, hint and render individual\n glyphs.\n\n Multiple flaws were discovered in FreeType's Printer Font Binary (PFB)\n font-file format parser. If a user loaded a carefully crafted font-file\n with a program linked against FreeType, it could cause the application to\n crash, or possibly execute arbitrary code. (CVE-2008-1806, CVE-2008-1807,\n CVE-2008-1808)\n \n Note: the flaw in FreeType's TrueType Font (TTF) font-file format parser,\n covered by CVE-2008-1808, did not affect the freetype packages as shipped\n in Red Hat Enterprise Linux 3, 4, and 5, as they are not compiled with TTF\n Byte Code Interpreter (BCI) support.\n \n Users of freetype should upgrade to these updated packages, which contain\n backported patches to resolve these issues.\";\n\ntag_affected = \"freetype on CentOS 4\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2008-June/015000.html\");\n script_id(880009);\n script_version(\"$Revision: 6651 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 13:45:21 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-27 08:40:14 +0100 (Fri, 27 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"CESA\", value: \"2008:0556\");\n script_cve_id(\"CVE-2008-1806\", \"CVE-2008-1807\", \"CVE-2008-1808\");\n script_name( \"CentOS Update for freetype CESA-2008:0556 centos4 i386\");\n\n script_summary(\"Check for the Version of freetype\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS4\")\n{\n\n if ((res = isrpmvuln(pkg:\"freetype\", rpm:\"freetype~2.1.9~7.el4.6\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"freetype-demos\", rpm:\"freetype-demos~2.1.9~7.el4.6\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"freetype-devel\", rpm:\"freetype-devel~2.1.9~7.el4.6\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"freetype-utils\", rpm:\"freetype-utils~2.1.9~7.el4.6\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-25T10:57:02", "description": "Check for the Version of freetype", "cvss3": {}, "published": "2009-02-17T00:00:00", "type": "openvas", "title": "Fedora Update for freetype FEDORA-2008-5430", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-1808", "CVE-2008-1807", "CVE-2008-1806"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:860650", "href": "http://plugins.openvas.org/nasl.php?oid=860650", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for freetype FEDORA-2008-5430\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"freetype on Fedora 8\";\ntag_insight = \"The FreeType engine is a free and portable font rendering\n engine, developed to provide advanced font support for a variety of\n platforms and environments. FreeType is a library which can open and\n manages font files as well as efficiently load, hint and render\n individual glyphs. FreeType is not a font server or a complete\n text-rendering library.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00721.html\");\n script_id(860650);\n script_version(\"$Revision: 6623 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:10:20 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-17 16:50:22 +0100 (Tue, 17 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"FEDORA\", value: \"2008-5430\");\n script_cve_id(\"CVE-2008-1806\", \"CVE-2008-1807\", \"CVE-2008-1808\");\n script_name( \"Fedora Update for freetype FEDORA-2008-5430\");\n\n script_summary(\"Check for the Version of freetype\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC8\")\n{\n\n if ((res = isrpmvuln(pkg:\"freetype\", rpm:\"freetype~2.3.5~4.fc8\", rls:\"FC8\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "seebug": [{"lastseen": "2017-11-19T18:59:30", "description": "BUGTRAQ ID: 33759\r\nCVE(CAN) ID: CVE-2009-0009,CVE-2009-0020,CVE-2009-0142,CVE-2009-0011,CVE-2009-0012,CVE-2009-0013,CVE-2009-0014,CVE-2009-0015,CVE-2009-0017,CVE-2009-0018,CVE-2009-0019,CVE-2009-0137,CVE-2009-0138,CVE-2009-0139,CVE-2009-0140,CVE-2009-0141\r\n\r\nMac OS X\u662f\u82f9\u679c\u5bb6\u65cf\u673a\u5668\u6240\u4f7f\u7528\u7684\u64cd\u4f5c\u7cfb\u7edf\u3002\r\n\r\nApple 2009-001\u5b89\u5168\u66f4\u65b0\u4fee\u590d\u4e86Mac OS X\u4e2d\u7684\u591a\u4e2a\u5b89\u5168\u6f0f\u6d1e\uff0c\u672c\u5730\u6216\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u80fd\u5229\u7528\u8fd9\u4e9b\u6f0f\u6d1e\u5bfc\u81f4\u62d2\u7edd\u670d\u52a1\u3001\u8bfb\u53d6\u654f\u611f\u4fe1\u606f\u6216\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002\r\n\r\nCVE-2009-0009\r\n\r\n\u4f7f\u7528Pixlet codec\u5904\u7406\u7535\u5f71\u6587\u4ef6\u65f6\u5b58\u5728\u5185\u5b58\u7834\u574f\u6f0f\u6d1e\uff0c\u6253\u5f00\u7279\u5236\u7684\u7535\u5f71\u6587\u4ef6\u53ef\u80fd\u5bfc\u81f4\u5e94\u7528\u7a0b\u5e8f\u610f\u5916\u7ec8\u6b62\u6216\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002\r\n\r\nCVE-2009-0020\r\n\r\n\u8d44\u6e90\u7ba1\u7406\u5668\u5904\u7406\u8d44\u6e90fork\u65f6\u5b58\u5728\u5185\u5b58\u7834\u574f\u6f0f\u6d1e\uff0c\u6253\u5f00\u5e26\u6709\u7279\u5236\u8d44\u6e90fork\u7684\u6587\u4ef6\u53ef\u80fd\u5bfc\u81f4\u5e94\u7528\u7a0b\u5e8f\u610f\u5916\u7ec8\u6b62\u6216\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002\r\n\r\nCVE-2009-0142\r\n\r\nAFP\u670d\u52a1\u5668\u4e2d\u7684\u7ade\u4e89\u6761\u4ef6\u53ef\u80fd\u5bfc\u81f4\u6b7b\u5faa\u73af\uff0c\u5728AFP\u670d\u52a1\u5668\u4e0a\u679a\u4e3e\u6587\u4ef6\u53ef\u80fd\u89e6\u53d1\u62d2\u7edd\u670d\u52a1\u3002 \r\n\r\nCVE-2009-0011\r\n\r\n\u8bc1\u4e66\u52a9\u624b\u5904\u7406\u4e34\u65f6\u6587\u4ef6\u7684\u65b9\u5f0f\u5b58\u5728\u4e0d\u5b89\u5168\u7684\u6587\u4ef6\u64cd\u4f5c\uff0c\u53ef\u80fd\u5141\u8bb8\u672c\u5730\u7528\u6237\u4ee5\u5176\u4ed6\u7528\u6237\u7684\u6743\u9650\u8986\u76d6\u6587\u4ef6\u3002\r\n\r\nCVE-2009-0012\r\n\r\n\u5728CoreText\u4e2d\u5904\u7406Unicode\u5b57\u7b26\u4e32\u65f6\u5b58\u5728\u5806\u6ea2\u51fa\uff0c\u4f7f\u7528CoreText\u5904\u7406\u7279\u5236\u7684Unicode\u5b57\u7b26\u4e32\uff08\u5982\u67e5\u770b\u7279\u5236\u7684\u7f51\u9875\uff09\u53ef\u80fd\u5bfc\u81f4\u5e94\u7528\u7a0b\u5e8f\u610f\u5916\u7ec8\u6b62\u6216\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002\r\n\r\nCVE-2009-0013\r\n\r\ndscl\u547d\u4ee4\u884c\u5de5\u5177\u8981\u6c42\u4ee5\u53c2\u6570\u7684\u5f62\u5f0f\u4f20\u9001\u53e3\u4ee4\uff0c\u8fd9\u53ef\u80fd\u5bfc\u81f4\u5411\u5176\u4ed6\u672c\u5730\u7528\u6237\u66b4\u9732\u53e3\u4ee4\u3002 \r\n\r\nCVE-2009-0014\r\n\r\n\u6587\u4ef6\u5939\u7ba1\u7406\u5668\u4e2d\u5b58\u5728\u9ed8\u8ba4\u6743\u9650\u95ee\u9898\uff0c\u5f53\u7528\u6237\u5220\u9664\u4e0b\u8f7d\u6587\u4ef6\u5939\u4e14\u6587\u4ef6\u5939\u7ba1\u7406\u5668\u91cd\u65b0\u521b\u5efa\u65f6\uff0c\u53ef\u80fd\u4ee5\u4efb\u4f55\u7528\u6237\u90fd\u53ef\u8bfb\u7684\u6743\u9650\u521b\u5efa\u6587\u4ef6\u5939\u3002\r\n\r\nCVE-2009-0015\r\n\r\nfseventsd\u4e2d\u5b58\u5728\u51ed\u636e\u7ba1\u7406\u95ee\u9898\uff0c\u672c\u5730\u7528\u6237\u53ef\u4ee5\u4f7f\u7528FSEvents\u6846\u67b6\u67e5\u770b\u5176\u4ed6\u60c5\u51b5\u4e0b\u4e0d\u53ef\u770b\u5230\u7684\u6587\u4ef6\u7cfb\u7edf\u884c\u4e3a\uff0c\u5305\u62ec\u76ee\u5f55\u540d\u79f0\u548c\u6307\u5b9a\u65f6\u95f4\u7684\u5220\u9664\u884c\u4e3a\u3002 \r\n\r\nCVE-2009-0017\r\n\r\ncsregprinter\u4e2d\u7684\u9519\u8bef\u5904\u7406\u95ee\u9898\u53ef\u80fd\u5bfc\u81f4\u5806\u6ea2\u51fa\uff0c\u8fd9\u5141\u8bb8\u672c\u5730\u7528\u6237\u83b7\u5f97\u7cfb\u7edf\u6743\u9650\u3002 \r\n\r\nCVE-2009-0018\r\n\r\nRemote Apple Events\u670d\u52a1\u5668\u4e2d\u7684\u672a\u521d\u59cb\u5316\u7f13\u51b2\u533a\u95ee\u9898\u53ef\u80fd\u5bfc\u81f4\u5411\u7f51\u7edc\u5ba2\u6237\u7aef\u6cc4\u9732\u5185\u5b58\u5185\u5bb9\u3002 \r\n\r\nCVE-2009-0019\r\n\r\nRemote Apple Events\u4e2d\u5b58\u5728\u8d8a\u754c\u5185\u5b58\u8bbf\u95ee\uff0c\u542f\u7528Remote Apple Events\u53ef\u80fd\u5bfc\u81f4\u5e94\u7528\u7a0b\u5e8f\u610f\u5916\u7ec8\u6b62\u6216\u5411\u7f51\u7edc\u5ba2\u6237\u7aef\u6cc4\u9732\u654f\u611f\u4fe1\u606f\u3002\r\n\r\nCVE-2009-0137\r\n\r\nSafari\u5904\u7406feed: URLs\u7684\u65b9\u5f0f\u5b58\u5728\u591a\u4e2a\u8f93\u5165\u9a8c\u8bc1\u9519\u8bef\uff0c\u53ef\u80fd\u5141\u8bb8\u5728\u672c\u5730\u5b89\u5168\u533a\u4e2d\u6267\u884c\u4efb\u610fJavaScript\u3002 \r\n\r\nCVE-2009-0138\r\n\r\n\u670d\u52a1\u5668\u7ba1\u7406\u5668\u9a8c\u8bc1\u8ba4\u8bc1\u51ed\u636e\u65b9\u5f0f\u7684\u6f0f\u6d1e\u53ef\u80fd\u5141\u8bb8\u8fdc\u7a0b\u653b\u51fb\u8005\u66f4\u6539\u7cfb\u7edf\u914d\u7f6e\u3002 \r\n\r\nCVE-2009-0139\r\n\r\nSMB\u6587\u4ef6\u7cfb\u7edf\u4e2d\u7684\u6574\u6570\u6ea2\u51fa\u53ef\u80fd\u89e6\u53d1\u5806\u6ea2\u51fa\uff0c\u8fde\u63a5\u5230\u6076\u610f\u7684SMB\u6587\u4ef6\u7cfb\u7edf\u53ef\u80fd\u5bfc\u81f4\u7cfb\u7edf\u5173\u95ed\u6216\u4ee5\u7cfb\u7edf\u6743\u9650\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002 \r\n\r\nCVE-2009-0140\r\n\r\nSMB\u6587\u4ef6\u7cfb\u7edf\u5904\u7406\u6587\u4ef6\u7cfb\u7edf\u540d\u79f0\u7684\u65b9\u5f0f\u5b58\u5728\u5185\u5b58\u8017\u5c3d\u95ee\u9898\uff0c\u8fde\u63a5\u5230\u6076\u610f\u7684SMB\u6587\u4ef6\u7cfb\u7edf\u670d\u52a1\u5668\u53ef\u80fd\u5bfc\u81f4\u7cfb\u7edf\u610f\u5916\u5173\u673a\u3002 \r\n\r\nCVE-2009-0141\r\n\r\nXterm\u4e2d\u5b58\u5728\u6743\u9650\u95ee\u9898\u3002\u5728\u540cluit\u4f7f\u7528\u65f6\uff0cXterm\u4f1a\u521b\u5efa\u4efb\u4f55\u7528\u6237\u90fd\u53ef\u8bbf\u95ee\u7684tty\u8bbe\u5907\u3002\n\nApple Mac OS X 10.5.6\r\nApple MacOS X Server 10.5.6\r\nApple Safari 3.2.2 for Windows\n \u5382\u5546\u8865\u4e01\uff1a\r\n\r\nApple\r\n-----\r\n\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u8fd9\u4e2a\u5b89\u5168\u95ee\u9898\uff0c\u8bf7\u5230\u5382\u5546\u7684\u4e3b\u9875\u4e0b\u8f7d\uff1a\r\n\r\n<a href=http://support.apple.com/downloads/Security_Update_2009_001__Tiger_Intel_ target=_blank rel=external nofollow>http://support.apple.com/downloads/Security_Update_2009_001__Tiger_Intel_</a>\r\n<a href=http://support.apple.com/downloads/Security_Update_2009_001__Tiger_PPC target=_blank rel=external nofollow>http://support.apple.com/downloads/Security_Update_2009_001__Tiger_PPC</a> _", "cvss3": {}, "published": "2009-02-13T00:00:00", "type": "seebug", "title": "Apple Mac OS X 2009-001\u66f4\u65b0\u4fee\u590d\u591a\u4e2a\u5b89\u5168\u6f0f\u6d1e", "bulletinFamily": "exploit", "cvss2": {}, "cvelist": ["CVE-2009-0009", "CVE-2009-0011", "CVE-2009-0012", "CVE-2009-0013", "CVE-2009-0014", "CVE-2009-0015", "CVE-2009-0017", "CVE-2009-0018", "CVE-2009-0019", "CVE-2009-0020", "CVE-2009-0137", "CVE-2009-0138", "CVE-2009-0139", "CVE-2009-0140", "CVE-2009-0141", "CVE-2009-0142"], "modified": "2009-02-13T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-4762", "id": "SSV:4762", "sourceData": "", "sourceHref": "", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-11-19T21:32:53", "description": "BUGTRAQ ID: 30491\r\nCVE ID\uff1aCVE-2008-2315\r\n CVE-2008-2316\r\n CVE-2008-3142\r\n CVE-2008-3143\r\n CVE-2008-3144\r\nCNCVE ID\uff1aCNCVE-20082315 \r\n CNCVE-20082316\r\n CNCVE-20083142\r\n CNCVE-20083143\r\n CNCVE-20083144 \r\n\r\nPython\u662f\u4e00\u6b3e\u5f00\u653e\u6e90\u4ee3\u7801\u7684\u811a\u672c\u7f16\u7a0b\u8bed\u8a00\u3002\r\nPython\u4e2d\u5b58\u5728\u591a\u4e2a\u6574\u6570\u6ea2\u51fa\u6f0f\u6d1e\uff0c\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u4ee5\u5229\u7528\u6f0f\u6d1e\u5bf9\u5e94\u7528\u7a0b\u5e8f\u8fdb\u884c\u62d2\u7edd\u670d\u52a1\u6216\u8005\u4efb\u610f\u4ee3\u7801\u6267\u884c\u653b\u51fb\u3002\r\n1) stringobject\u3001unicodeobject\u3001bufferobject\u3001longobject\u3001tupleobject\u3001stropmodule\u3001gcmodule\u3001mmapmodule\u7b49\u6838\u5fc3\u6a21\u5757\u4e2d\u5b58\u5728\u5404\u79cd\u6574\u6570\u6ea2\u51fa\u3002\r\n2) hashlib\u6a21\u5757\u4e2d\u7684\u6574\u6570\u6ea2\u51fa\u53ef\u5bfc\u81f4\u4e0d\u53ef\u4fe1\u7684\u52a0\u5bc6\u6458\u8981\u7ed3\u679c\u3002\r\n3) \u5728\u5904\u7406unicode\u5b57\u7b26\u4e32\u65f6unicode_resize()\u4e2d\u7684\u6574\u6570\u6ea2\u51fa\u53ef\u80fd\u572832\u4f4d\u7cfb\u7edf\u4e0a\u51fa\u73b0\u7f13\u51b2\u533a\u6ea2\u51fa\u9519\u8bef\u3002\u4ee5\u4e0b\u662f\u6709\u6f0f\u6d1e\u7684\u4ee3\u7801\u6bb5\uff1a\r\n \r\nstatic\r\nint unicode_resize(register PyUnicodeObject *unicode,\r\n Py_ssize_t length)\r\n{\r\n[...]\r\n \r\n oldstr = unicode->str;\r\n PyMem_RESIZE(unicode->str, Py_UNICODE, length + 1);\r\n[...]\r\n unicode->str[length] = 0;\r\n unicode->length = length;\r\n \r\n \r\n#define PyMem_RESIZE(p, type, n) \\\r\n ( assert((n) <= PY_SIZE_MAX / sizeof(type)) , \\\r\n ( (p) = (type *) PyMem_REALLOC((p), (n) * sizeof(type)) ) )\r\n \r\n4) \u5728\u6ca1\u6709vsnprintf()\u51fd\u6570\u7684\u67b6\u6784\u4e0a\uff0cPyOS_vsnprintf()\u51fd\u6570\u4e2d\u5b58\u5728\u6574\u6570\u6ea2\u51fa\u6f0f\u6d1e\u3002\u4ee5\u4e0b\u662f\u6709\u6f0f\u6d1e\u7684\u4ee3\u7801\u6bb5\uff1a\r\n \r\nint\r\nPyOS_vsnprintf(char *str, size_t size, const char *format, va_list va)\r\n{\r\n int len; /* # bytes written, excluding \\0 */\r\n[...]\r\n assert(str != NULL);\r\n assert(size > 0);\r\n assert(format != NULL);\r\n \r\n[...]\r\n /* Emulate it. */\r\n buffer = PyMem_MALLOC(size + 512);\r\n if (buffer == NULL) {\r\n len = -666;\r\n goto Done;\r\n }\r\n \r\n len = vsprintf(buffer, format, va);\r\n if (len < 0)\r\n /* ignore the error */;\r\n \r\n else if ((size_t)len >= size + 512)\r\n Py_FatalError("Buffer overflow in\r\nPyOS_snprintf/PyOS_vsnprintf");\r\n \r\n else {\r\n const size_t to_copy = (size_t)len < size ?\r\n (size_t)len : size - 1;\r\n assert(to_copy < size);\r\n memcpy(str, buffer, to_copy);\r\n str[to_copy] = '\\0';\r\n }\r\n PyMem_FREE(buffer);\r\nDone:\r\n[...]\r\n str[size-1] = '\\0';\r\n return len;\r\n}\r\n \r\n5) \u5f530\u957f\u5ea6\u7684\u5b57\u7b26\u4e32\u53d1\u9001\u7ed9PyOS_vsnprintf()\u51fd\u6570\uff0c\u5c31\u53ef\u80fd\u89e6\u53d1\u6574\u6570\u6ea2\u51fa\uff0c\u5bfc\u81f4\u5185\u5b58\u7834\u574f\u3002\u4ee5\u4e0b\u662f\u6709\u6f0f\u6d1e\u7684\u4ee3\u7801\u6bb5\uff1a\r\n \r\nint\r\nPyOS_vsnprintf(char *str, size_t size, const char *format, va_list va)\r\n{\r\n int len; /* # bytes written, excluding \\0 */\r\n#ifndef HAVE_SNPRINTF\r\n char *buffer;\r\n#endif\r\n assert(str != NULL);\r\n assert(size > 0);\r\n assert(format != NULL);\r\n[...]\r\n len = vsnprintf(str, size, format, va);\r\n[...]\r\n str[size-1] = '\\0';\r\n return len;\r\n}\r\n\n\nUbuntu Ubuntu Linux 8.04 LTS sparc\r\nUbuntu Ubuntu Linux 8.04 LTS powerpc\r\nUbuntu Ubuntu Linux 8.04 LTS lpia\r\nUbuntu Ubuntu Linux 8.04 LTS i386\r\nUbuntu Ubuntu Linux 8.04 LTS amd64\r\nUbuntu Ubuntu Linux 7.10 sparc\r\nUbuntu Ubuntu Linux 7.10 powerpc\r\nUbuntu Ubuntu Linux 7.10 lpia\r\nUbuntu Ubuntu Linux 7.10 i386\r\nUbuntu Ubuntu Linux 7.10 amd64\r\nUbuntu Ubuntu Linux 7.04 sparc\r\nUbuntu Ubuntu Linux 7.04 powerpc\r\nUbuntu Ubuntu Linux 7.04 i386\r\nUbuntu Ubuntu Linux 7.04 amd64\r\nUbuntu Ubuntu Linux 6.06 LTS sparc\r\nUbuntu Ubuntu Linux 6.06 LTS powerpc\r\nUbuntu Ubuntu Linux 6.06 LTS i386\r\nUbuntu Ubuntu Linux 6.06 LTS amd64\r\nSlackware Linux 10.2 \r\nSlackware Linux 10.1 \r\nSlackware Linux 12.1\r\nSlackware Linux 12.0\r\nSlackware Linux 11.0\r\nSlackware Linux -current\r\nPython Software Foundation Python 2.5.2 \r\nPython Software Foundation Python 2.5.1 \r\nPython Software Foundation Python 2.4.4 \r\nPython Software Foundation Python 2.4.3 \r\n+ Trustix Secure Linux 3.0.5 \r\nPython Software Foundation Python 2.4.2 \r\nPython Software Foundation Python 2.4.1 \r\nPython Software Foundation Python 2.4 \r\nPython Software Foundation Python 2.3.6 \r\nPython Software Foundation Python 2.3.5 \r\nPython Software Foundation Python 2.3.4 \r\n+ MandrakeSoft Linux Mandrake 10.1 x86_64\r\n+ MandrakeSoft Linux Mandrake 10.1 \r\n+ S.u.S.E. Linux Personal 9.2 x86_64\r\n+ S.u.S.E. Linux Personal 9.2 \r\n+ Ubuntu Ubuntu Linux 4.1 ppc\r\n+ Ubuntu Ubuntu Linux 4.1 ia64\r\n+ Ubuntu Ubuntu Linux 4.1 ia32\r\nPython Software Foundation Python 2.3.3 \r\n+ MandrakeSoft Corporate Server 3.0 x86_64\r\n+ MandrakeSoft Corporate Server 3.0 \r\n+ MandrakeSoft Linux Mandrake 10.0 AMD64\r\n+ MandrakeSoft Linux Mandrake 10.0 \r\n+ MandrakeSoft Linux Mandrake 9.2 amd64\r\n+ MandrakeSoft Linux Mandrake 9.2 \r\n+ S.u.S.E. Linux Personal 9.0 x86_64\r\n+ S.u.S.E. Linux Personal 9.0 \r\nPython Software Foundation Python 2.3.2 \r\nPython Software Foundation Python 2.3.1 \r\nPython Software Foundation Python 2.3 b1\r\nPython Software Foundation Python 2.3 \r\n+ S.u.S.E. Linux Personal 9.0 x86_64\r\n+ S.u.S.E. Linux Personal 9.0 \r\nPython Software Foundation Python 2.2.3 \r\n+ RedHat Desktop 3.0 \r\n+ RedHat Enterprise Linux AS 3\r\n+ RedHat Enterprise Linux ES 3\r\n+ RedHat Enterprise Linux WS 3\r\n+ Ubuntu Ubuntu Linux 4.1 ppc\r\n+ Ubuntu Ubuntu Linux 4.1 ia64\r\n+ Ubuntu Ubuntu Linux 4.1 ia32\r\nPython Software Foundation Python 2.2.2 \r\n+ OpenPKG OpenPKG 1.2 \r\n+ RedHat Linux 7.3 \r\n+ S.u.S.E. Linux Personal 8.2 \r\nPython Software Foundation Python 2.2.1 \r\n+ Debian Linux 3.0 sparc\r\n+ Debian Linux 3.0 s/390\r\n+ Debian Linux 3.0 ppc\r\n+ Debian Linux 3.0 mipsel\r\n+ Debian Linux 3.0 mips\r\n+ Debian Linux 3.0 m68k\r\n+ Debian Linux 3.0 ia-64\r\n+ Debian Linux 3.0 ia-32\r\n+ Debian Linux 3.0 hppa\r\n+ Debian Linux 3.0 arm\r\n+ Debian Linux 3.0 alpha\r\n+ Debian Linux 3.0 \r\n+ Gentoo Linux 1.4 _rc1\r\n+ Gentoo Linux 1.2 \r\n+ MandrakeSoft Corporate Server 2.1 x86_64\r\n+ MandrakeSoft Corporate Server 2.1 \r\n+ MandrakeSoft Linux Mandrake 9.0 \r\n+ OpenPKG OpenPKG 1.1 \r\n+ S.u.S.E. Linux 8.1 \r\nPython Software Foundation Python 2.2 \r\n+ Conectiva Linux 8.0 \r\n+ MandrakeSoft Linux Mandrake 8.2 ppc\r\n+ MandrakeSoft Linux Mandrake 8.2 \r\n+ MandrakeSoft Linux Mandrake 8.1 ia64\r\n+ MandrakeSoft Linux Mandrake 8.1 \r\nPython Software Foundation Python 2.1.3 \r\n+ Debian Linux 3.0 \r\nPython Software Foundation Python 2.1.2 \r\nPython Software Foundation Python 2.1.1 \r\n+ RedHat Linux 7.2 \r\n+ Sun Linux 5.0.7 \r\nPython Software Foundation Python 2.1 \r\n+ Conectiva Linux 7.0 \r\n+ Debian Linux 3.1 sparc\r\n+ Debian Linux 3.1 s/390\r\n+ Debian Linux 3.1 ppc\r\n+ Debian Linux 3.1 mipsel\r\n+ Debian Linux 3.1 mips\r\n+ Debian Linux 3.1 m68k\r\n+ Debian Linux 3.1 ia-64\r\n+ Debian Linux 3.1 ia-32\r\n+ Debian Linux 3.1 hppa\r\n+ Debian Linux 3.1 arm\r\n+ Debian Linux 3.1 amd64\r\n+ Debian Linux 3.1 alpha\r\n+ Debian Linux 3.1 \r\n+ Debian Linux 3.0 sparc\r\n+ Debian Linux 3.0 s/390\r\n+ Debian Linux 3.0 ppc\r\n+ Debian Linux 3.0 mipsel\r\n+ Debian Linux 3.0 mips\r\n+ Debian Linux 3.0 m68k\r\n+ Debian Linux 3.0 ia-64\r\n+ Debian Linux 3.0 ia-32\r\n+ Debian Linux 3.0 hppa\r\n+ Debian Linux 3.0 arm\r\n+ Debian Linux 3.0 alpha\r\n+ Debian Linux 3.0 \r\nPython Software Foundation Python 2.0.1 \r\nPython Software Foundation Python 2.0 \r\n+ MandrakeSoft Linux Mandrake 8.0 ppc\r\n+ MandrakeSoft Linux Mandrake 8.0 \r\nPython Software Foundation Python 2.5\r\nGentoo Linux\n Gentoo\r\n------\r\nGentoo\u53ef\u53c2\u8003\u5982\u4e0b\u5b89\u5168\u516c\u544a\u83b7\u5f97\u76f8\u5e94\u8865\u4e01:\r\n<a href=http://security.gentoo.org/glsa/glsa-200807-16.xml target=_blank>http://security.gentoo.org/glsa/glsa-200807-16.xml</a>\r\nPython 2.4\u7528\u6237\u5e94\u5347\u7ea7\u5230\u6700\u65b0\u7248\u672c\uff1a\r\n # emerge --sync\r\n # emerge --ask --oneshot --verbose ">=dev-lang/python-2.4.4-r14"\r\nPython 2.5\u7528\u6237\u5e94\u5347\u7ea7\u5230\u6700\u65b0\u7248\u672c\uff1a\r\n # emerge --sync\r\n # emerge --ask --oneshot --verbose ">=dev-lang/python-2.5.2-r6"\r\nPython\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u8fd9\u4e2a\u5b89\u5168\u95ee\u9898\uff0c\u8bf7\u5230\u5382\u5546\u7684\u4e3b\u9875\u4e0b\u8f7d\uff1a\r\n<a href=http://svn.python.org/view?rev=65335&view=rev target=_blank>http://svn.python.org/view?rev=65335&view=rev</a>", "cvss3": {}, "published": "2008-08-07T00:00:00", "title": "Python\u5b58\u5728\u591a\u4e2a\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e", "type": "seebug", "bulletinFamily": "exploit", "cvss2": {}, "cvelist": ["CVE-2008-2315", "CVE-2008-2316", "CVE-2008-3142", "CVE-2008-3143", "CVE-2008-3144"], "modified": "2008-08-07T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-3800", "id": "SSV:3800", "sourceData": "", "sourceHref": "", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-11-19T21:32:35", "description": "BUGTRAQ ID: 30491\r\nCVE(CAN) ID: CVE-2008-2315,CVE-2008-2316,CVE-2008-3142,CVE-2008-3143,CVE-2008-3144\r\n\r\nPython\u662f\u4e00\u79cd\u5f00\u653e\u6e90\u4ee3\u7801\u7684\u811a\u672c\u7f16\u7a0b\u8bed\u8a00\u3002\r\n\r\nPython\u4e2d\u5b58\u5728\u591a\u4e2a\u6574\u6570\u6ea2\u51fa\u6f0f\u6d1e\uff0c\u53ef\u80fd\u5141\u8bb8\u6076\u610f\u7528\u6237\u5bfc\u81f4\u62d2\u7edd\u670d\u52a1\u6216\u5165\u4fb5\u6709\u6f0f\u6d1e\u7684\u7cfb\u7edf\u3002\r\n\r\n1) stringobject\u3001unicodeobject\u3001bufferobject\u3001longobject\u3001tupleobject\u3001stropmodule\u3001gcmodule\u3001mmapmodule\u7b49\u6838\u5fc3\u6a21\u5757\u4e2d\u5b58\u5728\u5404\u79cd\u6574\u6570\u6ea2\u51fa\u3002\r\n\r\n2) hashlib\u6a21\u5757\u4e2d\u7684\u6574\u6570\u6ea2\u51fa\u53ef\u80fd\u5bfc\u81f4\u4e0d\u53ef\u4fe1\u4efb\u7684\u52a0\u5bc6\u6458\u8981\u7ed3\u679c\u3002\r\n\r\n3) \u5728\u5904\u7406unicode\u5b57\u7b26\u4e32\u65f6unicode_resize()\u4e2d\u7684\u6574\u6570\u6ea2\u51fa\u53ef\u80fd\u572832\u4f4d\u7cfb\u7edf\u4e0a\u5bfc\u81f4\u9519\u8bef\u7684\u5185\u5b58\u5206\u914d\u3002\u4ee5\u4e0b\u662f\u6709\u6f0f\u6d1e\u7684\u4ee3\u7801\u6bb5\uff1a\r\n\r\n174 static\r\n175 int unicode_resize(register PyUnicodeObject *unicode,\r\n176 Py_ssize_t length)\r\n177 {\r\n[...]\r\n201 \r\n202 oldstr = unicode->str;\r\n203 PyMem_RESIZE(unicode->str, Py_UNICODE, length + 1);\r\n[...]\r\n209 unicode->str[length] = 0;\r\n210 unicode->length = length;\r\n211 \r\n\r\n95 #define PyMem_RESIZE(p, type, n) \\\r\n96 ( assert((n) <= PY_SIZE_MAX / sizeof(type)) , \\\r\n97 ( (p) = (type *) PyMem_REALLOC((p), (n) * sizeof(type)) ) )\r\n\r\n4) \u5728\u4e0d\u5b58\u5728vsnprintf()\u51fd\u6570\u7684\u67b6\u6784\u4e0a\uff0cPyOS_vsnprintf()\u51fd\u6570\u4e2d\u5b58\u5728\u6574\u6570\u6ea2\u51fa\u6f0f\u6d1e\u3002\u4ee5\u4e0b\u662f\u6709\u6f0f\u6d1e\u7684\u4ee3\u7801\u6bb5\uff1a\r\n\r\n53 int\r\n54 PyOS_vsnprintf(char *str, size_t size, const char *format, va_list va)\r\n55 {\r\n56 int len; /* # bytes written, excluding \\0 */\r\n[...]\r\n60 assert(str != NULL);\r\n61 assert(size > 0);\r\n62 assert(format != NULL);\r\n63 \r\n[...]\r\n67 /* Emulate it. */\r\n68 buffer = PyMem_MALLOC(size + 512);\r\n69 if (buffer == NULL) {\r\n70 len = -666;\r\n71 goto Done;\r\n72 }\r\n73 \r\n74 len = vsprintf(buffer, format, va);\r\n75 if (len < 0)\r\n76 /* ignore the error */;\r\n77 \r\n78 else if ((size_t)len >= size + 512)\r\n79 Py_FatalError("Buffer overflow in\r\nPyOS_snprintf/PyOS_vsnprintf");\r\n80 \r\n81 else {\r\n82 const size_t to_copy = (size_t)len < size ?\r\n83 (size_t)len : size - 1;\r\n84 assert(to_copy < size);\r\n85 memcpy(str, buffer, to_copy);\r\n86 str[to_copy] = '\\0';\r\n87 }\r\n88 PyMem_FREE(buffer);\r\n89 Done:\r\n[...]\r\n91 str[size-1] = '\\0';\r\n92 return len;\r\n93 }\r\n\r\n5) \u5982\u679c\u5411PyOS_vsnprintf()\u51fd\u6570\u4f20\u9001\u4e860\u957f\u5ea6\u7684\u5b57\u7b26\u4e32\u7684\u8bdd\uff0c\u5c31\u53ef\u80fd\u89e6\u53d1\u6574\u6570\u6ea2\u51fa\uff0c\u5bfc\u81f4\u5185\u5b58\u7834\u574f\u3002\u4ee5\u4e0b\u662f\u6709\u6f0f\u6d1e\u7684\u4ee3\u7801\u6bb5\uff1a\r\n\r\n53 int\r\n54 PyOS_vsnprintf(char *str, size_t size, const char *format, va_list va)\r\n55 {\r\n56 int len; /* # bytes written, excluding \\0 */\r\n57 #ifndef HAVE_SNPRINTF\r\n58 char *buffer;\r\n59 #endif\r\n60 assert(str != NULL);\r\n61 assert(size > 0);\r\n62 assert(format != NULL);\r\n[...]\r\n65 len = vsnprintf(str, size, format, va);\r\n[...]\r\n91 str[size-1] = '\\0';\r\n92 return len;\r\n93 }\r\n\n\npython 2.5.x\r\npython 2.4.x\n \u5382\u5546\u8865\u4e01\uff1a\r\n\r\nGentoo\r\n------\r\nGentoo\u5df2\u7ecf\u4e3a\u6b64\u53d1\u5e03\u4e86\u4e00\u4e2a\u5b89\u5168\u516c\u544a\uff08GLSA-200807-16\uff09\u4ee5\u53ca\u76f8\u5e94\u8865\u4e01:\r\nGLSA-200807-16\uff1aPython: Multiple vulnerabilities\r\n\u94fe\u63a5\uff1a<a href=http://security.gentoo.org/glsa/glsa-200807-16.xml target=_blank>http://security.gentoo.org/glsa/glsa-200807-16.xml</a>\r\n\r\n\u6240\u6709Python 2.4\u7528\u6237\u90fd\u5e94\u5347\u7ea7\u5230\u6700\u65b0\u7248\u672c\uff1a\r\n\r\n # emerge --sync\r\n # emerge --ask --oneshot --verbose ">=dev-lang/python-2.4.4-r14"\r\n\r\n\u6240\u6709Python 2.5\u7528\u6237\u90fd\u5e94\u5347\u7ea7\u5230\u6700\u65b0\u7248\u672c\uff1a\r\n\r\n # emerge --sync\r\n # emerge --ask --oneshot --verbose ">=dev-lang/python-2.5.2-r6"\r\n\r\nPython\r\n------\r\n\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u8fd9\u4e2a\u5b89\u5168\u95ee\u9898\uff0c\u8bf7\u5230\u5382\u5546\u7684\u4e3b\u9875\u4e0b\u8f7d\uff1a\r\n\r\n<a href=http://svn.python.org/view?rev=65335&view=rev target=_blank>http://svn.python.org/view?rev=65335&view=rev</a>", "cvss3": {}, "published": "2008-08-06T00:00:00", "title": "Python\u591a\u4e2a\u6574\u6570\u6ea2\u51fa\u6f0f\u6d1e", "type": "seebug", "bulletinFamily": "exploit", "cvss2": {}, "cvelist": ["CVE-2008-2315", "CVE-2008-2316", "CVE-2008-3142", "CVE-2008-3143", "CVE-2008-3144"], "modified": "2008-08-06T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-3787", "id": "SSV:3787", "sourceData": "", "sourceHref": "", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "nessus": [{"lastseen": "2023-05-18T14:45:32", "description": "It was discovered that there were new integer overflows in the imageop module. If an attacker were able to trick a Python application into processing a specially crafted image, they could execute arbitrary code with user privileges. (CVE-2008-1679)\n\nJustin Ferguson discovered that the zlib module did not correctly handle certain archives. If an attacker were able to trick a Python application into processing a specially crafted archive file, they could execute arbitrary code with user privileges. (CVE-2008-1721)\n\nJustin Ferguson discovered that certain string manipulations in Python could be made to overflow. If an attacker were able to pass a specially crafted string through the PyString_FromStringAndSize function, they could execute arbitrary code with user privileges.\n(CVE-2008-1887)\n\nMultiple integer overflows were discovered in Python's core and modules including hashlib, binascii, pickle, md5, stringobject, unicodeobject, bufferobject, longobject, tupleobject, stropmodule, gcmodule, and mmapmodule. If an attacker were able to exploit these flaws they could execute arbitrary code with user privileges or cause Python applications to crash, leading to a denial of service.\n(CVE-2008-2315, CVE-2008-2316, CVE-2008-3142, CVE-2008-3143, CVE-2008-3144).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2008-08-04T00:00:00", "type": "nessus", "title": "Ubuntu 6.06 LTS / 7.04 / 7.10 / 8.04 LTS : python2.4, python2.5 vulnerabilities (USN-632-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-1679", "CVE-2008-1721", "CVE-2008-1887", "CVE-2008-2315", "CVE-2008-2316", "CVE-2008-3142", "CVE-2008-3143", "CVE-2008-3144", "CVE-2008-5031"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:idle-python2.4", "p-cpe:/a:canonical:ubuntu_linux:idle-python2.5", "p-cpe:/a:canonical:ubuntu_linux:python2.4", "p-cpe:/a:canonical:ubuntu_linux:python2.4-dbg", "p-cpe:/a:canonical:ubuntu_linux:python2.4-dev", "p-cpe:/a:canonical:ubuntu_linux:python2.4-doc", "p-cpe:/a:canonical:ubuntu_linux:python2.4-examples", "p-cpe:/a:canonical:ubuntu_linux:python2.4-gdbm", "p-cpe:/a:canonical:ubuntu_linux:python2.4-minimal", "p-cpe:/a:canonical:ubuntu_linux:python2.4-tk", "p-cpe:/a:canonical:ubuntu_linux:python2.5", "p-cpe:/a:canonical:ubuntu_linux:python2.5-dbg", "p-cpe:/a:canonical:ubuntu_linux:python2.5-dev", "p-cpe:/a:canonical:ubuntu_linux:python2.5-doc", "p-cpe:/a:canonical:ubuntu_linux:python2.5-examples", "p-cpe:/a:canonical:ubuntu_linux:python2.5-minimal", "cpe:/o:canonical:ubuntu_linux:6.06:-:lts", "cpe:/o:canonical:ubuntu_linux:7.04", "cpe:/o:canonical:ubuntu_linux:7.10", "cpe:/o:canonical:ubuntu_linux:8.04:-:lts"], "id": "UBUNTU_USN-632-1.NASL", "href": "https://www.tenable.com/plugins/nessus/33807", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-632-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(33807);\n script_version(\"1.17\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2008-1679\", \"CVE-2008-1721\", \"CVE-2008-1887\", \"CVE-2008-2315\", \"CVE-2008-2316\", \"CVE-2008-3142\", \"CVE-2008-3143\", \"CVE-2008-3144\", \"CVE-2008-5031\");\n script_xref(name:\"USN\", value:\"632-1\");\n\n script_name(english:\"Ubuntu 6.06 LTS / 7.04 / 7.10 / 8.04 LTS : python2.4, python2.5 vulnerabilities (USN-632-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that there were new integer overflows in the imageop\nmodule. If an attacker were able to trick a Python application into\nprocessing a specially crafted image, they could execute arbitrary\ncode with user privileges. (CVE-2008-1679)\n\nJustin Ferguson discovered that the zlib module did not correctly\nhandle certain archives. If an attacker were able to trick a Python\napplication into processing a specially crafted archive file, they\ncould execute arbitrary code with user privileges. (CVE-2008-1721)\n\nJustin Ferguson discovered that certain string manipulations in Python\ncould be made to overflow. If an attacker were able to pass a\nspecially crafted string through the PyString_FromStringAndSize\nfunction, they could execute arbitrary code with user privileges.\n(CVE-2008-1887)\n\nMultiple integer overflows were discovered in Python's core and\nmodules including hashlib, binascii, pickle, md5, stringobject,\nunicodeobject, bufferobject, longobject, tupleobject, stropmodule,\ngcmodule, and mmapmodule. If an attacker were able to exploit these\nflaws they could execute arbitrary code with user privileges or cause\nPython applications to crash, leading to a denial of service.\n(CVE-2008-2315, CVE-2008-2316, CVE-2008-3142, CVE-2008-3143,\nCVE-2008-3144).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/632-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(119, 189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:idle-python2.4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:idle-python2.5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:python2.4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:python2.4-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:python2.4-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:python2.4-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:python2.4-examples\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:python2.4-gdbm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:python2.4-minimal\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:python2.4-tk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:python2.5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:python2.5-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:python2.5-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:python2.5-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:python2.5-examples\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:python2.5-minimal\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:6.06:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:7.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:7.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:8.04:-:lts\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/08/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/08/04\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2008-2019 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! ereg(pattern:\"^(6\\.06|7\\.04|7\\.10|8\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 6.06 / 7.04 / 7.10 / 8.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"6.06\", pkgname:\"idle-python2.4\", pkgver:\"2.4.3-0ubuntu6.2\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"python2.4\", pkgver:\"2.4.3-0ubuntu6.2\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"python2.4-dbg\", pkgver:\"2.4.3-0ubuntu6.2\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"python2.4-dev\", pkgver:\"2.4.3-0ubuntu6.2\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"python2.4-doc\", pkgver:\"2.4.3-0ubuntu6.2\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"python2.4-examples\", pkgver:\"2.4.3-0ubuntu6.2\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"python2.4-gdbm\", pkgver:\"2.4.3-0ubuntu6.2\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"python2.4-minimal\", pkgver:\"2.4.3-0ubuntu6.2\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"python2.4-tk\", pkgver:\"2.4.3-0ubuntu6.2\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"idle-python2.4\", pkgver:\"2.4.4-2ubuntu7.2\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"idle-python2.5\", pkgver:\"2.5.1-0ubuntu1.2\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"python2.4\", pkgver:\"2.4.4-2ubuntu7.2\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"python2.4-dbg\", pkgver:\"2.4.4-2ubuntu7.2\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"python2.4-dev\", pkgver:\"2.4.4-2ubuntu7.2\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"python2.4-doc\", pkgver:\"2.4.4-2ubuntu7.2\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"python2.4-examples\", pkgver:\"2.4.4-2ubuntu7.2\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"python2.4-minimal\", pkgver:\"2.4.4-2ubuntu7.2\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"python2.5\", pkgver:\"2.5.1-0ubuntu1.2\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"python2.5-dbg\", pkgver:\"2.5.1-0ubuntu1.2\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"python2.5-dev\", pkgver:\"2.5.1-0ubuntu1.2\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"python2.5-doc\", pkgver:\"2.5.1-0ubuntu1.2\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"python2.5-examples\", pkgver:\"2.5.1-0ubuntu1.2\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"python2.5-minimal\", pkgver:\"2.5.1-0ubuntu1.2\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"idle-python2.4\", pkgver:\"2.4.4-6ubuntu4.2\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"idle-python2.5\", pkgver:\"2.5.1-5ubuntu5.2\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"python2.4\", pkgver:\"2.4.4-6ubuntu4.2\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"python2.4-dbg\", pkgver:\"2.4.4-6ubuntu4.2\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"python2.4-dev\", pkgver:\"2.4.4-6ubuntu4.2\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"python2.4-doc\", pkgver:\"2.4.4-6ubuntu4.2\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"python2.4-examples\", pkgver:\"2.4.4-6ubuntu4.2\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"python2.4-minimal\", pkgver:\"2.4.4-6ubuntu4.2\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"python2.5\", pkgver:\"2.5.1-5ubuntu5.2\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"python2.5-dbg\", pkgver:\"2.5.1-5ubuntu5.2\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"python2.5-dev\", pkgver:\"2.5.1-5ubuntu5.2\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"python2.5-doc\", pkgver:\"2.5.1-5ubuntu5.2\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"python2.5-examples\", pkgver:\"2.5.1-5ubuntu5.2\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"python2.5-minimal\", pkgver:\"2.5.1-5ubuntu5.2\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"idle-python2.4\", pkgver:\"2.4.5-1ubuntu4.1\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"idle-python2.5\", pkgver:\"2.5.2-2ubuntu4.1\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"python2.4\", pkgver:\"2.4.5-1ubuntu4.1\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"python2.4-dbg\", pkgver:\"2.4.5-1ubuntu4.1\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"python2.4-dev\", pkgver:\"2.4.5-1ubuntu4.1\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"python2.4-doc\", pkgver:\"2.4.5-1ubuntu4.1\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"python2.4-examples\", pkgver:\"2.4.5-1ubuntu4.1\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"python2.4-minimal\", pkgver:\"2.4.5-1ubuntu4.1\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"python2.5\", pkgver:\"2.5.2-2ubuntu4.1\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"python2.5-dbg\", pkgver:\"2.5.2-2ubuntu4.1\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"python2.5-dev\", pkgver:\"2.5.2-2ubuntu4.1\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"python2.5-doc\", pkgver:\"2.5.2-2ubuntu4.1\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"python2.5-examples\", pkgver:\"2.5.2-2ubuntu4.1\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"python2.5-minimal\", pkgver:\"2.5.2-2ubuntu4.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"idle-python2.4 / idle-python2.5 / python2.4 / python2.4-dbg / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:38:59", "description": "From Red Hat Security Advisory 2009:1177 :\n\nUpdated python packages that fix multiple security issues are now available for Red Hat Enterprise Linux 4.\n\nThis update has been rated as having moderate security impact by the Red Hat Security Response Team.\n\nPython is an interpreted, interactive, object-oriented programming language.\n\nWhen the assert() system call was disabled, an input sanitization flaw was revealed in the Python string object implementation that led to a buffer overflow. The missing check for negative size values meant the Python memory allocator could allocate less memory than expected. This could result in arbitrary code execution with the Python interpreter's privileges. (CVE-2008-1887)\n\nMultiple buffer and integer overflow flaws were found in the Python Unicode string processing and in the Python Unicode and string object implementations. An attacker could use these flaws to cause a denial of service (Python application crash). (CVE-2008-3142, CVE-2008-5031)\n\nMultiple integer overflow flaws were found in the Python imageop module. If a Python application used the imageop module to process untrusted images, it could cause the application to crash or, potentially, execute arbitrary code with the Python interpreter's privileges. (CVE-2008-1679, CVE-2008-4864)\n\nMultiple integer underflow and overflow flaws were found in the Python snprintf() wrapper implementation. An attacker could use these flaws to cause a denial of service (memory corruption). (CVE-2008-3144)\n\nMultiple integer overflow flaws were found in various Python modules.\nAn attacker could use these flaws to cause a denial of service (Python application crash). (CVE-2008-2315, CVE-2008-3143)\n\nAn integer signedness error, leading to a buffer overflow, was found in the Python zlib extension module. If a Python application requested the negative byte count be flushed for a decompression stream, it could cause the application to crash or, potentially, execute arbitrary code with the Python interpreter's privileges.\n(CVE-2008-1721)\n\nRed Hat would like to thank David Remahl of the Apple Product Security team for responsibly reporting the CVE-2008-1679 and CVE-2008-2315 issues.\n\nAll Python users should upgrade to these updated packages, which contain backported patches to correct these issues.", "cvss3": {}, "published": "2013-07-12T00:00:00", "type": "nessus", "title": "Oracle Linux 4 : python (ELSA-2009-1177)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-1679", "CVE-2008-1721", "CVE-2008-1887", "CVE-2008-2315", "CVE-2008-3142", "CVE-2008-3143", "CVE-2008-3144", "CVE-2008-4864", "CVE-2008-5031"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:python", "p-cpe:/a:oracle:linux:python-devel", "p-cpe:/a:oracle:linux:python-docs", "p-cpe:/a:oracle:linux:python-tools", "p-cpe:/a:oracle:linux:tkinter", "cpe:/o:oracle:linux:4"], "id": "ORACLELINUX_ELSA-2009-1177.NASL", "href": "https://www.tenable.com/plugins/nessus/67897", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2009:1177 and \n# Oracle Linux Security Advisory ELSA-2009-1177 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(67897);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2008-1679\", \"CVE-2008-1721\", \"CVE-2008-1887\", \"CVE-2008-2315\", \"CVE-2008-3142\", \"CVE-2008-3143\", \"CVE-2008-3144\", \"CVE-2008-4864\", \"CVE-2008-5031\");\n script_bugtraq_id(28715, 28749, 30491, 31932, 31976, 33187);\n script_xref(name:\"RHSA\", value:\"2009:1177\");\n\n script_name(english:\"Oracle Linux 4 : python (ELSA-2009-1177)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2009:1177 :\n\nUpdated python packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 4.\n\nThis update has been rated as having moderate security impact by the\nRed Hat Security Response Team.\n\nPython is an interpreted, interactive, object-oriented programming\nlanguage.\n\nWhen the assert() system call was disabled, an input sanitization flaw\nwas revealed in the Python string object implementation that led to a\nbuffer overflow. The missing check for negative size values meant the\nPython memory allocator could allocate less memory than expected. This\ncould result in arbitrary code execution with the Python interpreter's\nprivileges. (CVE-2008-1887)\n\nMultiple buffer and integer overflow flaws were found in the Python\nUnicode string processing and in the Python Unicode and string object\nimplementations. An attacker could use these flaws to cause a denial\nof service (Python application crash). (CVE-2008-3142, CVE-2008-5031)\n\nMultiple integer overflow flaws were found in the Python imageop\nmodule. If a Python application used the imageop module to process\nuntrusted images, it could cause the application to crash or,\npotentially, execute arbitrary code with the Python interpreter's\nprivileges. (CVE-2008-1679, CVE-2008-4864)\n\nMultiple integer underflow and overflow flaws were found in the Python\nsnprintf() wrapper implementation. An attacker could use these flaws\nto cause a denial of service (memory corruption). (CVE-2008-3144)\n\nMultiple integer overflow flaws were found in various Python modules.\nAn attacker could use these flaws to cause a denial of service (Python\napplication crash). (CVE-2008-2315, CVE-2008-3143)\n\nAn integer signedness error, leading to a buffer overflow, was found\nin the Python zlib extension module. If a Python application requested\nthe negative byte count be flushed for a decompression stream, it\ncould cause the application to crash or, potentially, execute\narbitrary code with the Python interpreter's privileges.\n(CVE-2008-1721)\n\nRed Hat would like to thank David Remahl of the Apple Product Security\nteam for responsibly reporting the CVE-2008-1679 and CVE-2008-2315\nissues.\n\nAll Python users should upgrade to these updated packages, which\ncontain backported patches to correct these issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2009-July/001091.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected python packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(119, 189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:python\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:python-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:python-docs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:python-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:tkinter\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:4\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2008/04/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/07/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^4([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 4\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL4\", reference:\"python-2.3.4-14.7.el4_8.2\")) flag++;\nif (rpm_check(release:\"EL4\", reference:\"python-devel-2.3.4-14.7.el4_8.2\")) flag++;\nif (rpm_check(release:\"EL4\", reference:\"python-docs-2.3.4-14.7.el4_8.2\")) flag++;\nif (rpm_check(release:\"EL4\", reference:\"python-tools-2.3.4-14.7.el4_8.2\")) flag++;\nif (rpm_check(release:\"EL4\", reference:\"tkinter-2.3.4-14.7.el4_8.2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"python / python-devel / python-docs / python-tools / tkinter\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:24:42", "description": "When the assert() system call was disabled, an input sanitization flaw was revealed in the Python string object implementation that led to a buffer overflow. The missing check for negative size values meant the Python memory allocator could allocate less memory than expected. This could result in arbitrary code execution with the Python interpreter's privileges. (CVE-2008-1887)\n\nMultiple buffer and integer overflow flaws were found in the Python Unicode string processing and in the Python Unicode and string object implementations. An attacker could use these flaws to cause a denial of service (Python application crash). (CVE-2008-3142, CVE-2008-5031)\n\nMultiple integer overflow flaws were found in the Python imageop module. If a Python application used the imageop module to process untrusted images, it could cause the application to crash or, potentially, execute arbitrary code with the Python interpreter's privileges. (CVE-2008-1679, CVE-2008-4864)\n\nMultiple integer underflow and overflow flaws were found in the Python snprintf() wrapper implementation. An attacker could use these flaws to cause a denial of service (memory corruption). (CVE-2008-3144)\n\nMultiple integer overflow flaws were found in various Python modules.\nAn attacker could use these flaws to cause a denial of service (Python application crash). (CVE-2008-2315, CVE-2008-3143)\n\nAn integer signedness error, leading to a buffer overflow, was found in the Python zlib extension module. If a Python application requested the negative byte count be flushed for a decompression stream, it could cause the application to crash or, potentially, execute arbitrary code with the Python interpreter's privileges.\n(CVE-2008-1721)\n\nWould like to thank David Remahl of the Apple Product Security team for responsibly reporting the CVE-2008-1679 and CVE-2008-2315 issues.", "cvss3": {}, "published": "2012-08-01T00:00:00", "type": "nessus", "title": "Scientific Linux Security Update : python for SL 4.x on i386/x86_64", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-1679", "CVE-2008-1721", "CVE-2008-1887", "CVE-2008-2315", "CVE-2008-3142", "CVE-2008-3143", "CVE-2008-3144", "CVE-2008-4864", "CVE-2008-5031"], "modified": "2021-01-14T00:00:00", "cpe": ["x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20090728_PYTHON_FOR_SL_4_X.NASL", "href": "https://www.tenable.com/plugins/nessus/60625", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(60625);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2008-1679\", \"CVE-2008-1721\", \"CVE-2008-1887\", \"CVE-2008-2315\", \"CVE-2008-3142\", \"CVE-2008-3143\", \"CVE-2008-3144\", \"CVE-2008-4864\", \"CVE-2008-5031\");\n\n script_name(english:\"Scientific Linux Security Update : python for SL 4.x on i386/x86_64\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"When the assert() system call was disabled, an input sanitization flaw\nwas revealed in the Python string object implementation that led to a\nbuffer overflow. The missing check for negative size values meant the\nPython memory allocator could allocate less memory than expected. This\ncould result in arbitrary code execution with the Python interpreter's\nprivileges. (CVE-2008-1887)\n\nMultiple buffer and integer overflow flaws were found in the Python\nUnicode string processing and in the Python Unicode and string object\nimplementations. An attacker could use these flaws to cause a denial\nof service (Python application crash). (CVE-2008-3142, CVE-2008-5031)\n\nMultiple integer overflow flaws were found in the Python imageop\nmodule. If a Python application used the imageop module to process\nuntrusted images, it could cause the application to crash or,\npotentially, execute arbitrary code with the Python interpreter's\nprivileges. (CVE-2008-1679, CVE-2008-4864)\n\nMultiple integer underflow and overflow flaws were found in the Python\nsnprintf() wrapper implementation. An attacker could use these flaws\nto cause a denial of service (memory corruption). (CVE-2008-3144)\n\nMultiple integer overflow flaws were found in various Python modules.\nAn attacker could use these flaws to cause a denial of service (Python\napplication crash). (CVE-2008-2315, CVE-2008-3143)\n\nAn integer signedness error, leading to a buffer overflow, was found\nin the Python zlib extension module. If a Python application requested\nthe negative byte count be flushed for a decompression stream, it\ncould cause the application to crash or, potentially, execute\narbitrary code with the Python interpreter's privileges.\n(CVE-2008-1721)\n\nWould like to thank David Remahl of the Apple Product Security team\nfor responsibly reporting the CVE-2008-1679 and CVE-2008-2315 issues.\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind0907&L=scientific-linux-errata&T=0&P=2154\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?8536e4cc\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_cwe_id(119, 189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2008/04/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/08/01\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL4\", reference:\"python-2.3.4-14.7.el4_8.2\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"python-devel-2.3.4-14.7.el4_8.2\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"python-docs-2.3.4-14.7.el4_8.2\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"python-tools-2.3.4-14.7.el4_8.2\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"tkinter-2.3.4-14.7.el4_8.2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:24:43", "description": "Updated python packages that fix multiple security issues are now available for Red Hat Enterprise Linux 4.\n\nThis update has been rated as having moderate security impact by the Red Hat Security Response Team.\n\nPython is an interpreted, interactive, object-oriented programming language.\n\nWhen the assert() system call was disabled, an input sanitization flaw was revealed in the Python string object implementation that led to a buffer overflow. The missing check for negative size values meant the Python memory allocator could allocate less memory than expected. This could result in arbitrary code execution with the Python interpreter's privileges. (CVE-2008-1887)\n\nMultiple buffer and integer overflow flaws were found in the Python Unicode string processing and in the Python Unicode and string object implementations. An attacker could use these flaws to cause a denial of service (Python application crash). (CVE-2008-3142, CVE-2008-5031)\n\nMultiple integer overflow flaws were found in the Python imageop module. If a Python application used the imageop module to process untrusted images, it could cause the application to crash or, potentially, execute arbitrary code with the Python interpreter's privileges. (CVE-2008-1679, CVE-2008-4864)\n\nMultiple integer underflow and overflow flaws were found in the Python snprintf() wrapper implementation. An attacker could use these flaws to cause a denial of service (memory corruption). (CVE-2008-3144)\n\nMultiple integer overflow flaws were found in various Python modules.\nAn attacker could use these flaws to cause a denial of service (Python application crash). (CVE-2008-2315, CVE-2008-3143)\n\nAn integer signedness error, leading to a buffer overflow, was found in the Python zlib extension module. If a Python application requested the negative byte count be flushed for a decompression stream, it could cause the application to crash or, potentially, execute arbitrary code with the Python interpreter's privileges.\n(CVE-2008-1721)\n\nRed Hat would like to thank David Remahl of the Apple Product Security team for responsibly reporting the CVE-2008-1679 and CVE-2008-2315 issues.\n\nAll Python users should upgrade to these updated packages, which contain backported patches to correct these issues.", "cvss3": {}, "published": "2009-07-28T00:00:00", "type": "nessus", "title": "RHEL 4 : python (RHSA-2009:1177)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-1679", "CVE-2008-1721", "CVE-2008-1887", "CVE-2008-2315", "CVE-2008-3142", "CVE-2008-3143", "CVE-2008-3144", "CVE-2008-4864", "CVE-2008-5031"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:python", "p-cpe:/a:redhat:enterprise_linux:python-devel", "p-cpe:/a:redhat:enterprise_linux:python-docs", "p-cpe:/a:redhat:enterprise_linux:python-tools", "p-cpe:/a:redhat:enterprise_linux:tkinter", "cpe:/o:redhat:enterprise_linux:4", "cpe:/o:redhat:enterprise_linux:4.8"], "id": "REDHAT-RHSA-2009-1177.NASL", "href": "https://www.tenable.com/plugins/nessus/40401", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2009:1177. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(40401);\n script_version(\"1.27\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2008-1679\", \"CVE-2008-1721\", \"CVE-2008-1887\", \"CVE-2008-2315\", \"CVE-2008-3142\", \"CVE-2008-3143\", \"CVE-2008-3144\", \"CVE-2008-4864\", \"CVE-2008-5031\");\n script_bugtraq_id(28715, 28749, 30491, 31932, 31976, 33187);\n script_xref(name:\"RHSA\", value:\"2009:1177\");\n\n script_name(english:\"RHEL 4 : python (RHSA-2009:1177)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated python packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 4.\n\nThis update has been rated as having moderate security impact by the\nRed Hat Security Response Team.\n\nPython is an interpreted, interactive, object-oriented programming\nlanguage.\n\nWhen the assert() system call was disabled, an input sanitization flaw\nwas revealed in the Python string object implementation that led to a\nbuffer overflow. The missing check for negative size values meant the\nPython memory allocator could allocate less memory than expected. This\ncould result in arbitrary code execution with the Python interpreter's\nprivileges. (CVE-2008-1887)\n\nMultiple buffer and integer overflow flaws were found in the Python\nUnicode string processing and in the Python Unicode and string object\nimplementations. An attacker could use these flaws to cause a denial\nof service (Python application crash). (CVE-2008-3142, CVE-2008-5031)\n\nMultiple integer overflow flaws were found in the Python imageop\nmodule. If a Python application used the imageop module to process\nuntrusted images, it could cause the application to crash or,\npotentially, execute arbitrary code with the Python interpreter's\nprivileges. (CVE-2008-1679, CVE-2008-4864)\n\nMultiple integer underflow and overflow flaws were found in the Python\nsnprintf() wrapper implementation. An attacker could use these flaws\nto cause a denial of service (memory corruption). (CVE-2008-3144)\n\nMultiple integer overflow flaws were found in various Python modules.\nAn attacker could use these flaws to cause a denial of service (Python\napplication crash). (CVE-2008-2315, CVE-2008-3143)\n\nAn integer signedness error, leading to a buffer overflow, was found\nin the Python zlib extension module. If a Python application requested\nthe negative byte count be flushed for a decompression stream, it\ncould cause the application to crash or, potentially, execute\narbitrary code with the Python interpreter's privileges.\n(CVE-2008-1721)\n\nRed Hat would like to thank David Remahl of the Apple Product Security\nteam for responsibly reporting the CVE-2008-1679 and CVE-2008-2315\nissues.\n\nAll Python users should upgrade to these updated packages, which\ncontain backported patches to correct these issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-1679\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-1721\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-1887\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-2315\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-3142\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-3143\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-3144\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-4864\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-5031\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2009:1177\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(119, 189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-docs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tkinter\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4.8\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2008/04/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/07/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/07/28\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^4([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 4.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2009:1177\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL4\", reference:\"python-2.3.4-14.7.el4_8.2\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"python-devel-2.3.4-14.7.el4_8.2\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"python-docs-2.3.4-14.7.el4_8.2\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"python-tools-2.3.4-14.7.el4_8.2\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"tkinter-2.3.4-14.7.el4_8.2\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"python / python-devel / python-docs / python-tools / tkinter\");\n }\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-19T14:12:57", "description": "New python packages are available for Slackware 10.1, 10.2, 11.0, 12.0, 12.1, and -current to fix security issues.", "cvss3": {}, "published": "2008-08-05T00:00:00", "type": "nessus", "title": "Slackware 10.1 / 10.2 / 11.0 / 12.0 / 12.1 / current : python (SSA:2008-217-01)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-1679", "CVE-2008-1721", "CVE-2008-2315", "CVE-2008-2316", "CVE-2008-3142", "CVE-2008-3144"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:slackware:slackware_linux:python", "p-cpe:/a:slackware:slackware_linux:python-demo", "p-cpe:/a:slackware:slackware_linux:python-tools", "cpe:/o:slackware:slackware_linux", "cpe:/o:slackware:slackware_linux:10.1", "cpe:/o:slackware:slackware_linux:10.2", "cpe:/o:slackware:slackware_linux:11.0", "cpe:/o:slackware:slackware_linux:12.0", "cpe:/o:slackware:slackware_linux:12.1"], "id": "SLACKWARE_SSA_2008-217-01.NASL", "href": "https://www.tenable.com/plugins/nessus/33824", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Slackware Security Advisory 2008-217-01. The text \n# itself is copyright (C) Slackware Linux, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(33824);\n script_version(\"1.19\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2008-1679\", \"CVE-2008-1721\", \"CVE-2008-2315\", \"CVE-2008-2316\", \"CVE-2008-3142\", \"CVE-2008-3144\");\n script_bugtraq_id(28715, 30491);\n script_xref(name:\"SSA\", value:\"2008-217-01\");\n\n script_name(english:\"Slackware 10.1 / 10.2 / 11.0 / 12.0 / 12.1 / current : python (SSA:2008-217-01)\");\n script_summary(english:\"Checks for updated packages in /var/log/packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Slackware host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"New python packages are available for Slackware 10.1, 10.2, 11.0,\n12.0, 12.1, and -current to fix security issues.\"\n );\n # http://www.slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.525289\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?41912d97\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected python, python-demo and / or python-tools\npackages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(119, 189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:slackware:slackware_linux:python\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:slackware:slackware_linux:python-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:slackware:slackware_linux:python-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:10.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:10.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:11.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:12.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:12.1\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2008/04/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/08/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/08/05\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Slackware Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Slackware/release\", \"Host/Slackware/packages\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"slackware.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Slackware/release\")) audit(AUDIT_OS_NOT, \"Slackware\");\nif (!get_kb_item(\"Host/Slackware/packages\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Slackware\", cpu);\n\n\nflag = 0;\nif (slackware_check(osver:\"10.1\", pkgname:\"python\", pkgver:\"2.4.5\", pkgarch:\"i486\", pkgnum:\"1_slack10.1\")) flag++;\nif (slackware_check(osver:\"10.1\", pkgname:\"python-demo\", pkgver:\"2.4.5\", pkgarch:\"noarch\", pkgnum:\"1_slack10.1\")) flag++;\nif (slackware_check(osver:\"10.1\", pkgname:\"python-tools\", pkgver:\"2.4.5\", pkgarch:\"noarch\", pkgnum:\"1_slack10.1\")) flag++;\n\nif (slackware_check(osver:\"10.2\", pkgname:\"python\", pkgver:\"2.4.5\", pkgarch:\"i486\", pkgnum:\"1_slack10.2\")) flag++;\nif (slackware_check(osver:\"10.2\", pkgname:\"python-demo\", pkgver:\"2.4.5\", pkgarch:\"noarch\", pkgnum:\"1_slack10.2\")) flag++;\nif (slackware_check(osver:\"10.2\", pkgname:\"python-tools\", pkgver:\"2.4.5\", pkgarch:\"noarch\", pkgnum:\"1_slack10.2\")) flag++;\n\nif (slackware_check(osver:\"11.0\", pkgname:\"python\", pkgver:\"2.4.5\", pkgarch:\"i486\", pkgnum:\"1_slack11.0\")) flag++;\n\nif (slackware_check(osver:\"12.0\", pkgname:\"python\", pkgver:\"2.5.2\", pkgarch:\"i486\", pkgnum:\"1_slack12.0\")) flag++;\n\nif (slackware_check(osver:\"12.1\", pkgname:\"python\", pkgver:\"2.5.2\", pkgarch:\"i486\", pkgnum:\"2_slack12.1\")) flag++;\n\nif (slackware_check(osver:\"current\", pkgname:\"python\", pkgver:\"2.5.2\", pkgarch:\"i486\", pkgnum:\"2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:slackware_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:24:43", "description": "Updated python packages that fix multiple security issues are now available for Red Hat Enterprise Linux 3.\n\nThis update has been rated as having moderate security impact by the Red Hat Security Response Team.\n\nPython is an interpreted, interactive, object-oriented programming language.\n\nWhen the assert() system call was disabled, an input sanitization flaw was revealed in the Python string object implementation that led to a buffer overflow. The missing check for negative size values meant the Python memory allocator could allocate less memory than expected. This could result in arbitrary code execution with the Python interpreter's privileges. (CVE-2008-1887)\n\nMultiple buffer and integer overflow flaws were found in the Python Unicode string processing and in the Python Unicode and string object implementations. An attacker could use these flaws to cause a denial of service (Python application crash). (CVE-2008-3142, CVE-2008-5031)\n\nMultiple integer overflow flaws were found in the Python imageop module. If a Python application used the imageop module to process untrusted images, it could cause the application to crash or, potentially, execute arbitrary code with the Python interpreter's privileges. (CVE-2008-1679, CVE-2008-4864)\n\nMultiple integer underflow and overflow flaws were found in the Python snprintf() wrapper implementation. An attacker could use these flaws to cause a denial of service (memory corruption). (CVE-2008-3144)\n\nMultiple integer overflow flaws were found in various Python modules.\nAn attacker could use these flaws to cause a denial of service (Python application crash). (CVE-2008-2315, CVE-2008-3143)\n\nRed Hat would like to thank David Remahl of the Apple Product Security team for responsibly reporting the CVE-2008-1679 and CVE-2008-2315 issues.\n\nAll Python users should upgrade to these updated packages, which contain backported patches to correct these issues.", "cvss3": {}, "published": "2009-07-28T00:00:00", "type": "nessus", "title": "RHEL 3 : python (RHSA-2009:1178)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-1679", "CVE-2008-1887", "CVE-2008-2315", "CVE-2008-3142", "CVE-2008-3143", "CVE-2008-3144", "CVE-2008-4864", "CVE-2008-5031"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:python", "p-cpe:/a:redhat:enterprise_linux:python-devel", "p-cpe:/a:redhat:enterprise_linux:python-tools", "p-cpe:/a:redhat:enterprise_linux:tkinter", "cpe:/o:redhat:enterprise_linux:3"], "id": "REDHAT-RHSA-2009-1178.NASL", "href": "https://www.tenable.com/plugins/nessus/40402", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2009:1178. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(40402);\n script_version(\"1.26\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2008-1679\", \"CVE-2008-1887\", \"CVE-2008-2315\", \"CVE-2008-3142\", \"CVE-2008-3143\", \"CVE-2008-3144\", \"CVE-2008-4864\", \"CVE-2008-5031\");\n script_bugtraq_id(28715, 28749, 30491, 31932, 31976, 33187);\n script_xref(name:\"RHSA\", value:\"2009:1178\");\n\n script_name(english:\"RHEL 3 : python (RHSA-2009:1178)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated python packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 3.\n\nThis update has been rated as having moderate security impact by the\nRed Hat Security Response Team.\n\nPython is an interpreted, interactive, object-oriented programming\nlanguage.\n\nWhen the assert() system call was disabled, an input sanitization flaw\nwas revealed in the Python string object implementation that led to a\nbuffer overflow. The missing check for negative size values meant the\nPython memory allocator could allocate less memory than expected. This\ncould result in arbitrary code execution

Mac OS X Multiple Vulnerabilities (Security Update 2009-001)

Description

Related