Mandriva Linux Security Advisory : expat (MDVSA-2012:041)
2012-03-28T00:00:00
ID MANDRIVA_MDVSA-2012-041.NASL Type nessus Reporter This script is Copyright (C) 2012-2019 Tenable Network Security, Inc. Modified 2020-07-02T00:00:00
Description
A memory leak and a hash table collision flaw in expat could cause
denial os service (DoS) attacks (CVE-2012-0876, CVE-2012-1148).
The updated packages have been patched to correct this issue.
#%NASL_MIN_LEVEL 80502
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Mandriva Linux Security Advisory MDVSA-2012:041.
# The text itself is copyright (C) Mandriva S.A.
#
include("compat.inc");
if (description)
{
script_id(58506);
script_version("1.14");
script_cvs_date("Date: 2019/08/02 13:32:54");
script_cve_id("CVE-2012-0876", "CVE-2012-1148");
script_bugtraq_id(52379);
script_xref(name:"MDVSA", value:"2012:041");
script_name(english:"Mandriva Linux Security Advisory : expat (MDVSA-2012:041)");
script_summary(english:"Checks rpm output for the updated packages");
script_set_attribute(
attribute:"synopsis",
value:
"The remote Mandriva Linux host is missing one or more security
updates."
);
script_set_attribute(
attribute:"description",
value:
"A memory leak and a hash table collision flaw in expat could cause
denial os service (DoS) attacks (CVE-2012-0876, CVE-2012-1148).
The updated packages have been patched to correct this issue."
);
script_set_attribute(attribute:"solution", value:"Update the affected packages.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:expat");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64expat-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64expat-static-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64expat1");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64expat1-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libexpat-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libexpat-static-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libexpat1");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libexpat1-devel");
script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:linux:2010.1");
script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:linux:2011");
script_set_attribute(attribute:"patch_publication_date", value:"2012/03/27");
script_set_attribute(attribute:"plugin_publication_date", value:"2012/03/28");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2012-2019 Tenable Network Security, Inc.");
script_family(english:"Mandriva Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux");
if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu);
flag = 0;
if (rpm_check(release:"MDK2010.1", reference:"expat-2.0.1-12.1mdv2010.2", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.1", cpu:"x86_64", reference:"lib64expat1-2.0.1-12.1mdv2010.2", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.1", cpu:"x86_64", reference:"lib64expat1-devel-2.0.1-12.1mdv2010.2", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.1", cpu:"i386", reference:"libexpat1-2.0.1-12.1mdv2010.2", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.1", cpu:"i386", reference:"libexpat1-devel-2.0.1-12.1mdv2010.2", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2011", reference:"expat-2.0.1-15.1-mdv2011.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2011", cpu:"x86_64", reference:"lib64expat-devel-2.0.1-15.1-mdv2011.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2011", cpu:"x86_64", reference:"lib64expat-static-devel-2.0.1-15.1-mdv2011.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2011", cpu:"x86_64", reference:"lib64expat1-2.0.1-15.1-mdv2011.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2011", cpu:"i386", reference:"libexpat-devel-2.0.1-15.1-mdv2011.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2011", cpu:"i386", reference:"libexpat-static-devel-2.0.1-15.1-mdv2011.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2011", cpu:"i386", reference:"libexpat1-2.0.1-15.1-mdv2011.0", yank:"mdv")) flag++;
if (flag)
{
if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
else security_warning(0);
exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");
{"f5": [{"lastseen": "2016-09-26T17:23:06", "bulletinFamily": "software", "description": "**Important**: *Certain product versions contain the affected code; however, those product versions do not parse untrusted XML input, and are, therefore, not exploitable.\n\nVulnerability Recommended Actions\n\nIf the previous table lists a version in the** Versions known to be not vulnerable** column, you can eliminate this vulnerability by upgrading to the listed version. If the listed version is older than the version you are currently running, or if the table does not list any version in the column, then no upgrade candidate currently exists.\n\nF5 responds to vulnerabilities in accordance with the Severity values published in the previous table. The Severity values and other security vulnerability parameters are defined in SOL4602: Overview of the F5 security vulnerability response policy.\n\n**BIG-IP ASM**\n\nWhen the BIG-IP ASM system is provisioned, the custom attack signature portion of the Web UI is vulnerable; this situation requires an administrative-level user to interface with the vulnerable component.\n\nSupplemental Information\n\n * SOL9970: Subscribing to email notifications regarding F5 products\n * SOL9957: Creating a custom RSS feed to view new and updated documents\n * SOL4918: Overview of the F5 critical issue hotfix policy\n * SOL167: Downloading software and firmware from F5\n", "modified": "2016-06-28T00:00:00", "published": "2015-07-10T00:00:00", "href": "http://support.f5.com/kb/en-us/solutions/public/16000/900/sol16949.html", "id": "SOL16949", "title": "SOL16949 - Expat vulnerabilities CVE-2012-0876 and CVE-2012-1148", "type": "f5", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-08-15T01:08:46", "bulletinFamily": "software", "description": "\nF5 Product Development has assigned ID 388737 (BIG-IP) to these vulnerabilities, and has evaluated the currently supported releases for potential vulnerability. Additionally, [BIG-IP iHealth](<http://www.f5.com/support/support-tools/big-ip-ihealth/>) may list Heuristic H16949 on the **Diagnostics** > **Identified** > **Medium** screen.\n\nTo determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table:\n\nProduct | Versions known to be vulnerable | Versions known to be not vulnerable | Severity | Vulnerable component or feature \n---|---|---|---|--- \nBIG-IP LTM | 11.0.0 - 11.2.1* \n10.1.0 - 10.2.4* | 11.3.0 - 11.6.0 | Medium | xmlparse.c \nBIG-IP AAM | 11.0.0 - 11.2.1* \n10.1.0 - 10.2.4* | 11.3.0 - 11.6.0 | Medium | xmlparse.c \nBIG-IP AFM | 11.0.0 - 11.2.1* \n10.1.0 - 10.2.4* | 11.3.0 - 11.6.0 | Medium | xmlparse.c \nBIG-IP Analytics | 11.0.0 - 11.2.1* \n10.1.0 - 10.2.4* | 11.3.0 - 11.6.0 | Medium | xmlparse.c \nBIG-IP APM | 11.0.0 - 11.2.1* \n10.1.0 - 10.2.4* | 11.3.0 - 11.6.0 | Medium | xmlparse.c \nBIG-IP ASM | 11.0.0 - 11.2.1 \n10.1.0 - 10.2.4 | 11.3.0 - 11.6.0 | Medium | xmlparse.c \nBIG-IP Edge Gateway | 11.0.0 - 11.2.1* \n10.1.0 - 10.2.4* | 11.3.0 | Medium | xmlparse.c \nBIG-IP GTM | 11.0.0 - 11.2.1* \n10.1.0 - 10.2.4* | 11.3.0 - 11.6.0 | Medium | xmlparse.c \nBIG-IP Link Controller | 11.0.0 - 11.2.1* \n10.1.0 - 10.2.4* | 11.3.0 - 11.6.0 | Medium | xmlparse.c \nBIG-IP PEM | 11.0.0 - 11.2.1* \n10.1.0 - 10.2.4* | 11.3.0 - 11.6.0 | Medium | xmlparse.c \nBIG-IP PSM | 11.0.0 - 11.2.1* \n10.1.0 - 10.2.4* | 11.3.0 - 11.6.0 | Medium | xmlparse.c \nBIG-IP WebAccelerator | 11.0.0 - 11.2.1* \n10.1.0 - 10.2.4* | 11.3.0 | Medium | xmlparse.c \nBIG-IP WOM | 11.0.0 - 11.2.1* \n10.1.0 - 10.2.4* | 11.3.0 | Medium | xmlparse.c \nARX | None | 6.0.0 - 6.4.0 | Not vulnerable | None \nEnterprise Manager | None | 3.0.0 - 3.1.1 \n2.1.0 - 2.3.0 | Not vulnerable | None \nFirePass | None | 7.0.0 \n6.0.0 - 6.1.0 | Not vulnerable | None \nBIG-IQ Cloud | None | 4.0.0 - 4.5.0 | Not vulnerable | None \nBIG-IQ Device | None | 4.2.0 - 4.5.0 | Not vulnerable | None \nBIG-IQ Security | None | 4.0.0 - 4.5.0 | Not vulnerable | None \nBIG-IQ ADC | None | 4.5.0 | Not vulnerable | None \nLineRate | None | 2.5.0 - 2.6.0 | Not vulnerable | None \nF5 WebSafe | None | 1.0.0 | Not vulnerable | None \nTraffix SDC | None | 4.0.0 - 4.4.0 | Not vulnerable | None \n \n* **Important**: Certain product versions contain the affected code; however, those product versions do not parse untrusted XML input, and are, therefore, not exploitable.\n\nIf you are running a version listed in the **Versions known to be vulnerable **column, you can eliminate this vulnerability by upgrading to a version listed in the **Versions known to be not vulnerable **column. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists.\n\nMitigation\n\nBIG-IP ASM\n\nWhen the BIG-IP ASM system is provisioned, the custom attack signature portion of the Web UI is vulnerable; this situation requires an administrative-level user to interface with the vulnerable component.\n\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n * [K167: Downloading software and firmware from F5](<https://support.f5.com/csp/article/K167>)\n", "modified": "2017-08-14T23:30:00", "published": "2015-07-11T03:06:00", "href": "https://support.f5.com/csp/article/K16949", "id": "F5:K16949", "type": "f5", "title": "Expat vulnerabilities CVE-2012-0876 and CVE-2012-1148", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2016-11-09T00:09:38", "bulletinFamily": "software", "description": "Vulnerability Recommended Actions\n\nIf you are running a version listed in the **Versions known to be vulnerable** column, you can eliminate this vulnerability by upgrading to a version listed in the **Versions known to be not vulnerable** column. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists.\n\nTo determine the necessary upgrade path for your BIG-IQ system, you should understand the BIG-IQ product offering name changes. For more information, refer to SOL21232150: Considerations for upgrading BIG-IQ or F5 iWorkflow systems.\n\nSupplemental Information\n\n * SOL9970: Subscribing to email notifications regarding F5 products\n * SOL9957: Creating a custom RSS feed to view new and updated documents\n * SOL4602: Overview of the F5 security vulnerability response policy\n * SOL4918: Overview of the F5 critical issue hotfix policy\n * SOL167: Downloading software and firmware from F5\n * SOL13123: Managing BIG-IP product hotfixes (11.x - 12.x)\n * SOL9502: BIG-IP hotfix matrix\n * SOL15106: Managing BIG-IQ product hotfixes\n * SOL15113: BIG-IQ hotfix matrix\n * SOL12766: ARX hotfix matrix\n", "modified": "2016-10-26T00:00:00", "published": "2016-10-26T00:00:00", "href": "http://support.f5.com/kb/en-us/solutions/public/k/70/sol70938105.html", "id": "SOL70938105", "type": "f5", "title": "SOL70938105 - Expat XML library vulnerability CVE-2016-5300", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2020-04-06T22:40:17", "bulletinFamily": "software", "description": "\nF5 Product Development has assigned ID 617273 (BIG-IP), ID 617964 (BIG-IQ/F5 iWorkflow), ID 618243 (Enterprise Manager), and ID 528541 (ARX) to this vulnerability. Additionally, [BIG-IP iHealth](<http://www.f5.com/support/support-tools/big-ip-ihealth/>) may list Heuristic H624219 on the **Diagnostics** > **Identified** > **Medium** page.\n\nTo determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table.\n\nProduct | Versions known to be vulnerable | Versions known to be not vulnerable | Severity | Vulnerable component or feature \n---|---|---|---|--- \nBIG-IP LTM | 13.0.0 \n12.0.0 - 12.1.3 \n11.6.1 - 11.6.3 \n11.4.0 - 11.5.6 | 14.1.0 \n14.0.0 \n13.1.0 \n13.0.1 \n12.1.3.2 \n11.6.3.2 \n11.5.7 \n11.2.1 \n10.2.1 - 10.2.4 | Medium | XML parser Expat library \nBIG-IP AAM | 13.0.0 \n12.0.0 - 12.1.3 \n11.6.1 - 11.6.3 \n11.4.0 - 11.5.6 | 14.1.0 \n14.0.0 \n13.1.0 \n13.0.1 \n12.1.3.2 \n11.6.3.2 \n11.5.7 | Medium | XML parser Expat library \nBIG-IP AFM | 13.0.0 \n12.0.0 - 12.1.3 \n11.6.1 - 11.6.3 \n11.4.0 - 11.5.6 | 14.1.0 \n14.0.0 \n13.1.0 \n13.0.1 \n12.1.3.2 \n11.6.3.2 \n11.5.7 | Medium | XML parser Expat library \nBIG-IP Analytics | 13.0.0 \n12.0.0 - 12.1.3 \n11.6.1 - 11.6.3 \n11.4.0 - 11.5.6 | 14.1.0 \n14.0.0 \n13.1.0 \n13.0.1 \n12.1.3.2 \n11.6.3.2 \n11.5.7 \n11.2.1 | Medium | XML parser Expat library \nBIG-IP APM | 13.0.0 \n12.0.0 - 12.1.3 \n11.6.1 - 11.6.3 \n11.4.0 - 11.5.6 | 14.1.0 \n14.0.0 \n13.1.0 \n13.0.1 \n12.1.3.2 \n11.6.3.2 \n11.5.7 \n11.2.1 \n10.2.1 - 10.2.4 | Medium | XML parser Expat library \nBIG-IP ASM | 13.0.0 \n12.0.0 - 12.1.3 \n11.6.1 - 11.6.3 \n11.4.0 - 11.5.6 | 14.1.0 \n14.0.0 \n13.1.0 \n13.0.1 \n12.1.3.2 \n11.6.3.2 \n11.5.7 \n11.2.1 \n10.2.1 - 10.2.4 | Medium | XML parser Expat library \nBIG-IP DNS | 13.0.0 \n12.0.0 - 12.1.3 | 14.1.0 \n14.0.0 \n13.1.0 \n13.0.1 \n12.1.3.2 | Medium | XML parser Expat library \nBIG-IP Edge Gateway | None | 11.2.1 \n10.2.1 - 10.2.4 | Not vulnerable | None \nBIG-IP GTM | 11.6.1 - 11.6.3 \n11.4.0 - 11.5.6 | 11.6.3.2 \n11.5.7 \n11.2.1 \n10.2.1 - 10.2.4 | Medium | XML parser Expat library \nBIG-IP Link Controller | 13.0.0 \n12.0.0 - 12.1.3 \n11.6.1 - 11.6.3 \n11.4.0 - 11.5.6 | 14.1.0 \n14.0.0 \n13.1.0 \n13.0.1 \n12.1.3.2 \n11.6.3.2 \n11.5.7 \n11.2.1 \n10.2.1 - 10.2.4 | Medium | XML parser Expat library \nBIG-IP PEM | 13.0.0 \n12.0.0 - 12.1.3 \n11.6.1 - 11.6.3 \n11.4.0 - 11.5.6 | 14.1.0 \n14.0.0 \n13.1.0 \n13.0.1 \n12.1.3.2 \n11.6.3.2 \n11.5.7 | Medium | XML parser Expat library \nBIG-IP PSM | 11.4.0 - 11.4.1 | 10.2.1 - 10.2.4 | Medium | XML parser Expat library \nBIG-IP WebAccelerator | None | 11.2.1 \n10.2.1 - 10.2.4 | Not vulnerable | None \nBIG-IP WebSafe | 13.0.0 \n12.0.0 - 12.1.3 \n11.6.0 - 11.6.3 | 14.1.0 \n14.0.0 \n13.1.0 \n13.0.1 \n12.1.3.2 | Medium \n\n \n\n| XML parser Expat library \nARX | 6.2.0 - 6.4.0 | None | Low | XML parser Expat library \nEnterprise Manager | 3.1.1 | None | Medium | XML parser Expat library \nBIG-IQ Cloud | 4.0.0 - 4.5.0 | None | Medium | XML parser Expat library \nBIG-IQ Device | 4.2.0 - 4.5.0 | None | Medium | XML parser Expat library \nBIG-IQ Security | 4.0.0 - 4.5.0 | None | Medium | XML parser Expat library \nBIG-IQ ADC | 4.5.0 | None | Medium | XML parser Expat library \nBIG-IQ Centralized Management | 5.0.0 - 5.4.0 \n4.6.0 | None | Medium | XML parser Expat library \nBIG-IQ Cloud and Orchestration | 1.0.0 | None | Medium | XML parser Expat library \nF5 iWorkflow | 2.0.0 - 2.3.0 | None | Medium | XML parser Expat library \nLineRate | None | 2.5.0 - 2.6.1 | Not vulnerable | None \nTraffix SDC | None | 5.0.0 \n4.0.0 - 4.4.0 | Not vulnerable | None\n\nIf you are running a version listed in the **Versions known to be vulnerable** column, you can eliminate this vulnerability by upgrading to a version listed in the **Versions known to be not vulnerable **column. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists.\n\nMitigation\n\nNone\n\n * [K21232150: Considerations for upgrading BIG-IQ or F5 iWorkflow systems](<https://support.f5.com/csp/article/K21232150>).\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n * [K167: Downloading software and firmware from F5](<https://support.f5.com/csp/article/K167>)\n * [K13123: Managing BIG-IP product hotfixes (11.x - 13.x)](<https://support.f5.com/csp/article/K13123>)\n * [K9502: BIG-IP hotfix and point release matrix](<https://support.f5.com/csp/article/K9502>)\n * [K15106: Managing BIG-IQ product hotfixes](<https://support.f5.com/csp/article/K15106>)\n * [K15113: BIG-IQ hotfix matrix](<https://support.f5.com/csp/article/K15113>)\n * [K12766: ARX hotfix matrix](<https://support.f5.com/csp/article/K12766>)\n", "modified": "2018-12-17T23:12:00", "published": "2016-10-27T01:15:00", "id": "F5:K70938105", "href": "https://support.f5.com/csp/article/K70938105", "title": "Expat XML library vulnerability CVE-2016-5300", "type": "f5", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}], "openvas": [{"lastseen": "2020-04-07T18:45:52", "bulletinFamily": "scanner", "description": "The remote host is missing a security patch.", "modified": "2020-04-03T00:00:00", "published": "2015-09-19T00:00:00", "id": "OPENVAS:1361412562310105371", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310105371", "title": "F5 BIG-IP - SOL16949 - Expat vulnerabilities CVE-2012-0876 and CVE-2012-1148", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# F5 BIG-IP - SOL16949 - Expat vulnerabilities CVE-2012-0876 and CVE-2012-1148\n#\n# Authors:\n# Michael Meyer <michael.meyer@greenbone.net>\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/h:f5:big-ip\";\n\nif (description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.105371\");\n script_cve_id(\"CVE-2012-0876\", \"CVE-2012-1148\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_version(\"2020-04-03T06:15:47+0000\");\n\n script_name(\"F5 BIG-IP - SOL16949 - Expat vulnerabilities CVE-2012-0876 and CVE-2012-1148\");\n\n script_xref(name:\"URL\", value:\"https://support.f5.com/kb/en-us/solutions/public/16000/900/sol16949.html\");\n\n script_tag(name:\"impact\", value:\"These vulnerabilities allow context-dependent attackers to cause a denial-of-service (DoS) (CPU and/or memory consumption) by way of XML files.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The XML parser (xmlparse.c) in expat before 2.1.0 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via an XML file with many identifiers with the same value.Memory leak in the poolGrow function in expat/lib/xmlparse.c in expat before 2.1.0 allows context-dependent attackers to cause a denial of service (memory consumption) via a large number of crafted XML files that cause improperly-handled reallocation failures when expanding entities.\");\n\n script_tag(name:\"solution\", value:\"See the referenced vendor advisory for a solution.\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing a security patch.\");\n\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_tag(name:\"last_modification\", value:\"2020-04-03 06:15:47 +0000 (Fri, 03 Apr 2020)\");\n script_tag(name:\"creation_date\", value:\"2015-09-19 10:34:51 +0200 (Sat, 19 Sep 2015)\");\n script_category(ACT_GATHER_INFO);\n script_family(\"F5 Local Security Checks\");\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_dependencies(\"gb_f5_big_ip_version.nasl\");\n script_mandatory_keys(\"f5/big_ip/version\", \"f5/big_ip/active_modules\");\n exit(0);\n}\n\ninclude(\"version_func.inc\");\ninclude(\"host_details.inc\");\ninclude(\"list_array_func.inc\");\ninclude(\"f5.inc\");\n\nif( ! version = get_app_version( cpe:CPE ) )\n exit( 0 );\n\ncheck_f5['LTM'] = make_array( 'affected', '11.0.0-11.2.1;10.1.0-10.2.4;',\n 'unaffected', '11.3.0-11.6.0;' );\n\ncheck_f5['AAM'] = make_array( 'affected', '11.0.0-11.2.1;10.1.0-10.2.4;',\n 'unaffected', '11.3.0-11.6.0;' );\n\ncheck_f5['AFM'] = make_array( 'affected', '11.0.0-11.2.1;10.1.0-10.2.4;',\n 'unaffected', '11.3.0-11.6.0;' );\n\ncheck_f5['AVR'] = make_array( 'affected', '11.0.0-11.2.1;10.1.0-10.2.4;',\n 'unaffected', '11.3.0-11.6.0;' );\n\ncheck_f5['APM'] = make_array( 'affected', '11.0.0-11.2.1;10.1.0-10.2.4;',\n 'unaffected', '11.3.0-11.6.0;' );\n\ncheck_f5['ASM'] = make_array( 'affected', '11.0.0-11.2.1;10.1.0-10.2.4;',\n 'unaffected', '11.3.0-11.6.0;' );\n\ncheck_f5['GTM'] = make_array( 'affected', '11.0.0-11.2.1;10.1.0-10.2.4;',\n 'unaffected', '11.3.0-11.6.0;' );\n\ncheck_f5['LC'] = make_array( 'affected', '11.0.0-11.2.1;10.1.0-10.2.4;',\n 'unaffected', '11.3.0-11.6.0;' );\n\ncheck_f5['PEM'] = make_array( 'affected', '11.0.0-11.2.1;10.1.0-10.2.4;',\n 'unaffected', '11.3.0-11.6.0;' );\n\ncheck_f5['PSM'] = make_array( 'affected', '11.0.0-11.2.1;10.1.0-10.2.4;',\n 'unaffected', '11.3.0-11.6.0;' );\n\ncheck_f5['WAM'] = make_array( 'affected', '11.0.0-11.2.1;10.1.0-10.2.4;',\n 'unaffected', '11.3.0;' );\n\ncheck_f5['WOM'] = make_array( 'affected', '11.0.0-11.2.1;10.1.0-10.2.4;',\n 'unaffected', '11.3.0;' );\n\nif( report = f5_is_vulnerable( ca:check_f5, version:version ) ) {\n security_message( port:0, data:report );\n exit( 0 );\n}\n\nexit( 99 );\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2017-12-04T11:20:10", "bulletinFamily": "scanner", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1527-1", "modified": "2017-12-01T00:00:00", "published": "2012-08-14T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=841101", "id": "OPENVAS:841101", "title": "Ubuntu Update for expat USN-1527-1", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1527_1.nasl 7960 2017-12-01 06:58:16Z santu $\n#\n# Ubuntu Update for expat USN-1527-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"It was discovered that Expat computed hash values without restricting the\n ability to trigger hash collisions predictably. If a user or application linked\n against Expat were tricked into opening a crafted XML file, an attacker could\n cause a denial of service by consuming excessive CPU resources. (CVE-2012-0876)\n\n Tim Boddy discovered that Expat did not properly handle memory reallocation\n when processing XML files. If a user or application linked against Expat were\n tricked into opening a crafted XML file, an attacker could cause a denial of\n service by consuming excessive memory resources. This issue only affected\n Ubuntu 8.04 LTS, 10.04 LTS, 11.04 and 11.10. (CVE-2012-1148)\";\n\ntag_summary = \"Ubuntu Update for Linux kernel vulnerabilities USN-1527-1\";\ntag_affected = \"expat on Ubuntu 12.04 LTS ,\n Ubuntu 11.10 ,\n Ubuntu 11.04 ,\n Ubuntu 10.04 LTS ,\n Ubuntu 8.04 LTS\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-1527-1/\");\n script_id(841101);\n script_version(\"$Revision: 7960 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-01 07:58:16 +0100 (Fri, 01 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-08-14 10:40:01 +0530 (Tue, 14 Aug 2012)\");\n script_cve_id(\"CVE-2012-0876\", \"CVE-2012-1148\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_xref(name: \"USN\", value: \"1527-1\");\n script_name(\"Ubuntu Update for expat USN-1527-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU10.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"lib64expat1\", ver:\"2.0.1-7ubuntu1.1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libexpat1\", ver:\"2.0.1-7ubuntu1.1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libexpat1-udeb\", ver:\"2.0.1-7ubuntu1.1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU12.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"lib64expat1\", ver:\"2.0.1-7.2ubuntu1.1\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libexpat1\", ver:\"2.0.1-7.2ubuntu1.1\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libexpat1-udeb\", ver:\"2.0.1-7.2ubuntu1.1\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU11.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"lib64expat1\", ver:\"2.0.1-7ubuntu3.11.10.1\", rls:\"UBUNTU11.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libexpat1\", ver:\"2.0.1-7ubuntu3.11.10.1\", rls:\"UBUNTU11.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libexpat1-udeb\", ver:\"2.0.1-7ubuntu3.11.10.1\", rls:\"UBUNTU11.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU11.04\")\n{\n\n if ((res = isdpkgvuln(pkg:\"lib64expat1\", ver:\"2.0.1-7ubuntu3.11.04.1\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libexpat1\", ver:\"2.0.1-7ubuntu3.11.04.1\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libexpat1-udeb\", ver:\"2.0.1-7ubuntu3.11.04.1\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU8.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"lib64expat1\", ver:\"2.0.1-0ubuntu1.2\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libexpat1\", ver:\"2.0.1-0ubuntu1.2\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libexpat1-udeb\", ver:\"2.0.1-0ubuntu1.2\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-01-08T12:56:38", "bulletinFamily": "scanner", "description": "Check for the Version of expat", "modified": "2018-01-08T00:00:00", "published": "2012-08-03T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=831681", "id": "OPENVAS:831681", "title": "Mandriva Update for expat MDVSA-2012:041 (expat)", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for expat MDVSA-2012:041 (expat)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"A memory leak and a hash table collision flaw in expat could cause\n denial os service (DoS) attacks (CVE-2012-0876, CVE-2012-1148).\n\n The updated packages have been patched to correct this issue.\";\n\ntag_affected = \"expat on Mandriva Linux 2011.0,\n Mandriva Enterprise Server 5.2,\n Mandriva Linux 2010.1\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://www.mandriva.com/en/support/security/advisories/?name=MDVSA-2012:041\");\n script_id(831681);\n script_version(\"$Revision: 8313 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-08 08:02:11 +0100 (Mon, 08 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-08-03 10:01:45 +0530 (Fri, 03 Aug 2012)\");\n script_cve_id(\"CVE-2012-0876\", \"CVE-2012-1148\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_xref(name: \"MDVSA\", value: \"2012:041\");\n script_name(\"Mandriva Update for expat MDVSA-2012:041 (expat)\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of expat\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"MNDK_2011.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"expat\", rpm:\"expat~2.0.1~15.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libexpat1\", rpm:\"libexpat1~2.0.1~15.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libexpat-devel\", rpm:\"libexpat-devel~2.0.1~15.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libexpat-static-devel\", rpm:\"libexpat-static-devel~2.0.1~15.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64expat1\", rpm:\"lib64expat1~2.0.1~15.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64expat-devel\", rpm:\"lib64expat-devel~2.0.1~15.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64expat-static-devel\", rpm:\"lib64expat-static-devel~2.0.1~15.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_mes5.2\")\n{\n\n if ((res = isrpmvuln(pkg:\"expat\", rpm:\"expat~2.0.1~7.4mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libexpat1\", rpm:\"libexpat1~2.0.1~7.4mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libexpat1-devel\", rpm:\"libexpat1-devel~2.0.1~7.4mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64expat1\", rpm:\"lib64expat1~2.0.1~7.4mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64expat1-devel\", rpm:\"lib64expat1-devel~2.0.1~7.4mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_2010.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"expat\", rpm:\"expat~2.0.1~12.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libexpat1\", rpm:\"libexpat1~2.0.1~12.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libexpat1-devel\", rpm:\"libexpat1-devel~2.0.1~12.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64expat1\", rpm:\"lib64expat1~2.0.1~12.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64expat1-devel\", rpm:\"lib64expat1-devel~2.0.1~12.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2020-03-17T23:03:45", "bulletinFamily": "scanner", "description": "The remote host is missing an update announced via the referenced Security Advisory.", "modified": "2020-03-13T00:00:00", "published": "2015-09-08T00:00:00", "id": "OPENVAS:1361412562310120134", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310120134", "title": "Amazon Linux: Security Advisory (ALAS-2012-89)", "type": "openvas", "sourceData": "# Copyright (C) 2015 Eero Volotinen\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.120134\");\n script_version(\"2020-03-13T13:19:50+0000\");\n script_tag(name:\"creation_date\", value:\"2015-09-08 13:18:19 +0200 (Tue, 08 Sep 2015)\");\n script_tag(name:\"last_modification\", value:\"2020-03-13 13:19:50 +0000 (Fri, 13 Mar 2020)\");\n script_name(\"Amazon Linux: Security Advisory (ALAS-2012-89)\");\n script_tag(name:\"insight\", value:\"A denial of service flaw was found in the implementation of hash arrays in Expat. An attacker could use this flaw to make an application using Expat consume an excessive amount of CPU time by providing a specially-crafted XML file that triggers multiple hash function collisions. To mitigate this issue, randomization has been added to the hash function to reduce the chance of an attacker successfully causing intentional collisions. (CVE-2012-0876 )A memory leak flaw was found in Expat. If an XML file processed by an application linked against Expat triggered a memory re-allocation failure, Expat failed to free the previously allocated memory. This could cause the application to exit unexpectedly or crash when all available memory is exhausted. (CVE-2012-1148 )\");\n script_tag(name:\"solution\", value:\"Run yum update expat to update your system.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://alas.aws.amazon.com/ALAS-2012-89.html\");\n script_cve_id(\"CVE-2012-1148\", \"CVE-2012-0876\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/amazon_linux\", \"ssh/login/release\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"summary\", value:\"The remote host is missing an update announced via the referenced Security Advisory.\");\n script_copyright(\"Copyright (C) 2015 Eero Volotinen\");\n script_family(\"Amazon Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"AMAZON\") {\n if(!isnull(res = isrpmvuln(pkg:\"expat-devel\", rpm:\"expat-devel~2.0.1~11.9.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"expat-debuginfo\", rpm:\"expat-debuginfo~2.0.1~11.9.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"expat\", rpm:\"expat~2.0.1~11.9.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:38:53", "bulletinFamily": "scanner", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1527-2", "modified": "2019-03-13T00:00:00", "published": "2012-09-11T00:00:00", "id": "OPENVAS:1361412562310841137", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310841137", "title": "Ubuntu Update for xmlrpc-c USN-1527-2", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1527_2.nasl 14132 2019-03-13 09:25:59Z cfischer $\n#\n# Ubuntu Update for xmlrpc-c USN-1527-2\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-1527-2/\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.841137\");\n script_version(\"$Revision: 14132 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 10:25:59 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-09-11 09:38:28 +0530 (Tue, 11 Sep 2012)\");\n script_cve_id(\"CVE-2012-0876\", \"CVE-2012-1148\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_xref(name:\"USN\", value:\"1527-2\");\n script_name(\"Ubuntu Update for xmlrpc-c USN-1527-2\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(10\\.04 LTS|12\\.04 LTS|11\\.10|11\\.04)\");\n script_tag(name:\"summary\", value:\"Ubuntu Update for Linux kernel vulnerabilities USN-1527-2\");\n script_tag(name:\"affected\", value:\"xmlrpc-c on Ubuntu 12.04 LTS,\n Ubuntu 11.10,\n Ubuntu 11.04,\n Ubuntu 10.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"insight\", value:\"USN-1527-1 fixed vulnerabilities in Expat. This update provides the\n corresponding updates for XML-RPC for C and C++. Both issues described in the\n original advisory affected XML-RPC for C and C++ in Ubuntu 10.04 LTS, 11.04,\n 11.10 and 12.04 LTS.\n\n Original advisory details:\n\n It was discovered that Expat computed hash values without restricting the\n ability to trigger hash collisions predictably. If a user or application\n linked against Expat were tricked into opening a crafted XML file, an attacker\n could cause a denial of service by consuming excessive CPU resources.\n (CVE-2012-0876)\n\n Tim Boddy discovered that Expat did not properly handle memory reallocation\n when processing XML files. If a user or application linked against Expat were\n tricked into opening a crafted XML file, an attacker could cause a denial of\n service by consuming excessive memory resources. This issue only affected\n Ubuntu 8.04 LTS, 10.04 LTS, 11.04 and 11.10. (CVE-2012-1148)\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU10.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libxmlrpc-core-c3\", ver:\"1.06.27-1ubuntu7.1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU12.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libxmlrpc-core-c3\", ver:\"1.16.33-3.1ubuntu5.1\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU11.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libxmlrpc-core-c3-0\", ver:\"1.16.32-0ubuntu4.1\", rls:\"UBUNTU11.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU11.04\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libxmlrpc-core-c3-0\", ver:\"1.16.32-0ubuntu3.1\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:39:00", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2018-11-23T00:00:00", "published": "2012-06-15T00:00:00", "id": "OPENVAS:1361412562310870754", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310870754", "title": "RedHat Update for expat RHSA-2012:0731-01", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for expat RHSA-2012:0731-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2012-June/msg00011.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.870754\");\n script_version(\"$Revision: 12497 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-23 09:28:21 +0100 (Fri, 23 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-06-15 09:45:45 +0530 (Fri, 15 Jun 2012)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_cve_id(\"CVE-2012-0876\", \"CVE-2012-1148\");\n script_xref(name:\"RHSA\", value:\"2012:0731-01\");\n script_name(\"RedHat Update for expat RHSA-2012:0731-01\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'expat'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_(6|5)\");\n script_tag(name:\"affected\", value:\"expat on Red Hat Enterprise Linux (v. 5 server),\n Red Hat Enterprise Linux Desktop (v. 6),\n Red Hat Enterprise Linux Server (v. 6),\n Red Hat Enterprise Linux Workstation (v. 6)\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"insight\", value:\"Expat is a C library written by James Clark for parsing XML documents.\n\n A denial of service flaw was found in the implementation of hash arrays in\n Expat. An attacker could use this flaw to make an application using Expat\n consume an excessive amount of CPU time by providing a specially-crafted\n XML file that triggers multiple hash function collisions. To mitigate\n this issue, randomization has been added to the hash function to reduce the\n chance of an attacker successfully causing intentional collisions.\n (CVE-2012-0876)\n\n A memory leak flaw was found in Expat. If an XML file processed by an\n application linked against Expat triggered a memory re-allocation failure,\n Expat failed to free the previously allocated memory. This could cause the\n application to exit unexpectedly or crash when all available memory is\n exhausted. (CVE-2012-1148)\n\n All Expat users should upgrade to these updated packages, which contain\n backported patches to correct these issues. After installing the updated\n packages, applications using the Expat library must be restarted for the\n update to take effect.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_6\")\n{\n\n if ((res = isrpmvuln(pkg:\"expat\", rpm:\"expat~2.0.1~11.el6_2\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"expat-debuginfo\", rpm:\"expat-debuginfo~2.0.1~11.el6_2\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"expat-devel\", rpm:\"expat-devel~2.0.1~11.el6_2\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"RHENT_5\")\n{\n\n if ((res = isrpmvuln(pkg:\"expat\", rpm:\"expat~1.95.8~11.el5_8\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"expat-debuginfo\", rpm:\"expat-debuginfo~1.95.8~11.el5_8\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"expat-devel\", rpm:\"expat-devel~1.95.8~11.el5_8\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2018-01-11T11:07:18", "bulletinFamily": "scanner", "description": "Check for the Version of expat", "modified": "2018-01-09T00:00:00", "published": "2012-07-30T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=881192", "id": "OPENVAS:881192", "title": "CentOS Update for expat CESA-2012:0731 centos5 ", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for expat CESA-2012:0731 centos5 \n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Expat is a C library written by James Clark for parsing XML documents.\n\n A denial of service flaw was found in the implementation of hash arrays in\n Expat. An attacker could use this flaw to make an application using Expat\n consume an excessive amount of CPU time by providing a specially-crafted\n XML file that triggers multiple hash function collisions. To mitigate\n this issue, randomization has been added to the hash function to reduce the\n chance of an attacker successfully causing intentional collisions.\n (CVE-2012-0876)\n \n A memory leak flaw was found in Expat. If an XML file processed by an\n application linked against Expat triggered a memory re-allocation failure,\n Expat failed to free the previously allocated memory. This could cause the\n application to exit unexpectedly or crash when all available memory is\n exhausted. (CVE-2012-1148)\n \n All Expat users should upgrade to these updated packages, which contain\n backported patches to correct these issues. After installing the updated\n packages, applications using the Expat library must be restarted for the\n update to take effect.\";\n\ntag_affected = \"expat on CentOS 5\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2012-June/018682.html\");\n script_id(881192);\n script_version(\"$Revision: 8336 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-09 08:01:48 +0100 (Tue, 09 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-07-30 16:39:59 +0530 (Mon, 30 Jul 2012)\");\n script_cve_id(\"CVE-2012-0876\", \"CVE-2012-1148\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_xref(name: \"CESA\", value: \"2012:0731\");\n script_name(\"CentOS Update for expat CESA-2012:0731 centos5 \");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of expat\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"expat\", rpm:\"expat~1.95.8~11.el5_8\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"expat-devel\", rpm:\"expat-devel~1.95.8~11.el5_8\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-12-04T11:19:57", "bulletinFamily": "scanner", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1527-2", "modified": "2017-12-01T00:00:00", "published": "2012-09-11T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=841137", "id": "OPENVAS:841137", "title": "Ubuntu Update for xmlrpc-c USN-1527-2", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1527_2.nasl 7960 2017-12-01 06:58:16Z santu $\n#\n# Ubuntu Update for xmlrpc-c USN-1527-2\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"USN-1527-1 fixed vulnerabilities in Expat. This update provides the\n corresponding updates for XML-RPC for C and C++. Both issues described in the\n original advisory affected XML-RPC for C and C++ in Ubuntu 10.04 LTS, 11.04,\n 11.10 and 12.04 LTS.\n\n Original advisory details:\n \n It was discovered that Expat computed hash values without restricting the\n ability to trigger hash collisions predictably. If a user or application\n linked against Expat were tricked into opening a crafted XML file, an attacker\n could cause a denial of service by consuming excessive CPU resources.\n (CVE-2012-0876)\n \n Tim Boddy discovered that Expat did not properly handle memory reallocation\n when processing XML files. If a user or application linked against Expat were\n tricked into opening a crafted XML file, an attacker could cause a denial of\n service by consuming excessive memory resources. This issue only affected\n Ubuntu 8.04 LTS, 10.04 LTS, 11.04 and 11.10. (CVE-2012-1148)\";\n\ntag_summary = \"Ubuntu Update for Linux kernel vulnerabilities USN-1527-2\";\ntag_affected = \"xmlrpc-c on Ubuntu 12.04 LTS ,\n Ubuntu 11.10 ,\n Ubuntu 11.04 ,\n Ubuntu 10.04 LTS\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-1527-2/\");\n script_id(841137);\n script_version(\"$Revision: 7960 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-01 07:58:16 +0100 (Fri, 01 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-09-11 09:38:28 +0530 (Tue, 11 Sep 2012)\");\n script_cve_id(\"CVE-2012-0876\", \"CVE-2012-1148\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_xref(name: \"USN\", value: \"1527-2\");\n script_name(\"Ubuntu Update for xmlrpc-c USN-1527-2\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU10.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libxmlrpc-core-c3\", ver:\"1.06.27-1ubuntu7.1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU12.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libxmlrpc-core-c3\", ver:\"1.16.33-3.1ubuntu5.1\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU11.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libxmlrpc-core-c3-0\", ver:\"1.16.32-0ubuntu4.1\", rls:\"UBUNTU11.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU11.04\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libxmlrpc-core-c3-0\", ver:\"1.16.32-0ubuntu3.1\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:38:38", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2012-07-30T00:00:00", "id": "OPENVAS:1361412562310881192", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310881192", "title": "CentOS Update for expat CESA-2012:0731 centos5", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for expat CESA-2012:0731 centos5\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2012-June/018682.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.881192\");\n script_version(\"$Revision: 14222 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 13:50:48 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-07-30 16:39:59 +0530 (Mon, 30 Jul 2012)\");\n script_cve_id(\"CVE-2012-0876\", \"CVE-2012-1148\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_xref(name:\"CESA\", value:\"2012:0731\");\n script_name(\"CentOS Update for expat CESA-2012:0731 centos5\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'expat'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS5\");\n script_tag(name:\"affected\", value:\"expat on CentOS 5\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_tag(name:\"insight\", value:\"Expat is a C library written by James Clark for parsing XML documents.\n\n A denial of service flaw was found in the implementation of hash arrays in\n Expat. An attacker could use this flaw to make an application using Expat\n consume an excessive amount of CPU time by providing a specially-crafted\n XML file that triggers multiple hash function collisions. To mitigate\n this issue, randomization has been added to the hash function to reduce the\n chance of an attacker successfully causing intentional collisions.\n (CVE-2012-0876)\n\n A memory leak flaw was found in Expat. If an XML file processed by an\n application linked against Expat triggered a memory re-allocation failure,\n Expat failed to free the previously allocated memory. This could cause the\n application to exit unexpectedly or crash when all available memory is\n exhausted. (CVE-2012-1148)\n\n All Expat users should upgrade to these updated packages, which contain\n backported patches to correct these issues. After installing the updated\n packages, applications using the Expat library must be restarted for the\n update to take effect.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"expat\", rpm:\"expat~1.95.8~11.el5_8\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"expat-devel\", rpm:\"expat-devel~1.95.8~11.el5_8\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:36:39", "bulletinFamily": "scanner", "description": "Oracle Linux Local Security Checks ELSA-2012-0731", "modified": "2018-09-28T00:00:00", "published": "2015-10-06T00:00:00", "id": "OPENVAS:1361412562310123904", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310123904", "title": "Oracle Linux Local Check: ELSA-2012-0731", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2012-0731.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.123904\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-06 14:10:05 +0300 (Tue, 06 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2012-0731\");\n script_tag(name:\"insight\", value:\"ELSA-2012-0731 - expat security update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2012-0731\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2012-0731.html\");\n script_cve_id(\"CVE-2012-0876\", \"CVE-2012-1148\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux(5|6)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux5\")\n{\n if ((res = isrpmvuln(pkg:\"expat\", rpm:\"expat~1.95.8~11.el5_8\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"expat-devel\", rpm:\"expat-devel~1.95.8~11.el5_8\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif(release == \"OracleLinux6\")\n{\n if ((res = isrpmvuln(pkg:\"expat\", rpm:\"expat~2.0.1~11.el6_2\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"expat-devel\", rpm:\"expat-devel~2.0.1~11.el6_2\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "cve": [{"lastseen": "2019-05-29T18:12:20", "bulletinFamily": "NVD", "description": "The XML parser (xmlparse.c) in expat before 2.1.0 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via an XML file with many identifiers with the same value.", "modified": "2018-01-05T02:29:00", "id": "CVE-2012-0876", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-0876", "published": "2012-07-03T19:55:00", "title": "CVE-2012-0876", "type": "cve", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:12:21", "bulletinFamily": "NVD", "description": "Memory leak in the poolGrow function in expat/lib/xmlparse.c in expat before 2.1.0 allows context-dependent attackers to cause a denial of service (memory consumption) via a large number of crafted XML files that cause improperly-handled reallocation failures when expanding entities.", "modified": "2018-01-05T02:29:00", "id": "CVE-2012-1148", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-1148", "published": "2012-07-03T19:55:00", "title": "CVE-2012-1148", "type": "cve", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "nessus": [{"lastseen": "2020-07-01T04:52:03", "bulletinFamily": "scanner", "description": "USN-1527-1 fixed vulnerabilities in Expat. This update provides the\ncorresponding updates for XML-RPC for C and C++. Both issues described\nin the original advisory affected XML-RPC for C and C++ in Ubuntu\n10.04 LTS, 11.04, 11.10 and 12.04 LTS.\n\nIt was discovered that Expat computed hash values without restricting\nthe ability to trigger hash collisions predictably. If a user or\napplication linked against Expat were tricked into opening a crafted\nXML file, an attacker could cause a denial of service by consuming\nexcessive CPU resources. (CVE-2012-0876)\n\nTim Boddy discovered that Expat did not properly handle\nmemory reallocation when processing XML files. If a user or\napplication linked against Expat were tricked into opening a\ncrafted XML file, an attacker could cause a denial of\nservice by consuming excessive memory resources. This issue\nonly affected Ubuntu 8.04 LTS, 10.04 LTS, 11.04 and 11.10.\n(CVE-2012-1148).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "modified": "2020-07-02T00:00:00", "id": "UBUNTU_USN-1527-2.NASL", "href": "https://www.tenable.com/plugins/nessus/62036", "published": "2012-09-11T00:00:00", "title": "Ubuntu 10.04 LTS / 11.04 / 11.10 / 12.04 LTS : xmlrpc-c vulnerabilities (USN-1527-2)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-1527-2. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(62036);\n script_version(\"1.11\");\n script_cvs_date(\"Date: 2019/09/19 12:54:28\");\n\n script_cve_id(\"CVE-2012-0876\", \"CVE-2012-1148\");\n script_bugtraq_id(52379);\n script_xref(name:\"USN\", value:\"1527-2\");\n\n script_name(english:\"Ubuntu 10.04 LTS / 11.04 / 11.10 / 12.04 LTS : xmlrpc-c vulnerabilities (USN-1527-2)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"USN-1527-1 fixed vulnerabilities in Expat. This update provides the\ncorresponding updates for XML-RPC for C and C++. Both issues described\nin the original advisory affected XML-RPC for C and C++ in Ubuntu\n10.04 LTS, 11.04, 11.10 and 12.04 LTS.\n\nIt was discovered that Expat computed hash values without restricting\nthe ability to trigger hash collisions predictably. If a user or\napplication linked against Expat were tricked into opening a crafted\nXML file, an attacker could cause a denial of service by consuming\nexcessive CPU resources. (CVE-2012-0876)\n\nTim Boddy discovered that Expat did not properly handle\nmemory reallocation when processing XML files. If a user or\napplication linked against Expat were tricked into opening a\ncrafted XML file, an attacker could cause a denial of\nservice by consuming excessive memory resources. This issue\nonly affected Ubuntu 8.04 LTS, 10.04 LTS, 11.04 and 11.10.\n(CVE-2012-1148).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/1527-2/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected libxmlrpc-core-c3 and / or libxmlrpc-core-c3-0\npackages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libxmlrpc-core-c3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libxmlrpc-core-c3-0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:10.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:11.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:11.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:12.04:-:lts\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/07/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/09/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/09/11\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2012-2019 Canonical, Inc. / NASL script (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(10\\.04|11\\.04|11\\.10|12\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 10.04 / 11.04 / 11.10 / 12.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"10.04\", pkgname:\"libxmlrpc-core-c3\", pkgver:\"1.06.27-1ubuntu7.1\")) flag++;\nif (ubuntu_check(osver:\"11.04\", pkgname:\"libxmlrpc-core-c3-0\", pkgver:\"1.16.32-0ubuntu3.1\")) flag++;\nif (ubuntu_check(osver:\"11.10\", pkgname:\"libxmlrpc-core-c3-0\", pkgver:\"1.16.32-0ubuntu4.1\")) flag++;\nif (ubuntu_check(osver:\"12.04\", pkgname:\"libxmlrpc-core-c3\", pkgver:\"1.16.33-3.1ubuntu5.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libxmlrpc-core-c3 / libxmlrpc-core-c3-0\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-03-17T23:00:30", "bulletinFamily": "scanner", "description": "It was discovered that Expat, a C library to parse XML, is vulnerable\nto denial of service through hash collisions and a memory leak in pool\nhandling.", "modified": "2012-08-07T00:00:00", "id": "DEBIAN_DSA-2525.NASL", "href": "https://www.tenable.com/plugins/nessus/61441", "published": "2012-08-07T00:00:00", "title": "Debian DSA-2525-1 : expat - several vulnerabilities", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-2525. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(61441);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/03/12\");\n\n script_cve_id(\"CVE-2012-0876\", \"CVE-2012-1148\");\n script_bugtraq_id(52379);\n script_xref(name:\"DSA\", value:\"2525\");\n\n script_name(english:\"Debian DSA-2525-1 : expat - several vulnerabilities\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that Expat, a C library to parse XML, is vulnerable\nto denial of service through hash collisions and a memory leak in pool\nhandling.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/squeeze/expat\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2012/dsa-2525\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the expat packages.\n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 2.0.1-7+squeeze1.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:expat\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:6.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/08/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/08/07\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"6.0\", prefix:\"expat\", reference:\"2.0.1-7+squeeze1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"lib64expat1\", reference:\"2.0.1-7+squeeze1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"lib64expat1-dev\", reference:\"2.0.1-7+squeeze1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libexpat1\", reference:\"2.0.1-7+squeeze1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libexpat1-dev\", reference:\"2.0.1-7+squeeze1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libexpat1-udeb\", reference:\"2.0.1-7+squeeze1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-07-01T00:58:53", "bulletinFamily": "scanner", "description": "A denial of service flaw was found in the implementation of hash\narrays in Expat. An attacker could use this flaw to make an\napplication using Expat consume an excessive amount of CPU time by\nproviding a specially crafted XML file that triggers multiple hash\nfunction collisions. To mitigate this issue, randomization has been\nadded to the hash function to reduce the chance of an attacker\nsuccessfully causing intentional collisions. (CVE-2012-0876)\n\nA memory leak flaw was found in Expat. If an XML file processed by an\napplication linked against Expat triggered a memory re-allocation\nfailure, Expat failed to free the previously allocated memory. This\ncould cause the application to exit unexpectedly or crash when all\navailable memory is exhausted. (CVE-2012-1148)", "modified": "2020-07-02T00:00:00", "id": "ALA_ALAS-2012-89.NASL", "href": "https://www.tenable.com/plugins/nessus/69696", "published": "2013-09-04T00:00:00", "title": "Amazon Linux AMI : expat (ALAS-2012-89)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2012-89.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(69696);\n script_version(\"1.6\");\n script_cvs_date(\"Date: 2018/04/18 15:09:34\");\n\n script_cve_id(\"CVE-2012-0876\", \"CVE-2012-1148\");\n script_xref(name:\"ALAS\", value:\"2012-89\");\n script_xref(name:\"RHSA\", value:\"2012:0731\");\n\n script_name(english:\"Amazon Linux AMI : expat (ALAS-2012-89)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux AMI host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A denial of service flaw was found in the implementation of hash\narrays in Expat. An attacker could use this flaw to make an\napplication using Expat consume an excessive amount of CPU time by\nproviding a specially crafted XML file that triggers multiple hash\nfunction collisions. To mitigate this issue, randomization has been\nadded to the hash function to reduce the chance of an attacker\nsuccessfully causing intentional collisions. (CVE-2012-0876)\n\nA memory leak flaw was found in Expat. If an XML file processed by an\napplication linked against Expat triggered a memory re-allocation\nfailure, Expat failed to free the previously allocated memory. This\ncould cause the application to exit unexpectedly or crash when all\navailable memory is exhausted. (CVE-2012-1148)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/ALAS-2012-89.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Run 'yum update expat' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:expat\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:expat-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:expat-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/06/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/09/04\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", reference:\"expat-2.0.1-11.9.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"expat-debuginfo-2.0.1-11.9.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"expat-devel-2.0.1-11.9.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"expat / expat-debuginfo / expat-devel\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-07-01T04:52:03", "bulletinFamily": "scanner", "description": "It was discovered that Expat computed hash values without restricting\nthe ability to trigger hash collisions predictably. If a user or\napplication linked against Expat were tricked into opening a crafted\nXML file, an attacker could cause a denial of service by consuming\nexcessive CPU resources. (CVE-2012-0876)\n\nTim Boddy discovered that Expat did not properly handle memory\nreallocation when processing XML files. If a user or application\nlinked against Expat were tricked into opening a crafted XML file, an\nattacker could cause a denial of service by consuming excessive memory\nresources. This issue only affected Ubuntu 8.04 LTS, 10.04 LTS, 11.04\nand 11.10. (CVE-2012-1148).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "modified": "2020-07-02T00:00:00", "id": "UBUNTU_USN-1527-1.NASL", "href": "https://www.tenable.com/plugins/nessus/61485", "published": "2012-08-10T00:00:00", "title": "Ubuntu 8.04 LTS / 10.04 LTS / 11.04 / 11.10 / 12.04 LTS : expat vulnerabilities (USN-1527-1)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-1527-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(61485);\n script_version(\"1.11\");\n script_cvs_date(\"Date: 2019/09/19 12:54:28\");\n\n script_cve_id(\"CVE-2012-0876\", \"CVE-2012-1148\");\n script_bugtraq_id(52379);\n script_xref(name:\"USN\", value:\"1527-1\");\n\n script_name(english:\"Ubuntu 8.04 LTS / 10.04 LTS / 11.04 / 11.10 / 12.04 LTS : expat vulnerabilities (USN-1527-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that Expat computed hash values without restricting\nthe ability to trigger hash collisions predictably. If a user or\napplication linked against Expat were tricked into opening a crafted\nXML file, an attacker could cause a denial of service by consuming\nexcessive CPU resources. (CVE-2012-0876)\n\nTim Boddy discovered that Expat did not properly handle memory\nreallocation when processing XML files. If a user or application\nlinked against Expat were tricked into opening a crafted XML file, an\nattacker could cause a denial of service by consuming excessive memory\nresources. This issue only affected Ubuntu 8.04 LTS, 10.04 LTS, 11.04\nand 11.10. (CVE-2012-1148).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/1527-1/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected lib64expat1, libexpat1 and / or libexpat1-udeb\npackages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:lib64expat1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libexpat1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libexpat1-udeb\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:10.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:11.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:11.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:12.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:8.04:-:lts\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/07/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/08/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/08/10\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2012-2019 Canonical, Inc. / NASL script (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(8\\.04|10\\.04|11\\.04|11\\.10|12\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 8.04 / 10.04 / 11.04 / 11.10 / 12.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"8.04\", pkgname:\"lib64expat1\", pkgver:\"2.0.1-0ubuntu1.2\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"libexpat1\", pkgver:\"2.0.1-0ubuntu1.2\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"libexpat1-udeb\", pkgver:\"2.0.1-0ubuntu1.2\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"lib64expat1\", pkgver:\"2.0.1-7ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"libexpat1\", pkgver:\"2.0.1-7ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"libexpat1-udeb\", pkgver:\"2.0.1-7ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"11.04\", pkgname:\"lib64expat1\", pkgver:\"2.0.1-7ubuntu3.11.04.1\")) flag++;\nif (ubuntu_check(osver:\"11.04\", pkgname:\"libexpat1\", pkgver:\"2.0.1-7ubuntu3.11.04.1\")) flag++;\nif (ubuntu_check(osver:\"11.04\", pkgname:\"libexpat1-udeb\", pkgver:\"2.0.1-7ubuntu3.11.04.1\")) flag++;\nif (ubuntu_check(osver:\"11.10\", pkgname:\"lib64expat1\", pkgver:\"2.0.1-7ubuntu3.11.10.1\")) flag++;\nif (ubuntu_check(osver:\"11.10\", pkgname:\"libexpat1\", pkgver:\"2.0.1-7ubuntu3.11.10.1\")) flag++;\nif (ubuntu_check(osver:\"11.10\", pkgname:\"libexpat1-udeb\", pkgver:\"2.0.1-7ubuntu3.11.10.1\")) flag++;\nif (ubuntu_check(osver:\"12.04\", pkgname:\"lib64expat1\", pkgver:\"2.0.1-7.2ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"12.04\", pkgname:\"libexpat1\", pkgver:\"2.0.1-7.2ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"12.04\", pkgname:\"libexpat1-udeb\", pkgver:\"2.0.1-7.2ubuntu1.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"lib64expat1 / libexpat1 / libexpat1-udeb\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-07-01T01:24:14", "bulletinFamily": "scanner", "description": "CVE-2012-0876\n\nThe XML parser (xmlparse.c) in expat before 2.1.0 computes hash values\nwithout restricting the ability to trigger hash collisions\npredictably, which allows context-dependent attackers to cause a\ndenial of service (CPU consumption) via an XML file with many\nidentifiers with the same value.\n\nCVE-2012-1148 Memory leak in the poolGrow function in\nexpat/lib/xmlparse.c in expat before 2.1.0 allows context-dependent\nattackers to cause a denial of service (memory consumption) via a\nlarge number of crafted XML files that cause improperly-handled\nreallocation failures when expanding entities.\n\nImpact\n\nThese vulnerabilities allow context-dependent attackers to cause a\ndenial-of-service (DoS) (CPU and/or memory consumption) by way of XML\nfiles.", "modified": "2020-07-02T00:00:00", "id": "F5_BIGIP_SOL16949.NASL", "href": "https://www.tenable.com/plugins/nessus/86013", "published": "2015-09-18T00:00:00", "title": "F5 Networks BIG-IP : Expat vulnerabilities (K16949)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from F5 Networks BIG-IP Solution K16949.\n#\n# The text description of this plugin is (C) F5 Networks.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(86013);\n script_version(\"2.7\");\n script_cvs_date(\"Date: 2019/01/04 10:03:40\");\n\n script_cve_id(\"CVE-2012-0876\", \"CVE-2012-1148\");\n script_bugtraq_id(52379);\n\n script_name(english:\"F5 Networks BIG-IP : Expat vulnerabilities (K16949)\");\n script_summary(english:\"Checks the BIG-IP version.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote device is missing a vendor-supplied security patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"CVE-2012-0876\n\nThe XML parser (xmlparse.c) in expat before 2.1.0 computes hash values\nwithout restricting the ability to trigger hash collisions\npredictably, which allows context-dependent attackers to cause a\ndenial of service (CPU consumption) via an XML file with many\nidentifiers with the same value.\n\nCVE-2012-1148 Memory leak in the poolGrow function in\nexpat/lib/xmlparse.c in expat before 2.1.0 allows context-dependent\nattackers to cause a denial of service (memory consumption) via a\nlarge number of crafted XML files that cause improperly-handled\nreallocation failures when expanding entities.\n\nImpact\n\nThese vulnerabilities allow context-dependent attackers to cause a\ndenial-of-service (DoS) (CPU and/or memory consumption) by way of XML\nfiles.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://support.f5.com/csp/article/K16949\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade to one of the non-vulnerable versions listed in the F5\nSolution K16949.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"potential_vulnerability\", value:\"true\");\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_access_policy_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_advanced_firewall_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_application_acceleration_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_application_security_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_application_visibility_and_reporting\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_global_traffic_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_link_controller\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_local_traffic_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_policy_enforcement_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_wan_optimization_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_webaccelerator\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/h:f5:big-ip\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/h:f5:big-ip_protocol_security_manager\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/07/10\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/09/18\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"F5 Networks Local Security Checks\");\n\n script_dependencies(\"f5_bigip_detect.nbin\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/BIG-IP/hotfix\", \"Host/BIG-IP/modules\", \"Host/BIG-IP/version\", \"Settings/ParanoidReport\");\n\n exit(0);\n}\n\n\ninclude(\"f5_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nversion = get_kb_item(\"Host/BIG-IP/version\");\nif ( ! version ) audit(AUDIT_OS_NOT, \"F5 Networks BIG-IP\");\nif ( isnull(get_kb_item(\"Host/BIG-IP/hotfix\")) ) audit(AUDIT_KB_MISSING, \"Host/BIG-IP/hotfix\");\nif ( ! get_kb_item(\"Host/BIG-IP/modules\") ) audit(AUDIT_KB_MISSING, \"Host/BIG-IP/modules\");\n\nsol = \"K16949\";\nvmatrix = make_array();\n\nif (report_paranoia < 2) audit(AUDIT_PARANOID);\n\n# AFM\nvmatrix[\"AFM\"] = make_array();\nvmatrix[\"AFM\"][\"affected\" ] = make_list(\"11.0.0-11.2.1\",\"10.1.0-10.2.4\");\nvmatrix[\"AFM\"][\"unaffected\"] = make_list(\"11.3.0-11.6.0\");\n\n# AM\nvmatrix[\"AM\"] = make_array();\nvmatrix[\"AM\"][\"affected\" ] = make_list(\"11.0.0-11.2.1\",\"10.1.0-10.2.4\");\nvmatrix[\"AM\"][\"unaffected\"] = make_list(\"11.3.0-11.6.0\");\n\n# APM\nvmatrix[\"APM\"] = make_array();\nvmatrix[\"APM\"][\"affected\" ] = make_list(\"11.0.0-11.2.1\",\"10.1.0-10.2.4\");\nvmatrix[\"APM\"][\"unaffected\"] = make_list(\"11.3.0-11.6.0\");\n\n# ASM\nvmatrix[\"ASM\"] = make_array();\nvmatrix[\"ASM\"][\"affected\" ] = make_list(\"11.0.0-11.2.1\",\"10.1.0-10.2.4\");\nvmatrix[\"ASM\"][\"unaffected\"] = make_list(\"11.3.0-11.6.0\");\n\n# AVR\nvmatrix[\"AVR\"] = make_array();\nvmatrix[\"AVR\"][\"affected\" ] = make_list(\"11.0.0-11.2.1\",\"10.1.0-10.2.4\");\nvmatrix[\"AVR\"][\"unaffected\"] = make_list(\"11.3.0-11.6.0\");\n\n# GTM\nvmatrix[\"GTM\"] = make_array();\nvmatrix[\"GTM\"][\"affected\" ] = make_list(\"11.0.0-11.2.1\",\"10.1.0-10.2.4\");\nvmatrix[\"GTM\"][\"unaffected\"] = make_list(\"11.3.0-11.6.0\");\n\n# LC\nvmatrix[\"LC\"] = make_array();\nvmatrix[\"LC\"][\"affected\" ] = make_list(\"11.0.0-11.2.1\",\"10.1.0-10.2.4\");\nvmatrix[\"LC\"][\"unaffected\"] = make_list(\"11.3.0-11.6.0\");\n\n# LTM\nvmatrix[\"LTM\"] = make_array();\nvmatrix[\"LTM\"][\"affected\" ] = make_list(\"11.0.0-11.2.1\",\"10.1.0-10.2.4\");\nvmatrix[\"LTM\"][\"unaffected\"] = make_list(\"11.3.0-11.6.0\");\n\n# PEM\nvmatrix[\"PEM\"] = make_array();\nvmatrix[\"PEM\"][\"affected\" ] = make_list(\"11.0.0-11.2.1\",\"10.1.0-10.2.4\");\nvmatrix[\"PEM\"][\"unaffected\"] = make_list(\"11.3.0-11.6.0\");\n\n# PSM\nvmatrix[\"PSM\"] = make_array();\nvmatrix[\"PSM\"][\"affected\" ] = make_list(\"11.0.0-11.2.1\",\"10.1.0-10.2.4\");\nvmatrix[\"PSM\"][\"unaffected\"] = make_list(\"11.3.0-11.6.0\");\n\n# WAM\nvmatrix[\"WAM\"] = make_array();\nvmatrix[\"WAM\"][\"affected\" ] = make_list(\"11.0.0-11.2.1\",\"10.1.0-10.2.4\");\nvmatrix[\"WAM\"][\"unaffected\"] = make_list(\"11.3.0\");\n\n# WOM\nvmatrix[\"WOM\"] = make_array();\nvmatrix[\"WOM\"][\"affected\" ] = make_list(\"11.0.0-11.2.1\",\"10.1.0-10.2.4\");\nvmatrix[\"WOM\"][\"unaffected\"] = make_list(\"11.3.0\");\n\n\nif (bigip_is_affected(vmatrix:vmatrix, sol:sol))\n{\n if (report_verbosity > 0) security_warning(port:0, extra:bigip_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = bigip_get_tested_modules();\n audit_extra = \"For BIG-IP module(s) \" + tested + \",\";\n if (tested) audit(AUDIT_INST_VER_NOT_VULN, audit_extra, version);\n else audit(AUDIT_HOST_NOT, \"running any of the affected modules\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-07-01T01:01:01", "bulletinFamily": "scanner", "description": "Updated expat packages that fix two security issues are now available\nfor Red Hat Enterprise Linux 5 and 6.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nExpat is a C library written by James Clark for parsing XML documents.\n\nA denial of service flaw was found in the implementation of hash\narrays in Expat. An attacker could use this flaw to make an\napplication using Expat consume an excessive amount of CPU time by\nproviding a specially crafted XML file that triggers multiple hash\nfunction collisions. To mitigate this issue, randomization has been\nadded to the hash function to reduce the chance of an attacker\nsuccessfully causing intentional collisions. (CVE-2012-0876)\n\nA memory leak flaw was found in Expat. If an XML file processed by an\napplication linked against Expat triggered a memory re-allocation\nfailure, Expat failed to free the previously allocated memory. This\ncould cause the application to exit unexpectedly or crash when all\navailable memory is exhausted. (CVE-2012-1148)\n\nAll Expat users should upgrade to these updated packages, which\ncontain backported patches to correct these issues. After installing\nthe updated packages, applications using the Expat library must be\nrestarted for the update to take effect.", "modified": "2020-07-02T00:00:00", "id": "CENTOS_RHSA-2012-0731.NASL", "href": "https://www.tenable.com/plugins/nessus/59482", "published": "2012-06-14T00:00:00", "title": "CentOS 5 / 6 : expat (CESA-2012:0731)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2012:0731 and \n# CentOS Errata and Security Advisory 2012:0731 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(59482);\n script_version(\"1.16\");\n script_cvs_date(\"Date: 2020/01/07\");\n\n script_cve_id(\"CVE-2012-0876\", \"CVE-2012-1148\");\n script_bugtraq_id(52379);\n script_xref(name:\"RHSA\", value:\"2012:0731\");\n\n script_name(english:\"CentOS 5 / 6 : expat (CESA-2012:0731)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated expat packages that fix two security issues are now available\nfor Red Hat Enterprise Linux 5 and 6.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nExpat is a C library written by James Clark for parsing XML documents.\n\nA denial of service flaw was found in the implementation of hash\narrays in Expat. An attacker could use this flaw to make an\napplication using Expat consume an excessive amount of CPU time by\nproviding a specially crafted XML file that triggers multiple hash\nfunction collisions. To mitigate this issue, randomization has been\nadded to the hash function to reduce the chance of an attacker\nsuccessfully causing intentional collisions. (CVE-2012-0876)\n\nA memory leak flaw was found in Expat. If an XML file processed by an\napplication linked against Expat triggered a memory re-allocation\nfailure, Expat failed to free the previously allocated memory. This\ncould cause the application to exit unexpectedly or crash when all\navailable memory is exhausted. (CVE-2012-1148)\n\nAll Expat users should upgrade to these updated packages, which\ncontain backported patches to correct these issues. After installing\nthe updated packages, applications using the Expat library must be\nrestarted for the update to take effect.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2012-June/018682.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?5e48af20\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2012-June/018685.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?38072ad3\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected expat packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2012-1148\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:expat\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:expat-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/07/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/06/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/06/14\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(5|6)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 5.x / 6.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-5\", reference:\"expat-1.95.8-11.el5_8\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"expat-devel-1.95.8-11.el5_8\")) flag++;\n\nif (rpm_check(release:\"CentOS-6\", reference:\"expat-2.0.1-11.el6_2\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"expat-devel-2.0.1-11.el6_2\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"expat / expat-devel\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-07-01T04:25:33", "bulletinFamily": "scanner", "description": "The remote Solaris system is missing necessary patches to address\nsecurity updates :\n\n - The XML parser (xmlparse.c) in expat before 2.1.0\n computes hash values without restricting the ability to\n trigger hash collisions predictably, which allows\n context-dependent attackers to cause a denial of service\n (CPU consumption) via an XML file with many identifiers\n with the same value. (CVE-2012-0876)\n\n - Memory leak in the poolGrow function in\n expat/lib/xmlparse.c in expat before 2.1.0 allows\n context-dependent attackers to cause a denial of service\n (memory consumption) via a large number of crafted XML\n files that cause improperly-handled reallocation\n failures when expanding entities. (CVE-2012-1148)", "modified": "2020-07-02T00:00:00", "id": "SOLARIS11_LIBEXPAT_20120918.NASL", "href": "https://www.tenable.com/plugins/nessus/80669", "published": "2015-01-19T00:00:00", "title": "Oracle Solaris Third-Party Patch Update : libexpat (multiple_resource_management_error_vulnerabilities)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from the Oracle Third Party software advisories.\n#\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(80669);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2018/11/15 20:50:24\");\n\n script_cve_id(\"CVE-2012-0876\", \"CVE-2012-1148\");\n\n script_name(english:\"Oracle Solaris Third-Party Patch Update : libexpat (multiple_resource_management_error_vulnerabilities)\");\n script_summary(english:\"Check for the 'entire' version.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Solaris system is missing a security patch for third-party\nsoftware.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote Solaris system is missing necessary patches to address\nsecurity updates :\n\n - The XML parser (xmlparse.c) in expat before 2.1.0\n computes hash values without restricting the ability to\n trigger hash collisions predictably, which allows\n context-dependent attackers to cause a denial of service\n (CPU consumption) via an XML file with many identifiers\n with the same value. (CVE-2012-0876)\n\n - Memory leak in the poolGrow function in\n expat/lib/xmlparse.c in expat before 2.1.0 allows\n context-dependent attackers to cause a denial of service\n (memory consumption) via a large number of crafted XML\n files that cause improperly-handled reallocation\n failures when expanding entities. (CVE-2012-1148)\"\n );\n # https://www.oracle.com/technetwork/topics/security/thirdparty-patch-map-1482893.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?4a913f44\"\n );\n # https://blogs.oracle.com/sunsecurity/multiple-resource-management-error-vulnerabilities-in-libexpat\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?9df5e276\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade to Solaris 11/11 SRU 11.4.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:solaris:11.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:libexpat\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/09/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/01/19\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Solaris Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Solaris11/release\", \"Host/Solaris11/pkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"solaris.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Solaris11/release\");\nif (isnull(release)) audit(AUDIT_OS_NOT, \"Solaris11\");\npkg_list = solaris_pkg_list_leaves();\nif (isnull (pkg_list)) audit(AUDIT_PACKAGE_LIST_MISSING, \"Solaris pkg-list packages\");\n\nif (empty_or_null(egrep(string:pkg_list, pattern:\"^libexpat$\"))) audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libexpat\");\n\nflag = 0;\n\nif (solaris_check_release(release:\"0.5.11-0.175.0.11.0.4.1\", sru:\"SRU 11.4\") > 0) flag++;\n\nif (flag)\n{\n error_extra = 'Affected package : libexpat\\n' + solaris_get_report2();\n error_extra = ereg_replace(pattern:\"version\", replace:\"OS version\", string:error_extra);\n if (report_verbosity > 0) security_warning(port:0, extra:error_extra);\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_PACKAGE_NOT_AFFECTED, \"libexpat\");\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-03-18T02:47:09", "bulletinFamily": "scanner", "description": "Expat is a C library written by James Clark for parsing XML documents.\n\nA denial of service flaw was found in the implementation of hash\narrays in Expat. An attacker could use this flaw to make an\napplication using Expat consume an excessive amount of CPU time by\nproviding a specially crafted XML file that triggers multiple hash\nfunction collisions. To mitigate this issue, randomization has been\nadded to the hash function to reduce the chance of an attacker\nsuccessfully causing intentional collisions. (CVE-2012-0876)\n\nA memory leak flaw was found in Expat. If an XML file processed by an\napplication linked against Expat triggered a memory re-allocation\nfailure, Expat failed to free the previously allocated memory. This\ncould cause the application to exit unexpectedly or crash when all\navailable memory is exhausted. (CVE-2012-1148)\n\nAll Expat users should upgrade to these updated packages, which\ncontain backported patches to correct these issues. After installing\nthe updated packages, applications using the Expat library must be\nrestarted for the update to take effect.", "modified": "2012-08-01T00:00:00", "id": "SL_20120613_EXPAT_ON_SL5_X.NASL", "href": "https://www.tenable.com/plugins/nessus/61327", "published": "2012-08-01T00:00:00", "title": "Scientific Linux Security Update : expat on SL5.x, SL6.x i386/x86_64 (20120613)", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(61327);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/03/12\");\n\n script_cve_id(\"CVE-2012-0876\", \"CVE-2012-1148\");\n\n script_name(english:\"Scientific Linux Security Update : expat on SL5.x, SL6.x i386/x86_64 (20120613)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Expat is a C library written by James Clark for parsing XML documents.\n\nA denial of service flaw was found in the implementation of hash\narrays in Expat. An attacker could use this flaw to make an\napplication using Expat consume an excessive amount of CPU time by\nproviding a specially crafted XML file that triggers multiple hash\nfunction collisions. To mitigate this issue, randomization has been\nadded to the hash function to reduce the chance of an attacker\nsuccessfully causing intentional collisions. (CVE-2012-0876)\n\nA memory leak flaw was found in Expat. If an XML file processed by an\napplication linked against Expat triggered a memory re-allocation\nfailure, Expat failed to free the previously allocated memory. This\ncould cause the application to exit unexpectedly or crash when all\navailable memory is exhausted. (CVE-2012-1148)\n\nAll Expat users should upgrade to these updated packages, which\ncontain backported patches to correct these issues. After installing\nthe updated packages, applications using the Expat library must be\nrestarted for the update to take effect.\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1206&L=scientific-linux-errata&T=0&P=1553\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?5ad05e00\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected expat, expat-debuginfo and / or expat-devel\npackages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:expat\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:expat-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:expat-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/07/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/06/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/08/01\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nos_ver = pregmatch(pattern: \"Scientific Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Scientific Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Scientific Linux 6.x\", \"Scientific Linux \" + os_ver);\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL5\", reference:\"expat-1.95.8-11.el5_8\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"expat-debuginfo-1.95.8-11.el5_8\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"expat-devel-1.95.8-11.el5_8\")) flag++;\n\nif (rpm_check(release:\"SL6\", reference:\"expat-2.0.1-11.el6_2\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"expat-debuginfo-2.0.1-11.el6_2\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"expat-devel-2.0.1-11.el6_2\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"expat / expat-debuginfo / expat-devel\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-07-01T03:52:30", "bulletinFamily": "scanner", "description": "Updated expat packages that fix two security issues are now available\nfor Red Hat Enterprise Linux 5 and 6.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nExpat is a C library written by James Clark for parsing XML documents.\n\nA denial of service flaw was found in the implementation of hash\narrays in Expat. An attacker could use this flaw to make an\napplication using Expat consume an excessive amount of CPU time by\nproviding a specially crafted XML file that triggers multiple hash\nfunction collisions. To mitigate this issue, randomization has been\nadded to the hash function to reduce the chance of an attacker\nsuccessfully causing intentional collisions. (CVE-2012-0876)\n\nA memory leak flaw was found in Expat. If an XML file processed by an\napplication linked against Expat triggered a memory re-allocation\nfailure, Expat failed to free the previously allocated memory. This\ncould cause the application to exit unexpectedly or crash when all\navailable memory is exhausted. (CVE-2012-1148)\n\nAll Expat users should upgrade to these updated packages, which\ncontain backported patches to correct these issues. After installing\nthe updated packages, applications using the Expat library must be\nrestarted for the update to take effect.", "modified": "2020-07-02T00:00:00", "id": "REDHAT-RHSA-2012-0731.NASL", "href": "https://www.tenable.com/plugins/nessus/59491", "published": "2012-06-14T00:00:00", "title": "RHEL 5 / 6 : expat (RHSA-2012:0731)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2012:0731. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(59491);\n script_version (\"1.22\");\n script_cvs_date(\"Date: 2019/10/24 15:35:35\");\n\n script_cve_id(\"CVE-2012-0876\", \"CVE-2012-1148\");\n script_bugtraq_id(52379);\n script_xref(name:\"RHSA\", value:\"2012:0731\");\n\n script_name(english:\"RHEL 5 / 6 : expat (RHSA-2012:0731)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated expat packages that fix two security issues are now available\nfor Red Hat Enterprise Linux 5 and 6.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nExpat is a C library written by James Clark for parsing XML documents.\n\nA denial of service flaw was found in the implementation of hash\narrays in Expat. An attacker could use this flaw to make an\napplication using Expat consume an excessive amount of CPU time by\nproviding a specially crafted XML file that triggers multiple hash\nfunction collisions. To mitigate this issue, randomization has been\nadded to the hash function to reduce the chance of an attacker\nsuccessfully causing intentional collisions. (CVE-2012-0876)\n\nA memory leak flaw was found in Expat. If an XML file processed by an\napplication linked against Expat triggered a memory re-allocation\nfailure, Expat failed to free the previously allocated memory. This\ncould cause the application to exit unexpectedly or crash when all\navailable memory is exhausted. (CVE-2012-1148)\n\nAll Expat users should upgrade to these updated packages, which\ncontain backported patches to correct these issues. After installing\nthe updated packages, applications using the Expat library must be\nrestarted for the update to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2012:0731\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2012-1148\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2012-0876\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected expat, expat-debuginfo and / or expat-devel\npackages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:expat\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:expat-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:expat-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6.2\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/07/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/06/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/06/14\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(5|6)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 5.x / 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2012:0731\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL5\", reference:\"expat-1.95.8-11.el5_8\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", reference:\"expat-debuginfo-1.95.8-11.el5_8\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", reference:\"expat-devel-1.95.8-11.el5_8\")) flag++;\n\n\n if (rpm_check(release:\"RHEL6\", reference:\"expat-2.0.1-11.el6_2\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"expat-debuginfo-2.0.1-11.el6_2\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"expat-devel-2.0.1-11.el6_2\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"expat / expat-debuginfo / expat-devel\");\n }\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-07-01T03:40:39", "bulletinFamily": "scanner", "description": "From Red Hat Security Advisory 2012:0731 :\n\nUpdated expat packages that fix two security issues are now available\nfor Red Hat Enterprise Linux 5 and 6.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nExpat is a C library written by James Clark for parsing XML documents.\n\nA denial of service flaw was found in the implementation of hash\narrays in Expat. An attacker could use this flaw to make an\napplication using Expat consume an excessive amount of CPU time by\nproviding a specially crafted XML file that triggers multiple hash\nfunction collisions. To mitigate this issue, randomization has been\nadded to the hash function to reduce the chance of an attacker\nsuccessfully causing intentional collisions. (CVE-2012-0876)\n\nA memory leak flaw was found in Expat. If an XML file processed by an\napplication linked against Expat triggered a memory re-allocation\nfailure, Expat failed to free the previously allocated memory. This\ncould cause the application to exit unexpectedly or crash when all\navailable memory is exhausted. (CVE-2012-1148)\n\nAll Expat users should upgrade to these updated packages, which\ncontain backported patches to correct these issues. After installing\nthe updated packages, applications using the Expat library must be\nrestarted for the update to take effect.", "modified": "2020-07-02T00:00:00", "id": "ORACLELINUX_ELSA-2012-0731.NASL", "href": "https://www.tenable.com/plugins/nessus/68543", "published": "2013-07-12T00:00:00", "title": "Oracle Linux 5 / 6 : expat (ELSA-2012-0731)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2012:0731 and \n# Oracle Linux Security Advisory ELSA-2012-0731 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(68543);\n script_version(\"1.10\");\n script_cvs_date(\"Date: 2019/09/30 10:58:17\");\n\n script_cve_id(\"CVE-2012-0876\", \"CVE-2012-1148\");\n script_bugtraq_id(52379);\n script_xref(name:\"RHSA\", value:\"2012:0731\");\n\n script_name(english:\"Oracle Linux 5 / 6 : expat (ELSA-2012-0731)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2012:0731 :\n\nUpdated expat packages that fix two security issues are now available\nfor Red Hat Enterprise Linux 5 and 6.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nExpat is a C library written by James Clark for parsing XML documents.\n\nA denial of service flaw was found in the implementation of hash\narrays in Expat. An attacker could use this flaw to make an\napplication using Expat consume an excessive amount of CPU time by\nproviding a specially crafted XML file that triggers multiple hash\nfunction collisions. To mitigate this issue, randomization has been\nadded to the hash function to reduce the chance of an attacker\nsuccessfully causing intentional collisions. (CVE-2012-0876)\n\nA memory leak flaw was found in Expat. If an XML file processed by an\napplication linked against Expat triggered a memory re-allocation\nfailure, Expat failed to free the previously allocated memory. This\ncould cause the application to exit unexpectedly or crash when all\navailable memory is exhausted. (CVE-2012-1148)\n\nAll Expat users should upgrade to these updated packages, which\ncontain backported patches to correct these issues. After installing\nthe updated packages, applications using the Expat library must be\nrestarted for the update to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2012-June/002859.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2012-June/002861.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected expat packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:expat\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:expat-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/07/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/06/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(5|6)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 5 / 6\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL5\", reference:\"expat-1.95.8-11.el5_8\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"expat-devel-1.95.8-11.el5_8\")) flag++;\n\nif (rpm_check(release:\"EL6\", reference:\"expat-2.0.1-11.el6_2\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"expat-devel-2.0.1-11.el6_2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"expat / expat-devel\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:44", "bulletinFamily": "software", "description": "-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n _______________________________________________________________________\r\n\r\n Mandriva Linux Security Advisory MDVSA-2012:041\r\n http://www.mandriva.com/security/\r\n _______________________________________________________________________\r\n\r\n Package : expat\r\n Date : March 27, 2012\r\n Affected: 2010.1, 2011., Enterprise Server 5.0\r\n _______________________________________________________________________\r\n\r\n Problem Description:\r\n\r\n A memory leak and a hash table collision flaw in expat could cause\r\n denial os service (DoS) attacks (CVE-2012-0876, CVE-2012-1148).\r\n \r\n The updated packages have been patched to correct this issue.\r\n _______________________________________________________________________\r\n\r\n References:\r\n\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0876\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1148\r\n _______________________________________________________________________\r\n\r\n Updated Packages:\r\n\r\n Mandriva Linux 2010.1:\r\n 210b60280a0baf8e08634e0ea6a3bab9 2010.1/i586/expat-2.0.1-12.1mdv2010.2.i586.rpm\r\n 0b657867100b109cbf90a05d2262bec7 2010.1/i586/libexpat1-2.0.1-12.1mdv2010.2.i586.rpm\r\n 0bd180a7b4f4d93df5b74f66e2c85e74 2010.1/i586/libexpat1-devel-2.0.1-12.1mdv2010.2.i586.rpm \r\n 9f063d0589f638e047de6a5266e6ac84 2010.1/SRPMS/expat-2.0.1-12.1mdv2010.2.src.rpm\r\n\r\n Mandriva Linux 2010.1/X86_64:\r\n ced30873d989d1511e828037b4f68d4d 2010.1/x86_64/expat-2.0.1-12.1mdv2010.2.x86_64.rpm\r\n ebd7d687082377e65c818f8ba780b66d 2010.1/x86_64/lib64expat1-2.0.1-12.1mdv2010.2.x86_64.rpm\r\n fd8bef44ccdadeaf14966b44733883fe 2010.1/x86_64/lib64expat1-devel-2.0.1-12.1mdv2010.2.x86_64.rpm \r\n 9f063d0589f638e047de6a5266e6ac84 2010.1/SRPMS/expat-2.0.1-12.1mdv2010.2.src.rpm\r\n\r\n Mandriva Linux 2011:\r\n 6c8bdc44eed2cebf483d4041d57f5eea 2011/i586/expat-2.0.1-15.1-mdv2011.0.i586.rpm\r\n 8211eeb028a563dcbedda7d1726035bb 2011/i586/libexpat1-2.0.1-15.1-mdv2011.0.i586.rpm\r\n c6c9685891ae405ff6181b6899ee10ce 2011/i586/libexpat-devel-2.0.1-15.1-mdv2011.0.i586.rpm\r\n 7afd883dae4a17201128de1485cf949c 2011/i586/libexpat-static-devel-2.0.1-15.1-mdv2011.0.i586.rpm \r\n 4be73538c443ced014373c7e364daac5 2011/SRPMS/expat-2.0.1-15.1.src.rpm\r\n\r\n Mandriva Linux 2011/X86_64:\r\n 7e84ec2183f6ba903779b00f914e3813 2011/x86_64/expat-2.0.1-15.1-mdv2011.0.x86_64.rpm\r\n d7c0853983ce8d2dc2b0b9740924acd7 2011/x86_64/lib64expat1-2.0.1-15.1-mdv2011.0.x86_64.rpm\r\n ecca4f586885b53d2a0ca39a8985f561 2011/x86_64/lib64expat-devel-2.0.1-15.1-mdv2011.0.x86_64.rpm\r\n f87f9aecd51f1f20508dc6f6ad5f02e6 2011/x86_64/lib64expat-static-devel-2.0.1-15.1-mdv2011.0.x86_64.rpm \r\n 4be73538c443ced014373c7e364daac5 2011/SRPMS/expat-2.0.1-15.1.src.rpm\r\n\r\n Mandriva Enterprise Server 5:\r\n 9618c2dceec06fcb04655e2adb9f8d9d mes5/i586/expat-2.0.1-7.4mdvmes5.2.i586.rpm\r\n a0b4d2e3b545f6d63cef9476da3cc72f mes5/i586/libexpat1-2.0.1-7.4mdvmes5.2.i586.rpm\r\n 95ec804d1758d0a7628abd42bf3e54e5 mes5/i586/libexpat1-devel-2.0.1-7.4mdvmes5.2.i586.rpm \r\n 01271afe453d63599a6951f7dbc83197 mes5/SRPMS/expat-2.0.1-7.4mdvmes5.2.src.rpm\r\n\r\n Mandriva Enterprise Server 5/X86_64:\r\n 4781b62e289cae964e8a7c540d2387c9 mes5/x86_64/expat-2.0.1-7.4mdvmes5.2.x86_64.rpm\r\n aee65480dd6cc31f957c3b17771babf6 mes5/x86_64/lib64expat1-2.0.1-7.4mdvmes5.2.x86_64.rpm\r\n ddbc81b65a6969e17900bbbc842cc8e4 mes5/x86_64/lib64expat1-devel-2.0.1-7.4mdvmes5.2.x86_64.rpm \r\n 01271afe453d63599a6951f7dbc83197 mes5/SRPMS/expat-2.0.1-7.4mdvmes5.2.src.rpm\r\n _______________________________________________________________________\r\n\r\n To upgrade automatically use MandrivaUpdate or urpmi. The verification\r\n of md5 checksums and GPG signatures is performed automatically for you.\r\n\r\n All packages are signed by Mandriva for security. You can obtain the\r\n GPG public key of the Mandriva Security Team by executing:\r\n\r\n gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\r\n\r\n You can view other update advisories for Mandriva Linux at:\r\n\r\n http://www.mandriva.com/security/advisories\r\n\r\n If you want to report vulnerabilities, please contact\r\n\r\n security_(at)_mandriva.com\r\n _______________________________________________________________________\r\n\r\n Type Bits/KeyID Date User ID\r\n pub 1024D/22458A98 2000-07-10 Mandriva Security Team\r\n <security*mandriva.com>\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.11 (GNU/Linux)\r\n\r\niD8DBQFPcd5UmqjQ0CJFipgRAvzjAJ46WPQm7hmP1/gmoLmPmFMdZYcOrQCgq/oR\r\nZVAk5KD7zUd2cFhkef3xvRo=\r\n=EuSi\r\n-----END PGP SIGNATURE-----\r\n", "modified": "2012-04-02T00:00:00", "published": "2012-04-02T00:00:00", "id": "SECURITYVULNS:DOC:27867", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:27867", "title": "[ MDVSA-2012:041 ] expat", "type": "securityvulns", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:09:46", "bulletinFamily": "software", "description": "Memory leaks, predictable hash function.", "modified": "2012-04-02T00:00:00", "published": "2012-04-02T00:00:00", "id": "SECURITYVULNS:VULN:12304", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:12304", "title": "expat security vulnerability", "type": "securityvulns", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "amazon": [{"lastseen": "2019-05-29T17:22:38", "bulletinFamily": "unix", "description": "**Issue Overview:**\n\nA denial of service flaw was found in the implementation of hash arrays in Expat. An attacker could use this flaw to make an application using Expat consume an excessive amount of CPU time by providing a specially-crafted XML file that triggers multiple hash function collisions. To mitigate this issue, randomization has been added to the hash function to reduce the chance of an attacker successfully causing intentional collisions. ([CVE-2012-0876 __](<https://access.redhat.com/security/cve/CVE-2012-0876>))\n\nA memory leak flaw was found in Expat. If an XML file processed by an application linked against Expat triggered a memory re-allocation failure, Expat failed to free the previously allocated memory. This could cause the application to exit unexpectedly or crash when all available memory is exhausted. ([CVE-2012-1148 __](<https://access.redhat.com/security/cve/CVE-2012-1148>))\n\n \n**Affected Packages:** \n\n\nexpat\n\n \n**Issue Correction:** \nRun _yum update expat_ to update your system.\n\n \n\n\n**New Packages:**\n \n \n i686: \n expat-devel-2.0.1-11.9.amzn1.i686 \n expat-debuginfo-2.0.1-11.9.amzn1.i686 \n expat-2.0.1-11.9.amzn1.i686 \n \n src: \n expat-2.0.1-11.9.amzn1.src \n \n x86_64: \n expat-devel-2.0.1-11.9.amzn1.x86_64 \n expat-2.0.1-11.9.amzn1.x86_64 \n expat-debuginfo-2.0.1-11.9.amzn1.x86_64 \n \n \n", "modified": "2014-09-14T16:21:00", "published": "2014-09-14T16:21:00", "id": "ALAS-2012-089", "href": "https://alas.aws.amazon.com/ALAS-2012-89.html", "title": "Medium: expat", "type": "amazon", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "centos": [{"lastseen": "2019-12-20T18:28:07", "bulletinFamily": "unix", "description": "**CentOS Errata and Security Advisory** CESA-2012:0731\n\n\nExpat is a C library written by James Clark for parsing XML documents.\n\nA denial of service flaw was found in the implementation of hash arrays in\nExpat. An attacker could use this flaw to make an application using Expat\nconsume an excessive amount of CPU time by providing a specially-crafted\nXML file that triggers multiple hash function collisions. To mitigate\nthis issue, randomization has been added to the hash function to reduce the\nchance of an attacker successfully causing intentional collisions.\n(CVE-2012-0876)\n\nA memory leak flaw was found in Expat. If an XML file processed by an\napplication linked against Expat triggered a memory re-allocation failure,\nExpat failed to free the previously allocated memory. This could cause the\napplication to exit unexpectedly or crash when all available memory is\nexhausted. (CVE-2012-1148)\n\nAll Expat users should upgrade to these updated packages, which contain\nbackported patches to correct these issues. After installing the updated\npackages, applications using the Expat library must be restarted for the\nupdate to take effect.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2012-June/030720.html\nhttp://lists.centos.org/pipermail/centos-announce/2012-June/030723.html\n\n**Affected packages:**\nexpat\nexpat-devel\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2012-0731.html", "modified": "2012-06-13T18:29:54", "published": "2012-06-13T17:07:10", "href": "http://lists.centos.org/pipermail/centos-announce/2012-June/030720.html", "id": "CESA-2012:0731", "title": "expat security update", "type": "centos", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "debian": [{"lastseen": "2020-05-21T00:58:39", "bulletinFamily": "unix", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-2525-1 security@debian.org\nhttp://www.debian.org/security/ Moritz Muehlenhoff\nAugust 06, 2012 http://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : expat\nVulnerability : several\nProblem type : local\nDebian-specific: no\nCVE ID : CVE-2012-0876 CVE-2012-1148\n\nIt was discovered that Expat, a C library to parse XML, is vulnerable\nto denial of service through hash collisions and a memory leak in\npool handling.\n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 2.0.1-7+squeeze1.\n\nFor the testing distribution (wheezy), this problem has been fixed in\nversion 2.1.0~beta3-1.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 2.1.0~beta3-1.\n\nWe recommend that you upgrade your expat packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: http://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "modified": "2012-08-06T20:37:35", "published": "2012-08-06T20:37:35", "id": "DEBIAN:DSA-2525-1:0551E", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2012/msg00166.html", "title": "[SECURITY] [DSA 2525-1] expat security update", "type": "debian", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-30T02:22:55", "bulletinFamily": "unix", "description": "Package : expat\nVersion : 2.1.0-1+deb7u4\nCVE ID : CVE-2012-6702 CVE-2016-5300\n\n\nTwo related issues have been discovered in Expat, a C library for\nparsing XML.\n\nCVE-2012-6702\n\n This issue was introduced when CVE-2012-0876 was addressed. Stefan\n S\u00f8rensen discovered that the use of the function XML_Parse() seeds\n the random number generator generating repeated outputs for rand()\n calls.\n\nCVE-2016-5300\n\n This is the product of an incomplete solution for CVE-2012-0876. The\n parser poorly seeds the random number generator allowing an\n attacker to cause a denial of service (CPU consumption) via an XML\n file with crafted identifiers.\n\nYou might need to manually restart programs and services using expat\nlibraries.\n\nFor Debian 7 "Wheezy", these problems have been fixed in version\n2.1.0-1+deb7u4.\n\nWe recommend that you upgrade your expat packages.\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS\n", "modified": "2016-06-08T09:29:29", "published": "2016-06-08T09:29:29", "id": "DEBIAN:DLA-508-1:E525E", "href": "https://lists.debian.org/debian-lts-announce/2016/debian-lts-announce-201606/msg00009.html", "title": "[SECURITY] [DLA 508-1] expat security update", "type": "debian", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2020-07-02T00:50:07", "bulletinFamily": "unix", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-3597-1 security@debian.org\nhttps://www.debian.org/security/ Luciano Bello\nJune 07, 2016 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : expat\nCVE ID : CVE-2012-6702 CVE-2016-5300\n\nTwo related issues have been discovered in Expat, a C library for parsing\nXML.\n\nCVE-2012-6702\n\n It was introduced when CVE-2012-0876 was addressed. Stefan S\u00c3\u00b8rensen\n discovered that the use of the function XML_Parse() seeds the random\n number generator generating repeated outputs for rand() calls.\n\nCVE-2016-5300\n\n It is the product of an incomplete solution for CVE-2012-0876. The\n parser poorly seeds the random number generator allowing an\n attacker to cause a denial of service (CPU consumption) via an XML\n file with crafted identifiers.\n\nYou might need to manually restart programs and services using expat\nlibraries.\n\nFor the stable distribution (jessie), these problems have been fixed in\nversion 2.1.0-6+deb8u3.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 2.1.1-3.\n\nWe recommend that you upgrade your expat packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "modified": "2016-06-07T16:44:54", "published": "2016-06-07T16:44:54", "id": "DEBIAN:DSA-3597-1:6D822", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2016/msg00175.html", "title": "[SECURITY] [DSA 3597-1] expat security update", "type": "debian", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}], "oraclelinux": [{"lastseen": "2019-05-29T18:36:25", "bulletinFamily": "unix", "description": "[2.0.1-11]\n- use symbol version for XML_SetHashSalt (CVE-2012-0876, #816306)\n[2.0.1-10]\n- add security fix for CVE-2012-1148 (#811825)\n- add security fix for CVE-2012-0876 (#811833)", "modified": "2012-06-13T00:00:00", "published": "2012-06-13T00:00:00", "id": "ELSA-2012-0731", "href": "http://linux.oracle.com/errata/ELSA-2012-0731.html", "title": "expat security update", "type": "oraclelinux", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:39:46", "bulletinFamily": "unix", "description": "[2.4.3-46.el5_8.2]\n- if hash randomization is enabled, also enable it within pyexpat\nResolves: CVE-2012-0876\n[2.4.3-46.el5_8.1]\n- distutils.commands.register: create ~/.pypirc securely\nResolves: CVE-2011-4944\n- send encoding in SimpleHTTPServer.list_directory to protect IE7 against\npotential XSS attacks\nResolves: CVE-2011-4940\n- oCERT-2011-003: add -R command-line option and PYTHONHASHSEED environment\nvariable, to provide an opt-in way to protect against denial of service\nattacks due to hash collisions within the dict and set types\nResolves: CVE-2012-1150", "modified": "2012-06-18T00:00:00", "published": "2012-06-18T00:00:00", "id": "ELSA-2012-0745", "href": "http://linux.oracle.com/errata/ELSA-2012-0745.html", "title": "python security update", "type": "oraclelinux", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:38:11", "bulletinFamily": "unix", "description": "[2.6.6-29.el6_2.2]\n- if hash randomization is enabled, also enable it within pyexpat\nResolves: CVE-2012-0876\n[2.6.6-29.el6_2.1]\n- distutils.config: create ~/.pypirc securely\nResolves: CVE-2011-4944\n- fix endless loop in SimpleXMLRPCServer upon malformed POST request\nResolves: CVE-2012-0845\n- send encoding in SimpleHTTPServer.list_directory to protect IE7 against\npotential XSS attacks\nResolves: CVE-2011-4940\n- oCERT-2011-003: add -R command-line option and PYTHONHASHSEED environment\nvariable, to provide an opt-in way to protect against denial of service\nattacks due to hash collisions within the dict and set types\nResolves: CVE-2012-1150", "modified": "2012-06-18T00:00:00", "published": "2012-06-18T00:00:00", "id": "ELSA-2012-0744", "href": "http://linux.oracle.com/errata/ELSA-2012-0744.html", "title": "python security update", "type": "oraclelinux", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "ubuntu": [{"lastseen": "2020-07-02T11:39:06", "bulletinFamily": "unix", "description": "It was discovered that Expat computed hash values without restricting the \nability to trigger hash collisions predictably. If a user or application linked \nagainst Expat were tricked into opening a crafted XML file, an attacker could \ncause a denial of service by consuming excessive CPU resources. (CVE-2012-0876)\n\nTim Boddy discovered that Expat did not properly handle memory reallocation \nwhen processing XML files. If a user or application linked against Expat were \ntricked into opening a crafted XML file, an attacker could cause a denial of \nservice by consuming excessive memory resources. This issue only affected \nUbuntu 8.04 LTS, 10.04 LTS, 11.04 and 11.10. (CVE-2012-1148)", "modified": "2012-08-09T00:00:00", "published": "2012-08-09T00:00:00", "id": "USN-1527-1", "href": "https://ubuntu.com/security/notices/USN-1527-1", "title": "Expat vulnerabilities", "type": "ubuntu", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-07-02T11:33:41", "bulletinFamily": "unix", "description": "USN-1527-1 fixed vulnerabilities in Expat. This update provides the \ncorresponding updates for XML-RPC for C and C++. Both issues described in the \noriginal advisory affected XML-RPC for C and C++ in Ubuntu 10.04 LTS, 11.04, \n11.10 and 12.04 LTS.\n\nOriginal advisory details:\n\nIt was discovered that Expat computed hash values without restricting the \nability to trigger hash collisions predictably. If a user or application \nlinked against Expat were tricked into opening a crafted XML file, an attacker \ncould cause a denial of service by consuming excessive CPU resources. \n(CVE-2012-0876)\n\nTim Boddy discovered that Expat did not properly handle memory reallocation \nwhen processing XML files. If a user or application linked against Expat were \ntricked into opening a crafted XML file, an attacker could cause a denial of \nservice by consuming excessive memory resources. This issue only affected \nUbuntu 8.04 LTS, 10.04 LTS, 11.04 and 11.10. (CVE-2012-1148)", "modified": "2012-09-10T00:00:00", "published": "2012-09-10T00:00:00", "id": "USN-1527-2", "href": "https://ubuntu.com/security/notices/USN-1527-2", "title": "XML-RPC for C and C++ vulnerabilities", "type": "ubuntu", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-07-09T00:23:59", "bulletinFamily": "unix", "description": "It was discovered that Python would prepend an empty string to sys.path \nunder certain circumstances. A local attacker with write access to the \ncurrent working directory could exploit this to execute arbitrary code. \n(CVE-2008-5983)\n\nIt was discovered that the audioop module did not correctly perform input \nvalidation. If a user or automatated system were tricked into opening a \ncrafted audio file, an attacker could cause a denial of service via \napplication crash. (CVE-2010-1634, CVE-2010-2089)\n\nGiampaolo Rodola discovered several race conditions in the smtpd module. \nA remote attacker could exploit this to cause a denial of service via \ndaemon outage. (CVE-2010-3493)\n\nIt was discovered that the CGIHTTPServer module did not properly perform \ninput validation on certain HTTP GET requests. A remote attacker could \npotentially obtain access to CGI script source files. (CVE-2011-1015)\n\nNiels Heinen discovered that the urllib and urllib2 modules would process \nLocation headers that specify a redirection to file: URLs. A remote \nattacker could exploit this to obtain sensitive information or cause a \ndenial of service. (CVE-2011-1521)\n\nIt was discovered that SimpleHTTPServer did not use a charset parameter in \nthe Content-Type HTTP header. An attacker could potentially exploit this \nto conduct cross-site scripting (XSS) attacks against Internet Explorer 7 \nusers. (CVE-2011-4940)\n\nIt was discovered that Python distutils contained a race condition when \ncreating the ~/.pypirc file. A local attacker could exploit this to obtain \nsensitive information. (CVE-2011-4944)\n\nIt was discovered that SimpleXMLRPCServer did not properly validate its \ninput when handling HTTP POST requests. A remote attacker could exploit \nthis to cause a denial of service via excessive CPU utilization. \n(CVE-2012-0845)\n\nIt was discovered that the Expat module in Python 2.5 computed hash values \nwithout restricting the ability to trigger hash collisions predictably. If \na user or application using pyexpat were tricked into opening a crafted XML \nfile, an attacker could cause a denial of service by consuming excessive \nCPU resources. (CVE-2012-0876)\n\nTim Boddy discovered that the Expat module in Python 2.5 did not properly \nhandle memory reallocation when processing XML files. If a user or \napplication using pyexpat were tricked into opening a crafted XML file, an \nattacker could cause a denial of service by consuming excessive memory \nresources. (CVE-2012-1148)", "modified": "2012-10-17T00:00:00", "published": "2012-10-17T00:00:00", "id": "USN-1613-1", "href": "https://ubuntu.com/security/notices/USN-1613-1", "title": "Python 2.5 vulnerabilities", "type": "ubuntu", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-07-09T00:33:58", "bulletinFamily": "unix", "description": "USN-1613-1 fixed vulnerabilities in Python 2.5. This update provides the \ncorresponding updates for Python 2.4.\n\nOriginal advisory details:\n\nIt was discovered that Python would prepend an empty string to sys.path \nunder certain circumstances. A local attacker with write access to the \ncurrent working directory could exploit this to execute arbitrary code. \n(CVE-2008-5983)\n\nIt was discovered that the audioop module did not correctly perform input \nvalidation. If a user or automatated system were tricked into opening a \ncrafted audio file, an attacker could cause a denial of service via \napplication crash. (CVE-2010-1634, CVE-2010-2089)\n\nGiampaolo Rodola discovered several race conditions in the smtpd module. \nA remote attacker could exploit this to cause a denial of service via \ndaemon outage. (CVE-2010-3493)\n\nIt was discovered that the CGIHTTPServer module did not properly perform \ninput validation on certain HTTP GET requests. A remote attacker could \npotentially obtain access to CGI script source files. (CVE-2011-1015)\n\nNiels Heinen discovered that the urllib and urllib2 modules would process \nLocation headers that specify a redirection to file: URLs. A remote \nattacker could exploit this to obtain sensitive information or cause a \ndenial of service. (CVE-2011-1521)\n\nIt was discovered that SimpleHTTPServer did not use a charset parameter in \nthe Content-Type HTTP header. An attacker could potentially exploit this \nto conduct cross-site scripting (XSS) attacks against Internet Explorer 7 \nusers. (CVE-2011-4940)\n\nIt was discovered that Python distutils contained a race condition when \ncreating the ~/.pypirc file. A local attacker could exploit this to obtain \nsensitive information. (CVE-2011-4944)\n\nIt was discovered that SimpleXMLRPCServer did not properly validate its \ninput when handling HTTP POST requests. A remote attacker could exploit \nthis to cause a denial of service via excessive CPU utilization. \n(CVE-2012-0845)\n\nIt was discovered that the Expat module in Python 2.5 computed hash values \nwithout restricting the ability to trigger hash collisions predictably. If \na user or application using pyexpat were tricked into opening a crafted XML \nfile, an attacker could cause a denial of service by consuming excessive \nCPU resources. (CVE-2012-0876)\n\nTim Boddy discovered that the Expat module in Python 2.5 did not properly \nhandle memory reallocation when processing XML files. If a user or \napplication using pyexpat were tricked into opening a crafted XML file, an \nattacker could cause a denial of service by consuming excessive memory \nresources. (CVE-2012-1148)", "modified": "2012-10-17T00:00:00", "published": "2012-10-17T00:00:00", "id": "USN-1613-2", "href": "https://ubuntu.com/security/notices/USN-1613-2", "title": "Python 2.4 vulnerabilities", "type": "ubuntu", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}], "redhat": [{"lastseen": "2019-08-13T18:45:33", "bulletinFamily": "unix", "description": "Expat is a C library written by James Clark for parsing XML documents.\n\nA denial of service flaw was found in the implementation of hash arrays in\nExpat. An attacker could use this flaw to make an application using Expat\nconsume an excessive amount of CPU time by providing a specially-crafted\nXML file that triggers multiple hash function collisions. To mitigate\nthis issue, randomization has been added to the hash function to reduce the\nchance of an attacker successfully causing intentional collisions.\n(CVE-2012-0876)\n\nA memory leak flaw was found in Expat. If an XML file processed by an\napplication linked against Expat triggered a memory re-allocation failure,\nExpat failed to free the previously allocated memory. This could cause the\napplication to exit unexpectedly or crash when all available memory is\nexhausted. (CVE-2012-1148)\n\nAll Expat users should upgrade to these updated packages, which contain\nbackported patches to correct these issues. After installing the updated\npackages, applications using the Expat library must be restarted for the\nupdate to take effect.\n", "modified": "2018-06-06T20:24:37", "published": "2012-06-13T04:00:00", "id": "RHSA-2012:0731", "href": "https://access.redhat.com/errata/RHSA-2012:0731", "type": "redhat", "title": "(RHSA-2012:0731) Moderate: expat security update", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T14:35:31", "bulletinFamily": "unix", "description": "Red Hat JBoss Web Server is a fully integrated and certified set of \ncomponents for hosting Java web applications. It is comprised of the Apache \nHTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector \n(mod_jk), JBoss HTTP Connector (mod_cluster), Hibernate, and the Tomcat \nNative library.\n\nMultiple flaws were found in the way httpd parsed HTTP requests and\nresponses using chunked transfer encoding. A remote attacker could use\nthese flaws to create a specially crafted request, which httpd would decode \ndifferently from an HTTP proxy software in front of it, possibly leading to \nHTTP request smuggling attacks. (CVE-2015-3183)\n\nA denial of service flaw was found in the implementation of hash arrays in \nExpat. An attacker could use this flaw to make an application using Expat \nconsume an excessive amount of CPU time by providing a specially-crafted\nXML file that triggers multiple hash function collisions. To mitigate this\nissue, randomization has been added to the hash function to reduce the\nchance of an attacker successfully causing intentional collisions.\n(CVE-2012-0876)\n\nA flaw was found in the way httpd handled HTTP Trailer headers when \nprocessing requests using chunked encoding. A malicious client could use \nTrailer headers to set additional HTTP headers after header processing was \nperformed by other modules. This could, for example, lead to a bypass of \nheader restrictions defined with mod_headers. (CVE-2013-5704)\n\nAll users of Red Hat JBoss Web Server 2.1.0 as provided from the Red Hat \nCustomer Portal are advised to apply this update. The Red Hat JBoss Web \nServer process must be restarted for the update to take effect.", "modified": "2018-02-15T23:12:14", "published": "2016-01-21T20:45:11", "id": "RHSA-2016:0062", "href": "https://access.redhat.com/errata/RHSA-2016:0062", "type": "redhat", "title": "(RHSA-2016:0062) Moderate: Red Hat JBoss Web Server 2.1.0 security update", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}], "gentoo": [{"lastseen": "2016-09-06T19:46:31", "bulletinFamily": "unix", "description": "### Background\n\nExpat is a set of XML parsing libraries.\n\n### Description\n\nMultiple vulnerabilities have been discovered in Expat. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nA remote attacker could entice a user to open a specially crafted XML file in an application linked against Expat, possibly resulting in a Denial of Service condition. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll Expat users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev-libs/expat-2.1.0_beta3\"\n \n\nPackages which depend on this library may need to be recompiled. Tools such as revdep-rebuild may assist in identifying some of these packages.", "modified": "2012-09-24T00:00:00", "published": "2012-09-24T00:00:00", "id": "GLSA-201209-06", "href": "https://security.gentoo.org/glsa/201209-06", "type": "gentoo", "title": "Expat: Multiple vulnerabilities", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "archlinux": [{"lastseen": "2016-09-02T18:44:43", "bulletinFamily": "unix", "description": "- CVE-2012-6702 (predictable random numbers)\n\nIt was found that when calling XML_Parse ahead of rand(), it causes the\npseudo random generator to generate non-random predictable numbers.\n\n- CVE-2016-5300 (denial of service)\n\nIt was found that original fix for CVE-2012-0876 used too little\nentropy for the hash initialization. This issue can be used to perform\na hash collision based denial of service attack.", "modified": "2016-06-13T00:00:00", "published": "2016-06-13T00:00:00", "id": "ASA-201606-13", "href": "https://lists.archlinux.org/pipermail/arch-security/2016-June/000648.html", "title": "expat: multiple issues", "type": "archlinux", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2016-09-02T18:44:36", "bulletinFamily": "unix", "description": "- CVE-2012-6702 (predictable random numbers)\n\nIt was found that when calling XML_Parse ahead of rand(), it causes the\npseudo random generator to generate non-random predictable numbers.\n\n- CVE-2016-5300 (denial of service)\n\nIt was found that original fix for CVE-2012-0876 used too little\nentropy for the hash initialization. This issue can be used to perform\na hash collision based denial of service attack.", "modified": "2016-06-13T00:00:00", "published": "2016-06-13T00:00:00", "id": "ASA-201606-14", "href": "https://lists.archlinux.org/pipermail/arch-security/2016-June/000649.html", "title": "lib32-expat: multiple issues", "type": "archlinux", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}], "vmware": [{"lastseen": "2019-11-06T16:05:38", "bulletinFamily": "unix", "description": "a. VMware vSphere API denial of service vulnerability \nThe VMware vSphere API contains a denial of service vulnerability. This issue allows an unauthenticated user to send a maliciously crafted API request and disable the host daemon. Exploitation of the issue would prevent management activities on the host but any virtual machines running on the host would be unaffected. \nVMware would like to thank Sebasti\u00e1n Tello of Core Security Technologies for reporting this issue to us. \nThe Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2012-5703 to this issue. \nColumn 4 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available. \n\n", "modified": "2012-11-15T00:00:00", "published": "2012-11-15T00:00:00", "id": "VMSA-2012-0016", "href": "https://www.vmware.com/security/advisories/VMSA-2012-0016.html", "title": "VMware security updates for vSphere API and ESX Service Console", "type": "vmware", "cvss": {"score": 8.5, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:C"}}]}
