The remote host is running a version of Mac OS X 10.4 that does not have Security Update 2009-002 applied.
This security update contains fixes for the following products :
- Apache
- ATS
- BIND
- CoreGraphics
- Cscope
- CUPS
- Disk Images
- enscript
- Flash Player plug-in
- Help Viewer
- IPSec
- Kerberos
- Launch Services
- libxml
- Net-SNMP
- Network Time
- OpenSSL
- QuickDraw Manager
- Spotlight
- system_cmds
- telnet
- Terminal
- X11
{"securityvulns": [{"lastseen": "2018-08-31T11:10:30", "description": "About the security content of Security Update 2009-002 / Mac OS X v10.5.7\r\n\r\n * Last Modified: May 12, 2009\r\n * Article: HT3549\r\n\r\nSummary\r\n\r\nThis document describes the security content of Security Update 2009-002 / Mac OS X v10.5.7, which can be downloaded and installed via Software Update preferences, or from Apple Downloads.\r\n\r\nFor the protection of our customers, Apple does not disclose, discuss, or confirm security issues until a full investigation has occurred and any necessary patches or releases are available. To learn more about Apple Product Security, see the Apple Product Security website.\r\n\r\nFor information about the Apple Product Security PGP Key, see "How to use the Apple Product Security PGP Key."\r\n\r\nWhere possible, CVE IDs are used to reference the vulnerabilities for further information.\r\n\r\nTo learn about other Security Updates, see "Apple Security Updates."\r\nProducts Affected\r\n\r\nProduct Security, Mac OS X 10.5\r\nSecurity Update 2009-002 / Mac OS X v10.5.7\r\n\r\n *\r\n\r\n Apache\r\n\r\n CVE-ID: CVE-2008-2939\r\n\r\n Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11\r\n\r\n Impact: Visiting a malicious website via a proxy may result in cross-site scripting\r\n\r\n Description: An input validation issue exists in Apache's handling of FTP proxy requests containing wildcard characters. Visiting a malicious website via an Apache proxy may result in a cross-site scripting attack. This update addresses the issue by applying the Apache patch for version 2.0.63. Further information is available via the Apache web site at http://httpd.apache.org/ Apache 2.0.x is only shipped with Mac OS X Server v10.4.x systems. Mac OS X v10.5.x and Mac OS X Server v10.5.x ship with Apache 2.2.x.\r\n\r\n *\r\n\r\n Apache\r\n\r\n CVE-ID: CVE-2008-2939\r\n\r\n Available for: Mac OS X v10.5 through v10.5.6, Mac OS X Server v10.5 through v10.5.6\r\n\r\n Impact: Visiting a malicious website via a proxy may result in cross-site scripting\r\n\r\n Description: An input validation issue exists in Apache 2.2.9's handling of FTP proxy requests containing wildcard characters. Visiting a malicious website via an Apache proxy may result in a cross-site scripting attack. This update addresses the issue by updating Apache to version 2.2.11. Further information is available via the Apache web site at http://httpd.apache.org/\r\n\r\n *\r\n\r\n Apache\r\n\r\n CVE-ID: CVE-2008-0456\r\n\r\n Available for: Mac OS X v10.5 through v10.5.6, Mac OS X Server v10.5 through v10.5.6\r\n\r\n Impact: Web sites that allow users to control the name of a served file may be vulnerable to HTTP response injection\r\n\r\n Description: A request forgery issue exists in Apache. Apache does not escape filenames when negotiating the correct content type to send to a remote browser. A user who can publish files with specially crafted names to a web site can substitute their own response for any web page hosted on the system. This update addresses the issue by escaping filenames in content negotiation responses.\r\n\r\n *\r\n\r\n ATS\r\n\r\n CVE-ID: CVE-2009-0154\r\n\r\n Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5 through v10.5.6, Mac OS X Server v10.5 through v10.5.6\r\n\r\n Impact: Viewing or downloading a document containing a maliciously crafted embedded CFF font may lead to arbitrary code execution\r\n\r\n Description: A heap buffer overflow exists in Apple Type Services' handling of Compact Font Format (CFF) fonts. Viewing or downloading a document containing a maliciously crafted embedded CFF font may lead to arbitrary code execution. This update addresses the issue through improved bounds checking. Credit to Charlie Miller of Independent Security Evaluators working with TippingPoint's Zero Day Initiative for reporting this issue.\r\n\r\n *\r\n\r\n BIND\r\n\r\n CVE-ID: CVE-2009-0025\r\n\r\n Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5 through v10.5.6, Mac OS X Server v10.5 through v10.5.6\r\n\r\n Impact: BIND is susceptible to a spoofing attack if configured to use DNSSEC\r\n\r\n Description: BIND incorrectly checks the return value of the OpenSSL DSA_do_verify function. On systems using the DNS Security Extensions (DNSSEC) protocol, a maliciously crafted DSA certificate could bypass the validation, which may lead to a spoofing attack. By default, DNSSEC is not enabled. This update addresses the issue by updating BIND to version 9.3.6-P1 on Mac OS X v10.4, and version 9.4.3-P1 for Mac OS X v10.5 systems. Further information is available via the ISC web site at https://www.isc.org/\r\n\r\n *\r\n\r\n CFNetwork\r\n\r\n CVE-ID: CVE-2009-0144\r\n\r\n Available for: Mac OS X v10.5 through v10.5.6, Mac OS X Server v10.5 through v10.5.6\r\n\r\n Impact: Applications that use CFNetwork may send secure cookies in unencrypted HTTP requests\r\n\r\n Description: An implementation issue exists in CFNetwork's parsing of Set-Cookie headers, which may result in certain cookies being unexpectedly sent over a non-encrypted connection. This issue affects non-RFC compliant Set-Cookie headers that are accepted for compatibility reasons. This may result in applications that use CFNetwork, such as Safari, sending sensitive information in unencrypted HTTP requests. This update addresses the issue through improved parsing of Set-Cookie headers. This issue does not affect systems prior to Mac OS X v10.5. Credit to Andrew Mortensen of the University of Michigan for reporting this issue.\r\n\r\n *\r\n\r\n CFNetwork\r\n\r\n CVE-ID: CVE-2009-0157\r\n\r\n Available for: Mac OS X v10.5 through v10.5.6, Mac OS X Server v10.5 through v10.5.6\r\n\r\n Impact: Visiting a malicious website may lead to an unexpected application termination or arbitrary code execution\r\n\r\n Description: A heap buffer overflow exists in the handling of overly long HTTP headers in CFNetwork. Visiting a malicious website may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue by performing additional validation of HTTP headers. This issue does not affect systems prior to Mac OS X v10.5. Credit to Moritz Jodeit of n.runs AG for reporting this issue.\r\n\r\n *\r\n\r\n CoreGraphics\r\n\r\n CVE-ID: CVE-2009-0145\r\n\r\n Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5 through v10.5.6, Mac OS X Server v10.5 through v10.5.6\r\n\r\n Impact: Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution\r\n\r\n Description: Multiple memory corruption issues exist in CoreGraphics' handling of PDF files. Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution. This update addresses the issues through improved bounds and error checking.\r\n\r\n *\r\n\r\n CoreGraphics\r\n\r\n CVE-ID: CVE-2009-0155\r\n\r\n Available for: Mac OS X v10.5 through v10.5.6, Mac OS X Server v10.5 through v10.5.6\r\n\r\n Impact: Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution\r\n\r\n Description: An integer underflow in CoreGraphics' handling of PDF files may result in a heap buffer overflow. Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue through improved bounds checking. This issue does not affect systems prior to Mac OS X v10.5. Credit to Barry K. Nathan for reporting this issue.\r\n\r\n *\r\n\r\n CoreGraphics\r\n\r\n CVE-ID: CVE-2009-0146, CVE-2009-0147, CVE-2009-0165\r\n\r\n Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5 through v10.5.6, Mac OS X Server v10.5 through v10.5.6\r\n\r\n Impact: Viewing or downloading a PDF file containing a maliciously crafted JBIG2 stream may lead to an unexpected application termination or arbitrary code execution\r\n\r\n Description: Multiple heap buffer overflows exist in CoreGraphics' handling of PDF files containing JBIG2 streams. Viewing or downloading a PDF file containing a maliciously crafted JBIG2 stream may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue through improved bounds checking. Credit to Apple, Alin Rad Pop of Secunia Research, and Will Dormann of CERT/CC for reporting this issue.\r\n\r\n *\r\n\r\n Cscope\r\n\r\n CVE-ID: CVE-2009-0148\r\n\r\n Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5 through v10.5.6, Mac OS X Server v10.5 through v10.5.6\r\n\r\n Impact: Processing a maliciously crafted source file with Cscope may lead to an unexpected application termination or arbitrary code execution\r\n\r\n Description: A stack buffer overflow exists in Cscope's handling of long file system path names. Using Cscope to process a maliciously crafted source file may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue through improved bounds checking.\r\n\r\n *\r\n\r\n CUPS\r\n\r\n CVE-ID: CVE-2009-0164\r\n\r\n Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5 through v10.5.6, Mac OS X Server v10.5 through v10.5.6\r\n\r\n Impact: Visiting a maliciously crafted web site may lead to unauthorized access of the Web Interface of CUPS\r\n\r\n Description: Under certain circumstances, the Web Interface of CUPS 1.3.9 and earlier may be accessible to attackers through DNS rebinding attacks. In the default configuration, this may allow a maliciously crafted website to start and stop printers, and access information about printers and jobs. This update addresses the issue by performing additional validation of the Host header. Credit: Apple.\r\n\r\n *\r\n\r\n Disk Images\r\n\r\n CVE-ID: CVE-2009-0150\r\n\r\n Available for: Mac OS X v10.5 through v10.5.6, Mac OS X Server v10.5 through v10.5.6\r\n\r\n Impact: Mounting a maliciously crafted disk image may lead to an unexpected application termination or arbitrary code execution\r\n\r\n Description: A stack buffer overflow exists in the handling of disk images. Mounting a maliciously crafted sparse disk image may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue through improved bounds checking. This issue does not affect systems prior to Mac OS X v10.5. Credit to Tiller Beauchamp of IOActive for reporting this issue.\r\n\r\n *\r\n\r\n Disk Images\r\n\r\n CVE-ID: CVE-2009-0149\r\n\r\n Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5 through v10.5.6, Mac OS X Server v10.5 through v10.5.6\r\n\r\n Impact: Mounting a maliciously crafted disk image may lead to an unexpected application termination or arbitrary code execution\r\n\r\n Description: Multiple memory corruption issues exist in the handling of disk images. Mounting a maliciously crafted sparse disk image may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue through improved bounds checking. Credit: Apple.\r\n\r\n *\r\n\r\n enscript\r\n\r\n CVE-ID: CVE-2004-1184, CVE-2004-1185, CVE-2004-1186, CVE-2008-3863\r\n\r\n Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5 through v10.5.6, Mac OS X Server v10.5 through v10.5.6\r\n\r\n Impact: Multiple vulnerabilities in enscript\r\n\r\n Description: enscript is updated to version 1.6.4 to address several vulnerabilities, the most serious of which may lead to arbitrary code execution. Further information is available via the gnu web site at http://www.gnu.org/software/enscript/\r\n\r\n *\r\n\r\n Flash Player plug-in\r\n\r\n CVE-ID: CVE-2009-0519, CVE-2009-0520, CVE-2009-0114\r\n\r\n Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5 through v10.5.6, Mac OS X Server v10.5 through v10.5.6\r\n\r\n Impact: Multiple vulnerabilities in Adobe Flash Player plug-in\r\n\r\n Description: Multiple issues exist in the Adobe Flash Player plug-in, the most serious of which may lead to arbitrary code execution when viewing a maliciously crafted web site. The issues are addressed by updating the Flash Player plug-in on Mac OS v10.5.x systems to version 10.0.22.87, and to version 9.0.159.0 on Mac OS X v10.4.11 systems. Further information is available via the Adobe web site at http://www.adobe.com/support/security/bulletins/apsb09-01.html\r\n\r\n *\r\n\r\n Help Viewer\r\n\r\n CVE-ID: CVE-2009-0942\r\n\r\n Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5 through v10.5.6, Mac OS X Server v10.5 through v10.5.6\r\n\r\n Impact: Accessing a maliciously crafted "help:" URL may lead to arbitrary code execution\r\n\r\n Description: Help Viewer loads Cascading Style Sheets referenced in URL parameters without validating that the referenced style sheets are located within a registered help book. A malicious "help:" URL may be used to invoke arbitrary AppleScript files, which may lead to arbitrary code execution. This update addresses the issue through improved validation of file system paths when loading stylesheets. Credit to Brian Mastenbrook for reporting this issue.\r\n\r\n *\r\n\r\n Help Viewer\r\n\r\n CVE-ID: CVE-2009-0943\r\n\r\n Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5 through v10.5.6, Mac OS X Server v10.5 through v10.5.6\r\n\r\n Impact: Accessing a maliciously crafted "help:" URL may lead to arbitrary code execution\r\n\r\n Description: Help Viewer does not validate that full paths to HTML documents are within registered help books. A malicious "help:" URL may be used to invoke arbitrary AppleScript files, which may lead to arbitrary code execution. This update addresses the issue through improved validation of "help:" URLs. Credit to Brian Mastenbrook for reporting this issue.\r\n\r\n *\r\n\r\n iChat\r\n\r\n CVE-ID: CVE-2009-0152\r\n\r\n Available for: Mac OS X v10.5 through v10.5.6, Mac OS X Server v10.5 through v10.5.6\r\n\r\n Impact: iChat AIM communications configured for SSL may downgrade to plaintext\r\n\r\n Description: iChat supports Secure Sockets Layer (SSL) for AOL Instant Messenger and Jabber accounts. iChat automatically disables SSL for AOL Instant Messenger accounts when it is unable to connect, and sends subsequent communications in plain text until SSL is manually re-enabled. A remote attacker with the ability to observe network traffic from an affected system may obtain the contents of AOL Instant Messenger conversations. This update addresses the issue by changing the behavior of iChat to always attempt to use SSL, and to use less secure channels only if the "Require SSL" preference is not enabled. This issue does not affect systems prior to Mac OS X v10.5, as they do not support SSL for iChat accounts.\r\n\r\n *\r\n\r\n International Components for Unicode\r\n\r\n CVE-ID: CVE-2009-0153\r\n\r\n Available for: Mac OS X v10.5 through v10.5.6, Mac OS X Server v10.5 through v10.5.6\r\n\r\n Impact: Maliciously crafted content may bypass website filters and result in cross-site scripting\r\n\r\n Description: An implementation issue exists in ICU's handling of certain character encodings. Using ICU to convert invalid byte sequences to Unicode may result in over-consumption, where trailing bytes are considered part of the original character. This may be leveraged by an attacker to bypass filters on websites that attempt to mitigate cross-site scripting. This update addresses the issue through improved handling of invalid byte sequences. This issue does not affect systems prior to Mac OS X v10.5. Credit to Chris Weber of Casaba Security for reporting this issue.\r\n\r\n *\r\n\r\n IPSec\r\n\r\n CVE-ID: CVE-2008-3651, CVE-2008-3652\r\n\r\n Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5 through v10.5.6, Mac OS X Server v10.5 through v10.5.6\r\n\r\n Impact: Multiple vulnerabilities in the racoon daemon may lead to a denial of service\r\n\r\n Description: Multiple memory leaks exist in the racoon daemon in ipsec-tools before 0.7.1, which may lead to a denial of service. This update addresses the issues through improved memory management.\r\n\r\n *\r\n\r\n Kerberos\r\n\r\n CVE-ID: CVE-2009-0845\r\n\r\n Available for: Mac OS X v10.5 through v10.5.6, Mac OS X Server v10.5 through v10.5.6\r\n\r\n Impact: Processing a maliciously crafted authentication packet may lead to a denial of service of a Kerberos-enabled program\r\n\r\n Description: A null pointer dereference issue exists in the Kerberos SPNEGO support. Processing a maliciously crafted authentication packet may lead to a denial of service of a Kerberos-enabled program. This update addresses the issue by adding a check for a null pointer. This issue does not affect systems prior to Mac OS X v10.5.\r\n\r\n *\r\n\r\n Kerberos\r\n\r\n CVE-ID: CVE-2009-0846, CVE-2009-0847\r\n\r\n Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5 through v10.5.6, Mac OS X Server v10.5 through v10.5.6\r\n\r\n Impact: Processing a maliciously crafted ASN.1 encoded message may lead to a denial of service of a Kerberos-enabled program or arbitrary code execution\r\n\r\n Description: Multiple memory corruption issues exist in Kerberos' handling of ASN.1 encoded messages. Processing a maliciously crafted ASN.1 encoded message may lead to a denial of service of a Kerberos-enabled program or arbitrary code execution. Further information on the issues and the patches applied is available via the MIT Kerberos website at http://web.mit.edu/Kerberos/\r\n\r\n *\r\n\r\n Kerberos\r\n\r\n CVE-ID: CVE-2009-0844\r\n\r\n Available for: Mac OS X v10.5 through v10.5.6, Mac OS X Server v10.5 through v10.5.6\r\n\r\n Impact: Processing a maliciously crafted Kerberos data packet may lead to a denial of service of a Kerberos-enabled program\r\n\r\n Description: An out-of-bounds memory access exists in Kerberos. Processing a maliciously crafted Kerberos data packet may lead to a denial of service of a Kerberos-enabled program. This update addresses the issue through improved bounds checking. This issue does not affect systems prior to Mac OS X v10.5. Credit: Apple.\r\n\r\n *\r\n\r\n Kernel\r\n\r\n CVE-ID: CVE-2008-1517\r\n\r\n Available for: Mac OS X v10.5 through v10.5.6, Mac OS X Server v10.5 through v10.5.6\r\n\r\n Impact: A local user may obtain system privileges\r\n\r\n Description: An unchecked index issue exists in the kernel's handling of workqueues, which may lead to an unexpected system shutdown or arbitrary code execution with Kernel privileges. This update addresses the issue through improved index checking. Credit to an anonymous researcher working with Verisign iDefense VCP for reporting this issue.\r\n\r\n *\r\n\r\n Launch Services\r\n\r\n CVE-ID: CVE-2009-0156\r\n\r\n Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5 through v10.5.6, Mac OS X Server v10.5 through v10.5.6\r\n\r\n Impact: Downloading a maliciously crafted Mach-O executable may cause Finder to repeatedly terminate and relaunch\r\n\r\n Description: An out-of-bounds memory read access exists in Launch Services. Downloading a maliciously crafted Mach-O executable may cause the Finder to repeatedly terminate and relaunch. This update addresses the issue through improved bounds checking.\r\n\r\n *\r\n\r\n libxml\r\n\r\n CVE-ID: CVE-2008-3529\r\n\r\n Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5 through v10.5.6, Mac OS X Server v10.5 through v10.5.6\r\n\r\n Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution\r\n\r\n Description: A heap buffer overflow exists in libxml's handling of long entity names. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue through improved bounds checking.\r\n\r\n *\r\n\r\n Net-SNMP\r\n\r\n CVE-ID: CVE-2008-4309\r\n\r\n Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5 through v10.5.6, Mac OS X Server v10.5 through v10.5.6\r\n\r\n Impact: A remote attacker may terminate the operation of the SNMP service\r\n\r\n Description: An integer overflow exists in the netsnmp_create_subtree_cache function. By sending a maliciously crafted SNMPv3 packet, an attacker may cause the SNMP server to terminate, denying service to legitimate clients. This update addresses the issue by applying the Net-SNMP patches on Mac OS X v10.4.11 systems, and by updating net_snmp to version 5.4.2.1 on Mac OS X v10.5.x systems. The SNMP service is not enabled by default on Mac OS X or Mac OS X Server.\r\n\r\n *\r\n\r\n Network Time\r\n\r\n CVE-ID: CVE-2009-0021\r\n\r\n Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5 through v10.5.6, Mac OS X Server v10.5 through v10.5.6\r\n\r\n Impact: Network Time is susceptible to a spoofing attack if NTP authentication is enabled\r\n\r\n Description: The ntpd daemon incorrectly checks the return value of the OpenSSL EVP_VerifyFinal function. On systems using NTPv4 authentication, this may allow a maliciously crafted signature to bypass the cryptographic signature validation, which may lead to a time spoofing attack. By default, NTP authentication is not enabled. This update addresses the issue by properly checking the return value of the EVP_VerifyFinal function.\r\n\r\n *\r\n\r\n Network Time\r\n\r\n CVE-ID: CVE-2009-0159\r\n\r\n Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5 through v10.5.6, Mac OS X Server v10.5 through v10.5.6\r\n\r\n Impact: Using the ntpq command to request peer information from a malicious remote time server may lead to an unexpected application termination or arbitrary code execution\r\n\r\n Description: A stack buffer overflow exists in the ntpq program. When the ntpq program is used to request peer information from a remote time server, a maliciously crafted response may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue through improved bounds checking. Credit: Apple.\r\n\r\n *\r\n\r\n Networking\r\n\r\n CVE-ID: CVE-2008-3530\r\n\r\n Available for: Mac OS X v10.5 through v10.5.6, Mac OS X Server v10.5 through v10.5.6\r\n\r\n Impact: A remote user may be able to cause an unexpected system shutdown\r\n\r\n Description: When IPv6 support is enabled, IPv6 nodes use ICMPv6 to report errors encountered while processing packets. An implementation issue in the handling of incoming ICMPv6 "Packet Too Big" messages may cause an unexpected system shutdown. This update addresses the issue through improved handling of ICMPv6 messages.\r\n\r\n *\r\n\r\n OpenSSL\r\n\r\n CVE-ID: CVE-2008-5077\r\n\r\n Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5 through v10.5.6, Mac OS X Server v10.5 through v10.5.6\r\n\r\n Impact: A man-in-the-middle attacker may be able to impersonate a trusted server or user in applications using OpenSSL for SSL certificate verification\r\n\r\n Description: Several functions within the OpenSSL library incorrectly check the result value of the EVP_VerifyFinal function. A man-in-the-middle attacker may be able to impersonate a trusted server or user in applications using OpenSSL for SSL certificate verification for DSA and ECDSA keys. This update addresses the issue by properly checking the return value of the EVP_VerifyFinal function.\r\n\r\n *\r\n\r\n PHP\r\n\r\n CVE-ID: CVE-2008-3659, CVE-2008-2829, CVE-2008-3660, CVE-2008-2666, CVE-2008-2371, CVE-2008-2665, CVE-2008-3658, CVE-2008-5557\r\n\r\n Available for: Mac OS X v10.5 through v10.5.6, Mac OS X Server v10.5 through v10.5.6\r\n\r\n Impact: Multiple vulnerabilities in PHP 5.2.6\r\n\r\n Description: PHP is updated to version 5.2.8 to address multiple vulnerabilities, the most serious of which may lead to arbitrary code execution. Further information is available via the PHP website at http://www.php.net/\r\n\r\n *\r\n\r\n QuickDraw Manager\r\n\r\n CVE-ID: CVE-2009-0160\r\n\r\n Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5 through v10.5.6, Mac OS X Server v10.5 through v10.5.6\r\n\r\n Impact: Opening a maliciously crafted PICT image may lead to an unexpected application termination or arbitrary code execution\r\n\r\n Description: A memory corruption issue exists in QuickDraw's handling of PICT images. Opening a maliciously crafted PICT image may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue by performing additional validation of PICT images. Credit: Apple.\r\n * QuickDraw Manager\r\n\r\n CVE-ID: CVE-2009-0010\r\n\r\n Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5 through v10.5.6, Mac OS X Server v10.5 through v10.5.6\r\n\r\n Impact: Opening a maliciously crafted PICT image may lead to an unexpected application termination or arbitrary code execution\r\n\r\n Description: An integer underflow in the handling of PICT images may result in a heap buffer overflow. Opening a maliciously crafted PICT file may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue by performing additional validation of PICT images. Credit to Damian Put and Sebastian Apelt working with TippingPoint's Zero Day Initiative, and Chris Ries of Carnegie Mellon University Computing Services for reporting this issue.\r\n\r\n *\r\n\r\n ruby\r\n\r\n CVE-ID: CVE-2008-3443, CVE-2008-3655, CVE-2008-3656, CVE-2008-3657, CVE-2008-3790\r\n\r\n Available for: Mac OS X v10.5 through v10.5.6, Mac OS X Server v10.5 through v10.5.6\r\n\r\n Impact: Multiple vulnerabilities in Ruby 1.8.6\r\n\r\n Description: Multiple vulnerabilities exist in Ruby 1.8.6. This update addresses the issues by updating Ruby to version 1.8.6-p287. Further information is available via the Ruby web site at http://www.ruby-lang.org/en/security/\r\n\r\n *\r\n\r\n ruby\r\n\r\n CVE-ID: CVE-2009-0161\r\n\r\n Available for: Mac OS X v10.5 through v10.5.6, Mac OS X Server v10.5 through v10.5.6\r\n\r\n Impact: Ruby programs may accept revoked certificates\r\n\r\n Description: An incomplete error check exists in Ruby's use of the OpenSSL library. The OpenSSL::OCSP Ruby module may interpret an invalid response as an OCSP validation of the certificate. This update addresses the issue through improved error checking while verifying OCSP responses.\r\n\r\n *\r\n\r\n Safari\r\n\r\n CVE-ID: CVE-2009-0162\r\n\r\n Available for: Mac OS X v10.5 through v10.5.6, Mac OS X Server v10.5 through v10.5.6\r\n\r\n Impact: Accessing a maliciously crafted "feed:" URL may lead to arbitrary code execution\r\n\r\n Description: Multiple input validation issues exist in Safari's handling of "feed:" URLs. Accessing a maliciously crafted "feed:" URL may lead to the execution of arbitrary JavaScript. This update addresses the issues by performing additional validation of "feed:" URLs. These issues do not affect systems prior to Mac OS X v10.5. Credit to Billy Rios of Microsoft Vulnerability Research (MSVR), and Alfredo Melloni for reporting these issues.\r\n\r\n *\r\n\r\n Spotlight\r\n\r\n CVE-ID: CVE-2009-0944\r\n\r\n Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5 through v10.5.6, Mac OS X Server v10.5 through v10.5.6\r\n\r\n Impact: Downloading a maliciously crafted Microsoft Office file may lead to an unexpected application termination or arbitrary code execution\r\n\r\n Description: Multiple memory corruption issues exist in the Mac OS X Microsoft Office Spotlight Importer. Downloading a maliciously crafted Microsoft Office file may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue by performing additional validation of Microsoft Office files.\r\n\r\n *\r\n\r\n system_cmds\r\n\r\n Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5 through v10.5.6, Mac OS X Server v10.5 through v10.5.6\r\n\r\n Impact: The "login" command always runs the default shell with normal priority\r\n\r\n Description: The "login" command starts an interactive shell after a local user is authenticated. The priority level for the interactive shell is reset to the system default, which can cause the shell to run with an unexpectedly high priority. This update addresses the issue by respecting the priority setting of the calling process if the caller is the superuser or the user who was successfully logged in.\r\n\r\n *\r\n\r\n telnet\r\n\r\n CVE-ID: CVE-2009-0158\r\n\r\n Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5 through v10.5.6, Mac OS X Server v10.5 through v10.5.6\r\n\r\n Impact: Connecting to a TELNET server with a very long canonical name in its DNS address record may lead to an unexpected application termination or arbitrary code execution\r\n\r\n Description: A stack buffer overflow exists in telnet command. Connecting to a TELNET server with a very long canonical name in its DNS address record may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue through improved bounds checking. Credit: Apple.\r\n\r\n *\r\n\r\n WebKit\r\n\r\n CVE-ID: CVE-2009-0945\r\n\r\n Available for: Mac OS X v10.5 through v10.5.6, Mac OS X Server v10.5 through v10.5.6\r\n\r\n Impact: Visiting a maliciously crafted website may lead to arbitrary code execution\r\n\r\n Description: A memory corruption issue exists in WebKit's handling of SVGList objects. Visiting a maliciously crafted website may lead to arbitrary code execution. This update addresses the issue through improved bounds checking. For Mac OS X v10.4.11 and Mac OS X Server v10.4.11, updating to Safari 3.2.3 will address this issue. Credit to Nils working with TippingPoint's Zero Day Initiative for reporting this issue.\r\n\r\n *\r\n\r\n X11\r\n\r\n CVE-ID: CVE-2006-0747, CVE-2007-2754\r\n\r\n Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11\r\n\r\n Impact: Multiple vulnerabilities in FreeType v2.1.4\r\n\r\n Description: Multiple vulnerabilities exist in FreeType v2.1.4, the most serious of which may lead to arbitrary code execution when processing a maliciously crafted font. This update addresses the issues by updating FreeType to version 2.3.8. Further information is available via the FreeType site at http://www.freetype.org/ The issues are already addressed in systems running Mac OS X v10.5.6.\r\n\r\n *\r\n\r\n X11\r\n\r\n CVE-ID: CVE-2008-2383\r\n\r\n Available for: Mac OS X v10.5 through v10.5.6, Mac OS X Server v10.5 through v10.5.6\r\n\r\n Impact: Displaying maliciously crafted data within an xterm terminal may lead to arbitrary code execution\r\n\r\n Description: The xterm program supports a command sequence known as DECRQSS that can be used to return information about the current terminal. The information returned is sent as terminal input similar to keyboard input by a user. Within an xterm terminal, displaying maliciously crafted data containing such sequences may result in command injection. This update addresses the issue by performing additional validation of the output data. This issue does not affect systems prior to Mac OS X v10.5.\r\n\r\n *\r\n\r\n X11\r\n\r\n CVE-ID: CVE-2008-1382, CVE-2009-0040\r\n\r\n Available for: Mac OS X v10.5 through v10.5.6, Mac OS X Server v10.5 through v10.5.6\r\n\r\n Impact: Multiple vulnerabilities in libpng version 1.2.26\r\n\r\n Description: Multiple vulnerabilities exist in libpng version 1.2.26, the most serious of which may lead to arbitrary code execution. This update addresses the issues by updating libpng to version 1.2.35. Further information is available via the libpng website at http://www.libpng.org/pub/png/libpng.html These issues do not affect systems prior to Mac OS X v10.5.\r\n\r\n *\r\n\r\n X11\r\n\r\n CVE-ID: CVE-2009-0946\r\n\r\n Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5 through v10.5.6, Mac OS X Server v10.5 through v10.5.6\r\n\r\n Impact: Multiple vulnerabilities in FreeType v2.3.8\r\n\r\n Description: Multiple integer overflows exist in FreeType v2.3.8, which may lead to an unexpected application termination or arbitrary code execution. This update addresses the issues through improved bounds checking. Credit to Tavis Ormandy of the Google Security Team for reporting these issues.\r\n", "edition": 1, "cvss3": {}, "published": "2009-05-14T00:00:00", "title": "About the security content of Security Update 2009-002 / Mac OS X v10.5.7", "type": "securityvulns", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2009-0150", "CVE-2009-0152", "CVE-2008-3652", "CVE-2008-3659", "CVE-2008-3655", "CVE-2008-2383", "CVE-2009-0010", "CVE-2009-0847", "CVE-2009-0946", "CVE-2009-0943", "CVE-2009-0844", "CVE-2008-2939", "CVE-2009-0021", "CVE-2009-0157", "CVE-2008-3530", "CVE-2009-0164", "CVE-2009-0114", "CVE-2008-2666", "CVE-2009-0162", "CVE-2009-0144", "CVE-2009-0846", "CVE-2009-0520", "CVE-2009-0040", "CVE-2007-2754", "CVE-2008-2371", "CVE-2008-3443", "CVE-2004-1185", "CVE-2004-1184", "CVE-2008-3658", "CVE-2009-0149", "CVE-2008-3660", "CVE-2009-0148", "CVE-2008-5077", "CVE-2008-3529", "CVE-2009-0156", "CVE-2009-0945", "CVE-2009-0159", "CVE-2009-0165", "CVE-2008-3657", "CVE-2006-0747", "CVE-2009-0944", "CVE-2008-2829", "CVE-2009-0147", "CVE-2008-3863", "CVE-2009-0519", "CVE-2009-0154", "CVE-2008-3651", "CVE-2009-0158", "CVE-2009-0145", "CVE-2008-4309", "CVE-2008-1382", "CVE-2009-0942", "CVE-2008-5557", "CVE-2009-0155", "CVE-2008-1517", "CVE-2009-0146", "CVE-2009-0160", "CVE-2008-0456", "CVE-2009-0025", "CVE-2008-3790", "CVE-2009-0161", "CVE-2009-0153", "CVE-2009-0845", "CVE-2004-1186", "CVE-2008-3656", "CVE-2008-2665"], "modified": "2009-05-14T00:00:00", "id": "SECURITYVULNS:DOC:21825", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:21825", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2021-06-08T19:03:09", "description": "Few dozens of fixes for different system components and Safari.", "edition": 2, "cvss3": {}, "published": "2009-05-29T00:00:00", "title": "Apple Mac OS X multiple security vulnerabilities", "type": "securityvulns", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2009-0150", "CVE-2009-0152", "CVE-2008-3652", "CVE-2009-0010", "CVE-2009-0943", "CVE-2009-0021", "CVE-2009-0157", "CVE-2008-3530", "CVE-2009-0162", "CVE-2009-0144", "CVE-2009-0149", "CVE-2009-0148", "CVE-2009-0156", "CVE-2009-0945", "CVE-2009-0159", "CVE-2009-0165", "CVE-2009-0944", "CVE-2009-0147", "CVE-2009-0154", "CVE-2008-3651", "CVE-2008-1517CVE-2008-1517", "CVE-2009-0158", "CVE-2009-0145", "CVE-2009-0942", "CVE-2009-0155", "CVE-2009-0146", "CVE-2009-0160", "CVE-2009-0153"], "modified": "2009-05-29T00:00:00", "id": "SECURITYVULNS:VULN:9907", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:9907", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:10:11", "description": "-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n- --------------------------------------------------------------------------\r\nDebian Security Advisory DSA 654-1 security@debian.org\r\nhttp://www.debian.org/security/ Martin Schulze\r\nJanuary 21st, 2005 http://www.debian.org/security/faq\r\n- --------------------------------------------------------------------------\r\n\r\nPackage : enscript\r\nVulnerability : several\r\nProblem-Type : local (remote)\r\nDebian-specific: no\r\nCVE ID : CAN-2004-1184 CAN-2004-1185 CAN-2004-1186\r\n\r\nErik Sjölund has discovered several security relevant problems in\r\nenscript, a program to convert ASCII text into Postscript and other\r\nformats. The Common Vulnerabilities and Exposures project identifies\r\nthe following vulnerabilities:\r\n\r\nCAN-2004-1184\r\n\r\n Unsanitised input can cause the execution of arbitrary commands\r\n via EPSF pipe support. This has been disabled, also upstream.\r\n \r\nCAN-2004-1185\r\n\r\n Due to missing sanitising of filenames it is possible that a\r\n specially crafted filename can cause arbitrary commands to be\r\n executed.\r\n\r\nCAN-2004-1186\r\n\r\n Multiple buffer overflows can cause the program to crash.\r\n\r\nUsually, enscript is only run locally, but since it is executed inside\r\nof viewcvs some of the problems mentioned above can easily be turned\r\ninto a remote vulnerability.\r\n\r\nFor the stable distribution (woody) these problems have been fixed in\r\nversion 1.6.3-1.3.\r\n\r\nFor the unstable distribution (sid) these problems have been fixed in\r\nversion 1.6.4-6.\r\n\r\nWe recommend that you upgrade your enscript package.\r\n\r\n\r\nUpgrade Instructions\r\n- --------------------\r\n\r\nwget url\r\n will fetch the file for you\r\ndpkg -i file.deb\r\n will install the referenced file.\r\n\r\nIf you are using the apt-get package manager, use the line for\r\nsources.list as given below:\r\n\r\napt-get update\r\n will update the internal database\r\napt-get upgrade\r\n will install corrected packages\r\n\r\nYou may use an automated update by adding the resources from the\r\nfooter to the proper configuration.\r\n\r\n\r\nDebian GNU/Linux 3.0 alias woody\r\n- --------------------------------\r\n\r\n Source archives:\r\n\r\n http://security.debian.org/pool/updates/main/e/enscript/enscript_1.6.3-1.3.dsc\r\n Size/MD5 checksum: 598 b64a0ab822bd8e613a96cfe534f40cbc\r\n http://security.debian.org/pool/updates/main/e/enscript/enscript_1.6.3-1.3.diff.gz\r\n Size/MD5 checksum: 7312 5f39d5caad3a93f874705a10f4a4ae6d\r\n http://security.debian.org/pool/updates/main/e/enscript/enscript_1.6.3.orig.tar.gz\r\n Size/MD5 checksum: 814308 ec717f8b0de7db00a21a21f70d354610\r\n\r\n Alpha architecture:\r\n\r\n http://security.debian.org/pool/updates/main/e/enscript/enscript_1.6.3-1.3_alpha.deb\r\n Size/MD5 checksum: 488176 ef6dc427cf55c77423da2b84c04a291e\r\n\r\n ARM architecture:\r\n\r\n http://security.debian.org/pool/updates/main/e/enscript/enscript_1.6.3-1.3_arm.deb\r\n Size/MD5 checksum: 466220 6443058723684f0c7b7d14d659e909bf\r\n\r\n Intel IA-32 architecture:\r\n\r\n http://security.debian.org/pool/updates/main/e/enscript/enscript_1.6.3-1.3_i386.deb\r\n Size/MD5 checksum: 458068 1b5dd9325b47b06f6fb0280a74753bdd\r\n\r\n Intel IA-64 architecture:\r\n\r\n http://security.debian.org/pool/updates/main/e/enscript/enscript_1.6.3-1.3_ia64.deb\r\n Size/MD5 checksum: 506248 5a4bc6e9f0f771b694e65908bc302e64\r\n\r\n HP Precision architecture:\r\n\r\n http://security.debian.org/pool/updates/main/e/enscript/enscript_1.6.3-1.3_hppa.deb\r\n Size/MD5 checksum: 477426 0f2bc8aba5c8f244d6d882c87b01946a\r\n\r\n Motorola 680x0 architecture:\r\n\r\n http://security.debian.org/pool/updates/main/e/enscript/enscript_1.6.3-1.3_m68k.deb\r\n Size/MD5 checksum: 447374 1054d2c3a5f249b2c7167fdd2aec2726\r\n\r\n Big endian MIPS architecture:\r\n\r\n http://security.debian.org/pool/updates/main/e/enscript/enscript_1.6.3-1.3_mips.deb\r\n Size/MD5 checksum: 470862 996def7fa0ca46edac520083d5d22e39\r\n\r\n Little endian MIPS architecture:\r\n\r\n http://security.debian.org/pool/updates/main/e/enscript/enscript_1.6.3-1.3_mipsel.deb\r\n Size/MD5 checksum: 470122 1f886d9ab7df6d9e3b4aafe6840676f8\r\n\r\n PowerPC architecture:\r\n\r\n http://security.debian.org/pool/updates/main/e/enscript/enscript_1.6.3-1.3_powerpc.deb\r\n Size/MD5 checksum: 466374 a08bf7e3d47b5ed94cf436439d21922b\r\n\r\n IBM S/390 architecture:\r\n\r\n http://security.debian.org/pool/updates/main/e/enscript/enscript_1.6.3-1.3_s390.deb\r\n Size/MD5 checksum: 460778 a2f4b67a5c7af46eba735b44ccea7de1\r\n\r\n Sun Sparc architecture:\r\n\r\n http://security.debian.org/pool/updates/main/e/enscript/enscript_1.6.3-1.3_sparc.deb\r\n Size/MD5 checksum: 465822 a8da2cae1003ca40e4e8b6c81137fb63\r\n\r\n\r\n These files will probably be moved into the stable distribution on\r\n its next update.\r\n\r\n- ---------------------------------------------------------------------------------\r\nFor apt-get: deb http://security.debian.org/ stable/updates main\r\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\r\nMailing list: debian-security-announce@lists.debian.org\r\nPackage info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>\r\n\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.2.5 (GNU/Linux)\r\n\r\niD8DBQFB8QxQW5ql+IAeqTIRAms2AJ96BxPaZ3l5zHgZjF64urAAknetlwCeLAeX\r\nT4BRwnlugM4tRy2jGvJUsgE=\r\n=o9wU\r\n-----END PGP SIGNATURE-----\r\n", "edition": 1, "cvss3": {}, "published": "2005-01-23T00:00:00", "title": "[SECURITY] [DSA 654-1] New enscript packages fix several vulnerabilities", "type": "securityvulns", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2004-1185", "CVE-2004-1184", "CVE-2004-1186"], "modified": "2005-01-23T00:00:00", "id": "SECURITYVULNS:DOC:7658", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:7658", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:10:28", "description": "#2008-016 multiple OpenSSL signature verification API misuse\r\n\r\nDescription:\r\n\r\nSeveral functions inside the OpenSSL library incorrectly check the result\r\nafter calling the EVP_VerifyFinal function.\r\n\r\nThis bug allows a malformed signature to be treated as a good signature\r\nrather than as an error. This issue affects the signature checks on DSA\r\nand ECDSA keys used with SSL/TLS.\r\n\r\nThe flaw may be exploited by a malicious server or a man-in-the-middle\r\nattack that presents a malformed SSL/TLS signature from a certificate\r\nchain to a vulnerable client, bypassing validation.\r\n\r\nA patch fixing the issue with proper return code checking and further\r\nimportant recommendations are described in the original OpenSSL Team\r\nadvisory.\r\n\r\nAt the request of the OpenSSL team, oCERT has aided in the remediation\r\ncoordination for other projects with similar API misuse vulnerabilities.\r\nIn addition to EVP_VerifyFinal, the return codes from DSA_verify and\r\nDSA_do_verify functions were being incorrectly validated, and packages\r\ndoing so are affected in a similar fashion as OpenSSL.\r\n\r\n\r\nAffected version:\r\n\r\nOpenSSL <= 0.9.8i [1]\r\n\r\nThe following packages were identified as affected by the same OpenSSL\r\nvulnerability, as they use OpenSSL EVP_VerifyFinal function and\r\nincorrectly check the return code.\r\n\r\nNTP <= 4.2.4p5 (production), <= 4.2.5p150 (development)\r\n\r\nSun GridEngine <= 5.3\r\n\r\nGale <= 0.99\r\n\r\nOpenEvidence <= 1.0.6\r\n\r\nBelgian eID middleware - eidlib <= 2.6.0 [2]\r\n\r\nFreedom Network Server <= 2.x\r\n\r\nThe following packages were identified as affected by a vulnerability\r\nsimilar to the OpenSSL one, as they use OpenSSL DSA_verify function and\r\nincorrectly check the return code.\r\n\r\nBIND <= 9.4.3\r\n\r\nLasso <= 2.2.1\r\n\r\nZXID <= 0.29\r\n\r\n1 - use of OpenSSL as an SSL/TLS client when connecting to a server whose\r\ncertificate uses an RSA key is NOT affected. Verification of client\r\ncertificates by OpenSSL servers for any key type is NOT affected.\r\n\r\n2 - Belgian eID middleware latest versions are not available in source\r\nform, therefore we cannot confirm if they are affected\r\n\r\n\r\nFixed version:\r\n\r\nOpenSSL >= 0.9.8j\r\n\r\nNTP >= 4.2.4p6 (production), >= 4.2.5p153 (development)\r\n\r\nSun GridEngine >= 6.0\r\n\r\nGale N/A\r\n\r\nOpenEvidence N/A\r\n\r\nBelgian eID middleware - eidlib N/A\r\n\r\nFreedom Network Server N/A\r\n\r\nBIND >= 9.3.6-P1, 9.4.3-P1, 9.5.1-P1, 9.6.0-P1\r\n\r\nLasso >= 2.2.2\r\n\r\nZXID N/A\r\n\r\n\r\nCredit: Google Security Team (for the original OpenSSL issue).\r\n\r\n\r\nCVE: CVE-2008-5077 (OpenSSL),\r\n CVE-2009-0021 (NTP),\r\n CVE-2009-0025 (BIND)\r\n\r\n\r\nTimeline:\r\n2008-12-16: OpenSSL Security Team requests coordination aid from oCERT\r\n2008-12-16: oCERT investigates packages affected by similar issues\r\n2008-12-16: contacted affected vendors\r\n2008-12-17: investigation expanded to DSA verification\r\n2008-12-17: BIND, Lasso and ZXID added to affected packages\r\n2008-12-18: contacted additional affected vendors\r\n2009-01-05: status updates and patch dissemination to affected vendors\r\n2009-01-05: confirmation from BIND of issue and fix\r\n2009-01-06: requested CVE assignment for BIND\r\n2009-01-07: advisory published\r\n\r\n\r\nReferences:\r\nhttp://openssl.org/news/secadv_20090107.txt\r\n\r\n\r\nLinks:\r\nhttp://openssl.org/\r\nhttp://www.ntp.org/\r\nhttp://gridengine.sunsource.net/\r\nhttp://gale.org/\r\nhttp://www.openevidence.org/\r\nhttp://eid.belgium.be/\r\nhttp://www.google.com/codesearch/p?#1vGzyQX--LU/achilles/remailer/zero-knowledge/freedomserver-2.x.tgz/\r\nhttps://www.isc.org/products/BIND\r\nhttp://lasso.entrouvert.org/\r\nhttp://www.zxid.org/\r\n\r\n\r\nPermalink:\r\nhttp://www.ocert.org/advisories/ocert-2008-016.html\r\n\r\n\r\n--\r\nWill Drewry <redpig@ocert.org>\r\noCERT Team :: http://ocert.org", "edition": 1, "cvss3": {}, "published": "2009-01-09T00:00:00", "title": "[oCERT-2008-016] Multiple OpenSSL signature verification API misuses", "type": "securityvulns", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2009-0021", "CVE-2008-5077", "CVE-2009-0025"], "modified": "2009-01-09T00:00:00", "id": "SECURITYVULNS:DOC:21113", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:21113", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:09:32", "description": "Vulnerabilities on different formats data parsing.", "edition": 1, "cvss3": {}, "published": "2009-04-18T00:00:00", "title": "CUPS multipls security vulnerabilities", "type": "securityvulns", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2009-0164", "CVE-2009-0165", "CVE-2009-0166", "CVE-2009-0147", "CVE-2009-0146", "CVE-2009-0163"], "modified": "2009-04-18T00:00:00", "id": "SECURITYVULNS:VULN:9855", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:9855", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:09:30", "description": "DoS attack with memory exhaustion.", "edition": 1, "cvss3": {}, "published": "2008-09-01T00:00:00", "title": "ipsec-tools / racoon IPSec DoS", "type": "securityvulns", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2008-3652", "CVE-2008-3651"], "modified": "2008-09-01T00:00:00", "id": "SECURITYVULNS:VULN:9251", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:9251", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:10:27", "description": "\r\n-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n _______________________________________________________________________\r\n\r\n Mandriva Linux Security Advisory MDVSA-2008:181\r\n http://www.mandriva.com/security/\r\n _______________________________________________________________________\r\n\r\n Package : ipsec-tools\r\n Date : August 28, 2008\r\n Affected: 2007.1, 2008.0, 2008.1, Corporate 4.0,\r\n Multi Network Firewall 2.0\r\n _______________________________________________________________________\r\n\r\n Problem Description:\r\n\r\n Two denial of service vulnerabilities were discovered in the\r\n ipsec-tools racoon daemon, which could allow a remote attacker to cause\r\n it to consume all available memory (CVE-2008-3651, CVE-2008-3652).\r\n \r\n The updated packages have been patched to prevent these issues.\r\n _______________________________________________________________________\r\n\r\n References:\r\n\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3651\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3652\r\n _______________________________________________________________________\r\n\r\n Updated Packages:\r\n\r\n Mandriva Linux 2007.1:\r\n e3a12410fab45488a49034076c096a12 2007.1/i586/ipsec-tools-0.6.6-2.2mdv2007.1.i586.rpm\r\n eeb78f3ca87a91c05c69f39c13119899 2007.1/i586/libipsec0-0.6.6-2.2mdv2007.1.i586.rpm\r\n e2014baecdcc1243e1711bb3bc4330bf 2007.1/i586/libipsec0-devel-0.6.6-2.2mdv2007.1.i586.rpm \r\n 255d8527872be4d72bbbac8be7866683 2007.1/SRPMS/ipsec-tools-0.6.6-2.2mdv2007.1.src.rpm\r\n\r\n Mandriva Linux 2007.1/X86_64:\r\n cab88fba0361f7ad10d92fe4a0bcf5cf 2007.1/x86_64/ipsec-tools-0.6.6-2.2mdv2007.1.x86_64.rpm\r\n ce73d466b05959f8432546fcc2154bdd 2007.1/x86_64/lib64ipsec0-0.6.6-2.2mdv2007.1.x86_64.rpm\r\n 7a29d409c432f251e58829479bb30c44 2007.1/x86_64/lib64ipsec0-devel-0.6.6-2.2mdv2007.1.x86_64.rpm \r\n 255d8527872be4d72bbbac8be7866683 2007.1/SRPMS/ipsec-tools-0.6.6-2.2mdv2007.1.src.rpm\r\n\r\n Mandriva Linux 2008.0:\r\n f969998276a204a0f102183746004665 2008.0/i586/ipsec-tools-0.6.7-1.1mdv2008.0.i586.rpm\r\n 7c16efad4b9bce8cf1ba6f3457cc58f6 2008.0/i586/libipsec0-0.6.7-1.1mdv2008.0.i586.rpm\r\n 23da7349d57158b08d2673d57d53fc50 2008.0/i586/libipsec0-devel-0.6.7-1.1mdv2008.0.i586.rpm \r\n ef1478d445cbf1b5f80f776ec7d7752c 2008.0/SRPMS/ipsec-tools-0.6.7-1.1mdv2008.0.src.rpm\r\n\r\n Mandriva Linux 2008.0/X86_64:\r\n cbeb6df9cbf7c62d235d6408ad25b1a9 2008.0/x86_64/ipsec-tools-0.6.7-1.1mdv2008.0.x86_64.rpm\r\n b04fcb7ccbd32e801d41c4d83a7a57d9 2008.0/x86_64/lib64ipsec0-0.6.7-1.1mdv2008.0.x86_64.rpm\r\n 6f813c88f3990506069e459957bc43d7 2008.0/x86_64/lib64ipsec0-devel-0.6.7-1.1mdv2008.0.x86_64.rpm \r\n ef1478d445cbf1b5f80f776ec7d7752c 2008.0/SRPMS/ipsec-tools-0.6.7-1.1mdv2008.0.src.rpm\r\n\r\n Mandriva Linux 2008.1:\r\n 3be558f00238da24b450c34534914845 2008.1/i586/ipsec-tools-0.7-1.1mdv2008.1.i586.rpm\r\n 582922de31e7c3549337c68ccd948a94 2008.1/i586/libipsec0-0.7-1.1mdv2008.1.i586.rpm\r\n 55aa0129f04bfa0b3fd79eeb40e0e76f 2008.1/i586/libipsec-devel-0.7-1.1mdv2008.1.i586.rpm \r\n 36a949ae25bcdc895ba024450f910d9a 2008.1/SRPMS/ipsec-tools-0.7-1.1mdv2008.1.src.rpm\r\n\r\n Mandriva Linux 2008.1/X86_64:\r\n ca6754c65ae12d91cc9eba32009ea6a9 2008.1/x86_64/ipsec-tools-0.7-1.1mdv2008.1.x86_64.rpm\r\n e74682fd89ee6649d41e03c5135faebe 2008.1/x86_64/lib64ipsec0-0.7-1.1mdv2008.1.x86_64.rpm\r\n 55d777ad6fe96f53fa6ca436b5921580 2008.1/x86_64/lib64ipsec-devel-0.7-1.1mdv2008.1.x86_64.rpm \r\n 36a949ae25bcdc895ba024450f910d9a 2008.1/SRPMS/ipsec-tools-0.7-1.1mdv2008.1.src.rpm\r\n\r\n Corporate 4.0:\r\n c5146f5b46e8386687a1b37fe0dc29f9 corporate/4.0/i586/ipsec-tools-0.6.5-2.2.20060mlcs4.i586.rpm\r\n 9c25c57f06839afbf55dd31547000721 corporate/4.0/i586/libipsec0-0.6.5-2.2.20060mlcs4.i586.rpm\r\n a565fab7f9c3ef0d48ced13bd9c84500 corporate/4.0/i586/libipsec0-devel-0.6.5-2.2.20060mlcs4.i586.rpm \r\n 87221b03544e9e9cb10491e8504813b0 corporate/4.0/SRPMS/ipsec-tools-0.6.5-2.2.20060mlcs4.src.rpm\r\n\r\n Corporate 4.0/X86_64:\r\n a1ee7dd60a3ea3471b5de7a8ab875735 corporate/4.0/x86_64/ipsec-tools-0.6.5-2.2.20060mlcs4.x86_64.rpm\r\n 93ac29406969dfbcccd77858c3edb553 corporate/4.0/x86_64/lib64ipsec0-0.6.5-2.2.20060mlcs4.x86_64.rpm\r\n 268e50439113279ce14068f54d0895a8 corporate/4.0/x86_64/lib64ipsec0-devel-0.6.5-2.2.20060mlcs4.x86_64.rpm \r\n 87221b03544e9e9cb10491e8504813b0 corporate/4.0/SRPMS/ipsec-tools-0.6.5-2.2.20060mlcs4.src.rpm\r\n\r\n Multi Network Firewall 2.0:\r\n 656584e7399fcf363ea0462e51df9baa mnf/2.0/i586/ipsec-tools-0.2.5-0.6.M20mdk.i586.rpm\r\n c4ffd9b8ed40fd575eac7828af27ef63 mnf/2.0/i586/libipsec-tools0-0.2.5-0.6.M20mdk.i586.rpm \r\n eb56a9bdcfbddbf8b4ff37fcb9bd9b45 mnf/2.0/SRPMS/ipsec-tools-0.2.5-0.6.M20mdk.src.rpm\r\n _______________________________________________________________________\r\n\r\n To upgrade automatically use MandrivaUpdate or urpmi. The verification\r\n of md5 checksums and GPG signatures is performed automatically for you.\r\n\r\n All packages are signed by Mandriva for security. You can obtain the\r\n GPG public key of the Mandriva Security Team by executing:\r\n\r\n gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\r\n\r\n You can view other update advisories for Mandriva Linux at:\r\n\r\n http://www.mandriva.com/security/advisories\r\n\r\n If you want to report vulnerabilities, please contact\r\n\r\n security_(at)_mandriva.com\r\n _______________________________________________________________________\r\n\r\n Type Bits/KeyID Date User ID\r\n pub 1024D/22458A98 2000-07-10 Mandriva Security Team\r\n <security*mandriva.com>\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.9 (GNU/Linux)\r\n\r\niD8DBQFIt1fpmqjQ0CJFipgRAnLxAKCwcBv4uUfBqHf3c3GFk93ZUU6iJACaAh1W\r\nfljCV5e/DYk2CYPPH73/pD4=\r\n=Akis\r\n-----END PGP SIGNATURE-----", "edition": 1, "cvss3": {}, "published": "2008-09-01T00:00:00", "title": "bugtraq@securityfocus.com", "type": "securityvulns", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2008-3652", "CVE-2008-3651"], "modified": "2008-09-01T00:00:00", "id": "SECURITYVULNS:DOC:20428", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:20428", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:10:30", "description": "rPath Security Advisory: 2009-0061-1\r\nPublished: 2009-04-17\r\nProducts:\r\n rPath Linux 1\r\n rPath Linux 2\r\n\r\nRating: Severe\r\nExposure Level Classification:\r\n Remote System User Deterministic Privilege Escalation\r\nUpdated Versions:\r\n cups=conary.rpath.com@rpl:1/1.1.23-14.10-1\r\n cups=conary.rpath.com@rpl:2/1.3.9-1.1-1\r\n\r\nrPath Issue Tracking System:\r\n https://issues.rpath.com/browse/RPL-3015\r\n\r\nReferences:\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0163\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0164\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0166\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0146\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0147\r\n\r\nDescription:\r\n Previous versions of CUPS contain multiple vulnerabilities, the\r\n most serious of which could allow an attacker to cause a denial\r\n of service or possibly execute arbitrary code.\r\n\r\nhttp://wiki.rpath.com/Advisories:rPSA-2009-0061\r\n\r\nCopyright 2009 rPath, Inc.\r\nThis file is distributed under the terms of the MIT License.\r\nA copy is available at http://www.rpath.com/permanent/mit-license.html", "edition": 1, "cvss3": {}, "published": "2009-04-18T00:00:00", "title": "rPSA-2009-0061-1 cups", "type": "securityvulns", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2009-0164", "CVE-2009-0166", "CVE-2009-0147", "CVE-2009-0146", "CVE-2009-0163"], "modified": "2009-04-18T00:00:00", "id": "SECURITYVULNS:DOC:21696", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:21696", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2021-06-08T19:08:11", "description": "Multiple vulnerabilities in SSL/TLS DSA/ECDSA certificate chain validations.", "edition": 2, "cvss3": {}, "published": "2009-02-10T00:00:00", "title": "OpenSSL / ntp / bind / boinc certificate validation cryptographic vulnerabilities", "type": "securityvulns", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2009-0021", "CVE-2008-5077", "CVE-2009-0050", "CVE-2009-0126", "CVE-2009-0025"], "modified": "2009-02-10T00:00:00", "id": "SECURITYVULNS:VULN:9564", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:9564", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "openvas": [{"lastseen": "2019-05-29T18:40:05", "description": "The remote host is missing Mac OS X 10.5.7 Update / Mac OS X Security Update 2009-002.", "cvss3": {}, "published": "2010-05-12T00:00:00", "type": "openvas", "title": "Mac OS X 10.5.7 Update / Mac OS X Security Update 2009-002", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-0150", "CVE-2009-0152", "CVE-2008-3652", "CVE-2008-3659", "CVE-2008-3655", "CVE-2008-2383", "CVE-2009-0010", "CVE-2009-0847", "CVE-2009-0946", "CVE-2009-0943", "CVE-2009-0844", "CVE-2008-2939", "CVE-2009-0021", "CVE-2009-0157", "CVE-2008-3530", "CVE-2009-0164", "CVE-2009-0114", "CVE-2008-2666", "CVE-2009-0162", "CVE-2009-0144", "CVE-2009-0846", "CVE-2009-0520", "CVE-2009-0040", "CVE-2007-2754", "CVE-2008-2371", "CVE-2008-3443", "CVE-2004-1185", "CVE-2004-1184", "CVE-2008-3658", "CVE-2009-0149", "CVE-2008-3660", "CVE-2009-0148", "CVE-2008-5077", "CVE-2008-3529", "CVE-2009-0156", "CVE-2009-0945", "CVE-2009-0159", "CVE-2009-0165", "CVE-2008-3657", "CVE-2006-0747", "CVE-2009-0944", "CVE-2008-2829", "CVE-2009-0147", "CVE-2008-3863", "CVE-2009-0519", "CVE-2009-0154", "CVE-2008-3651", "CVE-2009-1717", "CVE-2009-0158", "CVE-2009-0145", "CVE-2008-4309", "CVE-2008-1382", "CVE-2009-0942", "CVE-2008-5557", "CVE-2009-0155", "CVE-2008-1517", "CVE-2009-0146", "CVE-2008-0456", "CVE-2009-0025", "CVE-2008-3790", "CVE-2009-0161", "CVE-2009-0153", "CVE-2009-0845", "CVE-2004-1186", "CVE-2008-3656", "CVE-2008-2665"], "modified": "2019-03-19T00:00:00", "id": "OPENVAS:1361412562310102035", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310102035", "sourceData": "###################################################################\n# OpenVAS Vulnerability Test\n# $Id: macosx_upd_10_5_7_secupd_2009-002.nasl 14307 2019-03-19 10:09:27Z cfischer $\n#\n# Mac OS X 10.5.7 Update / Mac OS X Security Update 2009-002\n#\n# LSS-NVT-2010-024\n#\n# Developed by LSS Security Team <http://security.lss.hr>\n#\n# Copyright (C) 2010 LSS <http://www.lss.hr>\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public\n# License along with this program. If not, see\n# <http://www.gnu.org/licenses/>.\n###################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.102035\");\n script_version(\"$Revision: 14307 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-19 11:09:27 +0100 (Tue, 19 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2010-05-12 14:48:44 +0200 (Wed, 12 May 2010)\");\n script_cve_id(\"CVE-2008-2939\", \"CVE-2008-0456\", \"CVE-2009-0154\", \"CVE-2009-0025\", \"CVE-2009-0144\",\n \"CVE-2009-0157\", \"CVE-2009-0145\", \"CVE-2009-0155\", \"CVE-2009-0146\", \"CVE-2009-0147\",\n \"CVE-2009-0165\", \"CVE-2009-0148\", \"CVE-2009-0164\", \"CVE-2009-0150\", \"CVE-2009-0149\",\n \"CVE-2004-1184\", \"CVE-2004-1185\", \"CVE-2004-1186\", \"CVE-2008-3863\", \"CVE-2009-0519\",\n \"CVE-2009-0520\", \"CVE-2009-0114\", \"CVE-2009-0942\", \"CVE-2009-0943\", \"CVE-2009-0152\",\n \"CVE-2009-0153\", \"CVE-2008-3651\", \"CVE-2008-3652\", \"CVE-2009-0845\", \"CVE-2009-0846\",\n \"CVE-2009-0847\", \"CVE-2009-0844\", \"CVE-2008-1517\", \"CVE-2009-0156\", \"CVE-2008-3529\",\n \"CVE-2008-4309\", \"CVE-2009-0021\", \"CVE-2009-0159\", \"CVE-2008-3530\", \"CVE-2008-5077\",\n \"CVE-2008-3659\", \"CVE-2008-2829\", \"CVE-2008-3660\", \"CVE-2008-2666\", \"CVE-2008-2371\",\n \"CVE-2008-2665\", \"CVE-2008-3658\", \"CVE-2008-5557\", \"CVE-2009-0010\", \"CVE-2008-3443\",\n \"CVE-2008-3655\", \"CVE-2008-3656\", \"CVE-2008-3657\", \"CVE-2008-3790\", \"CVE-2009-0161\",\n \"CVE-2009-0162\", \"CVE-2009-0944\", \"CVE-2009-0158\", \"CVE-2009-1717\", \"CVE-2009-0945\",\n \"CVE-2006-0747\", \"CVE-2007-2754\", \"CVE-2008-2383\", \"CVE-2008-1382\", \"CVE-2009-0040\",\n \"CVE-2009-0946\");\n script_name(\"Mac OS X 10.5.7 Update / Mac OS X Security Update 2009-002\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2010 LSS\");\n script_family(\"Mac OS X Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/osx_name\", \"ssh/login/osx_version\", re:\"ssh/login/osx_version=^10\\.[45]\\.\");\n\n script_xref(name:\"URL\", value:\"http://support.apple.com/kb/HT3549\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing Mac OS X 10.5.7 Update / Mac OS X Security Update 2009-002.\");\n\n script_tag(name:\"affected\", value:\"One or more of the following components are affected:\n\n Apache\n\n ATS\n\n BIND\n\n CFNetwork\n\n CoreGraphics\n\n Cscope\n\n CUPS\n\n Disk Images\n\n enscript\n\n Flash Player plug-in\n\n Help Viewer\n\n iChat\n\n International Components for Unicode\n\n IPSec\n\n Kerberos\n\n Kernel\n\n Launch Services\n\n libxml\n\n Net-SNMP\n\n Network Time\n\n Networking\n\n OpenSSL\n\n PHP\n\n QuickDraw Manager\n\n ruby\n\n Safari\n\n Spotlight\n\n system_cmds\n\n telnet\n\n Terminal\n\n WebKit\n\n X11\");\n\n script_tag(name:\"solution\", value:\"Update your Mac OS X operating system. Please see the references for more information.\");\n\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"pkg-lib-macosx.inc\");\ninclude(\"version_func.inc\");\n\nssh_osx_name = get_kb_item(\"ssh/login/osx_name\");\nif (!ssh_osx_name) exit (0);\n\nssh_osx_ver = get_kb_item(\"ssh/login/osx_version\");\nif (!ssh_osx_ver || ssh_osx_ver !~ \"^10\\.[45]\\.\") exit (0);\n\nssh_osx_rls = ssh_osx_name + ' ' + ssh_osx_ver;\n\npkg_for_ver = make_list(\"Mac OS X 10.4.11\",\"Mac OS X Server 10.4.11\",\"Mac OS X 10.5.6\",\"Mac OS X Server 10.5.6\",\"Mac OS X Server 10.5.6\");\n\nif (rlsnotsupported(rls:ssh_osx_rls, list:pkg_for_ver)) { security_message( port: 0, data: \"The target host was found to be vulnerable\" ); exit(0);}\n\nif (osx_rls_name(rls:ssh_osx_rls) == osx_rls_name(rls:\"Mac OS X 10.4.11\")) {\n if(version_is_less(version:osx_ver(ver:ssh_osx_rls), test_version:osx_ver(ver:\"Mac OS X 10.4.11\"))) { security_message( port: 0, data: \"The target host was found to be vulnerable\" ); exit(0);}\n else if((ssh_osx_ver == osx_ver(ver:\"Mac OS X 10.4.11\")) && (isosxpkgvuln(fixed:\"com.apple.pkg.update.security.\", diff:\"2009.002\"))) { security_message( port: 0, data: \"The target host was found to be vulnerable\" ); exit(0);}\n}\nif (osx_rls_name(rls:ssh_osx_rls) == osx_rls_name(rls:\"Mac OS X Server 10.4.11\")) {\n if(version_is_less(version:osx_ver(ver:ssh_osx_rls), test_version:osx_ver(ver:\"Mac OS X Server 10.4.11\"))) { security_message( port: 0, data: \"The target host was found to be vulnerable\" ); exit(0);}\n else if((ssh_osx_ver == osx_ver(ver:\"Mac OS X Server 10.4.11\")) && (isosxpkgvuln(fixed:\"com.apple.pkg.update.security.\", diff:\"2009.002\"))) { security_message( port: 0, data: \"The target host was found to be vulnerable\" ); exit(0);}\n}\nif (osx_rls_name(rls:ssh_osx_rls) == osx_rls_name(rls:\"Mac OS X 10.5.6\")) {\n if(version_is_less(version:osx_ver(ver:ssh_osx_rls), test_version:\"10.5.7\")) { security_message( port: 0, data: \"The target host was found to be vulnerable\" ); exit(0); }\n}\nif (osx_rls_name(rls:ssh_osx_rls) == osx_rls_name(rls:\"Mac OS X Server 10.5.6\")) {\n if(version_is_less(version:osx_ver(ver:ssh_osx_rls), test_version:\"10.5.7\")) { security_message( port: 0, data: \"The target host was found to be vulnerable\" ); exit(0); }\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2017-07-02T21:09:48", "description": "The remote host is missing Mac OS X 10.5.7 Update / Mac OS X Security Update 2009-002.\n One or more of the following components are affected:\n\n Apache\n ATS\n BIND\n CFNetwork\n CoreGraphics\n Cscope\n CUPS\n Disk Images\n enscript\n Flash Player plug-in\n Help Viewer\n iChat\n International Components for Unicode\n IPSec\n Kerberos\n Kernel\n Launch Services\n libxml\n Net-SNMP\n Network Time\n Networking\n OpenSSL\n PHP\n QuickDraw Manager\n ruby\n Safari\n Spotlight\n system_cmds\n telnet\n Terminal\n WebKit\n X11", "cvss3": {}, "published": "2010-05-12T00:00:00", "type": "openvas", "title": "Mac OS X 10.5.7 Update / Mac OS X Security Update 2009-002", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-0150", "CVE-2009-0152", "CVE-2008-3652", "CVE-2008-3659", "CVE-2008-3655", "CVE-2008-2383", "CVE-2009-0010", "CVE-2009-0847", "CVE-2009-0946", "CVE-2009-0943", "CVE-2009-0844", "CVE-2008-2939", "CVE-2009-0021", "CVE-2009-0157", "CVE-2008-3530", "CVE-2009-0164", "CVE-2009-0114", "CVE-2008-2666", "CVE-2009-0162", "CVE-2009-0144", "CVE-2009-0846", "CVE-2009-0520", "CVE-2009-0040", "CVE-2007-2754", "CVE-2008-2371", "CVE-2008-3443", "CVE-2004-1185", "CVE-2004-1184", "CVE-2008-3658", "CVE-2009-0149", "CVE-2008-3660", "CVE-2009-0148", "CVE-2008-5077", "CVE-2008-3529", "CVE-2009-0156", "CVE-2009-0945", "CVE-2009-0159", "CVE-2009-0165", "CVE-2008-3657", "CVE-2006-0747", "CVE-2009-0944", "CVE-2008-2829", "CVE-2009-0147", "CVE-2008-3863", "CVE-2009-0519", "CVE-2009-0154", "CVE-2008-3651", "CVE-2009-1717", "CVE-2009-0158", "CVE-2009-0145", "CVE-2008-4309", "CVE-2008-1382", "CVE-2009-0942", "CVE-2008-5557", "CVE-2009-0155", "CVE-2008-1517", "CVE-2009-0146", "CVE-2008-0456", "CVE-2009-0025", "CVE-2008-3790", "CVE-2009-0161", "CVE-2009-0153", "CVE-2009-0845", "CVE-2004-1186", "CVE-2008-3656", "CVE-2008-2665"], "modified": "2017-02-22T00:00:00", "id": "OPENVAS:102035", "href": "http://plugins.openvas.org/nasl.php?oid=102035", "sourceData": "###################################################################\n# OpenVAS Vulnerability Test\n#\n# Mac OS X 10.5.7 Update / Mac OS X Security Update 2009-002\n#\n# LSS-NVT-2010-024\n#\n# Developed by LSS Security Team <http://security.lss.hr>\n#\n# Copyright (C) 2010 LSS <http://www.lss.hr>\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public\n# License along with this program. If not, see\n# <http://www.gnu.org/licenses/>.\n###################################################################\n\ntag_solution = \"Update your Mac OS X operating system.\n\n For more information see:\n http://support.apple.com/kb/HT3549\";\n\ntag_summary = \"The remote host is missing Mac OS X 10.5.7 Update / Mac OS X Security Update 2009-002.\n One or more of the following components are affected:\n\n Apache\n ATS\n BIND\n CFNetwork\n CoreGraphics\n Cscope\n CUPS\n Disk Images\n enscript\n Flash Player plug-in\n Help Viewer\n iChat\n International Components for Unicode\n IPSec\n Kerberos\n Kernel\n Launch Services\n libxml\n Net-SNMP\n Network Time\n Networking\n OpenSSL\n PHP\n QuickDraw Manager\n ruby\n Safari\n Spotlight\n system_cmds\n telnet\n Terminal\n WebKit\n X11\";\n\n\nif(description)\n{\n script_id(102035);\n script_version(\"$Revision: 5394 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-02-22 10:22:42 +0100 (Wed, 22 Feb 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-05-12 14:48:44 +0200 (Wed, 12 May 2010)\");\n script_cve_id(\"CVE-2008-2939\",\"CVE-2008-0456\",\"CVE-2009-0154\",\"CVE-2009-0025\",\"CVE-2009-0144\",\"CVE-2009-0157\",\"CVE-2009-0145\",\"CVE-2009-0155\",\"CVE-2009-0146\",\"CVE-2009-0147\",\"CVE-2009-0165\",\"CVE-2009-0148\",\"CVE-2009-0164\",\"CVE-2009-0150\",\"CVE-2009-0149\",\"CVE-2004-1184\",\"CVE-2004-1185\",\"CVE-2004-1186\",\"CVE-2008-3863\",\"CVE-2009-0519\",\"CVE-2009-0520\",\"CVE-2009-0114\",\"CVE-2009-0942\",\"CVE-2009-0943\",\"CVE-2009-0152\",\"CVE-2009-0153\",\"CVE-2008-3651\",\"CVE-2008-3652\",\"CVE-2009-0845\",\"CVE-2009-0846\",\"CVE-2009-0847\",\"CVE-2009-0844\",\"CVE-2008-1517\",\"CVE-2009-0156\",\"CVE-2008-3529\",\"CVE-2008-4309\",\"CVE-2009-0021\",\"CVE-2009-0159\",\"CVE-2008-3530\",\"CVE-2008-5077\",\"CVE-2008-3659\",\"CVE-2008-2829\",\"CVE-2008-3660\",\"CVE-2008-2666\",\"CVE-2008-2371\",\"CVE-2008-2665\",\"CVE-2008-3658\",\"CVE-2008-5557\",\"CVE-2009-0010\",\"CVE-2008-3443\",\"CVE-2008-3655\",\"CVE-2008-3656\",\"CVE-2008-3657\",\"CVE-2008-3790\",\"CVE-2009-0161\",\"CVE-2009-0162\",\"CVE-2009-0944\",\"CVE-2009-0158\",\"CVE-2009-1717\",\"CVE-2009-0945\",\"CVE-2006-0747\",\"CVE-2007-2754\",\"CVE-2008-2383\",\"CVE-2008-1382\",\"CVE-2009-0040\",\"CVE-2009-0946\");\n script_name(\"Mac OS X 10.5.7 Update / Mac OS X Security Update 2009-002\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2010 LSS\");\n script_family(\"Mac OS X Local Security Checks\");\n script_require_ports(\"Services/ssh\", 22);\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/osx_name\",\"ssh/login/osx_version\");\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\ninclude(\"pkg-lib-macosx.inc\");\ninclude(\"version_func.inc\");\n\nssh_osx_name = get_kb_item(\"ssh/login/osx_name\");\nif (!ssh_osx_name) exit (0);\n\nssh_osx_ver = get_kb_item(\"ssh/login/osx_version\");\nif (!ssh_osx_ver) exit (0);\n\nssh_osx_rls = ssh_osx_name + ' ' + ssh_osx_ver;\n\npkg_for_ver = make_list(\"Mac OS X 10.4.11\",\"Mac OS X Server 10.4.11\",\"Mac OS X 10.5.6\",\"Mac OS X Server 10.5.6\",\"Mac OS X Server 10.5.6\");\n\nif (rlsnotsupported(rls:ssh_osx_rls, list:pkg_for_ver)) { security_message(0); exit(0);}\n\nif (osx_rls_name(rls:ssh_osx_rls) == osx_rls_name(rls:\"Mac OS X 10.4.11\")) {\n if (version_is_less(version:osx_ver(ver:ssh_osx_rls), test_version:osx_ver(ver:\"Mac OS X 10.4.11\"))) { security_message(0); exit(0);}\n else if ((ssh_osx_ver==osx_ver(ver:\"Mac OS X 10.4.11\")) && (isosxpkgvuln(fixed:\"com.apple.pkg.update.security.\", diff:\"2009.002\"))) { security_message(0); exit(0);}\n}\nif (osx_rls_name(rls:ssh_osx_rls) == osx_rls_name(rls:\"Mac OS X Server 10.4.11\")) {\n if (version_is_less(version:osx_ver(ver:ssh_osx_rls), test_version:osx_ver(ver:\"Mac OS X Server 10.4.11\"))) { security_message(0); exit(0);}\n else if ((ssh_osx_ver==osx_ver(ver:\"Mac OS X Server 10.4.11\")) && (isosxpkgvuln(fixed:\"com.apple.pkg.update.security.\", diff:\"2009.002\"))) { security_message(0); exit(0);}\n}\nif (osx_rls_name(rls:ssh_osx_rls) == osx_rls_name(rls:\"Mac OS X 10.5.6\")) {\n if (version_is_less(version:osx_ver(ver:ssh_osx_rls), test_version:\"10.5.7\")) { security_message(0); exit(0); }\n}\nif (osx_rls_name(rls:ssh_osx_rls) == osx_rls_name(rls:\"Mac OS X Server 10.5.6\")) {\n if (version_is_less(version:osx_ver(ver:ssh_osx_rls), test_version:\"10.5.7\")) { security_message(0); exit(0); }\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-24T12:50:14", "description": "The remote host is missing an update to enscript\nannounced via advisory DSA 654-1.", "cvss3": {}, "published": "2008-01-17T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 654-1 (enscript)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2004-1185", "CVE-2004-1184", "CVE-2004-1186"], "modified": "2017-07-07T00:00:00", "id": "OPENVAS:53487", "href": "http://plugins.openvas.org/nasl.php?oid=53487", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_654_1.nasl 6616 2017-07-07 12:10:49Z cfischer $\n# Description: Auto-generated from advisory DSA 654-1\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largerly excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Erik Sj\u00f6lund has discovered several security relevant problems in\nenscript, a program to convert ASCII text into Postscript and other\nformats. The Common Vulnerabilities and Exposures project identifies\nthe following vulnerabilities:\n\nCVE-2004-1184\n\nUnsanitised input can cause the execution of arbitrary commands\nvia EPSF pipe support. This has been disabled, also upstream.\n\nCVE-2004-1185\n\nDue to missing sanitising of filenames it is possible that a\nspecially crafted filename can cause arbitrary commands to be\nexecuted.\n\nCVE-2004-1186\n\nMultiple buffer overflows can cause the program to crash.\n\nUsually, enscript is only run locally, but since it is executed inside\nof viewcvs some of the problems mentioned above can easily be turned\ninto a remote vulnerability.\n\nFor the stable distribution (woody) these problems have been fixed in\nversion 1.6.3-1.3.\n\nFor the unstable distribution (sid) these problems have been fixed in\nversion 1.6.4-6.\n\nWe recommend that you upgrade your enscript package.\";\ntag_summary = \"The remote host is missing an update to enscript\nannounced via advisory DSA 654-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%20654-1\";\n\nif(description)\n{\n script_id(53487);\n script_version(\"$Revision: 6616 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:10:49 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-01-17 22:56:38 +0100 (Thu, 17 Jan 2008)\");\n script_cve_id(\"CVE-2004-1184\", \"CVE-2004-1185\", \"CVE-2004-1186\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Debian Security Advisory DSA 654-1 (enscript)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"enscript\", ver:\"1.6.3-1.3\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-26T08:55:18", "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n enscript\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5011436 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/", "cvss3": {}, "published": "2009-10-10T00:00:00", "type": "openvas", "title": "SLES9: Security update for enscript", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2004-1185", "CVE-2004-1184", "CVE-2004-1186"], "modified": "2017-07-11T00:00:00", "id": "OPENVAS:65191", "href": "http://plugins.openvas.org/nasl.php?oid=65191", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: sles9p5011436.nasl 6666 2017-07-11 13:13:36Z cfischer $\n# Description: Security update for enscript\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n enscript\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5011436 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/\";\n\ntag_solution = \"Please install the updates provided by SuSE.\";\n \nif(description)\n{\n script_id(65191);\n script_version(\"$Revision: 6666 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-11 15:13:36 +0200 (Tue, 11 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-10 16:11:46 +0200 (Sat, 10 Oct 2009)\");\n script_cve_id(\"CVE-2004-1184\", \"CVE-2004-1185\", \"CVE-2004-1186\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"SLES9: Security update for enscript\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse_sles\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"enscript\", rpm:\"enscript~1.6.2~814.6\", rls:\"SLES9.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-04-06T11:37:33", "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n enscript\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5011436 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/", "cvss3": {}, "published": "2009-10-10T00:00:00", "type": "openvas", "title": "SLES9: Security update for enscript", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2004-1185", "CVE-2004-1184", "CVE-2004-1186"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:136141256231065191", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231065191", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: sles9p5011436.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Security update for enscript\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n enscript\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5011436 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/\";\n\ntag_solution = \"Please install the updates provided by SuSE.\";\n \nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.65191\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-10 16:11:46 +0200 (Sat, 10 Oct 2009)\");\n script_cve_id(\"CVE-2004-1184\", \"CVE-2004-1185\", \"CVE-2004-1186\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"SLES9: Security update for enscript\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse_sles\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"enscript\", rpm:\"enscript~1.6.2~814.6\", rls:\"SLES9.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-24T12:50:07", "description": "The remote host is missing updates announced in\nadvisory GLSA 200502-03.", "cvss3": {}, "published": "2008-09-24T00:00:00", "type": "openvas", "title": "Gentoo Security Advisory GLSA 200502-03 (enscript)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2004-1185", "CVE-2004-1184", "CVE-2004-1186"], "modified": "2017-07-07T00:00:00", "id": "OPENVAS:54835", "href": "http://plugins.openvas.org/nasl.php?oid=54835", "sourceData": "# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from Gentoo's XML based advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"enscript suffers from vulnerabilities and design flaws, potentially\nresulting in the execution of arbitrary code.\";\ntag_solution = \"All enscript users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=app-text/enscript-1.6.3-r3'\n\nhttp://www.securityspace.com/smysecure/catid.html?in=GLSA%20200502-03\nhttp://bugs.gentoo.org/show_bug.cgi?id=77408\";\ntag_summary = \"The remote host is missing updates announced in\nadvisory GLSA 200502-03.\";\n\n \n\nif(description)\n{\n script_id(54835);\n script_version(\"$Revision: 6596 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 11:21:37 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-09-24 21:14:03 +0200 (Wed, 24 Sep 2008)\");\n script_cve_id(\"CVE-2004-1184\", \"CVE-2004-1185\", \"CVE-2004-1186\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Gentoo Security Advisory GLSA 200502-03 (enscript)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Gentoo Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-gentoo.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = ispkgvuln(pkg:\"app-text/enscript\", unaffected: make_list(\"ge 1.6.3-r3\"), vulnerable: make_list(\"lt 1.6.3-r3\"))) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-02T21:10:16", "description": "The remote host is missing an update to the system\nas announced in the referenced advisory.", "cvss3": {}, "published": "2008-09-04T00:00:00", "type": "openvas", "title": "FreeBSD Ports: enscript-a4, enscript-letter, enscript-letterdj", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2004-1185", "CVE-2004-1184", "CVE-2004-1186"], "modified": "2016-09-16T00:00:00", "id": "OPENVAS:52193", "href": "http://plugins.openvas.org/nasl.php?oid=52193", "sourceData": "#\n#VID 72da8af6-7c75-11d9-8cc5-000854d03344\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from vuxml or freebsd advisories\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The following packages are affected:\n enscript-a4\n enscript-letter\n enscript-letterdj\n\nCVE-2004-1184\nThe EPSF pipe support in enscript 1.6.3 allows remote attackers or\nlocal users to execute arbitrary commands via shell metacharacters.\n\nCVE-2004-1185\nEnscript 1.6.3 does not sanitize filenames, which allows remote\nattackers or local users to execute arbitrary commands via crafted\nfilenames.\n\nCVE-2004-1186\nMultiple buffer overflows in enscript 1.6.3 allow remote attackers or\nlocal users to cause a denial of service (application crash).\";\ntag_solution = \"Update your system with the appropriate patches or\nsoftware upgrades.\n\nhttp://www.gentoo.org/security/en/glsa/glsa-200502-03.xml\nhttp://www.vuxml.org/freebsd/72da8af6-7c75-11d9-8cc5-000854d03344.html\";\ntag_summary = \"The remote host is missing an update to the system\nas announced in the referenced advisory.\";\n\n\nif(description)\n{\n script_id(52193);\n script_version(\"$Revision: 4078 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2016-09-16 07:34:17 +0200 (Fri, 16 Sep 2016) $\");\n script_tag(name:\"creation_date\", value:\"2008-09-04 20:41:11 +0200 (Thu, 04 Sep 2008)\");\n script_cve_id(\"CVE-2004-1184\", \"CVE-2004-1185\", \"CVE-2004-1186\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"FreeBSD Ports: enscript-a4, enscript-letter, enscript-letterdj\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"FreeBSD Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/freebsdrel\", \"login/SSH/success\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-bsd.inc\");\n\ntxt = \"\";\nvuln = 0;\nbver = portver(pkg:\"enscript-a4\");\nif(!isnull(bver) && revcomp(a:bver, b:\"1.6.4_1\")<0) {\n txt += 'Package enscript-a4 version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"enscript-letter\");\nif(!isnull(bver) && revcomp(a:bver, b:\"1.6.4_1\")<0) {\n txt += 'Package enscript-letter version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"enscript-letterdj\");\nif(!isnull(bver) && revcomp(a:bver, b:\"1.6.4_1\")<0) {\n txt += 'Package enscript-letterdj version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\n\nif(vuln) {\n security_message(data:string(txt));\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-04-06T11:39:06", "description": "The remote host is missing updates announced in\nadvisory SUSE-SA:2009:041.", "cvss3": {}, "published": "2009-08-17T00:00:00", "type": "openvas", "title": "SuSE Security Advisory SUSE-SA:2009:041 (flash-player)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-0114", "CVE-2009-0520", "CVE-2009-0519", "CVE-2009-0521"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:136141256231064565", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231064565", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: suse_sa_2009_041.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory SUSE-SA:2009:041 (flash-player)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The flash-player is a web-browser plugin that allows displaying\nanimated web-content and remote access to client hardware (mic,\nweb-cam, etc.).\n\nA specially crafted Shockwave-Flash (SWF) file could cause a\nbuffer overflow in the flash-player plugin. This buffer overflow\ncan probably be exploited to execute arbitrary code remotely.\";\ntag_solution = \"Update your system with the packages as indicated in\nthe referenced security advisory.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=SUSE-SA:2009:041\";\ntag_summary = \"The remote host is missing updates announced in\nadvisory SUSE-SA:2009:041.\";\n\n \n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.64565\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-08-17 16:54:45 +0200 (Mon, 17 Aug 2009)\");\n script_cve_id(\"CVE-2009-0114\", \"CVE-2009-0519\", \"CVE-2009-0520\", \"CVE-2009-0521\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"SuSE Security Advisory SUSE-SA:2009:041 (flash-player)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"flash-player\", rpm:\"flash-player~10.0.22.87~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"flash-player\", rpm:\"flash-player~9.0.159.0~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"flash-player\", rpm:\"flash-player~9.0.159.0~0.1\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2020-06-02T15:55:22", "description": "This host is installed with Adobe Products and is prone to\n multiple vulnerabilities.", "cvss3": {}, "published": "2009-03-10T00:00:00", "type": "openvas", "title": "Adobe Flash Player Multiple Vulnerabilities - Mar09 (Windows)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-0114", "CVE-2009-0520", "CVE-2009-0519", "CVE-2009-0522"], "modified": "2020-05-28T00:00:00", "id": "OPENVAS:1361412562310800359", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310800359", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Adobe Flash Player Multiple Vulnerabilities - Mar09 (Windows)\n#\n# Authors:\n# Sharath S <sharaths@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.800359\");\n script_version(\"2020-05-28T14:41:23+0000\");\n script_tag(name:\"last_modification\", value:\"2020-05-28 14:41:23 +0000 (Thu, 28 May 2020)\");\n script_tag(name:\"creation_date\", value:\"2009-03-10 11:59:23 +0100 (Tue, 10 Mar 2009)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_cve_id(\"CVE-2009-0114\", \"CVE-2009-0519\", \"CVE-2009-0520\", \"CVE-2009-0522\");\n script_bugtraq_id(33890);\n script_name(\"Adobe Flash Player Multiple Vulnerabilities - Mar09 (Windows)\");\n\n script_xref(name:\"URL\", value:\"http://secunia.com/advisories/34012\");\n script_xref(name:\"URL\", value:\"http://www.adobe.com/support/security/bulletins/apsb09-01.html\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Buffer overflow\");\n script_dependencies(\"gb_adobe_flash_player_detect_win.nasl\");\n script_mandatory_keys(\"Adobe/Air_or_Flash_or_Reader_or_Acrobat/Win/Installed\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow remote attackers to cause remote code\n execution, compromise system privileges or may cause exposure of sensitive information.\");\n\n script_tag(name:\"affected\", value:\"Adobe Flex version 3.x or 2.x\n\n Adobe AIR version prior to 1.5.1\n\n Adobe Flash CS3/CS4 Professional\n\n Adobe Flash Player 9 version prior to 9.0.159.0\n\n Adobe Flash Player 10 version prior to 10.0.22.87\");\n\n script_tag(name:\"insight\", value:\"- Error while processing multiple references to an unspecified object which\n can be exploited by tricking the user to accessing a malicious crafted SWF file.\n\n - Input validation error in the processing of SWF file.\n\n - Error while displaying the mouse pointer on Windows which may cause 'Clickjacking' attacks.\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Adobe Products and is prone to\n multiple vulnerabilities.\");\n\n script_tag(name:\"solution\", value:\"Update to version 1.5.1 for Adobe Air.\n\n Update to Adobe Flash Player 9.0.159.0 or 10.0.22.87 and Adobe CS3/CS4, Flex 3.\");\n\n script_tag(name:\"qod_type\", value:\"registry\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\ncpe_list = make_list(\"cpe:/a:adobe:flash_player\",\n \"cpe:/a:adobe:adobe_air\");\n\nif(!infos = get_app_version_and_location_from_list(cpe_list:cpe_list, exit_no_version:TRUE))\n exit(0);\n\nvers = infos[\"version\"];\npath = infos[\"location\"];\ncpe = infos[\"cpe\"];\n\nif(cpe == \"cpe:/a:adobe:flash_player\") {\n if(version_is_less(version:vers, test_version:\"9.0.159.0\") ||\n version_in_range(version:vers, test_version:\"10.0\", test_version2:\"10.0.22.86\")) {\n report = report_fixed_ver(installed_version:vers, fixed_version:\"9.0.159.0 or 10.0.22.87\", install_path:path);\n security_message(port:0, data:report);\n exit(0);\n }\n} else if(cpe == \"cpe:/a:adobe:adobe_air\") {\n if(version_is_less(version:vers, test_version:\"1.5.1\")) {\n report = report_fixed_ver(installed_version:vers, fixed_version:\"1.5.1\", install_path:path);\n security_message(port:0, data:report);\n exit(0);\n }\n}\n\nexit(99);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2017-07-26T08:55:50", "description": "The remote host is missing updates announced in\nadvisory SUSE-SA:2009:041.", "cvss3": {}, "published": "2009-08-17T00:00:00", "type": "openvas", "title": "SuSE Security Advisory SUSE-SA:2009:041 (flash-player)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-0114", "CVE-2009-0520", "CVE-2009-0519", "CVE-2009-0521"], "modified": "2017-07-11T00:00:00", "id": "OPENVAS:64565", "href": "http://plugins.openvas.org/nasl.php?oid=64565", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: suse_sa_2009_041.nasl 6668 2017-07-11 13:34:29Z cfischer $\n# Description: Auto-generated from advisory SUSE-SA:2009:041 (flash-player)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The flash-player is a web-browser plugin that allows displaying\nanimated web-content and remote access to client hardware (mic,\nweb-cam, etc.).\n\nA specially crafted Shockwave-Flash (SWF) file could cause a\nbuffer overflow in the flash-player plugin. This buffer overflow\ncan probably be exploited to execute arbitrary code remotely.\";\ntag_solution = \"Update your system with the packages as indicated in\nthe referenced security advisory.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=SUSE-SA:2009:041\";\ntag_summary = \"The remote host is missing updates announced in\nadvisory SUSE-SA:2009:041.\";\n\n \n\nif(description)\n{\n script_id(64565);\n script_version(\"$Revision: 6668 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-11 15:34:29 +0200 (Tue, 11 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-08-17 16:54:45 +0200 (Mon, 17 Aug 2009)\");\n script_cve_id(\"CVE-2009-0114\", \"CVE-2009-0519\", \"CVE-2009-0520\", \"CVE-2009-0521\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"SuSE Security Advisory SUSE-SA:2009:041 (flash-player)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"flash-player\", rpm:\"flash-player~10.0.22.87~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"flash-player\", rpm:\"flash-player~9.0.159.0~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"flash-player\", rpm:\"flash-player~9.0.159.0~0.1\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-01-02T11:06:19", "description": "This host is installed with Adobe Products and is prone to\n multiple vulnerabilities.", "cvss3": {}, "published": "2009-03-10T00:00:00", "type": "openvas", "title": "Adobe Flash Player Multiple Vulnerabilities - Mar09 (Windows)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-0114", "CVE-2009-0520", "CVE-2009-0519", "CVE-2009-0522"], "modified": "2017-12-21T00:00:00", "id": "OPENVAS:800359", "href": "http://plugins.openvas.org/nasl.php?oid=800359", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_adobe_flash_player_mult_vuln_mar09_win.nasl 8210 2017-12-21 10:26:31Z cfischer $\n#\n# Adobe Flash Player Multiple Vulnerabilities - Mar09 (Windows)\n#\n# Authors:\n# Sharath S <sharaths@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_solution = \"Update to version 1.5.1 for Adobe Air.\n http://get.adobe.com/air\n\n Update to Adobe Flash Player 9.0.159.0 or 10.0.22.87 and\n Adobe CS3/CS4, Flex 3\n http://get.adobe.com/flashplayer\n http://www.adobe.com/support/flashplayer/downloads.html#fp9\";\n\ntag_impact = \"Successful exploitation will allow remote attackers to cause remote code\n execution, compromise system privileges or may cause exposure of sensitive information.\n\n Impact Level: System/Application\";\n\ntag_affected = \"Adobe Flex version 3.x or 2.x\n\n Adobe AIR version prior to 1.5.1\n\n Adobe Flash CS3/CS4 Professional\n\n Adobe Flash Player 9 version prior to 9.0.159.0\n\n Adobe Flash Player 10 version prior to 10.0.22.87\";\n\ntag_insight = \"- Error while processing multiple references to an unspecified object which\n can be exploited by tricking the user to accessing a malicious crafted SWF file.\n\n - Input validation error in the processing of SWF file.\n\n - Error while displaying the mouse pointer on Windows which may cause\n 'Clickjacking' attacks.\";\n\ntag_summary = \"This host is installed with Adobe Products and is prone to\n multiple vulnerabilities.\";\n\nif(description)\n{\n script_id(800359);\n script_version(\"$Revision: 8210 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-21 11:26:31 +0100 (Thu, 21 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-03-10 11:59:23 +0100 (Tue, 10 Mar 2009)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_cve_id(\"CVE-2009-0114\", \"CVE-2009-0519\", \"CVE-2009-0520\", \"CVE-2009-0522\");\n script_bugtraq_id(33890);\n script_name(\"Adobe Flash Player Multiple Vulnerabilities - Mar09 (Windows)\");\n\n script_xref(name : \"URL\" , value : \"http://secunia.com/advisories/34012\");\n script_xref(name : \"URL\" , value : \"http://www.adobe.com/support/security/bulletins/apsb09-01.html\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Buffer overflow\");\n script_dependencies(\"gb_adobe_flash_player_detect_win.nasl\");\n script_mandatory_keys(\"Adobe/Air_or_Flash_or_Reader_or_Acrobat/Win/Installed\");\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"registry\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nCPE = \"cpe:/a:adobe:flash_player\";\nif(playerVer = get_app_version(cpe:CPE, nofork:TRUE))\n{\n # Check for Adobe Flash Player version prior to 9.0.159.0 or 10.0.22.87\n if(version_is_less(version:playerVer, test_version:\"9.0.159.0\") ||\n version_in_range(version:playerVer, test_version:\"10.0\",\n test_version2:\"10.0.22.86\"))\n {\n security_message(0);\n exit(0);\n }\n}\n\nCPE = \"cpe:/a:adobe:adobe_air\";\nif(airVer = get_app_version(cpe:CPE))\n{\n # Check for Adobe Air version prior to 1.5.1\n if(version_is_less(version:airVer, test_version:\"1.5.1\")){\n security_message(0);\n }\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-06T11:38:04", "description": "The remote host is missing updates announced in\nadvisory RHSA-2009:0334.\n\nThe flash-plugin package contains a Firefox-compatible Adobe Flash Player\nWeb browser plug-in.\n\nMultiple input validation flaws were found in the way Flash Player\ndisplayed certain SWF (Shockwave Flash) content. An attacker could use\nthese flaws to create a specially-crafted SWF file that could cause\nflash-plugin to crash, or, possibly, execute arbitrary code when the victim\nloaded a page containing the specially-crafted SWF content. (CVE-2009-0520,\nCVE-2009-0519)\n\nAll users of Adobe Flash Player should install this updated package, which\nupgrades Flash Player to version 9.0.159.0.", "cvss3": {}, "published": "2009-03-02T00:00:00", "type": "openvas", "title": "RedHat Security Advisory RHSA-2009:0334", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-0520", "CVE-2009-0519"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:136141256231063435", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231063435", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: RHSA_2009_0334.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory RHSA-2009:0334 ()\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates announced in\nadvisory RHSA-2009:0334.\n\nThe flash-plugin package contains a Firefox-compatible Adobe Flash Player\nWeb browser plug-in.\n\nMultiple input validation flaws were found in the way Flash Player\ndisplayed certain SWF (Shockwave Flash) content. An attacker could use\nthese flaws to create a specially-crafted SWF file that could cause\nflash-plugin to crash, or, possibly, execute arbitrary code when the victim\nloaded a page containing the specially-crafted SWF content. (CVE-2009-0520,\nCVE-2009-0519)\n\nAll users of Adobe Flash Player should install this updated package, which\nupgrades Flash Player to version 9.0.159.0.\";\n\ntag_solution = \"Please note that this update is available via\nRed Hat Network. To use Red Hat Network, launch the Red\nHat Update Agent with the following command: up2date\";\n\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.63435\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-03-02 19:11:09 +0100 (Mon, 02 Mar 2009)\");\n script_cve_id(\"CVE-2009-0519\", \"CVE-2009-0520\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"RedHat Security Advisory RHSA-2009:0334\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"http://rhn.redhat.com/errata/RHSA-2009-0334.html\");\n script_xref(name : \"URL\" , value : \"http://www.redhat.com/security/updates/classification/#critical\");\n script_xref(name : \"URL\" , value : \"http://www.adobe.com/support/security/bulletins/apsb09-01.html\");\n script_xref(name : \"URL\" , value : \"http://www.adobe.com/products/flashplayer/\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"flash-plugin\", rpm:\"flash-plugin~9.0.159.0~1.el3.with.oss\", rls:\"RHENT_3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"flash-plugin\", rpm:\"flash-plugin~9.0.159.0~1.el4\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-27T10:55:55", "description": "The remote host is missing updates announced in\nadvisory RHSA-2009:0334.\n\nThe flash-plugin package contains a Firefox-compatible Adobe Flash Player\nWeb browser plug-in.\n\nMultiple input validation flaws were found in the way Flash Player\ndisplayed certain SWF (Shockwave Flash) content. An attacker could use\nthese flaws to create a specially-crafted SWF file that could cause\nflash-plugin to crash, or, possibly, execute arbitrary code when the victim\nloaded a page containing the specially-crafted SWF content. (CVE-2009-0520,\nCVE-2009-0519)\n\nAll users of Adobe Flash Player should install this updated package, which\nupgrades Flash Player to version 9.0.159.0.", "cvss3": {}, "published": "2009-03-02T00:00:00", "type": "openvas", "title": "RedHat Security Advisory RHSA-2009:0334", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-0520", "CVE-2009-0519"], "modified": "2017-07-12T00:00:00", "id": "OPENVAS:63435", "href": "http://plugins.openvas.org/nasl.php?oid=63435", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: RHSA_2009_0334.nasl 6683 2017-07-12 09:41:57Z cfischer $\n# Description: Auto-generated from advisory RHSA-2009:0334 ()\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates announced in\nadvisory RHSA-2009:0334.\n\nThe flash-plugin package contains a Firefox-compatible Adobe Flash Player\nWeb browser plug-in.\n\nMultiple input validation flaws were found in the way Flash Player\ndisplayed certain SWF (Shockwave Flash) content. An attacker could use\nthese flaws to create a specially-crafted SWF file that could cause\nflash-plugin to crash, or, possibly, execute arbitrary code when the victim\nloaded a page containing the specially-crafted SWF content. (CVE-2009-0520,\nCVE-2009-0519)\n\nAll users of Adobe Flash Player should install this updated package, which\nupgrades Flash Player to version 9.0.159.0.\";\n\ntag_solution = \"Please note that this update is available via\nRed Hat Network. To use Red Hat Network, launch the Red\nHat Update Agent with the following command: up2date\";\n\n\n\nif(description)\n{\n script_id(63435);\n script_version(\"$Revision: 6683 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-12 11:41:57 +0200 (Wed, 12 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-03-02 19:11:09 +0100 (Mon, 02 Mar 2009)\");\n script_cve_id(\"CVE-2009-0519\", \"CVE-2009-0520\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"RedHat Security Advisory RHSA-2009:0334\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"http://rhn.redhat.com/errata/RHSA-2009-0334.html\");\n script_xref(name : \"URL\" , value : \"http://www.redhat.com/security/updates/classification/#critical\");\n script_xref(name : \"URL\" , value : \"http://www.adobe.com/support/security/bulletins/apsb09-01.html\");\n script_xref(name : \"URL\" , value : \"http://www.adobe.com/products/flashplayer/\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"flash-plugin\", rpm:\"flash-plugin~9.0.159.0~1.el3.with.oss\", rls:\"RHENT_3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"flash-plugin\", rpm:\"flash-plugin~9.0.159.0~1.el4\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:40:20", "description": "This host is installed with Adobe Products and is prone to\n multiple vulnerabilities.", "cvss3": {}, "published": "2009-03-10T00:00:00", "type": "openvas", "title": "Adobe Flash Player Multiple Vulnerabilities - Mar09 (Linux)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-0114", "CVE-2009-0520", "CVE-2009-0519", "CVE-2009-0522", "CVE-2009-0521"], "modified": "2018-12-03T00:00:00", "id": "OPENVAS:1361412562310800360", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310800360", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_adobe_flash_player_mult_vuln_mar09_lin.nasl 12629 2018-12-03 15:19:43Z cfischer $\n#\n# Adobe Flash Player Multiple Vulnerabilities - Mar09 (Linux)\n#\n# Authors:\n# Sharath S <sharaths@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.800360\");\n script_version(\"$Revision: 12629 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-12-03 16:19:43 +0100 (Mon, 03 Dec 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-03-10 11:59:23 +0100 (Tue, 10 Mar 2009)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_cve_id(\"CVE-2009-0114\", \"CVE-2009-0519\", \"CVE-2009-0520\",\n \"CVE-2009-0521\", \"CVE-2009-0522\");\n script_bugtraq_id(33890);\n script_name(\"Adobe Flash Player Multiple Vulnerabilities - Mar09 (Linux)\");\n\n script_xref(name:\"URL\", value:\"http://secunia.com/advisories/34012\");\n script_xref(name:\"URL\", value:\"http://www.adobe.com/support/security/bulletins/apsb09-01.html\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Buffer overflow\");\n script_dependencies(\"gb_adobe_flash_player_detect_lin.nasl\");\n script_mandatory_keys(\"Adobe/Air_or_Flash_or_Reader/Linux/Installed\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow remote attackers to cause remote code\n execution, compromise system privileges or may cause exposure of sensitive information.\");\n\n script_tag(name:\"affected\", value:\"Adobe AIR version prior to 1.5.1\n Adobe Flash Player 9 version prior to 9.0.159.0\n Adobe Flash Player 10 version prior to 10.0.22.87\");\n\n script_tag(name:\"insight\", value:\"- Error while processing multiple references to an unspecified object which\n can be exploited by tricking the user to access a malicious crafted SWF file.\n\n - Input validation error in the processing of SWF file.\n\n - Error while displaying the mouse pointer on Windows which may cause 'Clickjacking' attacks.\n\n - Error in the Linux Flash Player binaries which can cause disclosure of sensitive information.\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Adobe Products and is prone to\n multiple vulnerabilities.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to version Adobe Flash Player 9.0.159.0 or 10.0.22.87\n\n Update to version 1.5.1 for Adobe AIR.\");\n\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\n\ninclude(\"version_func.inc\");\n\nplayerVer = get_kb_item(\"AdobeFlashPlayer/Linux/Ver\");\nif(playerVer != NULL)\n{\n if(version_is_less(version:playerVer, test_version:\"9.0.159.0\") ||\n version_in_range(version:playerVer, test_version:\"10.0\",\n test_version2:\"10.0.22.86\"))\n {\n security_message( port: 0, data: \"The target host was found to be vulnerable\" );\n exit(0);\n }\n}\n\nairVer = get_kb_item(\"Adobe/Air/Linux/Ver\");\nif(airVer =~ \"^[01]\\.\")\n{\n if(version_is_less(version:airVer, test_version:\"1.5.1\")){\n security_message( port: 0, data: \"The target host was found to be vulnerable\" );\n }\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2017-07-14T10:55:47", "description": "This host is installed with Adobe Products and is prone to\n multiple vulnerabilities.", "cvss3": {}, "published": "2009-03-10T00:00:00", "type": "openvas", "title": "Adobe Flash Player Multiple Vulnerabilities - Mar09 (Linux)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-0114", "CVE-2009-0520", "CVE-2009-0519", "CVE-2009-0522", "CVE-2009-0521"], "modified": "2017-06-29T00:00:00", "id": "OPENVAS:800360", "href": "http://plugins.openvas.org/nasl.php?oid=800360", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_adobe_flash_player_mult_vuln_mar09_lin.nasl 6476 2017-06-29 07:32:00Z cfischer $\n#\n# Adobe Flash Player Multiple Vulnerabilities - Mar09 (Linux)\n#\n# Authors:\n# Sharath S <sharaths@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_solution = \"Upgrade to version Adobe Flash Player 9.0.159.0 or 10.0.22.87\n http://get.adobe.com/flashplayer\n\n Update to version 1.5.1 for Adobe AIR\n http://get.adobe.com/air\";\n\ntag_impact = \"Successful exploitation will allow remote attackers to cause remote code\n execution, compromise system privileges or may cause exposure of sensitive\n information.\n Impact Level: System/Application\";\ntag_affected = \"Adobe AIR version prior to 1.5.1\n Adobe Flash Player 9 version prior to 9.0.159.0\n Adobe Flash Player 10 version prior to 10.0.22.87\";\ntag_insight = \"- Error while processing multiple references to an unspecified object which\n can be exploited by tricking the user to access a malicious crafted\n SWF file.\n - Input validation error in the processing of SWF file.\n - Error while displaying the mouse pointer on Windows which may cause\n 'Clickjacking' attacks.\n - Error in the Linux Flash Player binaries which can cause disclosure of\n sensitive information.\";\ntag_summary = \"This host is installed with Adobe Products and is prone to\n multiple vulnerabilities.\";\n\nif(description)\n{\n script_id(800360);\n script_version(\"$Revision: 6476 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-06-29 09:32:00 +0200 (Thu, 29 Jun 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-03-10 11:59:23 +0100 (Tue, 10 Mar 2009)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_cve_id(\"CVE-2009-0114\", \"CVE-2009-0519\", \"CVE-2009-0520\",\n \"CVE-2009-0521\", \"CVE-2009-0522\");\n script_bugtraq_id(33890);\n script_name(\"Adobe Flash Player Multiple Vulnerabilities - Mar09 (Linux)\");\n\n script_xref(name : \"URL\" , value : \"http://secunia.com/advisories/34012\");\n script_xref(name : \"URL\" , value : \"http://www.adobe.com/support/security/bulletins/apsb09-01.html\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Buffer overflow\");\n script_dependencies(\"gb_adobe_flash_player_detect_lin.nasl\");\n script_mandatory_keys(\"Adobe/Air_or_Flash_or_Reader/Linux/Installed\");\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"version_func.inc\");\n\n# Check for Adobe Flash Player version < 9.0.159.0/10.0.22.87\nplayerVer = get_kb_item(\"AdobeFlashPlayer/Linux/Ver\");\nif(playerVer != NULL)\n{\n if(version_is_less(version:playerVer, test_version:\"9.0.159.0\") ||\n version_in_range(version:playerVer, test_version:\"10.0\",\n test_version2:\"10.0.22.86\"))\n {\n security_message(0);\n exit(0);\n }\n}\n\n# Check for Adobe Air version < 1.5.1\nairVer = get_kb_item(\"Adobe/Air/Linux/Ver\");\nif(airVer =~ \"^[0-9]\")\n{\n if(version_is_less(version:airVer, test_version:\"1.5.1\")){\n security_message(0);\n }\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:35:53", "description": "Oracle Linux Local Security Checks ELSA-2008-0849", "cvss3": {}, "published": "2015-10-08T00:00:00", "type": "openvas", "title": "Oracle Linux Local Check: ELSA-2008-0849", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-3652", "CVE-2008-3651"], "modified": "2018-09-28T00:00:00", "id": "OPENVAS:1361412562310122559", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310122559", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2008-0849.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.122559\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-08 14:47:58 +0300 (Thu, 08 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2008-0849\");\n script_tag(name:\"insight\", value:\"ELSA-2008-0849 - ipsec-tools security update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2008-0849\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2008-0849.html\");\n script_cve_id(\"CVE-2008-3651\", \"CVE-2008-3652\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux5\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux5\")\n{\n if ((res = isrpmvuln(pkg:\"ipsec-tools\", rpm:\"ipsec-tools~0.6.5~9.el5_2.3\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2017-07-27T10:56:38", "description": "Check for the Version of ipsec-tools", "cvss3": {}, "published": "2009-03-06T00:00:00", "type": "openvas", "title": "RedHat Update for ipsec-tools RHSA-2008:0849-01", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-3652", "CVE-2008-3651"], "modified": "2017-07-12T00:00:00", "id": "OPENVAS:870155", "href": "http://plugins.openvas.org/nasl.php?oid=870155", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for ipsec-tools RHSA-2008:0849-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The ipsec-tools package is used in conjunction with the IPsec functionality\n in the Linux kernel and includes racoon, an IKEv1 keying daemon.\n\n Two denial of service flaws were found in the ipsec-tools racoon daemon. It\n was possible for a remote attacker to cause the racoon daemon to consume\n all available memory. (CVE-2008-3651, CVE-2008-3652)\n \n Users of ipsec-tools should upgrade to this updated package, which contains\n backported patches that resolve these issues.\";\n\ntag_affected = \"ipsec-tools on Red Hat Enterprise Linux AS version 3,\n Red Hat Enterprise Linux ES version 3,\n Red Hat Enterprise Linux WS version 3,\n Red Hat Enterprise Linux AS version 4,\n Red Hat Enterprise Linux ES version 4,\n Red Hat Enterprise Linux WS version 4,\n Red Hat Enterprise Linux (v. 5 server)\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/rhsa-announce/2008-August/msg00019.html\");\n script_id(870155);\n script_version(\"$Revision: 6683 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-12 11:41:57 +0200 (Wed, 12 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-03-06 07:30:35 +0100 (Fri, 06 Mar 2009)\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_xref(name: \"RHSA\", value: \"2008:0849-01\");\n script_cve_id(\"CVE-2008-3651\", \"CVE-2008-3652\");\n script_name( \"RedHat Update for ipsec-tools RHSA-2008:0849-01\");\n\n script_summary(\"Check for the Version of ipsec-tools\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"RHENT_5\")\n{\n\n if ((res = isrpmvuln(pkg:\"ipsec-tools\", rpm:\"ipsec-tools~0.6.5~9.el5_2.3\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"ipsec-tools-debuginfo\", rpm:\"ipsec-tools-debuginfo~0.6.5~9.el5_2.3\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"RHENT_4\")\n{\n\n if ((res = isrpmvuln(pkg:\"ipsec-tools\", rpm:\"ipsec-tools~0.3.3~7.el4_7\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"ipsec-tools-debuginfo\", rpm:\"ipsec-tools-debuginfo~0.3.3~7.el4_7\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"RHENT_3\")\n{\n\n if ((res = isrpmvuln(pkg:\"ipsec-tools\", rpm:\"ipsec-tools~0.2.5~0.7.rhel3.5\", rls:\"RHENT_3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"ipsec-tools-debuginfo\", rpm:\"ipsec-tools-debuginfo~0.2.5~0.7.rhel3.5\", rls:\"RHENT_3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2018-04-06T11:39:35", "description": "The remote host is missing an update to the system\nas announced in the referenced advisory.", "cvss3": {}, "published": "2009-01-26T00:00:00", "type": "openvas", "title": "FreeBSD Ports: ipsec-tools", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-3652", "CVE-2008-3651"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:136141256231063280", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231063280", "sourceData": "#\n#VID abcacb5a-e7f1-11dd-afcd-00e0815b8da8\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from VID abcacb5a-e7f1-11dd-afcd-00e0815b8da8\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The following package is affected: ipsec-tools\n\nCVE-2008-3651\nMemory leak in racoon/proposal.c in the racoon daemon in ipsec-tools\nbefore 0.7.1 allows remote authenticated users to cause a denial of\nservice (memory consumption) via invalid proposals.\n\nCVE-2008-3652\nsrc/racoon/handler.c in racoon in ipsec-tools does not remove an\n'orphaned ph1' (phase 1) handle when it has been initiated remotely,\nwhich allows remote attackers to cause a denial of service (resource\nconsumption).\";\ntag_solution = \"Update your system with the appropriate patches or\nsoftware upgrades.\n\nhttp://marc.info/?l=ipsec-tools-devel&m=121688914101709&w=2\nhttp://www.vuxml.org/freebsd/abcacb5a-e7f1-11dd-afcd-00e0815b8da8.html\";\ntag_summary = \"The remote host is missing an update to the system\nas announced in the referenced advisory.\";\n\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.63280\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-01-26 18:18:20 +0100 (Mon, 26 Jan 2009)\");\n script_cve_id(\"CVE-2008-3651\", \"CVE-2008-3652\");\n script_bugtraq_id(30657);\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_name(\"FreeBSD Ports: ipsec-tools\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"FreeBSD Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/freebsdrel\", \"login/SSH/success\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-bsd.inc\");\n\ntxt = \"\";\nvuln = 0;\nbver = portver(pkg:\"ipsec-tools\");\nif(!isnull(bver) && revcomp(a:bver, b:\"0.7.1\")<0) {\n txt += 'Package ipsec-tools version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\n\nif(vuln) {\n security_message(data:string(txt));\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2018-04-06T11:38:15", "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n ipsec-tools\n\n\nMore details may also be found by searching for the SuSE\nEnterprise Server 10 patch database located at\nhttp://download.novell.com/patch/finder/", "cvss3": {}, "published": "2009-10-13T00:00:00", "type": "openvas", "title": "SLES10: Security update for ipsec-tools", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-3652", "CVE-2008-3651"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:136141256231065953", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231065953", "sourceData": "#\n#VID slesp2-ipsec-tools-5638\n# OpenVAS Vulnerability Test\n# $\n# Description: Security update for ipsec-tools\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n ipsec-tools\n\n\nMore details may also be found by searching for the SuSE\nEnterprise Server 10 patch database located at\nhttp://download.novell.com/patch/finder/\";\n\ntag_solution = \"Please install the updates provided by SuSE.\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.65953\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-13 18:25:40 +0200 (Tue, 13 Oct 2009)\");\n script_cve_id(\"CVE-2008-3651\", \"CVE-2008-3652\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_name(\"SLES10: Security update for ipsec-tools\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse_sles\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"ipsec-tools\", rpm:\"ipsec-tools~0.6.5~10.10\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2017-07-26T08:56:05", "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n ipsec-tools\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5037740 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/", "cvss3": {}, "published": "2009-10-10T00:00:00", "type": "openvas", "title": "SLES9: Security update for ipsec-tools", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-3652", "CVE-2008-3651"], "modified": "2017-07-11T00:00:00", "id": "OPENVAS:65306", "href": "http://plugins.openvas.org/nasl.php?oid=65306", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: sles9p5037740.nasl 6666 2017-07-11 13:13:36Z cfischer $\n# Description: Security update for ipsec-tools\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n ipsec-tools\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5037740 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/\";\n\ntag_solution = \"Please install the updates provided by SuSE.\";\n \nif(description)\n{\n script_id(65306);\n script_version(\"$Revision: 6666 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-11 15:13:36 +0200 (Tue, 11 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-10 16:11:46 +0200 (Sat, 10 Oct 2009)\");\n script_cve_id(\"CVE-2008-3651\", \"CVE-2008-3652\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_name(\"SLES9: Security update for ipsec-tools\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse_sles\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"ipsec-tools\", rpm:\"ipsec-tools~0.3.3~1.15\", rls:\"SLES9.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2017-07-24T12:49:41", "description": "The remote host is missing updates announced in\nadvisory GLSA 200812-03.", "cvss3": {}, "published": "2008-12-03T00:00:00", "type": "openvas", "title": "Gentoo Security Advisory GLSA 200812-03 (ipsec-tools)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-3652", "CVE-2008-3651"], "modified": "2017-07-07T00:00:00", "id": "OPENVAS:61942", "href": "http://plugins.openvas.org/nasl.php?oid=61942", "sourceData": "#\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from Gentoo's XML based advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"IPsec-Tools' racoon is affected by a remote Denial of Service\nvulnerability.\";\ntag_solution = \"All IPsec-Tools users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=net-firewall/ipsec-tools-0.7.1'\n\nhttp://www.securityspace.com/smysecure/catid.html?in=GLSA%20200812-03\nhttp://bugs.gentoo.org/show_bug.cgi?id=232831\";\ntag_summary = \"The remote host is missing updates announced in\nadvisory GLSA 200812-03.\";\n\n \n \n\nif(description)\n{\n script_id(61942);\n script_version(\"$Revision: 6596 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 11:21:37 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-12-03 18:25:22 +0100 (Wed, 03 Dec 2008)\");\n script_cve_id(\"CVE-2008-3651\", \"CVE-2008-3652\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_name(\"Gentoo Security Advisory GLSA 200812-03 (ipsec-tools)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Gentoo Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-gentoo.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = ispkgvuln(pkg:\"net-firewall/ipsec-tools\", unaffected: make_list(\"ge 0.7.1\"), vulnerable: make_list(\"lt 0.7.1\"))) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2018-04-06T11:39:53", "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n ipsec-tools\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5037740 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/", "cvss3": {}, "published": "2009-10-10T00:00:00", "type": "openvas", "title": "SLES9: Security update for ipsec-tools", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-3652", "CVE-2008-3651"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:136141256231065306", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231065306", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: sles9p5037740.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Security update for ipsec-tools\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n ipsec-tools\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5037740 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/\";\n\ntag_solution = \"Please install the updates provided by SuSE.\";\n \nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.65306\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-10 16:11:46 +0200 (Sat, 10 Oct 2009)\");\n script_cve_id(\"CVE-2008-3651\", \"CVE-2008-3652\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_name(\"SLES9: Security update for ipsec-tools\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse_sles\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"ipsec-tools\", rpm:\"ipsec-tools~0.3.3~1.15\", rls:\"SLES9.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2017-07-25T10:56:40", "description": "Check for the Version of ipsec-tools", "cvss3": {}, "published": "2009-02-17T00:00:00", "type": "openvas", "title": "Fedora Update for ipsec-tools FEDORA-2008-9016", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-3652", "CVE-2008-3651"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:860020", "href": "http://plugins.openvas.org/nasl.php?oid=860020", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for ipsec-tools FEDORA-2008-9016\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"This is the IPsec-Tools package. You need this package in order to\n really use the IPsec functionality in the linux-2.5+ kernels. This\n package builds:\n\n \t- setkey, a program to directly manipulate policies and SAs\n \t- racoon, an IKEv1 keying daemon\";\n\ntag_affected = \"ipsec-tools on Fedora 8\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00190.html\");\n script_id(860020);\n script_version(\"$Revision: 6623 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:10:20 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-17 17:07:33 +0100 (Tue, 17 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_xref(name: \"FEDORA\", value: \"2008-9016\");\n script_cve_id(\"CVE-2008-3651\", \"CVE-2008-3652\");\n script_name( \"Fedora Update for ipsec-tools FEDORA-2008-9016\");\n\n script_summary(\"Check for the Version of ipsec-tools\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC8\")\n{\n\n if ((res = isrpmvuln(pkg:\"ipsec-tools\", rpm:\"ipsec-tools~0.7.1~5.fc8\", rls:\"FC8\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2017-07-24T12:56:24", "description": "Check for the Version of ipsec-tools", "cvss3": {}, "published": "2009-04-09T00:00:00", "type": "openvas", "title": "Mandriva Update for ipsec-tools MDVSA-2008:181 (ipsec-tools)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-3652", "CVE-2008-3651"], "modified": "2017-07-06T00:00:00", "id": "OPENVAS:830488", "href": "http://plugins.openvas.org/nasl.php?oid=830488", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for ipsec-tools MDVSA-2008:181 (ipsec-tools)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Two denial of service vulnerabilities were discovered in the\n ipsec-tools racoon daemon, which could allow a remote attacker to cause\n it to consume all available memory (CVE-2008-3651, CVE-2008-3652).\n\n The updated packages have been patched to prevent these issues.\";\n\ntag_affected = \"ipsec-tools on Mandriva Linux 2007.1,\n Mandriva Linux 2007.1/X86_64,\n Mandriva Linux 2008.0,\n Mandriva Linux 2008.0/X86_64,\n Mandriva Linux 2008.1,\n Mandriva Linux 2008.1/X86_64\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.mandriva.com/security-announce/2008-08/msg00027.php\");\n script_id(830488);\n script_version(\"$Revision: 6568 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-06 15:04:21 +0200 (Thu, 06 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-04-09 14:18:58 +0200 (Thu, 09 Apr 2009)\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_xref(name: \"MDVSA\", value: \"2008:181\");\n script_cve_id(\"CVE-2008-3651\", \"CVE-2008-3652\");\n script_name( \"Mandriva Update for ipsec-tools MDVSA-2008:181 (ipsec-tools)\");\n\n script_summary(\"Check for the Version of ipsec-tools\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"MNDK_2007.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"ipsec-tools\", rpm:\"ipsec-tools~0.6.6~2.2mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libipsec0\", rpm:\"libipsec0~0.6.6~2.2mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libipsec0-devel\", rpm:\"libipsec0-devel~0.6.6~2.2mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64ipsec0\", rpm:\"lib64ipsec0~0.6.6~2.2mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64ipsec0-devel\", rpm:\"lib64ipsec0-devel~0.6.6~2.2mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_2008.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"ipsec-tools\", rpm:\"ipsec-tools~0.6.7~1.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libipsec0\", rpm:\"libipsec0~0.6.7~1.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libipsec0-devel\", rpm:\"libipsec0-devel~0.6.7~1.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64ipsec0\", rpm:\"lib64ipsec0~0.6.7~1.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64ipsec0-devel\", rpm:\"lib64ipsec0-devel~0.6.7~1.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_2008.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"ipsec-tools\", rpm:\"ipsec-tools~0.7~1.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libipsec0\", rpm:\"libipsec0~0.7~1.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libipsec-devel\", rpm:\"libipsec-devel~0.7~1.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64ipsec0\", rpm:\"lib64ipsec0~0.7~1.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64ipsec-devel\", rpm:\"lib64ipsec-devel~0.7~1.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2018-04-09T11:41:14", "description": "Check for the Version of ipsec-tools", "cvss3": {}, "published": "2009-03-06T00:00:00", "type": "openvas", "title": "RedHat Update for ipsec-tools RHSA-2008:0849-01", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-3652", "CVE-2008-3651"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:1361412562310870155", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310870155", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for ipsec-tools RHSA-2008:0849-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The ipsec-tools package is used in conjunction with the IPsec functionality\n in the Linux kernel and includes racoon, an IKEv1 keying daemon.\n\n Two denial of service flaws were found in the ipsec-tools racoon daemon. It\n was possible for a remote attacker to cause the racoon daemon to consume\n all available memory. (CVE-2008-3651, CVE-2008-3652)\n \n Users of ipsec-tools should upgrade to this updated package, which contains\n backported patches that resolve these issues.\";\n\ntag_affected = \"ipsec-tools on Red Hat Enterprise Linux AS version 3,\n Red Hat Enterprise Linux ES version 3,\n Red Hat Enterprise Linux WS version 3,\n Red Hat Enterprise Linux AS version 4,\n Red Hat Enterprise Linux ES version 4,\n Red Hat Enterprise Linux WS version 4,\n Red Hat Enterprise Linux (v. 5 server)\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/rhsa-announce/2008-August/msg00019.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.870155\");\n script_version(\"$Revision: 9370 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:53:14 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-03-06 07:30:35 +0100 (Fri, 06 Mar 2009)\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_xref(name: \"RHSA\", value: \"2008:0849-01\");\n script_cve_id(\"CVE-2008-3651\", \"CVE-2008-3652\");\n script_name( \"RedHat Update for ipsec-tools RHSA-2008:0849-01\");\n\n script_tag(name:\"summary\", value:\"Check for the Version of ipsec-tools\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"RHENT_5\")\n{\n\n if ((res = isrpmvuln(pkg:\"ipsec-tools\", rpm:\"ipsec-tools~0.6.5~9.el5_2.3\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"ipsec-tools-debuginfo\", rpm:\"ipsec-tools-debuginfo~0.6.5~9.el5_2.3\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"RHENT_4\")\n{\n\n if ((res = isrpmvuln(pkg:\"ipsec-tools\", rpm:\"ipsec-tools~0.3.3~7.el4_7\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"ipsec-tools-debuginfo\", rpm:\"ipsec-tools-debuginfo~0.3.3~7.el4_7\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"RHENT_3\")\n{\n\n if ((res = isrpmvuln(pkg:\"ipsec-tools\", rpm:\"ipsec-tools~0.2.5~0.7.rhel3.5\", rls:\"RHENT_3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"ipsec-tools-debuginfo\", rpm:\"ipsec-tools-debuginfo~0.2.5~0.7.rhel3.5\", rls:\"RHENT_3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2017-07-25T10:56:11", "description": "Check for the Version of ipsec-tools", "cvss3": {}, "published": "2009-02-17T00:00:00", "type": "openvas", "title": "Fedora Update for ipsec-tools FEDORA-2008-9007", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-3652", "CVE-2008-3651"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:860826", "href": "http://plugins.openvas.org/nasl.php?oid=860826", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for ipsec-tools FEDORA-2008-9007\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"This is the IPsec-Tools package. You need this package in order to\n really use the IPsec functionality in the linux-2.5+ kernels. This\n package builds:\n\n \t- setkey, a program to directly manipulate policies and SAs\n \t- racoon, an IKEv1 keying daemon\";\n\ntag_affected = \"ipsec-tools on Fedora 9\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00129.html\");\n script_id(860826);\n script_version(\"$Revision: 6623 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:10:20 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-17 17:07:33 +0100 (Tue, 17 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_xref(name: \"FEDORA\", value: \"2008-9007\");\n script_cve_id(\"CVE-2008-3651\", \"CVE-2008-3652\");\n script_name( \"Fedora Update for ipsec-tools FEDORA-2008-9007\");\n\n script_summary(\"Check for the Version of ipsec-tools\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC9\")\n{\n\n if ((res = isrpmvuln(pkg:\"ipsec-tools\", rpm:\"ipsec-tools~0.7.1~5.fc9\", rls:\"FC9\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2017-07-02T21:14:09", "description": "The remote host is missing an update to the system\nas announced in the referenced advisory.", "cvss3": {}, "published": "2009-01-26T00:00:00", "type": "openvas", "title": "FreeBSD Ports: ipsec-tools", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-3652", "CVE-2008-3651"], "modified": "2016-12-23T00:00:00", "id": "OPENVAS:63280", "href": "http://plugins.openvas.org/nasl.php?oid=63280", "sourceData": "#\n#VID abcacb5a-e7f1-11dd-afcd-00e0815b8da8\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from VID abcacb5a-e7f1-11dd-afcd-00e0815b8da8\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The following package is affected: ipsec-tools\n\nCVE-2008-3651\nMemory leak in racoon/proposal.c in the racoon daemon in ipsec-tools\nbefore 0.7.1 allows remote authenticated users to cause a denial of\nservice (memory consumption) via invalid proposals.\n\nCVE-2008-3652\nsrc/racoon/handler.c in racoon in ipsec-tools does not remove an\n'orphaned ph1' (phase 1) handle when it has been initiated remotely,\nwhich allows remote attackers to cause a denial of service (resource\nconsumption).\";\ntag_solution = \"Update your system with the appropriate patches or\nsoftware upgrades.\n\nhttp://marc.info/?l=ipsec-tools-devel&m=121688914101709&w=2\nhttp://www.vuxml.org/freebsd/abcacb5a-e7f1-11dd-afcd-00e0815b8da8.html\";\ntag_summary = \"The remote host is missing an update to the system\nas announced in the referenced advisory.\";\n\n\n\nif(description)\n{\n script_id(63280);\n script_version(\"$Revision: 4847 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2016-12-23 10:33:16 +0100 (Fri, 23 Dec 2016) $\");\n script_tag(name:\"creation_date\", value:\"2009-01-26 18:18:20 +0100 (Mon, 26 Jan 2009)\");\n script_cve_id(\"CVE-2008-3651\", \"CVE-2008-3652\");\n script_bugtraq_id(30657);\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_name(\"FreeBSD Ports: ipsec-tools\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"FreeBSD Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/freebsdrel\", \"login/SSH/success\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-bsd.inc\");\n\ntxt = \"\";\nvuln = 0;\nbver = portver(pkg:\"ipsec-tools\");\nif(!isnull(bver) && revcomp(a:bver, b:\"0.7.1\")<0) {\n txt += 'Package ipsec-tools version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\n\nif(vuln) {\n security_message(data:string(txt));\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2017-07-25T10:57:08", "description": "Check for the Version of ipsec-tools", "cvss3": {}, "published": "2009-02-27T00:00:00", "type": "openvas", "title": "CentOS Update for ipsec-tools CESA-2008:0849 centos3 i386", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-3652", "CVE-2008-3651"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:880133", "href": "http://plugins.openvas.org/nasl.php?oid=880133", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for ipsec-tools CESA-2008:0849 centos3 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The ipsec-tools package is used in conjunction with the IPsec functionality\n in the Linux kernel and includes racoon, an IKEv1 keying daemon.\n\n Two denial of service flaws were found in the ipsec-tools racoon daemon. It\n was possible for a remote attacker to cause the racoon daemon to consume\n all available memory. (CVE-2008-3651, CVE-2008-3652)\n \n Users of ipsec-tools should upgrade to this updated package, which contains\n backported patches that resolve these issues.\";\n\ntag_affected = \"ipsec-tools on CentOS 3\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2008-August/015207.html\");\n script_id(880133);\n script_version(\"$Revision: 6651 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 13:45:21 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-27 09:02:20 +0100 (Fri, 27 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_xref(name: \"CESA\", value: \"2008:0849\");\n script_cve_id(\"CVE-2008-3651\", \"CVE-2008-3652\");\n script_name( \"CentOS Update for ipsec-tools CESA-2008:0849 centos3 i386\");\n\n script_summary(\"Check for the Version of ipsec-tools\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS3\")\n{\n\n if ((res = isrpmvuln(pkg:\"ipsec-tools\", rpm:\"ipsec-tools~0.2.5~0.7.rhel3.5\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2017-07-26T08:55:33", "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n ipsec-tools\n\n\nMore details may also be found by searching for the SuSE\nEnterprise Server 10 patch database located at\nhttp://download.novell.com/patch/finder/", "cvss3": {}, "published": "2009-10-13T00:00:00", "type": "openvas", "title": "SLES10: Security update for ipsec-tools", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-3652", "CVE-2008-3651"], "modified": "2017-07-11T00:00:00", "id": "OPENVAS:65953", "href": "http://plugins.openvas.org/nasl.php?oid=65953", "sourceData": "#\n#VID slesp2-ipsec-tools-5638\n# OpenVAS Vulnerability Test\n# $\n# Description: Security update for ipsec-tools\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n ipsec-tools\n\n\nMore details may also be found by searching for the SuSE\nEnterprise Server 10 patch database located at\nhttp://download.novell.com/patch/finder/\";\n\ntag_solution = \"Please install the updates provided by SuSE.\";\n\nif(description)\n{\n script_id(65953);\n script_version(\"$Revision: 6666 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-11 15:13:36 +0200 (Tue, 11 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-13 18:25:40 +0200 (Tue, 13 Oct 2009)\");\n script_cve_id(\"CVE-2008-3651\", \"CVE-2008-3652\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_name(\"SLES10: Security update for ipsec-tools\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse_sles\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"ipsec-tools\", rpm:\"ipsec-tools~0.6.5~10.10\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2018-04-09T11:41:31", "description": "Check for the Version of ipsec-tools", "cvss3": {}, "published": "2009-02-27T00:00:00", "type": "openvas", "title": "CentOS Update for ipsec-tools CESA-2008:0849 centos3 i386", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-3652", "CVE-2008-3651"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:1361412562310880133", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310880133", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for ipsec-tools CESA-2008:0849 centos3 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The ipsec-tools package is used in conjunction with the IPsec functionality\n in the Linux kernel and includes racoon, an IKEv1 keying daemon.\n\n Two denial of service flaws were found in the ipsec-tools racoon daemon. It\n was possible for a remote attacker to cause the racoon daemon to consume\n all available memory. (CVE-2008-3651, CVE-2008-3652)\n \n Users of ipsec-tools should upgrade to this updated package, which contains\n backported patches that resolve these issues.\";\n\ntag_affected = \"ipsec-tools on CentOS 3\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2008-August/015207.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.880133\");\n script_version(\"$Revision: 9370 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:53:14 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-27 09:02:20 +0100 (Fri, 27 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_xref(name: \"CESA\", value: \"2008:0849\");\n script_cve_id(\"CVE-2008-3651\", \"CVE-2008-3652\");\n script_name( \"CentOS Update for ipsec-tools CESA-2008:0849 centos3 i386\");\n\n script_tag(name:\"summary\", value:\"Check for the Version of ipsec-tools\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS3\")\n{\n\n if ((res = isrpmvuln(pkg:\"ipsec-tools\", rpm:\"ipsec-tools~0.2.5~0.7.rhel3.5\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2017-07-25T10:56:40", "description": "Check for the Version of ipsec-tools", "cvss3": {}, "published": "2009-02-27T00:00:00", "type": "openvas", "title": "CentOS Update for ipsec-tools CESA-2008:0849 centos3 x86_64", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-3652", "CVE-2008-3651"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:880153", "href": "http://plugins.openvas.org/nasl.php?oid=880153", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for ipsec-tools CESA-2008:0849 centos3 x86_64\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The ipsec-tools package is used in conjunction with the IPsec functionality\n in the Linux kernel and includes racoon, an IKEv1 keying daemon.\n\n Two denial of service flaws were found in the ipsec-tools racoon daemon. It\n was possible for a remote attacker to cause the racoon daemon to consume\n all available memory. (CVE-2008-3651, CVE-2008-3652)\n \n Users of ipsec-tools should upgrade to this updated package, which contains\n backported patches that resolve these issues.\";\n\ntag_affected = \"ipsec-tools on CentOS 3\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2008-August/015208.html\");\n script_id(880153);\n script_version(\"$Revision: 6651 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 13:45:21 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-27 09:02:20 +0100 (Fri, 27 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_xref(name: \"CESA\", value: \"2008:0849\");\n script_cve_id(\"CVE-2008-3651\", \"CVE-2008-3652\");\n script_name( \"CentOS Update for ipsec-tools CESA-2008:0849 centos3 x86_64\");\n\n script_summary(\"Check for the Version of ipsec-tools\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS3\")\n{\n\n if ((res = isrpmvuln(pkg:\"ipsec-tools\", rpm:\"ipsec-tools~0.2.5~0.7.rhel3.5\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2017-12-04T11:29:46", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-641-1", "cvss3": {}, "published": "2009-03-23T00:00:00", "type": "openvas", "title": "Ubuntu Update for ipsec-tools vulnerabilities USN-641-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-3652", "CVE-2008-3651"], "modified": "2017-12-01T00:00:00", "id": "OPENVAS:840260", "href": "http://plugins.openvas.org/nasl.php?oid=840260", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_641_1.nasl 7969 2017-12-01 09:23:16Z santu $\n#\n# Ubuntu Update for ipsec-tools vulnerabilities USN-641-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"It was discovered that there were multiple ways to leak memory during\n the IKE negotiation when handling certain packets. If a remote attacker\n sent repeated malicious requests, the "racoon" key exchange server could\n allocate large amounts of memory, possibly leading to a denial of service.\";\n\ntag_summary = \"Ubuntu Update for Linux kernel vulnerabilities USN-641-1\";\ntag_affected = \"ipsec-tools vulnerabilities on Ubuntu 6.06 LTS ,\n Ubuntu 7.04 ,\n Ubuntu 7.10 ,\n Ubuntu 8.04 LTS\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-641-1/\");\n script_id(840260);\n script_version(\"$Revision: 7969 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-01 10:23:16 +0100 (Fri, 01 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-03-23 10:59:50 +0100 (Mon, 23 Mar 2009)\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_xref(name: \"USN\", value: \"641-1\");\n script_cve_id(\"CVE-2008-3651\", \"CVE-2008-3652\");\n script_name( \"Ubuntu Update for ipsec-tools vulnerabilities USN-641-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU6.06 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"ipsec-tools\", ver:\"0.6.5-4ubuntu1.2\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"racoon\", ver:\"0.6.5-4ubuntu1.2\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU7.04\")\n{\n\n if ((res = isdpkgvuln(pkg:\"ipsec-tools\", ver:\"0.6.6-3ubuntu3.1\", rls:\"UBUNTU7.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"racoon\", ver:\"0.6.6-3ubuntu3.1\", rls:\"UBUNTU7.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU8.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"ipsec-tools\", ver:\"0.6.7-1.1ubuntu1.1\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"racoon\", ver:\"0.6.7-1.1ubuntu1.1\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU7.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"ipsec-tools\", ver:\"0.6.6-3.1ubuntu3.1\", rls:\"UBUNTU7.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"racoon\", ver:\"0.6.6-3.1ubuntu3.1\", rls:\"UBUNTU7.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2018-04-09T11:40:20", "description": "Check for the Version of ipsec-tools", "cvss3": {}, "published": "2009-02-27T00:00:00", "type": "openvas", "title": "CentOS Update for ipsec-tools CESA-2008:0849 centos3 x86_64", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-3652", "CVE-2008-3651"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:1361412562310880153", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310880153", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for ipsec-tools CESA-2008:0849 centos3 x86_64\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The ipsec-tools package is used in conjunction with the IPsec functionality\n in the Linux kernel and includes racoon, an IKEv1 keying daemon.\n\n Two denial of service flaws were found in the ipsec-tools racoon daemon. It\n was possible for a remote attacker to cause the racoon daemon to consume\n all available memory. (CVE-2008-3651, CVE-2008-3652)\n \n Users of ipsec-tools should upgrade to this updated package, which contains\n backported patches that resolve these issues.\";\n\ntag_affected = \"ipsec-tools on CentOS 3\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2008-August/015208.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.880153\");\n script_version(\"$Revision: 9370 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:53:14 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-27 09:02:20 +0100 (Fri, 27 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_xref(name: \"CESA\", value: \"2008:0849\");\n script_cve_id(\"CVE-2008-3651\", \"CVE-2008-3652\");\n script_name( \"CentOS Update for ipsec-tools CESA-2008:0849 centos3 x86_64\");\n\n script_tag(name:\"summary\", value:\"Check for the Version of ipsec-tools\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS3\")\n{\n\n if ((res = isrpmvuln(pkg:\"ipsec-tools\", rpm:\"ipsec-tools~0.2.5~0.7.rhel3.5\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2018-04-09T11:39:32", "description": "Check for the Version of ipsec-tools", "cvss3": {}, "published": "2009-04-09T00:00:00", "type": "openvas", "title": "Mandriva Update for ipsec-tools MDVSA-2008:181 (ipsec-tools)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-3652", "CVE-2008-3651"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:1361412562310830488", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310830488", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for ipsec-tools MDVSA-2008:181 (ipsec-tools)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Two denial of service vulnerabilities were discovered in the\n ipsec-tools racoon daemon, which could allow a remote attacker to cause\n it to consume all available memory (CVE-2008-3651, CVE-2008-3652).\n\n The updated packages have been patched to prevent these issues.\";\n\ntag_affected = \"ipsec-tools on Mandriva Linux 2007.1,\n Mandriva Linux 2007.1/X86_64,\n Mandriva Linux 2008.0,\n Mandriva Linux 2008.0/X86_64,\n Mandriva Linux 2008.1,\n Mandriva Linux 2008.1/X86_64\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.mandriva.com/security-announce/2008-08/msg00027.php\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.830488\");\n script_version(\"$Revision: 9370 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:53:14 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-04-09 14:18:58 +0200 (Thu, 09 Apr 2009)\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_xref(name: \"MDVSA\", value: \"2008:181\");\n script_cve_id(\"CVE-2008-3651\", \"CVE-2008-3652\");\n script_name( \"Mandriva Update for ipsec-tools MDVSA-2008:181 (ipsec-tools)\");\n\n script_tag(name:\"summary\", value:\"Check for the Version of ipsec-tools\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"MNDK_2007.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"ipsec-tools\", rpm:\"ipsec-tools~0.6.6~2.2mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libipsec0\", rpm:\"libipsec0~0.6.6~2.2mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libipsec0-devel\", rpm:\"libipsec0-devel~0.6.6~2.2mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64ipsec0\", rpm:\"lib64ipsec0~0.6.6~2.2mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64ipsec0-devel\", rpm:\"lib64ipsec0-devel~0.6.6~2.2mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_2008.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"ipsec-tools\", rpm:\"ipsec-tools~0.6.7~1.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libipsec0\", rpm:\"libipsec0~0.6.7~1.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libipsec0-devel\", rpm:\"libipsec0-devel~0.6.7~1.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64ipsec0\", rpm:\"lib64ipsec0~0.6.7~1.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64ipsec0-devel\", rpm:\"lib64ipsec0-devel~0.6.7~1.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_2008.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"ipsec-tools\", rpm:\"ipsec-tools~0.7~1.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libipsec0\", rpm:\"libipsec0~0.7~1.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libipsec-devel\", rpm:\"libipsec-devel~0.7~1.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64ipsec0\", rpm:\"lib64ipsec0~0.7~1.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64ipsec-devel\", rpm:\"lib64ipsec-devel~0.7~1.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:39:17", "description": "The remote host is missing an update as announced\nvia advisory SSA:2009-014-02.", "cvss3": {}, "published": "2012-09-11T00:00:00", "type": "openvas", "title": "Slackware Advisory SSA:2009-014-02 bind", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-5077", "CVE-2009-0025"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:136141256231063231", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231063231", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: esoft_slk_ssa_2009_014_02.nasl 14202 2019-03-15 09:16:15Z cfischer $\n# Description: Auto-generated from the corresponding slackware advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.63231\");\n script_tag(name:\"creation_date\", value:\"2012-09-11 01:34:21 +0200 (Tue, 11 Sep 2012)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 10:16:15 +0100 (Fri, 15 Mar 2019) $\");\n script_cve_id(\"CVE-2008-5077\", \"CVE-2009-0025\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_version(\"$Revision: 14202 $\");\n script_name(\"Slackware Advisory SSA:2009-014-02 bind\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Slackware Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/slackware_linux\", \"ssh/login/slackpack\", re:\"ssh/login/release=SLK(8\\.1|9\\.0|9\\.1|10\\.0|10\\.1|10\\.2|11\\.0|12\\.0|12\\.1|12\\.2)\");\n\n script_xref(name:\"URL\", value:\"https://secure1.securityspace.com/smysecure/catid.html?in=SSA:2009-014-02\");\n\n script_tag(name:\"insight\", value:\"New bind packages are available for Slackware 8.1, 9.0, 9.1, 10.0, 10.1, 10.2,\n11.0, 12.0, 12.1, 12.2, and -current to fix a security issue.\n\nMore details about this issue is linked in the references.\");\n\n script_xref(name:\"URL\", value:\"https://www.isc.org/node/373\");\n script_xref(name:\"URL\", value:\"http://www.ocert.org/advisories/ocert-2008-016.html\");\n\n script_tag(name:\"solution\", value:\"Upgrade to the new package(s).\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update as announced\nvia advisory SSA:2009-014-02.\");\n\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-slack.inc\");\n\nreport = \"\";\nres = \"\";\n\nif((res = isslkpkgvuln(pkg:\"bind\", ver:\"9.3.6_P1-i386-1_slack8.1\", rls:\"SLK8.1\")) != NULL) {\n report += res;\n}\nif((res = isslkpkgvuln(pkg:\"bind\", ver:\"9.3.6_P1-i386-1_slack9.0\", rls:\"SLK9.0\")) != NULL) {\n report += res;\n}\nif((res = isslkpkgvuln(pkg:\"bind\", ver:\"9.3.6_P1-i486-1_slack9.1\", rls:\"SLK9.1\")) != NULL) {\n report += res;\n}\nif((res = isslkpkgvuln(pkg:\"bind\", ver:\"9.3.6_P1-i486-1_slack10.0\", rls:\"SLK10.0\")) != NULL) {\n report += res;\n}\nif((res = isslkpkgvuln(pkg:\"bind\", ver:\"9.3.6_P1-i486-1_slack10.1\", rls:\"SLK10.1\")) != NULL) {\n report += res;\n}\nif((res = isslkpkgvuln(pkg:\"bind\", ver:\"9.3.6_P1-i486-1_slack10.2\", rls:\"SLK10.2\")) != NULL) {\n report += res;\n}\nif((res = isslkpkgvuln(pkg:\"bind\", ver:\"9.3.6_P1-i486-1_slack11.0\", rls:\"SLK11.0\")) != NULL) {\n report += res;\n}\nif((res = isslkpkgvuln(pkg:\"bind\", ver:\"9.4.3_P1-i486-1_slack12.0\", rls:\"SLK12.0\")) != NULL) {\n report += res;\n}\nif((res = isslkpkgvuln(pkg:\"bind\", ver:\"9.4.3_P1-i486-1_slack12.1\", rls:\"SLK12.1\")) != NULL) {\n report += res;\n}\nif((res = isslkpkgvuln(pkg:\"bind\", ver:\"9.4.3_P1-i486-1_slack12.2\", rls:\"SLK12.2\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2017-07-24T12:50:54", "description": "The remote host is missing an update as announced\nvia advisory SSA:2009-014-02.", "cvss3": {}, "published": "2012-09-11T00:00:00", "type": "openvas", "title": "Slackware Advisory SSA:2009-014-02 bind", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-5077", "CVE-2009-0025"], "modified": "2017-07-07T00:00:00", "id": "OPENVAS:63231", "href": "http://plugins.openvas.org/nasl.php?oid=63231", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: esoft_slk_ssa_2009_014_02.nasl 6598 2017-07-07 09:36:44Z cfischer $\n# Description: Auto-generated from the corresponding slackware advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"New bind packages are available for Slackware 8.1, 9.0, 9.1, 10.0, 10.1, 10.2,\n11.0, 12.0, 12.1, 12.2, and -current to fix a security issue.\n\nMore details about this issue may be found here:\nhttps://www.isc.org/node/373\nhttp://www.ocert.org/advisories/ocert-2008-016.html\";\ntag_summary = \"The remote host is missing an update as announced\nvia advisory SSA:2009-014-02.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=SSA:2009-014-02\";\n \nif(description)\n{\n script_id(63231);\n script_tag(name:\"creation_date\", value:\"2012-09-11 01:34:21 +0200 (Tue, 11 Sep 2012)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 11:36:44 +0200 (Fri, 07 Jul 2017) $\");\n script_cve_id(\"CVE-2008-5077\", \"CVE-2009-0025\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_version(\"$Revision: 6598 $\");\n name = \"Slackware Advisory SSA:2009-014-02 bind \";\n script_name(name);\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Slackware Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/slackware_linux\", \"ssh/login/slackpack\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-slack.inc\");\nvuln = 0;\nif(isslkpkgvuln(pkg:\"bind\", ver:\"9.3.6_P1-i386-1_slack8.1\", rls:\"SLK8.1\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"bind\", ver:\"9.3.6_P1-i386-1_slack9.0\", rls:\"SLK9.0\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"bind\", ver:\"9.3.6_P1-i486-1_slack9.1\", rls:\"SLK9.1\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"bind\", ver:\"9.3.6_P1-i486-1_slack10.0\", rls:\"SLK10.0\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"bind\", ver:\"9.3.6_P1-i486-1_slack10.1\", rls:\"SLK10.1\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"bind\", ver:\"9.3.6_P1-i486-1_slack10.2\", rls:\"SLK10.2\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"bind\", ver:\"9.3.6_P1-i486-1_slack11.0\", rls:\"SLK11.0\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"bind\", ver:\"9.4.3_P1-i486-1_slack12.0\", rls:\"SLK12.0\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"bind\", ver:\"9.4.3_P1-i486-1_slack12.1\", rls:\"SLK12.1\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"bind\", ver:\"9.4.3_P1-i486-1_slack12.2\", rls:\"SLK12.2\")) {\n vuln = 1;\n}\n\nif(vuln) {\n security_message(0);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:38:58", "description": "The remote host is missing an update as announced\nvia advisory SSA:2009-116-01.", "cvss3": {}, "published": "2012-09-11T00:00:00", "type": "openvas", "title": "Slackware Advisory SSA:2009-116-01 cups", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-0164", "CVE-2009-0166", "CVE-2009-0147", "CVE-2009-0146", "CVE-2009-0163"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:136141256231063893", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231063893", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: esoft_slk_ssa_2009_116_01.nasl 14202 2019-03-15 09:16:15Z cfischer $\n# Description: Auto-generated from the corresponding slackware advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.63893\");\n script_tag(name:\"creation_date\", value:\"2012-09-11 01:34:21 +0200 (Tue, 11 Sep 2012)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 10:16:15 +0100 (Fri, 15 Mar 2019) $\");\n script_cve_id(\"CVE-2009-0146\", \"CVE-2009-0147\", \"CVE-2009-0163\", \"CVE-2009-0164\", \"CVE-2009-0166\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_version(\"$Revision: 14202 $\");\n script_name(\"Slackware Advisory SSA:2009-116-01 cups\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Slackware Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/slackware_linux\", \"ssh/login/slackpack\", re:\"ssh/login/release=SLK(12\\.0|12\\.1|12\\.2)\");\n\n script_xref(name:\"URL\", value:\"https://secure1.securityspace.com/smysecure/catid.html?in=SSA:2009-116-01\");\n\n script_tag(name:\"insight\", value:\"New cups packages are available for Slackware 12.0, 12.1, 12.2, and -current to\nfix security issues.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to the new package(s).\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update as announced\nvia advisory SSA:2009-116-01.\");\n\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-slack.inc\");\n\nreport = \"\";\nres = \"\";\n\nif((res = isslkpkgvuln(pkg:\"cups\", ver:\"1.3.10-i486-1_slack12.0\", rls:\"SLK12.0\")) != NULL) {\n report += res;\n}\nif((res = isslkpkgvuln(pkg:\"cups\", ver:\"1.3.10-i486-1_slack12.1\", rls:\"SLK12.1\")) != NULL) {\n report += res;\n}\nif((res = isslkpkgvuln(pkg:\"cups\", ver:\"1.3.10-i486-1_slack12.2\", rls:\"SLK12.2\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2017-07-24T12:51:14", "description": "The remote host is missing an update as announced\nvia advisory SSA:2009-116-01.", "cvss3": {}, "published": "2012-09-11T00:00:00", "type": "openvas", "title": "Slackware Advisory SSA:2009-116-01 cups", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-0164", "CVE-2009-0166", "CVE-2009-0147", "CVE-2009-0146", "CVE-2009-0163"], "modified": "2017-07-07T00:00:00", "id": "OPENVAS:63893", "href": "http://plugins.openvas.org/nasl.php?oid=63893", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: esoft_slk_ssa_2009_116_01.nasl 6598 2017-07-07 09:36:44Z cfischer $\n# Description: Auto-generated from the corresponding slackware advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"New cups packages are available for Slackware 12.0, 12.1, 12.2, and -current to\nfix security issues.\";\ntag_summary = \"The remote host is missing an update as announced\nvia advisory SSA:2009-116-01.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=SSA:2009-116-01\";\n \nif(description)\n{\n script_id(63893);\n script_tag(name:\"creation_date\", value:\"2012-09-11 01:34:21 +0200 (Tue, 11 Sep 2012)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 11:36:44 +0200 (Fri, 07 Jul 2017) $\");\n script_cve_id(\"CVE-2009-0146\", \"CVE-2009-0147\", \"CVE-2009-0163\", \"CVE-2009-0164\", \"CVE-2009-0166\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_version(\"$Revision: 6598 $\");\n name = \"Slackware Advisory SSA:2009-116-01 cups \";\n script_name(name);\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Slackware Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/slackware_linux\", \"ssh/login/slackpack\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-slack.inc\");\nvuln = 0;\nif(isslkpkgvuln(pkg:\"cups\", ver:\"1.3.10-i486-1_slack12.0\", rls:\"SLK12.0\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"cups\", ver:\"1.3.10-i486-1_slack12.1\", rls:\"SLK12.1\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"cups\", ver:\"1.3.10-i486-1_slack12.2\", rls:\"SLK12.2\")) {\n vuln = 1;\n}\n\nif(vuln) {\n security_message(0);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-24T12:56:53", "description": "The remote host is missing updates announced in\nadvisory GLSA 200904-20.", "cvss3": {}, "published": "2009-04-28T00:00:00", "type": "openvas", "title": "Gentoo Security Advisory GLSA 200904-20 (cups)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-0164", "CVE-2009-0166", "CVE-2009-0147", "CVE-2009-0146", "CVE-2009-0163"], "modified": "2017-07-07T00:00:00", "id": "OPENVAS:63892", "href": "http://plugins.openvas.org/nasl.php?oid=63892", "sourceData": "#\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from Gentoo's XML based advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Multiple errors in CUPS might allow for the remote execution of arbitrary\n code or DNS rebinding attacks.\";\ntag_solution = \"All CUPS users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=net-print/cups-1.3.10'\n\nhttp://www.securityspace.com/smysecure/catid.html?in=GLSA%20200904-20\nhttp://bugs.gentoo.org/show_bug.cgi?id=263070\";\ntag_summary = \"The remote host is missing updates announced in\nadvisory GLSA 200904-20.\";\n\n \n \n\nif(description)\n{\n script_id(63892);\n script_version(\"$Revision: 6595 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 11:19:55 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-04-28 20:40:12 +0200 (Tue, 28 Apr 2009)\");\n script_cve_id(\"CVE-2009-0146\", \"CVE-2009-0147\", \"CVE-2009-0163\", \"CVE-2009-0164\", \"CVE-2009-0166\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_name(\"Gentoo Security Advisory GLSA 200904-20 (cups)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Gentoo Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-gentoo.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = ispkgvuln(pkg:\"net-print/cups\", unaffected: make_list(\"ge 1.3.10\"), vulnerable: make_list(\"lt 1.3.10\"))) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-02T21:14:15", "description": "The remote host is missing an update to the system\nas announced in the referenced advisory.", "cvss3": {}, "published": "2009-05-11T00:00:00", "type": "openvas", "title": "FreeBSD Ports: cups-base", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-0164", "CVE-2009-0166", "CVE-2009-0147", "CVE-2009-0146", "CVE-2009-0163"], "modified": "2016-12-21T00:00:00", "id": "OPENVAS:63967", "href": "http://plugins.openvas.org/nasl.php?oid=63967", "sourceData": "#\n#VID 736e55bc-39bb-11de-a493-001b77d09812\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from VID 736e55bc-39bb-11de-a493-001b77d09812\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The following package is affected: cups-base\n\nCVE-2009-0163\nInteger overflow in the TIFF image decoding routines in CUPS 1.3.9 and\nearlier allows remote attackers to cause a denial of service (daemon\ncrash) and possibly execute arbitrary code via a crafted TIFF image,\nwhich is not properly handled by the (1) _cupsImageReadTIFF function\nin the imagetops filter and (2) imagetoraster filter, leading to a\nheap-based buffer overflow.\n\nCVE-2009-0164\nThe web interface for CUPS before 1.3.10 does not validate the HTTP\nHost header in a client request, which makes it easier for remote\nattackers to conduct DNS rebinding attacks.\n\nCVE-2009-0146\nMultiple buffer overflows in the JBIG2 decoder in Xpdf 3.02pl2 and\nearlier, CUPS 1.3.9 and earlier, and other products allow remote\nattackers to cause a denial of service (crash) via a crafted PDF file,\nrelated to (1) JBIG2SymbolDict::setBitmap and (2)\nJBIG2Stream::readSymbolDictSeg.\n\nCVE-2009-0147\nMultiple integer overflows in the JBIG2 decoder in Xpdf 3.02pl2 and\nearlier, CUPS 1.3.9 and earlier, and other products allow remote\nattackers to cause a denial of service (crash) via a crafted PDF file,\nrelated to (1) JBIG2Stream::readSymbolDictSeg, (2)\nJBIG2Stream::readSymbolDictSeg, and (3)\nJBIG2Stream::readGenericBitmap.\n\nCVE-2009-0166\nThe JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier,\nand other products allows remote attackers to cause a denial of\nservice (crash) via a crafted PDF file that triggers a free of\nuninitialized memory.\";\ntag_solution = \"Update your system with the appropriate patches or\nsoftware upgrades.\n\nhttp://www.cups.org/articles.php?L582\nhttp://www.vuxml.org/freebsd/736e55bc-39bb-11de-a493-001b77d09812.html\";\ntag_summary = \"The remote host is missing an update to the system\nas announced in the referenced advisory.\";\n\n\n\nif(description)\n{\n script_id(63967);\n script_version(\"$Revision: 4824 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2016-12-21 09:49:38 +0100 (Wed, 21 Dec 2016) $\");\n script_tag(name:\"creation_date\", value:\"2009-05-11 20:24:31 +0200 (Mon, 11 May 2009)\");\n script_cve_id(\"CVE-2009-0163\", \"CVE-2009-0164\", \"CVE-2009-0146\", \"CVE-2009-0147\", \"CVE-2009-0166\");\n script_bugtraq_id(34571,34665,34568);\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_name(\"FreeBSD Ports: cups-base\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"FreeBSD Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/freebsdrel\", \"login/SSH/success\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-bsd.inc\");\n\ntxt = \"\";\nvuln = 0;\nbver = portver(pkg:\"cups-base\");\nif(!isnull(bver) && revcomp(a:bver, b:\"1.3.10\")<0) {\n txt += 'Package cups-base version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\n\nif(vuln) {\n security_message(data:string(txt));\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-04-06T11:39:38", "description": "The remote host is missing updates announced in\nadvisory GLSA 200904-20.", "cvss3": {}, "published": "2009-04-28T00:00:00", "type": "openvas", "title": "Gentoo Security Advisory GLSA 200904-20 (cups)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-0164", "CVE-2009-0166", "CVE-2009-0147", "CVE-2009-0146", "CVE-2009-0163"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:136141256231063892", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231063892", "sourceData": "#\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from Gentoo's XML based advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Multiple errors in CUPS might allow for the remote execution of arbitrary\n code or DNS rebinding attacks.\";\ntag_solution = \"All CUPS users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=net-print/cups-1.3.10'\n\nhttp://www.securityspace.com/smysecure/catid.html?in=GLSA%20200904-20\nhttp://bugs.gentoo.org/show_bug.cgi?id=263070\";\ntag_summary = \"The remote host is missing updates announced in\nadvisory GLSA 200904-20.\";\n\n \n \n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.63892\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-04-28 20:40:12 +0200 (Tue, 28 Apr 2009)\");\n script_cve_id(\"CVE-2009-0146\", \"CVE-2009-0147\", \"CVE-2009-0163\", \"CVE-2009-0164\", \"CVE-2009-0166\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_name(\"Gentoo Security Advisory GLSA 200904-20 (cups)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Gentoo Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-gentoo.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = ispkgvuln(pkg:\"net-print/cups\", unaffected: make_list(\"ge 1.3.10\"), vulnerable: make_list(\"lt 1.3.10\"))) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-04-06T11:40:13", "description": "The remote host is missing an update to the system\nas announced in the referenced advisory.", "cvss3": {}, "published": "2009-05-11T00:00:00", "type": "openvas", "title": "FreeBSD Ports: cups-base", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-0164", "CVE-2009-0166", "CVE-2009-0147", "CVE-2009-0146", "CVE-2009-0163"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:136141256231063967", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231063967", "sourceData": "#\n#VID 736e55bc-39bb-11de-a493-001b77d09812\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from VID 736e55bc-39bb-11de-a493-001b77d09812\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The following package is affected: cups-base\n\nCVE-2009-0163\nInteger overflow in the TIFF image decoding routines in CUPS 1.3.9 and\nearlier allows remote attackers to cause a denial of service (daemon\ncrash) and possibly execute arbitrary code via a crafted TIFF image,\nwhich is not properly handled by the (1) _cupsImageReadTIFF function\nin the imagetops filter and (2) imagetoraster filter, leading to a\nheap-based buffer overflow.\n\nCVE-2009-0164\nThe web interface for CUPS before 1.3.10 does not validate the HTTP\nHost header in a client request, which makes it easier for remote\nattackers to conduct DNS rebinding attacks.\n\nCVE-2009-0146\nMultiple buffer overflows in the JBIG2 decoder in Xpdf 3.02pl2 and\nearlier, CUPS 1.3.9 and earlier, and other products allow remote\nattackers to cause a denial of service (crash) via a crafted PDF file,\nrelated to (1) JBIG2SymbolDict::setBitmap and (2)\nJBIG2Stream::readSymbolDictSeg.\n\nCVE-2009-0147\nMultiple integer overflows in the JBIG2 decoder in Xpdf 3.02pl2 and\nearlier, CUPS 1.3.9 and earlier, and other products allow remote\nattackers to cause a denial of service (crash) via a crafted PDF file,\nrelated to (1) JBIG2Stream::readSymbolDictSeg, (2)\nJBIG2Stream::readSymbolDictSeg, and (3)\nJBIG2Stream::readGenericBitmap.\n\nCVE-2009-0166\nThe JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier,\nand other products allows remote attackers to cause a denial of\nservice (crash) via a crafted PDF file that triggers a free of\nuninitialized memory.\";\ntag_solution = \"Update your system with the appropriate patches or\nsoftware upgrades.\n\nhttp://www.cups.org/articles.php?L582\nhttp://www.vuxml.org/freebsd/736e55bc-39bb-11de-a493-001b77d09812.html\";\ntag_summary = \"The remote host is missing an update to the system\nas announced in the referenced advisory.\";\n\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.63967\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-05-11 20:24:31 +0200 (Mon, 11 May 2009)\");\n script_cve_id(\"CVE-2009-0163\", \"CVE-2009-0164\", \"CVE-2009-0146\", \"CVE-2009-0147\", \"CVE-2009-0166\");\n script_bugtraq_id(34571,34665,34568);\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_name(\"FreeBSD Ports: cups-base\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"FreeBSD Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/freebsdrel\", \"login/SSH/success\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-bsd.inc\");\n\ntxt = \"\";\nvuln = 0;\nbver = portver(pkg:\"cups-base\");\nif(!isnull(bver) && revcomp(a:bver, b:\"1.3.10\")<0) {\n txt += 'Package cups-base version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\n\nif(vuln) {\n security_message(data:string(txt));\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-04-06T11:37:38", "description": "The remote host is missing an update to ntp\nannounced via advisory FEDORA-2009-0547.", "cvss3": {}, "published": "2009-01-26T00:00:00", "type": "openvas", "title": "Fedora Core 9 FEDORA-2009-0547 (ntp)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-0021", "CVE-2008-5077"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:136141256231063266", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231063266", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: fcore_2009_0547.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory FEDORA-2009-0547 (ntp)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Update Information:\n\nThis update fixes CVE-2009-0021: NTP 4.2.4 before 4.2.4p5 and 4.2.5 before\n4.2.5p150 does not properly check the return value from the OpenSSL\nEVP_VerifyFinal function, which allows remote attackers to bypass validation of\nthe certificate chain via a malformed SSL/TLS signature for DSA and ECDSA keys,\na similar vulnerability to CVE-2008-5077.\n\nChangeLog:\n\n* Mon Jan 12 2009 Miroslav Lichvar 4.2.4p6-1.fc9\n- update to 4.2.4p6 (CVE-2009-0021)\";\ntag_solution = \"Apply the appropriate updates.\n\nThis update can be installed with the yum update program. Use \nsu -c 'yum update ntp' at the command line.\nFor more information, refer to Managing Software with yum,\navailable at http://docs.fedoraproject.org/yum/.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2009-0547\";\ntag_summary = \"The remote host is missing an update to ntp\nannounced via advisory FEDORA-2009-0547.\";\n\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.63266\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-01-26 18:18:20 +0100 (Mon, 26 Jan 2009)\");\n script_cve_id(\"CVE-2009-0021\", \"CVE-2008-5077\");\n script_tag(name:\"cvss_base\", value:\"5.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:P\");\n script_name(\"Fedora Core 9 FEDORA-2009-0547 (ntp)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=476807\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"ntp\", rpm:\"ntp~4.2.4p6~1.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"ntp-perl\", rpm:\"ntp-perl~4.2.4p6~1.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"ntpdate\", rpm:\"ntpdate~4.2.4p6~1.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"ntp-debuginfo\", rpm:\"ntp-debuginfo~4.2.4p6~1.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 5.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-04-06T11:39:07", "description": "The remote host is missing updates announced in\nadvisory GLSA 200904-05.", "cvss3": {}, "published": "2009-04-06T00:00:00", "type": "openvas", "title": "Gentoo Security Advisory GLSA 200904-05 (ntp)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-0021", "CVE-2008-5077"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:136141256231063743", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231063743", "sourceData": "#\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from Gentoo's XML based advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"An error in the OpenSSL certificate chain validation in ntp might allow for\nspoofing attacks.\";\ntag_solution = \"All ntp users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=net-misc/ntp-4.2.4_p6'\n\nhttp://www.securityspace.com/smysecure/catid.html?in=GLSA%20200904-05\nhttp://bugs.gentoo.org/show_bug.cgi?id=254098\nhttp://www.gentoo.org/security/en/glsa/glsa-200902-02.xml\";\ntag_summary = \"The remote host is missing updates announced in\nadvisory GLSA 200904-05.\";\n\n \n \n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.63743\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-04-06 20:58:11 +0200 (Mon, 06 Apr 2009)\");\n script_cve_id(\"CVE-2008-5077\", \"CVE-2009-0021\");\n script_tag(name:\"cvss_base\", value:\"5.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:P\");\n script_name(\"Gentoo Security Advisory GLSA 200904-05 (ntp)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Gentoo Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-gentoo.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = ispkgvuln(pkg:\"net-misc/ntp\", unaffected: make_list(\"ge 4.2.4_p6\"), vulnerable: make_list(\"lt 4.2.4_p6\"))) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 5.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-04-06T11:39:27", "description": "The remote host is missing an update to ntp\nannounced via advisory FEDORA-2009-0544.", "cvss3": {}, "published": "2009-01-26T00:00:00", "type": "openvas", "title": "Fedora Core 10 FEDORA-2009-0544 (ntp)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-0021", "CVE-2008-5077"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:136141256231063267", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231063267", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: fcore_2009_0544.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory FEDORA-2009-0544 (ntp)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Update Information:\n\nThis update fixes CVE-2009-0021: NTP 4.2.4 before 4.2.4p5 and 4.2.5 before\n4.2.5p150 does not properly check the return value from the OpenSSL\nEVP_VerifyFinal function, which allows remote attackers to bypass validation of\nthe certificate chain via a malformed SSL/TLS signature for DSA and ECDSA keys,\na similar vulnerability to CVE-2008-5077.\n\nChangeLog:\n\n* Mon Jan 12 2009 Miroslav Lichvar 4.2.4p6-1\n- update to 4.2.4p6 (CVE-2009-0021)\";\ntag_solution = \"Apply the appropriate updates.\n\nThis update can be installed with the yum update program. Use \nsu -c 'yum update ntp' at the command line.\nFor more information, refer to Managing Software with yum,\navailable at http://docs.fedoraproject.org/yum/.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2009-0544\";\ntag_summary = \"The remote host is missing an update to ntp\nannounced via advisory FEDORA-2009-0544.\";\n\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.63267\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-01-26 18:18:20 +0100 (Mon, 26 Jan 2009)\");\n script_cve_id(\"CVE-2009-0021\", \"CVE-2008-5077\");\n script_tag(name:\"cvss_base\", value:\"5.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:P\");\n script_name(\"Fedora Core 10 FEDORA-2009-0544 (ntp)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=476807\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"ntp\", rpm:\"ntp~4.2.4p6~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"ntp-perl\", rpm:\"ntp-perl~4.2.4p6~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"ntpdate\", rpm:\"ntpdate~4.2.4p6~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"ntp-debuginfo\", rpm:\"ntp-debuginfo~4.2.4p6~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 5.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:38:57", "description": "The remote host is missing an update as announced\nvia advisory SSA:2009-014-03.", "cvss3": {}, "published": "2012-09-11T00:00:00", "type": "openvas", "title": "Slackware Advisory SSA:2009-014-03 ntp", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-0021", "CVE-2008-5077"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:136141256231063230", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231063230", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: esoft_slk_ssa_2009_014_03.nasl 14202 2019-03-15 09:16:15Z cfischer $\n# Description: Auto-generated from the corresponding slackware advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.63230\");\n script_tag(name:\"creation_date\", value:\"2012-09-11 01:34:21 +0200 (Tue, 11 Sep 2012)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 10:16:15 +0100 (Fri, 15 Mar 2019) $\");\n script_cve_id(\"CVE-2009-0021\", \"CVE-2008-5077\");\n script_tag(name:\"cvss_base\", value:\"5.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:P\");\n script_version(\"$Revision: 14202 $\");\n script_name(\"Slackware Advisory SSA:2009-014-03 ntp\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Slackware Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/slackware_linux\", \"ssh/login/slackpack\", re:\"ssh/login/release=SLK(8\\.1|9\\.0|9\\.1|10\\.0|10\\.1|10\\.2|11\\.0|12\\.0|12\\.1|12\\.2)\");\n\n script_xref(name:\"URL\", value:\"https://secure1.securityspace.com/smysecure/catid.html?in=SSA:2009-014-03\");\n\n script_tag(name:\"insight\", value:\"New ntp packages are available for Slackware 8.1, 9.0, 9.1, 10.0, 10.1, 10.2,\n11.0, 12.0, 12.1, 12.2, and -current to a fix security issue.\n\nMore details about this issue is linked in the references.\");\n\n script_xref(name:\"URL\", value:\"https://lists.ntp.org/pipermail/announce/2009-January/000055.html\");\n script_xref(name:\"URL\", value:\"http://www.ocert.org/advisories/ocert-2008-016.html\");\n\n script_tag(name:\"solution\", value:\"Upgrade to the new package(s).\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update as announced\nvia advisory SSA:2009-014-03.\");\n\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-slack.inc\");\n\nreport = \"\";\nres = \"\";\n\nif((res = isslkpkgvuln(pkg:\"ntp\", ver:\"4.2.4p6-i386-1_slack8.1\", rls:\"SLK8.1\")) != NULL) {\n report += res;\n}\nif((res = isslkpkgvuln(pkg:\"ntp\", ver:\"4.2.4p6-i386-1_slack9.0\", rls:\"SLK9.0\")) != NULL) {\n report += res;\n}\nif((res = isslkpkgvuln(pkg:\"ntp\", ver:\"4.2.4p6-i486-1_slack9.1\", rls:\"SLK9.1\")) != NULL) {\n report += res;\n}\nif((res = isslkpkgvuln(pkg:\"ntp\", ver:\"4.2.4p6-i486-1_slack10.0\", rls:\"SLK10.0\")) != NULL) {\n report += res;\n}\nif((res = isslkpkgvuln(pkg:\"ntp\", ver:\"4.2.4p6-i486-1_slack10.1\", rls:\"SLK10.1\")) != NULL) {\n report += res;\n}\nif((res = isslkpkgvuln(pkg:\"ntp\", ver:\"4.2.4p6-i486-1_slack10.2\", rls:\"SLK10.2\")) != NULL) {\n report += res;\n}\nif((res = isslkpkgvuln(pkg:\"ntp\", ver:\"4.2.4p6-i486-1_slack11.0\", rls:\"SLK11.0\")) != NULL) {\n report += res;\n}\nif((res = isslkpkgvuln(pkg:\"ntp\", ver:\"4.2.4p6-i486-1_slack12.0\", rls:\"SLK12.0\")) != NULL) {\n report += res;\n}\nif((res = isslkpkgvuln(pkg:\"ntp\", ver:\"4.2.4p6-i486-1_slack12.1\", rls:\"SLK12.1\")) != NULL) {\n report += res;\n}\nif((res = isslkpkgvuln(pkg:\"ntp\", ver:\"4.2.4p6-i486-1_slack12.2\", rls:\"SLK12.2\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:P"}}, {"lastseen": "2017-07-25T10:56:48", "description": "The remote host is missing an update to ntp\nannounced via advisory FEDORA-2009-0544.", "cvss3": {}, "published": "2009-01-26T00:00:00", "type": "openvas", "title": "Fedora Core 10 FEDORA-2009-0544 (ntp)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-0021", "CVE-2008-5077"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:63267", "href": "http://plugins.openvas.org/nasl.php?oid=63267", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: fcore_2009_0544.nasl 6624 2017-07-10 06:11:55Z cfischer $\n# Description: Auto-generated from advisory FEDORA-2009-0544 (ntp)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Update Information:\n\nThis update fixes CVE-2009-0021: NTP 4.2.4 before 4.2.4p5 and 4.2.5 before\n4.2.5p150 does not properly check the return value from the OpenSSL\nEVP_VerifyFinal function, which allows remote attackers to bypass validation of\nthe certificate chain via a malformed SSL/TLS signature for DSA and ECDSA keys,\na similar vulnerability to CVE-2008-5077.\n\nChangeLog:\n\n* Mon Jan 12 2009 Miroslav Lichvar 4.2.4p6-1\n- update to 4.2.4p6 (CVE-2009-0021)\";\ntag_solution = \"Apply the appropriate updates.\n\nThis update can be installed with the yum update program. Use \nsu -c 'yum update ntp' at the command line.\nFor more information, refer to Managing Software with yum,\navailable at http://docs.fedoraproject.org/yum/.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2009-0544\";\ntag_summary = \"The remote host is missing an update to ntp\nannounced via advisory FEDORA-2009-0544.\";\n\n\n\nif(description)\n{\n script_id(63267);\n script_version(\"$Revision: 6624 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:11:55 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-01-26 18:18:20 +0100 (Mon, 26 Jan 2009)\");\n script_cve_id(\"CVE-2009-0021\", \"CVE-2008-5077\");\n script_tag(name:\"cvss_base\", value:\"5.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:P\");\n script_name(\"Fedora Core 10 FEDORA-2009-0544 (ntp)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=476807\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"ntp\", rpm:\"ntp~4.2.4p6~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"ntp-perl\", rpm:\"ntp-perl~4.2.4p6~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"ntpdate\", rpm:\"ntpdate~4.2.4p6~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"ntp-debuginfo\", rpm:\"ntp-debuginfo~4.2.4p6~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 5.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-24T12:56:43", "description": "The remote host is missing updates announced in\nadvisory GLSA 200904-05.", "cvss3": {}, "published": "2009-04-06T00:00:00", "type": "openvas", "title": "Gentoo Security Advisory GLSA 200904-05 (ntp)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-0021", "CVE-2008-5077"], "modified": "2017-07-07T00:00:00", "id": "OPENVAS:63743", "href": "http://plugins.openvas.org/nasl.php?oid=63743", "sourceData": "#\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from Gentoo's XML based advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"An error in the OpenSSL certificate chain validation in ntp might allow for\nspoofing attacks.\";\ntag_solution = \"All ntp users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=net-misc/ntp-4.2.4_p6'\n\nhttp://www.securityspace.com/smysecure/catid.html?in=GLSA%20200904-05\nhttp://bugs.gentoo.org/show_bug.cgi?id=254098\nhttp://www.gentoo.org/security/en/glsa/glsa-200902-02.xml\";\ntag_summary = \"The remote host is missing updates announced in\nadvisory GLSA 200904-05.\";\n\n \n \n\nif(description)\n{\n script_id(63743);\n script_version(\"$Revision: 6595 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 11:19:55 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-04-06 20:58:11 +0200 (Mon, 06 Apr 2009)\");\n script_cve_id(\"CVE-2008-5077\", \"CVE-2009-0021\");\n script_tag(name:\"cvss_base\", value:\"5.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:P\");\n script_name(\"Gentoo Security Advisory GLSA 200904-05 (ntp)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Gentoo Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-gentoo.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = ispkgvuln(pkg:\"net-misc/ntp\", unaffected: make_list(\"ge 4.2.4_p6\"), vulnerable: make_list(\"lt 4.2.4_p6\"))) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 5.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-24T12:50:42", "description": "The remote host is missing an update as announced\nvia advisory SSA:2009-014-03.", "cvss3": {}, "published": "2012-09-11T00:00:00", "type": "openvas", "title": "Slackware Advisory SSA:2009-014-03 ntp", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-0021", "CVE-2008-5077"], "modified": "2017-07-07T00:00:00", "id": "OPENVAS:63230", "href": "http://plugins.openvas.org/nasl.php?oid=63230", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: esoft_slk_ssa_2009_014_03.nasl 6598 2017-07-07 09:36:44Z cfischer $\n# Description: Auto-generated from the corresponding slackware advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"New ntp packages are available for Slackware 8.1, 9.0, 9.1, 10.0, 10.1, 10.2,\n11.0, 12.0, 12.1, 12.2, and -current to a fix security issue.\n\nMore details about this issue may be found here:\nhttps://lists.ntp.org/pipermail/announce/2009-January/000055.html\nhttp://www.ocert.org/advisories/ocert-2008-016.html\";\ntag_summary = \"The remote host is missing an update as announced\nvia advisory SSA:2009-014-03.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=SSA:2009-014-03\";\n \nif(description)\n{\n script_id(63230);\n script_tag(name:\"creation_date\", value:\"2012-09-11 01:34:21 +0200 (Tue, 11 Sep 2012)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 11:36:44 +0200 (Fri, 07 Jul 2017) $\");\n script_cve_id(\"CVE-2009-0021\", \"CVE-2008-5077\");\n script_tag(name:\"cvss_base\", value:\"5.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:P\");\n script_version(\"$Revision: 6598 $\");\n name = \"Slackware Advisory SSA:2009-014-03 ntp \";\n script_name(name);\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Slackware Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/slackware_linux\", \"ssh/login/slackpack\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-slack.inc\");\nvuln = 0;\nif(isslkpkgvuln(pkg:\"ntp\", ver:\"4.2.4p6-i386-1_slack8.1\", rls:\"SLK8.1\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"ntp\", ver:\"4.2.4p6-i386-1_slack9.0\", rls:\"SLK9.0\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"ntp\", ver:\"4.2.4p6-i486-1_slack9.1\", rls:\"SLK9.1\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"ntp\", ver:\"4.2.4p6-i486-1_slack10.0\", rls:\"SLK10.0\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"ntp\", ver:\"4.2.4p6-i486-1_slack10.1\", rls:\"SLK10.1\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"ntp\", ver:\"4.2.4p6-i486-1_slack10.2\", rls:\"SLK10.2\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"ntp\", ver:\"4.2.4p6-i486-1_slack11.0\", rls:\"SLK11.0\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"ntp\", ver:\"4.2.4p6-i486-1_slack12.0\", rls:\"SLK12.0\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"ntp\", ver:\"4.2.4p6-i486-1_slack12.1\", rls:\"SLK12.1\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"ntp\", ver:\"4.2.4p6-i486-1_slack12.2\", rls:\"SLK12.2\")) {\n vuln = 1;\n}\n\nif(vuln) {\n security_message(0);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 5.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-25T10:56:11", "description": "The remote host is missing an update to ntp\nannounced via advisory FEDORA-2009-0547.", "cvss3": {}, "published": "2009-01-26T00:00:00", "type": "openvas", "title": "Fedora Core 9 FEDORA-2009-0547 (ntp)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-0021", "CVE-2008-5077"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:63266", "href": "http://plugins.openvas.org/nasl.php?oid=63266", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: fcore_2009_0547.nasl 6624 2017-07-10 06:11:55Z cfischer $\n# Description: Auto-generated from advisory FEDORA-2009-0547 (ntp)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Update Information:\n\nThis update fixes CVE-2009-0021: NTP 4.2.4 before 4.2.4p5 and 4.2.5 before\n4.2.5p150 does not properly check the return value from the OpenSSL\nEVP_VerifyFinal function, which allows remote attackers to bypass validation of\nthe certificate chain via a malformed SSL/TLS signature for DSA and ECDSA keys,\na similar vulnerability to CVE-2008-5077.\n\nChangeLog:\n\n* Mon Jan 12 2009 Miroslav Lichvar 4.2.4p6-1.fc9\n- update to 4.2.4p6 (CVE-2009-0021)\";\ntag_solution = \"Apply the appropriate updates.\n\nThis update can be installed with the yum update program. Use \nsu -c 'yum update ntp' at the command line.\nFor more information, refer to Managing Software with yum,\navailable at http://docs.fedoraproject.org/yum/.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2009-0547\";\ntag_summary = \"The remote host is missing an update to ntp\nannounced via advisory FEDORA-2009-0547.\";\n\n\n\nif(description)\n{\n script_id(63266);\n script_version(\"$Revision: 6624 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:11:55 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-01-26 18:18:20 +0100 (Mon, 26 Jan 2009)\");\n script_cve_id(\"CVE-2009-0021\", \"CVE-2008-5077\");\n script_tag(name:\"cvss_base\", value:\"5.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:P\");\n script_name(\"Fedora Core 9 FEDORA-2009-0547 (ntp)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=476807\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"ntp\", rpm:\"ntp~4.2.4p6~1.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"ntp-perl\", rpm:\"ntp-perl~4.2.4p6~1.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"ntpdate\", rpm:\"ntpdate~4.2.4p6~1.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"ntp-debuginfo\", rpm:\"ntp-debuginfo~4.2.4p6~1.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 5.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-04-09T11:41:46", "description": "Check for the Version of Kerberos", "cvss3": {}, "published": "2009-08-03T00:00:00", "type": "openvas", "title": "HP-UX Update for Kerberos HPSBUX02421", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-0847", "CVE-2009-0846"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:1361412562310835203", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310835203", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# HP-UX Update for Kerberos HPSBUX02421\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_impact = \"Remote Denial of Service (DoS) and execution of arbitrary code\";\ntag_affected = \"Kerberos on\n HP-UX B.11.11 running the Kerberos Client software versions prior to \n 1.3.5.09. HP-UX B.11.23 and B.11.31 running the Kerberos Client software \n versions prior to 1.6.2.\";\ntag_insight = \"Potential security vulnerabilities have been identified on HP-UX running \n Kerberos. These vulnerabilities could be exploited by remote unauthenticated \n users to create a Denial of Service (DoS) or to execute arbitrary code.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://www11.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c01717795-1\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.835203\");\n script_version(\"$Revision: 9370 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:53:14 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-08-03 07:06:49 +0200 (Mon, 03 Aug 2009)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"HPSBUX\", value: \"02421\");\n script_cve_id(\"CVE-2009-0846\", \"CVE-2009-0847\");\n script_name(\"HP-UX Update for Kerberos HPSBUX02421\");\n\n script_tag(name:\"summary\", value:\"Check for the Version of Kerberos\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"HP-UX Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/hp_hp-ux\", \"ssh/login/release\");\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-hpux.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"HPUX11.31\")\n{\n\n if ((res = ishpuxpkgvuln(pkg:\"krb5client.KRB5-64SLIB-A\", revision:\"E.1.6.2.03\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"krb5client.KRB5-PRG-A\", revision:\"E.1.6.2.03\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"krb5client.KRB5-RUN-A\", revision:\"E.1.6.2.03\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"krb5client.KRB5-SHLIB-A\", revision:\"E.1.6.2.03\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"krb5client.KRB5IA32SLIB-A\", revision:\"E.1.6.2.03\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"krb5client.KRB5IA64SLIB-A\", revision:\"E.1.6.2.03\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"HPUX11.23\")\n{\n\n if ((res = ishpuxpkgvuln(pkg:\"krb5client.KRB5-64SLIB-A\", revision:\"D.1.6.2.01\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"krb5client.KRB5-PRG-A\", revision:\"D.1.6.2.01\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"krb5client.KRB5-RUN-A\", revision:\"D.1.6.2.01\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"krb5client.KRB5-SHLIB-A\", revision:\"D.1.6.2.01\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"krb5client.KRB5IA32SLIB-A\", revision:\"D.1.6.2.01\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"krb5client.KRB5IA64SLIB-A\", revision:\"D.1.6.2.01\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"HPUX11.11\")\n{\n\n if ((res = ishpuxpkgvuln(pkg:\"krb5client.KRB5-64SLIB-A\", revision:\"C.1.3.5.09\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"krb5client.KRB5-PRG-A\", revision:\"C.1.3.5.09\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"krb5client.KRB5-RUN-A\", revision:\"C.1.3.5.09\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"krb5client.KRB5-SHLIB-A\", revision:\"C.1.3.5.09\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-24T12:57:13", "description": "Check for the Version of Kerberos", "cvss3": {}, "published": "2009-08-03T00:00:00", "type": "openvas", "title": "HP-UX Update for Kerberos HPSBUX02421", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-0847", "CVE-2009-0846"], "modified": "2017-07-06T00:00:00", "id": "OPENVAS:835203", "href": "http://plugins.openvas.org/nasl.php?oid=835203", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# HP-UX Update for Kerberos HPSBUX02421\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_impact = \"Remote Denial of Service (DoS) and execution of arbitrary code\";\ntag_affected = \"Kerberos on\n HP-UX B.11.11 running the Kerberos Client software versions prior to \n 1.3.5.09. HP-UX B.11.23 and B.11.31 running the Kerberos Client software \n versions prior to 1.6.2.\";\ntag_insight = \"Potential security vulnerabilities have been identified on HP-UX running \n Kerberos. These vulnerabilities could be exploited by remote unauthenticated \n users to create a Denial of Service (DoS) or to execute arbitrary code.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://www11.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c01717795-1\");\n script_id(835203);\n script_version(\"$Revision: 6584 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-06 16:13:23 +0200 (Thu, 06 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-08-03 07:06:49 +0200 (Mon, 03 Aug 2009)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"HPSBUX\", value: \"02421\");\n script_cve_id(\"CVE-2009-0846\", \"CVE-2009-0847\");\n script_name(\"HP-UX Update for Kerberos HPSBUX02421\");\n\n script_summary(\"Check for the Version of Kerberos\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"HP-UX Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/hp_hp-ux\", \"ssh/login/release\");\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-hpux.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"HPUX11.31\")\n{\n\n if ((res = ishpuxpkgvuln(pkg:\"krb5client.KRB5-64SLIB-A\", revision:\"E.1.6.2.03\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"krb5client.KRB5-PRG-A\", revision:\"E.1.6.2.03\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"krb5client.KRB5-RUN-A\", revision:\"E.1.6.2.03\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"krb5client.KRB5-SHLIB-A\", revision:\"E.1.6.2.03\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"krb5client.KRB5IA32SLIB-A\", revision:\"E.1.6.2.03\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"krb5client.KRB5IA64SLIB-A\", revision:\"E.1.6.2.03\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"HPUX11.23\")\n{\n\n if ((res = ishpuxpkgvuln(pkg:\"krb5client.KRB5-64SLIB-A\", revision:\"D.1.6.2.01\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"krb5client.KRB5-PRG-A\", revision:\"D.1.6.2.01\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"krb5client.KRB5-RUN-A\", revision:\"D.1.6.2.01\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"krb5client.KRB5-SHLIB-A\", revision:\"D.1.6.2.01\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"krb5client.KRB5IA32SLIB-A\", revision:\"D.1.6.2.01\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"krb5client.KRB5IA64SLIB-A\", revision:\"D.1.6.2.01\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"HPUX11.11\")\n{\n\n if ((res = ishpuxpkgvuln(pkg:\"krb5client.KRB5-64SLIB-A\", revision:\"C.1.3.5.09\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"krb5client.KRB5-PRG-A\", revision:\"C.1.3.5.09\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"krb5client.KRB5-RUN-A\", revision:\"C.1.3.5.09\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"krb5client.KRB5-SHLIB-A\", revision:\"C.1.3.5.09\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-06T11:37:22", "description": "The remote host is missing updates announced in\nadvisory SUSE-SA:2009:011.", "cvss3": {}, "published": "2009-03-02T00:00:00", "type": "openvas", "title": "SuSE Security Advisory SUSE-SA:2009:011 (flash-player)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-0520", "CVE-2009-0519", "CVE-2009-0521"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:136141256231063468", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231063468", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: suse_sa_2009_011.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory SUSE-SA:2009:011 (flash-player)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Specially crafted swf files could cause a buffer overflow in\nflash-player. Attackers could potentially exploit that to execute\ncode on the victim's machine (CVE-2009-0519, CVE-2009-0520,\nCVE-2009-0521).\";\ntag_solution = \"Update your system with the packages as indicated in\nthe referenced security advisory.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=SUSE-SA:2009:011\";\ntag_summary = \"The remote host is missing updates announced in\nadvisory SUSE-SA:2009:011.\";\n\n \n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.63468\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-03-02 19:11:09 +0100 (Mon, 02 Mar 2009)\");\n script_cve_id(\"CVE-2009-0519\", \"CVE-2009-0520\", \"CVE-2009-0521\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"SuSE Security Advisory SUSE-SA:2009:011 (flash-player)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"flash-player\", rpm:\"flash-player~10.0.22.87~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"flash-player\", rpm:\"flash-player~9.0.159.0~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"flash-player\", rpm:\"flash-player~9.0.159.0~0.1\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-06T11:37:29", "description": "The remote host is missing updates announced in\nadvisory RHSA-2009:0332.\n\nThe flash-plugin package contains a Firefox-compatible Adobe Flash Player\nWeb browser plug-in.\n\nMultiple input validation flaws were found in the way Flash Player\ndisplayed certain SWF (Shockwave Flash) content. An attacker could use\nthese flaws to create a specially-crafted SWF file that could cause\nflash-plugin to crash, or, possibly, execute arbitrary code when the victim\nloaded a page containing the specially-crafted SWF content. (CVE-2009-0520,\nCVE-2009-0519)\n\nIt was discovered that Adobe Flash Player had an insecure RPATH (runtime\nlibrary search path) set in the ELF (Executable and Linking Format) header.\nA local user with write access to the directory pointed to by RPATH could\nuse this flaw to execute arbitrary code with the privileges of the user\nrunning Adobe Flash Player. (CVE-2009-0521)\n\nAll users of Adobe Flash Player should install this updated package, which\nupgrades Flash Player to version 10.0.22.87.", "cvss3": {}, "published": "2009-03-02T00:00:00", "type": "openvas", "title": "RedHat Security Advisory RHSA-2009:0332", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-0520", "CVE-2009-0519", "CVE-2009-0521"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:136141256231063434", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231063434", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: RHSA_2009_0332.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory RHSA-2009:0332 ()\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates announced in\nadvisory RHSA-2009:0332.\n\nThe flash-plugin package contains a Firefox-compatible Adobe Flash Player\nWeb browser plug-in.\n\nMultiple input validation flaws were found in the way Flash Player\ndisplayed certain SWF (Shockwave Flash) content. An attacker could use\nthese flaws to create a specially-crafted SWF file that could cause\nflash-plugin to crash, or, possibly, execute arbitrary code when the victim\nloaded a page containing the specially-crafted SWF content. (CVE-2009-0520,\nCVE-2009-0519)\n\nIt was discovered that Adobe Flash Player had an insecure RPATH (runtime\nlibrary search path) set in the ELF (Executable and Linking Format) header.\nA local user with write access to the directory pointed to by RPATH could\nuse this flaw to execute arbitrary code with the privileges of the user\nrunning Adobe Flash Player. (CVE-2009-0521)\n\nAll users of Adobe Flash Player should install this updated package, which\nupgrades Flash Player to version 10.0.22.87.\";\n\ntag_solution = \"Please note that this update is available via\nRed Hat Network. To use Red Hat Network, launch the Red\nHat Update Agent with the following command: up2date\";\n\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.63434\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-03-02 19:11:09 +0100 (Mon, 02 Mar 2009)\");\n script_cve_id(\"CVE-2009-0519\", \"CVE-2009-0520\", \"CVE-2009-0521\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"RedHat Security Advisory RHSA-2009:0332\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"http://rhn.redhat.com/errata/RHSA-2009-0332.html\");\n script_xref(name : \"URL\" , value : \"http://www.redhat.com/security/updates/classification/#critical\");\n script_xref(name : \"URL\" , value : \"http://www.adobe.com/support/security/bulletins/apsb09-01.html\");\n script_xref(name : \"URL\" , value : \"http://www.adobe.com/products/flashplayer/\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"flash-plugin\", rpm:\"flash-plugin~10.0.22.87~1.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-26T08:55:14", "description": "The remote host is missing updates announced in\nadvisory SUSE-SA:2009:011.", "cvss3": {}, "published": "2009-03-02T00:00:00", "type": "openvas", "title": "SuSE Security Advisory SUSE-SA:2009:011 (flash-player)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-0520", "CVE-2009-0519", "CVE-2009-0521"], "modified": "2017-07-11T00:00:00", "id": "OPENVAS:63468", "href": "http://plugins.openvas.org/nasl.php?oid=63468", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: suse_sa_2009_011.nasl 6668 2017-07-11 13:34:29Z cfischer $\n# Description: Auto-generated from advisory SUSE-SA:2009:011 (flash-player)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Specially crafted swf files could cause a buffer overflow in\nflash-player. Attackers could potentially exploit that to execute\ncode on the victim's machine (CVE-2009-0519, CVE-2009-0520,\nCVE-2009-0521).\";\ntag_solution = \"Update your system with the packages as indicated in\nthe referenced security advisory.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=SUSE-SA:2009:011\";\ntag_summary = \"The remote host is missing updates announced in\nadvisory SUSE-SA:2009:011.\";\n\n \n\nif(description)\n{\n script_id(63468);\n script_version(\"$Revision: 6668 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-11 15:34:29 +0200 (Tue, 11 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-03-02 19:11:09 +0100 (Mon, 02 Mar 2009)\");\n script_cve_id(\"CVE-2009-0519\", \"CVE-2009-0520\", \"CVE-2009-0521\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"SuSE Security Advisory SUSE-SA:2009:011 (flash-player)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"flash-player\", rpm:\"flash-player~10.0.22.87~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"flash-player\", rpm:\"flash-player~9.0.159.0~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"flash-player\", rpm:\"flash-player~9.0.159.0~0.1\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-27T10:55:43", "description": "The remote host is missing updates announced in\nadvisory RHSA-2009:0332.\n\nThe flash-plugin package contains a Firefox-compatible Adobe Flash Player\nWeb browser plug-in.\n\nMultiple input validation flaws were found in the way Flash Player\ndisplayed certain SWF (Shockwave Flash) content. An attacker could use\nthese flaws to create a specially-crafted SWF file that could cause\nflash-plugin to crash, or, possibly, execute arbitrary code when the victim\nloaded a page containing the specially-crafted SWF content. (CVE-2009-0520,\nCVE-2009-0519)\n\nIt was discovered that Adobe Flash Player had an insecure RPATH (runtime\nlibrary search path) set in the ELF (Executable and Linking Format) header.\nA local user with write access to the directory pointed to by RPATH could\nuse this flaw to execute arbitrary code with the privileges of the user\nrunning Adobe Flash Player. (CVE-2009-0521)\n\nAll users of Adobe Flash Player should install this updated package, which\nupgrades Flash Player to version 10.0.22.87.", "cvss3": {}, "published": "2009-03-02T00:00:00", "type": "openvas", "title": "RedHat Security Advisory RHSA-2009:0332", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-0520", "CVE-2009-0519", "CVE-2009-0521"], "modified": "2017-07-12T00:00:00", "id": "OPENVAS:63434", "href": "http://plugins.openvas.org/nasl.php?oid=63434", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: RHSA_2009_0332.nasl 6683 2017-07-12 09:41:57Z cfischer $\n# Description: Auto-generated from advisory RHSA-2009:0332 ()\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates announced in\nadvisory RHSA-2009:0332.\n\nThe flash-plugin package contains a Firefox-compatible Adobe Flash Player\nWeb browser plug-in.\n\nMultiple input validation flaws were found in the way Flash Player\ndisplayed certain SWF (Shockwave Flash) content. An attacker could use\nthese flaws to create a specially-crafted SWF file that could cause\nflash-plugin to crash, or, possibly, execute arbitrary code when the victim\nloaded a page containing the specially-crafted SWF content. (CVE-2009-0520,\nCVE-2009-0519)\n\nIt was discovered that Adobe Flash Player had an insecure RPATH (runtime\nlibrary search path) set in the ELF (Executable and Linking Format) header.\nA local user with write access to the directory pointed to by RPATH could\nuse this flaw to execute arbitrary code with the privileges of the user\nrunning Adobe Flash Player. (CVE-2009-0521)\n\nAll users of Adobe Flash Player should install this updated package, which\nupgrades Flash Player to version 10.0.22.87.\";\n\ntag_solution = \"Please note that this update is available via\nRed Hat Network. To use Red Hat Network, launch the Red\nHat Update Agent with the following command: up2date\";\n\n\n\nif(description)\n{\n script_id(63434);\n script_version(\"$Revision: 6683 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-12 11:41:57 +0200 (Wed, 12 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-03-02 19:11:09 +0100 (Mon, 02 Mar 2009)\");\n script_cve_id(\"CVE-2009-0519\", \"CVE-2009-0520\", \"CVE-2009-0521\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"RedHat Security Advisory RHSA-2009:0332\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"http://rhn.redhat.com/errata/RHSA-2009-0332.html\");\n script_xref(name : \"URL\" , value : \"http://www.redhat.com/security/updates/classification/#critical\");\n script_xref(name : \"URL\" , value : \"http://www.adobe.com/support/security/bulletins/apsb09-01.html\");\n script_xref(name : \"URL\" , value : \"http://www.adobe.com/products/flashplayer/\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"flash-plugin\", rpm:\"flash-plugin~10.0.22.87~1.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-25T10:57:15", "description": "The remote host is missing an update to ntp\nannounced via advisory FEDORA-2009-5273.", "cvss3": {}, "published": "2009-06-05T00:00:00", "type": "openvas", "title": "Fedora Core 10 FEDORA-2009-5273 (ntp)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-0021", "CVE-2009-0159", "CVE-2009-1252"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:64095", "href": "http://plugins.openvas.org/nasl.php?oid=64095", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: fcore_2009_5273.nasl 6624 2017-07-10 06:11:55Z cfischer $\n# Description: Auto-generated from advisory FEDORA-2009-5273 (ntp)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Update Information:\n\nThis update fixes a denial of service issue if autokey is enabled (default is\ndisabled) and a crash in ntpq.\n\nChangeLog:\n\n* Tue May 19 2009 Miroslav Lichvar 4.2.4p7-1\n- update to 4.2.4p7 (CVE-2009-1252, CVE-2009-0159)\n- don't log STA_MODE changes\n- check status in condrestart (#481261)\n- convert COPYRIGHT to UTF-8\n* Mon Jan 12 2009 Miroslav Lichvar 4.2.4p6-1\n- update to 4.2.4p6 (CVE-2009-0021)\";\ntag_solution = \"Apply the appropriate updates.\n\nThis update can be installed with the yum update program. Use \nsu -c 'yum update ntp' at the command line.\nFor more information, refer to Managing Software with yum,\navailable at http://docs.fedoraproject.org/yum/.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2009-5273\";\ntag_summary = \"The remote host is missing an update to ntp\nannounced via advisory FEDORA-2009-5273.\";\n\n\n\nif(description)\n{\n script_id(64095);\n script_version(\"$Revision: 6624 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:11:55 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-06-05 18:04:08 +0200 (Fri, 05 Jun 2009)\");\n script_cve_id(\"CVE-2009-1252\", \"CVE-2009-0159\", \"CVE-2009-0021\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_name(\"Fedora Core 10 FEDORA-2009-5273 (ntp)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=499694\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=490617\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"ntp\", rpm:\"ntp~4.2.4p7~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"ntp-perl\", rpm:\"ntp-perl~4.2.4p7~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"ntpdate\", rpm:\"ntpdate~4.2.4p7~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"ntp-debuginfo\", rpm:\"ntp-debuginfo~4.2.4p7~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-25T10:56:23", "description": "The remote host is missing an update to ntp\nannounced via advisory FEDORA-2009-5275.", "cvss3": {}, "published": "2009-06-05T00:00:00", "type": "openvas", "title": "Fedora Core 9 FEDORA-2009-5275 (ntp)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-0021", "CVE-2009-0159", "CVE-2009-1252"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:64098", "href": "http://plugins.openvas.org/nasl.php?oid=64098", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: fcore_2009_5275.nasl 6624 2017-07-10 06:11:55Z cfischer $\n# Description: Auto-generated from advisory FEDORA-2009-5275 (ntp)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Update Information:\n\nThis update fixes a denial of service issue if autokey is enabled (default is\ndisabled) and a crash in ntpq.\n\nChangeLog:\n\n* Tue May 19 2009 Miroslav Lichvar 4.2.4p7-1.fc9\n- update to 4.2.4p7 (CVE-2009-1252, CVE-2009-0159)\n- don't log STA_MODE changes\";\ntag_solution = \"Apply the appropriate updates.\n\nThis update can be installed with the yum update program. Use \nsu -c 'yum update ntp' at the command line.\nFor more information, refer to Managing Software with yum,\navailable at http://docs.fedoraproject.org/yum/.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2009-5275\";\ntag_summary = \"The remote host is missing an update to ntp\nannounced via advisory FEDORA-2009-5275.\";\n\n\n\nif(description)\n{\n script_id(64098);\n script_version(\"$Revision: 6624 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:11:55 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-06-05 18:04:08 +0200 (Fri, 05 Jun 2009)\");\n script_cve_id(\"CVE-2009-1252\", \"CVE-2009-0159\", \"CVE-2009-0021\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_name(\"Fedora Core 9 FEDORA-2009-5275 (ntp)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=499694\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=490617\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"ntp\", rpm:\"ntp~4.2.4p7~1.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"ntp-perl\", rpm:\"ntp-perl~4.2.4p7~1.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"ntpdate\", rpm:\"ntpdate~4.2.4p7~1.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"ntp-debuginfo\", rpm:\"ntp-debuginfo~4.2.4p7~1.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-04-06T11:38:12", "description": "The remote host is missing an update to ntp\nannounced via advisory FEDORA-2009-5275.", "cvss3": {}, "published": "2009-06-05T00:00:00", "type": "openvas", "title": "Fedora Core 9 FEDORA-2009-5275 (ntp)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-0021", "CVE-2009-0159", "CVE-2009-1252"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:136141256231064098", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231064098", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: fcore_2009_5275.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory FEDORA-2009-5275 (ntp)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Update Information:\n\nThis update fixes a denial of service issue if autokey is enabled (default is\ndisabled) and a crash in ntpq.\n\nChangeLog:\n\n* Tue May 19 2009 Miroslav Lichvar 4.2.4p7-1.fc9\n- update to 4.2.4p7 (CVE-2009-1252, CVE-2009-0159)\n- don't log STA_MODE changes\";\ntag_solution = \"Apply the appropriate updates.\n\nThis update can be installed with the yum update program. Use \nsu -c 'yum update ntp' at the command line.\nFor more information, refer to Managing Software with yum,\navailable at http://docs.fedoraproject.org/yum/.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2009-5275\";\ntag_summary = \"The remote host is missing an update to ntp\nannounced via advisory FEDORA-2009-5275.\";\n\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.64098\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-06-05 18:04:08 +0200 (Fri, 05 Jun 2009)\");\n script_cve_id(\"CVE-2009-1252\", \"CVE-2009-0159\", \"CVE-2009-0021\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_name(\"Fedora Core 9 FEDORA-2009-5275 (ntp)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=499694\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=490617\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"ntp\", rpm:\"ntp~4.2.4p7~1.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"ntp-perl\", rpm:\"ntp-perl~4.2.4p7~1.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"ntpdate\", rpm:\"ntpdate~4.2.4p7~1.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"ntp-debuginfo\", rpm:\"ntp-debuginfo~4.2.4p7~1.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-04-06T11:40:43", "description": "The remote host is missing an update to ntp\nannounced via advisory FEDORA-2009-5273.", "cvss3": {}, "published": "2009-06-05T00:00:00", "type": "openvas", "title": "Fedora Core 10 FEDORA-2009-5273 (ntp)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-0021", "CVE-2009-0159", "CVE-2009-1252"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:136141256231064095", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231064095", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: fcore_2009_5273.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory FEDORA-2009-5273 (ntp)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Update Information:\n\nThis update fixes a denial of service issue if autokey is enabled (default is\ndisabled) and a crash in ntpq.\n\nChangeLog:\n\n* Tue May 19 2009 Miroslav Lichvar 4.2.4p7-1\n- update to 4.2.4p7 (CVE-2009-1252, CVE-2009-0159)\n- don't log STA_MODE changes\n- check status in condrestart (#481261)\n- convert COPYRIGHT to UTF-8\n* Mon Jan 12 2009 Miroslav Lichvar 4.2.4p6-1\n- update to 4.2.4p6 (CVE-2009-0021)\";\ntag_solution = \"Apply the appropriate updates.\n\nThis update can be installed with the yum update program. Use \nsu -c 'yum update ntp' at the command line.\nFor more information, refer to Managing Software with yum,\navailable at http://docs.fedoraproject.org/yum/.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2009-5273\";\ntag_summary = \"The remote host is missing an update to ntp\nannounced via advisory FEDORA-2009-5273.\";\n\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.64095\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-06-05 18:04:08 +0200 (Fri, 05 Jun 2009)\");\n script_cve_id(\"CVE-2009-1252\", \"CVE-2009-0159\", \"CVE-2009-0021\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_name(\"Fedora Core 10 FEDORA-2009-5273 (ntp)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=499694\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=490617\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"ntp\", rpm:\"ntp~4.2.4p7~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"ntp-perl\", rpm:\"ntp-perl~4.2.4p7~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"ntpdate\", rpm:\"ntpdate~4.2.4p7~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"ntp-debuginfo\", rpm:\"ntp-debuginfo~4.2.4p7~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-04-06T11:39:56", "description": "The remote host is missing updates to FreeType announced in\nadvisory RHSA-2009:1062.\n\nTavis Ormandy of the Google Security Team discovered several integer\noverflow flaws in the FreeType 2 font engine. If a user loaded a\ncarefully-crafted font file with an application linked against FreeType 2,\nit could cause the application to crash or, possibly, execute arbitrary\ncode with the privileges of the user running the application.\n(CVE-2009-0946)\n\nChris Evans discovered multiple integer overflow flaws in the FreeType font\nengine. If a user loaded a carefully-crafted font file with an application\nlinked against FreeType, it could cause the application to crash or,\npossibly, execute arbitrary code with the privileges of the user running\nthe application. (CVE-2006-1861)\n\nAn integer overflow flaw was found in the way the FreeType font engine\nprocessed TrueType\u00ae Font (TTF) files. If a user loaded a carefully-crafted\nfont file with an application linked against FreeType, it could cause the\napplication to crash or, possibly, execute arbitrary code with the\nprivileges of the user running the application. (CVE-2007-2754)\n\nNote: For the FreeType 2 font engine, the CVE-2006-1861 and CVE-2007-2754\nflaws were addressed via RHSA-2006:0500 and RHSA-2007:0403 respectively.\nThis update provides corresponding updates for the FreeType 1 font engine,\nincluded in the freetype packages distributed in Red Hat Enterprise Linux\n2.1.\n\nUsers are advised to upgrade to these updated packages, which contain\nbackported patches to correct these issues. The X server must be restarted\n(log out, then log back in) for this update to take effect.", "cvss3": {}, "published": "2009-05-25T00:00:00", "type": "openvas", "title": "RedHat Security Advisory RHSA-2009:1062", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-0946", "CVE-2007-2754", "CVE-2006-1861"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:136141256231064022", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231064022", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: RHSA_2009_1062.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory RHSA-2009:1062 ()\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to FreeType announced in\nadvisory RHSA-2009:1062.\n\nTavis Ormandy of the Google Security Team discovered several integer\noverflow flaws in the FreeType 2 font engine. If a user loaded a\ncarefully-crafted font file with an application linked against FreeType 2,\nit could cause the application to crash or, possibly, execute arbitrary\ncode with the privileges of the user running the application.\n(CVE-2009-0946)\n\nChris Evans discovered multiple integer overflow flaws in the FreeType font\nengine. If a user loaded a carefully-crafted font file with an application\nlinked against FreeType, it could cause the application to crash or,\npossibly, execute arbitrary code with the privileges of the user running\nthe application. (CVE-2006-1861)\n\nAn integer overflow flaw was found in the way the FreeType font engine\nprocessed TrueType\u00ae Font (TTF) files. If a user loaded a carefully-crafted\nfont file with an application linked against FreeType, it could cause the\napplication to crash or, possibly, execute arbitrary code with the\nprivileges of the user running the application. (CVE-2007-2754)\n\nNote: For the FreeType 2 font engine, the CVE-2006-1861 and CVE-2007-2754\nflaws were addressed via RHSA-2006:0500 and RHSA-2007:0403 respectively.\nThis update provides corresponding updates for the FreeType 1 font engine,\nincluded in the freetype packages distributed in Red Hat Enterprise Linux\n2.1.\n\nUsers are advised to upgrade to these updated packages, which contain\nbackported patches to correct these issues. The X server must be restarted\n(log out, then log back in) for this update to take effect.\";\n\ntag_solution = \"Please note that this update is available via\nRed Hat Network. To use Red Hat Network, launch the Red\nHat Update Agent with the following command: up2date\";\n\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.64022\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-05-25 20:59:33 +0200 (Mon, 25 May 2009)\");\n script_cve_id(\"CVE-2006-1861\", \"CVE-2007-2754\", \"CVE-2009-0946\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"RedHat Security Advisory RHSA-2009:1062\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"http://rhn.redhat.com/errata/RHSA-2009-1062.html\");\n script_xref(name : \"URL\" , value : \"http://www.redhat.com/security/updates/classification/#important\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"freetype\", rpm:\"freetype~2.0.3~17.el21\", rls:\"RHENT_2.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"freetype-devel\", rpm:\"freetype-devel~2.0.3~17.el21\", rls:\"RHENT_2.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"freetype-utils\", rpm:\"freetype-utils~2.0.3~17.el21\", rls:\"RHENT_2.1\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-27T10:56:35", "description": "The remote host is missing updates to FreeType announced in\nadvisory RHSA-2009:1062.\n\nTavis Ormandy of the Google Security Team discovered several integer\noverflow flaws in the FreeType 2 font engine. If a user loaded a\ncarefully-crafted font file with an application linked against FreeType 2,\nit could cause the application to crash or, possibly, execute arbitrary\ncode with the privileges of the user running the application.\n(CVE-2009-0946)\n\nChris Evans discovered multiple integer overflow flaws in the FreeType font\nengine. If a user loaded a carefully-crafted font file with an application\nlinked against FreeType, it could cause the application to crash or,\npossibly, execute arbitrary code with the privileges of the user running\nthe application. (CVE-2006-1861)\n\nAn integer overflow flaw was found in the way the FreeType font engine\nprocessed TrueType\u00ae Font (TTF) files. If a user loaded a carefully-crafted\nfont file with an application linked against FreeType, it could cause the\napplication to crash or, possibly, execute arbitrary code with the\nprivileges of the user running the application. (CVE-2007-2754)\n\nNote: For the FreeType 2 font engine, the CVE-2006-1861 and CVE-2007-2754\nflaws were addressed via RHSA-2006:0500 and RHSA-2007:0403 respectively.\nThis update provides corresponding updates for the FreeType 1 font engine,\nincluded in the freetype packages distributed in Red Hat Enterprise Linux\n2.1.\n\nUsers are advised to upgrade to these updated packages, which contain\nbackported patches to correct these issues. The X server must be restarted\n(log out, then log back in) for this update to take effect.", "cvss3": {}, "published": "2009-05-25T00:00:00", "type": "openvas", "title": "RedHat Security Advisory RHSA-2009:1062", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-0946", "CVE-2007-2754", "CVE-2006-1861"], "modified": "2017-07-12T00:00:00", "id": "OPENVAS:64022", "href": "http://plugins.openvas.org/nasl.php?oid=64022", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: RHSA_2009_1062.nasl 6683 2017-07-12 09:41:57Z cfischer $\n# Description: Auto-generated from advisory RHSA-2009:1062 ()\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to FreeType announced in\nadvisory RHSA-2009:1062.\n\nTavis Ormandy of the Google Security Team discovered several integer\noverflow flaws in the FreeType 2 font engine. If a user loaded a\ncarefully-crafted font file with an application linked against FreeType 2,\nit could cause the application to crash or, possibly, execute arbitrary\ncode with the privileges of the user running the application.\n(CVE-2009-0946)\n\nChris Evans discovered multiple integer overflow flaws in the FreeType font\nengine. If a user loaded a carefully-crafted font file with an application\nlinked against FreeType, it could cause the application to crash or,\npossibly, execute arbitrary code with the privileges of the user running\nthe application. (CVE-2006-1861)\n\nAn integer overflow flaw was found in the way the FreeType font engine\nprocessed TrueType\u00ae Font (TTF) files. If a user loaded a carefully-crafted\nfont file with an application linked against FreeType, it could cause the\napplication to crash or, possibly, execute arbitrary code with the\nprivileges of the user running the application. (CVE-2007-2754)\n\nNote: For the FreeType 2 font engine, the CVE-2006-1861 and CVE-2007-2754\nflaws were addressed via RHSA-2006:0500 and RHSA-2007:0403 respectively.\nThis update provides corresponding updates for the FreeType 1 font engine,\nincluded in the freetype packages distributed in Red Hat Enterprise Linux\n2.1.\n\nUsers are advised to upgrade to these updated packages, which contain\nbackported patches to correct these issues. The X server must be restarted\n(log out, then log back in) for this update to take effect.\";\n\ntag_solution = \"Please note that this update is available via\nRed Hat Network. To use Red Hat Network, launch the Red\nHat Update Agent with the following command: up2date\";\n\n\n\nif(description)\n{\n script_id(64022);\n script_version(\"$Revision: 6683 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-12 11:41:57 +0200 (Wed, 12 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-05-25 20:59:33 +0200 (Mon, 25 May 2009)\");\n script_cve_id(\"CVE-2006-1861\", \"CVE-2007-2754\", \"CVE-2009-0946\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"RedHat Security Advisory RHSA-2009:1062\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"http://rhn.redhat.com/errata/RHSA-2009-1062.html\");\n script_xref(name : \"URL\" , value : \"http://www.redhat.com/security/updates/classification/#important\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"freetype\", rpm:\"freetype~2.0.3~17.el21\", rls:\"RHENT_2.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"freetype-devel\", rpm:\"freetype-devel~2.0.3~17.el21\", rls:\"RHENT_2.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"freetype-utils\", rpm:\"freetype-utils~2.0.3~17.el21\", rls:\"RHENT_2.1\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-06T11:39:29", "description": "The remote host is missing an update to bind\nannounced via advisory MDVSA-2009:037.", "cvss3": {}, "published": "2009-02-18T00:00:00", "type": "openvas", "title": "Mandrake Security Advisory MDVSA-2009:037 (bind)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-5077", "CVE-2009-0265", "CVE-2009-0025"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:136141256231063400", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231063400", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: mdksa_2009_037.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory MDVSA-2009:037 (bind)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Internet Systems Consortium (ISC) BIND 9.6.0 and earlier does not\nproperly check the return value from the OpenSSL EVP_VerifyFinal\nfunction, which allows remote attackers to bypass validation of\nthe certificate chain via a malformed SSL/TLS signature, a similar\nvulnerability to CVE-2008-5077 and CVE-2009-0025.\n\nIn this particular case the DSA_verify function was fixed with\nMDVSA-2009:002, this update does however address the RSA_verify\nfunction (CVE-2009-0265).\n\nAffected: 2008.0, 2008.1, 2009.0, Corporate 3.0, Corporate 4.0,\n Multi Network Firewall 2.0\";\ntag_solution = \"To upgrade automatically use MandrakeUpdate or urpmi. The verification\nof md5 checksums and GPG signatures is performed automatically for you.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=MDVSA-2009:037\";\ntag_summary = \"The remote host is missing an update to bind\nannounced via advisory MDVSA-2009:037.\";\n\n \n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.63400\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-18 23:13:28 +0100 (Wed, 18 Feb 2009)\");\n script_cve_id(\"CVE-2008-5077\", \"CVE-2009-0025\", \"CVE-2009-0265\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_name(\"Mandrake Security Advisory MDVSA-2009:037 (bind)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"bind\", rpm:\"bind~9.4.2~1.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"bind-devel\", rpm:\"bind-devel~9.4.2~1.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"bind-utils\", rpm:\"bind-utils~9.4.2~1.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"bind\", rpm:\"bind~9.5.0~3.3mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"bind-devel\", rpm:\"bind-devel~9.5.0~3.3mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"bind-doc\", rpm:\"bind-doc~9.5.0~3.3mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"bind-utils\", rpm:\"bind-utils~9.5.0~3.3mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"bind\", rpm:\"bind~9.5.0~6.3mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"bind-devel\", rpm:\"bind-devel~9.5.0~6.3mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"bind-doc\", rpm:\"bind-doc~9.5.0~6.3mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"bind-utils\", rpm:\"bind-utils~9.5.0~6.3mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"bind\", rpm:\"bind~9.2.3~6.7.C30mdk\", rls:\"MNDK_3.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"bind-devel\", rpm:\"bind-devel~9.2.3~6.7.C30mdk\", rls:\"MNDK_3.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"bind-utils\", rpm:\"bind-utils~9.2.3~6.7.C30mdk\", rls:\"MNDK_3.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"bind\", rpm:\"bind~9.3.5~0.6.20060mlcs4\", rls:\"MNDK_4.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"bind-devel\", rpm:\"bind-devel~9.3.5~0.6.20060mlcs4\", rls:\"MNDK_4.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"bind-utils\", rpm:\"bind-utils~9.3.5~0.6.20060mlcs4\", rls:\"MNDK_4.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"bind\", rpm:\"bind~9.2.3~6.7.C30mdk\", rls:\"MNDK_2.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"bind-devel\", rpm:\"bind-devel~9.2.3~6.7.C30mdk\", rls:\"MNDK_2.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"bind-utils\", rpm:\"bind-utils~9.2.3~6.7.C30mdk\", rls:\"MNDK_2.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-24T12:56:50", "description": "The remote host is missing an update to bind\nannounced via advisory MDVSA-2009:037.", "cvss3": {}, "published": "2009-02-18T00:00:00", "type": "openvas", "title": "Mandrake Security Advisory MDVSA-2009:037 (bind)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-5077", "CVE-2009-0265", "CVE-2009-0025"], "modified": "2017-07-06T00:00:00", "id": "OPENVAS:63400", "href": "http://plugins.openvas.org/nasl.php?oid=63400", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: mdksa_2009_037.nasl 6573 2017-07-06 13:10:50Z cfischer $\n# Description: Auto-generated from advisory MDVSA-2009:037 (bind)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Internet Systems Consortium (ISC) BIND 9.6.0 and earlier does not\nproperly check the return value from the OpenSSL EVP_VerifyFinal\nfunction, which allows remote attackers to bypass validation of\nthe certificate chain via a malformed SSL/TLS signature, a similar\nvulnerability to CVE-2008-5077 and CVE-2009-0025.\n\nIn this particular case the DSA_verify function was fixed with\nMDVSA-2009:002, this update does however address the RSA_verify\nfunction (CVE-2009-0265).\n\nAffected: 2008.0, 2008.1, 2009.0, Corporate 3.0, Corporate 4.0,\n Multi Network Firewall 2.0\";\ntag_solution = \"To upgrade automatically use MandrakeUpdate or urpmi. The verification\nof md5 checksums and GPG signatures is performed automatically for you.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=MDVSA-2009:037\";\ntag_summary = \"The remote host is missing an update to bind\nannounced via advisory MDVSA-2009:037.\";\n\n \n\nif(description)\n{\n script_id(63400);\n script_version(\"$Revision: 6573 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-06 15:10:50 +0200 (Thu, 06 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-18 23:13:28 +0100 (Wed, 18 Feb 2009)\");\n script_cve_id(\"CVE-2008-5077\", \"CVE-2009-0025\", \"CVE-2009-0265\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_name(\"Mandrake Security Advisory MDVSA-2009:037 (bind)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"bind\", rpm:\"bind~9.4.2~1.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"bind-devel\", rpm:\"bind-devel~9.4.2~1.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"bind-utils\", rpm:\"bind-utils~9.4.2~1.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"bind\", rpm:\"bind~9.5.0~3.3mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"bind-devel\", rpm:\"bind-devel~9.5.0~3.3mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"bind-doc\", rpm:\"bind-doc~9.5.0~3.3mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"bind-utils\", rpm:\"bind-utils~9.5.0~3.3mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"bind\", rpm:\"bind~9.5.0~6.3mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"bind-devel\", rpm:\"bind-devel~9.5.0~6.3mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"bind-doc\", rpm:\"bind-doc~9.5.0~6.3mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"bind-utils\", rpm:\"bind-utils~9.5.0~6.3mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"bind\", rpm:\"bind~9.2.3~6.7.C30mdk\", rls:\"MNDK_3.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"bind-devel\", rpm:\"bind-devel~9.2.3~6.7.C30mdk\", rls:\"MNDK_3.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"bind-utils\", rpm:\"bind-utils~9.2.3~6.7.C30mdk\", rls:\"MNDK_3.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"bind\", rpm:\"bind~9.3.5~0.6.20060mlcs4\", rls:\"MNDK_4.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"bind-devel\", rpm:\"bind-devel~9.3.5~0.6.20060mlcs4\", rls:\"MNDK_4.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"bind-utils\", rpm:\"bind-utils~9.3.5~0.6.20060mlcs4\", rls:\"MNDK_4.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"bind\", rpm:\"bind~9.2.3~6.7.C30mdk\", rls:\"MNDK_2.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"bind-devel\", rpm:\"bind-devel~9.2.3~6.7.C30mdk\", rls:\"MNDK_2.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"bind-utils\", rpm:\"bind-utils~9.2.3~6.7.C30mdk\", rls:\"MNDK_2.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-12-11T19:44:15", "description": "The host is running BIND and is prone to Security Bypass\n Vulnerability.", "cvss3": {}, "published": "2009-01-15T00:00:00", "type": "openvas", "title": "OpenSSL DSA_verify() Security Bypass Vulnerability in BIND", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-5077", "CVE-2009-0265", "CVE-2009-0025"], "modified": "2019-12-10T00:00:00", "id": "OPENVAS:1361412562310800338", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310800338", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# OpenSSL DSA_verify() Security Bypass Vulnerability in BIND\n#\n# Authors:\n# Sharath S <sharaths@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:isc:bind\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.800338\");\n script_version(\"2019-12-10T15:03:15+0000\");\n script_tag(name:\"last_modification\", value:\"2019-12-10 15:03:15 +0000 (Tue, 10 Dec 2019)\");\n script_tag(name:\"creation_date\", value:\"2009-01-15 16:11:17 +0100 (Thu, 15 Jan 2009)\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_cve_id(\"CVE-2008-5077\", \"CVE-2009-0025\", \"CVE-2009-0265\");\n script_bugtraq_id(33150, 33151);\n script_name(\"OpenSSL DSA_verify() Security Bypass Vulnerability in BIND\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"bind_version.nasl\");\n script_mandatory_keys(\"isc/bind/detected\");\n\n script_xref(name:\"URL\", value:\"https://kb.isc.org/docs/aa-00925\");\n script_xref(name:\"URL\", value:\"http://secunia.com/advisories/33404/\");\n script_xref(name:\"URL\", value:\"http://www.ocert.org/advisories/ocert-2008-016.html\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation could allow remote attackers to bypass the certificate\n validation checks and can cause man-in-the-middle attack via signature checks on DSA and ECDSA keys used with SSL/TLS.\");\n\n script_tag(name:\"affected\", value:\"ISC BIND version prior to 9.2 or 9.6.0 P1 or 9.5.1 P1 or 9.4.3 P1 or 9.3.6 P1.\");\n\n script_tag(name:\"insight\", value:\"The flaw is due to improper validation of return value from OpenSSL's\n DSA_do_verify and VP_VerifyFinal functions.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to version 9.6.0 P1, 9.5.1 P1, 9.4.3 P1, 9.3.6 P1.\");\n\n script_tag(name:\"summary\", value:\"The host is running BIND and is prone to Security Bypass\n Vulnerability.\");\n\n script_tag(name:\"qod_type\", value:\"remote_banner_unreliable\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"version_func.inc\");\ninclude(\"host_details.inc\");\n\nif( ! port = get_app_port( cpe:CPE ) )\n exit( 0 );\n\nif( ! infos = get_app_version_and_proto( cpe:CPE, port:port ) )\n exit( 0 );\n\nversion = infos[\"version\"];\nproto = infos[\"proto\"];\n\nif( version_in_range( version:version, test_version:\"9.6\", test_version2:\"9.6.0\" ) ||\n version_in_range( version:version, test_version:\"9.5\", test_version2:\"9.5.1\" ) ||\n version_in_range( version:version, test_version:\"9.4\", test_version2:\"9.4.3\" ) ||\n version_in_range( version:version, test_version:\"9.3\", test_version2:\"9.3.6\" ) ||\n version_is_less( version:version, test_version:\"9.2\" ) ) {\n report = report_fixed_ver( installed_version:version, fixed_version:\"9.6.0 P1, 9.5.1 P1, 9.4.3 P1 or 9.3.6 P1\" );\n security_message( data:report, port:port, proto:proto );\n exit( 0 );\n}\n\nexit( 99 );\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2018-04-06T11:38:56", "description": "The remote host is missing an update to ntp\nannounced via advisory FEDORA-2009-13121.", "cvss3": {}, "published": "2009-12-14T00:00:00", "type": "openvas", "title": "Fedora Core 10 FEDORA-2009-13121 (ntp)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-0021", "CVE-2009-3563", "CVE-2009-0159", "CVE-2009-1252"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:136141256231066511", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231066511", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: fcore_2009_13121.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory FEDORA-2009-13121 (ntp)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Update Information:\n\nThis update fixes possible DoS with mode 7 packets. (CVE-2009-3563)\n\nChangeLog:\n\n* Wed Dec 9 2009 Miroslav Lichvar 4.2.4p7-2\n- fix DoS with mode 7 packets (#545557, CVE-2009-3563)\";\ntag_solution = \"Apply the appropriate updates.\n\nThis update can be installed with the yum update program. Use \nsu -c 'yum update ntp' at the command line.\nFor more information, refer to Managing Software with yum,\navailable at http://docs.fedoraproject.org/yum/.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2009-13121\";\ntag_summary = \"The remote host is missing an update to ntp\nannounced via advisory FEDORA-2009-13121.\";\n\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.66511\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-12-14 23:06:43 +0100 (Mon, 14 Dec 2009)\");\n script_cve_id(\"CVE-2009-3563\", \"CVE-2009-1252\", \"CVE-2009-0159\", \"CVE-2009-0021\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_name(\"Fedora Core 10 FEDORA-2009-13121 (ntp)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=531213\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"ntp\", rpm:\"ntp~4.2.4p7~2.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"ntp-perl\", rpm:\"ntp-perl~4.2.4p7~2.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"ntpdate\", rpm:\"ntpdate~4.2.4p7~2.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"ntp-debuginfo\", rpm:\"ntp-debuginfo~4.2.4p7~2.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-25T10:56:38", "description": "The remote host is missing an update to ntp\nannounced via advisory FEDORA-2009-13121.", "cvss3": {}, "published": "2009-12-14T00:00:00", "type": "openvas", "title": "Fedora Core 10 FEDORA-2009-13121 (ntp)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-0021", "CVE-2009-3563", "CVE-2009-0159", "CVE-2009-1252"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:66511", "href": "http://plugins.openvas.org/nasl.php?oid=66511", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: fcore_2009_13121.nasl 6624 2017-07-10 06:11:55Z cfischer $\n# Description: Auto-generated from advisory FEDORA-2009-13121 (ntp)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Update Information:\n\nThis update fixes possible DoS with mode 7 packets. (CVE-2009-3563)\n\nChangeLog:\n\n* Wed Dec 9 2009 Miroslav Lichvar 4.2.4p7-2\n- fix DoS with mode 7 packets (#545557, CVE-2009-3563)\";\ntag_solution = \"Apply the appropriate updates.\n\nThis update can be installed with the yum update program. Use \nsu -c 'yum update ntp' at the command line.\nFor more information, refer to Managing Software with yum,\navailable at http://docs.fedoraproject.org/yum/.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2009-13121\";\ntag_summary = \"The remote host is missing an update to ntp\nannounced via advisory FEDORA-2009-13121.\";\n\n\n\nif(description)\n{\n script_id(66511);\n script_version(\"$Revision: 6624 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:11:55 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-12-14 23:06:43 +0100 (Mon, 14 Dec 2009)\");\n script_cve_id(\"CVE-2009-3563\", \"CVE-2009-1252\", \"CVE-2009-0159\", \"CVE-2009-0021\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_name(\"Fedora Core 10 FEDORA-2009-13121 (ntp)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=531213\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"ntp\", rpm:\"ntp~4.2.4p7~2.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"ntp-perl\", rpm:\"ntp-perl~4.2.4p7~2.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"ntpdate\", rpm:\"ntpdate~4.2.4p7~2.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"ntp-debuginfo\", rpm:\"ntp-debuginfo~4.2.4p7~2.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:39:48", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2011-08-09T00:00:00", "type": "openvas", "title": "CentOS Update for freetype CESA-2009:0329 centos3 i386", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-0946", "CVE-2008-1808", "CVE-2007-2754", "CVE-2006-1861"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310880679", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310880679", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for freetype CESA-2009:0329 centos3 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2009-May/015887.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.880679\");\n script_version(\"$Revision: 14222 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 13:50:48 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-08-09 08:20:34 +0200 (Tue, 09 Aug 2011)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name:\"CESA\", value:\"2009:0329\");\n script_cve_id(\"CVE-2006-1861\", \"CVE-2007-2754\", \"CVE-2008-1808\", \"CVE-2009-0946\");\n script_name(\"CentOS Update for freetype CESA-2009:0329 centos3 i386\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'freetype'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS3\");\n script_tag(name:\"affected\", value:\"freetype on CentOS 3\");\n script_tag(name:\"insight\", value:\"FreeType is a free, high-quality, portable font engine that can open and\n manage font files. It also loads, hints, and renders individual glyphs\n efficiently. These packages provide both the FreeType 1 and FreeType 2\n font engines.\n\n Tavis Ormandy of the Google Security Team discovered several integer\n overflow flaws in the FreeType 2 font engine. If a user loaded a\n carefully-crafted font file with an application linked against FreeType 2,\n it could cause the application to crash or, possibly, execute arbitrary\n code with the privileges of the user running the application.\n (CVE-2009-0946)\n\n Chris Evans discovered multiple integer overflow flaws in the FreeType font\n engine. If a user loaded a carefully-crafted font file with an application\n linked against FreeType, it could cause the application to crash or,\n possibly, execute arbitrary code with the privileges of the user running\n the application. (CVE-2006-1861)\n\n An integer overflow flaw was found in the way the FreeType font engine\n processed TrueType Font (TTF) files. If a user loaded a carefully-crafted\n font file with an application linked against FreeType, it could cause the\n application to crash or, possibly, execute arbitrary code with the\n privileges of the user running the application. (CVE-2007-2754)\n\n A flaw was discovered in the FreeType TTF font-file format parser when the\n TrueType virtual machine Byte Code Interpreter (BCI) is enabled. If a user\n loaded a carefully-crafted font file with an application linked against\n FreeType, it could cause the application to crash or, possibly, execute\n arbitrary code with the privileges of the user running the application.\n (CVE-2008-1808)\n\n The CVE-2008-1808 flaw did not affect the freetype packages as distributed\n in Red Hat Enterprise Linux 3 and 4, as they are not compiled with TrueType\n BCI support. A fix for this flaw has been included in this update as users\n may choose to recompile the freetype packages in order to enable TrueType\n BCI support. Red Hat does not, however, provide support for modified and\n recompiled packages.\n\n Note: For the FreeType 2 font engine, the CVE-2006-1861, CVE-2007-2754,\n and CVE-2008-1808 flaws were addressed via RHSA-2006:0500, RHSA-2007:0403,\n and RHSA-2008:0556 respectively. This update provides corresponding\n updates for the FreeType 1 font engine, included in the freetype packages\n distributed in Red Hat Enterprise Linux 3 and 4.\n\n Users are advised to upgrade to these updated packages, which contain\n backported patches to correct these issues. The X server must be restarted\n (log out, then log back in) for this update to take effect.\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS3\")\n{\n\n if ((res = isrpmvuln(pkg:\"freetype\", rpm:\"freetype~2.1.4~12.el3\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"freetype-devel\", rpm:\"freetype-devel~2.1.4~12.el3\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"freetype-demos\", rpm:\"freetype-demos~2.1.4~12.el3\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"freetype-utils\", rpm:\"freetype-utils~2.1.4~12.el3\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2018-04-06T11:40:07", "description": "The remote host is missing updates to FreeType announced in\nadvisory RHSA-2009:0329.\n\nTavis Ormandy of the Google Security Team discovered several integer\noverflow flaws in the FreeType 2 font engine. If a user loaded a\ncarefully-crafted font file with an application linked against FreeType 2,\nit could cause the application to crash or, possibly, execute arbitrary\ncode with the privileges of the user running the application.\n(CVE-2009-0946)\n\nChris Evans discovered multiple integer overflow flaws in the FreeType font\nengine. If a user loaded a carefully-crafted font file with an application\nlinked against FreeType, it could cause the application to crash or,\npossibly, execute arbitrary code with the privileges of the user running\nthe application. (CVE-2006-1861)\n\nAn integer overflow flaw was found in the way the FreeType font engine\nprocessed TrueType\u00ae Font (TTF) files. If a user loaded a carefully-crafted\nfont file with an application linked against FreeType, it could cause the\napplication to crash or, possibly, execute arbitrary code with the\nprivileges of the user running the application. (CVE-2007-2754)\n\nA flaw was discovered in the FreeType TTF font-file format parser when the\nTrueType virtual machine Byte Code Interpreter (BCI) is enabled. If a user\nloaded a carefully-crafted font file with an application linked against\nFreeType, it could cause the application to crash or, possibly, execute\narbitrary code with the privileges of the user running the application.\n(CVE-2008-1808)\n\nThe CVE-2008-1808 flaw did not affect the freetype packages as distributed\nin Red Hat Enterprise Linux 3 and 4, as they are not compiled with TrueType\nBCI support. A fix for this flaw has been included in this update as users\nmay choose to recompile the freetype packages in order to enable TrueType\nBCI support. Red Hat does not, however, provide support for modified and\nrecompiled packages.\n\nNote: For the FreeType 2 font engine, the CVE-2006-1861, CVE-2007-2754,\nand CVE-2008-1808 flaws were addressed via RHSA-2006:0500, RHSA-2007:0403,\nand RHSA-2008:0556 respectively. This update provides corresponding\nupdates for the FreeType 1 font engine, included in the freetype packages\ndistributed in Red Hat Enterprise Linux 3 and 4.\n\nUsers are advised to upgrade to these updated packages, which contain\nbackported patches to correct these issues. The X server must be restarted\n(log out, then log back in) for this update to take effect.", "cvss3": {}, "published": "2009-05-25T00:00:00", "type": "openvas", "title": "RedHat Security Advisory RHSA-2009:0329", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-0946", "CVE-2008-1808", "CVE-2007-2754", "CVE-2006-1861"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:136141256231064018", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231064018", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: RHSA_2009_0329.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory RHSA-2009:0329 ()\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to FreeType announced in\nadvisory RHSA-2009:0329.\n\nTavis Ormandy of the Google Security Team discovered several integer\noverflow flaws in the FreeType 2 font engine. If a user loaded a\ncarefully-crafted font file with an application linked against FreeType 2,\nit could cause the application to crash or, possibly, execute arbitrary\ncode with the privileges of the user running the application.\n(CVE-2009-0946)\n\nChris Evans discovered multiple integer overflow flaws in the FreeType font\nengine. If a user loaded a carefully-crafted font file with an application\nlinked against FreeType, it could cause the application to crash or,\npossibly, execute arbitrary code with the privileges of the user running\nthe application. (CVE-2006-1861)\n\nAn integer overflow flaw was found in the way the FreeType font engine\nprocessed TrueType\u00ae Font (TTF) files. If a user loaded a carefully-crafted\nfont file with an application linked against FreeType, it could cause the\napplication to crash or, possibly, execute arbitrary code with the\nprivileges of the user running the application. (CVE-2007-2754)\n\nA flaw was discovered in the FreeType TTF font-file format parser when the\nTrueType virtual machine Byte Code Interpreter (BCI) is enabled. If a user\nloaded a carefully-crafted font file with an application linked against\nFreeType, it could cause the application to crash or, possibly, execute\narbitrary code with the privileges of the user running the application.\n(CVE-2008-1808)\n\nThe CVE-2008-1808 flaw did not affect the freetype packages as distributed\nin Red Hat Enterprise Linux 3 and 4, as they are not compiled with TrueType\nBCI support. A fix for this flaw has been included in this update as users\nmay choose to recompile the freetype packages in order to enable TrueType\nBCI support. Red Hat does not, however, provide support for modified and\nrecompiled packages.\n\nNote: For the FreeType 2 font engine, the CVE-2006-1861, CVE-2007-2754,\nand CVE-2008-1808 flaws were addressed via RHSA-2006:0500, RHSA-2007:0403,\nand RHSA-2008:0556 respectively. This update provides corresponding\nupdates for the FreeType 1 font engine, included in the freetype packages\ndistributed in Red Hat Enterprise Linux 3 and 4.\n\nUsers are advised to upgrade to these updated packages, which contain\nbackported patches to correct these issues. The X server must be restarted\n(log out, then log back in) for this update to take effect.\";\n\ntag_solution = \"Please note that this update is available via\nRed Hat Network. To use Red Hat Network, launch the Red\nHat Update Agent with the following command: up2date\";\n\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.64018\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-05-25 20:59:33 +0200 (Mon, 25 May 2009)\");\n script_cve_id(\"CVE-2006-1861\", \"CVE-2007-2754\", \"CVE-2008-1808\", \"CVE-2009-0946\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"RedHat Security Advisory RHSA-2009:0329\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"http://rhn.redhat.com/errata/RHSA-2009-0329.html\");\n script_xref(name : \"URL\" , value : \"http://www.redhat.com/security/updates/classification/#important\");\n script_xref(name : \"URL\" , value : \"http://www.redhat.com/support/policy/soc/production/\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"freetype\", rpm:\"freetype~2.1.4~12.el3\", rls:\"RHENT_3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"freetype-debuginfo\", rpm:\"freetype-debuginfo~2.1.4~12.el3\", rls:\"RHENT_3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"freetype-devel\", rpm:\"freetype-devel~2.1.4~12.el3\", rls:\"RHENT_3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"freetype\", rpm:\"freetype~2.1.9~10.el4.7\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"freetype-debuginfo\", rpm:\"freetype-debuginfo~2.1.9~10.el4.7\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"freetype-demos\", rpm:\"freetype-demos~2.1.9~10.el4.7\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"freetype-devel\", rpm:\"freetype-devel~2.1.9~10.el4.7\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"freetype-utils\", rpm:\"freetype-utils~2.1.9~10.el4.7\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-06T11:40:45", "description": "The remote host is missing updates to freetype announced in\nadvisory CESA-2009:0329.", "cvss3": {}, "published": "2009-05-25T00:00:00", "type": "openvas", "title": "CentOS Security Advisory CESA-2009:0329 (freetype)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-0946", "CVE-2008-1808", "CVE-2007-2754", "CVE-2006-1861"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:136141256231064061", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231064061", "sourceData": "#CESA-2009:0329 64061 6\n# $Id: ovcesa2009_0329.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory CESA-2009:0329 (freetype)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"For details on the issues addressed in this update,\nplease visit the referenced security advisories.\";\ntag_solution = \"Update the appropriate packages on your system.\n\nhttp://www.securityspace.com/smysecure/catid.html?in=CESA-2009:0329\nhttp://www.securityspace.com/smysecure/catid.html?in=RHSA-2009:0329\nhttps://rhn.redhat.com/errata/RHSA-2009-0329.html\";\ntag_summary = \"The remote host is missing updates to freetype announced in\nadvisory CESA-2009:0329.\";\n\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.64061\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-05-25 20:59:33 +0200 (Mon, 25 May 2009)\");\n script_cve_id(\"CVE-2006-1861\", \"CVE-2007-2754\", \"CVE-2008-1808\", \"CVE-2009-0946\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"CentOS Security Advisory CESA-2009:0329 (freetype)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"freetype\", rpm:\"freetype~2.1.4~12.el3\", rls:\"CentOS3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"freetype-devel\", rpm:\"freetype-devel~2.1.4~12.el3\", rls:\"CentOS3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"freetype-demos\", rpm:\"freetype-demos~2.1.4~12.el3\", rls:\"CentOS3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"freetype-utils\", rpm:\"freetype-utils~2.1.4~12.el3\", rls:\"CentOS3\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-25T10:57:16", "description": "The remote host is missing updates to freetype announced in\nadvisory CESA-2009:0329.", "cvss3": {}, "published": "2009-05-25T00:00:00", "type": "openvas", "title": "CentOS Security Advisory CESA-2009:0329 (freetype)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-0946", "CVE-2008-1808", "CVE-2007-2754", "CVE-2006-1861"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:64061", "href": "http://plugins.openvas.org/nasl.php?oid=64061", "sourceData": "#CESA-2009:0329 64061 6\n# $Id: ovcesa2009_0329.nasl 6650 2017-07-10 11:43:12Z cfischer $\n# Description: Auto-generated from advisory CESA-2009:0329 (freetype)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"For details on the issues addressed in this update,\nplease visit the referenced security advisories.\";\ntag_solution = \"Update the appropriate packages on your system.\n\nhttp://www.securityspace.com/smysecure/catid.html?in=CESA-2009:0329\nhttp://www.securityspace.com/smysecure/catid.html?in=RHSA-2009:0329\nhttps://rhn.redhat.com/errata/RHSA-2009-0329.html\";\ntag_summary = \"The remote host is missing updates to freetype announced in\nadvisory CESA-2009:0329.\";\n\n\n\nif(description)\n{\n script_id(64061);\n script_version(\"$Revision: 6650 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 13:43:12 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-05-25 20:59:33 +0200 (Mon, 25 May 2009)\");\n script_cve_id(\"CVE-2006-1861\", \"CVE-2007-2754\", \"CVE-2008-1808\", \"CVE-2009-0946\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"CentOS Security Advisory CESA-2009:0329 (freetype)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"freetype\", rpm:\"freetype~2.1.4~12.el3\", rls:\"CentOS3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"freetype-devel\", rpm:\"freetype-devel~2.1.4~12.el3\", rls:\"CentOS3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"freetype-demos\", rpm:\"freetype-demos~2.1.4~12.el3\", rls:\"CentOS3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"freetype-utils\", rpm:\"freetype-utils~2.1.4~12.el3\", rls:\"CentOS3\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-27T10:56:39", "description": "The remote host is missing updates to FreeType announced in\nadvisory RHSA-2009:0329.\n\nTavis Ormandy of the Google Security Team discovered several integer\noverflow flaws in the FreeType 2 font engine. If a user loaded a\ncarefully-crafted font file with an application linked against FreeType 2,\nit could cause the application to crash or, possibly, execute arbitrary\ncode with the privileges of the user running the application.\n(CVE-2009-0946)\n\nChris Evans discovered multiple integer overflow flaws in the FreeType font\nengine. If a user loaded a carefully-crafted font file with an application\nlinked against FreeType, it could cause the application to crash or,\npossibly, execute arbitrary code with the privileges of the user running\nthe application. (CVE-2006-1861)\n\nAn integer overflow flaw was found in the way the FreeType font engine\nprocessed TrueType\u00ae Font (TTF) files. If a user loaded a carefully-crafted\nfont file with an application linked against FreeType, it could cause the\napplication to crash or, possibly, execute arbitrary code with the\nprivileges of the user running the application. (CVE-2007-2754)\n\nA flaw was discovered in the FreeType TTF font-file format parser when the\nTrueType virtual machine Byte Code Interpreter (BCI) is enabled. If a user\nloaded a carefully-crafted font file with an application linked against\nFreeType, it could cause the application to crash or, possibly, execute\narbitrary code with the privileges of the user running the application.\n(CVE-2008-1808)\n\nThe CVE-2008-1808 flaw did not affect the freetype packages as distributed\nin Red Hat Enterprise Linux 3 and 4, as they are not compiled with TrueType\nBCI support. A fix for this flaw has been included in this update as users\nmay choose to recompile the freetype packages in order to enable TrueType\nBCI support. Red Hat does not, however, provide support for modified and\nrecompiled packages.\n\nNote: For the FreeType 2 font engine, the CVE-2006-1861, CVE-2007-2754,\nand CVE-2008-1808 flaws were addressed via RHSA-2006:0500, RHSA-2007:0403,\nand RHSA-2008:0556 respectively. This update provides corresponding\nupdates for the FreeType 1 font engine, included in the freetype packages\ndistributed in Red Hat Enterprise Linux 3 and 4.\n\nUsers are advised to upgrade to these updated packages, which contain\nbackported patches to correct these issues. The X server must be restarted\n(log out, then log back in) for this update to take effect.", "cvss3": {}, "published": "2009-05-25T00:00:00", "type": "openvas", "title": "RedHat Security Advisory RHSA-2009:0329", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-0946", "CVE-2008-1808", "CVE-2007-2754", "CVE-2006-1861"], "modified": "2017-07-12T00:00:00", "id": "OPENVAS:64018", "href": "http://plugins.openvas.org/nasl.php?oid=64018", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: RHSA_2009_0329.nasl 6683 2017-07-12 09:41:57Z cfischer $\n# Description: Auto-generated from advisory RHSA-2009:0329 ()\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to FreeType announced in\nadvisory RHSA-2009:0329.\n\nTavis Ormandy of the Google Security Team discovered several integer\noverflow flaws in the FreeType 2 font engine. If a user loaded a\ncarefully-crafted font file with an application linked against FreeType 2,\nit could cause the application to crash or, possibly, execute arbitrary\ncode with the privileges of the user running the application.\n(CVE-2009-0946)\n\nChris Evans discovered multiple integer overflow flaws in the FreeType font\nengine. If a user loaded a carefully-crafted font file with an application\nlinked against FreeType, it could cause the application to crash or,\npossibly, execute arbitrary code with the privileges of the user running\nthe application. (CVE-2006-1861)\n\nAn integer overflow flaw was found in the way the FreeType font engine\nprocessed TrueType\u00ae Font (TTF) files. If a user loaded a carefully-crafted\nfont file with an application linked against FreeType, it could cause the\napplication to crash or, possibly, execute arbitrary code with the\nprivileges of the user running the application. (CVE-2007-2754)\n\nA flaw was discovered in the FreeType TTF font-file format parser when the\nTrueType virtual machine Byte Code Interpreter (BCI) is enabled. If a user\nloaded a carefully-crafted font file with an application linked against\nFreeType, it could cause the application to crash or, possibly, execute\narbitrary code with the privileges of the user running the application.\n(CVE-2008-1808)\n\nThe CVE-2008-1808 flaw did not affect the freetype packages as distributed\nin Red Hat Enterprise Linux 3 and 4, as they are not compiled with TrueType\nBCI support. A fix for this flaw has been included in this update as users\nmay choose to recompile the freetype packages in order to enable TrueType\nBCI support. Red Hat does not, however, provide support for modified and\nrecompiled packages.\n\nNote: For the FreeType 2 font engine, the CVE-2006-1861, CVE-2007-2754,\nand CVE-2008-1808 flaws were addressed via RHSA-2006:0500, RHSA-2007:0403,\nand RHSA-2008:0556 respectively. This update provides corresponding\nupdates for the FreeType 1 font engine, included in the freetype packages\ndistributed in Red Hat Enterprise Linux 3 and 4.\n\nUsers are advised to upgrade to these updated packages, which contain\nbackported patches to correct these issues. The X server must be restarted\n(log out, then log back in) for this update to take effect.\";\n\ntag_solution = \"Please note that this update is available via\nRed Hat Network. To use Red Hat Network, launch the Red\nHat Update Agent with the following command: up2date\";\n\n\n\nif(description)\n{\n script_id(64018);\n script_version(\"$Revision: 6683 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-12 11:41:57 +0200 (Wed, 12 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-05-25 20:59:33 +0200 (Mon, 25 May 2009)\");\n script_cve_id(\"CVE-2006-1861\", \"CVE-2007-2754\", \"CVE-2008-1808\", \"CVE-2009-0946\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"RedHat Security Advisory RHSA-2009:0329\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"http://rhn.redhat.com/errata/RHSA-2009-0329.html\");\n script_xref(name : \"URL\" , value : \"http://www.redhat.com/security/updates/classification/#important\");\n script_xref(name : \"URL\" , value : \"http://www.redhat.com/support/policy/soc/production/\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"freetype\", rpm:\"freetype~2.1.4~12.el3\", rls:\"RHENT_3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"freetype-debuginfo\", rpm:\"freetype-debuginfo~2.1.4~12.el3\", rls:\"RHENT_3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"freetype-devel\", rpm:\"freetype-devel~2.1.4~12.el3\", rls:\"RHENT_3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"freetype\", rpm:\"freetype~2.1.9~10.el4.7\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"freetype-debuginfo\", rpm:\"freetype-debuginfo~2.1.9~10.el4.7\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"freetype-demos\", rpm:\"freetype-demos~2.1.9~10.el4.7\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"freetype-devel\", rpm:\"freetype-devel~2.1.9~10.el4.7\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"freetype-utils\", rpm:\"freetype-utils~2.1.9~10.el4.7\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-25T10:55:42", "description": "Check for the Version of freetype", "cvss3": {}, "published": "2011-08-09T00:00:00", "type": "openvas", "title": "CentOS Update for freetype CESA-2009:0329 centos3 i386", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-0946", "CVE-2008-1808", "CVE-2007-2754", "CVE-2006-1861"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:880679", "href": "http://plugins.openvas.org/nasl.php?oid=880679", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for freetype CESA-2009:0329 centos3 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"FreeType is a free, high-quality, portable font engine that can open and\n manage font files. It also loads, hints, and renders individual glyphs\n efficiently. These packages provide both the FreeType 1 and FreeType 2\n font engines.\n\n Tavis Ormandy of the Google Security Team discovered several integer\n overflow flaws in the FreeType 2 font engine. If a user loaded a\n carefully-crafted font file with an application linked against FreeType 2,\n it could cause the application to crash or, possibly, execute arbitrary\n code with the privileges of the user running the application.\n (CVE-2009-0946)\n \n Chris Evans discovered multiple integer overflow flaws in the FreeType font\n engine. If a user loaded a carefully-crafted font file with an application\n linked against FreeType, it could cause the application to crash or,\n possibly, execute arbitrary code with the privileges of the user running\n the application. (CVE-2006-1861)\n \n An integer overflow flaw was found in the way the FreeType font engine\n processed TrueType Font (TTF) files. If a user loaded a carefully-crafted\n font file with an application linked against FreeType, it could cause the\n application to crash or, possibly, execute arbitrary code with the\n privileges of the user running the application. (CVE-2007-2754)\n \n A flaw was discovered in the FreeType TTF font-file format parser when the\n TrueType virtual machine Byte Code Interpreter (BCI) is enabled. If a user\n loaded a carefully-crafted font file with an application linked against\n FreeType, it could cause the application to crash or, possibly, execute\n arbitrary code with the privileges of the user running the application.\n (CVE-2008-1808)\n \n The CVE-2008-1808 flaw did not affect the freetype packages as distributed\n in Red Hat Enterprise Linux 3 and 4, as they are not compiled with TrueType\n BCI support. A fix for this flaw has been included in this update as users\n may choose to recompile the freetype packages in order to enable TrueType\n BCI support. Red Hat does not, however, provide support for modified and\n recompiled packages.\n \n Note: For the FreeType 2 font engine, the CVE-2006-1861, CVE-2007-2754,\n and CVE-2008-1808 flaws were addressed via RHSA-2006:0500, RHSA-2007:0403,\n and RHSA-2008:0556 respectively. This update provides corresponding\n updates for the FreeType 1 font engine, included in the freetype packages\n distributed in Red Hat Enterprise Linux 3 and 4.\n \n Users are advised to upgrade to these updated packages, which contain\n backported patches to correct these issues. The X server must be restarted\n (log out, then log back in) for this update to take effect.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"freetype on CentOS 3\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2009-May/015887.html\");\n script_id(880679);\n script_version(\"$Revision: 6653 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 13:46:53 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-08-09 08:20:34 +0200 (Tue, 09 Aug 2011)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"CESA\", value: \"2009:0329\");\n script_cve_id(\"CVE-2006-1861\", \"CVE-2007-2754\", \"CVE-2008-1808\", \"CVE-2009-0946\");\n script_name(\"CentOS Update for freetype CESA-2009:0329 centos3 i386\");\n\n script_summary(\"Check for the Version of freetype\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS3\")\n{\n\n if ((res = isrpmvuln(pkg:\"freetype\", rpm:\"freetype~2.1.4~12.el3\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"freetype-devel\", rpm:\"freetype-devel~2.1.4~12.el3\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"freetype-demos\", rpm:\"freetype-demos~2.1.4~12.el3\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"freetype-utils\", rpm:\"freetype-utils~2.1.4~12.el3\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-25T10:56:32", "description": "The remote host is missing an update to cups\nannounced via advisory FEDORA-2009-3769.", "cvss3": {}, "published": "2009-04-28T00:00:00", "type": "openvas", "title": "Fedora Core 10 FEDORA-2009-3769 (cups)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-0164", "CVE-2008-5183", "CVE-2009-0166", "CVE-2008-1722", "CVE-2009-0147", "CVE-2008-5286", "CVE-2009-0146", "CVE-2009-0163"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:63877", "href": "http://plugins.openvas.org/nasl.php?oid=63877", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: fcore_2009_3769.nasl 6624 2017-07-10 06:11:55Z cfischer $\n# Description: Auto-generated from advisory FEDORA-2009-3769 (cups)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"This update fixes several security issues: CVE-2009-0163, CVE-2009-0164,\nCVE-2009-0146, CVE-2009-0147, and CVE-2009-0166.\n\nPDF files are now converted to PostScript using the poppler package's\npdftops program. NOTE: If your CUPS server is accessed using a\nhostname or hostnames not known to the server itself you must add\nServerAlias hostname to cupsd.conf for each such name. The special\nline ServerAlias * disables checking (but this allows DNS rebinding attacks).\n\nChangeLog:\n\n* Tue Apr 21 2009 Tim Waugh 1:1.3.10-1\n- 1.3.10. No longer need ext, includeifexists, str2988,\nCVE-2008-5183, CVE-2008-5286, str3077, str3078, str3059, str3055 patches.\n- Requires poppler-utils.\n- NOTE: If your CUPS server is accessed using a hostname or hostnames\nnot known to the server itself you must add ServerAlias hostname\nfor each such name. The special line ServerAlias * disables checking\n(but this allows DNS rebinding attacks).\";\ntag_solution = \"Apply the appropriate updates.\n\nThis update can be installed with the yum update program. Use \nsu -c 'yum update cups' at the command line.\nFor more information, refer to Managing Software with yum,\navailable at http://docs.fedoraproject.org/yum/.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2009-3769\";\ntag_summary = \"The remote host is missing an update to cups\nannounced via advisory FEDORA-2009-3769.\";\n\n\n\nif(description)\n{\n script_id(63877);\n script_version(\"$Revision: 6624 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:11:55 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-04-28 20:40:12 +0200 (Tue, 28 Apr 2009)\");\n script_cve_id(\"CVE-2009-0163\", \"CVE-2009-0164\", \"CVE-2009-0146\", \"CVE-2009-0147\", \"CVE-2009-0166\", \"CVE-2008-5183\", \"CVE-2008-5286\", \"CVE-2008-1722\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Fedora Core 10 FEDORA-2009-3769 (cups)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=490597\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=490596\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=490612\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=490614\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=490625\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"cups\", rpm:\"cups~1.3.10~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"cups-devel\", rpm:\"cups-devel~1.3.10~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"cups-libs\", rpm:\"cups-libs~1.3.10~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"cups-lpd\", rpm:\"cups-lpd~1.3.10~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"cups-php\", rpm:\"cups-php~1.3.10~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"cups-debuginfo\", rpm:\"cups-debuginfo~1.3.10~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-04-06T11:38:36", "description": "The remote host is missing an update to cups\nannounced via advisory FEDORA-2009-3769.", "cvss3": {}, "published": "2009-04-28T00:00:00", "type": "openvas", "title": "Fedora Core 10 FEDORA-2009-3769 (cups)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-0164", "CVE-2008-5183", "CVE-2009-0166", "CVE-2008-1722", "CVE-2009-0147", "CVE-2008-5286", "CVE-2009-0146", "CVE-2009-0163"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:136141256231063877", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231063877", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: fcore_2009_3769.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory FEDORA-2009-3769 (cups)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"This update fixes several security issues: CVE-2009-0163, CVE-2009-0164,\nCVE-2009-0146, CVE-2009-0147, and CVE-2009-0166.\n\nPDF files are now converted to PostScript using the poppler package's\npdftops program. NOTE: If your CUPS server is accessed using a\nhostname or hostnames not known to the server itself you must add\nServerAlias hostname to cupsd.conf for each such name. The special\nline ServerAlias * disables checking (but this allows DNS rebinding attacks).\n\nChangeLog:\n\n* Tue Apr 21 2009 Tim Waugh 1:1.3.10-1\n- 1.3.10. No longer need ext, includeifexists, str2988,\nCVE-2008-5183, CVE-2008-5286, str3077, str3078, str3059, str3055 patches.\n- Requires poppler-utils.\n- NOTE: If your CUPS server is accessed using a hostname or hostnames\nnot known to the server itself you must add ServerAlias hostname\nfor each such name. The special line ServerAlias * disables checking\n(but this allows DNS rebinding attacks).\";\ntag_solution = \"Apply the appropriate updates.\n\nThis update can be installed with the yum update program. Use \nsu -c 'yum update cups' at the command line.\nFor more information, refer to Managing Software with yum,\navailable at http://docs.fedoraproject.org/yum/.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2009-3769\";\ntag_summary = \"The remote host is missing an update to cups\nannounced via advisory FEDORA-2009-3769.\";\n\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.63877\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-04-28 20:40:12 +0200 (Tue, 28 Apr 2009)\");\n script_cve_id(\"CVE-2009-0163\", \"CVE-2009-0164\", \"CVE-2009-0146\", \"CVE-2009-0147\", \"CVE-2009-0166\", \"CVE-2008-5183\", \"CVE-2008-5286\", \"CVE-2008-1722\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Fedora Core 10 FEDORA-2009-3769 (cups)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=490597\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=490596\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=490612\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=490614\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=490625\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"cups\", rpm:\"cups~1.3.10~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"cups-devel\", rpm:\"cups-devel~1.3.10~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"cups-libs\", rpm:\"cups-libs~1.3.10~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"cups-lpd\", rpm:\"cups-lpd~1.3.10~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"cups-php\", rpm:\"cups-php~1.3.10~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"cups-debuginfo\", rpm:\"cups-debuginfo~1.3.10~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "nessus": [{"lastseen": "2021-08-19T13:07:55", "description": "The remote host is running a version of Mac OS X 10.5.x that is prior to 10.5.7. \n\nMac OS X 10.5.7 contains security fixes for the following products :\n\n - Apache\n - ATS\n - BIND\n - CFNetwork\n - CoreGraphics\n - Cscope\n - CUPS\n - Disk Images\n - enscript\n - Flash Player plug-in\n - Help Viewer\n - iChat\n - International Components for Unicode\n - IPSec\n - Kerberos\n - Kernel\n - Launch Services\n - libxml\n - Net-SNMP\n - Network Time\n - Networking\n - OpenSSL\n - PHP\n - QuickDraw Manager\n - ruby\n - Safari\n - Spotlight\n - system_cmds\n - telnet\n - Terminal\n - WebKit\n - X11", "cvss3": {"score": null, "vector": null}, "published": "2009-05-13T00:00:00", "type": "nessus", "title": "Mac OS X 10.5.x < 10.5.7 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2004-1184", "CVE-2004-1185", "CVE-2004-1186", "CVE-2008-0456", "CVE-2008-1382", "CVE-2008-1517", "CVE-2008-2371", "CVE-2008-2383", "CVE-2008-2665", "CVE-2008-2666", "CVE-2008-2829", "CVE-2008-2939", "CVE-2008-3443", "CVE-2008-3529", "CVE-2008-3530", "CVE-2008-3651", "CVE-2008-3652", "CVE-2008-3655", "CVE-2008-3656", "CVE-2008-3657", "CVE-2008-3658", "CVE-2008-3659", "CVE-2008-3660", "CVE-2008-3790", "CVE-2008-3863", "CVE-2008-4309", "CVE-2008-5077", "CVE-2008-5557", "CVE-2009-0010", "CVE-2009-0021", "CVE-2009-0025", "CVE-2009-0040", "CVE-2009-0114", "CVE-2009-0144", "CVE-2009-0145", "CVE-2009-0146", "CVE-2009-0147", "CVE-2009-0148", "CVE-2009-0149", "CVE-2009-0150", "CVE-2009-0152", "CVE-2009-0153", "CVE-2009-0154", "CVE-2009-0155", "CVE-2009-0156", "CVE-2009-0157", "CVE-2009-0158", "CVE-2009-0159", "CVE-2009-0160", "CVE-2009-0161", "CVE-2009-0162", "CVE-2009-0164", "CVE-2009-0165", "CVE-2009-0519", "CVE-2009-0520", "CVE-2009-0844", "CVE-2009-0845", "CVE-2009-0846", "CVE-2009-0847", "CVE-2009-0942", "CVE-2009-0943", "CVE-2009-0944", "CVE-2009-0945", "CVE-2009-0946", "CVE-2009-1717"], "modified": "2018-07-14T00:00:00", "cpe": ["cpe:/o:apple:mac_os_x"], "id": "MACOSX_10_5_7.NASL", "href": "https://www.tenable.com/plugins/nessus/38744", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\nif (!defined_func(\"bn_random\")) exit(0);\nif (NASL_LEVEL < 3004) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(38744);\n script_version(\"1.32\");\n script_cvs_date(\"Date: 2018/07/14 1:59:35\");\n\n script_cve_id(\"CVE-2004-1184\", \"CVE-2004-1185\", \"CVE-2004-1186\", \"CVE-2008-0456\", \"CVE-2008-1382\",\n \"CVE-2008-1517\", \"CVE-2008-2371\", \"CVE-2008-2383\", \"CVE-2008-2665\", \"CVE-2008-2666\",\n \"CVE-2008-2829\", \"CVE-2008-2939\", \"CVE-2008-3443\", \"CVE-2008-3529\", \"CVE-2008-3530\",\n \"CVE-2008-3651\", \"CVE-2008-3652\", \"CVE-2008-3655\", \"CVE-2008-3656\", \"CVE-2008-3657\",\n \"CVE-2008-3658\", \"CVE-2008-3659\", \"CVE-2008-3660\", \"CVE-2008-3790\", \"CVE-2008-3863\",\n \"CVE-2008-4309\", \"CVE-2008-5077\", \"CVE-2008-5557\", \"CVE-2009-0010\", \"CVE-2009-0021\",\n \"CVE-2009-0025\", \"CVE-2009-0040\", \"CVE-2009-0114\", \"CVE-2009-0144\", \"CVE-2009-0145\",\n \"CVE-2009-0146\", \"CVE-2009-0147\", \"CVE-2009-0148\", \"CVE-2009-0149\", \"CVE-2009-0150\",\n \"CVE-2009-0152\", \"CVE-2009-0153\", \"CVE-2009-0154\", \"CVE-2009-0155\", \"CVE-2009-0156\",\n \"CVE-2009-0157\", \"CVE-2009-0158\", \"CVE-2009-0159\", \"CVE-2009-0160\", \"CVE-2009-0161\",\n \"CVE-2009-0162\", \"CVE-2009-0164\", \"CVE-2009-0165\", \"CVE-2009-0519\", \"CVE-2009-0520\",\n \"CVE-2009-0844\", \"CVE-2009-0845\", \"CVE-2009-0846\", \"CVE-2009-0847\", \"CVE-2009-0942\",\n \"CVE-2009-0943\", \"CVE-2009-0944\", \"CVE-2009-0945\", \"CVE-2009-0946\", \"CVE-2009-1717\");\n script_bugtraq_id(27409, 29796, 30087, 30649, 30657, 31612, 32948, 33769, 33890, 34257, 34408,\n 34409, 34481, 34550, 34568, 34665, 34805, 34924, 34932, 34937, 34938, 34939,\n 34941, 34942, 34947, 34948, 34950, 34951, 34952, 34958, 34959, 34962, 34965,\n 34972, 34973, 34974, 35182);\n\n script_name(english:\"Mac OS X 10.5.x < 10.5.7 Multiple Vulnerabilities\");\n script_summary(english:\"Check the version of Mac OS X\");\n\n script_set_attribute( attribute:\"synopsis\", value:\n\"The remote host is missing a Mac OS X update that fixes various\nsecurity issues.\" );\n script_set_attribute( attribute:\"description\", value:\n\"The remote host is running a version of Mac OS X 10.5.x that is prior\nto 10.5.7. \n\nMac OS X 10.5.7 contains security fixes for the following products :\n\n - Apache\n - ATS\n - BIND\n - CFNetwork\n - CoreGraphics\n - Cscope\n - CUPS\n - Disk Images\n - enscript\n - Flash Player plug-in\n - Help Viewer\n - iChat\n - International Components for Unicode\n - IPSec\n - Kerberos\n - Kernel\n - Launch Services\n - libxml\n - Net-SNMP\n - Network Time\n - Networking\n - OpenSSL\n - PHP\n - QuickDraw Manager\n - ruby\n - Safari\n - Spotlight\n - system_cmds\n - telnet\n - Terminal\n - WebKit\n - X11\" );\n script_set_attribute(\n attribute:\"see_also\", \n value:\"http://support.apple.com/kb/HT3549\"\n );\n script_set_attribute(\n attribute:\"see_also\", \n value:\"http://lists.apple.com/archives/security-announce/2009/May/msg00002.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Upgrade to Mac OS X 10.5.7 or later.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(16, 20, 22, 79, 94, 119, 189, 200, 264, 287, 399);\n script_set_attribute(attribute:\"plugin_publication_date\", value: \"2009/05/13\");\n script_set_attribute(attribute:\"vuln_publication_date\", value: \"2005/01/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value: \"2009/05/12\");\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:apple:mac_os_x\");\n script_end_attributes();\n \n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n \n script_copyright(english:\"This script is Copyright (C) 2009-2018 Tenable Network Security, Inc.\");\n \n script_dependencies(\"ssh_get_info.nasl\", \"os_fingerprint.nasl\");\n\n exit(0);\n}\n\n\nos = get_kb_item(\"Host/MacOSX/Version\");\nif (!os) os = get_kb_item(\"Host/OS\");\nif (!os) exit(0);\n\nif (ereg(pattern:\"Mac OS X 10\\.5\\.[0-6]([^0-9]|$)\", string:os)) \n security_hole(0);\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T13:19:17", "description": "The remote host is running a version of Mac OS X 10.5 that is older than version 10.5.7. Mac OS X 10.5.7 contains security fixes for the following products : \n\n- Apache\n- ATS\n- BIND\n- CFNetwork\n- CoreGraphics\n-Cscope\n- CUPS\n- Disk Images\n- enscript\n- Flash player\n- Help Viewer\n- iChat\n- Internation Components for Unicode\n- IPSec\n- Kerberos\n- Kernel\n- Launch Services\n- libxml\n- Net-SNMP\n- Network Time\n- Networking\n- OpenSSL\n- PHP\n- QuickDraw Manager\n- ruby\n- Safari\n- Spotlight\n- system_cmds\n- telnet\n- WebKit\n- X11\n- Terminal", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2004-08-18T00:00:00", "type": "nessus", "title": "Mac OS X 10.5 < 10.5.7 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-0945", "CVE-2009-0164", "CVE-2009-0146", "CVE-2009-0147", "CVE-2009-0025", "CVE-2008-5557", "CVE-2004-1184", "CVE-2004-1185", "CVE-2004-1186", "CVE-2008-3651", "CVE-2008-3652", "CVE-2008-3529", "CVE-2008-3443", "CVE-2008-3655", "CVE-2008-3656", "CVE-2008-3657", "CVE-2008-3790", "CVE-2008-4309", "CVE-2008-2939", "CVE-2008-3863", "CVE-2008-2383", "CVE-2008-5077", "CVE-2009-0021", "CVE-2009-0040", "CVE-2008-1382", "CVE-2008-3658", "CVE-2008-3660", "CVE-2009-0844", "CVE-2009-0845", "CVE-2009-0846", "CVE-2009-0847", "CVE-2009-0159", "CVE-2009-0946", "CVE-2009-0148", "CVE-2009-0153", "CVE-2009-0519", "CVE-2009-0520", "CVE-2009-0165", "CVE-2008-0456", "CVE-2008-2665", "CVE-2008-2829", "CVE-2009-0150", "CVE-2009-0145", "CVE-2009-0155", "CVE-2009-0161", "CVE-2008-2371", "CVE-2008-3659", "CVE-2008-2666", "CVE-2009-0010", "CVE-2009-0942", "CVE-2009-0158", "CVE-2009-0149", "CVE-2009-0160", "CVE-2009-0157", "CVE-2009-0144", "CVE-2008-1517", "CVE-2009-0154", "CVE-2009-0114", "CVE-2009-0943", "CVE-2009-0162", "CVE-2008-3530", "CVE-2009-1717", "CVE-2009-0944", "CVE-2009-0156", "CVE-2009-0152"], "modified": "2019-03-06T00:00:00", "cpe": ["cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*"], "id": "5023.PRM", "href": "https://www.tenable.com/plugins/nnm/5023", "sourceData": "Binary data 5023.prm", "cvss": {"score": 10, "vector": "CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T13:17:59", "description": "The remote host is affected by the vulnerability described in GLSA-200502-03 (enscript: Multiple vulnerabilities)\n\n Erik Sjolund discovered several issues in enscript: it suffers from several buffer overflows (CAN-2004-1186), quotes and shell escape characters are insufficiently sanitized in filenames (CAN-2004-1185), and it supported taking input from an arbitrary command pipe, with unwanted side effects (CAN-2004-1184).\n Impact :\n\n An attacker could design malicious files or input data which, once feeded into enscript, would trigger the execution of arbitrary code with the rights of the user running enscript.\n Workaround :\n\n There is no known workaround at this time.", "cvss3": {"score": null, "vector": null}, "published": "2005-02-14T00:00:00", "type": "nessus", "title": "GLSA-200502-03 : enscript: Multiple vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2004-1184", "CVE-2004-1185", "CVE-2004-1186"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:gentoo:linux:enscript", "cpe:/o:gentoo:linux"], "id": "GENTOO_GLSA-200502-03.NASL", "href": "https://www.tenable.com/plugins/nessus/16440", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 200502-03.\n#\n# The advisory text is Copyright (C) 2001-2015 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(16440);\n script_version(\"1.17\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2004-1184\", \"CVE-2004-1185\", \"CVE-2004-1186\");\n script_xref(name:\"GLSA\", value:\"200502-03\");\n\n script_name(english:\"GLSA-200502-03 : enscript: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-200502-03\n(enscript: Multiple vulnerabilities)\n\n Erik Sjolund discovered several issues in enscript: it suffers\n from several buffer overflows (CAN-2004-1186), quotes and shell escape\n characters are insufficiently sanitized in filenames (CAN-2004-1185),\n and it supported taking input from an arbitrary command pipe, with\n unwanted side effects (CAN-2004-1184).\n \nImpact :\n\n An attacker could design malicious files or input data which, once\n feeded into enscript, would trigger the execution of arbitrary code\n with the rights of the user running enscript.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/200502-03\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All enscript users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=app-text/enscript-1.6.3-r3'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:enscript\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2005/02/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2005/02/14\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2005/01/21\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2005-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"app-text/enscript\", unaffected:make_list(\"ge 1.6.3-r3\"), vulnerable:make_list(\"lt 1.6.3-r3\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"enscript\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T13:17:56", "description": "An updated enscript package that fixes several security issues is now available for Red Hat Enterprise Linux 4.\n\nThis update has been rated as having low security impact by the Red Hat Security Response Team.\n\nGNU enscript converts ASCII files to PostScript.\n\nEnscript has the ability to interpret special escape sequences. A flaw was found in the handling of the epsf command used to insert inline EPS files into a document. An attacker could create a carefully crafted ASCII file which made use of the epsf pipe command in such a way that it could execute arbitrary commands if the file was opened with enscript by a victim. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-1184 to this issue.\n\nAdditional flaws in Enscript were also discovered which can only be triggered by executing enscript with carefully crafted command line arguments. These flaws therefore only have a security impact if enscript is executed by other programs and passed untrusted data from remote users. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2004-1185 and CVE-2004-1186 to these issues.\n\nAll users of enscript should upgrade to these updated packages, which contain backported patches to correct these issues.", "cvss3": {"score": null, "vector": null}, "published": "2005-02-22T00:00:00", "type": "nessus", "title": "RHEL 4 : enscript (RHSA-2005:040)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2004-1184", "CVE-2004-1185", "CVE-2004-1186"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:enscript", "cpe:/o:redhat:enterprise_linux:4"], "id": "REDHAT-RHSA-2005-040.NASL", "href": "https://www.tenable.com/plugins/nessus/17172", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2005:040. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(17172);\n script_version(\"1.23\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2004-1184\", \"CVE-2004-1185\", \"CVE-2004-1186\");\n script_xref(name:\"RHSA\", value:\"2005:040\");\n\n script_name(english:\"RHEL 4 : enscript (RHSA-2005:040)\");\n script_summary(english:\"Checks the rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An updated enscript package that fixes several security issues is now\navailable for Red Hat Enterprise Linux 4.\n\nThis update has been rated as having low security impact by the Red\nHat Security Response Team.\n\nGNU enscript converts ASCII files to PostScript.\n\nEnscript has the ability to interpret special escape sequences. A flaw\nwas found in the handling of the epsf command used to insert inline\nEPS files into a document. An attacker could create a carefully\ncrafted ASCII file which made use of the epsf pipe command in such a\nway that it could execute arbitrary commands if the file was opened\nwith enscript by a victim. The Common Vulnerabilities and Exposures\nproject (cve.mitre.org) has assigned the name CVE-2004-1184 to this\nissue.\n\nAdditional flaws in Enscript were also discovered which can only be\ntriggered by executing enscript with carefully crafted command line\narguments. These flaws therefore only have a security impact if\nenscript is executed by other programs and passed untrusted data from\nremote users. The Common Vulnerabilities and Exposures project\n(cve.mitre.org) has assigned the names CVE-2004-1185 and CVE-2004-1186\nto these issues.\n\nAll users of enscript should upgrade to these updated packages, which\ncontain backported patches to correct these issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2004-1184\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2004-1185\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2004-1186\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2005:040\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected enscript package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:enscript\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2004/12/31\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2005/02/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2005/02/22\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2005-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^4([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 4.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2005:040\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL4\", reference:\"enscript-1.6.1-28.3\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"enscript\");\n }\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T13:18:14", "description": "Erik Sjolund has discovered several security relevant problems in enscript, a program to converts ASCII text to Postscript and other formats. The Common Vulnerabilities and Exposures project identifies the following vulnerabilities :\n\n - CVE-2004-1184\n\n Unsanitised input can causes the execution of arbitrary commands via EPSF pipe support. This has been disabled, also upstream.\n\n - CVE-2004-1185\n\n Due to missing sanitising of filenames it is possible that a specially crafted filename can cause arbitrary commands to be executed.\n\n - CVE-2004-1186\n\n Multiple buffer overflows can cause the program to crash.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": null, "vector": null}, "published": "2005-01-27T00:00:00", "type": "nessus", "title": "Fedora Core 2 : enscript-1.6.1-25.2 (2005-015)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2004-1184", "CVE-2004-1185", "CVE-2004-1186"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:enscript", "p-cpe:/a:fedoraproject:fedora:enscript-debuginfo", "cpe:/o:fedoraproject:fedora_core:2"], "id": "FEDORA_2005-015.NASL", "href": "https://www.tenable.com/plugins/nessus/16267", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2005-015.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(16267);\n script_version(\"1.17\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2004-1184\", \"CVE-2004-1185\", \"CVE-2004-1186\");\n script_xref(name:\"FEDORA\", value:\"2005-015\");\n\n script_name(english:\"Fedora Core 2 : enscript-1.6.1-25.2 (2005-015)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora Core host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Erik Sjolund has discovered several security relevant problems in\nenscript, a program to converts ASCII text to Postscript and other\nformats. The Common Vulnerabilities and Exposures project identifies\nthe following vulnerabilities :\n\n - CVE-2004-1184\n\n Unsanitised input can causes the execution of arbitrary\n commands via EPSF pipe support. This has been disabled,\n also upstream.\n\n - CVE-2004-1185\n\n Due to missing sanitising of filenames it is possible\n that a specially crafted filename can cause arbitrary\n commands to be executed.\n\n - CVE-2004-1186\n\n Multiple buffer overflows can cause the program to\n crash.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n # https://lists.fedoraproject.org/pipermail/announce/2005-January/000631.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?9d592ba1\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected enscript and / or enscript-debuginfo packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:enscript\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:enscript-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora_core:2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2005/01/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2005/01/27\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2005-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^2([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 2.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC2\", reference:\"enscript-1.6.1-25.2\")) flag++;\nif (rpm_check(release:\"FC2\", reference:\"enscript-debuginfo-1.6.1-25.2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"enscript / enscript-debuginfo\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T13:06:47", "description": "- Unsanitised input can caues the execution of arbitrary commands via EPSF pipe support. This has been disabled, also upstream. (CVE-2004-1184)\n\n - Due to missing sanitising of filenames it is possible that a specially crafted filename can cause arbitrary commands to be executed. (CVE-2004-1185)\n\n - Multiple buffer overflows can cause the program to crash. (CVE-2004-1186)", "cvss3": {"score": null, "vector": null}, "published": "2009-09-24T00:00:00", "type": "nessus", "title": "SuSE9 Security Update : enscript (YOU Patch Number 9867)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2004-1184", "CVE-2004-1185", "CVE-2004-1186"], "modified": "2021-01-14T00:00:00", "cpe": ["cpe:/o:suse:suse_linux"], "id": "SUSE9_9867.NASL", "href": "https://www.tenable.com/plugins/nessus/41347", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(41347);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2004-1184\", \"CVE-2004-1185\", \"CVE-2004-1186\");\n\n script_name(english:\"SuSE9 Security Update : enscript (YOU Patch Number 9867)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 9 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - Unsanitised input can caues the execution of arbitrary\n commands via EPSF pipe support. This has been disabled,\n also upstream. (CVE-2004-1184)\n\n - Due to missing sanitising of filenames it is possible\n that a specially crafted filename can cause arbitrary\n commands to be executed. (CVE-2004-1185)\n\n - Multiple buffer overflows can cause the program to\n crash. (CVE-2004-1186)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2004-1184/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2004-1185/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2004-1186/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply YOU patch number 9867.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2005/02/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/09/24\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 9 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SUSE9\", reference:\"enscript-1.6.2-814.6\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T13:17:50", "description": "A vulnerability in the enscript program's handling of the epsf command used to insert inline EPS file into a document was found. An attacker could create a carefully crafted ASCII file which would make used of the epsf pipe command in such a way that it could execute arbitrary commands if the file was opened with enscript (CVE-2004-1184).\n\nAdditionally, flaws were found in enscript that could be abused by executing enscript with carefully crafted command-line arguments.\nThese flaws only have a security impact if enscript is executed by other programs and passed untrusted data from remote users (CVE-2004-1185 and CVE-2004-1186).\n\nThe updated packages have been patched to prevent these problems.", "cvss3": {"score": null, "vector": null}, "published": "2005-02-11T00:00:00", "type": "nessus", "title": "Mandrake Linux Security Advisory : enscript (MDKSA-2005:033)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2004-1184", "CVE-2004-1185", "CVE-2004-1186"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:mandriva:linux:enscript", "cpe:/o:mandrakesoft:mandrake_linux:10.0", "cpe:/o:mandrakesoft:mandrake_linux:10.1"], "id": "MANDRAKE_MDKSA-2005-033.NASL", "href": "https://www.tenable.com/plugins/nessus/16376", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandrake Linux Security Advisory MDKSA-2005:033. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(16376);\n script_version(\"1.18\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2004-1184\", \"CVE-2004-1185\", \"CVE-2004-1186\");\n script_xref(name:\"MDKSA\", value:\"2005:033\");\n\n script_name(english:\"Mandrake Linux Security Advisory : enscript (MDKSA-2005:033)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Mandrake Linux host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A vulnerability in the enscript program's handling of the epsf command\nused to insert inline EPS file into a document was found. An attacker\ncould create a carefully crafted ASCII file which would make used of\nthe epsf pipe command in such a way that it could execute arbitrary\ncommands if the file was opened with enscript (CVE-2004-1184).\n\nAdditionally, flaws were found in enscript that could be abused by\nexecuting enscript with carefully crafted command-line arguments.\nThese flaws only have a security impact if enscript is executed by\nother programs and passed untrusted data from remote users\n(CVE-2004-1185 and CVE-2004-1186).\n\nThe updated packages have been patched to prevent these problems.\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected enscript package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:enscript\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandrakesoft:mandrake_linux:10.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandrakesoft:mandrake_linux:10.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2005/02/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2005/02/11\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2005-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK10.0\", reference:\"enscript-1.6.4-1.1.100mdk\", yank:\"mdk\")) flag++;\n\nif (rpm_check(release:\"MDK10.1\", reference:\"enscript-1.6.4-1.1.101mdk\", yank:\"mdk\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T13:17:04", "description": "Erik Sjolund discovered several issues in enscript : it suffers from several buffer overflows, quotes and shell escape characters are insufficiently sanitized in filenames, and it supported taking input from an arbitrary command pipe, with unwanted side effects.", "cvss3": {"score": null, "vector": null}, "published": "2005-07-13T00:00:00", "type": "nessus", "title": "FreeBSD : enscript -- multiple vulnerabilities (72da8af6-7c75-11d9-8cc5-000854d03344)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2004-1184", "CVE-2004-1185", "CVE-2004-1186"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:enscript-a4", "p-cpe:/a:freebsd:freebsd:enscript-letter", "p-cpe:/a:freebsd:freebsd:enscript-letterdj", "cpe:/o:freebsd:freebsd"], "id": "FREEBSD_PKG_72DA8AF67C7511D98CC5000854D03344.NASL", "href": "https://www.tenable.com/plugins/nessus/18981", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(18981);\n script_version(\"1.17\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2004-1184\", \"CVE-2004-1185\", \"CVE-2004-1186\");\n\n script_name(english:\"FreeBSD : enscript -- multiple vulnerabilities (72da8af6-7c75-11d9-8cc5-000854d03344)\");\n script_summary(english:\"Checks for updated packages in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote FreeBSD host is missing one or more security-related\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Erik Sjolund discovered several issues in enscript : it suffers from\nseveral buffer overflows, quotes and shell escape characters are\ninsufficiently sanitized in filenames, and it supported taking input\nfrom an arbitrary command pipe, with unwanted side effects.\"\n );\n # http://www.gentoo.org/security/en/glsa/glsa-200502-03.xml\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/200502-03\"\n );\n # https://vuxml.freebsd.org/freebsd/72da8af6-7c75-11d9-8cc5-000854d03344.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?e51c6afe\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:enscript-a4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:enscript-letter\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:enscript-letterdj\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2005/02/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2005/02/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2005/07/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2005-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"enscript-a4<1.6.4_1\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"enscript-letter<1.6.4_1\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"enscript-letterdj<1.6.4_1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T13:18:15", "description": "Erik Sjolund has discovered several security relevant problems in enscript, a program to convert ASCII text into Postscript and other formats. The Common Vulnerabilities and Exposures project identifies the following vulnerabilities :\n\n - CAN-2004-1184 Unsanitised input can cause the execution of arbitrary commands via EPSF pipe support. This has been disabled, also upstream.\n\n - CAN-2004-1185\n\n Due to missing sanitising of filenames it is possible that a specially crafted filename can cause arbitrary commands to be executed.\n\n - CAN-2004-1186\n\n Multiple buffer overflows can cause the program to crash.\n\nUsually, enscript is only run locally, but since it is executed inside of viewcvs some of the problems mentioned above can easily be turned into a remote vulnerability.", "cvss3": {"score": null, "vector": null}, "published": "2005-01-25T00:00:00", "type": "nessus", "title": "Debian DSA-654-1 : enscript - several vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2004-1184", "CVE-2004-1185", "CVE-2004-1186"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:enscript", "cpe:/o:debian:debian_linux:3.0"], "id": "DEBIAN_DSA-654.NASL", "href": "https://www.tenable.com/plugins/nessus/16238", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-654. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(16238);\n script_version(\"1.23\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2004-1184\", \"CVE-2004-1185\", \"CVE-2004-1186\");\n script_xref(name:\"DSA\", value:\"654\");\n\n script_name(english:\"Debian DSA-654-1 : enscript - several vulnerabilities\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Erik Sjolund has discovered several security relevant problems in\nenscript, a program to convert ASCII text into Postscript and other\nformats. The Common Vulnerabilities and Exposures project identifies\nthe following vulnerabilities :\n\n - CAN-2004-1184\n Unsanitised input can cause the execution of arbitrary\n commands via EPSF pipe support. This has been disabled,\n also upstream.\n\n - CAN-2004-1185\n\n Due to missing sanitising of filenames it is possible\n that a specially crafted filename can cause arbitrary\n commands to be executed.\n\n - CAN-2004-1186\n\n Multiple buffer overflows can cause the program to\n crash.\n\nUsually, enscript is only run locally, but since it is executed inside\nof viewcvs some of the problems mentioned above can easily be turned\ninto a remote vulnerability.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.debian.org/security/2005/dsa-654\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the enscript package.\n\nFor the stable distribution (woody) these problems have been fixed in\nversion 1.6.3-1.3.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:enscript\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:3.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2005/01/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2005/01/25\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2005/01/21\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2005-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"3.0\", prefix:\"enscript\", reference:\"1.6.3-1.3\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T13:18:16", "description": "Erik Sjolund has discovered several security relevant problems in enscript, a program to converts ASCII text to Postscript and other formats. The Common Vulnerabilities and Exposures project identifies the following vulnerabilities :\n\n - CVE-2004-1184\n\n Unsanitised input can causes the execution of arbitrary commands via EPSF pipe support. This has been disabled, also upstream.\n\n - CVE-2004-1185\n\n Due to missing sanitising of filenames it is possible that a specially crafted filename can cause arbitrary commands to be executed.\n\n - CVE-2004-1186\n\n Multiple buffer overflows can cause the program to crash.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": null, "vector": null}, "published": "2005-01-27T00:00:00", "type": "nessus", "title": "Fedora Core 3 : enscript-1.6.1-28.0.2 (2005-016)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2004-1184", "CVE-2004-1185", "CVE-2004-1186"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:enscript", "p-cpe:/a:fedoraproject:fedora:enscript-debuginfo", "cpe:/o:fedoraproject:fedora_core:3"], "id": "FEDORA_2005-016.NASL", "href": "https://www.tenable.com/plugins/nessus/16268", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2005-016.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(16268);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2004-1184\", \"CVE-2004-1185\", \"CVE-2004-1186\");\n script_xref(name:\"FEDORA\", value:\"2005-016\");\n\n script_name(english:\"Fedora Core 3 : enscript-1.6.1-28.0.2 (2005-016)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora Core host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Erik Sjolund has discovered several security relevant problems in\nenscript, a program to converts ASCII text to Postscript and other\nformats. The Common Vulnerabilities and Exposures project identifies\nthe following vulnerabilities :\n\n - CVE-2004-1184\n\n Unsanitised input can causes the execution of arbitrary\n commands via EPSF pipe support. This has been disabled,\n also upstream.\n\n - CVE-2004-1185\n\n Due to missing sanitising of filenames it is possible\n that a specially crafted filename can cause arbitrary\n commands to be executed.\n\n - CVE-2004-1186\n\n Multiple buffer overflows can cause the program to\n crash.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n # https://lists.fedoraproject.org/pipermail/announce/2005-January/000636.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?6a705aa6\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected enscript and / or enscript-debuginfo packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:enscript\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:enscript-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora_core:3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2005/01/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2005/01/27\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2005-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^3([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 3.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC3\", reference:\"enscript-1.6.1-28.0.2\")) flag++;\nif (rpm_check(release:\"FC3\", reference:\"enscript-debuginfo-1.6.1-28.0.2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"enscript / enscript-debuginfo\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T13:16:08", "description": "Erik Sjolund discovered several vulnerabilities in enscript which could cause arbitrary code execution with the privileges of the user calling enscript.\n\nQuotes and other shell escape characters in titles and file names were not handled in previous versions. (CAN-2004-1184)\n\nPrevious versions supported reading EPS data not only from a file, but also from an arbitrary command pipe. Since checking for unwanted side effects is infeasible, this feature has been disabled after consultation with the authors of enscript. (CAN-2004-1185)\n\nFinally, this update fixes two buffer overflows which were triggered by certain input files. (CAN-2004-1186)\n\nThese issues can lead to privilege escalation if enscript is called automatically from web server applications like viewcvs.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": null, "vector": null}, "published": "2006-01-15T00:00:00", "type": "nessus", "title": "Ubuntu 4.10 : enscript vulnerabilities (USN-68-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2004-1184", "CVE-2004-1185", "CVE-2004-1186"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:enscript", "cpe:/o:canonical:ubuntu_linux:4.10"], "id": "UBUNTU_USN-68-1.NASL", "href": "https://www.tenable.com/plugins/nessus/20688", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-68-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(20688);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2004-1184\", \"CVE-2004-1185\", \"CVE-2004-1186\");\n script_xref(name:\"USN\", value:\"68-1\");\n\n script_name(english:\"Ubuntu 4.10 : enscript vulnerabilities (USN-68-1)\");\n script_summary(english:\"Checks dpkg output for updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Ubuntu host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Erik Sjolund discovered several vulnerabilities in enscript which\ncould cause arbitrary code execution with the privileges of the user\ncalling enscript.\n\nQuotes and other shell escape characters in titles and file names were\nnot handled in previous versions. (CAN-2004-1184)\n\nPrevious versions supported reading EPS data not only from a file, but\nalso from an arbitrary command pipe. Since checking for unwanted side\neffects is infeasible, this feature has been disabled after\nconsultation with the authors of enscript. (CAN-2004-1185)\n\nFinally, this update fixes two buffer overflows which were triggered\nby certain input files. (CAN-2004-1186)\n\nThese issues can lead to privilege escalation if enscript is called\nautomatically from web server applications like viewcvs.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected enscript package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:enscript\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:4.10\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2005/01/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2006/01/15\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2005-2019 Canonical, Inc. / NASL script (C) 2006-2016 Tenable Network Security, Inc.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! ereg(pattern:\"^(4\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 4.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"4.10\", pkgname:\"enscript\", pkgver:\"1.6.4-4ubuntu0.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"enscript\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T13:18:05", "description": "An updated enscript package that fixes several security issues is now available.\n\nGNU enscript converts ASCII files to PostScript.\n\nEnscript has the ability to interpret special escape sequences. A flaw was found in the handling of the epsf command used to insert inline EPS files into a document. An attacker could create a carefully crafted ASCII file which made use of the epsf pipe command in such a way that it could execute arbitrary commands if the file was opened with enscript by a victim. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-1184 to this issue.\n\nAdditional flaws in Enscript were also discovered which can only be triggered by executing enscript with carefully crafted command line arguments. These flaws therefore only have a security impact if enscript is executed by other programs and passed untrusted data from remote users. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2004-1185 and CVE-2004-1186 to these issues.\n\nAll users of enscript should upgrade to these updated packages, which resolve these issues.", "cvss3": {"score": null, "vector": null}, "published": "2005-02-02T00:00:00", "type": "nessus", "title": "RHEL 2.1 / 3 : enscript (RHSA-2005:039)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2004-1184", "CVE-2004-1185", "CVE-2004-1186"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:enscript", "cpe:/o:redhat:enterprise_linux:2.1", "cpe:/o:redhat:enterprise_linux:3"], "id": "REDHAT-RHSA-2005-039.NASL", "href": "https://www.tenable.com/plugins/nessus/16296", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2005:039. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(16296);\n script_version(\"1.26\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2004-1184\", \"CVE-2004-1185\", \"CVE-2004-1186\");\n script_xref(name:\"RHSA\", value:\"2005:039\");\n\n script_name(english:\"RHEL 2.1 / 3 : enscript (RHSA-2005:039)\");\n script_summary(english:\"Checks the rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An updated enscript package that fixes several security issues is now\navailable.\n\nGNU enscript converts ASCII files to PostScript.\n\nEnscript has the ability to interpret special escape sequences. A flaw\nwas found in the handling of the epsf command used to insert inline\nEPS files into a document. An attacker could create a carefully\ncrafted ASCII file which made use of the epsf pipe command in such a\nway that it could execute arbitrary commands if the file was opened\nwith enscript by a victim. The Common Vulnerabilities and Exposures\nproject (cve.mitre.org) has assigned the name CVE-2004-1184 to this\nissue.\n\nAdditional flaws in Enscript were also discovered which can only be\ntriggered by executing enscript with carefully crafted command line\narguments. These flaws therefore only have a security impact if\nenscript is executed by other programs and passed untrusted data from\nremote users. The Common Vulnerabilities and Exposures project\n(cve.mitre.org) has assigned the names CVE-2004-1185 and CVE-2004-1186\nto these issues.\n\nAll users of enscript should upgrade to these updated packages, which\nresolve these issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2004-1184\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2004-1185\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2004-1186\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2005:039\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected enscript package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:enscript\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:2.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:3\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2004/12/31\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2005/02/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2005/02/02\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2005-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(2\\.1|3)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 2.1 / 3.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2005:039\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"enscript-1.6.1-16.5\")) flag++;\n\n if (rpm_check(release:\"RHEL3\", reference:\"enscript-1.6.1-24.4\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"enscript\");\n }\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T13:08:52", "description": "Specially crafted swf files could cause a buffer overflow in flash-player. Attackers could potentially exploit that to execute code on the victim's machine (CVE-2009-0519, CVE-2009-0520, CVE-2009-0114, CVE-2009-0521).", "cvss3": {"score": null, "vector": null}, "published": "2009-02-27T00:00:00", "type": "nessus", "title": "openSUSE 10 Security Update : flash-player (flash-player-6022)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-0114", "CVE-2009-0519", "CVE-2009-0520", "CVE-2009-0521"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:flash-player", "cpe:/o:novell:opensuse:10.3"], "id": "SUSE_FLASH-PLAYER-6022.NASL", "href": "https://www.tenable.com/plugins/nessus/35747", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update flash-player-6022.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(35747);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2009-0114\", \"CVE-2009-0519\", \"CVE-2009-0520\", \"CVE-2009-0521\");\n\n script_name(english:\"openSUSE 10 Security Update : flash-player (flash-player-6022)\");\n script_summary(english:\"Check for the flash-player-6022 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Specially crafted swf files could cause a buffer overflow in\nflash-player. Attackers could potentially exploit that to execute code\non the victim's machine (CVE-2009-0519, CVE-2009-0520, CVE-2009-0114,\nCVE-2009-0521).\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected flash-player package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_cwe_id(20, 119, 200);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:flash-player\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:10.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/02/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/02/27\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE10\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"10.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE10.3\", reference:\"flash-player-9.0.159.0-0.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"flash-player\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T13:01:58", "description": "Specially crafted swf files could cause a buffer overflow in flash-player. Attackers could potentially exploit that to execute code on the victim's machine. (CVE-2009-0519 / CVE-2009-0520 / CVE-2009-0114 / CVE-2009-0521)", "cvss3": {"score": null, "vector": null}, "published": "2011-01-27T00:00:00", "type": "nessus", "title": "SuSE 10 Security Update : flash-player (ZYPP Patch Number 6020)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-0114", "CVE-2009-0519", "CVE-2009-0520", "CVE-2009-0521"], "modified": "2021-01-14T00:00:00", "cpe": ["cpe:/o:suse:suse_linux"], "id": "SUSE_FLASH-PLAYER-6020.NASL", "href": "https://www.tenable.com/plugins/nessus/51730", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(51730);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2009-0114\", \"CVE-2009-0519\", \"CVE-2009-0520\", \"CVE-2009-0521\");\n\n script_name(english:\"SuSE 10 Security Update : flash-player (ZYPP Patch Number 6020)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 10 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Specially crafted swf files could cause a buffer overflow in\nflash-player. Attackers could potentially exploit that to execute code\non the victim's machine. (CVE-2009-0519 / CVE-2009-0520 /\nCVE-2009-0114 / CVE-2009-0521)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-0114.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-0519.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-0520.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-0521.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply ZYPP patch number 6020.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_cwe_id(20, 119, 200);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/02/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/01/27\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 10 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED10\", sp:2, reference:\"flash-player-9.0.159.0-0.3\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T13:07:26", "description": "Specially crafted swf files could cause a buffer overflow in flash-player. Attackers could potentially exploit that to execute code on the victim's machine (CVE-2009-0519, CVE-2009-0520, CVE-2009-0114, CVE-2009-0521).", "cvss3": {"score": null, "vector": null}, "published": "2009-07-21T00:00:00", "type": "nessus", "title": "openSUSE Security Update : flash-player (flash-player-560)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-0114", "CVE-2009-0519", "CVE-2009-0520", "CVE-2009-0521"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:flash-player", "cpe:/o:novell:opensuse:11.1"], "id": "SUSE_11_1_FLASH-PLAYER-090225.NASL", "href": "https://www.tenable.com/plugins/nessus/40216", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update flash-player-560.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(40216);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2009-0114\", \"CVE-2009-0519\", \"CVE-2009-0520\", \"CVE-2009-0521\");\n\n script_name(english:\"openSUSE Security Update : flash-player (flash-player-560)\");\n script_summary(english:\"Check for the flash-player-560 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Specially crafted swf files could cause a buffer overflow in\nflash-player. Attackers could potentially exploit that to execute code\non the victim's machine (CVE-2009-0519, CVE-2009-0520, CVE-2009-0114,\nCVE-2009-0521).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=476907\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected flash-player package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_cwe_id(20, 119, 200);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:flash-player\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/02/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/07/21\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.1\", reference:\"flash-player-10.0.22.87-0.1.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"flash-player\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T13:06:52", "description": "Specially crafted swf files could cause a buffer overflow in flash-player. Attackers could potentially exploit that to execute code on the victim's machine. (CVE-2009-0519 / CVE-2009-0520 / CVE-2009-0114 / CVE-2009-0521)", "cvss3": {"score": null, "vector": null}, "published": "2009-09-24T00:00:00", "type": "nessus", "title": "SuSE 11 Security Update : flash-player (SAT Patch Number 612)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-0114", "CVE-2009-0519", "CVE-2009-0520", "CVE-2009-0521"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:11:flash-player", "cpe:/o:novell:suse_linux:11"], "id": "SUSE_11_FLASH-PLAYER-090316.NASL", "href": "https://www.tenable.com/plugins/nessus/41391", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from SuSE 11 update information. The text itself is\n# copyright (C) Novell, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(41391);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2009-0114\", \"CVE-2009-0519\", \"CVE-2009-0520\", \"CVE-2009-0521\");\n\n script_name(english:\"SuSE 11 Security Update : flash-player (SAT Patch Number 612)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 11 host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Specially crafted swf files could cause a buffer overflow in\nflash-player. Attackers could potentially exploit that to execute code\non the victim's machine. (CVE-2009-0519 / CVE-2009-0520 /\nCVE-2009-0114 / CVE-2009-0521)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=476907\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-0114.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-0519.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-0520.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-0521.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply SAT patch number 612.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_cwe_id(20, 119, 200);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:flash-player\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/03/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/09/24\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)11\") audit(AUDIT_OS_NOT, \"SuSE 11\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SuSE 11\", cpu);\n\npl = get_kb_item(\"Host/SuSE/patchlevel\");\nif (pl) audit(AUDIT_OS_NOT, \"SuSE 11.0\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"i586\", reference:\"flash-player-10.0.22.87-1.1.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"x86_64\", reference:\"\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T13:07:21", "description": "Specially crafted swf files could cause a buffer overflow in flash-player. Attackers could potentially exploit that to execute code on the victim's machine (CVE-2009-0519, CVE-2009-0520, CVE-2009-0114, CVE-2009-0521).", "cvss3": {"score": null, "vector": null}, "published": "2009-07-21T00:00:00", "type": "nessus", "title": "openSUSE Security Update : flash-player (flash-player-560)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-0114", "CVE-2009-0519", "CVE-2009-0520", "CVE-2009-0521"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:flash-player", "cpe:/o:novell:opensuse:11.0"], "id": "SUSE_11_0_FLASH-PLAYER-090226.NASL", "href": "https://www.tenable.com/plugins/nessus/39962", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update flash-player-560.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(39962);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2009-0114\", \"CVE-2009-0519\", \"CVE-2009-0520\", \"CVE-2009-0521\");\n\n script_name(english:\"openSUSE Security Update : flash-player (flash-player-560)\");\n script_summary(english:\"Check for the flash-player-560 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Specially crafted swf files could cause a buffer overflow in\nflash-player. Attackers could potentially exploit that to execute code\non the victim's machine (CVE-2009-0519, CVE-2009-0520, CVE-2009-0114,\nCVE-2009-0521).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=476907\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected flash-player package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_cwe_id(20, 119, 200);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:flash-player\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/02/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/07/21\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.0)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.0\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.0\", reference:\"flash-player-9.0.159.0-0.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"flash-player\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T12:48:01", "description": "The remote OracleVM system is missing necessary patches to address critical security updates :\n\nCVE-2009-0159 Stack-based buffer overflow in the cookedprint function in ntpq/ntpq.c in ntpq in NTP before 4.2.4p7-RC2 allows remote NTP servers to execute arbitrary code via a crafted response.\n\nCVE-2009-1252 Stack-based buffer overflow in the crypto_recv function in ntp_crypto.c in ntpd in NTP before 4.2.4p7 and 4.2.5 before 4.2.5p74, when OpenSSL and autokey are enabled, allows remote attackers to execute arbitrary code via a crafted packet containing an extension field.\n\nCVE-2009-0021 NTP 4.2.4 before 4.2.4p5 and 4.2.5 before 4.2.5p150 does not properly check the return value from the OpenSSL EVP_VerifyFinal function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature for DSA and ECDSA keys, a similar vulnerability to CVE-2008-5077.\n\n - fix buffer overflow when parsing Autokey association message (#500783, CVE-2009-1252)\n\n - fix buffer overflow in ntpq (#500783, CVE-2009-0159)\n\n - fix check for malformed signatures (#479698, CVE-2009-0021)\n\n - fix selecting multicast interface (#444106)\n\n - disable kernel discipline when -x option is used (#431729)\n\n - avoid use of uninitialized floating-point values in clock_select (#250838)\n\n - generate man pages from html source, include config man pages (#307271)\n\n - add note about paths and exit codes to ntpd man page (#242925, #246568)\n\n - add section about exit codes to ntpd man page (#319591)\n\n - always return 0 in scriptlets\n\n - pass additional options to ntpdate (#240141)\n\n - fix broadcast client to accept broadcasts on 255.255.255.255 (#226958)\n\n - compile with crypto support on 64bit architectures (#239580)\n\n - add ncurses-devel to buildrequires (#239580)\n\n - exit with nonzero code if ntpd -q did not set clock (#240134)\n\n - fix return codes in init script (#240118)", "cvss3": {"score": null, "vector": null}, "published": "2014-11-26T00:00:00", "type": "nessus", "title": "OracleVM 2.1 : ntp (OVMSA-2009-0011)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-5077", "CVE-2009-0021", "CVE-2009-0159", "CVE-2009-1252"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:oracle:vm:ntp", "cpe:/o:oracle:vm_server:2.1"], "id": "ORACLEVM_OVMSA-2009-0011.NASL", "href": "https://www.tenable.com/plugins/nessus/79458", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from OracleVM\n# Security Advisory OVMSA-2009-0011.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(79458);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2008-5077\", \"CVE-2009-0021\", \"CVE-2009-0159\", \"CVE-2009-1252\");\n script_bugtraq_id(33150, 34481, 35017);\n\n script_name(english:\"OracleVM 2.1 : ntp (OVMSA-2009-0011)\");\n script_summary(english:\"Checks the RPM output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote OracleVM host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote OracleVM system is missing necessary patches to address\ncritical security updates :\n\nCVE-2009-0159 Stack-based buffer overflow in the cookedprint function\nin ntpq/ntpq.c in ntpq in NTP before 4.2.4p7-RC2 allows remote NTP\nservers to execute arbitrary code via a crafted response.\n\nCVE-2009-1252 Stack-based buffer overflow in the crypto_recv function\nin ntp_crypto.c in ntpd in NTP before 4.2.4p7 and 4.2.5 before\n4.2.5p74, when OpenSSL and autokey are enabled, allows remote\nattackers to execute arbitrary code via a crafted packet containing an\nextension field.\n\nCVE-2009-0021 NTP 4.2.4 before 4.2.4p5 and 4.2.5 before 4.2.5p150 does\nnot properly check the return value from the OpenSSL EVP_VerifyFinal\nfunction, which allows remote attackers to bypass validation of the\ncertificate chain via a malformed SSL/TLS signature for DSA and ECDSA\nkeys, a similar vulnerability to CVE-2008-5077.\n\n - fix buffer overflow when parsing Autokey association\n message (#500783, CVE-2009-1252)\n\n - fix buffer overflow in ntpq (#500783, CVE-2009-0159)\n\n - fix check for malformed signatures (#479698,\n CVE-2009-0021)\n\n - fix selecting multicast interface (#444106)\n\n - disable kernel discipline when -x option is used\n (#431729)\n\n - avoid use of uninitialized floating-point values in\n clock_select (#250838)\n\n - generate man pages from html source, include config man\n pages (#307271)\n\n - add note about paths and exit codes to ntpd man page\n (#242925, #246568)\n\n - add section about exit codes to ntpd man page (#319591)\n\n - always return 0 in scriptlets\n\n - pass additional options to ntpdate (#240141)\n\n - fix broadcast client to accept broadcasts on\n 255.255.255.255 (#226958)\n\n - compile with crypto support on 64bit architectures\n (#239580)\n\n - add ncurses-devel to buildrequires (#239580)\n\n - exit with nonzero code if ntpd -q did not set clock\n (#240134)\n\n - fix return codes in init script (#240118)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/oraclevm-errata/2009-May/000024.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected ntp package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(20, 119, 287);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:vm:ntp\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:vm_server:2.1\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2009/01/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/05/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/11/26\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"OracleVM Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleVM/release\", \"Host/OracleVM/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/OracleVM/release\");\nif (isnull(release) || \"OVS\" >!< release) audit(AUDIT_OS_NOT, \"OracleVM\");\nif (! preg(pattern:\"^OVS\" + \"2\\.1\" + \"(\\.[0-9]|$)\", string:release)) audit(AUDIT_OS_NOT, \"OracleVM 2.1\", \"OracleVM \" + release);\nif (!get_kb_item(\"Host/OracleVM/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"OracleVM\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"OVS2.1\", reference:\"ntp-4.2.2p1-9.el5_3.2\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ntp\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-04-12T16:04:27", "description": "The remote Windows host contains a version of Adobe Flash Player that is earlier than 9.0.159.0 / 10.0.22.87. Such versions are reportedly affected by multiple vulnerabilities : \n\n - A buffer overflow issue that could allow an attacker to execute arbitrary code with the privileges of the user running the application. (CVE-2009-0520) \n\n - An input validation vulnerability that leads to a denial of service attack and could possibly allow for an attacker to execute arbitrary code. (CVE-2009-0519) \n\n - A vulnerability in the Flash Player settings manager that could contribute to a clickjacking attack. (CVE-2009-0014) \n\n - A vulnerability with the mouse pointer display that could contribute to a clickjacking attack. (CVE-2009-0522)", "cvss3": {"score": null, "vector": null}, "published": "2009-02-26T00:00:00", "type": "nessus", "title": "Flash Player 9.0.159.0 / 10.0.22.87 Multiple Vulnerabilities (APSB09-01)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-0014", "CVE-2009-0114", "CVE-2009-0519", "CVE-2009-0520", "CVE-2009-0522"], "modified": "2022-04-11T00:00:00", "cpe": ["cpe:/a:adobe:flash_player"], "id": "FLASH_PLAYER_APSB09_01.NASL", "href": "https://www.tenable.com/plugins/nessus/35742", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(35742);\n script_version(\"1.18\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\n \"CVE-2009-0114\",\n \"CVE-2009-0519\",\n \"CVE-2009-0520\",\n \"CVE-2009-0522\"\n );\n script_bugtraq_id(33880, 33890);\n\n script_name(english:\"Flash Player 9.0.159.0 / 10.0.22.87 Multiple Vulnerabilities (APSB09-01)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host contains a browser plugin that is affected by \nmultiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host contains a version of Adobe Flash Player that \nis earlier than 9.0.159.0 / 10.0.22.87. Such versions are reportedly \naffected by multiple vulnerabilities : \n\n - A buffer overflow issue that could allow an attacker \n to execute arbitrary code with the privileges of the \n user running the application. (CVE-2009-0520) \n\n - An input validation vulnerability that leads to a denial \n of service attack and could possibly allow for an attacker \n to execute arbitrary code. (CVE-2009-0519) \n\n - A vulnerability in the Flash Player settings manager that \n could contribute to a clickjacking attack. (CVE-2009-0014) \n\n - A vulnerability with the mouse pointer display that could \n contribute to a clickjacking attack. (CVE-2009-0522)\");\n # http://www.verisigninc.com/en_US/products-and-services/network-intelligence-availability/idefense/public-vulnerability-reports/articles/index.xhtml?id=773\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?023bd92b\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.adobe.com/support/security/bulletins/apsb09-01.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to version 10.0.22.87 or later. If you are unable to \nupgrade to version 10, upgrade to version 9.0.159.0 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(20, 119);\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/02/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/02/26\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:adobe:flash_player\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2009-2022 Tenable Network Security, Inc.\");\n\n script_dependencies(\"flash_player_installed.nasl\");\n script_require_keys(\"SMB/Flash_Player/installed\");\n\n exit(0);\n}\n\n#\n\nif (!get_kb_item(\"SMB/Flash_Player/installed\")) exit(0);\n\ninclude (\"global_settings.inc\");\n\n# Identify vulnerable versions.\ninfo=NULL;\n\nforeach variant (make_list(\"Plugin\", \"ActiveX\"))\n{\n vers = get_kb_list(\"SMB/Flash_Player/\"+variant+\"/Version/*\");\n files = get_kb_list(\"SMB/Flash_Player/\"+variant+\"/File/*\");\n if(!isnull(vers) && !isnull(files))\n {\n foreach key (keys(vers))\n {\n ver = vers[key];\n\n\n if (ver)\n {\n iver = split(ver, sep:'.',keep:FALSE);\n for(i=0;i<max_index(iver);i++)\n iver[i] = int(iver[i]);\n if (\n (\n iver[0] == 10 && iver[1] == 0 &&\n (\n iver[2] < 12 ||\n (iver[2] == 12 && iver[3] <= 36)\n )\n ) ||\n (iver[0] == 9 && iver[1] == 0 && iver[2] < 159) ||\n iver[0] < 9\n )\n {\n num = key - (\"SMB/Flash_Player/\"+variant+\"/Version/\");\n file = files[\"SMB/Flash_Player/\"+variant+\"/File/\"+num];\n if (variant == \"Plugin\")\n {\n info += ' - Browser Plugin (for Firefox / Netscape / Opera) :\\n';\n }\n else if (variant == \"ActiveX\")\n {\n info += ' - ActiveX control (for Internet Explorer) :\\n';\n }\n info += ' ' + file + ', ' + ver + '\\n';\n }\n }\n }\n }\n}\n\nif (info)\n{\n if (report_verbosity > 0)\n {\n # nb: each vulnerable instance adds 2 lines to 'info'.\n if (max_index(split(info)) > 2) s = \"s\";\n else s = \"\";\n\n report = string(\n \"\\n\",\n \"Nessus has identified the following vulnerable instance\", s, \" of Flash\\n\",\n \"Player installed on the remote host :\\n\",\n \"\\n\",\n info\n );\n security_hole(port:get_kb_item(\"SMB/transport\"), extra:report);\n }\n else security_hole(get_kb_item(\"SMB/transport\"));\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-03-27T14:34:41", "description": "The remote Windows host contains a version of Adobe Flash Player that is earlier than 10.0.22.87 / 9.0.159.0. Such versions are reportedly affected by multiple vulnerabilities : \n\n - A buffer overflow issue that could allow an attacker to execute arbitrary code with the privileges of the user running the application. (CVE-2009-0520) \n\n - An input validation vulnerability that leads to a denial of service attack and could possibly allow for an attacker to execute arbitrary code. (CVE-2009-0519) \n\n - A vulnerability in the Flash Player settings manager that could contribute to a clickjacking attack. (CVE-2009-0014)\n\n - A vulnerability with the mouse pointer display that could contribute to a clickjacking attack. (CVE-2009-0522) ", "cvss3": {"score": 5.6, "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L"}, "published": "2009-02-24T00:00:00", "type": "nessus", "title": "Flash Player APSB09-01 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-0014", "CVE-2009-0114", "CVE-2009-0519", "CVE-2009-0520", "CVE-2009-0522"], "modified": "2019-03-06T00:00:00", "cpe": ["cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*"], "id": "4937.PRM", "href": "https://www.tenable.com/plugins/nnm/4937", "sourceData": "Binary data 4937.prm", "cvss": {"score": 6.8, "vector": "CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:57:45", "description": "Two denial of service flaws were found in the ipsec-tools racoon daemon. It was possible for a remote attacker to cause the racoon daemon to consume all available memory. (CVE-2008-3651, CVE-2008-3652)", "cvss3": {"score": null, "vector": null}, "published": "2012-08-01T00:00:00", "type": "nessus", "title": "Scientific Linux Security Update : ipsec-tools on SL3.x, SL4.x, SL5.x i386/x86_64", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-3651", "CVE-2008-3652"], "modified": "2021-01-14T00:00:00", "cpe": ["x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20080826_IPSEC_TOOLS_ON_SL3_X.NASL", "href": "https://www.tenable.com/plugins/nessus/60468", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(60468);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2008-3651\", \"CVE-2008-3652\");\n\n script_name(english:\"Scientific Linux Security Update : ipsec-tools on SL3.x, SL4.x, SL5.x i386/x86_64\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Scientific Linux host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Two denial of service flaws were found in the ipsec-tools racoon\ndaemon. It was possible for a remote attacker to cause the racoon\ndaemon to consume all available memory. (CVE-2008-3651, CVE-2008-3652)\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind0808&L=scientific-linux-errata&T=0&P=2045\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?a0945a57\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected ipsec-tools package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_cwe_id(200, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/08/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/08/01\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL3\", reference:\"ipsec-tools-0.2.5-0.7.rhel3.5\")) flag++;\n\nif (rpm_check(release:\"SL4\", reference:\"ipsec-tools-0.3.3-7.el4_7\")) flag++;\n\nif (rpm_check(release:\"SL5\", reference:\"ipsec-tools-0.6.5-9.el5_2.3\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-08-19T13:09:10", "description": "The remote host is affected by the vulnerability described in GLSA-200812-03 (IPsec-Tools: racoon Denial of Service)\n\n Two Denial of Service vulnerabilities have been reported in racoon:\n The vendor reported a memory leak in racoon/proposal.c that can be triggered via invalid proposals (CVE-2008-3651).\n Krzysztof Piotr Oledzk reported that src/racoon/handler.c does not remove an 'orphaned ph1' (phase 1) handle when it has been initiated remotely (CVE-2008-3652).\n Impact :\n\n An attacker could exploit these vulnerabilities to cause a Denial of Service.\n Workaround :\n\n There is no known workaround at this time.", "cvss3": {"score": null, "vector": null}, "published": "2008-12-03T00:00:00", "type": "nessus", "title": "GLSA-200812-03 : IPsec-Tools: racoon Denial of Service", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-3651", "CVE-2008-3652"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:gentoo:linux:ipsec-tools", "cpe:/o:gentoo:linux"], "id": "GENTOO_GLSA-200812-03.NASL", "href": "https://www.tenable.com/plugins/nessus/35020", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 200812-03.\n#\n# The advisory text is Copyright (C) 2001-2016 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(35020);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2008-3651\", \"CVE-2008-3652\");\n script_bugtraq_id(30657);\n script_xref(name:\"GLSA\", value:\"200812-03\");\n\n script_name(english:\"GLSA-200812-03 : IPsec-Tools: racoon Denial of Service\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-200812-03\n(IPsec-Tools: racoon Denial of Service)\n\n Two Denial of Service vulnerabilities have been reported in racoon:\n The vendor reported a memory leak in racoon/proposal.c that can be\n triggered via invalid proposals (CVE-2008-3651).\n Krzysztof Piotr Oledzk reported that src/racoon/handler.c does not\n remove an 'orphaned ph1' (phase 1) handle when it has been initiated\n remotely (CVE-2008-3652).\n \nImpact :\n\n An attacker could exploit these vulnerabilities to cause a Denial of\n Service.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/200812-03\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All IPsec-Tools users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=net-firewall/ipsec-tools-0.7.1'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(200, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:ipsec-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/12/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/12/03\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"net-firewall/ipsec-tools\", unaffected:make_list(\"ge 0.7.1\"), vulnerable:make_list(\"lt 0.7.1\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"IPsec-Tools\");\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-08-19T13:09:29", "description": "The update fixes memory leaks potentially leading to DoS (CVE-2008-3651 CVE-2008-3652). It also fixes problems with DPD and NAT-T support. This has been in rawhide for a while, with no bad reports. It improves remote-access client connection to Cisco ASA.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": null, "vector": null}, "published": "2008-11-07T00:00:00", "type": "nessus", "title": "Fedora 8 : ipsec-tools-0.7.1-5.fc8 (2008-9016)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-3651", "CVE-2008-3652"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:ipsec-tools", "cpe:/o:fedoraproject:fedora:8"], "id": "FEDORA_2008-9016.NASL", "href": "https://www.tenable.com/plugins/nessus/34711", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2008-9016.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(34711);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2008-3651\", \"CVE-2008-3652\");\n script_bugtraq_id(30657);\n script_xref(name:\"FEDORA\", value:\"2008-9016\");\n\n script_name(english:\"Fedora 8 : ipsec-tools-0.7.1-5.fc8 (2008-9016)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The update fixes memory leaks potentially leading to DoS\n(CVE-2008-3651 CVE-2008-3652). It also fixes problems with DPD and\nNAT-T support. This has been in rawhide for a while, with no bad\nreports. It improves remote-access client connection to Cisco ASA.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=456660\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=458846\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2008-November/016057.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?539147a4\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected ipsec-tools package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(200, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:ipsec-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:8\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/11/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/11/07\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^8([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 8.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC8\", reference:\"ipsec-tools-0.7.1-5.fc8\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ipsec-tools\");\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-08-19T13:09:03", "description": "SecurityFocus reports :\n\nIPsec-Tools is affected by multiple remote denial-of-service vulnerabilities because the software fails to properly handle certain network packets.\n\nA successful attack allows a remote attacker to crash the software, denying further service to legitimate users.", "cvss3": {"score": null, "vector": null}, "published": "2009-01-22T00:00:00", "type": "nessus", "title": "FreeBSD : ipset-tools -- Denial of Service Vulnerabilities (abcacb5a-e7f1-11dd-afcd-00e0815b8da8)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-3651", "CVE-2008-3652"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:ipsec-tools", "cpe:/o:freebsd:freebsd"], "id": "FREEBSD_PKG_ABCACB5AE7F111DDAFCD00E0815B8DA8.NASL", "href": "https://www.tenable.com/plugins/nessus/35442", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(35442);\n script_version(\"1.20\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2008-3651\", \"CVE-2008-3652\");\n script_bugtraq_id(30657);\n\n script_name(english:\"FreeBSD : ipset-tools -- Denial of Service Vulnerabilities (abcacb5a-e7f1-11dd-afcd-00e0815b8da8)\");\n script_summary(english:\"Checks for updated package in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote FreeBSD host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"SecurityFocus reports :\n\nIPsec-Tools is affected by multiple remote denial-of-service\nvulnerabilities because the software fails to properly handle certain\nnetwork packets.\n\nA successful attack allows a remote attacker to crash the software,\ndenying further service to legitimate users.\"\n );\n # http://marc.info/?l=ipsec-tools-devel&m=121688914101709&w=2\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://marc.info/?l=ipsec-tools-devel&m=121688914101709&w=2\"\n );\n # https://vuxml.freebsd.org/freebsd/abcacb5a-e7f1-11dd-afcd-00e0815b8da8.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?f960ce3e\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(200, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:ipsec-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2008/07/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/01/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/01/22\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"ipsec-tools<0.7.1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-08-19T13:07:13", "description": "Remote attackers could exploit memory leaks in the 'racoon' daemon to crash it (CVE-2008-3651, CVE-2008-3652)", "cvss3": {"score": null, "vector": null}, "published": "2009-07-21T00:00:00", "type": "nessus", "title": "openSUSE Security Update : ipsec-tools (ipsec-tools-223)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-3651", "CVE-2008-3652"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:ipsec-tools", "cpe:/o:novell:opensuse:11.0"], "id": "SUSE_11_0_IPSEC-TOOLS-080925.NASL", "href": "https://www.tenable.com/plugins/nessus/39992", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update ipsec-tools-223.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(39992);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2008-3651\", \"CVE-2008-3652\");\n\n script_name(english:\"openSUSE Security Update : ipsec-tools (ipsec-tools-223)\");\n script_summary(english:\"Check for the ipsec-tools-223 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Remote attackers could exploit memory leaks in the 'racoon' daemon to\ncrash it (CVE-2008-3651, CVE-2008-3652)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=416905\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=416906\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected ipsec-tools package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_cwe_id(200, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ipsec-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/09/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/07/21\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.0)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.0\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.0\", reference:\"ipsec-tools-0.7-61.3\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ipsec-tools\");\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-08-19T13:09:28", "description": "Remote attackers could exploit memory leaks in the 'racoon' daemon to crash it. (CVE-2008-3651 / CVE-2008-3652)", "cvss3": {"score": null, "vector": null}, "published": "2008-11-11T00:00:00", "type": "nessus", "title": "SuSE 10 Security Update : ipsec-tools (ZYPP Patch Number 5638)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-3651", "CVE-2008-3652"], "modified": "2021-01-14T00:00:00", "cpe": ["cpe:/o:suse:suse_linux"], "id": "SUSE_IPSEC-TOOLS-5638.NASL", "href": "https://www.tenable.com/plugins/nessus/34740", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(34740);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2008-3651\", \"CVE-2008-3652\");\n\n script_name(english:\"SuSE 10 Security Update : ipsec-tools (ZYPP Patch Number 5638)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 10 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Remote attackers could exploit memory leaks in the 'racoon' daemon to\ncrash it. (CVE-2008-3651 / CVE-2008-3652)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-3651.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-3652.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply ZYPP patch number 5638.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_cwe_id(200, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/09/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/11/11\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 10 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLES10\", sp:1, reference:\"ipsec-tools-0.6.5-10.8.3\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, reference:\"ipsec-tools-0.6.5-10.10\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-08-19T13:09:22", "description": "The update fixes memory leaks potentially leading to DoS (CVE-2008-3651 CVE-2008-3652). It also fixes problems with DPD and NAT-T support.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": null, "vector": null}, "published": "2008-11-07T00:00:00", "type": "nessus", "title": "Fedora 9 : ipsec-tools-0.7.1-5.fc9 (2008-9007)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-3651", "CVE-2008-3652"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:ipsec-tools", "cpe:/o:fedoraproject:fedora:9"], "id": "FEDORA_2008-9007.NASL", "href": "https://www.tenable.com/plugins/nessus/34710", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2008-9007.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(34710);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2008-3651\", \"CVE-2008-3652\");\n script_bugtraq_id(30657);\n script_xref(name:\"FEDORA\", value:\"2008-9007\");\n\n script_name(english:\"Fedora 9 : ipsec-tools-0.7.1-5.fc9 (2008-9007)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The update fixes memory leaks potentially leading to DoS\n(CVE-2008-3651 CVE-2008-3652). It also fixes problems with DPD and\nNAT-T support.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=456660\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=458846\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2008-November/015996.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?498c0778\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected ipsec-tools package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(200, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:ipsec-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:9\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/11/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/11/07\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^9([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 9.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC9\", reference:\"ipsec-tools-0.7.1-5.fc9\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ipsec-tools\");\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-08-19T12:53:47", "description": "From Red Hat Security Advisory 2008:0849 :\n\nAn updated ipsec-tools package that fixes two security issues is now available for Red Hat Enterprise Linux 3, 4, and 5.\n\nThis update has been rated as having important security impact by the Red Hat Security Response Team.\n\nThe ipsec-tools package is used in conjunction with the IPsec functionality in the Linux kernel and includes racoon, an IKEv1 keying daemon.\n\nTwo denial of service flaws were found in the ipsec-tools racoon daemon. It was possible for a remote attacker to cause the racoon daemon to consume all available memory. (CVE-2008-3651, CVE-2008-3652)\n\nUsers of ipsec-tools should upgrade to this updated package, which contains backported patches that resolve these issues.", "cvss3": {"score": null, "vector": null}, "published": "2013-07-12T00:00:00", "type": "nessus", "title": "Oracle Linux 3 / 4 / 5 : ipsec-tools (ELSA-2008-0849)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-3651", "CVE-2008-3652"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:ipsec-tools", "cpe:/o:oracle:linux:3", "cpe:/o:oracle:linux:4", "cpe:/o:oracle:linux:5"], "id": "ORACLELINUX_ELSA-2008-0849.NASL", "href": "https://www.tenable.com/plugins/nessus/67741", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2008:0849 and \n# Oracle Linux Security Advisory ELSA-2008-0849 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(67741);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2008-3651\", \"CVE-2008-3652\");\n script_bugtraq_id(30657);\n script_xref(name:\"RHSA\", value:\"2008:0849\");\n\n script_name(english:\"Oracle Linux 3 / 4 / 5 : ipsec-tools (ELSA-2008-0849)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2008:0849 :\n\nAn updated ipsec-tools package that fixes two security issues is now\navailable for Red Hat Enterprise Linux 3, 4, and 5.\n\nThis update has been rated as having important security impact by the\nRed Hat Security Response Team.\n\nThe ipsec-tools package is used in conjunction with the IPsec\nfunctionality in the Linux kernel and includes racoon, an IKEv1 keying\ndaemon.\n\nTwo denial of service flaws were found in the ipsec-tools racoon\ndaemon. It was possible for a remote attacker to cause the racoon\ndaemon to consume all available memory. (CVE-2008-3651, CVE-2008-3652)\n\nUsers of ipsec-tools should upgrade to this updated package, which\ncontains backported patches that resolve these issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2008-August/000715.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2008-August/000716.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2008-August/000717.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected ipsec-tools package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(200, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:ipsec-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2008/08/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/08/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(3|4|5)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 3 / 4 / 5\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL3\", cpu:\"i386\", reference:\"ipsec-tools-0.2.5-0.7.rhel3.5\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"x86_64\", reference:\"ipsec-tools-0.2.5-0.7.rhel3.5\")) flag++;\n\nif (rpm_check(release:\"EL4\", reference:\"ipsec-tools-0.3.3-7.el4_7\")) flag++;\n\nif (rpm_check(release:\"EL5\", reference:\"ipsec-tools-0.6.5-9.el5_2.3\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ipsec-tools\");\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-08-19T13:01:58", "description": "Remote attackers could exploit memory leaks in the 'racoon' daemon to crash it. (CVE-2008-3651 / CVE-2008-3652)", "cvss3": {"score": null, "vector": null}, "published": "2011-01-27T00:00:00", "type": "nessus", "title": "SuSE 10 Security Update : novell-ipsec (ZYPP Patch Number 5888)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-3651", "CVE-2008-3652"], "modified": "2021-01-14T00:00:00", "cpe": ["cpe:/o:suse:suse_linux"], "id": "SUSE_NOVELL-IPSEC-TOOLS-5888.NASL", "href": "https://www.tenable.com/plugins/nessus/51758", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(51758);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2008-3651\", \"CVE-2008-3652\");\n\n script_name(english:\"SuSE 10 Security Update : novell-ipsec (ZYPP Patch Number 5888)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 10 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Remote attackers could exploit memory leaks in the 'racoon' daemon to\ncrash it. (CVE-2008-3651 / CVE-2008-3652)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-3651.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-3652.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply ZYPP patch number 5888.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_cwe_id(200, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/12/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/01/27\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 10 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED10\", sp:2, reference:\"novell-ipsec-tools-0.6.3-26.23\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-08-19T13:06:28", "description": "Remote attackers could exploit memory leaks in the 'racoon' daemon to crash it. (CVE-2008-3651, CVE-2008-3652)", "cvss3": {"score": null, "vector": null}, "published": "2009-09-24T00:00:00", "type": "nessus", "title": "SuSE9 Security Update : ipsec-tools (YOU Patch Number 12259)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-3651", "CVE-2008-3652"], "modified": "2021-01-14T00:00:00", "cpe": ["cpe:/o:suse:suse_linux"], "id": "SUSE9_12259.NASL", "href": "https://www.tenable.com/plugins/nessus/41246", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(41246);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2008-3651\", \"CVE-2008-3652\");\n\n script_name(english:\"SuSE9 Security Update : ipsec-tools (YOU Patch Number 12259)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 9 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Remote attackers could exploit memory leaks in the 'racoon' daemon to\ncrash it. (CVE-2008-3651, CVE-2008-3652)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-3651.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-3652.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply YOU patch number 12259.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_cwe_id(200, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/09/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/09/24\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 9 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SUSE9\", reference:\"ipsec-tools-0.3.3-1.15\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-08-19T13:08:59", "description": "Remote attackers could exploit memory leaks in the 'racoon' daemon to crash it (CVE-2008-3651, CVE-2008-3652)", "cvss3": {"score": null, "vector": null}, "published": "2009-02-13T00:00:00", "type": "nessus", "title": "openSUSE 10 Security Update : novell-ipsec-tools (novell-ipsec-tools-5887)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-3651", "CVE-2008-3652"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:novell-ipsec-tools", "p-cpe:/a:novell:opensuse:novell-ipsec-tools-devel", "cpe:/o:novell:opensuse:10.3"], "id": "SUSE_NOVELL-IPSEC-TOOLS-5887.NASL", "href": "https://www.tenable.com/plugins/nessus/35680", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update novell-ipsec-tools-5887.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(35680);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2008-3651\", \"CVE-2008-3652\");\n\n script_name(english:\"openSUSE 10 Security Update : novell-ipsec-tools (novell-ipsec-tools-5887)\");\n script_summary(english:\"Check for the novell-ipsec-tools-5887 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Remote attackers could exploit memory leaks in the 'racoon' daemon to\ncrash it (CVE-2008-3651, CVE-2008-3652)\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected novell-ipsec-tools packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_cwe_id(200, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:novell-ipsec-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:novell-ipsec-tools-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:10.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/12/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/02/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE10\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"10.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE10.3\", reference:\"novell-ipsec-tools-0.6.3-114.4\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"novell-ipsec-tools-devel-0.6.3-114.4\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"novell-ipsec-tools / novell-ipsec-tools-devel\");\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-08-19T13:09:39", "description": "An updated ipsec-tools package that fixes two security issues is now available for Red Hat Enterprise Linux 3, 4, and 5.\n\nThis update has been rated as having important security impact by the Red Hat Security Response Team.\n\nThe ipsec-tools package is used in conjunction with the IPsec functionality in the Linux kernel and includes racoon, an IKEv1 keying daemon.\n\nTwo denial of service flaws were found in the ipsec-tools racoon daemon. It was possible for a remote attacker to cause the racoon daemon to consume all available memory. (CVE-2008-3651, CVE-2008-3652)\n\nUsers of ipsec-tools should upgrade to this updated package, which contains backported patches that resolve these issues.", "cvss3": {"score": null, "vector": null}, "published": "2008-08-27T00:00:00", "type": "nessus", "title": "CentOS 3 / 4 / 5 : ipsec-tools (CESA-2008:0849)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-3651", "CVE-2008-3652"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:centos:centos:ipsec-tools", "cpe:/o:centos:centos:3", "cpe:/o:centos:centos:4", "cpe:/o:centos:centos:5"], "id": "CENTOS_RHSA-2008-0849.NASL", "href": "https://www.tenable.com/plugins/nessus/34052", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2008:0849 and \n# CentOS Errata and Security Advisory 2008:0849 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(34052);\n script_version(\"1.18\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2008-3651\", \"CVE-2008-3652\");\n script_bugtraq_id(30657);\n script_xref(name:\"RHSA\", value:\"2008:0849\");\n\n script_name(english:\"CentOS 3 / 4 / 5 : ipsec-tools (CESA-2008:0849)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An updated ipsec-tools package that fixes two security issues is now\navailable for Red Hat Enterprise Linux 3, 4, and 5.\n\nThis update has been rated as having important security impact by the\nRed Hat Security Response Team.\n\nThe ipsec-tools package is used in conjunction with the IPsec\nfunctionality in the Linux kernel and includes racoon, an IKEv1 keying\ndaemon.\n\nTwo denial of service flaws were found in the ipsec-tools racoon\ndaemon. It was possible for a remote attacker to cause the racoon\ndaemon to consume all available memory. (CVE-2008-3651, CVE-2008-3652)\n\nUsers of ipsec-tools should upgrade to this updated package, which\ncontains backported patches that resolve these issues.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2008-August/015207.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?e4b11509\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2008-August/015208.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?2890dc0b\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2008-August/015215.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?ef83d500\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2008-August/015216.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?564c72e3\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2008-August/015222.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?2689bae7\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2008-August/015224.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?11be8708\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected ipsec-tools package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(200, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:ipsec-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2008/08/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/08/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/08/27\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(3|4|5)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 3.x / 4.x / 5.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-3\", reference:\"ipsec-tools-0.2.5-0.7.rhel3.5\")) flag++;\n\nif (rpm_check(release:\"CentOS-4\", cpu:\"ia64\", reference:\"ipsec-tools-0.3.3-7.c4\")) flag++;\n\nif (rpm_check(release:\"CentOS-5\", reference:\"ipsec-tools-0.6.5-9.el5_2.3\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ipsec-tools\");\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-08-19T13:08:11", "description": "Two denial of service vulnerabilities were discovered in the ipsec-tools racoon daemon, which could allow a remote attacker to cause it to consume all available memory (CVE-2008-3651, CVE-2008-3652).\n\nThe updated packages have been patched to prevent these issues.", "cvss3": {"score": null, "vector": null}, "published": "2009-04-23T00:00:00", "type": "nessus", "title": "Mandriva Linux Security Advisory : ipsec-tools (MDVSA-2008:181)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-3651", "CVE-2008-3652"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:mandriva:linux:ipsec-tools", "p-cpe:/a:mandriva:linux:lib64ipsec-devel", "p-cpe:/a:mandriva:linux:lib64ipsec0", "p-cpe:/a:mandriva:linux:lib64ipsec0-devel", "p-cpe:/a:mandriva:linux:libipsec-devel", "p-cpe:/a:mandriva:linux:libipsec0", "p-cpe:/a:mandriva:linux:libipsec0-devel", "cpe:/o:mandriva:linux:2007.1", "cpe:/o:mandriva:linux:2008.0", "cpe:/o:mandriva:linux:2008.1"], "id": "MANDRIVA_MDVSA-2008-181.NASL", "href": "https://www.tenable.com/plugins/nessus/37703", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2008:181. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(37703);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2008-3651\", \"CVE-2008-3652\");\n script_xref(name:\"MDVSA\", value:\"2008:181\");\n\n script_name(english:\"Mandriva Linux Security Advisory : ipsec-tools (MDVSA-2008:181)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Two denial of service vulnerabilities were discovered in the\nipsec-tools racoon daemon, which could allow a remote attacker to\ncause it to consume all available memory (CVE-2008-3651,\nCVE-2008-3652).\n\nThe updated packages have been patched to prevent these issues.\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_cwe_id(200, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:ipsec-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64ipsec-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64ipsec0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64ipsec0-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libipsec-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libipsec0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libipsec0-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2007.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2008.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2008.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/08/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/04/23\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK2007.1\", reference:\"ipsec-tools-0.6.6-2.2mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", cpu:\"x86_64\", reference:\"lib64ipsec0-0.6.6-2.2mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", cpu:\"x86_64\", reference:\"lib64ipsec0-devel-0.6.6-2.2mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", cpu:\"i386\", reference:\"libipsec0-0.6.6-2.2mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", cpu:\"i386\", reference:\"libipsec0-devel-0.6.6-2.2mdv2007.1\", yank:\"mdv\")) flag++;\n\nif (rpm_check(release:\"MDK2008.0\", reference:\"ipsec-tools-0.6.7-1.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"x86_64\", reference:\"lib64ipsec0-0.6.7-1.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"x86_64\", reference:\"lib64ipsec0-devel-0.6.7-1.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"i386\", reference:\"libipsec0-0.6.7-1.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"i386\", reference:\"libipsec0-devel-0.6.7-1.1mdv2008.0\", yank:\"mdv\")) flag++;\n\nif (rpm_check(release:\"MDK2008.1\", reference:\"ipsec-tools-0.7-1.1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", cpu:\"x86_64\", reference:\"lib64ipsec-devel-0.7-1.1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", cpu:\"x86_64\", reference:\"lib64ipsec0-0.7-1.1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", cpu:\"i386\", reference:\"libipsec-devel-0.7-1.1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", cpu:\"i386\", reference:\"libipsec0-0.7-1.1mdv2008.1\", yank:\"mdv\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-08-19T13:07:21", "description": "Remote attackers could exploit memory leaks in the 'racoon' daemon to crash it (CVE-2008-3651, CVE-2008-3652)", "cvss3": {"score": null, "vector": null}, "published": "2009-07-21T00:00:00", "type": "nessus", "title": "openSUSE Security Update : novell-ipsec-tools (novell-ipsec-tools-389)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-3651", "CVE-2008-3652"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:novell-ipsec-tools", "p-cpe:/a:novell:opensuse:novell-ipsec-tools-devel", "cpe:/o:novell:opensuse:11.0"], "id": "SUSE_11_0_NOVELL-IPSEC-TOOLS-081220.NASL", "href": "https://www.tenable.com/plugins/nessus/40080", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update novell-ipsec-tools-389.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(40080);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2008-3651\", \"CVE-2008-3652\");\n\n script_name(english:\"openSUSE Security Update : novell-ipsec-tools (novell-ipsec-tools-389)\");\n script_summary(english:\"Check for the novell-ipsec-tools-389 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Remote attackers could exploit memory leaks in the 'racoon' daemon to\ncrash it (CVE-2008-3651, CVE-2008-3652)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=434748\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected novell-ipsec-tools packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_cwe_id(200, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:novell-ipsec-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:novell-ipsec-tools-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/12/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/07/21\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.0)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.0\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.0\", reference:\"novell-ipsec-tools-0.6.3-183.2\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"novell-ipsec-tools-devel-0.6.3-183.2\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"novell-ipsec-tools / novell-ipsec-tools-devel\");\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-08-19T13:09:19", "description": "Remote attackers could exploit memory leaks in the 'racoon' daemon to crash it (CVE-2008-3651, CVE-2008-3652)", "cvss3": {"score": null, "vector": null}, "published": "2008-11-11T00:00:00", "type": "nessus", "title": "openSUSE 10 Security Update : ipsec-tools (ipsec-tools-5630)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-3651", "CVE-2008-3652"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:ipsec-tools", "cpe:/o:novell:opensuse:10.2", "cpe:/o:novell:opensuse:10.3"], "id": "SUSE_IPSEC-TOOLS-5630.NASL", "href": "https://www.tenable.com/plugins/nessus/34739", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update ipsec-tools-5630.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(34739);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2008-3651\", \"CVE-2008-3652\");\n\n script_name(english:\"openSUSE 10 Security Update : ipsec-tools (ipsec-tools-5630)\");\n script_summary(english:\"Check for the ipsec-tools-5630 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Remote attackers could exploit memory leaks in the 'racoon' daemon to\ncrash it (CVE-2008-3651, CVE-2008-3652)\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected ipsec-tools package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_cwe_id(200, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ipsec-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:10.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:10.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/09/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/11/11\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE10\\.2|SUSE10\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"10.2 / 10.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE10.2\", reference:\"ipsec-tools-0.6.5-42\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"ipsec-tools-0.6.5-104.3\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ipsec-tools\");\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-08-19T13:09:42", "description": "It was discovered that there were multiple ways to leak memory during the IKE negotiation when handling certain packets. If a remote attacker sent repeated malicious requests, the 'racoon' key exchange server could allocate large amounts of memory, possibly leading to a denial of service.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": null, "vector": null}, "published": "2008-09-09T00:00:00", "type": "nessus", "title": "Ubuntu 6.06 LTS / 7.04 / 7.10 / 8.04 LTS : ipsec-tools vulnerabilities (USN-641-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-3651", "CVE-2008-3652"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:ipsec-tools", "p-cpe:/a:canonical:ubuntu_linux:racoon", "cpe:/o:canonical:ubuntu_linux:6.06:-:lts", "cpe:/o:canonical:ubuntu_linux:7.04", "cpe:/o:canonical:ubuntu_linux:7.10", "cpe:/o:canonical:ubuntu_linux:8.04:-:lts"], "id": "UBUNTU_USN-641-1.NASL", "href": "https://www.tenable.com/plugins/nessus/34116", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-641-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(34116);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2008-3651\", \"CVE-2008-3652\");\n script_bugtraq_id(30657);\n script_xref(name:\"USN\", value:\"641-1\");\n\n script_name(english:\"Ubuntu 6.06 LTS / 7.04 / 7.10 / 8.04 LTS : ipsec-tools vulnerabilities (USN-641-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that there were multiple ways to leak memory during\nthe IKE negotiation when handling certain packets. If a remote\nattacker sent repeated malicious requests, the 'racoon' key exchange\nserver could allocate large amounts of memory, possibly leading to a\ndenial of service.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/641-1/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected ipsec-tools and / or racoon packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(200, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:ipsec-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:racoon\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:6.06:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:7.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:7.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:8.04:-:lts\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/09/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/09/09\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2008-2019 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! ereg(pattern:\"^(6\\.06|7\\.04|7\\.10|8\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 6.06 / 7.04 / 7.10 / 8.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"6.06\", pkgname:\"ipsec-tools\", pkgver:\"0.6.5-4ubuntu1.2\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"racoon\", pkgver:\"1:0.6.5-4ubuntu1.2\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"ipsec-tools\", pkgver:\"0.6.6-3ubuntu3.1\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"racoon\", pkgver:\"1:0.6.6-3ubuntu3.1\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"ipsec-tools\", pkgver:\"0.6.6-3.1ubuntu3.1\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"racoon\", pkgver:\"1:0.6.6-3.1ubuntu3.1\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"ipsec-tools\", pkgver:\"0.6.7-1.1ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"racoon\", pkgver:\"1:0.6.7-1.1ubuntu1.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ipsec-tools / racoon\");\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-08-19T13:09:39", "description": "An updated ipsec-tools package that fixes two security issues is now available for Red Hat Enterprise Linux 3, 4, and 5.\n\nThis update has been rated as having important security impact by the Red Hat Security Response Team.\n\nThe ipsec-tools package is used in conjunction with the IPsec functionality in the Linux kernel and includes racoon, an IKEv1 keying daemon.\n\nTwo denial of service flaws were found in the ipsec-tools racoon daemon. It was possible for a remote attacker to cause the racoon daemon to consume all available memory. (CVE-2008-3651, CVE-2008-3652)\n\nUsers of ipsec-tools should upgrade to this updated package, which contains backported patches that resolve these issues.", "cvss3": {"score": null, "vector": null}, "published": "2008-08-27T00:00:00", "type": "nessus", "title": "RHEL 3 / 4 / 5 : ipsec-tools (RHSA-2008:0849)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-3651", "CVE-2008-3652"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:ipsec-tools", "cpe:/o:redhat:enterprise_linux:3", "cpe:/o:redhat:enterprise_linux:4", "cpe:/o:redhat:enterprise_linux:4.7", "cpe:/o:redhat:enterprise_linux:5", "cpe:/o:redhat:enterprise_linux:5.2"], "id": "REDHAT-RHSA-2008-0849.NASL", "href": "https://www.tenable.com/plugins/nessus/34054", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2008:0849. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(34054);\n script_version(\"1.27\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2008-3651\", \"CVE-2008-3652\");\n script_bugtraq_id(30657);\n script_xref(name:\"RHSA\", value:\"2008:0849\");\n\n script_name(english:\"RHEL 3 / 4 / 5 : ipsec-tools (RHSA-2008:0849)\");\n script_summary(english:\"Checks the rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An updated ipsec-tools package that fixes two security issues is now\navailable for Red Hat Enterprise Linux 3, 4, and 5.\n\nThis update has been rated as having important security impact by the\nRed Hat Security Response Team.\n\nThe ipsec-tools package is used in conjunction with the IPsec\nfunctionality in the Linux kernel and includes racoon, an IKEv1 keying\ndaemon.\n\nTwo denial of service flaws were found in the ipsec-tools racoon\ndaemon. It was possible for a remote attacker to cause the racoon\ndaemon to consume all available memory. (CVE-2008-3651, CVE-2008-3652)\n\nUsers of ipsec-tools should upgrade to this updated package, which\ncontains backported patches that resolve these issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-3651\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-3652\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2008:0849\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected ipsec-tools package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(200, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ipsec-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4.7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5.2\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2008/08/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/08/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/08/27\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(3|4|5)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 3.x / 4.x / 5.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2008:0849\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL3\", reference:\"ipsec-tools-0.2.5-0.7.rhel3.5\")) flag++;\n\n\n if (rpm_check(release:\"RHEL4\", reference:\"ipsec-tools-0.3.3-7.el4_7\")) flag++;\n\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"ipsec-tools-0.6.5-9.el5_2.3\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"ipsec-tools-0.6.5-9.el5_2.3\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"ipsec-tools-0.6.5-9.el5_2.3\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ipsec-tools\");\n }\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-08-19T13:08:30", "description": "This update fixes several security issues: CVE-2009-0163, CVE-2009-0164, CVE-2009-0146, CVE-2009-0147, and CVE-2009-0166. PDF files are now converted to PostScript using the poppler package's 'pdftops' program. NOTE: If your CUPS server is accessed using a hostname or hostnames not known to the server itself you must add 'ServerAlias hostname' to cupsd.conf for each such name. The special line 'ServerAlias *' disables checking (but this allows DNS rebinding attacks).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": null, "vector": null}, "published": "2009-04-23T00:00:00", "type": "nessus", "title": "Fedora 10 : cups-1.3.10-1.fc10 (2009-3769)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-0146", "CVE-2009-0147", "CVE-2009-0163", "CVE-2009-0164", "CVE-2009-0166"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:cups", "cpe:/o:fedoraproject:fedora:10"], "id": "FEDORA_2009-3769.NASL", "href": "https://www.tenable.com/plugins/nessus/37075", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2009-3769.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(37075);\n script_version(\"1.18\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2009-0146\", \"CVE-2009-0147\", \"CVE-2009-0163\", \"CVE-2009-0164\", \"CVE-2009-0166\");\n script_bugtraq_id(34568, 34571);\n script_xref(name:\"FEDORA\", value:\"2009-3769\");\n\n script_name(english:\"Fedora 10 : cups-1.3.10-1.fc10 (2009-3769)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update fixes several security issues: CVE-2009-0163,\nCVE-2009-0164, CVE-2009-0146, CVE-2009-0147, and CVE-2009-0166. PDF\nfiles are now converted to PostScript using the poppler package's\n'pdftops' program. NOTE: If your CUPS server is accessed using a\nhostname or hostnames not known to the server itself you must add\n'ServerAlias hostname' to cupsd.conf for each such name. The special\nline 'ServerAlias *' disables checking (but this allows DNS rebinding\nattacks).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=490596\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=490597\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=490612\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=490614\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=490625\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2009-April/022466.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?9d60e7fc\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected cups package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(20, 119, 189, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:cups\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:10\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/04/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/04/23\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^10([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 10.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC10\", reference:\"cups-1.3.10-1.fc10\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"cups\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T13:08:05", "description": "This update fixes several security issues: CVE-2009-0163, CVE-2009-0164, CVE-2009-0146, CVE-2009-0147, and CVE-2009-0166. PDF files are now converted to PostScript using the poppler package's 'pdftops' program. NOTE: If your CUPS server is accessed using a hostname or hostnames not known to the server itself you must add 'ServerAlias hostname' to cupsd.conf for each such name. The special line 'ServerAlias *' disables checking (but this allows DNS rebinding attacks).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": null, "vector": null}, "published": "2009-04-22T00:00:00", "type": "nessus", "title": "Fedora 9 : cups-1.3.10-1.fc9 (2009-3753)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-0146", "CVE-2009-0147", "CVE-2009-0163", "CVE-2009-0164", "CVE-2009-0166"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:cups", "cpe:/o:fedoraproject:fedora:9"], "id": "FEDORA_2009-3753.NASL", "href": "https://www.tenable.com/plugins/nessus/36209", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2009-3753.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(36209);\n script_version(\"1.20\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2009-0146\", \"CVE-2009-0147\", \"CVE-2009-0163\", \"CVE-2009-0164\", \"CVE-2009-0166\");\n script_bugtraq_id(34568, 34571);\n script_xref(name:\"FEDORA\", value:\"2009-3753\");\n\n script_name(english:\"Fedora 9 : cups-1.3.10-1.fc9 (2009-3753)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update fixes several security issues: CVE-2009-0163,\nCVE-2009-0164, CVE-2009-0146, CVE-2009-0147, and CVE-2009-0166. PDF\nfiles are now converted to PostScript using the poppler package's\n'pdftops' program. NOTE: If your CUPS server is accessed using a\nhostname or hostnames not known to the server itself you must add\n'ServerAlias hostname' to cupsd.conf for each such name. The special\nline 'ServerAlias *' disables checking (but this allows DNS rebinding\nattacks).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=490596\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=490597\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=490612\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=490614\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=490625\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2009-April/022456.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?d105b8c1\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected cups package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(20, 119, 189, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:cups\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:9\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/04/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/04/22\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^9([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 9.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC9\", reference:\"cups-1.3.10-1.fc9\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"cups\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T13:08:11", "description": "The remote host is affected by the vulnerability described in GLSA-200904-20 (CUPS: Multiple vulnerabilities)\n\n The following issues were reported in CUPS:\n iDefense reported an integer overflow in the _cupsImageReadTIFF() function in the 'imagetops' filter, leading to a heap-based buffer overflow (CVE-2009-0163).\n Aaron Siegel of Apple Product Security reported that the CUPS web interface does not verify the content of the 'Host' HTTP header properly (CVE-2009-0164).\n Braden Thomas and Drew Yao of Apple Product Security reported that CUPS is vulnerable to CVE-2009-0146, CVE-2009-0147 and CVE-2009-0166, found earlier in xpdf and poppler.\n Impact :\n\n A remote attacker might send or entice a user to send a specially crafted print job to CUPS, possibly resulting in the execution of arbitrary code with the privileges of the configured CUPS user -- by default this is 'lp', or a Denial of Service. Furthermore, the web interface could be used to conduct DNS rebinding attacks.\n Workaround :\n\n There is no known workaround at this time.", "cvss3": {"score": null, "vector": null}, "published": "2009-04-27T00:00:00", "type": "nessus", "title": "GLSA-200904-20 : CUPS: Multiple vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-0146", "CVE-2009-0147", "CVE-2009-0163", "CVE-2009-0164", "CVE-2009-0166"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:gentoo:linux:cups", "cpe:/o:gentoo:linux"], "id": "GENTOO_GLSA-200904-20.NASL", "href": "https://www.tenable.com/plugins/nessus/38161", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 200904-20.\n#\n# The advisory text is Copyright (C) 2001-2016 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(38161);\n script_version(\"1.19\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2009-0146\", \"CVE-2009-0147\", \"CVE-2009-0163\", \"CVE-2009-0164\", \"CVE-2009-0166\");\n script_bugtraq_id(34568, 34571);\n script_xref(name:\"GLSA\", value:\"200904-20\");\n\n script_name(english:\"GLSA-200904-20 : CUPS: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-200904-20\n(CUPS: Multiple vulnerabilities)\n\n The following issues were reported in CUPS:\n iDefense\n reported an integer overflow in the _cupsImageReadTIFF() function in\n the 'imagetops' filter, leading to a heap-based buffer overflow\n (CVE-2009-0163).\n Aaron Siegel of Apple Product Security\n reported that the CUPS web interface does not verify the content of the\n 'Host' HTTP header properly (CVE-2009-0164).\n Braden Thomas and\n Drew Yao of Apple Product Security reported that CUPS is vulnerable to\n CVE-2009-0146, CVE-2009-0147 and CVE-2009-0166, found earlier in xpdf\n and poppler.\n \nImpact :\n\n A remote attacker might send or entice a user to send a specially\n crafted print job to CUPS, possibly resulting in the execution of\n arbitrary code with the privileges of the configured CUPS user -- by\n default this is 'lp', or a Denial of Service. Furthermore, the web\n interface could be used to conduct DNS rebinding attacks.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/200904-20\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All CUPS users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=net-print/cups-1.3.10'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(20, 119, 189, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:cups\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/04/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/04/27\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"net-print/cups\", unaffected:make_list(\"ge 1.3.10\"), vulnerable:make_list(\"lt 1.3.10\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:qpkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"CUPS\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T13:08:42", "description": "New cups packages are available for Slackware 12.0, 12.1, 12.2, and\n-current to fix security issues.", "cvss3": {"score": null, "vector": null}, "published": "2009-04-27T00:00:00", "type": "nessus", "title": "Slackware 12.0 / 12.1 / 12.2 / current : cups (SSA:2009-116-01)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-0146", "CVE-2009-0147", "CVE-2009-0163", "CVE-2009-0164", "CVE-2009-0166"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:slackware:slackware_linux:cups", "cpe:/o:slackware:slackware_linux", "cpe:/o:slackware:slackware_linux:12.0", "cpe:/o:slackware:slackware_linux:12.1", "cpe:/o:slackware:slackware_linux:12.2"], "id": "SLACKWARE_SSA_2009-116-01.NASL", "href": "https://www.tenable.com/plugins/nessus/38166", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Slackware Security Advisory 2009-116-01. The text \n# itself is copyright (C) Slackware Linux, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(38166);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2009-0146\", \"CVE-2009-0147\", \"CVE-2009-0163\", \"CVE-2009-0164\", \"CVE-2009-0166\");\n script_xref(name:\"SSA\", value:\"2009-116-01\");\n\n script_name(english:\"Slackware 12.0 / 12.1 / 12.2 / current : cups (SSA:2009-116-01)\");\n script_summary(english:\"Checks for updated package in /var/log/packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Slackware host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"New cups packages are available for Slackware 12.0, 12.1, 12.2, and\n-current to fix security issues.\"\n );\n # http://www.slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.448542\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?a93bc46e\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected cups package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_cwe_id(20, 119, 189, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:slackware:slackware_linux:cups\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:12.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:12.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:12.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/04/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/04/27\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Slackware Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Slackware/release\", \"Host/Slackware/packages\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"slackware.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Slackware/release\")) audit(AUDIT_OS_NOT, \"Slackware\");\nif (!get_kb_item(\"Host/Slackware/packages\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Slackware\", cpu);\n\n\nflag = 0;\nif (slackware_check(osver:\"12.0\", pkgname:\"cups\", pkgver:\"1.3.10\", pkgarch:\"i486\", pkgnum:\"1_slack12.0\")) flag++;\n\nif (slackware_check(osver:\"12.1\", pkgname:\"cups\", pkgver:\"1.3.10\", pkgarch:\"i486\", pkgnum:\"1_slack12.1\")) flag++;\n\nif (slackware_check(osver:\"12.2\", pkgname:\"cups\", pkgver:\"1.3.10\", pkgarch:\"i486\", pkgnum:\"1_slack12.2\")) flag++;\n\nif (slackware_check(osver:\"current\", pkgname:\"cups\", pkgver:\"1.3.10\", pkgarch:\"i486\", pkgnum:\"1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:slackware_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T13:07:52", "description": "Gentoo security team summarizes :\n\nThe following issues were reported in CUPS :\n\n- iDefense reported an integer overflow in the _cupsImageReadTIFF() function in the 'imagetops' filter, leading to a heap-based buffer overflow (CVE-2009-0163).\n\n- Aaron Siegel of Apple Product Security reported that the CUPS web interface does not verify the content of the 'Host' HTTP header properly (CVE-2009-0164).\n\n- Braden Thomas and Drew Yao of Apple Product Security reported that CUPS is vulnerable to CVE-2009-0146, CVE-2009-0147 and CVE-2009-0166, found earlier in xpdf and poppler.\n\nA remote attacker might send or entice a user to send a specially crafted print job to CUPS, possibly resulting in the execution of arbitrary code with the privileges of the configured CUPS user -- by default this is 'lp', or a Denial of Service. Furthermore, the web interface could be used to conduct DNS rebinding attacks.", "cvss3": {"score": null, "vector": null}, "published": "2009-05-08T00:00:00", "type": "nessus", "title": "FreeBSD : cups -- remote code execution and DNS rebinding (736e55bc-39bb-11de-a493-001b77d09812)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-0146", "CVE-2009-0147", "CVE-2009-0163", "CVE-2009-0164", "CVE-2009-0166"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:cups-base", "cpe:/o:freebsd:freebsd"], "id": "FREEBSD_PKG_736E55BC39BB11DEA493001B77D09812.NASL", "href": "https://www.tenable.com/plugins/nessus/38705", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(38705);\n script_version(\"1.18\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2009-0146\", \"CVE-2009-0147\", \"CVE-2009-0163\", \"CVE-2009-0164\", \"CVE-2009-0166\");\n script_bugtraq_id(34568, 34571, 34665);\n\n script_name(english:\"FreeBSD : cups -- remote code execution and DNS rebinding (736e55bc-39bb-11de-a493-001b77d09812)\");\n script_summary(english:\"Checks for updated package in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote FreeBSD host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Gentoo security team summarizes :\n\nThe following issues were reported in CUPS :\n\n- iDefense reported an integer overflow in the _cupsImageReadTIFF()\nfunction in the 'imagetops' filter, leading to a heap-based buffer\noverflow (CVE-2009-0163).\n\n- Aaron Siegel of Apple Product Security reported that the CUPS web\ninterface does not verify the content of the 'Host' HTTP header\nproperly (CVE-2009-0164).\n\n- Braden Thomas and Drew Yao of Apple Product Security reported that\nCUPS is vulnerable to CVE-2009-0146, CVE-2009-0147 and CVE-2009-0166,\nfound earlier in xpdf and poppler.\n\nA remote attacker might send or entice a user to send a specially\ncrafted print job to CUPS, possibly resulting in the execution of\narbitrary code with the privileges of the configured CUPS user -- by\ndefault this is 'lp', or a Denial of Service. Furthermore, the web\ninterface could be used to conduct DNS rebinding attacks.\"\n );\n # http://www.cups.org/articles.php?L582\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.cups.org/articles.php?L582\"\n );\n # https://vuxml.freebsd.org/freebsd/736e55bc-39bb-11de-a493-001b77d09812.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?61756754\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(20, 119, 189, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:cups-base\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2009/05/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/05/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/05/08\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"cups-base<1.3.10\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T13:08:33", "description": "The remote host is affected by the vulnerability described in GLSA-200904-05 (ntp: Certificate validation error)\n\n It has been reported that ntp incorrectly checks the return value of the EVP_VerifyFinal(), a vulnerability related to CVE-2008-5077 (GLSA 200902-02).\n Impact :\n\n A remote attacker could exploit this vulnerability to spoof arbitrary names to conduct Man-In-The-Middle attacks and intercept sensitive information.\n Workaround :\n\n There is no known workaround at this time.", "cvss3": {"score": null, "vector": null}, "published": "2009-04-07T00:00:00", "type": "nessus", "title": "GLSA-200904-05 : ntp: Certificate validation error", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-5077", "CVE-2009-0021"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:gentoo:linux:ntp", "cpe:/o:gentoo:linux"], "id": "GENTOO_GLSA-200904-05.NASL", "href": "https://www.tenable.com/plugins/nessus/36093", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 200904-05.\n#\n# The advisory text is Copyright (C) 2001-2018 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(36093);\n script_version(\"1.22\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2008-5077\", \"CVE-2009-0021\");\n script_bugtraq_id(33150);\n script_xref(name:\"GLSA\", value:\"200904-05\");\n\n script_name(english:\"GLSA-200904-05 : ntp: Certificate validation error\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-200904-05\n(ntp: Certificate validation error)\n\n It has been reported that ntp incorrectly checks the return value of\n the EVP_VerifyFinal(), a vulnerability related to CVE-2008-5077 (GLSA\n 200902-02).\n \nImpact :\n\n A remote attacker could exploit this vulnerability to spoof arbitrary\n names to conduct Man-In-The-Middle attacks and intercept sensitive\n information.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/200902-02\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/200904-05\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All ntp users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=net-misc/ntp-4.2.4_p6'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(20, 287);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:ntp\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/04/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/04/07\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"net-misc/ntp\", unaffected:make_list(\"ge 4.2.4_p6\"), vulnerable:make_list(\"lt 4.2.4_p6\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:qpkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ntp\");\n}\n", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:P"}}, {"lastseen": "2022-03-27T14:40:00", "description": "This update fixes CVE-2009-0021: NTP 4.2.4 before 4.2.4p5 and 4.2.5 before 4.2.5p150 does not properly check the return value from the OpenSSL EVP_VerifyFinal function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature for DSA and ECDSA keys, a similar vulnerability to CVE-2008-5077.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": null, "vector": null}, "published": "2009-04-23T00:00:00", "type": "nessus", "title": "Fedora 10 : ntp-4.2.4p6-1.fc10 (2009-0544)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-5077", "CVE-2009-0021"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:ntp", "cpe:/o:fedoraproject:fedora:10"], "id": "FEDORA_2009-0544.NASL", "href": "https://www.tenable.com/plugins/nessus/36222", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2009-0544.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(36222);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2009-0021\");\n script_xref(name:\"FEDORA\", value:\"2009-0544\");\n\n script_name(english:\"Fedora 10 : ntp-4.2.4p6-1.fc10 (2009-0544)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n
Mac OS X Multiple Vulnerabilities (Security Update 2009-002)
