A number of security vulnerabilities have been discovered and corrected in the latest Mozilla Thunderbird program, version 2.0.0.16 (CVE-2008-1233, CVE-2008-1234, CVE-2008-1235, CVE-2008-1236, CVE-2008-1237, CVE-2008-2785, CVE-2008-2798, CVE-2008-2799, CVE-2008-2802, CVE-2008-2803, CVE-2008-2807, CVE-2008-2809, CVE-2008-2811).
This update provides the latest Thunderbird to correct these issues.
It also provides Thunderbird 2.x for Corporate 3.0 systems.
Update :
The previous update provided the incorrect version of the enigmail locale files. This version correctly builds them for Thunderbird 2.0.0.16.
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Mandriva Linux Security Advisory MDVSA-2008:155.
# The text itself is copyright (C) Mandriva S.A.
#
if (NASL_LEVEL < 3000) exit(0);
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(36242);
script_version("1.20");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/06");
script_cve_id(
"CVE-2008-1233",
"CVE-2008-1234",
"CVE-2008-1235",
"CVE-2008-1236",
"CVE-2008-1237",
"CVE-2008-2785",
"CVE-2008-2798",
"CVE-2008-2799",
"CVE-2008-2802",
"CVE-2008-2803",
"CVE-2008-2807",
"CVE-2008-2809",
"CVE-2008-2811"
);
script_bugtraq_id(
28448,
29802,
30038
);
script_xref(name:"MDVSA", value:"2008:155-1");
script_name(english:"Mandriva Linux Security Advisory : mozilla-thunderbird (MDVSA-2008:155-1)");
script_summary(english:"Checks rpm output for the updated packages");
script_set_attribute(
attribute:"synopsis",
value:
"The remote Mandriva Linux host is missing one or more security
updates."
);
script_set_attribute(
attribute:"description",
value:
"A number of security vulnerabilities have been discovered and
corrected in the latest Mozilla Thunderbird program, version 2.0.0.16
(CVE-2008-1233, CVE-2008-1234, CVE-2008-1235, CVE-2008-1236,
CVE-2008-1237, CVE-2008-2785, CVE-2008-2798, CVE-2008-2799,
CVE-2008-2802, CVE-2008-2803, CVE-2008-2807, CVE-2008-2809,
CVE-2008-2811).
This update provides the latest Thunderbird to correct these issues.
It also provides Thunderbird 2.x for Corporate 3.0 systems.
Update :
The previous update provided the incorrect version of the enigmail
locale files. This version correctly builds them for Thunderbird
2.0.0.16."
);
script_set_attribute(
attribute:"see_also",
value:"http://www.mozilla.org/security/announce/2008/mfsa2008-14.html"
);
script_set_attribute(
attribute:"see_also",
value:"http://www.mozilla.org/security/announce/2008/mfsa2008-15.html"
);
script_set_attribute(
attribute:"see_also",
value:"http://www.mozilla.org/security/announce/2008/mfsa2008-21.html"
);
script_set_attribute(
attribute:"see_also",
value:"http://www.mozilla.org/security/announce/2008/mfsa2008-24.html"
);
script_set_attribute(
attribute:"see_also",
value:"http://www.mozilla.org/security/announce/2008/mfsa2008-25.html"
);
script_set_attribute(
attribute:"see_also",
value:"https://www.mozilla.org/en-US/security/advisories/mfsa2008-26/"
);
script_set_attribute(
attribute:"see_also",
value:"http://www.mozilla.org/security/announce/2008/mfsa2008-29.html"
);
script_set_attribute(
attribute:"see_also",
value:"http://www.mozilla.org/security/announce/2008/mfsa2008-31.html"
);
script_set_attribute(
attribute:"see_also",
value:"http://www.mozilla.org/security/announce/2008/mfsa2008-33.html"
);
script_set_attribute(
attribute:"see_also",
value:"http://www.mozilla.org/security/announce/2008/mfsa2008-34.html"
);
script_set_attribute(attribute:"solution", value:"Update the affected packages.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
script_set_attribute(attribute:"canvas_package", value:'CANVAS');
script_cwe_id(20, 79, 94, 189, 200, 264, 399);
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-ar");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-ca");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-cs");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-de");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-el");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-es");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-es_AR");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-fi");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-fr");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-hu");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-it");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-ja");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-ko");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-nb");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-nl");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-pl");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-pt");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-pt_BR");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-ro");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-ru");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-sk");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-sl");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-sv");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-tr");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-zh_CN");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-zh_TW");
script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:linux:2008.0");
script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:linux:2008.1");
script_set_attribute(attribute:"patch_publication_date", value:"2008/07/27");
script_set_attribute(attribute:"plugin_publication_date", value:"2009/04/23");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.");
script_family(english:"Mandriva Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux");
if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu);
flag = 0;
if (rpm_check(release:"MDK2008.0", reference:"mozilla-thunderbird-enigmail-ar-2.0.0.16-1mdv2008.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2008.0", reference:"mozilla-thunderbird-enigmail-ca-2.0.0.16-1mdv2008.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2008.0", reference:"mozilla-thunderbird-enigmail-cs-2.0.0.16-1mdv2008.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2008.0", reference:"mozilla-thunderbird-enigmail-de-2.0.0.16-1mdv2008.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2008.0", reference:"mozilla-thunderbird-enigmail-el-2.0.0.16-1mdv2008.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2008.0", reference:"mozilla-thunderbird-enigmail-es-2.0.0.16-1mdv2008.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2008.0", reference:"mozilla-thunderbird-enigmail-es_AR-2.0.0.16-1mdv2008.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2008.0", reference:"mozilla-thunderbird-enigmail-fi-2.0.0.16-1mdv2008.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2008.0", reference:"mozilla-thunderbird-enigmail-fr-2.0.0.16-1mdv2008.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2008.0", reference:"mozilla-thunderbird-enigmail-hu-2.0.0.16-1mdv2008.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2008.0", reference:"mozilla-thunderbird-enigmail-it-2.0.0.16-1mdv2008.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2008.0", reference:"mozilla-thunderbird-enigmail-ja-2.0.0.16-1mdv2008.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2008.0", reference:"mozilla-thunderbird-enigmail-ko-2.0.0.16-1mdv2008.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2008.0", reference:"mozilla-thunderbird-enigmail-nb-2.0.0.16-1mdv2008.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2008.0", reference:"mozilla-thunderbird-enigmail-nl-2.0.0.16-1mdv2008.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2008.0", reference:"mozilla-thunderbird-enigmail-pl-2.0.0.16-1mdv2008.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2008.0", reference:"mozilla-thunderbird-enigmail-pt-2.0.0.16-1mdv2008.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2008.0", reference:"mozilla-thunderbird-enigmail-pt_BR-2.0.0.16-1mdv2008.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2008.0", reference:"mozilla-thunderbird-enigmail-ro-2.0.0.16-1mdv2008.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2008.0", reference:"mozilla-thunderbird-enigmail-ru-2.0.0.16-1mdv2008.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2008.0", reference:"mozilla-thunderbird-enigmail-sk-2.0.0.16-1mdv2008.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2008.0", reference:"mozilla-thunderbird-enigmail-sl-2.0.0.16-1mdv2008.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2008.0", reference:"mozilla-thunderbird-enigmail-sv-2.0.0.16-1mdv2008.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2008.0", reference:"mozilla-thunderbird-enigmail-tr-2.0.0.16-1mdv2008.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2008.0", reference:"mozilla-thunderbird-enigmail-zh_CN-2.0.0.16-1mdv2008.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2008.0", reference:"mozilla-thunderbird-enigmail-zh_TW-2.0.0.16-1mdv2008.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2008.1", reference:"mozilla-thunderbird-enigmail-ar-2.0.0.16-1mdv2008.1", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2008.1", reference:"mozilla-thunderbird-enigmail-ca-2.0.0.16-1mdv2008.1", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2008.1", reference:"mozilla-thunderbird-enigmail-cs-2.0.0.16-1mdv2008.1", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2008.1", reference:"mozilla-thunderbird-enigmail-de-2.0.0.16-1mdv2008.1", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2008.1", reference:"mozilla-thunderbird-enigmail-el-2.0.0.16-1mdv2008.1", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2008.1", reference:"mozilla-thunderbird-enigmail-es-2.0.0.16-1mdv2008.1", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2008.1", reference:"mozilla-thunderbird-enigmail-es_AR-2.0.0.16-1mdv2008.1", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2008.1", reference:"mozilla-thunderbird-enigmail-fi-2.0.0.16-1mdv2008.1", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2008.1", reference:"mozilla-thunderbird-enigmail-fr-2.0.0.16-1mdv2008.1", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2008.1", reference:"mozilla-thunderbird-enigmail-hu-2.0.0.16-1mdv2008.1", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2008.1", reference:"mozilla-thunderbird-enigmail-it-2.0.0.16-1mdv2008.1", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2008.1", reference:"mozilla-thunderbird-enigmail-ja-2.0.0.16-1mdv2008.1", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2008.1", reference:"mozilla-thunderbird-enigmail-ko-2.0.0.16-1mdv2008.1", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2008.1", reference:"mozilla-thunderbird-enigmail-nb-2.0.0.16-1mdv2008.1", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2008.1", reference:"mozilla-thunderbird-enigmail-nl-2.0.0.16-1mdv2008.1", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2008.1", reference:"mozilla-thunderbird-enigmail-pl-2.0.0.16-1mdv2008.1", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2008.1", reference:"mozilla-thunderbird-enigmail-pt-2.0.0.16-1mdv2008.1", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2008.1", reference:"mozilla-thunderbird-enigmail-pt_BR-2.0.0.16-1mdv2008.1", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2008.1", reference:"mozilla-thunderbird-enigmail-ro-2.0.0.16-1mdv2008.1", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2008.1", reference:"mozilla-thunderbird-enigmail-ru-2.0.0.16-1mdv2008.1", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2008.1", reference:"mozilla-thunderbird-enigmail-sk-2.0.0.16-1mdv2008.1", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2008.1", reference:"mozilla-thunderbird-enigmail-sl-2.0.0.16-1mdv2008.1", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2008.1", reference:"mozilla-thunderbird-enigmail-sv-2.0.0.16-1mdv2008.1", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2008.1", reference:"mozilla-thunderbird-enigmail-tr-2.0.0.16-1mdv2008.1", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2008.1", reference:"mozilla-thunderbird-enigmail-zh_CN-2.0.0.16-1mdv2008.1", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2008.1", reference:"mozilla-thunderbird-enigmail-zh_TW-2.0.0.16-1mdv2008.1", yank:"mdv")) flag++;
if (flag)
{
if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
else security_hole(0);
exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");
Vendor | Product | Version | CPE |
---|---|---|---|
mandriva | linux | mozilla-thunderbird-enigmail-ar | p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-ar |
mandriva | linux | mozilla-thunderbird-enigmail-ca | p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-ca |
mandriva | linux | mozilla-thunderbird-enigmail-cs | p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-cs |
mandriva | linux | mozilla-thunderbird-enigmail-de | p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-de |
mandriva | linux | mozilla-thunderbird-enigmail-el | p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-el |
mandriva | linux | mozilla-thunderbird-enigmail-es | p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-es |
mandriva | linux | mozilla-thunderbird-enigmail-es_ar | p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-es_ar |
mandriva | linux | mozilla-thunderbird-enigmail-fi | p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-fi |
mandriva | linux | mozilla-thunderbird-enigmail-fr | p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-fr |
mandriva | linux | mozilla-thunderbird-enigmail-hu | p-cpe:/a:mandriva:linux:mozilla-thunderbird-enigmail-hu |
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1233
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1234
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1235
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1236
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1237
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2785
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2798
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2799
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2802
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2803
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2807
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2809
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2811
www.mozilla.org/security/announce/2008/mfsa2008-14.html
www.mozilla.org/security/announce/2008/mfsa2008-15.html
www.mozilla.org/security/announce/2008/mfsa2008-21.html
www.mozilla.org/security/announce/2008/mfsa2008-24.html
www.mozilla.org/security/announce/2008/mfsa2008-25.html
www.mozilla.org/security/announce/2008/mfsa2008-29.html
www.mozilla.org/security/announce/2008/mfsa2008-31.html
www.mozilla.org/security/announce/2008/mfsa2008-33.html
www.mozilla.org/security/announce/2008/mfsa2008-34.html
www.mozilla.org/en-US/security/advisories/mfsa2008-26/