{"id": "MANDRIVA_MDVSA-2012-041.NASL", "bulletinFamily": "scanner", "title": "Mandriva Linux Security Advisory : expat (MDVSA-2012:041)", "description": "A memory leak and a hash table collision flaw in expat could cause denial os service (DoS) attacks (CVE-2012-0876, CVE-2012-1148).\n\nThe updated packages have been patched to correct this issue.", "published": "2012-03-28T00:00:00", "modified": "2018-07-19T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=58506", "reporter": "Tenable", "references": [], "cvelist": ["CVE-2012-1148", "CVE-2012-0876"], "type": "nessus", "lastseen": "2018-09-02T00:07:24", "history": [{"bulletin": {"bulletinFamily": "scanner", "cpe": ["cpe:/o:mandriva:linux:2011", "p-cpe:/a:mandriva:linux:libexpat1-devel", "p-cpe:/a:mandriva:linux:expat", "p-cpe:/a:mandriva:linux:libexpat1", "cpe:/o:mandriva:linux:2010.1", "p-cpe:/a:mandriva:linux:lib64expat-devel", "p-cpe:/a:mandriva:linux:libexpat-devel", "p-cpe:/a:mandriva:linux:lib64expat-static-devel", "p-cpe:/a:mandriva:linux:lib64expat1", "p-cpe:/a:mandriva:linux:lib64expat1-devel", "p-cpe:/a:mandriva:linux:libexpat-static-devel"], "cvelist": ["CVE-2012-1148", "CVE-2012-0876"], "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "description": "A memory leak and a hash table collision flaw in expat could cause denial os service (DoS) attacks (CVE-2012-0876, CVE-2012-1148).\n\nThe updated packages have been patched to correct this issue.", "edition": 2, "enchantments": {"score": {"value": 5.0, "vector": "NONE"}}, "hash": "aa8ce44eca816fddb2f3f53d55f0b843ecaadde23df3359908ac59fc57138f91", "hashmap": [{"hash": "846d5d302c3123625092f35fb71b8bc7", "key": "cpe"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "references"}, {"hash": "ddd3c49e01f7c9ac580f05a50e251145", "key": "sourceData"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "b772d87bfd24b5012cd1d38e9fdb66df", "key": "title"}, {"hash": "d9f543e85bf6a1bc76bffdd7ac3cb032", "key": "cvelist"}, {"hash": "a54d6f815613099fd1ac75d95c90d434", "key": "href"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "98087b7546e17e5b91d4beeb8ed2b089", "key": "published"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "526837706681051344a466f9e51ac982", "key": "naslFamily"}, {"hash": "84813b1457b92d6ba1174abffbb83a2f", "key": "cvss"}, {"hash": "932ad690938d41a5231afb997407e36d", "key": "modified"}, {"hash": "74c4d67e9e3b7961c6c4071b0c46cfba", "key": "description"}, {"hash": "a036cac2531b35692e8975f252229fcf", "key": "pluginID"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=58506", "id": "MANDRIVA_MDVSA-2012-041.NASL", "lastseen": "2017-10-29T13:44:47", "modified": "2016-06-14T00:00:00", "naslFamily": "Mandriva Local Security Checks", "objectVersion": "1.3", "pluginID": "58506", "published": "2012-03-28T00:00:00", "references": [], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2012:041. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(58506);\n script_version(\"$Revision: 1.11 $\");\n script_cvs_date(\"$Date: 2016/06/14 17:29:37 $\");\n\n script_cve_id(\"CVE-2012-0876\", \"CVE-2012-1148\");\n script_bugtraq_id(52379);\n script_osvdb_id(80892, 80893);\n script_xref(name:\"MDVSA\", value:\"2012:041\");\n\n script_name(english:\"Mandriva Linux Security Advisory : expat (MDVSA-2012:041)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A memory leak and a hash table collision flaw in expat could cause\ndenial os service (DoS) attacks (CVE-2012-0876, CVE-2012-1148).\n\nThe updated packages have been patched to correct this issue.\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:ND\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:expat\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64expat-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64expat-static-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64expat1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64expat1-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libexpat-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libexpat-static-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libexpat1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libexpat1-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2010.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2011\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/03/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/03/28\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2016 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK2010.1\", reference:\"expat-2.0.1-12.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"x86_64\", reference:\"lib64expat1-2.0.1-12.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"x86_64\", reference:\"lib64expat1-devel-2.0.1-12.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"i386\", reference:\"libexpat1-2.0.1-12.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"i386\", reference:\"libexpat1-devel-2.0.1-12.1mdv2010.2\", yank:\"mdv\")) flag++;\n\nif (rpm_check(release:\"MDK2011\", reference:\"expat-2.0.1-15.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", cpu:\"x86_64\", reference:\"lib64expat-devel-2.0.1-15.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", cpu:\"x86_64\", reference:\"lib64expat-static-devel-2.0.1-15.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", cpu:\"x86_64\", reference:\"lib64expat1-2.0.1-15.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", cpu:\"i386\", reference:\"libexpat-devel-2.0.1-15.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", cpu:\"i386\", reference:\"libexpat-static-devel-2.0.1-15.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", cpu:\"i386\", reference:\"libexpat1-2.0.1-15.1-mdv2011.0\", yank:\"mdv\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "title": "Mandriva Linux Security Advisory : expat (MDVSA-2012:041)", "type": "nessus", "viewCount": 1}, "differentElements": ["modified", "sourceData"], "edition": 2, "lastseen": "2017-10-29T13:44:47"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": [], "cvelist": ["CVE-2012-1148", "CVE-2012-0876"], "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "description": "A memory leak and a hash table collision flaw in expat could cause denial os service (DoS) attacks (CVE-2012-0876, CVE-2012-1148).\n\nThe updated packages have been patched to correct this issue.", "edition": 1, "enchantments": {}, "hash": "ba294323a06c8fe0ba064c0336328ded70aec810e4fa060db0a1e968519c2e72", "hashmap": [{"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "references"}, {"hash": "ddd3c49e01f7c9ac580f05a50e251145", "key": "sourceData"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "b772d87bfd24b5012cd1d38e9fdb66df", "key": "title"}, {"hash": "d9f543e85bf6a1bc76bffdd7ac3cb032", "key": "cvelist"}, {"hash": "a54d6f815613099fd1ac75d95c90d434", "key": "href"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "98087b7546e17e5b91d4beeb8ed2b089", "key": "published"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "526837706681051344a466f9e51ac982", "key": "naslFamily"}, {"hash": "84813b1457b92d6ba1174abffbb83a2f", "key": "cvss"}, {"hash": "932ad690938d41a5231afb997407e36d", "key": "modified"}, {"hash": "74c4d67e9e3b7961c6c4071b0c46cfba", "key": "description"}, {"hash": "a036cac2531b35692e8975f252229fcf", "key": "pluginID"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=58506", "id": "MANDRIVA_MDVSA-2012-041.NASL", "lastseen": "2016-09-26T17:26:26", "modified": "2016-06-14T00:00:00", "naslFamily": "Mandriva Local Security Checks", "objectVersion": "1.2", "pluginID": "58506", "published": "2012-03-28T00:00:00", "references": [], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2012:041. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(58506);\n script_version(\"$Revision: 1.11 $\");\n script_cvs_date(\"$Date: 2016/06/14 17:29:37 $\");\n\n script_cve_id(\"CVE-2012-0876\", \"CVE-2012-1148\");\n script_bugtraq_id(52379);\n script_osvdb_id(80892, 80893);\n script_xref(name:\"MDVSA\", value:\"2012:041\");\n\n script_name(english:\"Mandriva Linux Security Advisory : expat (MDVSA-2012:041)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A memory leak and a hash table collision flaw in expat could cause\ndenial os service (DoS) attacks (CVE-2012-0876, CVE-2012-1148).\n\nThe updated packages have been patched to correct this issue.\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:ND\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:expat\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64expat-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64expat-static-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64expat1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64expat1-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libexpat-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libexpat-static-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libexpat1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libexpat1-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2010.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2011\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/03/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/03/28\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2016 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK2010.1\", reference:\"expat-2.0.1-12.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"x86_64\", reference:\"lib64expat1-2.0.1-12.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"x86_64\", reference:\"lib64expat1-devel-2.0.1-12.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"i386\", reference:\"libexpat1-2.0.1-12.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"i386\", reference:\"libexpat1-devel-2.0.1-12.1mdv2010.2\", yank:\"mdv\")) flag++;\n\nif (rpm_check(release:\"MDK2011\", reference:\"expat-2.0.1-15.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", cpu:\"x86_64\", reference:\"lib64expat-devel-2.0.1-15.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", cpu:\"x86_64\", reference:\"lib64expat-static-devel-2.0.1-15.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", cpu:\"x86_64\", reference:\"lib64expat1-2.0.1-15.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", cpu:\"i386\", reference:\"libexpat-devel-2.0.1-15.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", cpu:\"i386\", reference:\"libexpat-static-devel-2.0.1-15.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", cpu:\"i386\", reference:\"libexpat1-2.0.1-15.1-mdv2011.0\", yank:\"mdv\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "title": "Mandriva Linux Security Advisory : expat (MDVSA-2012:041)", "type": "nessus", "viewCount": 1}, "differentElements": ["cpe"], "edition": 1, "lastseen": "2016-09-26T17:26:26"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["cpe:/o:mandriva:linux:2011", "p-cpe:/a:mandriva:linux:libexpat1-devel", "p-cpe:/a:mandriva:linux:expat", "p-cpe:/a:mandriva:linux:libexpat1", "cpe:/o:mandriva:linux:2010.1", "p-cpe:/a:mandriva:linux:lib64expat-devel", "p-cpe:/a:mandriva:linux:libexpat-devel", "p-cpe:/a:mandriva:linux:lib64expat-static-devel", "p-cpe:/a:mandriva:linux:lib64expat1", "p-cpe:/a:mandriva:linux:lib64expat1-devel", "p-cpe:/a:mandriva:linux:libexpat-static-devel"], "cvelist": ["CVE-2012-1148", "CVE-2012-0876"], "cvss": {"score": 0.0, "vector": "NONE"}, "description": "A memory leak and a hash table collision flaw in expat could cause denial os service (DoS) attacks (CVE-2012-0876, CVE-2012-1148).\n\nThe updated packages have been patched to correct this issue.", "edition": 5, "enchantments": {"score": {"value": 5.0, "vector": "NONE"}}, "hash": "18a607e88d5c5d45be052697c52fc142fb73247b9ffa525853dbf2ab9f105ead", "hashmap": [{"hash": "846d5d302c3123625092f35fb71b8bc7", "key": "cpe"}, {"hash": "e2914120514a29eeccc01e381df164d8", "key": "modified"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "references"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "b772d87bfd24b5012cd1d38e9fdb66df", "key": "title"}, {"hash": "3543e33096695526dada36be9eef4771", "key": "sourceData"}, {"hash": "d9f543e85bf6a1bc76bffdd7ac3cb032", "key": "cvelist"}, {"hash": "a54d6f815613099fd1ac75d95c90d434", "key": "href"}, {"hash": "8cd4821cb504d25572038ed182587d85", "key": "cvss"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "98087b7546e17e5b91d4beeb8ed2b089", "key": "published"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "526837706681051344a466f9e51ac982", "key": "naslFamily"}, {"hash": "74c4d67e9e3b7961c6c4071b0c46cfba", "key": "description"}, {"hash": "a036cac2531b35692e8975f252229fcf", "key": "pluginID"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=58506", "id": "MANDRIVA_MDVSA-2012-041.NASL", "lastseen": "2018-08-30T19:56:13", "modified": "2018-07-19T00:00:00", "naslFamily": "Mandriva Local Security Checks", "objectVersion": "1.3", "pluginID": "58506", "published": "2012-03-28T00:00:00", "references": [], "reporter": "Tenable", "sourceData": "#%NASL_MIN_LEVEL 70103\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2012:041. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(58506);\n script_version(\"1.13\");\n script_cvs_date(\"Date: 2018/07/19 20:59:17\");\n\n script_cve_id(\"CVE-2012-0876\", \"CVE-2012-1148\");\n script_bugtraq_id(52379);\n script_xref(name:\"MDVSA\", value:\"2012:041\");\n\n script_name(english:\"Mandriva Linux Security Advisory : expat (MDVSA-2012:041)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A memory leak and a hash table collision flaw in expat could cause\ndenial os service (DoS) attacks (CVE-2012-0876, CVE-2012-1148).\n\nThe updated packages have been patched to correct this issue.\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:expat\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64expat-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64expat-static-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64expat1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64expat1-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libexpat-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libexpat-static-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libexpat1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libexpat1-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2010.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2011\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/03/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/03/28\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK2010.1\", reference:\"expat-2.0.1-12.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"x86_64\", reference:\"lib64expat1-2.0.1-12.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"x86_64\", reference:\"lib64expat1-devel-2.0.1-12.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"i386\", reference:\"libexpat1-2.0.1-12.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"i386\", reference:\"libexpat1-devel-2.0.1-12.1mdv2010.2\", yank:\"mdv\")) flag++;\n\nif (rpm_check(release:\"MDK2011\", reference:\"expat-2.0.1-15.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", cpu:\"x86_64\", reference:\"lib64expat-devel-2.0.1-15.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", cpu:\"x86_64\", reference:\"lib64expat-static-devel-2.0.1-15.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", cpu:\"x86_64\", reference:\"lib64expat1-2.0.1-15.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", cpu:\"i386\", reference:\"libexpat-devel-2.0.1-15.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", cpu:\"i386\", reference:\"libexpat-static-devel-2.0.1-15.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", cpu:\"i386\", reference:\"libexpat1-2.0.1-15.1-mdv2011.0\", yank:\"mdv\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "title": "Mandriva Linux Security Advisory : expat (MDVSA-2012:041)", "type": "nessus", "viewCount": 1}, "differentElements": ["cvss"], "edition": 5, "lastseen": "2018-08-30T19:56:13"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["cpe:/o:mandriva:linux:2011", "p-cpe:/a:mandriva:linux:libexpat1-devel", "p-cpe:/a:mandriva:linux:expat", "p-cpe:/a:mandriva:linux:libexpat1", "cpe:/o:mandriva:linux:2010.1", "p-cpe:/a:mandriva:linux:lib64expat-devel", "p-cpe:/a:mandriva:linux:libexpat-devel", "p-cpe:/a:mandriva:linux:lib64expat-static-devel", "p-cpe:/a:mandriva:linux:lib64expat1", "p-cpe:/a:mandriva:linux:lib64expat1-devel", "p-cpe:/a:mandriva:linux:libexpat-static-devel"], "cvelist": ["CVE-2012-1148", "CVE-2012-0876"], "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "description": "A memory leak and a hash table collision flaw in expat could cause denial os service (DoS) attacks (CVE-2012-0876, CVE-2012-1148).\n\nThe updated packages have been patched to correct this issue.", "edition": 3, "enchantments": {"score": {"value": 5.0, "vector": "NONE"}}, "hash": "36588aff009844371af1f162a973a30413f592a6d2afd4f8987912b15b2f071e", "hashmap": [{"hash": "846d5d302c3123625092f35fb71b8bc7", "key": "cpe"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "references"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "b772d87bfd24b5012cd1d38e9fdb66df", "key": "title"}, {"hash": "d7a2f84f623d9565d812c51123462905", "key": "modified"}, {"hash": "fa03f7d29ea8fec5ae3993c5ae7d23c4", "key": "sourceData"}, {"hash": "d9f543e85bf6a1bc76bffdd7ac3cb032", "key": "cvelist"}, {"hash": "a54d6f815613099fd1ac75d95c90d434", "key": "href"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "98087b7546e17e5b91d4beeb8ed2b089", "key": "published"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "526837706681051344a466f9e51ac982", "key": "naslFamily"}, {"hash": "84813b1457b92d6ba1174abffbb83a2f", "key": "cvss"}, {"hash": "74c4d67e9e3b7961c6c4071b0c46cfba", "key": "description"}, {"hash": "a036cac2531b35692e8975f252229fcf", "key": "pluginID"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=58506", "id": "MANDRIVA_MDVSA-2012-041.NASL", "lastseen": "2018-07-15T04:19:21", "modified": "2018-07-14T00:00:00", "naslFamily": "Mandriva Local Security Checks", "objectVersion": "1.3", "pluginID": "58506", "published": "2012-03-28T00:00:00", "references": [], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2012:041. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(58506);\n script_version(\"1.12\");\n script_cvs_date(\"Date: 2018/07/14 1:59:37\");\n\n script_cve_id(\"CVE-2012-0876\", \"CVE-2012-1148\");\n script_bugtraq_id(52379);\n script_xref(name:\"MDVSA\", value:\"2012:041\");\n\n script_name(english:\"Mandriva Linux Security Advisory : expat (MDVSA-2012:041)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A memory leak and a hash table collision flaw in expat could cause\ndenial os service (DoS) attacks (CVE-2012-0876, CVE-2012-1148).\n\nThe updated packages have been patched to correct this issue.\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:expat\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64expat-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64expat-static-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64expat1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64expat1-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libexpat-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libexpat-static-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libexpat1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libexpat1-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2010.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2011\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/03/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/03/28\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK2010.1\", reference:\"expat-2.0.1-12.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"x86_64\", reference:\"lib64expat1-2.0.1-12.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"x86_64\", reference:\"lib64expat1-devel-2.0.1-12.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"i386\", reference:\"libexpat1-2.0.1-12.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"i386\", reference:\"libexpat1-devel-2.0.1-12.1mdv2010.2\", yank:\"mdv\")) flag++;\n\nif (rpm_check(release:\"MDK2011\", reference:\"expat-2.0.1-15.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", cpu:\"x86_64\", reference:\"lib64expat-devel-2.0.1-15.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", cpu:\"x86_64\", reference:\"lib64expat-static-devel-2.0.1-15.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", cpu:\"x86_64\", reference:\"lib64expat1-2.0.1-15.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", cpu:\"i386\", reference:\"libexpat-devel-2.0.1-15.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", cpu:\"i386\", reference:\"libexpat-static-devel-2.0.1-15.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", cpu:\"i386\", reference:\"libexpat1-2.0.1-15.1-mdv2011.0\", yank:\"mdv\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "title": "Mandriva Linux Security Advisory : expat (MDVSA-2012:041)", "type": "nessus", "viewCount": 1}, "differentElements": ["modified", "sourceData"], "edition": 3, "lastseen": "2018-07-15T04:19:21"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["cpe:/o:mandriva:linux:2011", "p-cpe:/a:mandriva:linux:libexpat1-devel", "p-cpe:/a:mandriva:linux:expat", "p-cpe:/a:mandriva:linux:libexpat1", "cpe:/o:mandriva:linux:2010.1", "p-cpe:/a:mandriva:linux:lib64expat-devel", "p-cpe:/a:mandriva:linux:libexpat-devel", "p-cpe:/a:mandriva:linux:lib64expat-static-devel", "p-cpe:/a:mandriva:linux:lib64expat1", "p-cpe:/a:mandriva:linux:lib64expat1-devel", "p-cpe:/a:mandriva:linux:libexpat-static-devel"], "cvelist": ["CVE-2012-1148", "CVE-2012-0876"], "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "description": "A memory leak and a hash table collision flaw in expat could cause denial os service (DoS) attacks (CVE-2012-0876, CVE-2012-1148).\n\nThe updated packages have been patched to correct this issue.", "edition": 4, "enchantments": {"score": {"value": 5.0, "vector": "NONE"}}, "hash": "9cb6696d0b2f07af6ff42e592e3b34ee4ead7de1df3922289ce1aaca1fa2baf7", "hashmap": [{"hash": "846d5d302c3123625092f35fb71b8bc7", "key": "cpe"}, {"hash": "e2914120514a29eeccc01e381df164d8", "key": "modified"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "references"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "b772d87bfd24b5012cd1d38e9fdb66df", "key": "title"}, {"hash": "3543e33096695526dada36be9eef4771", "key": "sourceData"}, {"hash": "d9f543e85bf6a1bc76bffdd7ac3cb032", "key": "cvelist"}, {"hash": "a54d6f815613099fd1ac75d95c90d434", "key": "href"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "98087b7546e17e5b91d4beeb8ed2b089", "key": "published"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "526837706681051344a466f9e51ac982", "key": "naslFamily"}, {"hash": "84813b1457b92d6ba1174abffbb83a2f", "key": "cvss"}, {"hash": "74c4d67e9e3b7961c6c4071b0c46cfba", "key": "description"}, {"hash": "a036cac2531b35692e8975f252229fcf", "key": "pluginID"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=58506", "id": "MANDRIVA_MDVSA-2012-041.NASL", "lastseen": "2018-08-02T08:24:22", "modified": "2018-07-19T00:00:00", "naslFamily": "Mandriva Local Security Checks", "objectVersion": "1.3", "pluginID": "58506", "published": "2012-03-28T00:00:00", "references": [], "reporter": "Tenable", "sourceData": "#%NASL_MIN_LEVEL 70103\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2012:041. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(58506);\n script_version(\"1.13\");\n script_cvs_date(\"Date: 2018/07/19 20:59:17\");\n\n script_cve_id(\"CVE-2012-0876\", \"CVE-2012-1148\");\n script_bugtraq_id(52379);\n script_xref(name:\"MDVSA\", value:\"2012:041\");\n\n script_name(english:\"Mandriva Linux Security Advisory : expat (MDVSA-2012:041)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A memory leak and a hash table collision flaw in expat could cause\ndenial os service (DoS) attacks (CVE-2012-0876, CVE-2012-1148).\n\nThe updated packages have been patched to correct this issue.\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:expat\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64expat-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64expat-static-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64expat1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64expat1-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libexpat-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libexpat-static-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libexpat1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libexpat1-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2010.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2011\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/03/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/03/28\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK2010.1\", reference:\"expat-2.0.1-12.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"x86_64\", reference:\"lib64expat1-2.0.1-12.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"x86_64\", reference:\"lib64expat1-devel-2.0.1-12.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"i386\", reference:\"libexpat1-2.0.1-12.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"i386\", reference:\"libexpat1-devel-2.0.1-12.1mdv2010.2\", yank:\"mdv\")) flag++;\n\nif (rpm_check(release:\"MDK2011\", reference:\"expat-2.0.1-15.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", cpu:\"x86_64\", reference:\"lib64expat-devel-2.0.1-15.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", cpu:\"x86_64\", reference:\"lib64expat-static-devel-2.0.1-15.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", cpu:\"x86_64\", reference:\"lib64expat1-2.0.1-15.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", cpu:\"i386\", reference:\"libexpat-devel-2.0.1-15.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", cpu:\"i386\", reference:\"libexpat-static-devel-2.0.1-15.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", cpu:\"i386\", reference:\"libexpat1-2.0.1-15.1-mdv2011.0\", yank:\"mdv\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "title": "Mandriva Linux Security Advisory : expat (MDVSA-2012:041)", "type": "nessus", "viewCount": 1}, "differentElements": ["cvss"], "edition": 4, "lastseen": "2018-08-02T08:24:22"}], "edition": 6, "hashmap": [{"key": "bulletinFamily", "hash": "bbdaea376f500d25f6b0c1050311dd07"}, {"key": "cpe", "hash": "846d5d302c3123625092f35fb71b8bc7"}, {"key": "cvelist", "hash": "d9f543e85bf6a1bc76bffdd7ac3cb032"}, {"key": "cvss", "hash": "84813b1457b92d6ba1174abffbb83a2f"}, {"key": "description", "hash": "74c4d67e9e3b7961c6c4071b0c46cfba"}, {"key": "href", "hash": "a54d6f815613099fd1ac75d95c90d434"}, {"key": "modified", "hash": "e2914120514a29eeccc01e381df164d8"}, {"key": "naslFamily", "hash": "526837706681051344a466f9e51ac982"}, {"key": "pluginID", "hash": "a036cac2531b35692e8975f252229fcf"}, {"key": "published", "hash": "98087b7546e17e5b91d4beeb8ed2b089"}, {"key": "references", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "reporter", "hash": "9cf00d658b687f030ebe173a0528c567"}, {"key": "sourceData", "hash": "3543e33096695526dada36be9eef4771"}, {"key": "title", "hash": "b772d87bfd24b5012cd1d38e9fdb66df"}, {"key": "type", "hash": "5e0bd03bec244039678f2b955a2595aa"}], "hash": "9cb6696d0b2f07af6ff42e592e3b34ee4ead7de1df3922289ce1aaca1fa2baf7", "viewCount": 1, "enchantments": {"score": {"value": 5.0, "vector": "NONE"}, "vulnersScore": 5.0}, "objectVersion": "1.3", "sourceData": "#%NASL_MIN_LEVEL 70103\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2012:041. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(58506);\n script_version(\"1.13\");\n script_cvs_date(\"Date: 2018/07/19 20:59:17\");\n\n script_cve_id(\"CVE-2012-0876\", \"CVE-2012-1148\");\n script_bugtraq_id(52379);\n script_xref(name:\"MDVSA\", value:\"2012:041\");\n\n script_name(english:\"Mandriva Linux Security Advisory : expat (MDVSA-2012:041)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A memory leak and a hash table collision flaw in expat could cause\ndenial os service (DoS) attacks (CVE-2012-0876, CVE-2012-1148).\n\nThe updated packages have been patched to correct this issue.\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:expat\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64expat-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64expat-static-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64expat1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64expat1-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libexpat-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libexpat-static-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libexpat1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libexpat1-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2010.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2011\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/03/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/03/28\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK2010.1\", reference:\"expat-2.0.1-12.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"x86_64\", reference:\"lib64expat1-2.0.1-12.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"x86_64\", reference:\"lib64expat1-devel-2.0.1-12.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"i386\", reference:\"libexpat1-2.0.1-12.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"i386\", reference:\"libexpat1-devel-2.0.1-12.1mdv2010.2\", yank:\"mdv\")) flag++;\n\nif (rpm_check(release:\"MDK2011\", reference:\"expat-2.0.1-15.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", cpu:\"x86_64\", reference:\"lib64expat-devel-2.0.1-15.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", cpu:\"x86_64\", reference:\"lib64expat-static-devel-2.0.1-15.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", cpu:\"x86_64\", reference:\"lib64expat1-2.0.1-15.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", cpu:\"i386\", reference:\"libexpat-devel-2.0.1-15.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", cpu:\"i386\", reference:\"libexpat-static-devel-2.0.1-15.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", cpu:\"i386\", reference:\"libexpat1-2.0.1-15.1-mdv2011.0\", yank:\"mdv\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "naslFamily": "Mandriva Local Security Checks", "pluginID": "58506", "cpe": ["cpe:/o:mandriva:linux:2011", "p-cpe:/a:mandriva:linux:libexpat1-devel", "p-cpe:/a:mandriva:linux:expat", "p-cpe:/a:mandriva:linux:libexpat1", "cpe:/o:mandriva:linux:2010.1", "p-cpe:/a:mandriva:linux:lib64expat-devel", "p-cpe:/a:mandriva:linux:libexpat-devel", "p-cpe:/a:mandriva:linux:lib64expat-static-devel", "p-cpe:/a:mandriva:linux:lib64expat1", "p-cpe:/a:mandriva:linux:lib64expat1-devel", "p-cpe:/a:mandriva:linux:libexpat-static-devel"]}

{"f5": [{"lastseen": "2017-08-15T01:08:46", "references": [], "edition": 1, "description": "\nF5 Product Development has assigned ID 388737 (BIG-IP) to these vulnerabilities, and has evaluated the currently supported releases for potential vulnerability. Additionally, [BIG-IP iHealth](<http://www.f5.com/support/support-tools/big-ip-ihealth/>) may list Heuristic H16949 on the **Diagnostics** &gt; **Identified** &gt; **Medium** screen.\n\nTo determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table:\n\nProduct | Versions known to be vulnerable | Versions known to be not vulnerable | Severity | Vulnerable component or feature \n---|---|---|---|--- \nBIG-IP LTM | 11.0.0 - 11.2.1* \n10.1.0 - 10.2.4* | 11.3.0 - 11.6.0 | Medium | xmlparse.c \nBIG-IP AAM | 11.0.0 - 11.2.1* \n10.1.0 - 10.2.4* | 11.3.0 - 11.6.0 | Medium | xmlparse.c \nBIG-IP AFM | 11.0.0 - 11.2.1* \n10.1.0 - 10.2.4* | 11.3.0 - 11.6.0 | Medium | xmlparse.c \nBIG-IP Analytics | 11.0.0 - 11.2.1* \n10.1.0 - 10.2.4* | 11.3.0 - 11.6.0 | Medium | xmlparse.c \nBIG-IP APM | 11.0.0 - 11.2.1* \n10.1.0 - 10.2.4* | 11.3.0 - 11.6.0 | Medium | xmlparse.c \nBIG-IP ASM | 11.0.0 - 11.2.1 \n10.1.0 - 10.2.4 | 11.3.0 - 11.6.0 | Medium | xmlparse.c \nBIG-IP Edge Gateway | 11.0.0 - 11.2.1* \n10.1.0 - 10.2.4* | 11.3.0 | Medium | xmlparse.c \nBIG-IP GTM | 11.0.0 - 11.2.1* \n10.1.0 - 10.2.4* | 11.3.0 - 11.6.0 | Medium | xmlparse.c \nBIG-IP Link Controller | 11.0.0 - 11.2.1* \n10.1.0 - 10.2.4* | 11.3.0 - 11.6.0 | Medium | xmlparse.c \nBIG-IP PEM | 11.0.0 - 11.2.1* \n10.1.0 - 10.2.4* | 11.3.0 - 11.6.0 | Medium | xmlparse.c \nBIG-IP PSM | 11.0.0 - 11.2.1* \n10.1.0 - 10.2.4* | 11.3.0 - 11.6.0 | Medium | xmlparse.c \nBIG-IP WebAccelerator | 11.0.0 - 11.2.1* \n10.1.0 - 10.2.4* | 11.3.0 | Medium | xmlparse.c \nBIG-IP WOM | 11.0.0 - 11.2.1* \n10.1.0 - 10.2.4* | 11.3.0 | Medium | xmlparse.c \nARX | None | 6.0.0 - 6.4.0 | Not vulnerable | None \nEnterprise Manager | None | 3.0.0 - 3.1.1 \n2.1.0 - 2.3.0 | Not vulnerable | None \nFirePass | None | 7.0.0 \n6.0.0 - 6.1.0 | Not vulnerable | None \nBIG-IQ Cloud | None | 4.0.0 - 4.5.0 | Not vulnerable | None \nBIG-IQ Device | None | 4.2.0 - 4.5.0 | Not vulnerable | None \nBIG-IQ Security | None | 4.0.0 - 4.5.0 | Not vulnerable | None \nBIG-IQ ADC | None | 4.5.0 | Not vulnerable | None \nLineRate | None | 2.5.0 - 2.6.0 | Not vulnerable | None \nF5 WebSafe | None | 1.0.0 | Not vulnerable | None \nTraffix SDC | None | 4.0.0 - 4.4.0 | Not vulnerable | None \n \n* **Important**: Certain product versions contain the affected code; however, those product versions do not parse untrusted XML input, and are, therefore, not exploitable.\n\nIf you are running a version listed in the **Versions known to be vulnerable **column, you can eliminate this vulnerability by upgrading to a version listed in the **Versions known to be not vulnerable **column. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists.\n\nMitigation\n\nBIG-IP ASM\n\nWhen the BIG-IP ASM system is provisioned, the custom attack signature portion of the Web UI is vulnerable; this situation requires an administrative-level user to interface with the vulnerable component.\n\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n * [K167: Downloading software and firmware from F5](<https://support.f5.com/csp/article/K167>)\n", "reporter": "f5", "published": "2015-07-11T03:06:00", "type": "f5", "title": "Expat vulnerabilities CVE-2012-0876 and CVE-2012-1148", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "software", "affectedSoftware": [], "cvelist": ["CVE-2012-1148", "CVE-2012-0876"], "modified": "2017-08-14T23:30:00", "href": "https://support.f5.com/csp/article/K16949", "id": "F5:K16949", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2016-09-26T17:23:06", "references": ["https://support.f5.com/kb/en-us/solutions/public/9000/900/sol9970.html", "https://support.f5.com/kb/en-us/solutions/public/4000/900/sol4918.html", "https://support.f5.com/kb/en-us/solutions/public/0000/100/sol167.html", "https://support.f5.com/kb/en-us/solutions/public/9000/900/sol9957.html"], "edition": 1, "description": "**Important**: *Certain product versions contain the affected code; however, those product versions do not parse untrusted XML input, and are, therefore, not exploitable.\n\nVulnerability Recommended Actions\n\nIf the previous table lists a version in the** Versions known to be not vulnerable** column, you can eliminate this vulnerability by upgrading to the listed version. If the listed version is older than the version you are currently running, or if the table does not list any version in the column, then no upgrade candidate currently exists.\n\nF5 responds to vulnerabilities in accordance with the Severity values published in the previous table. The Severity values and other security vulnerability parameters are defined in SOL4602: Overview of the F5 security vulnerability response policy.\n\n**BIG-IP ASM**\n\nWhen the BIG-IP ASM system is provisioned, the custom attack signature portion of the Web UI is vulnerable; this situation requires an administrative-level user to interface with the vulnerable component.\n\nSupplemental Information\n\n * SOL9970: Subscribing to email notifications regarding F5 products\n * SOL9957: Creating a custom RSS feed to view new and updated documents\n * SOL4918: Overview of the F5 critical issue hotfix policy\n * SOL167: Downloading software and firmware from F5\n", "reporter": "f5", "published": "2015-07-10T00:00:00", "title": "SOL16949 - Expat vulnerabilities CVE-2012-0876 and CVE-2012-1148", "type": "f5", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "software", "affectedSoftware": [{"name": "BIG-IP PSM", "version": "11.2.1 10.1.0", "operator": "le"}, {"name": "BIG-IP Edge Gateway", "version": "11.2.1 10.1.0", "operator": "le"}, {"name": "BIG-IP WebAccelerator", "version": "11.2.1 10.1.0", "operator": "le"}, {"name": "BIG-IP APM", "version": "11.2.1 10.1.0", "operator": "le"}, {"name": "BIG-IP ASM", "version": "11.2.1 10.1.0", "operator": "le"}, {"name": "BIG-IP AFM", "version": "11.2.1 10.1.0", "operator": "le"}, {"name": "BIG-IP PEM", "version": "11.2.1 10.1.0", "operator": "le"}, {"name": "BIG-IP GTM", "version": "11.2.1 10.1.0", "operator": "le"}, {"name": "BIG-IP Link Controller", "version": "11.2.1 10.1.0", "operator": "le"}, {"name": "BIG-IP AAM", "version": "11.2.1 10.1.0", "operator": "le"}, {"name": "BIG-IP WOM", "version": "11.2.1 10.1.0", "operator": "le"}, {"name": "BIG-IP Analytics", "version": "11.2.1 10.1.0", "operator": "le"}, {"name": "BIG-IP LTM", "version": "11.2.1 10.1.0", "operator": "le"}], "cvelist": ["CVE-2012-1148", "CVE-2012-0876"], "modified": "2016-06-28T00:00:00", "href": "http://support.f5.com/kb/en-us/solutions/public/16000/900/sol16949.html", "id": "SOL16949", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-07-24T02:01:53", "references": [], "description": "\nF5 Product Development has assigned ID 617273 (BIG-IP), ID 617964 (BIG-IQ/F5 iWorkflow), ID 618243 (Enterprise Manager), and ID 528541 (ARX) to this vulnerability. Additionally, [BIG-IP iHealth](<http://www.f5.com/support/support-tools/big-ip-ihealth/>) may list Heuristic H624219 on the **Diagnostics** &gt; **Identified** &gt; **Medium** page.\n\nTo determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table.\n\nProduct | Versions known to be vulnerable | Versions known to be not vulnerable | Severity | Vulnerable component or feature \n---|---|---|---|--- \nBIG-IP LTM | 13.0.0 \n12.0.0 - 12.1.3 \n11.6.1 - 11.6.3 \n11.4.0 - 11.5.6 | 13.1.0 \n13.0.1 \n12.1.3.2 \n11.6.3.2 \n11.5.7 \n11.2.1 \n10.2.1 - 10.2.4 | Medium | XML parser Expat library \nBIG-IP AAM | 13.0.0 \n12.0.0 - 12.1.3 \n11.6.1 - 11.6.3 \n11.4.0 - 11.5.6 | 13.1.0 \n13.0.1 \n12.1.3.2 \n11.6.3.2 \n11.5.7 | Medium | XML parser Expat library \nBIG-IP AFM | 13.0.0 \n12.0.0 - 12.1.3 \n11.6.1 - 11.6.3 \n11.4.0 - 11.5.6 | 13.1.0 \n13.0.1 \n12.1.3.2 \n11.6.3.2 \n11.5.7 | Medium | XML parser Expat library \nBIG-IP Analytics | 13.0.0 \n12.0.0 - 12.1.3 \n11.6.1 - 11.6.3 \n11.4.0 - 11.5.6 | 13.1.0 \n13.0.1 \n12.1.3.2 \n11.6.3.2 \n11.5.7 \n11.2.1 | Medium | XML parser Expat library \nBIG-IP APM | 13.0.0 \n12.0.0 - 12.1.3 \n11.6.1 - 11.6.3 \n11.4.0 - 11.5.6 | 13.1.0 \n13.0.1 \n12.1.3.2 \n11.6.3.2 \n11.5.7 \n11.2.1 \n10.2.1 - 10.2.4 | Medium | XML parser Expat library \nBIG-IP ASM | 13.0.0 \n12.0.0 - 12.1.3 \n11.6.1 - 11.6.3 \n11.4.0 - 11.5.6 | 13.1.0 \n13.0.1 \n12.1.3.2 \n11.6.3.2 \n11.5.7 \n11.2.1 \n10.2.1 - 10.2.4 | Medium | XML parser Expat library \nBIG-IP DNS | 13.0.0 \n12.0.0 - 12.1.3 | 13.1.0 \n13.0.1 \n12.1.3.2 | Medium | XML parser Expat library \nBIG-IP Edge Gateway | None | 11.2.1 \n10.2.1 - 10.2.4 | Not vulnerable | None \nBIG-IP GTM | 11.6.1 - 11.6.3 \n11.4.0 - 11.5.6 | 11.6.3.2 \n11.5.7 \n11.2.1 \n10.2.1 - 10.2.4 | Medium | XML parser Expat library \nBIG-IP Link Controller | 13.0.0 \n12.0.0 - 12.1.3 \n11.6.1 - 11.6.3 \n11.4.0 - 11.5.6 | 13.1.0 \n13.0.1 \n12.1.3.2 \n11.6.3.2 \n11.5.7 \n11.2.1 \n10.2.1 - 10.2.4 | Medium | XML parser Expat library \nBIG-IP PEM | 13.0.0 \n12.0.0 - 12.1.3 \n11.6.1 - 11.6.3 \n11.4.0 - 11.5.6 | 13.1.0 \n13.0.1 \n12.1.3.2 \n11.6.3.2 \n11.5.7 | Medium | XML parser Expat library \nBIG-IP PSM | 11.4.0 - 11.4.1 | 10.2.1 - 10.2.4 | Medium | XML parser Expat library \nBIG-IP WebAccelerator | None | 11.2.1 \n10.2.1 - 10.2.4 | Not vulnerable | None \nBIG-IP WebSafe | 13.0.0 \n12.0.0 - 12.1.3 \n11.6.0 - 11.6.3 | 13.1.0 \n13.0.1 \n12.1.3.2 | Medium \n\n \n\n| XML parser Expat library \nARX | 6.2.0 - 6.4.0 | None | Low | XML parser Expat library \nEnterprise Manager | 3.1.1 | None | Medium | XML parser Expat library \nBIG-IQ Cloud | 4.0.0 - 4.5.0 | None | Medium | XML parser Expat library \nBIG-IQ Device | 4.2.0 - 4.5.0 | None | Medium | XML parser Expat library \nBIG-IQ Security | 4.0.0 - 4.5.0 | None | Medium | XML parser Expat library \nBIG-IQ ADC | 4.5.0 | None | Medium | XML parser Expat library \nBIG-IQ Centralized Management | 5.0.0 - 5.4.0 \n4.6.0 | None | Medium | XML parser Expat library \nBIG-IQ Cloud and Orchestration | 1.0.0 | None | Medium | XML parser Expat library \nF5 iWorkflow | 2.0.0 - 2.3.0 | None | Medium | XML parser Expat library \nLineRate | None | 2.5.0 - 2.6.1 | Not vulnerable | None \nTraffix SDC | None | 5.0.0 \n4.0.0 - 4.4.0 | Not vulnerable | None\n\nIf you are running a version listed in the **Versions known to be vulnerable** column, you can eliminate this vulnerability by upgrading to a version listed in the **Versions known to be not vulnerable **column. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists.\n\nMitigation\n\nNone\n\n * [K21232150: Considerations for upgrading BIG-IQ or F5 iWorkflow systems](<https://support.f5.com/csp/article/K21232150>).\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n * [K167: Downloading software and firmware from F5](<https://support.f5.com/csp/article/K167>)\n * [K13123: Managing BIG-IP product hotfixes (11.x - 13.x)](<https://support.f5.com/csp/article/K13123>)\n * [K9502: BIG-IP hotfix and point release matrix](<https://support.f5.com/csp/article/K9502>)\n * [K15106: Managing BIG-IQ product hotfixes](<https://support.f5.com/csp/article/K15106>)\n * [K15113: BIG-IQ hotfix matrix](<https://support.f5.com/csp/article/K15113>)\n * [K12766: ARX hotfix matrix](<https://support.f5.com/csp/article/K12766>)\n", "edition": 1, "reporter": "f5", "published": "2016-10-27T01:15:00", "title": "Expat XML library vulnerability CVE-2016-5300", "type": "f5", "enchantments": {"score": {"modified": "2018-07-24T02:01:53", "vector": "NONE", "value": 5.0}}, "bulletinFamily": "software", "affectedSoftware": [], "cvelist": ["CVE-2016-5300", "CVE-2012-0876"], "modified": "2018-07-24T01:11:00", "id": "F5:K70938105", "href": "https://support.f5.com/csp/article/K70938105", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2016-11-09T00:09:38", "references": ["https://support.f5.com/kb/en-us/solutions/public/15000/100/sol15106.html", "https://support.f5.com/kb/en-us/solutions/public/13000/100/sol13123.html", "https://support.f5.com/kb/en-us/solutions/public/9000/900/sol9970.html", "https://support.f5.com/kb/en-us/solutions/public/4000/900/sol4918.html", "https://support.f5.com/kb/en-us/solutions/public/9000/500/sol9502.html", "https://support.f5.com/kb/en-us/solutions/public/15000/100/sol15113.html", "https://support.f5.com/kb/en-us/solutions/public/4000/600/sol4602.html", "https://support.f5.com/kb/en-us/solutions/public/12000/700/sol12766.html", "https://support.f5.com/kb/en-us/solutions/public/0000/100/sol167.html", "https://support.f5.com/kb/en-us/solutions/public/9000/900/sol9957.html"], "edition": 1, "description": "Vulnerability Recommended Actions\n\nIf you are running a version listed in the **Versions known to be vulnerable** column, you can eliminate this vulnerability by upgrading to a version listed in the **Versions known to be not vulnerable** column. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists.\n\nTo determine the necessary upgrade path for your BIG-IQ system, you should understand the BIG-IQ product offering name changes. For more information, refer to SOL21232150: Considerations for upgrading BIG-IQ or F5 iWorkflow systems.\n\nSupplemental Information\n\n * SOL9970: Subscribing to email notifications regarding F5 products\n * SOL9957: Creating a custom RSS feed to view new and updated documents\n * SOL4602: Overview of the F5 security vulnerability response policy\n * SOL4918: Overview of the F5 critical issue hotfix policy\n * SOL167: Downloading software and firmware from F5\n * SOL13123: Managing BIG-IP product hotfixes (11.x - 12.x)\n * SOL9502: BIG-IP hotfix matrix\n * SOL15106: Managing BIG-IQ product hotfixes\n * SOL15113: BIG-IQ hotfix matrix\n * SOL12766: ARX hotfix matrix\n", "reporter": "f5", "published": "2016-10-26T00:00:00", "type": "f5", "title": "SOL70938105 - Expat XML library vulnerability CVE-2016-5300", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "software", "affectedSoftware": [{"name": "BIG-IP Link Controller", "version": "11.6.1", "operator": "le"}, {"name": "BIG-IP PSM", "version": "11.4.1", "operator": "le"}, {"name": "BIG-IP WebSafe", "version": "11.6.1", "operator": "le"}, {"name": "BIG-IP AFM", "version": "12.1.1", "operator": "le"}, {"name": "BIG-IP WebSafe", "version": "12.1.0", "operator": "le"}, {"name": "BIG-IQ Cloud and Orchestration", "version": "1.0.0", "operator": "le"}, {"name": "BIG-IP APM", "version": "11.6.1", "operator": "le"}, {"name": "BIG-IP PEM", "version": "11.6.1", "operator": "le"}, {"name": "BIG-IP AAM", "version": "12.1.1", "operator": "le"}, {"name": "BIG-IP LTM", "version": "12.1.1", "operator": "le"}, {"name": "BIG-IP GTM", "version": "11.6.1", "operator": "le"}, {"name": "BIG-IP Analytics", "version": "12.1.1", "operator": "le"}, {"name": "BIG-IP DNS", "version": "12.1.1", "operator": "le"}, {"name": "BIG-IP Link Controller", "version": "12.1.1", "operator": "le"}, {"name": "BIG-IP ASM", "version": "12.1.1", "operator": "le"}, {"name": "BIG-IP AAM", "version": "11.6.1", "operator": "le"}, {"name": "F5 iWorkflow", "version": "2.0.1", "operator": "le"}, {"name": "BIG-IQ Centralized Management", "version": "5.1.0", "operator": "le"}, {"name": "BIG-IQ Device", "version": "4.5.0", "operator": "le"}, {"name": "BIG-IQ Cloud", "version": "4.5.0", "operator": "le"}, {"name": "Enterprise Manager", "version": "3.1.1", "operator": "le"}, {"name": "BIG-IP APM", "version": "12.1.1", "operator": "le"}, {"name": "BIG-IP PEM", "version": "12.1.1", "operator": "le"}, {"name": "BIG-IP LTM", "version": "11.6.1", "operator": "le"}, {"name": "BIG-IP Analytics", "version": "11.6.1", "operator": "le"}, {"name": "ARX", "version": "6.4.0", "operator": "le"}, {"name": "BIG-IQ ADC", "version": "4.5.0", "operator": "le"}, {"name": "BIG-IP AFM", "version": "11.6.1", "operator": "le"}, {"name": "BIG-IQ Centralized Management", "version": "4.6.0", "operator": "le"}, {"name": "BIG-IQ Security", "version": "4.5.0", "operator": "le"}, {"name": "BIG-IP ASM", "version": "11.6.1", "operator": "le"}], "cvelist": ["CVE-2016-5300", "CVE-2012-0876"], "modified": "2016-10-26T00:00:00", "href": "http://support.f5.com/kb/en-us/solutions/public/k/70/sol70938105.html", "id": "SOL70938105", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}], "openvas": [{"lastseen": "2018-10-26T14:41:12", "references": ["https://support.f5.com/kb/en-us/solutions/public/16000/900/sol16949.html"], "pluginID": "1361412562310105371", "description": "The remote host is missing a security patch.", "edition": 7, "reporter": "This script is Copyright (C) 2015 Greenbone Networks GmbH", "published": "2015-09-19T00:00:00", "title": "F5 BIG-IP - SOL16949 - Expat vulnerabilities CVE-2012-0876 and CVE-2012-1148", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "F5 Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-1148", "CVE-2012-0876"], "modified": "2018-10-26T00:00:00", "id": "OPENVAS:1361412562310105371", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310105371", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_f5_big_ip_sol16949.nasl 12106 2018-10-26 06:33:36Z cfischer $\n#\n# F5 BIG-IP - SOL16949 - Expat vulnerabilities CVE-2012-0876 and CVE-2012-1148\n#\n# Authors:\n# Michael Meyer <michael.meyer@greenbone.net>\n#\n# Copyright:\n# Copyright (c) 2015 Greenbone Networks GmbH\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/h:f5:big-ip\";\n\nif (description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.105371\");\n script_cve_id(\"CVE-2012-0876\", \"CVE-2012-1148\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_version(\"$Revision: 12106 $\");\n\n script_name(\"F5 BIG-IP - SOL16949 - Expat vulnerabilities CVE-2012-0876 and CVE-2012-1148\");\n\n script_xref(name:\"URL\", value:\"https://support.f5.com/kb/en-us/solutions/public/16000/900/sol16949.html\");\n\n script_tag(name:\"impact\", value:\"These vulnerabilities allow context-dependent attackers to cause a denial-of-service (DoS) (CPU and/or memory consumption) by way of XML files.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The XML parser (xmlparse.c) in expat before 2.1.0 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via an XML file with many identifiers with the same value.Memory leak in the poolGrow function in expat/lib/xmlparse.c in expat before 2.1.0 allows context-dependent attackers to cause a denial of service (memory consumption) via a large number of crafted XML files that cause improperly-handled reallocation failures when expanding entities.\");\n\n script_tag(name:\"solution\", value:\"See the referenced vendor advisory for a solution.\");\n script_tag(name:\"summary\", value:\"The remote host is missing a security patch.\");\n\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-26 08:33:36 +0200 (Fri, 26 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2015-09-19 10:34:51 +0200 (Sat, 19 Sep 2015)\");\n script_category(ACT_GATHER_INFO);\n script_family(\"F5 Local Security Checks\");\n script_copyright(\"This script is Copyright (C) 2015 Greenbone Networks GmbH\");\n script_dependencies(\"gb_f5_big_ip_version.nasl\");\n script_require_ports(\"Services/ssh\", 22);\n script_mandatory_keys(\"f5/big_ip/version\", \"f5/big_ip/active_modules\");\n exit(0);\n}\n\ninclude(\"version_func.inc\");\ninclude(\"host_details.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"f5.inc\");\n\nif( ! version = get_app_version( cpe:CPE ) ) exit( 0 );\n\ncheck_f5['LTM'] = make_array( 'affected', '11.0.0-11.2.1;10.1.0-10.2.4;',\n 'unaffected', '11.3.0-11.6.0;');\n\ncheck_f5['AAM'] = make_array( 'affected', '11.0.0-11.2.1;10.1.0-10.2.4;',\n 'unaffected', '11.3.0-11.6.0;');\n\ncheck_f5['AFM'] = make_array( 'affected', '11.0.0-11.2.1;10.1.0-10.2.4;',\n 'unaffected', '11.3.0-11.6.0;');\n\ncheck_f5['AVR'] = make_array( 'affected', '11.0.0-11.2.1;10.1.0-10.2.4;',\n 'unaffected', '11.3.0-11.6.0;');\n\ncheck_f5['APM'] = make_array( 'affected', '11.0.0-11.2.1;10.1.0-10.2.4;',\n 'unaffected', '11.3.0-11.6.0;');\n\ncheck_f5['ASM'] = make_array( 'affected', '11.0.0-11.2.1;10.1.0-10.2.4;',\n 'unaffected', '11.3.0-11.6.0;');\n\ncheck_f5['GTM'] = make_array( 'affected', '11.0.0-11.2.1;10.1.0-10.2.4;',\n 'unaffected', '11.3.0-11.6.0;');\n\ncheck_f5['LC'] = make_array( 'affected', '11.0.0-11.2.1;10.1.0-10.2.4;',\n 'unaffected', '11.3.0-11.6.0;');\n\ncheck_f5['PEM'] = make_array( 'affected', '11.0.0-11.2.1;10.1.0-10.2.4;',\n 'unaffected', '11.3.0-11.6.0;');\n\ncheck_f5['PSM'] = make_array( 'affected', '11.0.0-11.2.1;10.1.0-10.2.4;',\n 'unaffected', '11.3.0-11.6.0;');\n\ncheck_f5['WAM'] = make_array( 'affected', '11.0.0-11.2.1;10.1.0-10.2.4;',\n 'unaffected', '11.3.0;');\n\ncheck_f5['WOM'] = make_array( 'affected', '11.0.0-11.2.1;10.1.0-10.2.4;',\n 'unaffected', '11.3.0;');\n\nif( report = is_f5_vulnerable( ca:check_f5, version:version ) )\n{\n security_message( port:0, data:report );\n exit( 0 );\n}\n\nexit( 99 );\n\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-01-11T11:07:18", "references": ["http://lists.centos.org/pipermail/centos-announce/2012-June/018682.html", "2012:0731"], "pluginID": "881192", "description": "Check for the Version of expat", "edition": 3, "reporter": "Copyright (c) 2012 Greenbone Networks GmbH", "published": "2012-07-30T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "title": "CentOS Update for expat CESA-2012:0731 centos5 ", "type": "openvas", "naslFamily": "CentOS Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-1148", "CVE-2012-0876"], "modified": "2018-01-09T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=881192", "id": "OPENVAS:881192", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for expat CESA-2012:0731 centos5 \n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Expat is a C library written by James Clark for parsing XML documents.\n\n A denial of service flaw was found in the implementation of hash arrays in\n Expat. An attacker could use this flaw to make an application using Expat\n consume an excessive amount of CPU time by providing a specially-crafted\n XML file that triggers multiple hash function collisions. To mitigate\n this issue, randomization has been added to the hash function to reduce the\n chance of an attacker successfully causing intentional collisions.\n (CVE-2012-0876)\n \n A memory leak flaw was found in Expat. If an XML file processed by an\n application linked against Expat triggered a memory re-allocation failure,\n Expat failed to free the previously allocated memory. This could cause the\n application to exit unexpectedly or crash when all available memory is\n exhausted. (CVE-2012-1148)\n \n All Expat users should upgrade to these updated packages, which contain\n backported patches to correct these issues. After installing the updated\n packages, applications using the Expat library must be restarted for the\n update to take effect.\";\n\ntag_affected = \"expat on CentOS 5\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2012-June/018682.html\");\n script_id(881192);\n script_version(\"$Revision: 8336 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-09 08:01:48 +0100 (Tue, 09 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-07-30 16:39:59 +0530 (Mon, 30 Jul 2012)\");\n script_cve_id(\"CVE-2012-0876\", \"CVE-2012-1148\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_xref(name: \"CESA\", value: \"2012:0731\");\n script_name(\"CentOS Update for expat CESA-2012:0731 centos5 \");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of expat\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"expat\", rpm:\"expat~1.95.8~11.el5_8\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"expat-devel\", rpm:\"expat-devel~1.95.8~11.el5_8\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-07-24T12:50:54", "references": [], "pluginID": "71503", "description": "The remote host is missing an update to expat\nannounced via advisory DSA 2525-1.", "edition": 2, "reporter": "Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com", "published": "2012-08-10T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "title": "Debian Security Advisory DSA 2525-1 (expat)", "type": "openvas", "naslFamily": "Debian Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-1148", "CVE-2012-0876"], "modified": "2017-07-07T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=71503", "id": "OPENVAS:71503", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2525_1.nasl 6612 2017-07-07 12:08:03Z cfischer $\n# Description: Auto-generated from advisory DSA 2525-1 (expat)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"It was discovered that Expat, a C library to parse XML, is vulnerable\nto denial of service through hash collisions and a memory leak in\npool handling.\n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 2.0.1-7+squeeze1.\n\nFor the testing distribution (wheezy), this problem has been fixed in\nversion 2.1.0~beta3-1.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 2.1.0~beta3-1.\n\nWe recommend that you upgrade your expat packages.\";\ntag_summary = \"The remote host is missing an update to expat\nannounced via advisory DSA 2525-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202525-1\";\n\nif(description)\n{\n script_id(71503);\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_cve_id(\"CVE-2012-0876\", \"CVE-2012-1148\");\n script_version(\"$Revision: 6612 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:08:03 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-08-10 03:21:27 -0400 (Fri, 10 Aug 2012)\");\n script_name(\"Debian Security Advisory DSA 2525-1 (expat)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"expat\", ver:\"2.0.1-7+squeeze1\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"lib64expat1\", ver:\"2.0.1-7+squeeze1\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"lib64expat1-dev\", ver:\"2.0.1-7+squeeze1\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libexpat1\", ver:\"2.0.1-7+squeeze1\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libexpat1-dev\", ver:\"2.0.1-7+squeeze1\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libexpat1-udeb\", ver:\"2.0.1-7\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"expat\", ver:\"2.1.0-1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"lib64expat1\", ver:\"2.1.0-1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"lib64expat1-dev\", ver:\"2.1.0-1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libexpat1\", ver:\"2.1.0-1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libexpat1-dev\", ver:\"2.1.0-1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libexpat1-udeb\", ver:\"2.1.0-1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-01-02T10:57:22", "references": ["2012:0731-01", "https://www.redhat.com/archives/rhsa-announce/2012-June/msg00011.html"], "pluginID": "870754", "description": "Check for the Version of expat", "edition": 3, "reporter": "Copyright (c) 2012 Greenbone Networks GmbH", "published": "2012-06-15T00:00:00", "title": "RedHat Update for expat RHSA-2012:0731-01", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "Red Hat Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-1148", "CVE-2012-0876"], "modified": "2018-01-02T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=870754", "id": "OPENVAS:870754", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for expat RHSA-2012:0731-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Expat is a C library written by James Clark for parsing XML documents.\n\n A denial of service flaw was found in the implementation of hash arrays in\n Expat. An attacker could use this flaw to make an application using Expat\n consume an excessive amount of CPU time by providing a specially-crafted\n XML file that triggers multiple hash function collisions. To mitigate\n this issue, randomization has been added to the hash function to reduce the\n chance of an attacker successfully causing intentional collisions.\n (CVE-2012-0876)\n\n A memory leak flaw was found in Expat. If an XML file processed by an\n application linked against Expat triggered a memory re-allocation failure,\n Expat failed to free the previously allocated memory. This could cause the\n application to exit unexpectedly or crash when all available memory is\n exhausted. (CVE-2012-1148)\n\n All Expat users should upgrade to these updated packages, which contain\n backported patches to correct these issues. After installing the updated\n packages, applications using the Expat library must be restarted for the\n update to take effect.\";\n\ntag_affected = \"expat on Red Hat Enterprise Linux (v. 5 server),\n Red Hat Enterprise Linux Desktop (v. 6),\n Red Hat Enterprise Linux Server (v. 6),\n Red Hat Enterprise Linux Workstation (v. 6)\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/rhsa-announce/2012-June/msg00011.html\");\n script_id(870754);\n script_version(\"$Revision: 8267 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-02 07:29:17 +0100 (Tue, 02 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-06-15 09:45:45 +0530 (Fri, 15 Jun 2012)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_cve_id(\"CVE-2012-0876\", \"CVE-2012-1148\");\n script_xref(name: \"RHSA\", value: \"2012:0731-01\");\n script_name(\"RedHat Update for expat RHSA-2012:0731-01\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of expat\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"RHENT_6\")\n{\n\n if ((res = isrpmvuln(pkg:\"expat\", rpm:\"expat~2.0.1~11.el6_2\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"expat-debuginfo\", rpm:\"expat-debuginfo~2.0.1~11.el6_2\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"expat-devel\", rpm:\"expat-devel~2.0.1~11.el6_2\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"RHENT_5\")\n{\n\n if ((res = isrpmvuln(pkg:\"expat\", rpm:\"expat~1.95.8~11.el5_8\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"expat-debuginfo\", rpm:\"expat-debuginfo~1.95.8~11.el5_8\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"expat-devel\", rpm:\"expat-devel~1.95.8~11.el5_8\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-09-01T23:59:54", "references": ["1527-1", "http://www.ubuntu.com/usn/usn-1527-1/"], "pluginID": "1361412562310841101", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1527-1", "edition": 5, "reporter": "Copyright (c) 2012 Greenbone Networks GmbH", "published": "2012-08-14T00:00:00", "title": "Ubuntu Update for expat USN-1527-1", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "Ubuntu Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-1148", "CVE-2012-0876"], "modified": "2018-08-17T00:00:00", "id": "OPENVAS:1361412562310841101", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310841101", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1527_1.nasl 11037 2018-08-17 11:51:16Z cfischer $\n#\n# Ubuntu Update for expat USN-1527-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\n\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-1527-1/\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.841101\");\n script_version(\"$Revision: 11037 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-08-17 13:51:16 +0200 (Fri, 17 Aug 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-08-14 10:40:01 +0530 (Tue, 14 Aug 2012)\");\n script_cve_id(\"CVE-2012-0876\", \"CVE-2012-1148\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_xref(name:\"USN\", value:\"1527-1\");\n script_name(\"Ubuntu Update for expat USN-1527-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(10\\.04 LTS|12\\.04 LTS|11\\.10|11\\.04|8\\.04 LTS)\");\n script_tag(name:\"summary\", value:\"Ubuntu Update for Linux kernel vulnerabilities USN-1527-1\");\n script_tag(name:\"affected\", value:\"expat on Ubuntu 12.04 LTS,\n Ubuntu 11.10,\n Ubuntu 11.04,\n Ubuntu 10.04 LTS,\n Ubuntu 8.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"insight\", value:\"It was discovered that Expat computed hash values without restricting the\n ability to trigger hash collisions predictably. If a user or application linked\n against Expat were tricked into opening a crafted XML file, an attacker could\n cause a denial of service by consuming excessive CPU resources. (CVE-2012-0876)\n\n Tim Boddy discovered that Expat did not properly handle memory reallocation\n when processing XML files. If a user or application linked against Expat were\n tricked into opening a crafted XML file, an attacker could cause a denial of\n service by consuming excessive memory resources. This issue only affected\n Ubuntu 8.04 LTS, 10.04 LTS, 11.04 and 11.10. (CVE-2012-1148)\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU10.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"lib64expat1\", ver:\"2.0.1-7ubuntu1.1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libexpat1\", ver:\"2.0.1-7ubuntu1.1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libexpat1-udeb\", ver:\"2.0.1-7ubuntu1.1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU12.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"lib64expat1\", ver:\"2.0.1-7.2ubuntu1.1\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libexpat1\", ver:\"2.0.1-7.2ubuntu1.1\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libexpat1-udeb\", ver:\"2.0.1-7.2ubuntu1.1\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU11.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"lib64expat1\", ver:\"2.0.1-7ubuntu3.11.10.1\", rls:\"UBUNTU11.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libexpat1\", ver:\"2.0.1-7ubuntu3.11.10.1\", rls:\"UBUNTU11.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libexpat1-udeb\", ver:\"2.0.1-7ubuntu3.11.10.1\", rls:\"UBUNTU11.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU11.04\")\n{\n\n if ((res = isdpkgvuln(pkg:\"lib64expat1\", ver:\"2.0.1-7ubuntu3.11.04.1\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libexpat1\", ver:\"2.0.1-7ubuntu3.11.04.1\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libexpat1-udeb\", ver:\"2.0.1-7ubuntu3.11.04.1\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU8.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"lib64expat1\", ver:\"2.0.1-0ubuntu1.2\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libexpat1\", ver:\"2.0.1-0ubuntu1.2\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libexpat1-udeb\", ver:\"2.0.1-0ubuntu1.2\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-09-01T23:59:47", "references": ["http://www.ubuntu.com/usn/usn-1527-2/", "1527-2"], "pluginID": "1361412562310841137", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1527-2", "edition": 5, "reporter": "Copyright (c) 2012 Greenbone Networks GmbH", "published": "2012-09-11T00:00:00", "title": "Ubuntu Update for xmlrpc-c USN-1527-2", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "Ubuntu Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-1148", "CVE-2012-0876"], "modified": "2018-08-17T00:00:00", "id": "OPENVAS:1361412562310841137", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310841137", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1527_2.nasl 11037 2018-08-17 11:51:16Z cfischer $\n#\n# Ubuntu Update for xmlrpc-c USN-1527-2\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\n\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-1527-2/\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.841137\");\n script_version(\"$Revision: 11037 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-08-17 13:51:16 +0200 (Fri, 17 Aug 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-09-11 09:38:28 +0530 (Tue, 11 Sep 2012)\");\n script_cve_id(\"CVE-2012-0876\", \"CVE-2012-1148\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_xref(name:\"USN\", value:\"1527-2\");\n script_name(\"Ubuntu Update for xmlrpc-c USN-1527-2\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(10\\.04 LTS|12\\.04 LTS|11\\.10|11\\.04)\");\n script_tag(name:\"summary\", value:\"Ubuntu Update for Linux kernel vulnerabilities USN-1527-2\");\n script_tag(name:\"affected\", value:\"xmlrpc-c on Ubuntu 12.04 LTS,\n Ubuntu 11.10,\n Ubuntu 11.04,\n Ubuntu 10.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"insight\", value:\"USN-1527-1 fixed vulnerabilities in Expat. This update provides the\n corresponding updates for XML-RPC for C and C++. Both issues described in the\n original advisory affected XML-RPC for C and C++ in Ubuntu 10.04 LTS, 11.04,\n 11.10 and 12.04 LTS.\n\n Original advisory details:\n\n It was discovered that Expat computed hash values without restricting the\n ability to trigger hash collisions predictably. If a user or application\n linked against Expat were tricked into opening a crafted XML file, an attacker\n could cause a denial of service by consuming excessive CPU resources.\n (CVE-2012-0876)\n\n Tim Boddy discovered that Expat did not properly handle memory reallocation\n when processing XML files. If a user or application linked against Expat were\n tricked into opening a crafted XML file, an attacker could cause a denial of\n service by consuming excessive memory resources. This issue only affected\n Ubuntu 8.04 LTS, 10.04 LTS, 11.04 and 11.10. (CVE-2012-1148)\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU10.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libxmlrpc-core-c3\", ver:\"1.06.27-1ubuntu7.1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU12.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libxmlrpc-core-c3\", ver:\"1.16.33-3.1ubuntu5.1\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU11.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libxmlrpc-core-c3-0\", ver:\"1.16.32-0ubuntu4.1\", rls:\"UBUNTU11.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU11.04\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libxmlrpc-core-c3-0\", ver:\"1.16.32-0ubuntu3.1\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-09-28T18:25:03", "references": ["http://linux.oracle.com/errata/ELSA-2012-0731.html"], "pluginID": "1361412562310123904", "description": "Oracle Linux Local Security Checks ELSA-2012-0731", "edition": 5, "reporter": "Eero Volotinen", "published": "2015-10-06T00:00:00", "title": "Oracle Linux Local Check: ELSA-2012-0731", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "naslFamily": "Oracle Linux Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-1148", "CVE-2012-0876"], "modified": "2018-09-28T00:00:00", "id": "OPENVAS:1361412562310123904", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310123904", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2012-0731.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.123904\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-06 14:10:05 +0300 (Tue, 06 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2012-0731\");\n script_tag(name:\"insight\", value:\"ELSA-2012-0731 - expat security update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2012-0731\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2012-0731.html\");\n script_cve_id(\"CVE-2012-0876\", \"CVE-2012-1148\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux(5|6)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux5\")\n{\n if ((res = isrpmvuln(pkg:\"expat\", rpm:\"expat~1.95.8~11.el5_8\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"expat-devel\", rpm:\"expat-devel~1.95.8~11.el5_8\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif(release == \"OracleLinux6\")\n{\n if ((res = isrpmvuln(pkg:\"expat\", rpm:\"expat~2.0.1~11.el6_2\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"expat-devel\", rpm:\"expat-devel~2.0.1~11.el6_2\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-01-08T12:56:38", "references": ["http://www.mandriva.com/en/support/security/advisories/?name=MDVSA-2012:041", "2012:041"], "pluginID": "831681", "description": "Check for the Version of expat", "edition": 3, "reporter": "Copyright (c) 2012 Greenbone Networks GmbH", "published": "2012-08-03T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "title": "Mandriva Update for expat MDVSA-2012:041 (expat)", "type": "openvas", "naslFamily": "Mandrake Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-1148", "CVE-2012-0876"], "modified": "2018-01-08T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=831681", "id": "OPENVAS:831681", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for expat MDVSA-2012:041 (expat)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"A memory leak and a hash table collision flaw in expat could cause\n denial os service (DoS) attacks (CVE-2012-0876, CVE-2012-1148).\n\n The updated packages have been patched to correct this issue.\";\n\ntag_affected = \"expat on Mandriva Linux 2011.0,\n Mandriva Enterprise Server 5.2,\n Mandriva Linux 2010.1\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://www.mandriva.com/en/support/security/advisories/?name=MDVSA-2012:041\");\n script_id(831681);\n script_version(\"$Revision: 8313 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-08 08:02:11 +0100 (Mon, 08 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-08-03 10:01:45 +0530 (Fri, 03 Aug 2012)\");\n script_cve_id(\"CVE-2012-0876\", \"CVE-2012-1148\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_xref(name: \"MDVSA\", value: \"2012:041\");\n script_name(\"Mandriva Update for expat MDVSA-2012:041 (expat)\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of expat\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"MNDK_2011.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"expat\", rpm:\"expat~2.0.1~15.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libexpat1\", rpm:\"libexpat1~2.0.1~15.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libexpat-devel\", rpm:\"libexpat-devel~2.0.1~15.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libexpat-static-devel\", rpm:\"libexpat-static-devel~2.0.1~15.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64expat1\", rpm:\"lib64expat1~2.0.1~15.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64expat-devel\", rpm:\"lib64expat-devel~2.0.1~15.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64expat-static-devel\", rpm:\"lib64expat-static-devel~2.0.1~15.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_mes5.2\")\n{\n\n if ((res = isrpmvuln(pkg:\"expat\", rpm:\"expat~2.0.1~7.4mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libexpat1\", rpm:\"libexpat1~2.0.1~7.4mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libexpat1-devel\", rpm:\"libexpat1-devel~2.0.1~7.4mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64expat1\", rpm:\"lib64expat1~2.0.1~7.4mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64expat1-devel\", rpm:\"lib64expat1-devel~2.0.1~7.4mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_2010.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"expat\", rpm:\"expat~2.0.1~12.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libexpat1\", rpm:\"libexpat1~2.0.1~12.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libexpat1-devel\", rpm:\"libexpat1-devel~2.0.1~12.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64expat1\", rpm:\"lib64expat1~2.0.1~12.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64expat1-devel\", rpm:\"lib64expat1-devel~2.0.1~12.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-09-01T23:59:51", "references": ["http://lists.centos.org/pipermail/centos-announce/2012-June/018685.html", "2012:0731"], "pluginID": "1361412562310881114", "description": "Check for the Version of expat", "edition": 3, "reporter": "Copyright (c) 2012 Greenbone Networks GmbH", "published": "2012-07-30T00:00:00", "title": "CentOS Update for expat CESA-2012:0731 centos6 ", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "CentOS Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-1148", "CVE-2012-0876"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:1361412562310881114", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310881114", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for expat CESA-2012:0731 centos6 \n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_insight = \"Expat is a C library written by James Clark for parsing XML documents.\n\n A denial of service flaw was found in the implementation of hash arrays in\n Expat. An attacker could use this flaw to make an application using Expat\n consume an excessive amount of CPU time by providing a specially-crafted\n XML file that triggers multiple hash function collisions. To mitigate\n this issue, randomization has been added to the hash function to reduce the\n chance of an attacker successfully causing intentional collisions.\n (CVE-2012-0876)\n \n A memory leak flaw was found in Expat. If an XML file processed by an\n application linked against Expat triggered a memory re-allocation failure,\n Expat failed to free the previously allocated memory. This could cause the\n application to exit unexpectedly or crash when all available memory is\n exhausted. (CVE-2012-1148)\n \n All Expat users should upgrade to these updated packages, which contain\n backported patches to correct these issues. After installing the updated\n packages, applications using the Expat library must be restarted for the\n update to take effect.\";\n\ntag_affected = \"expat on CentOS 6\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2012-June/018685.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.881114\");\n script_version(\"$Revision: 9352 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:13:02 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-07-30 16:10:51 +0530 (Mon, 30 Jul 2012)\");\n script_cve_id(\"CVE-2012-0876\", \"CVE-2012-1148\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_xref(name: \"CESA\", value: \"2012:0731\");\n script_name(\"CentOS Update for expat CESA-2012:0731 centos6 \");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of expat\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS6\")\n{\n\n if ((res = isrpmvuln(pkg:\"expat\", rpm:\"expat~2.0.1~11.el6_2\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"expat-devel\", rpm:\"expat-devel~2.0.1~11.el6_2\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-10-02T14:35:45", "references": ["https://alas.aws.amazon.com/ALAS-2012-89.html"], "pluginID": "1361412562310120134", "description": "Amazon Linux Local Security Checks", "edition": 5, "reporter": "Eero Volotinen", "published": "2015-09-08T00:00:00", "title": "Amazon Linux Local Check: ALAS-2012-89", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 2.1}}, "naslFamily": "Amazon Linux Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-1148", "CVE-2012-0876"], "modified": "2018-10-01T00:00:00", "id": "OPENVAS:1361412562310120134", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310120134", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: alas-2012-89.nasl 6578 2017-07-06 13:44:33Z cfischer$\n#\n# Amazon Linux security check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@iki.fi>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://ping-viini.org\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.120134\");\n script_version(\"$Revision: 11703 $\");\n script_tag(name:\"creation_date\", value:\"2015-09-08 13:18:19 +0200 (Tue, 08 Sep 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-01 10:05:31 +0200 (Mon, 01 Oct 2018) $\");\n script_name(\"Amazon Linux Local Check: ALAS-2012-89\");\n script_tag(name:\"insight\", value:\"A denial of service flaw was found in the implementation of hash arrays in Expat. An attacker could use this flaw to make an application using Expat consume an excessive amount of CPU time by providing a specially-crafted XML file that triggers multiple hash function collisions. To mitigate this issue, randomization has been added to the hash function to reduce the chance of an attacker successfully causing intentional collisions. (CVE-2012-0876 )A memory leak flaw was found in Expat. If an XML file processed by an application linked against Expat triggered a memory re-allocation failure, Expat failed to free the previously allocated memory. This could cause the application to exit unexpectedly or crash when all available memory is exhausted. (CVE-2012-1148 )\");\n script_tag(name:\"solution\", value:\"Run yum update expat to update your system.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://alas.aws.amazon.com/ALAS-2012-89.html\");\n script_cve_id(\"CVE-2012-1148\", \"CVE-2012-0876\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/amazon_linux\", \"ssh/login/release\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"summary\", value:\"Amazon Linux Local Security Checks\");\n script_copyright(\"Eero Volotinen\");\n script_family(\"Amazon Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"AMAZON\")\n{\nif ((res = isrpmvuln(pkg:\"expat-devel\", rpm:\"expat-devel~2.0.1~11.9.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"expat-debuginfo\", rpm:\"expat-debuginfo~2.0.1~11.9.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"expat\", rpm:\"expat~2.0.1~11.9.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "cve": [{"lastseen": "2018-01-05T12:20:52", "references": ["http://lists.apple.com/archives/security-announce/2013/Oct/msg00004.html", "https://www.tenable.com/security/tns-2016-20", "http://sourceforge.net/tracker/?func=detail&atid=110127&aid=3496608&group_id=10127", "http://lists.apple.com/archives/security-announce/2015/Dec/msg00005.html", "http://www.debian.org/security/2012/dsa-2525", "http://www.mandriva.com/security/advisories?name=MDVSA-2012:041", "https://support.apple.com/HT205637", "http://rhn.redhat.com/errata/RHSA-2012-0731.html", "http://www.ubuntu.com/usn/USN-1613-1", "http://www.ubuntu.com/usn/USN-1527-1", "http://www.securityfocus.com/bid/52379", "http://sourceforge.net/projects/expat/files/expat/2.1.0/", "http://mail.libexpat.org/pipermail/expat-discuss/2012-March/002768.html", "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html", "http://rhn.redhat.com/errata/RHSA-2016-2957.html", "http://rhn.redhat.com/errata/RHSA-2016-0062.html", "http://www.ubuntu.com/usn/USN-1613-2", "http://bugs.python.org/issue13703#msg151870"], "description": "The XML parser (xmlparse.c) in expat before 2.1.0 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via an XML file with many identifiers with the same value.", "edition": 4, "reporter": "NVD", "published": "2012-07-03T15:55:02", "title": "CVE-2012-0876", "type": "cve", "enchantments": {"score": {"modified": "2018-01-05T12:20:52", "vector": "NONE", "value": 5.0}}, "assessment": {"system": "", "name": "", "href": ""}, "bulletinFamily": "NVD", "cvelist": ["CVE-2012-0876"], "scanner": [], "modified": "2018-01-04T21:29:28", "cpe": ["cpe:/a:libexpat:expat:1.95.7", "cpe:/a:libexpat:expat:2.0.1", "cpe:/a:libexpat:expat:1.95.1", "cpe:/a:libexpat:expat:1.95.5", "cpe:/a:libexpat:expat:2.0.0", "cpe:/a:libexpat:expat:1.95.4", "cpe:/a:libexpat:expat:1.95.6", "cpe:/a:libexpat:expat:1.95.2", "cpe:/a:libexpat:expat:1.95.8"], "id": "CVE-2012-0876", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-0876", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-01-05T12:20:53", "references": ["http://www.securitytracker.com/id/1034344", "http://sourceforge.net/tracker/?func=detail&atid=110127&aid=2958794&group_id=10127", "http://lists.apple.com/archives/security-announce/2015/Dec/msg00005.html", "http://expat.cvs.sourceforge.net/viewvc/expat/expat/lib/xmlparse.c?r1=1.166&r2=1.167", "http://www.debian.org/security/2012/dsa-2525", "http://www.mandriva.com/security/advisories?name=MDVSA-2012:041", "https://support.apple.com/HT205637", "http://rhn.redhat.com/errata/RHSA-2012-0731.html", "http://www.ubuntu.com/usn/USN-1613-1", "http://www.ubuntu.com/usn/USN-1527-1", "http://www.securityfocus.com/bid/52379", "http://sourceforge.net/projects/expat/files/expat/2.1.0/", "http://rhn.redhat.com/errata/RHSA-2016-2957.html", "http://rhn.redhat.com/errata/RHSA-2016-0062.html", "http://www.ubuntu.com/usn/USN-1613-2"], "description": "Memory leak in the poolGrow function in expat/lib/xmlparse.c in expat before 2.1.0 allows context-dependent attackers to cause a denial of service (memory consumption) via a large number of crafted XML files that cause improperly-handled reallocation failures when expanding entities.", "edition": 4, "reporter": "NVD", "published": "2012-07-03T15:55:02", "title": "CVE-2012-1148", "type": "cve", "enchantments": {"score": {"modified": "2018-01-05T12:20:53", "vector": "NONE", "value": 5.0}}, "assessment": {"system": "", "name": "", "href": ""}, "bulletinFamily": "NVD", "cvelist": ["CVE-2012-1148"], "scanner": [], "modified": "2018-01-04T21:29:28", "cpe": ["cpe:/a:libexpat:expat:1.95.7", "cpe:/a:libexpat:expat:2.0.1", "cpe:/a:libexpat:expat:1.95.1", "cpe:/a:libexpat:expat:1.95.5", "cpe:/a:libexpat:expat:2.0.0", "cpe:/o:apple:mac_os_x:10.11.1", "cpe:/a:libexpat:expat:1.95.4", "cpe:/a:libexpat:expat:1.95.6", "cpe:/a:libexpat:expat:1.95.2", "cpe:/a:libexpat:expat:1.95.8"], "id": "CVE-2012-1148", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-1148", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "debian": [{"lastseen": "2018-10-16T22:14:41", "references": [], "affectedPackage": [{"OS": "Debian", "OSVersion": "6", "packageVersion": "2.0.1-7+squeeze1", "arch": "all", "packageFilename": "lib64expat1_2.0.1-7+squeeze1_all.deb", "packageName": "lib64expat1", "operator": "lt"}, {"OS": "Debian", "OSVersion": "6", "packageVersion": "2.0.1-7+squeeze1", "arch": "all", "packageFilename": "libexpat1-udeb_2.0.1-7+squeeze1_all.deb", "packageName": "libexpat1-udeb", "operator": "lt"}, {"OS": "Debian", "OSVersion": "6", "packageVersion": "2.0.1-7+squeeze1", "arch": "all", "packageFilename": "lib64expat1-dev_2.0.1-7+squeeze1_all.deb", "packageName": "lib64expat1-dev", "operator": "lt"}, {"OS": "Debian", "OSVersion": "6", "packageVersion": "2.0.1-7+squeeze1", "arch": "all", "packageFilename": "libexpat1_2.0.1-7+squeeze1_all.deb", "packageName": "libexpat1", "operator": "lt"}, {"OS": "Debian", "OSVersion": "6", "packageVersion": "2.0.1-7+squeeze1", "arch": "all", "packageFilename": "expat_2.0.1-7+squeeze1_all.deb", "packageName": "expat", "operator": "lt"}, {"OS": "Debian", "OSVersion": "6", "packageVersion": "2.0.1-7+squeeze1", "arch": "all", "packageFilename": "libexpat1-dev_2.0.1-7+squeeze1_all.deb", "packageName": "libexpat1-dev", "operator": "lt"}], "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-2525-1 security@debian.org\nhttp://www.debian.org/security/ Moritz Muehlenhoff\nAugust 06, 2012 http://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : expat\nVulnerability : several\nProblem type : local\nDebian-specific: no\nCVE ID : CVE-2012-0876 CVE-2012-1148\n\nIt was discovered that Expat, a C library to parse XML, is vulnerable\nto denial of service through hash collisions and a memory leak in\npool handling.\n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 2.0.1-7+squeeze1.\n\nFor the testing distribution (wheezy), this problem has been fixed in\nversion 2.1.0~beta3-1.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 2.1.0~beta3-1.\n\nWe recommend that you upgrade your expat packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: http://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "edition": 1, "reporter": "Debian", "published": "2012-08-06T20:37:35", "title": "[SECURITY] [DSA 2525-1] expat security update", "type": "debian", "enchantments": {"score": {"modified": "2018-10-16T22:14:41", "vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2012-1148", "CVE-2012-0876"], "modified": "2012-08-06T20:37:35", "id": "DEBIAN:DSA-2525-1:0551E", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2012/msg00166.html", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-10-16T22:14:48", "references": [], "affectedPackage": [{"OS": "Debian", "OSVersion": "8", "packageVersion": "2.1.0-6+deb8u3", "arch": "all", "packageFilename": "libexpat1-udeb_2.1.0-6+deb8u3_all.deb", "packageName": "libexpat1-udeb", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "2.1.0-6+deb8u3", "arch": "all", "packageFilename": "lib64expat1_2.1.0-6+deb8u3_all.deb", "packageName": "lib64expat1", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "2.1.0-6+deb8u3", "arch": "all", "packageFilename": "libexpat1_2.1.0-6+deb8u3_all.deb", "packageName": "libexpat1", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "2.1.0-6+deb8u3", "arch": "all", "packageFilename": "expat_2.1.0-6+deb8u3_all.deb", "packageName": "expat", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "2.1.0-6+deb8u3", "arch": "all", "packageFilename": "lib64expat1-dev_2.1.0-6+deb8u3_all.deb", "packageName": "lib64expat1-dev", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "2.1.0-6+deb8u3", "arch": "all", "packageFilename": "libexpat1-dev_2.1.0-6+deb8u3_all.deb", "packageName": "libexpat1-dev", "operator": "lt"}], "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-3597-1 security@debian.org\nhttps://www.debian.org/security/ Luciano Bello\nJune 07, 2016 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : expat\nCVE ID : CVE-2012-6702 CVE-2016-5300\n\nTwo related issues have been discovered in Expat, a C library for parsing\nXML.\n\nCVE-2012-6702\n\n It was introduced when CVE-2012-0876 was addressed. Stefan S\u00c3\u00b8rensen\n discovered that the use of the function XML_Parse() seeds the random\n number generator generating repeated outputs for rand() calls.\n\nCVE-2016-5300\n\n It is the product of an incomplete solution for CVE-2012-0876. The\n parser poorly seeds the random number generator allowing an\n attacker to cause a denial of service (CPU consumption) via an XML\n file with crafted identifiers.\n\nYou might need to manually restart programs and services using expat\nlibraries.\n\nFor the stable distribution (jessie), these problems have been fixed in\nversion 2.1.0-6+deb8u3.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 2.1.1-3.\n\nWe recommend that you upgrade your expat packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "edition": 1, "reporter": "Debian", "published": "2016-06-07T16:44:54", "title": "[SECURITY] [DSA 3597-1] expat security update", "type": "debian", "enchantments": {"score": {"modified": "2018-10-16T22:14:48", "vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2016-5300", "CVE-2012-0876", "CVE-2012-6702"], "modified": "2016-06-07T16:44:54", "id": "DEBIAN:DSA-3597-1:6D822", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2016/msg00175.html", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2018-10-18T13:50:29", "references": [], "affectedPackage": [{"OS": "Debian", "OSVersion": "7", "packageVersion": "2.1.0-1+deb7u4", "arch": "all", "packageFilename": "expat_2.1.0-1+deb7u4_all.deb", "packageName": "expat", "operator": "lt"}], "description": "Package : expat\nVersion : 2.1.0-1+deb7u4\nCVE ID : CVE-2012-6702 CVE-2016-5300\n\n\nTwo related issues have been discovered in Expat, a C library for\nparsing XML.\n\nCVE-2012-6702\n\n This issue was introduced when CVE-2012-0876 was addressed. Stefan\n S\u00f8rensen discovered that the use of the function XML_Parse() seeds\n the random number generator generating repeated outputs for rand()\n calls.\n\nCVE-2016-5300\n\n This is the product of an incomplete solution for CVE-2012-0876. The\n parser poorly seeds the random number generator allowing an\n attacker to cause a denial of service (CPU consumption) via an XML\n file with crafted identifiers.\n\nYou might need to manually restart programs and services using expat\nlibraries.\n\nFor Debian 7 &quot;Wheezy&quot;, these problems have been fixed in version\n2.1.0-1+deb7u4.\n\nWe recommend that you upgrade your expat packages.\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS\n", "edition": 2, "reporter": "Debian", "published": "2016-06-08T09:29:29", "title": "[SECURITY] [DLA 508-1] expat security update", "type": "debian", "enchantments": {"score": {"modified": "2018-10-18T13:50:29", "vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2016-5300", "CVE-2012-0876", "CVE-2012-6702"], "modified": "2016-06-08T09:29:29", "id": "DEBIAN:DLA-508-1:E525E", "href": "https://lists.debian.org/debian-lts-announce/2016/debian-lts-announce-201606/msg00009.html", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}], "nessus": [{"lastseen": "2018-09-01T23:35:07", "references": ["https://alas.aws.amazon.com/ALAS-2012-89.html"], "pluginID": "69696", "description": "A denial of service flaw was found in the implementation of hash arrays in Expat. An attacker could use this flaw to make an application using Expat consume an excessive amount of CPU time by providing a specially crafted XML file that triggers multiple hash function collisions. To mitigate this issue, randomization has been added to the hash function to reduce the chance of an attacker successfully causing intentional collisions. (CVE-2012-0876)\n\nA memory leak flaw was found in Expat. If an XML file processed by an application linked against Expat triggered a memory re-allocation failure, Expat failed to free the previously allocated memory. This could cause the application to exit unexpectedly or crash when all available memory is exhausted. (CVE-2012-1148)", "edition": 5, "reporter": "Tenable", "published": "2013-09-04T00:00:00", "title": "Amazon Linux AMI : expat (ALAS-2012-89)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "Amazon Linux Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-1148", "CVE-2012-0876"], "modified": "2018-04-18T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:expat-debuginfo", "p-cpe:/a:amazon:linux:expat", "p-cpe:/a:amazon:linux:expat-devel", "cpe:/o:amazon:linux"], "id": "ALA_ALAS-2012-89.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=69696", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2012-89.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(69696);\n script_version(\"1.6\");\n script_cvs_date(\"Date: 2018/04/18 15:09:34\");\n\n script_cve_id(\"CVE-2012-0876\", \"CVE-2012-1148\");\n script_xref(name:\"ALAS\", value:\"2012-89\");\n script_xref(name:\"RHSA\", value:\"2012:0731\");\n\n script_name(english:\"Amazon Linux AMI : expat (ALAS-2012-89)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux AMI host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A denial of service flaw was found in the implementation of hash\narrays in Expat. An attacker could use this flaw to make an\napplication using Expat consume an excessive amount of CPU time by\nproviding a specially crafted XML file that triggers multiple hash\nfunction collisions. To mitigate this issue, randomization has been\nadded to the hash function to reduce the chance of an attacker\nsuccessfully causing intentional collisions. (CVE-2012-0876)\n\nA memory leak flaw was found in Expat. If an XML file processed by an\napplication linked against Expat triggered a memory re-allocation\nfailure, Expat failed to free the previously allocated memory. This\ncould cause the application to exit unexpectedly or crash when all\navailable memory is exhausted. (CVE-2012-1148)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/ALAS-2012-89.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Run 'yum update expat' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:expat\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:expat-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:expat-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/06/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/09/04\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", reference:\"expat-2.0.1-11.9.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"expat-debuginfo-2.0.1-11.9.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"expat-devel-2.0.1-11.9.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"expat / expat-debuginfo / expat-devel\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-11-11T12:49:55", "references": ["http://www.nessus.org/u?5e48af20", "http://www.nessus.org/u?38072ad3"], "pluginID": "59482", "description": "Updated expat packages that fix two security issues are now available for Red Hat Enterprise Linux 5 and 6.\n\nThe Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nExpat is a C library written by James Clark for parsing XML documents.\n\nA denial of service flaw was found in the implementation of hash arrays in Expat. An attacker could use this flaw to make an application using Expat consume an excessive amount of CPU time by providing a specially crafted XML file that triggers multiple hash function collisions. To mitigate this issue, randomization has been added to the hash function to reduce the chance of an attacker successfully causing intentional collisions. (CVE-2012-0876)\n\nA memory leak flaw was found in Expat. If an XML file processed by an application linked against Expat triggered a memory re-allocation failure, Expat failed to free the previously allocated memory. This could cause the application to exit unexpectedly or crash when all available memory is exhausted. (CVE-2012-1148)\n\nAll Expat users should upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, applications using the Expat library must be restarted for the update to take effect.", "edition": 7, "reporter": "Tenable", "published": "2012-06-14T00:00:00", "title": "CentOS 5 / 6 : expat (CESA-2012:0731)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "CentOS Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-1148", "CVE-2012-0876"], "modified": "2018-11-10T00:00:00", "cpe": ["p-cpe:/a:centos:centos:expat", "cpe:/o:centos:centos:6", "cpe:/o:centos:centos:5", "p-cpe:/a:centos:centos:expat-devel"], "id": "CENTOS_RHSA-2012-0731.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=59482", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2012:0731 and \n# CentOS Errata and Security Advisory 2012:0731 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(59482);\n script_version(\"1.12\");\n script_cvs_date(\"Date: 2018/11/10 11:49:30\");\n\n script_cve_id(\"CVE-2012-0876\", \"CVE-2012-1148\");\n script_bugtraq_id(52379);\n script_xref(name:\"RHSA\", value:\"2012:0731\");\n\n script_name(english:\"CentOS 5 / 6 : expat (CESA-2012:0731)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated expat packages that fix two security issues are now available\nfor Red Hat Enterprise Linux 5 and 6.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nExpat is a C library written by James Clark for parsing XML documents.\n\nA denial of service flaw was found in the implementation of hash\narrays in Expat. An attacker could use this flaw to make an\napplication using Expat consume an excessive amount of CPU time by\nproviding a specially crafted XML file that triggers multiple hash\nfunction collisions. To mitigate this issue, randomization has been\nadded to the hash function to reduce the chance of an attacker\nsuccessfully causing intentional collisions. (CVE-2012-0876)\n\nA memory leak flaw was found in Expat. If an XML file processed by an\napplication linked against Expat triggered a memory re-allocation\nfailure, Expat failed to free the previously allocated memory. This\ncould cause the application to exit unexpectedly or crash when all\navailable memory is exhausted. (CVE-2012-1148)\n\nAll Expat users should upgrade to these updated packages, which\ncontain backported patches to correct these issues. After installing\nthe updated packages, applications using the Expat library must be\nrestarted for the update to take effect.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2012-June/018682.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?5e48af20\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2012-June/018685.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?38072ad3\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected expat packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:expat\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:expat-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:6\");\n\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/06/14\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/CentOS/release\")) audit(AUDIT_OS_NOT, \"CentOS\");\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-5\", reference:\"expat-1.95.8-11.el5_8\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"expat-devel-1.95.8-11.el5_8\")) flag++;\n\nif (rpm_check(release:\"CentOS-6\", reference:\"expat-2.0.1-11.el6_2\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"expat-devel-2.0.1-11.el6_2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-09-01T23:50:51", "references": ["https://support.f5.com/csp/#/article/K16949"], "pluginID": "86013", "description": "CVE-2012-0876\n\nThe XML parser (xmlparse.c) in expat before 2.1.0 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via an XML file with many identifiers with the same value.\n\nCVE-2012-1148 Memory leak in the poolGrow function in expat/lib/xmlparse.c in expat before 2.1.0 allows context-dependent attackers to cause a denial of service (memory consumption) via a large number of crafted XML files that cause improperly-handled reallocation failures when expanding entities.\n\nImpact\n\nThese vulnerabilities allow context-dependent attackers to cause a denial-of-service (DoS) (CPU and/or memory consumption) by way of XML files.", "edition": 8, "reporter": "Tenable", "published": "2015-09-18T00:00:00", "title": "F5 Networks BIG-IP : Expat vulnerabilities (K16949)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "F5 Networks Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-1148", "CVE-2012-0876"], "modified": "2018-07-10T00:00:00", "cpe": ["cpe:/a:f5:big-ip_global_traffic_manager", "cpe:/a:f5:big-ip_link_controller", "cpe:/a:f5:big-ip_advanced_firewall_manager", "cpe:/a:f5:big-ip_policy_enforcement_manager", "cpe:/a:f5:big-ip_application_security_manager", "cpe:/a:f5:big-ip_application_acceleration_manager", "cpe:/h:f5:big-ip_protocol_security_manager", "cpe:/a:f5:big-ip_local_traffic_manager", "cpe:/a:f5:big-ip_wan_optimization_manager", "cpe:/h:f5:big-ip", "cpe:/a:f5:big-ip_application_visibility_and_reporting", "cpe:/a:f5:big-ip_webaccelerator", "cpe:/a:f5:big-ip_access_policy_manager"], "id": "F5_BIGIP_SOL16949.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=86013", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from F5 Networks BIG-IP Solution K16949.\n#\n# The text description of this plugin is (C) F5 Networks.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(86013);\n script_version(\"2.6\");\n script_cvs_date(\"Date: 2018/07/10 14:27:32\");\n\n script_cve_id(\"CVE-2012-0876\", \"CVE-2012-1148\");\n script_bugtraq_id(52379);\n\n script_name(english:\"F5 Networks BIG-IP : Expat vulnerabilities (K16949)\");\n script_summary(english:\"Checks the BIG-IP version.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote device is missing a vendor-supplied security patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"CVE-2012-0876\n\nThe XML parser (xmlparse.c) in expat before 2.1.0 computes hash values\nwithout restricting the ability to trigger hash collisions\npredictably, which allows context-dependent attackers to cause a\ndenial of service (CPU consumption) via an XML file with many\nidentifiers with the same value.\n\nCVE-2012-1148 Memory leak in the poolGrow function in\nexpat/lib/xmlparse.c in expat before 2.1.0 allows context-dependent\nattackers to cause a denial of service (memory consumption) via a\nlarge number of crafted XML files that cause improperly-handled\nreallocation failures when expanding entities.\n\nImpact\n\nThese vulnerabilities allow context-dependent attackers to cause a\ndenial-of-service (DoS) (CPU and/or memory consumption) by way of XML\nfiles.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://support.f5.com/csp/#/article/K16949\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade to one of the non-vulnerable versions listed in the F5\nSolution K16949.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"potential_vulnerability\", value:\"true\");\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_access_policy_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_advanced_firewall_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_application_acceleration_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_application_security_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_application_visibility_and_reporting\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_global_traffic_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_link_controller\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_local_traffic_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_policy_enforcement_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_wan_optimization_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_webaccelerator\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/h:f5:big-ip\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/h:f5:big-ip_protocol_security_manager\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/07/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/09/18\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2005/03/30\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2018 Tenable Network Security, Inc.\");\n script_family(english:\"F5 Networks Local Security Checks\");\n\n script_dependencies(\"f5_bigip_detect.nbin\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/BIG-IP/hotfix\", \"Host/BIG-IP/modules\", \"Host/BIG-IP/version\", \"Settings/ParanoidReport\");\n\n exit(0);\n}\n\n\ninclude(\"f5_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nversion = get_kb_item(\"Host/BIG-IP/version\");\nif ( ! version ) audit(AUDIT_OS_NOT, \"F5 Networks BIG-IP\");\nif ( isnull(get_kb_item(\"Host/BIG-IP/hotfix\")) ) audit(AUDIT_KB_MISSING, \"Host/BIG-IP/hotfix\");\nif ( ! get_kb_item(\"Host/BIG-IP/modules\") ) audit(AUDIT_KB_MISSING, \"Host/BIG-IP/modules\");\n\nsol = \"K16949\";\nvmatrix = make_array();\n\nif (report_paranoia < 2) audit(AUDIT_PARANOID);\n\n# AFM\nvmatrix[\"AFM\"] = make_array();\nvmatrix[\"AFM\"][\"affected\" ] = make_list(\"11.0.0-11.2.1\",\"10.1.0-10.2.4\");\nvmatrix[\"AFM\"][\"unaffected\"] = make_list(\"11.3.0-11.6.0\");\n\n# AM\nvmatrix[\"AM\"] = make_array();\nvmatrix[\"AM\"][\"affected\" ] = make_list(\"11.0.0-11.2.1\",\"10.1.0-10.2.4\");\nvmatrix[\"AM\"][\"unaffected\"] = make_list(\"11.3.0-11.6.0\");\n\n# APM\nvmatrix[\"APM\"] = make_array();\nvmatrix[\"APM\"][\"affected\" ] = make_list(\"11.0.0-11.2.1\",\"10.1.0-10.2.4\");\nvmatrix[\"APM\"][\"unaffected\"] = make_list(\"11.3.0-11.6.0\");\n\n# ASM\nvmatrix[\"ASM\"] = make_array();\nvmatrix[\"ASM\"][\"affected\" ] = make_list(\"11.0.0-11.2.1\",\"10.1.0-10.2.4\");\nvmatrix[\"ASM\"][\"unaffected\"] = make_list(\"11.3.0-11.6.0\");\n\n# AVR\nvmatrix[\"AVR\"] = make_array();\nvmatrix[\"AVR\"][\"affected\" ] = make_list(\"11.0.0-11.2.1\",\"10.1.0-10.2.4\");\nvmatrix[\"AVR\"][\"unaffected\"] = make_list(\"11.3.0-11.6.0\");\n\n# GTM\nvmatrix[\"GTM\"] = make_array();\nvmatrix[\"GTM\"][\"affected\" ] = make_list(\"11.0.0-11.2.1\",\"10.1.0-10.2.4\");\nvmatrix[\"GTM\"][\"unaffected\"] = make_list(\"11.3.0-11.6.0\");\n\n# LC\nvmatrix[\"LC\"] = make_array();\nvmatrix[\"LC\"][\"affected\" ] = make_list(\"11.0.0-11.2.1\",\"10.1.0-10.2.4\");\nvmatrix[\"LC\"][\"unaffected\"] = make_list(\"11.3.0-11.6.0\");\n\n# LTM\nvmatrix[\"LTM\"] = make_array();\nvmatrix[\"LTM\"][\"affected\" ] = make_list(\"11.0.0-11.2.1\",\"10.1.0-10.2.4\");\nvmatrix[\"LTM\"][\"unaffected\"] = make_list(\"11.3.0-11.6.0\");\n\n# PEM\nvmatrix[\"PEM\"] = make_array();\nvmatrix[\"PEM\"][\"affected\" ] = make_list(\"11.0.0-11.2.1\",\"10.1.0-10.2.4\");\nvmatrix[\"PEM\"][\"unaffected\"] = make_list(\"11.3.0-11.6.0\");\n\n# PSM\nvmatrix[\"PSM\"] = make_array();\nvmatrix[\"PSM\"][\"affected\" ] = make_list(\"11.0.0-11.2.1\",\"10.1.0-10.2.4\");\nvmatrix[\"PSM\"][\"unaffected\"] = make_list(\"11.3.0-11.6.0\");\n\n# WAM\nvmatrix[\"WAM\"] = make_array();\nvmatrix[\"WAM\"][\"affected\" ] = make_list(\"11.0.0-11.2.1\",\"10.1.0-10.2.4\");\nvmatrix[\"WAM\"][\"unaffected\"] = make_list(\"11.3.0\");\n\n# WOM\nvmatrix[\"WOM\"] = make_array();\nvmatrix[\"WOM\"][\"affected\" ] = make_list(\"11.0.0-11.2.1\",\"10.1.0-10.2.4\");\nvmatrix[\"WOM\"][\"unaffected\"] = make_list(\"11.3.0\");\n\n\nif (bigip_is_affected(vmatrix:vmatrix, sol:sol))\n{\n if (report_verbosity > 0) security_warning(port:0, extra:bigip_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = bigip_get_tested_modules();\n audit_extra = \"For BIG-IP module(s) \" + tested + \",\";\n if (tested) audit(AUDIT_INST_VER_NOT_VULN, audit_extra, version);\n else audit(AUDIT_HOST_NOT, \"running any of the affected modules\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-09-01T23:47:38", "references": ["https://oss.oracle.com/pipermail/el-errata/2012-June/002861.html", "https://oss.oracle.com/pipermail/el-errata/2012-June/002859.html"], "pluginID": "68543", "description": "From Red Hat Security Advisory 2012:0731 :\n\nUpdated expat packages that fix two security issues are now available for Red Hat Enterprise Linux 5 and 6.\n\nThe Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nExpat is a C library written by James Clark for parsing XML documents.\n\nA denial of service flaw was found in the implementation of hash arrays in Expat. An attacker could use this flaw to make an application using Expat consume an excessive amount of CPU time by providing a specially crafted XML file that triggers multiple hash function collisions. To mitigate this issue, randomization has been added to the hash function to reduce the chance of an attacker successfully causing intentional collisions. (CVE-2012-0876)\n\nA memory leak flaw was found in Expat. If an XML file processed by an application linked against Expat triggered a memory re-allocation failure, Expat failed to free the previously allocated memory. This could cause the application to exit unexpectedly or crash when all available memory is exhausted. (CVE-2012-1148)\n\nAll Expat users should upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, applications using the Expat library must be restarted for the update to take effect.", "edition": 5, "reporter": "Tenable", "published": "2013-07-12T00:00:00", "title": "Oracle Linux 5 / 6 : expat (ELSA-2012-0731)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "Oracle Linux Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-1148", "CVE-2012-0876"], "modified": "2018-07-18T00:00:00", "cpe": ["cpe:/o:oracle:linux:6", "p-cpe:/a:oracle:linux:expat", "cpe:/o:oracle:linux:5", "p-cpe:/a:oracle:linux:expat-devel"], "id": "ORACLELINUX_ELSA-2012-0731.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=68543", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2012:0731 and \n# Oracle Linux Security Advisory ELSA-2012-0731 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(68543);\n script_version(\"1.9\");\n script_cvs_date(\"Date: 2018/07/18 17:43:57\");\n\n script_cve_id(\"CVE-2012-0876\", \"CVE-2012-1148\");\n script_bugtraq_id(52379);\n script_xref(name:\"RHSA\", value:\"2012:0731\");\n\n script_name(english:\"Oracle Linux 5 / 6 : expat (ELSA-2012-0731)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2012:0731 :\n\nUpdated expat packages that fix two security issues are now available\nfor Red Hat Enterprise Linux 5 and 6.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nExpat is a C library written by James Clark for parsing XML documents.\n\nA denial of service flaw was found in the implementation of hash\narrays in Expat. An attacker could use this flaw to make an\napplication using Expat consume an excessive amount of CPU time by\nproviding a specially crafted XML file that triggers multiple hash\nfunction collisions. To mitigate this issue, randomization has been\nadded to the hash function to reduce the chance of an attacker\nsuccessfully causing intentional collisions. (CVE-2012-0876)\n\nA memory leak flaw was found in Expat. If an XML file processed by an\napplication linked against Expat triggered a memory re-allocation\nfailure, Expat failed to free the previously allocated memory. This\ncould cause the application to exit unexpectedly or crash when all\navailable memory is exhausted. (CVE-2012-1148)\n\nAll Expat users should upgrade to these updated packages, which\ncontain backported patches to correct these issues. After installing\nthe updated packages, applications using the Expat library must be\nrestarted for the update to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2012-June/002859.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2012-June/002861.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected expat packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:expat\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:expat-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/06/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^(5|6)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 5 / 6\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL5\", reference:\"expat-1.95.8-11.el5_8\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"expat-devel-1.95.8-11.el5_8\")) flag++;\n\nif (rpm_check(release:\"EL6\", reference:\"expat-2.0.1-11.el6_2\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"expat-devel-2.0.1-11.el6_2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"expat / expat-devel\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-11-13T17:10:03", "references": ["https://access.redhat.com/security/cve/cve-2012-0876", "https://access.redhat.com/security/cve/cve-2012-1148", "https://access.redhat.com/errata/RHSA-2012:0731"], "pluginID": "59491", "description": "Updated expat packages that fix two security issues are now available for Red Hat Enterprise Linux 5 and 6.\n\nThe Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nExpat is a C library written by James Clark for parsing XML documents.\n\nA denial of service flaw was found in the implementation of hash arrays in Expat. An attacker could use this flaw to make an application using Expat consume an excessive amount of CPU time by providing a specially crafted XML file that triggers multiple hash function collisions. To mitigate this issue, randomization has been added to the hash function to reduce the chance of an attacker successfully causing intentional collisions. (CVE-2012-0876)\n\nA memory leak flaw was found in Expat. If an XML file processed by an application linked against Expat triggered a memory re-allocation failure, Expat failed to free the previously allocated memory. This could cause the application to exit unexpectedly or crash when all available memory is exhausted. (CVE-2012-1148)\n\nAll Expat users should upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, applications using the Expat library must be restarted for the update to take effect.", "edition": 8, "reporter": "Tenable", "published": "2012-06-14T00:00:00", "title": "RHEL 5 / 6 : expat (RHSA-2012:0731)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "Red Hat Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-1148", "CVE-2012-0876"], "modified": "2018-11-10T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:expat-debuginfo", "cpe:/o:redhat:enterprise_linux:5", "p-cpe:/a:redhat:enterprise_linux:expat-devel", "cpe:/o:redhat:enterprise_linux:6.2", "cpe:/o:redhat:enterprise_linux:6", "p-cpe:/a:redhat:enterprise_linux:expat"], "id": "REDHAT-RHSA-2012-0731.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=59491", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2012:0731. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(59491);\n script_version (\"1.19\");\n script_cvs_date(\"Date: 2018/11/10 11:49:52\");\n\n script_cve_id(\"CVE-2012-0876\", \"CVE-2012-1148\");\n script_bugtraq_id(52379);\n script_xref(name:\"RHSA\", value:\"2012:0731\");\n\n script_name(english:\"RHEL 5 / 6 : expat (RHSA-2012:0731)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated expat packages that fix two security issues are now available\nfor Red Hat Enterprise Linux 5 and 6.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nExpat is a C library written by James Clark for parsing XML documents.\n\nA denial of service flaw was found in the implementation of hash\narrays in Expat. An attacker could use this flaw to make an\napplication using Expat consume an excessive amount of CPU time by\nproviding a specially crafted XML file that triggers multiple hash\nfunction collisions. To mitigate this issue, randomization has been\nadded to the hash function to reduce the chance of an attacker\nsuccessfully causing intentional collisions. (CVE-2012-0876)\n\nA memory leak flaw was found in Expat. If an XML file processed by an\napplication linked against Expat triggered a memory re-allocation\nfailure, Expat failed to free the previously allocated memory. This\ncould cause the application to exit unexpectedly or crash when all\navailable memory is exhausted. (CVE-2012-1148)\n\nAll Expat users should upgrade to these updated packages, which\ncontain backported patches to correct these issues. After installing\nthe updated packages, applications using the Expat library must be\nrestarted for the update to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2012:0731\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2012-1148\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2012-0876\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected expat, expat-debuginfo and / or expat-devel\npackages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:expat\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:expat-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:expat-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/06/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/06/14\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = eregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^(5|6)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 5.x / 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2012:0731\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL5\", reference:\"expat-1.95.8-11.el5_8\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", reference:\"expat-debuginfo-1.95.8-11.el5_8\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", reference:\"expat-devel-1.95.8-11.el5_8\")) flag++;\n\n\n if (rpm_check(release:\"RHEL6\", reference:\"expat-2.0.1-11.el6_2\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"expat-debuginfo-2.0.1-11.el6_2\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"expat-devel-2.0.1-11.el6_2\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"expat / expat-debuginfo / expat-devel\");\n }\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-11-17T03:03:08", "references": ["http://www.nessus.org/u?4a913f44", "http://www.nessus.org/u?9df5e276"], "pluginID": "80669", "description": "The remote Solaris system is missing necessary patches to address security updates :\n\n - The XML parser (xmlparse.c) in expat before 2.1.0 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via an XML file with many identifiers with the same value. (CVE-2012-0876)\n\n - Memory leak in the poolGrow function in expat/lib/xmlparse.c in expat before 2.1.0 allows context-dependent attackers to cause a denial of service (memory consumption) via a large number of crafted XML files that cause improperly-handled reallocation failures when expanding entities. (CVE-2012-1148)", "edition": 5, "reporter": "Tenable", "published": "2015-01-19T00:00:00", "title": "Oracle Solaris Third-Party Patch Update : libexpat (multiple_resource_management_error_vulnerabilities)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "Solaris Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-1148", "CVE-2012-0876"], "modified": "2018-11-15T00:00:00", "cpe": ["p-cpe:/a:oracle:solaris:libexpat", "cpe:/o:oracle:solaris:11.0"], "id": "SOLARIS11_LIBEXPAT_20120918.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=80669", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from the Oracle Third Party software advisories.\n#\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(80669);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2018/11/15 20:50:24\");\n\n script_cve_id(\"CVE-2012-0876\", \"CVE-2012-1148\");\n\n script_name(english:\"Oracle Solaris Third-Party Patch Update : libexpat (multiple_resource_management_error_vulnerabilities)\");\n script_summary(english:\"Check for the 'entire' version.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Solaris system is missing a security patch for third-party\nsoftware.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote Solaris system is missing necessary patches to address\nsecurity updates :\n\n - The XML parser (xmlparse.c) in expat before 2.1.0\n computes hash values without restricting the ability to\n trigger hash collisions predictably, which allows\n context-dependent attackers to cause a denial of service\n (CPU consumption) via an XML file with many identifiers\n with the same value. (CVE-2012-0876)\n\n - Memory leak in the poolGrow function in\n expat/lib/xmlparse.c in expat before 2.1.0 allows\n context-dependent attackers to cause a denial of service\n (memory consumption) via a large number of crafted XML\n files that cause improperly-handled reallocation\n failures when expanding entities. (CVE-2012-1148)\"\n );\n # https://www.oracle.com/technetwork/topics/security/thirdparty-patch-map-1482893.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?4a913f44\"\n );\n # https://blogs.oracle.com/sunsecurity/multiple-resource-management-error-vulnerabilities-in-libexpat\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?9df5e276\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade to Solaris 11/11 SRU 11.4.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:solaris:11.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:libexpat\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/09/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/01/19\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Solaris Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Solaris11/release\", \"Host/Solaris11/pkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"solaris.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Solaris11/release\");\nif (isnull(release)) audit(AUDIT_OS_NOT, \"Solaris11\");\npkg_list = solaris_pkg_list_leaves();\nif (isnull (pkg_list)) audit(AUDIT_PACKAGE_LIST_MISSING, \"Solaris pkg-list packages\");\n\nif (empty_or_null(egrep(string:pkg_list, pattern:\"^libexpat$\"))) audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libexpat\");\n\nflag = 0;\n\nif (solaris_check_release(release:\"0.5.11-0.175.0.11.0.4.1\", sru:\"SRU 11.4\") > 0) flag++;\n\nif (flag)\n{\n error_extra = 'Affected package : libexpat\\n' + solaris_get_report2();\n error_extra = ereg_replace(pattern:\"version\", replace:\"OS version\", string:error_extra);\n if (report_verbosity > 0) security_warning(port:0, extra:error_extra);\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_PACKAGE_NOT_AFFECTED, \"libexpat\");\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-12-02T15:47:26", "references": ["https://usn.ubuntu.com/1527-2/"], "pluginID": "62036", "description": "USN-1527-1 fixed vulnerabilities in Expat. This update provides the corresponding updates for XML-RPC for C and C++. Both issues described in the original advisory affected XML-RPC for C and C++ in Ubuntu 10.04 LTS, 11.04, 11.10 and 12.04 LTS.\n\nIt was discovered that Expat computed hash values without restricting the ability to trigger hash collisions predictably. If a user or application linked against Expat were tricked into opening a crafted XML file, an attacker could cause a denial of service by consuming excessive CPU resources. (CVE-2012-0876)\n\nTim Boddy discovered that Expat did not properly handle memory reallocation when processing XML files. If a user or application linked against Expat were tricked into opening a crafted XML file, an attacker could cause a denial of service by consuming excessive memory resources. This issue only affected Ubuntu 8.04 LTS, 10.04 LTS, 11.04 and 11.10.\n(CVE-2012-1148).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "edition": 6, "reporter": "Tenable", "published": "2012-09-11T00:00:00", "title": "Ubuntu 10.04 LTS / 11.04 / 11.10 / 12.04 LTS : xmlrpc-c vulnerabilities (USN-1527-2)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "Ubuntu Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-1148", "CVE-2012-0876"], "modified": "2018-12-01T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:libxmlrpc-core-c3", "p-cpe:/a:canonical:ubuntu_linux:libxmlrpc-core-c3-0", "cpe:/o:canonical:ubuntu_linux:11.10", "cpe:/o:canonical:ubuntu_linux:11.04", "cpe:/o:canonical:ubuntu_linux:10.04:-:lts", "cpe:/o:canonical:ubuntu_linux:12.04:-:lts"], "id": "UBUNTU_USN-1527-2.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=62036", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-1527-2. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(62036);\n script_version(\"1.10\");\n script_cvs_date(\"Date: 2018/12/01 13:19:07\");\n\n script_cve_id(\"CVE-2012-0876\", \"CVE-2012-1148\");\n script_bugtraq_id(52379);\n script_xref(name:\"USN\", value:\"1527-2\");\n\n script_name(english:\"Ubuntu 10.04 LTS / 11.04 / 11.10 / 12.04 LTS : xmlrpc-c vulnerabilities (USN-1527-2)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"USN-1527-1 fixed vulnerabilities in Expat. This update provides the\ncorresponding updates for XML-RPC for C and C++. Both issues described\nin the original advisory affected XML-RPC for C and C++ in Ubuntu\n10.04 LTS, 11.04, 11.10 and 12.04 LTS.\n\nIt was discovered that Expat computed hash values without restricting\nthe ability to trigger hash collisions predictably. If a user or\napplication linked against Expat were tricked into opening a crafted\nXML file, an attacker could cause a denial of service by consuming\nexcessive CPU resources. (CVE-2012-0876)\n\nTim Boddy discovered that Expat did not properly handle\nmemory reallocation when processing XML files. If a user or\napplication linked against Expat were tricked into opening a\ncrafted XML file, an attacker could cause a denial of\nservice by consuming excessive memory resources. This issue\nonly affected Ubuntu 8.04 LTS, 10.04 LTS, 11.04 and 11.10.\n(CVE-2012-1148).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/1527-2/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected libxmlrpc-core-c3 and / or libxmlrpc-core-c3-0\npackages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libxmlrpc-core-c3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libxmlrpc-core-c3-0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:10.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:11.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:11.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:12.04:-:lts\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/09/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/09/11\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2012-2018 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! ereg(pattern:\"^(10\\.04|11\\.04|11\\.10|12\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 10.04 / 11.04 / 11.10 / 12.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"10.04\", pkgname:\"libxmlrpc-core-c3\", pkgver:\"1.06.27-1ubuntu7.1\")) flag++;\nif (ubuntu_check(osver:\"11.04\", pkgname:\"libxmlrpc-core-c3-0\", pkgver:\"1.16.32-0ubuntu3.1\")) flag++;\nif (ubuntu_check(osver:\"11.10\", pkgname:\"libxmlrpc-core-c3-0\", pkgver:\"1.16.32-0ubuntu4.1\")) flag++;\nif (ubuntu_check(osver:\"12.04\", pkgname:\"libxmlrpc-core-c3\", pkgver:\"1.16.33-3.1ubuntu5.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libxmlrpc-core-c3 / libxmlrpc-core-c3-0\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-09-02T00:01:42", "references": ["http://www.nessus.org/u?6c676e78"], "pluginID": "61327", "description": "Expat is a C library written by James Clark for parsing XML documents.\n\nA denial of service flaw was found in the implementation of hash arrays in Expat. An attacker could use this flaw to make an application using Expat consume an excessive amount of CPU time by providing a specially crafted XML file that triggers multiple hash function collisions. To mitigate this issue, randomization has been added to the hash function to reduce the chance of an attacker successfully causing intentional collisions. (CVE-2012-0876)\n\nA memory leak flaw was found in Expat. If an XML file processed by an application linked against Expat triggered a memory re-allocation failure, Expat failed to free the previously allocated memory. This could cause the application to exit unexpectedly or crash when all available memory is exhausted. (CVE-2012-1148)\n\nAll Expat users should upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, applications using the Expat library must be restarted for the update to take effect.", "edition": 4, "reporter": "Tenable", "published": "2012-08-01T00:00:00", "title": "Scientific Linux Security Update : expat on SL5.x, SL6.x i386/x86_64", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "Scientific Linux Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-1148", "CVE-2012-0876"], "modified": "2014-08-16T00:00:00", "cpe": ["x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20120613_EXPAT_ON_SL5_X.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=61327", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(61327);\n script_version(\"$Revision: 1.2 $\");\n script_cvs_date(\"$Date: 2014/08/16 19:47:28 $\");\n\n script_cve_id(\"CVE-2012-0876\", \"CVE-2012-1148\");\n\n script_name(english:\"Scientific Linux Security Update : expat on SL5.x, SL6.x i386/x86_64\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Expat is a C library written by James Clark for parsing XML documents.\n\nA denial of service flaw was found in the implementation of hash\narrays in Expat. An attacker could use this flaw to make an\napplication using Expat consume an excessive amount of CPU time by\nproviding a specially crafted XML file that triggers multiple hash\nfunction collisions. To mitigate this issue, randomization has been\nadded to the hash function to reduce the chance of an attacker\nsuccessfully causing intentional collisions. (CVE-2012-0876)\n\nA memory leak flaw was found in Expat. If an XML file processed by an\napplication linked against Expat triggered a memory re-allocation\nfailure, Expat failed to free the previously allocated memory. This\ncould cause the application to exit unexpectedly or crash when all\navailable memory is exhausted. (CVE-2012-1148)\n\nAll Expat users should upgrade to these updated packages, which\ncontain backported patches to correct these issues. After installing\nthe updated packages, applications using the Expat library must be\nrestarted for the update to take effect.\"\n );\n # http://listserv.fnal.gov/scripts/wa.exe?A2=ind1206&L=scientific-linux-errata&T=0&P=1553\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?6c676e78\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected expat, expat-debuginfo and / or expat-devel\npackages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/06/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/08/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2014 Tenable Network Security, Inc.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL5\", reference:\"expat-1.95.8-11.el5_8\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"expat-debuginfo-1.95.8-11.el5_8\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"expat-devel-1.95.8-11.el5_8\")) flag++;\n\nif (rpm_check(release:\"SL6\", reference:\"expat-2.0.1-11.el6_2\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"expat-debuginfo-2.0.1-11.el6_2\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"expat-devel-2.0.1-11.el6_2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-11-11T12:50:40", "references": ["https://www.debian.org/security/2012/dsa-2525", "https://packages.debian.org/source/squeeze/expat"], "pluginID": "61441", "description": "It was discovered that Expat, a C library to parse XML, is vulnerable to denial of service through hash collisions and a memory leak in pool handling.", "edition": 7, "reporter": "Tenable", "published": "2012-08-07T00:00:00", "title": "Debian DSA-2525-1 : expat - several vulnerabilities", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "Debian Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-1148", "CVE-2012-0876"], "modified": "2018-11-10T00:00:00", "cpe": ["cpe:/o:debian:debian_linux:6.0", "p-cpe:/a:debian:debian_linux:expat"], "id": "DEBIAN_DSA-2525.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=61441", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-2525. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(61441);\n script_version(\"1.10\");\n script_cvs_date(\"Date: 2018/11/10 11:49:35\");\n\n script_cve_id(\"CVE-2012-0876\", \"CVE-2012-1148\");\n script_bugtraq_id(52379);\n script_xref(name:\"DSA\", value:\"2525\");\n\n script_name(english:\"Debian DSA-2525-1 : expat - several vulnerabilities\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that Expat, a C library to parse XML, is vulnerable\nto denial of service through hash collisions and a memory leak in pool\nhandling.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/squeeze/expat\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2012/dsa-2525\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the expat packages.\n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 2.0.1-7+squeeze1.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:expat\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:6.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/08/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/08/07\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"6.0\", prefix:\"expat\", reference:\"2.0.1-7+squeeze1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"lib64expat1\", reference:\"2.0.1-7+squeeze1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"lib64expat1-dev\", reference:\"2.0.1-7+squeeze1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libexpat1\", reference:\"2.0.1-7+squeeze1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libexpat1-dev\", reference:\"2.0.1-7+squeeze1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libexpat1-udeb\", reference:\"2.0.1-7+squeeze1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-12-02T15:26:39", "references": ["https://usn.ubuntu.com/1527-1/"], "pluginID": "61485", "description": "It was discovered that Expat computed hash values without restricting the ability to trigger hash collisions predictably. If a user or application linked against Expat were tricked into opening a crafted XML file, an attacker could cause a denial of service by consuming excessive CPU resources. (CVE-2012-0876)\n\nTim Boddy discovered that Expat did not properly handle memory reallocation when processing XML files. If a user or application linked against Expat were tricked into opening a crafted XML file, an attacker could cause a denial of service by consuming excessive memory resources. This issue only affected Ubuntu 8.04 LTS, 10.04 LTS, 11.04 and 11.10. (CVE-2012-1148).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "edition": 6, "reporter": "Tenable", "published": "2012-08-10T00:00:00", "title": "Ubuntu 8.04 LTS / 10.04 LTS / 11.04 / 11.10 / 12.04 LTS : expat vulnerabilities (USN-1527-1)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "Ubuntu Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-1148", "CVE-2012-0876"], "modified": "2018-12-01T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:11.10", "p-cpe:/a:canonical:ubuntu_linux:lib64expat1", "p-cpe:/a:canonical:ubuntu_linux:libexpat1-udeb", "cpe:/o:canonical:ubuntu_linux:11.04", "cpe:/o:canonical:ubuntu_linux:10.04:-:lts", "p-cpe:/a:canonical:ubuntu_linux:libexpat1", "cpe:/o:canonical:ubuntu_linux:8.04:-:lts", "cpe:/o:canonical:ubuntu_linux:12.04:-:lts"], "id": "UBUNTU_USN-1527-1.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=61485", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-1527-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(61485);\n script_version(\"1.10\");\n script_cvs_date(\"Date: 2018/12/01 13:19:07\");\n\n script_cve_id(\"CVE-2012-0876\", \"CVE-2012-1148\");\n script_bugtraq_id(52379);\n script_xref(name:\"USN\", value:\"1527-1\");\n\n script_name(english:\"Ubuntu 8.04 LTS / 10.04 LTS / 11.04 / 11.10 / 12.04 LTS : expat vulnerabilities (USN-1527-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that Expat computed hash values without restricting\nthe ability to trigger hash collisions predictably. If a user or\napplication linked against Expat were tricked into opening a crafted\nXML file, an attacker could cause a denial of service by consuming\nexcessive CPU resources. (CVE-2012-0876)\n\nTim Boddy discovered that Expat did not properly handle memory\nreallocation when processing XML files. If a user or application\nlinked against Expat were tricked into opening a crafted XML file, an\nattacker could cause a denial of service by consuming excessive memory\nresources. This issue only affected Ubuntu 8.04 LTS, 10.04 LTS, 11.04\nand 11.10. (CVE-2012-1148).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/1527-1/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected lib64expat1, libexpat1 and / or libexpat1-udeb\npackages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:lib64expat1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libexpat1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libexpat1-udeb\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:10.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:11.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:11.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:12.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:8.04:-:lts\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/08/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/08/10\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2012-2018 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! ereg(pattern:\"^(8\\.04|10\\.04|11\\.04|11\\.10|12\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 8.04 / 10.04 / 11.04 / 11.10 / 12.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"8.04\", pkgname:\"lib64expat1\", pkgver:\"2.0.1-0ubuntu1.2\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"libexpat1\", pkgver:\"2.0.1-0ubuntu1.2\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"libexpat1-udeb\", pkgver:\"2.0.1-0ubuntu1.2\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"lib64expat1\", pkgver:\"2.0.1-7ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"libexpat1\", pkgver:\"2.0.1-7ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"libexpat1-udeb\", pkgver:\"2.0.1-7ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"11.04\", pkgname:\"lib64expat1\", pkgver:\"2.0.1-7ubuntu3.11.04.1\")) flag++;\nif (ubuntu_check(osver:\"11.04\", pkgname:\"libexpat1\", pkgver:\"2.0.1-7ubuntu3.11.04.1\")) flag++;\nif (ubuntu_check(osver:\"11.04\", pkgname:\"libexpat1-udeb\", pkgver:\"2.0.1-7ubuntu3.11.04.1\")) flag++;\nif (ubuntu_check(osver:\"11.10\", pkgname:\"lib64expat1\", pkgver:\"2.0.1-7ubuntu3.11.10.1\")) flag++;\nif (ubuntu_check(osver:\"11.10\", pkgname:\"libexpat1\", pkgver:\"2.0.1-7ubuntu3.11.10.1\")) flag++;\nif (ubuntu_check(osver:\"11.10\", pkgname:\"libexpat1-udeb\", pkgver:\"2.0.1-7ubuntu3.11.10.1\")) flag++;\nif (ubuntu_check(osver:\"12.04\", pkgname:\"lib64expat1\", pkgver:\"2.0.1-7.2ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"12.04\", pkgname:\"libexpat1\", pkgver:\"2.0.1-7.2ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"12.04\", pkgname:\"libexpat1-udeb\", pkgver:\"2.0.1-7.2ubuntu1.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"lib64expat1 / libexpat1 / libexpat1-udeb\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "amazon": [{"lastseen": "2018-10-02T16:55:11", "references": ["https://rhn.redhat.com/errata/RHSA-2012-0731.html"], "affectedPackage": [{"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "2.0.1-11.9.amzn1", "arch": "src", "packageFilename": "expat-2.0.1-11.9.amzn1.src.rpm", "packageName": "expat", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "2.0.1-11.9.amzn1", "arch": "x86_64", "packageFilename": "expat-debuginfo-2.0.1-11.9.amzn1.x86_64.rpm", "packageName": "expat-debuginfo", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "2.0.1-11.9.amzn1", "arch": "i686", "packageFilename": "expat-debuginfo-2.0.1-11.9.amzn1.i686.rpm", "packageName": "expat-debuginfo", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "2.0.1-11.9.amzn1", "arch": "x86_64", "packageFilename": "expat-devel-2.0.1-11.9.amzn1.x86_64.rpm", "packageName": "expat-devel", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "2.0.1-11.9.amzn1", "arch": "i686", "packageFilename": "expat-devel-2.0.1-11.9.amzn1.i686.rpm", "packageName": "expat-devel", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "2.0.1-11.9.amzn1", "arch": "x86_64", "packageFilename": "expat-2.0.1-11.9.amzn1.x86_64.rpm", "packageName": "expat", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "2.0.1-11.9.amzn1", "arch": "i686", "packageFilename": "expat-2.0.1-11.9.amzn1.i686.rpm", "packageName": "expat", "operator": "lt"}], "description": "**Issue Overview:**\n\nA denial of service flaw was found in the implementation of hash arrays in Expat. An attacker could use this flaw to make an application using Expat consume an excessive amount of CPU time by providing a specially-crafted XML file that triggers multiple hash function collisions. To mitigate this issue, randomization has been added to the hash function to reduce the chance of an attacker successfully causing intentional collisions. ([CVE-2012-0876 __](<https://access.redhat.com/security/cve/CVE-2012-0876>))\n\nA memory leak flaw was found in Expat. If an XML file processed by an application linked against Expat triggered a memory re-allocation failure, Expat failed to free the previously allocated memory. This could cause the application to exit unexpectedly or crash when all available memory is exhausted. ([CVE-2012-1148 __](<https://access.redhat.com/security/cve/CVE-2012-1148>))\n\n \n**Affected Packages:** \n\n\nexpat\n\n \n**Issue Correction:** \nRun _yum update expat_ to update your system.\n\n \n\n\n**New Packages:**\n \n \n i686: \n expat-devel-2.0.1-11.9.amzn1.i686 \n expat-debuginfo-2.0.1-11.9.amzn1.i686 \n expat-2.0.1-11.9.amzn1.i686 \n \n src: \n expat-2.0.1-11.9.amzn1.src \n \n x86_64: \n expat-devel-2.0.1-11.9.amzn1.x86_64 \n expat-2.0.1-11.9.amzn1.x86_64 \n expat-debuginfo-2.0.1-11.9.amzn1.x86_64 \n \n \n", "edition": 1, "reporter": "Amazon", "published": "2014-09-14T16:21:00", "title": "Medium: expat", "type": "amazon", "enchantments": {"score": {"modified": "2018-10-02T16:55:11", "vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2012-1148", "CVE-2012-0876"], "modified": "2014-09-14T16:21:00", "id": "ALAS-2012-089", "href": "https://alas.aws.amazon.com/ALAS-2012-89.html", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "ubuntu": [{"lastseen": "2018-08-31T00:09:28", "references": ["https://people.canonical.com/~ubuntu-security/cve/CVE-2012-0876", "https://usn.ubuntu.com/usn/usn-1527-1", "https://people.canonical.com/~ubuntu-security/cve/CVE-2012-1148"], "affectedPackage": [{"OS": "Ubuntu", "OSVersion": "11.04", "packageVersion": "1.16.32-0ubuntu3.1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "libxmlrpc-core-c3-0", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "11.10", "packageVersion": "1.16.32-0ubuntu4.1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "libxmlrpc-core-c3-0", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "12.04", "packageVersion": "1.16.33-3.1ubuntu5.1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "libxmlrpc-core-c3", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "10.04", "packageVersion": "1.06.27-1ubuntu7.1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "libxmlrpc-core-c3", "operator": "lt"}], "description": "USN-1527-1 fixed vulnerabilities in Expat. This update provides the corresponding updates for XML-RPC for C and C++. Both issues described in the original advisory affected XML-RPC for C and C++ in Ubuntu 10.04 LTS, 11.04, 11.10 and 12.04 LTS.\n\nOriginal advisory details:\n\nIt was discovered that Expat computed hash values without restricting the ability to trigger hash collisions predictably. If a user or application linked against Expat were tricked into opening a crafted XML file, an attacker could cause a denial of service by consuming excessive CPU resources. (CVE-2012-0876)\n\nTim Boddy discovered that Expat did not properly handle memory reallocation when processing XML files. If a user or application linked against Expat were tricked into opening a crafted XML file, an attacker could cause a denial of service by consuming excessive memory resources. This issue only affected Ubuntu 8.04 LTS, 10.04 LTS, 11.04 and 11.10. (CVE-2012-1148)", "edition": 3, "reporter": "Ubuntu", "published": "2012-09-10T00:00:00", "title": "XML-RPC for C and C++ vulnerabilities", "type": "ubuntu", "enchantments": {"score": {"vector": "NONE", "value": 4.3}}, "bulletinFamily": "unix", "cvelist": ["CVE-2012-1148", "CVE-2012-0876"], "modified": "2012-09-10T00:00:00", "id": "USN-1527-2", "href": "https://usn.ubuntu.com/1527-2/", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-08-31T00:09:53", "references": ["https://people.canonical.com/~ubuntu-security/cve/CVE-2012-0876", "https://people.canonical.com/~ubuntu-security/cve/CVE-2012-1148"], "affectedPackage": [{"OS": "Ubuntu", "OSVersion": "11.04", "packageVersion": "2.0.1-7ubuntu3.11.04.1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "libexpat1-udeb", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "11.04", "packageVersion": "2.0.1-7ubuntu3.11.04.1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "lib64expat1", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "12.04", "packageVersion": "2.0.1-7.2ubuntu1.1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "libexpat1", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "11.10", "packageVersion": "2.0.1-7ubuntu3.11.10.1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "libexpat1", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "12.04", "packageVersion": "2.0.1-7.2ubuntu1.1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "lib64expat1", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "12.04", "packageVersion": "2.0.1-7.2ubuntu1.1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "libexpat1-udeb", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "8.04", "packageVersion": "2.0.1-0ubuntu1.2", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "libexpat1", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "11.10", "packageVersion": "2.0.1-7ubuntu3.11.10.1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "lib64expat1", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "8.04", "packageVersion": "2.0.1-0ubuntu1.2", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "lib64expat1", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "10.04", "packageVersion": "2.0.1-7ubuntu1.1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "libexpat1-udeb", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "11.04", "packageVersion": "2.0.1-7ubuntu3.11.04.1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "libexpat1", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "11.10", "packageVersion": "2.0.1-7ubuntu3.11.10.1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "libexpat1-udeb", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "8.04", "packageVersion": "2.0.1-0ubuntu1.2", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "libexpat1-udeb", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "10.04", "packageVersion": "2.0.1-7ubuntu1.1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "libexpat1", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "10.04", "packageVersion": "2.0.1-7ubuntu1.1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "lib64expat1", "operator": "lt"}], "description": "It was discovered that Expat computed hash values without restricting the ability to trigger hash collisions predictably. If a user or application linked against Expat were tricked into opening a crafted XML file, an attacker could cause a denial of service by consuming excessive CPU resources. (CVE-2012-0876)\n\nTim Boddy discovered that Expat did not properly handle memory reallocation when processing XML files. If a user or application linked against Expat were tricked into opening a crafted XML file, an attacker could cause a denial of service by consuming excessive memory resources. This issue only affected Ubuntu 8.04 LTS, 10.04 LTS, 11.04 and 11.10. (CVE-2012-1148)", "edition": 3, "reporter": "Ubuntu", "published": "2012-08-10T00:00:00", "title": "Expat vulnerabilities", "type": "ubuntu", "enchantments": {"score": {"vector": "NONE", "value": 4.3}}, "bulletinFamily": "unix", "cvelist": ["CVE-2012-1148", "CVE-2012-0876"], "modified": "2012-08-10T00:00:00", "id": "USN-1527-1", "href": "https://usn.ubuntu.com/1527-1/", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-08-31T00:09:23", "references": ["https://people.canonical.com/~ubuntu-security/cve/CVE-2012-0845", "https://people.canonical.com/~ubuntu-security/cve/CVE-2012-0876", "https://people.canonical.com/~ubuntu-security/cve/CVE-2010-2089", "https://people.canonical.com/~ubuntu-security/cve/CVE-2010-3493", "https://people.canonical.com/~ubuntu-security/cve/CVE-2012-1148", "https://people.canonical.com/~ubuntu-security/cve/CVE-2008-5983", "https://people.canonical.com/~ubuntu-security/cve/CVE-2011-4940", "https://people.canonical.com/~ubuntu-security/cve/CVE-2011-4944", "https://people.canonical.com/~ubuntu-security/cve/CVE-2011-1015", "https://people.canonical.com/~ubuntu-security/cve/CVE-2011-1521", "https://people.canonical.com/~ubuntu-security/cve/CVE-2010-1634"], "affectedPackage": [{"OS": "Ubuntu", "OSVersion": "8.04", "packageVersion": "2.5.2-2ubuntu6.2", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "python2.5-minimal", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "8.04", "packageVersion": "2.5.2-2ubuntu6.2", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "python2.5", "operator": "lt"}], "description": "It was discovered that Python would prepend an empty string to sys.path under certain circumstances. A local attacker with write access to the current working directory could exploit this to execute arbitrary code. (CVE-2008-5983)\n\nIt was discovered that the audioop module did not correctly perform input validation. If a user or automatated system were tricked into opening a crafted audio file, an attacker could cause a denial of service via application crash. (CVE-2010-1634, CVE-2010-2089)\n\nGiampaolo Rodola discovered several race conditions in the smtpd module. A remote attacker could exploit this to cause a denial of service via daemon outage. (CVE-2010-3493)\n\nIt was discovered that the CGIHTTPServer module did not properly perform input validation on certain HTTP GET requests. A remote attacker could potentially obtain access to CGI script source files. (CVE-2011-1015)\n\nNiels Heinen discovered that the urllib and urllib2 modules would process Location headers that specify a redirection to file: URLs. A remote attacker could exploit this to obtain sensitive information or cause a denial of service. (CVE-2011-1521)\n\nIt was discovered that SimpleHTTPServer did not use a charset parameter in the Content-Type HTTP header. An attacker could potentially exploit this to conduct cross-site scripting (XSS) attacks against Internet Explorer 7 users. (CVE-2011-4940)\n\nIt was discovered that Python distutils contained a race condition when creating the ~/.pypirc file. A local attacker could exploit this to obtain sensitive information. (CVE-2011-4944)\n\nIt was discovered that SimpleXMLRPCServer did not properly validate its input when handling HTTP POST requests. A remote attacker could exploit this to cause a denial of service via excessive CPU utilization. (CVE-2012-0845)\n\nIt was discovered that the Expat module in Python 2.5 computed hash values without restricting the ability to trigger hash collisions predictably. If a user or application using pyexpat were tricked into opening a crafted XML file, an attacker could cause a denial of service by consuming excessive CPU resources. (CVE-2012-0876)\n\nTim Boddy discovered that the Expat module in Python 2.5 did not properly handle memory reallocation when processing XML files. If a user or application using pyexpat were tricked into opening a crafted XML file, an attacker could cause a denial of service by consuming excessive memory resources. (CVE-2012-1148)", "edition": 3, "reporter": "Ubuntu", "published": "2012-10-17T00:00:00", "title": "Python 2.5 vulnerabilities", "type": "ubuntu", "enchantments": {"score": {"vector": "NONE", "value": 4.3}}, "bulletinFamily": "unix", "cvelist": ["CVE-2010-3493", "CVE-2012-1148", "CVE-2011-1521", "CVE-2011-4944", "CVE-2012-0876", "CVE-2012-0845", "CVE-2010-2089", "CVE-2011-4940", "CVE-2011-1015", "CVE-2008-5983", "CVE-2010-1634"], "modified": "2012-10-17T00:00:00", "id": "USN-1613-1", "href": "https://usn.ubuntu.com/1613-1/", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T00:09:34", "references": ["https://people.canonical.com/~ubuntu-security/cve/CVE-2012-0845", "https://people.canonical.com/~ubuntu-security/cve/CVE-2012-0876", "https://people.canonical.com/~ubuntu-security/cve/CVE-2010-2089", "https://people.canonical.com/~ubuntu-security/cve/CVE-2010-3493", "https://people.canonical.com/~ubuntu-security/cve/CVE-2012-1148", "https://people.canonical.com/~ubuntu-security/cve/CVE-2008-5983", "https://people.canonical.com/~ubuntu-security/cve/CVE-2011-4940", "https://people.canonical.com/~ubuntu-security/cve/CVE-2011-4944", "https://people.canonical.com/~ubuntu-security/cve/CVE-2011-1015", "https://people.canonical.com/~ubuntu-security/cve/CVE-2011-1521", "https://people.canonical.com/~ubuntu-security/cve/CVE-2010-1634", "https://usn.ubuntu.com/usn/usn-1613-1"], "affectedPackage": [{"OS": "Ubuntu", "OSVersion": "8.04", "packageVersion": "2.4.5-1ubuntu4.4", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "python2.4", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "8.04", "packageVersion": "2.4.5-1ubuntu4.4", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "python2.4-minimal", "operator": "lt"}], "description": "USN-1613-1 fixed vulnerabilities in Python 2.5. This update provides the corresponding updates for Python 2.4.\n\nOriginal advisory details:\n\nIt was discovered that Python would prepend an empty string to sys.path under certain circumstances. A local attacker with write access to the current working directory could exploit this to execute arbitrary code. (CVE-2008-5983)\n\nIt was discovered that the audioop module did not correctly perform input validation. If a user or automatated system were tricked into opening a crafted audio file, an attacker could cause a denial of service via application crash. (CVE-2010-1634, CVE-2010-2089)\n\nGiampaolo Rodola discovered several race conditions in the smtpd module. A remote attacker could exploit this to cause a denial of service via daemon outage. (CVE-2010-3493)\n\nIt was discovered that the CGIHTTPServer module did not properly perform input validation on certain HTTP GET requests. A remote attacker could potentially obtain access to CGI script source files. (CVE-2011-1015)\n\nNiels Heinen discovered that the urllib and urllib2 modules would process Location headers that specify a redirection to file: URLs. A remote attacker could exploit this to obtain sensitive information or cause a denial of service. (CVE-2011-1521)\n\nIt was discovered that SimpleHTTPServer did not use a charset parameter in the Content-Type HTTP header. An attacker could potentially exploit this to conduct cross-site scripting (XSS) attacks against Internet Explorer 7 users. (CVE-2011-4940)\n\nIt was discovered that Python distutils contained a race condition when creating the ~/.pypirc file. A local attacker could exploit this to obtain sensitive information. (CVE-2011-4944)\n\nIt was discovered that SimpleXMLRPCServer did not properly validate its input when handling HTTP POST requests. A remote attacker could exploit this to cause a denial of service via excessive CPU utilization. (CVE-2012-0845)\n\nIt was discovered that the Expat module in Python 2.5 computed hash values without restricting the ability to trigger hash collisions predictably. If a user or application using pyexpat were tricked into opening a crafted XML file, an attacker could cause a denial of service by consuming excessive CPU resources. (CVE-2012-0876)\n\nTim Boddy discovered that the Expat module in Python 2.5 did not properly handle memory reallocation when processing XML files. If a user or application using pyexpat were tricked into opening a crafted XML file, an attacker could cause a denial of service by consuming excessive memory resources. (CVE-2012-1148)", "edition": 3, "reporter": "Ubuntu", "published": "2012-10-17T00:00:00", "title": "Python 2.4 vulnerabilities", "type": "ubuntu", "enchantments": {"score": {"vector": "NONE", "value": 4.3}}, "bulletinFamily": "unix", "cvelist": ["CVE-2010-3493", "CVE-2012-1148", "CVE-2011-1521", "CVE-2011-4944", "CVE-2012-0876", "CVE-2012-0845", "CVE-2010-2089", "CVE-2011-4940", "CVE-2011-1015", "CVE-2008-5983", "CVE-2010-1634"], "modified": "2012-10-17T00:00:00", "id": "USN-1613-2", "href": "https://usn.ubuntu.com/1613-2/", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "centos": [{"lastseen": "2017-10-03T18:25:02", "references": ["https://rhn.redhat.com/errata/RHSA-2012-0731.html"], "affectedPackage": [{"OS": "CentOS", "OSVersion": "5", "packageVersion": "1.95.8-11.el5_8", "arch": "x86_64", "packageName": "expat-devel", "packageFilename": "expat-devel-1.95.8-11.el5_8.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "2.0.1-11.el6_2", "arch": "x86_64", "packageName": "expat-devel", "packageFilename": "expat-devel-2.0.1-11.el6_2.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "1.95.8-11.el5_8", "arch": "i386", "packageName": "expat", "packageFilename": "expat-1.95.8-11.el5_8.i386.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "1.95.8-11.el5_8", "arch": "i386", "packageName": "expat", "packageFilename": "expat-1.95.8-11.el5_8.i386.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "1.95.8-11.el5_8", "arch": "i386", "packageName": "expat-devel", "packageFilename": "expat-devel-1.95.8-11.el5_8.i386.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "1.95.8-11.el5_8", "arch": "i386", "packageName": "expat-devel", "packageFilename": "expat-devel-1.95.8-11.el5_8.i386.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "2.0.1-11.el6_2", "arch": "x86_64", "packageName": "expat", "packageFilename": "expat-2.0.1-11.el6_2.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "2.0.1-11.el6_2", "arch": "any", "packageName": "expat", "packageFilename": "expat-2.0.1-11.el6_2.src.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "1.95.8-11.el5_8", "arch": "any", "packageName": "expat", "packageFilename": "expat-1.95.8-11.el5_8.src.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "2.0.1-11.el6_2", "arch": "i686", "packageName": "expat-devel", "packageFilename": "expat-devel-2.0.1-11.el6_2.i686.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "2.0.1-11.el6_2", "arch": "i686", "packageName": "expat-devel", "packageFilename": "expat-devel-2.0.1-11.el6_2.i686.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "2.0.1-11.el6_2", "arch": "i686", "packageName": "expat", "packageFilename": "expat-2.0.1-11.el6_2.i686.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "2.0.1-11.el6_2", "arch": "i686", "packageName": "expat", "packageFilename": "expat-2.0.1-11.el6_2.i686.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "1.95.8-11.el5_8", "arch": "x86_64", "packageName": "expat", "packageFilename": "expat-1.95.8-11.el5_8.x86_64.rpm", "operator": "lt"}], "description": "**CentOS Errata and Security Advisory** CESA-2012:0731\n\n\nExpat is a C library written by James Clark for parsing XML documents.\n\nA denial of service flaw was found in the implementation of hash arrays in\nExpat. An attacker could use this flaw to make an application using Expat\nconsume an excessive amount of CPU time by providing a specially-crafted\nXML file that triggers multiple hash function collisions. To mitigate\nthis issue, randomization has been added to the hash function to reduce the\nchance of an attacker successfully causing intentional collisions.\n(CVE-2012-0876)\n\nA memory leak flaw was found in Expat. If an XML file processed by an\napplication linked against Expat triggered a memory re-allocation failure,\nExpat failed to free the previously allocated memory. This could cause the\napplication to exit unexpectedly or crash when all available memory is\nexhausted. (CVE-2012-1148)\n\nAll Expat users should upgrade to these updated packages, which contain\nbackported patches to correct these issues. After installing the updated\npackages, applications using the Expat library must be restarted for the\nupdate to take effect.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2012-June/018682.html\nhttp://lists.centos.org/pipermail/centos-announce/2012-June/018685.html\n\n**Affected packages:**\nexpat\nexpat-devel\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2012-0731.html", "edition": 1, "reporter": "CentOS Project", "published": "2012-06-13T13:07:10", "title": "expat security update", "type": "centos", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2012-1148", "CVE-2012-0876"], "modified": "2012-06-13T14:29:54", "href": "http://lists.centos.org/pipermail/centos-announce/2012-June/018682.html", "id": "CESA-2012:0731", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "securityvulns": [{"lastseen": "2018-08-31T11:09:46", "references": ["https://vulners.com/securityvulns/securityvulns:doc:27867"], "description": "Memory leaks, predictable hash function.", "edition": 1, "reporter": "BUGTRAQ", "published": "2012-04-02T00:00:00", "title": "expat security vulnerability", "type": "securityvulns", "enchantments": {"score": {"modified": "2018-08-31T11:09:46", "vector": "NONE", "value": 10.0}}, "bulletinFamily": "software", "affectedSoftware": [{"name": "expat", "version": "2.0", "operator": "eq"}], "cvelist": ["CVE-2012-1148", "CVE-2012-0876"], "modified": "2012-04-02T00:00:00", "id": "SECURITYVULNS:VULN:12304", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:12304", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:10:44", "references": [], "description": "-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n _______________________________________________________________________\r\n\r\n Mandriva Linux Security Advisory MDVSA-2012:041\r\n http://www.mandriva.com/security/\r\n _______________________________________________________________________\r\n\r\n Package : expat\r\n Date : March 27, 2012\r\n Affected: 2010.1, 2011., Enterprise Server 5.0\r\n _______________________________________________________________________\r\n\r\n Problem Description:\r\n\r\n A memory leak and a hash table collision flaw in expat could cause\r\n denial os service &#40;DoS&#41; attacks &#40;CVE-2012-0876, CVE-2012-1148&#41;.\r\n \r\n The updated packages have been patched to correct this issue.\r\n _______________________________________________________________________\r\n\r\n References:\r\n\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0876\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1148\r\n _______________________________________________________________________\r\n\r\n Updated Packages:\r\n\r\n Mandriva Linux 2010.1:\r\n 210b60280a0baf8e08634e0ea6a3bab9 2010.1/i586/expat-2.0.1-12.1mdv2010.2.i586.rpm\r\n 0b657867100b109cbf90a05d2262bec7 2010.1/i586/libexpat1-2.0.1-12.1mdv2010.2.i586.rpm\r\n 0bd180a7b4f4d93df5b74f66e2c85e74 2010.1/i586/libexpat1-devel-2.0.1-12.1mdv2010.2.i586.rpm \r\n 9f063d0589f638e047de6a5266e6ac84 2010.1/SRPMS/expat-2.0.1-12.1mdv2010.2.src.rpm\r\n\r\n Mandriva Linux 2010.1/X86_64:\r\n ced30873d989d1511e828037b4f68d4d 2010.1/x86_64/expat-2.0.1-12.1mdv2010.2.x86_64.rpm\r\n ebd7d687082377e65c818f8ba780b66d 2010.1/x86_64/lib64expat1-2.0.1-12.1mdv2010.2.x86_64.rpm\r\n fd8bef44ccdadeaf14966b44733883fe 2010.1/x86_64/lib64expat1-devel-2.0.1-12.1mdv2010.2.x86_64.rpm \r\n 9f063d0589f638e047de6a5266e6ac84 2010.1/SRPMS/expat-2.0.1-12.1mdv2010.2.src.rpm\r\n\r\n Mandriva Linux 2011:\r\n 6c8bdc44eed2cebf483d4041d57f5eea 2011/i586/expat-2.0.1-15.1-mdv2011.0.i586.rpm\r\n 8211eeb028a563dcbedda7d1726035bb 2011/i586/libexpat1-2.0.1-15.1-mdv2011.0.i586.rpm\r\n c6c9685891ae405ff6181b6899ee10ce 2011/i586/libexpat-devel-2.0.1-15.1-mdv2011.0.i586.rpm\r\n 7afd883dae4a17201128de1485cf949c 2011/i586/libexpat-static-devel-2.0.1-15.1-mdv2011.0.i586.rpm \r\n 4be73538c443ced014373c7e364daac5 2011/SRPMS/expat-2.0.1-15.1.src.rpm\r\n\r\n Mandriva Linux 2011/X86_64:\r\n 7e84ec2183f6ba903779b00f914e3813 2011/x86_64/expat-2.0.1-15.1-mdv2011.0.x86_64.rpm\r\n d7c0853983ce8d2dc2b0b9740924acd7 2011/x86_64/lib64expat1-2.0.1-15.1-mdv2011.0.x86_64.rpm\r\n ecca4f586885b53d2a0ca39a8985f561 2011/x86_64/lib64expat-devel-2.0.1-15.1-mdv2011.0.x86_64.rpm\r\n f87f9aecd51f1f20508dc6f6ad5f02e6 2011/x86_64/lib64expat-static-devel-2.0.1-15.1-mdv2011.0.x86_64.rpm \r\n 4be73538c443ced014373c7e364daac5 2011/SRPMS/expat-2.0.1-15.1.src.rpm\r\n\r\n Mandriva Enterprise Server 5:\r\n 9618c2dceec06fcb04655e2adb9f8d9d mes5/i586/expat-2.0.1-7.4mdvmes5.2.i586.rpm\r\n a0b4d2e3b545f6d63cef9476da3cc72f mes5/i586/libexpat1-2.0.1-7.4mdvmes5.2.i586.rpm\r\n 95ec804d1758d0a7628abd42bf3e54e5 mes5/i586/libexpat1-devel-2.0.1-7.4mdvmes5.2.i586.rpm \r\n 01271afe453d63599a6951f7dbc83197 mes5/SRPMS/expat-2.0.1-7.4mdvmes5.2.src.rpm\r\n\r\n Mandriva Enterprise Server 5/X86_64:\r\n 4781b62e289cae964e8a7c540d2387c9 mes5/x86_64/expat-2.0.1-7.4mdvmes5.2.x86_64.rpm\r\n aee65480dd6cc31f957c3b17771babf6 mes5/x86_64/lib64expat1-2.0.1-7.4mdvmes5.2.x86_64.rpm\r\n ddbc81b65a6969e17900bbbc842cc8e4 mes5/x86_64/lib64expat1-devel-2.0.1-7.4mdvmes5.2.x86_64.rpm \r\n 01271afe453d63599a6951f7dbc83197 mes5/SRPMS/expat-2.0.1-7.4mdvmes5.2.src.rpm\r\n _______________________________________________________________________\r\n\r\n To upgrade automatically use MandrivaUpdate or urpmi. The verification\r\n of md5 checksums and GPG signatures is performed automatically for you.\r\n\r\n All packages are signed by Mandriva for security. You can obtain the\r\n GPG public key of the Mandriva Security Team by executing:\r\n\r\n gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\r\n\r\n You can view other update advisories for Mandriva Linux at:\r\n\r\n http://www.mandriva.com/security/advisories\r\n\r\n If you want to report vulnerabilities, please contact\r\n\r\n security_&#40;at&#41;_mandriva.com\r\n _______________________________________________________________________\r\n\r\n Type Bits/KeyID Date User ID\r\n pub 1024D/22458A98 2000-07-10 Mandriva Security Team\r\n &lt;security*mandriva.com&gt;\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.11 &#40;GNU/Linux&#41;\r\n\r\niD8DBQFPcd5UmqjQ0CJFipgRAvzjAJ46WPQm7hmP1/gmoLmPmFMdZYcOrQCgq/oR\r\nZVAk5KD7zUd2cFhkef3xvRo=\r\n=EuSi\r\n-----END PGP SIGNATURE-----\r\n", "edition": 1, "reporter": "Securityvulns", "published": "2012-04-02T00:00:00", "title": "[ MDVSA-2012:041 ] expat", "type": "securityvulns", "enchantments": {"score": {"modified": "2018-08-31T11:10:44", "vector": "NONE", "value": 5.0}}, "bulletinFamily": "software", "affectedSoftware": [], "cvelist": ["CVE-2012-1148", "CVE-2012-0876"], "modified": "2012-04-02T00:00:00", "id": "SECURITYVULNS:DOC:27867", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:27867", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:10:45", "references": [], "description": "-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n _______________________________________________________________________\r\n\r\n Mandriva Linux Security Advisory MDVSA-2012:096-1\r\n http://www.mandriva.com/security/\r\n _______________________________________________________________________\r\n\r\n Package : python\r\n Date : July 2, 2012\r\n Affected: Enterprise Server 5.0\r\n _______________________________________________________________________\r\n\r\n Problem Description:\r\n\r\n Multiple vulnerabilities has been discovered and corrected in python:\r\n \r\n The _ssl module would always disable the CBC IV attack countermeasure\r\n &#40;CVE-2011-3389&#41;.\r\n \r\n A flaw was found in the way the Python SimpleHTTPServer module\r\n generated directory listings. An attacker able to upload a file\r\n with a specially-crafted name to a server could possibly perform a\r\n cross-site scripting &#40;XSS&#41; attack against victims visiting a listing\r\n page generated by SimpleHTTPServer, for a directory containing\r\n the crafted file &#40;if the victims were using certain web browsers&#41;\r\n &#40;CVE-2011-4940&#41;.\r\n \r\n A race condition was found in the way the Python distutils module\r\n set file permissions during the creation of the .pypirc file. If a\r\n local user had access to the home directory of another user who is\r\n running distutils, they could use this flaw to gain access to that\r\n user&#039;s .pypirc file, which can contain usernames and passwords for\r\n code repositories &#40;CVE-2011-4944&#41;.\r\n \r\n A flaw was found in the way the Python SimpleXMLRPCServer module\r\n handled clients disconnecting prematurely. A remote attacker could\r\n use this flaw to cause excessive CPU consumption on a server using\r\n SimpleXMLRPCServer &#40;CVE-2012-0845&#41;.\r\n \r\n Hash table collisions CPU usage DoS for the embedded copy of expat\r\n &#40;CVE-2012-0876&#41;.\r\n \r\n A denial of service flaw was found in the implementation of associative\r\n arrays &#40;dictionaries&#41; in Python. An attacker able to supply a large\r\n number of inputs to a Python application &#40;such as HTTP POST request\r\n parameters sent to a web application&#41; that are used as keys when\r\n inserting data into an array could trigger multiple hash function\r\n collisions, making array operations take an excessive amount of\r\n CPU time. To mitigate this issue, randomization has been added to\r\n the hash function to reduce the chance of an attacker successfully\r\n causing intentional collisions &#40;CVE-2012-1150&#41;.\r\n \r\n The updated packages have been patched to correct these issues.\r\n\r\n Update:\r\n\r\n Packages for Mandriva Enterprise Server 5 is also being provided.\r\n _______________________________________________________________________\r\n\r\n References:\r\n\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3389\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4940\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4944\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0845\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0876\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1150\r\n _______________________________________________________________________\r\n\r\n Updated Packages:\r\n\r\n Mandriva Enterprise Server 5:\r\n e18f146e6c8aa316adb5d19a0de2cdef mes5/i586/libpython2.5-2.5.2-5.12mdvmes5.2.i586.rpm\r\n f425a7831028c28f98bac0d95ee532ce mes5/i586/libpython2.5-devel-2.5.2-5.12mdvmes5.2.i586.rpm\r\n 153ff4e78256ec9b0b89f5ecd7ed317c mes5/i586/python-2.5.2-5.12mdvmes5.2.i586.rpm\r\n bbff1780014007b0c95491c74d3dc82b mes5/i586/python-base-2.5.2-5.12mdvmes5.2.i586.rpm\r\n e73ffb5aeff47d2008b0bdb99623579f mes5/i586/python-docs-2.5.2-5.12mdvmes5.2.i586.rpm\r\n af4d7f8f20f7cf7b2beb77dbd06f6992 mes5/i586/tkinter-2.5.2-5.12mdvmes5.2.i586.rpm\r\n 268850f5dd79335c129fa84469d39e20 mes5/i586/tkinter-apps-2.5.2-5.12mdvmes5.2.i586.rpm \r\n 0248488ef4499a61ba9ef31061325f1e mes5/SRPMS/python-2.5.2-5.12mdvmes5.2.src.rpm\r\n\r\n Mandriva Enterprise Server 5/X86_64:\r\n 6ee32ebb3873a3e01def5984dfa951c7 mes5/x86_64/lib64python2.5-2.5.2-5.12mdvmes5.2.x86_64.rpm\r\n 9e7d5a39d2b224bd9141e6851350e43d mes5/x86_64/lib64python2.5-devel-2.5.2-5.12mdvmes5.2.x86_64.rpm\r\n f798622e3b9f9795c373be0d90008684 mes5/x86_64/python-2.5.2-5.12mdvmes5.2.x86_64.rpm\r\n 916fb7c6e716daaf5269086b9477efcf mes5/x86_64/python-base-2.5.2-5.12mdvmes5.2.x86_64.rpm\r\n 53f14e4e8d6140603acac82004bd12c9 mes5/x86_64/python-docs-2.5.2-5.12mdvmes5.2.x86_64.rpm\r\n ff348190df6007b7d0b043ac153f35dd mes5/x86_64/tkinter-2.5.2-5.12mdvmes5.2.x86_64.rpm\r\n d7f55af87f3e3ea045b556f91c09333b mes5/x86_64/tkinter-apps-2.5.2-5.12mdvmes5.2.x86_64.rpm \r\n 0248488ef4499a61ba9ef31061325f1e mes5/SRPMS/python-2.5.2-5.12mdvmes5.2.src.rpm\r\n _______________________________________________________________________\r\n\r\n To upgrade automatically use MandrivaUpdate or urpmi. The verification\r\n of md5 checksums and GPG signatures is performed automatically for you.\r\n\r\n All packages are signed by Mandriva for security. You can obtain the\r\n GPG public key of the Mandriva Security Team by executing:\r\n\r\n gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\r\n\r\n You can view other update advisories for Mandriva Linux at:\r\n\r\n http://www.mandriva.com/security/advisories\r\n\r\n If you want to report vulnerabilities, please contact\r\n\r\n security_&#40;at&#41;_mandriva.com\r\n _______________________________________________________________________\r\n\r\n Type Bits/KeyID Date User ID\r\n pub 1024D/22458A98 2000-07-10 Mandriva Security Team\r\n &lt;security*mandriva.com&gt;\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.11 &#40;GNU/Linux&#41;\r\n\r\niD8DBQFP8YuYmqjQ0CJFipgRAl7UAKDy0foAu7Ro4bcYaG/I43WrnoHT7ACfV9t5\r\ny8nHa/VpwqBidhF5DJElWmo=\r\n=AnEb\r\n-----END PGP SIGNATURE-----\r\n", "edition": 1, "reporter": "Securityvulns", "published": "2012-07-09T00:00:00", "title": "[ MDVSA-2012:096-1 ] python", "type": "securityvulns", "enchantments": {"score": {"modified": "2018-08-31T11:10:45", "vector": "NONE", "value": 5.0}}, "bulletinFamily": "software", "affectedSoftware": [], "cvelist": ["CVE-2011-4944", "CVE-2012-1150", "CVE-2011-3389", "CVE-2012-0876", "CVE-2012-0845", "CVE-2011-4940"], "modified": "2012-07-09T00:00:00", "id": "SECURITYVULNS:DOC:28232", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:28232", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "redhat": [{"lastseen": "2018-12-11T19:41:00", "_object_types": ["robots.models.base.Bulletin", "robots.models.redhat.RedHatBulletin"], "references": [], "affectedPackage": [{"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.95.8-11.el5_8", "arch": "i386", "packageName": "expat-debuginfo", "packageFilename": "expat-debuginfo-1.95.8-11.el5_8.i386.rpm", "operator": "lt"}], "description": "Expat is a C library written by James Clark for parsing XML documents.\n\nA denial of service flaw was found in the implementation of hash arrays in\nExpat. An attacker could use this flaw to make an application using Expat\nconsume an excessive amount of CPU time by providing a specially-crafted\nXML file that triggers multiple hash function collisions. To mitigate\nthis issue, randomization has been added to the hash function to reduce the\nchance of an attacker successfully causing intentional collisions.\n(CVE-2012-0876)\n\nA memory leak flaw was found in Expat. If an XML file processed by an\napplication linked against Expat triggered a memory re-allocation failure,\nExpat failed to free the previously allocated memory. This could cause the\napplication to exit unexpectedly or crash when all available memory is\nexhausted. (CVE-2012-1148)\n\nAll Expat users should upgrade to these updated packages, which contain\nbackported patches to correct these issues. After installing the updated\npackages, applications using the Expat library must be restarted for the\nupdate to take effect.\n", "reporter": "RedHat", "published": "2012-06-13T04:00:00", "type": "redhat", "title": "(RHSA-2012:0731) Moderate: expat security update", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2012-0876", "CVE-2012-1148"], "_object_type": "robots.models.redhat.RedHatBulletin", "modified": "2018-06-06T20:24:37", "id": "RHSA-2012:0731", "href": "https://access.redhat.com/errata/RHSA-2012:0731", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-02-15T20:03:30", "_object_types": ["robots.models.base.Bulletin", "robots.models.redhat.RedHatBulletin"], "references": [], "affectedPackage": [], "description": "Red Hat JBoss Web Server is a fully integrated and certified set of \ncomponents for hosting Java web applications. It is comprised of the Apache \nHTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector \n(mod_jk), JBoss HTTP Connector (mod_cluster), Hibernate, and the Tomcat \nNative library.\n\nMultiple flaws were found in the way httpd parsed HTTP requests and\nresponses using chunked transfer encoding. A remote attacker could use\nthese flaws to create a specially crafted request, which httpd would decode \ndifferently from an HTTP proxy software in front of it, possibly leading to \nHTTP request smuggling attacks. (CVE-2015-3183)\n\nA denial of service flaw was found in the implementation of hash arrays in \nExpat. An attacker could use this flaw to make an application using Expat \nconsume an excessive amount of CPU time by providing a specially-crafted\nXML file that triggers multiple hash function collisions. To mitigate this\nissue, randomization has been added to the hash function to reduce the\nchance of an attacker successfully causing intentional collisions.\n(CVE-2012-0876)\n\nA flaw was found in the way httpd handled HTTP Trailer headers when \nprocessing requests using chunked encoding. A malicious client could use \nTrailer headers to set additional HTTP headers after header processing was \nperformed by other modules. This could, for example, lead to a bypass of \nheader restrictions defined with mod_headers. (CVE-2013-5704)\n\nAll users of Red Hat JBoss Web Server 2.1.0 as provided from the Red Hat \nCustomer Portal are advised to apply this update. The Red Hat JBoss Web \nServer process must be restarted for the update to take effect.", "reporter": "RedHat", "published": "2016-01-21T20:45:11", "type": "redhat", "title": "(RHSA-2016:0062) Moderate: Red Hat JBoss Web Server 2.1.0 security update", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2012-0876", "CVE-2013-5704", "CVE-2015-3183"], "_object_type": "robots.models.redhat.RedHatBulletin", "modified": "2018-02-15T23:12:14", "id": "RHSA-2016:0062", "href": "https://access.redhat.com/errata/RHSA-2016:0062", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2017-07-26T22:57:25", "_object_types": ["robots.models.base.Bulletin", "robots.models.redhat.RedHatBulletin"], "references": [], "affectedPackage": [], "description": "This release of Red Hat JBoss Core Services httpd 2.4.23 serves as a replacement for JBoss Core Services Apache HTTP Server 2.4.6.\n\nSecurity Fix(es):\n\n* This update fixes several flaws in OpenSSL. (CVE-2014-8176, CVE-2015-0209, CVE-2015-0286, CVE-2015-3194, CVE-2015-3195, CVE-2015-3196, CVE-2015-3216, CVE-2016-0702, CVE-2016-0705, CVE-2016-0797, CVE-2016-0799, CVE-2016-2105, CVE-2016-2106, CVE-2016-2107, CVE-2016-2108, CVE-2016-2109, CVE-2016-2177, CVE-2016-2178, CVE-2016-2842)\n\n* This update fixes several flaws in libxml2. (CVE-2016-1762, CVE-2016-1833, CVE-2016-1834, CVE-2016-1835, CVE-2016-1836, CVE-2016-1837, CVE-2016-1838, CVE-2016-1839, CVE-2016-1840, CVE-2016-3627, CVE-2016-3705, CVE-2016-4447, CVE-2016-4448, CVE-2016-4449, CVE-2016-4483)\n\n* This update fixes three flaws in curl. (CVE-2016-5419, CVE-2016-5420, CVE-2016-7141)\n\n* This update fixes two flaws in httpd. (CVE-2014-3523, CVE-2015-3185)\n\n* This update fixes two flaws in mod_cluster. (CVE-2016-4459, CVE-2016-8612)\n\n* A buffer overflow flaw when concatenating virtual host names and URIs was fixed in mod_jk. (CVE-2016-6808)\n\n* A memory leak flaw was fixed in expat. (CVE-2012-1148)\n\nRed Hat would like to thank the OpenSSL project for reporting CVE-2014-8176, CVE-2015-0286, CVE-2016-2108, CVE-2016-2105, CVE-2016-2106, CVE-2016-2107, CVE-2016-0702, CVE-2016-0705, CVE-2016-0797, CVE-2016-0799, and CVE-2016-2842. The CVE-2016-4459 issue was discovered by Robert Bost (Red Hat). Upstream acknowledges Stephen Henson (OpenSSL development team) as the original reporter of CVE-2015-0286; Huzaifa Sidhpurwala (Red Hat), Hanno B\u00f6ck, and David Benjamin (Google) as the original reporters of CVE-2016-2108; Guido Vranken as the original reporter of CVE-2016-2105, CVE-2016-2106, CVE-2016-0797, CVE-2016-0799, and CVE-2016-2842; Juraj Somorovsky as the original reporter of CVE-2016-2107; Yuval Yarom (University of Adelaide and NICTA), Daniel Genkin (Technion and Tel Aviv University), and Nadia Heninger (University of Pennsylvania) as the original reporters of CVE-2016-0702; and Adam Langley (Google/BoringSSL) as the original reporter of CVE-2016-0705.\n\nSee the corresponding CVE pages linked to in the References section for more information about each of the flaws listed in this advisory.", "reporter": "RedHat", "published": "2016-12-16T03:02:12", "type": "redhat", "title": "(RHSA-2016:2957) Important: Red Hat JBoss Core Services Apache HTTP 2.4.23 Release", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "bulletinFamily": "unix", "cvelist": ["CVE-2012-0876", "CVE-2012-1148", "CVE-2014-3523", "CVE-2014-8176", "CVE-2015-0209", "CVE-2015-0286", "CVE-2015-3185", "CVE-2015-3194", "CVE-2015-3195", "CVE-2015-3196", "CVE-2015-3216", "CVE-2016-0702", "CVE-2016-0705", "CVE-2016-0797", "CVE-2016-0799", "CVE-2016-1762", "CVE-2016-1833", "CVE-2016-1834", "CVE-2016-1835", "CVE-2016-1836", "CVE-2016-1837", "CVE-2016-1838", "CVE-2016-1839", "CVE-2016-1840", "CVE-2016-2105", "CVE-2016-2106", "CVE-2016-2107", "CVE-2016-2108", "CVE-2016-2109", "CVE-2016-2177", "CVE-2016-2178", "CVE-2016-2842", "CVE-2016-3627", "CVE-2016-3705", "CVE-2016-4447", "CVE-2016-4448", "CVE-2016-4449", "CVE-2016-4459", "CVE-2016-4483", "CVE-2016-5419", "CVE-2016-5420", "CVE-2016-6808", "CVE-2016-7141", "CVE-2016-8612"], "_object_type": "robots.models.redhat.RedHatBulletin", "modified": "2017-07-25T00:12:36", "id": "RHSA-2016:2957", "href": "https://access.redhat.com/errata/RHSA-2016:2957", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "oraclelinux": [{"lastseen": "2018-08-31T01:43:01", "references": [], "affectedPackage": [{"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "1.95.8-11.el5_8", "arch": "i386", "packageFilename": "expat-1.95.8-11.el5_8.i386.rpm", "packageName": "expat", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "1.95.8-11.el5_8", "arch": "i386", "packageFilename": "expat-1.95.8-11.el5_8.i386.rpm", "packageName": "expat", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "1.95.8-11.el5_8", "arch": "i386", "packageFilename": "expat-1.95.8-11.el5_8.i386.rpm", "packageName": "expat", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "1.95.8-11.el5_8", "arch": "ia64", "packageFilename": "expat-1.95.8-11.el5_8.ia64.rpm", "packageName": "expat", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "2.0.1-11.el6_2", "arch": "src", "packageFilename": "expat-2.0.1-11.el6_2.src.rpm", "packageName": "expat", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "2.0.1-11.el6_2", "arch": "src", "packageFilename": "expat-2.0.1-11.el6_2.src.rpm", "packageName": "expat", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "2.0.1-11.el6_2", "arch": "x86_64", "packageFilename": "expat-devel-2.0.1-11.el6_2.x86_64.rpm", "packageName": "expat-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "1.95.8-11.el5_8", "arch": "ia64", "packageFilename": "expat-devel-1.95.8-11.el5_8.ia64.rpm", "packageName": "expat-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "1.95.8-11.el5_8", "arch": "x86_64", "packageFilename": "expat-devel-1.95.8-11.el5_8.x86_64.rpm", "packageName": "expat-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "1.95.8-11.el5_8", "arch": "i386", "packageFilename": "expat-devel-1.95.8-11.el5_8.i386.rpm", "packageName": "expat-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "1.95.8-11.el5_8", "arch": "i386", "packageFilename": "expat-devel-1.95.8-11.el5_8.i386.rpm", "packageName": "expat-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "2.0.1-11.el6_2", "arch": "i686", "packageFilename": "expat-devel-2.0.1-11.el6_2.i686.rpm", "packageName": "expat-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "2.0.1-11.el6_2", "arch": "i686", "packageFilename": "expat-devel-2.0.1-11.el6_2.i686.rpm", "packageName": "expat-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "2.0.1-11.el6_2", "arch": "i686", "packageFilename": "expat-2.0.1-11.el6_2.i686.rpm", "packageName": "expat", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "2.0.1-11.el6_2", "arch": "i686", "packageFilename": "expat-2.0.1-11.el6_2.i686.rpm", "packageName": "expat", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "1.95.8-11.el5_8", "arch": "x86_64", "packageFilename": "expat-1.95.8-11.el5_8.x86_64.rpm", "packageName": "expat", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "1.95.8-11.el5_8", "arch": "src", "packageFilename": "expat-1.95.8-11.el5_8.src.rpm", "packageName": "expat", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "1.95.8-11.el5_8", "arch": "src", "packageFilename": "expat-1.95.8-11.el5_8.src.rpm", "packageName": "expat", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "1.95.8-11.el5_8", "arch": "src", "packageFilename": "expat-1.95.8-11.el5_8.src.rpm", "packageName": "expat", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "2.0.1-11.el6_2", "arch": "x86_64", "packageFilename": "expat-2.0.1-11.el6_2.x86_64.rpm", "packageName": "expat", "operator": "lt"}], "description": "[2.0.1-11]\n- use symbol version for XML_SetHashSalt (CVE-2012-0876, #816306)\n[2.0.1-10]\n- add security fix for CVE-2012-1148 (#811825)\n- add security fix for CVE-2012-0876 (#811833)", "edition": 3, "reporter": "Oracle", "published": "2012-06-13T00:00:00", "title": "expat security update", "type": "oraclelinux", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2012-1148", "CVE-2012-0876"], "modified": "2012-06-13T00:00:00", "id": "ELSA-2012-0731", "href": "http://linux.oracle.com/errata/ELSA-2012-0731.html", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-08-31T01:49:22", "references": [], "affectedPackage": [{"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "2.6.6-29.el6_2.2", "arch": "i686", "packageFilename": "tkinter-2.6.6-29.el6_2.2.i686.rpm", "packageName": "tkinter", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "2.6.6-29.el6_2.2", "arch": "x86_64", "packageFilename": "python-libs-2.6.6-29.el6_2.2.x86_64.rpm", "packageName": "python-libs", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "2.6.6-29.el6_2.2", "arch": "x86_64", "packageFilename": "python-tools-2.6.6-29.el6_2.2.x86_64.rpm", "packageName": "python-tools", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "2.6.6-29.el6_2.2", "arch": "i686", "packageFilename": "python-tools-2.6.6-29.el6_2.2.i686.rpm", "packageName": "python-tools", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "2.6.6-29.el6_2.2", "arch": "src", "packageFilename": "python-2.6.6-29.el6_2.2.src.rpm", "packageName": "python", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "2.6.6-29.el6_2.2", "arch": "src", "packageFilename": "python-2.6.6-29.el6_2.2.src.rpm", "packageName": "python", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "2.6.6-29.el6_2.2", "arch": "x86_64", "packageFilename": "tkinter-2.6.6-29.el6_2.2.x86_64.rpm", "packageName": "tkinter", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "2.6.6-29.el6_2.2", "arch": "i686", "packageFilename": "python-devel-2.6.6-29.el6_2.2.i686.rpm", "packageName": "python-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "2.6.6-29.el6_2.2", "arch": "i686", "packageFilename": "python-devel-2.6.6-29.el6_2.2.i686.rpm", "packageName": "python-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "2.6.6-29.el6_2.2", "arch": "x86_64", "packageFilename": "python-test-2.6.6-29.el6_2.2.x86_64.rpm", "packageName": "python-test", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "2.6.6-29.el6_2.2", "arch": "i686", "packageFilename": "python-libs-2.6.6-29.el6_2.2.i686.rpm", "packageName": "python-libs", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "2.6.6-29.el6_2.2", "arch": "i686", "packageFilename": "python-libs-2.6.6-29.el6_2.2.i686.rpm", "packageName": "python-libs", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "2.6.6-29.el6_2.2", "arch": "x86_64", "packageFilename": "python-2.6.6-29.el6_2.2.x86_64.rpm", "packageName": "python", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "2.6.6-29.el6_2.2", "arch": "i686", "packageFilename": "python-2.6.6-29.el6_2.2.i686.rpm", "packageName": "python", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "2.6.6-29.el6_2.2", "arch": "i686", "packageFilename": "python-2.6.6-29.el6_2.2.i686.rpm", "packageName": "python", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "2.6.6-29.el6_2.2", "arch": "x86_64", "packageFilename": "python-devel-2.6.6-29.el6_2.2.x86_64.rpm", "packageName": "python-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "2.6.6-29.el6_2.2", "arch": "i686", "packageFilename": "python-test-2.6.6-29.el6_2.2.i686.rpm", "packageName": "python-test", "operator": "lt"}], "description": "[2.6.6-29.el6_2.2]\n- if hash randomization is enabled, also enable it within pyexpat\nResolves: CVE-2012-0876\n[2.6.6-29.el6_2.1]\n- distutils.config: create ~/.pypirc securely\nResolves: CVE-2011-4944\n- fix endless loop in SimpleXMLRPCServer upon malformed POST request\nResolves: CVE-2012-0845\n- send encoding in SimpleHTTPServer.list_directory to protect IE7 against\npotential XSS attacks\nResolves: CVE-2011-4940\n- oCERT-2011-003: add -R command-line option and PYTHONHASHSEED environment\nvariable, to provide an opt-in way to protect against denial of service\nattacks due to hash collisions within the dict and set types\nResolves: CVE-2012-1150", "edition": 3, "reporter": "Oracle", "published": "2012-06-18T00:00:00", "title": "python security update", "type": "oraclelinux", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2011-4944", "CVE-2012-1150", "CVE-2012-0876", "CVE-2012-0845", "CVE-2011-4940"], "modified": "2012-06-18T00:00:00", "id": "ELSA-2012-0744", "href": "http://linux.oracle.com/errata/ELSA-2012-0744.html", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-08-31T01:46:11", "references": [], "affectedPackage": [{"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "2.4.3-46.el5_8.2", "arch": "x86_64", "packageFilename": "python-devel-2.4.3-46.el5_8.2.x86_64.rpm", "packageName": "python-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "2.4.3-46.el5_8.2", "arch": "x86_64", "packageFilename": "python-libs-2.4.3-46.el5_8.2.x86_64.rpm", "packageName": "python-libs", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "2.4.3-46.el5_8.2", "arch": "ia64", "packageFilename": "tkinter-2.4.3-46.el5_8.2.ia64.rpm", "packageName": "tkinter", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "2.4.3-46.el5_8.2", "arch": "i386", "packageFilename": "tkinter-2.4.3-46.el5_8.2.i386.rpm", "packageName": "tkinter", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "2.4.3-46.el5_8.2", "arch": "ia64", "packageFilename": "python-libs-2.4.3-46.el5_8.2.ia64.rpm", "packageName": "python-libs", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "2.4.3-46.el5_8.2", "arch": "i386", "packageFilename": "python-devel-2.4.3-46.el5_8.2.i386.rpm", "packageName": "python-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "2.4.3-46.el5_8.2", "arch": "i386", "packageFilename": "python-devel-2.4.3-46.el5_8.2.i386.rpm", "packageName": "python-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "2.4.3-46.el5_8.2", "arch": "ia64", "packageFilename": "python-tools-2.4.3-46.el5_8.2.ia64.rpm", "packageName": "python-tools", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "2.4.3-46.el5_8.2", "arch": "i386", "packageFilename": "python-tools-2.4.3-46.el5_8.2.i386.rpm", "packageName": "python-tools", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "2.4.3-46.el5_8.2", "arch": "x86_64", "packageFilename": "tkinter-2.4.3-46.el5_8.2.x86_64.rpm", "packageName": "tkinter", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "2.4.3-46.el5_8.2", "arch": "x86_64", "packageFilename": "python-2.4.3-46.el5_8.2.x86_64.rpm", "packageName": "python", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "2.4.3-46.el5_8.2", "arch": "i386", "packageFilename": "python-2.4.3-46.el5_8.2.i386.rpm", "packageName": "python", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "2.4.3-46.el5_8.2", "arch": "src", "packageFilename": "python-2.4.3-46.el5_8.2.src.rpm", "packageName": "python", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "2.4.3-46.el5_8.2", "arch": "src", "packageFilename": "python-2.4.3-46.el5_8.2.src.rpm", "packageName": "python", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "2.4.3-46.el5_8.2", "arch": "src", "packageFilename": "python-2.4.3-46.el5_8.2.src.rpm", "packageName": "python", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "2.4.3-46.el5_8.2", "arch": "ia64", "packageFilename": "python-devel-2.4.3-46.el5_8.2.ia64.rpm", "packageName": "python-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "2.4.3-46.el5_8.2", "arch": "ia64", "packageFilename": "python-2.4.3-46.el5_8.2.ia64.rpm", "packageName": "python", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "2.4.3-46.el5_8.2", "arch": "x86_64", "packageFilename": "python-tools-2.4.3-46.el5_8.2.x86_64.rpm", "packageName": "python-tools", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "2.4.3-46.el5_8.2", "arch": "i386", "packageFilename": "python-libs-2.4.3-46.el5_8.2.i386.rpm", "packageName": "python-libs", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "2.4.3-46.el5_8.2", "arch": "i386", "packageFilename": "python-libs-2.4.3-46.el5_8.2.i386.rpm", "packageName": "python-libs", "operator": "lt"}], "description": "[2.4.3-46.el5_8.2]\n- if hash randomization is enabled, also enable it within pyexpat\nResolves: CVE-2012-0876\n[2.4.3-46.el5_8.1]\n- distutils.commands.register: create ~/.pypirc securely\nResolves: CVE-2011-4944\n- send encoding in SimpleHTTPServer.list_directory to protect IE7 against\npotential XSS attacks\nResolves: CVE-2011-4940\n- oCERT-2011-003: add -R command-line option and PYTHONHASHSEED environment\nvariable, to provide an opt-in way to protect against denial of service\nattacks due to hash collisions within the dict and set types\nResolves: CVE-2012-1150", "edition": 3, "reporter": "Oracle", "published": "2012-06-18T00:00:00", "title": "python security update", "type": "oraclelinux", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2011-4944", "CVE-2012-1150", "CVE-2012-0876", "CVE-2011-4940"], "modified": "2012-06-18T00:00:00", "id": "ELSA-2012-0745", "href": "http://linux.oracle.com/errata/ELSA-2012-0745.html", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "gentoo": [{"lastseen": "2016-09-06T19:46:31", "references": ["http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3720", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3560", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1147", "https://bugs.gentoo.org/show_bug.cgi?id=407519", "https://bugs.gentoo.org/show_bug.cgi?id=280615", "https://bugs.gentoo.org/show_bug.cgi?id=303727", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1148", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0876"], "affectedPackage": [{"OS": "Gentoo", "OSVersion": "any", "packageVersion": "2.1.0_beta3", "arch": "all", "packageFilename": "UNKNOWN", "packageName": "dev-libs/expat", "operator": "lt"}], "edition": 1, "description": "### Background\n\nExpat is a set of XML parsing libraries.\n\n### Description\n\nMultiple vulnerabilities have been discovered in Expat. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nA remote attacker could entice a user to open a specially crafted XML file in an application linked against Expat, possibly resulting in a Denial of Service condition. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll Expat users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev-libs/expat-2.1.0_beta3\"\n \n\nPackages which depend on this library may need to be recompiled. Tools such as revdep-rebuild may assist in identifying some of these packages.", "reporter": "Gentoo Foundation", "published": "2012-09-24T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 4.3}}, "type": "gentoo", "title": "Expat: Multiple vulnerabilities", "bulletinFamily": "unix", "cvelist": ["CVE-2012-1148", "CVE-2012-1147", "CVE-2012-0876", "CVE-2009-3720", "CVE-2009-3560"], "modified": "2012-09-24T00:00:00", "id": "GLSA-201209-06", "href": "https://security.gentoo.org/glsa/201209-06", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "archlinux": [{"lastseen": "2016-09-02T18:44:36", "references": ["https://access.redhat.com/security/cve/CVE-2016-5300", "https://access.redhat.com/security/cve/CVE-2012-6702"], "affectedPackage": [{"OS": "any", "OSVersion": "any", "packageVersion": "2.1.1-3", "arch": "any", "packageFilename": "UNKNOWN", "packageName": "lib32-expat", "operator": "lt"}], "description": "- CVE-2012-6702 (predictable random numbers)\n\nIt was found that when calling XML_Parse ahead of rand(), it causes the\npseudo random generator to generate non-random predictable numbers.\n\n- CVE-2016-5300 (denial of service)\n\nIt was found that original fix for CVE-2012-0876 used too little\nentropy for the hash initialization. This issue can be used to perform\na hash collision based denial of service attack.", "edition": 1, "reporter": "Arch Linux", "published": "2016-06-13T00:00:00", "title": "lib32-expat: multiple issues", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "type": "archlinux", "bulletinFamily": "unix", "cvelist": ["CVE-2016-5300", "CVE-2012-0876", "CVE-2012-6702"], "modified": "2016-06-13T00:00:00", "id": "ASA-201606-14", "href": "https://lists.archlinux.org/pipermail/arch-security/2016-June/000649.html", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2016-09-02T18:44:43", "references": ["https://access.redhat.com/security/cve/CVE-2016-5300", "https://access.redhat.com/security/cve/CVE-2012-6702"], "affectedPackage": [{"OS": "any", "OSVersion": "any", "packageVersion": "2.1.1-3", "arch": "any", "packageFilename": "UNKNOWN", "packageName": "expat", "operator": "lt"}], "description": "- CVE-2012-6702 (predictable random numbers)\n\nIt was found that when calling XML_Parse ahead of rand(), it causes the\npseudo random generator to generate non-random predictable numbers.\n\n- CVE-2016-5300 (denial of service)\n\nIt was found that original fix for CVE-2012-0876 used too little\nentropy for the hash initialization. This issue can be used to perform\na hash collision based denial of service attack.", "edition": 1, "reporter": "Arch Linux", "published": "2016-06-13T00:00:00", "title": "expat: multiple issues", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "type": "archlinux", "bulletinFamily": "unix", "cvelist": ["CVE-2016-5300", "CVE-2012-0876", "CVE-2012-6702"], "modified": "2016-06-13T00:00:00", "id": "ASA-201606-13", "href": "https://lists.archlinux.org/pipermail/arch-security/2016-June/000648.html", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}], "vmware": [{"lastseen": "2018-09-02T02:40:31", "references": [], "affectedPackage": [{"OS": "ESX", "OSVersion": "any", "packageVersion": "4.0", "arch": "any", "packageFilename": "UNKNOWN", "packageName": "ESX", "operator": "eq"}, {"OS": "ESX", "OSVersion": "any", "packageVersion": "ESX410-201211402-SG", "arch": "any", "packageFilename": "UNKNOWN", "packageName": "ESX", "operator": "lt"}, {"OS": "ESX", "OSVersion": "any", "packageVersion": "ESX410-201211407-SG", "arch": "any", "packageFilename": "UNKNOWN", "packageName": "ESX", "operator": "lt"}, {"OS": "ESX", "OSVersion": "any", "packageVersion": "ESX410-201211405-SG", "arch": "any", "packageFilename": "UNKNOWN", "packageName": "ESX", "operator": "lt"}, {"OS": "ESX", "OSVersion": "any", "packageVersion": "ESX410-201211401-SG", "arch": "any", "packageFilename": "UNKNOWN", "packageName": "ESX", "operator": "lt"}, {"OS": "ESXi", "OSVersion": "any", "packageVersion": "ESXi410-201211401-SG", "arch": "any", "packageFilename": "UNKNOWN", "packageName": "ESXi", "operator": "lt"}], "description": "a. VMware vSphere API denial of service vulnerability \nThe VMware vSphere API contains a denial of service vulnerability. This issue allows an unauthenticated user to send a maliciously crafted API request and disable the host daemon. Exploitation of the issue would prevent management activities on the host but any virtual machines running on the host would be unaffected. \nVMware would like to thank Sebasti\u00e1n Tello of Core Security Technologies for reporting this issue to us. \nThe Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2012-5703 to this issue. \nColumn 4 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available. \n\n", "edition": 3, "reporter": "VMware", "published": "2012-11-15T00:00:00", "title": "VMware security updates for vSphere API and ESX Service Console", "type": "vmware", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2012-1148", "CVE-2012-5703", "CVE-2011-4944", "CVE-2012-3817", "CVE-2012-1150", "CVE-2012-0876", "CVE-2012-1667", "CVE-2011-4940", "CVE-2012-0441", "CVE-2012-1033"], "modified": "2012-11-15T00:00:00", "id": "VMSA-2012-0016", "href": "https://www.vmware.com/security/advisories/VMSA-2012-0016.html", "cvss": {"score": 8.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:COMPLETE/"}}], "freebsd": [{"lastseen": "2018-08-31T01:13:51", "references": ["https://raw.githubusercontent.com/python/cpython/84471935ed2f62b8c5758fd544c7d37076fe0fa5/Misc/NEWS"], "affectedPackage": [{"OS": "FreeBSD", "OSVersion": "any", "packageVersion": "2.7.14", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "python27", "operator": "lt"}], "description": "\nPython reports:\n\nMultiple vulnerabilities have been fixed in Python 2.7.14. Please refer to the CVE list for details.\n\n", "edition": 3, "reporter": "FreeBSD", "published": "2017-08-26T00:00:00", "title": "Python 2.7 -- multiple vulnerabilities", "type": "freebsd", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "bulletinFamily": "unix", "cvelist": ["CVE-2017-9233", "CVE-2016-9063", "CVE-2016-5300", "CVE-2012-0876", "CVE-2016-0718", "CVE-2016-4472"], "modified": "2017-08-26T00:00:00", "id": "9164F51E-AE20-11E7-A633-009C02A2AB30", "href": "https://vuxml.freebsd.org/freebsd/9164f51e-ae20-11e7-a633-009c02a2ab30.html", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T01:13:41", "references": ["https://github.com/python/cpython/blob/2.7/Misc/NEWS.d/2.7.15.rst", "https://github.com/python/cpython/blob/2.7/Misc/NEWS.d/2.7.15rc1.rst"], "affectedPackage": [{"OS": "FreeBSD", "OSVersion": "any", "packageVersion": "2.7.15", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "python27", "operator": "lt"}], "description": "\npython release notes:\n\nMultiple vulnerabilities has been fixed in this release. Please refer to the CVE list for details.\n\n", "edition": 3, "reporter": "FreeBSD", "published": "2018-05-01T00:00:00", "title": "python 2.7 -- multiple vulnerabilities", "type": "freebsd", "enchantments": {"score": {"modified": "2018-08-31T01:13:41", "vector": "NONE", "value": 7.5}}, "bulletinFamily": "unix", "cvelist": ["CVE-2017-9233", "CVE-2016-9063", "CVE-2018-1060", "CVE-2012-0876", "CVE-2016-0718", "CVE-2018-1061", "CVE-2016-4472"], "modified": "2018-05-01T00:00:00", "id": "8719B935-8BAE-41AD-92BA-3C826F651219", "href": "https://vuxml.freebsd.org/freebsd/8719b935-8bae-41ad-92ba-3c826f651219.html", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "slackware": [{"lastseen": "2018-08-31T00:36:55", "references": [], "affectedPackage": [{"OS": "Slackware", "OSVersion": "14.0", "packageVersion": "2.7.15", "arch": "i486", "packageFilename": "python-2.7.15-i486-1_slack14.0.txz", "packageName": "python", "operator": "lt"}, {"OS": "Slackware", "OSVersion": "14.2", "packageVersion": "2.7.15", "arch": "i586", "packageFilename": "python-2.7.15-i586-1_slack14.2.txz", "packageName": "python", "operator": "lt"}, {"OS": "Slackware", "OSVersion": "14.1", "packageVersion": "2.7.15", "arch": "x86_64", "packageFilename": "python-2.7.15-x86_64-1_slack14.1.txz", "packageName": "python", "operator": "lt"}, {"OS": "Slackware", "OSVersion": "14.2", "packageVersion": "2.7.15", "arch": "x86_64", "packageFilename": "python-2.7.15-x86_64-1_slack14.2.txz", "packageName": "python", "operator": "lt"}, {"OS": "Slackware", "OSVersion": "14.1", "packageVersion": "2.7.15", "arch": "i486", "packageFilename": "python-2.7.15-i486-1_slack14.1.txz", "packageName": "python", "operator": "lt"}, {"OS": "Slackware", "OSVersion": "14.0", "packageVersion": "2.7.15", "arch": "x86_64", "packageFilename": "python-2.7.15-x86_64-1_slack14.0.txz", "packageName": "python", "operator": "lt"}], "description": "New python packages are available for Slackware 14.0, 14.1, 14.2, and -current\nto fix security issues.\n\n\nHere are the details from the Slackware 14.2 ChangeLog:\n\npatches/packages/python-2.7.15-i586-1_slack14.2.txz: Upgraded.\n Updated to the latest 2.7.x release.\n This fixes some security issues in difflib and poplib (regexes vulnerable\n to denial of service attacks), as well as security issues with the bundled\n expat library.\n For more information, see:\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0876\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0718\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0718\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4472\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5300\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9063\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9233\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1060\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1061\n (* Security fix *)\n\nWhere to find the new packages:\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating FTP and rsync hosting\nto the Slackware project! :-)\n\nAlso see the &quot;Get Slack&quot; section on http://slackware.com for\nadditional mirror sites near you.\n\nUpdated package for Slackware 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/python-2.7.15-i486-1_slack14.0.txz\n\nUpdated package for Slackware x86_64 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/python-2.7.15-x86_64-1_slack14.0.txz\n\nUpdated package for Slackware 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/python-2.7.15-i486-1_slack14.1.txz\n\nUpdated package for Slackware x86_64 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/python-2.7.15-x86_64-1_slack14.1.txz\n\nUpdated package for Slackware 14.2:\nftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/python-2.7.15-i586-1_slack14.2.txz\n\nUpdated package for Slackware x86_64 14.2:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/python-2.7.15-x86_64-1_slack14.2.txz\n\nUpdated package for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/d/python-2.7.15-i586-1.txz\n\nUpdated package for Slackware x86_64 -current:\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/d/python-2.7.15-x86_64-1.txz\n\n\nMD5 signatures:\n\nSlackware 14.0 package:\n815f18de185a913b37f8a4a5ba209a33 python-2.7.15-i486-1_slack14.0.txz\n\nSlackware x86_64 14.0 package:\nac2745d0977849cf16ad3b386ad6e706 python-2.7.15-x86_64-1_slack14.0.txz\n\nSlackware 14.1 package:\n96fa93f516bfefae9539d8d5329fe8e1 python-2.7.15-i486-1_slack14.1.txz\n\nSlackware x86_64 14.1 package:\n5895cf391b0de5746e4c23c5c34dd50f python-2.7.15-x86_64-1_slack14.1.txz\n\nSlackware 14.2 package:\n82212eec089fe925da83e47d5b829b3e python-2.7.15-i586-1_slack14.2.txz\n\nSlackware x86_64 14.2 package:\n9ca1bd6126f729067fc507271889643e python-2.7.15-x86_64-1_slack14.2.txz\n\nSlackware -current package:\nfa60bc913282d7992f5cf8b29863a411 d/python-2.7.15-i586-1.txz\n\nSlackware x86_64 -current package:\n0d473b473463c6927a1efaab6e6f601d d/python-2.7.15-x86_64-1.txz\n\n\nInstallation instructions:\n\nUpgrade the package as root:\n > upgradepkg python-2.7.15-i586-1_slack14.2.txz", "edition": 3, "reporter": "Slackware Linux Project", "published": "2018-05-04T13:53:50", "title": "python", "type": "slackware", "enchantments": {"score": {"modified": "2018-08-31T00:36:55", "vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2017-9233", "CVE-2016-9063", "CVE-2016-5300", "CVE-2018-1060", "CVE-2012-0876", "CVE-2016-0718", "CVE-2018-1061", "CVE-2016-4472"], "modified": "2018-05-04T13:53:50", "id": "SSA-2018-124-01", "href": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2018&m=slackware-security.470394", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}]}