MiracleLinux 4 : webkitgtk-1.2.6-2.AXS4 (AXSA:2011-34:01)

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
#
# The package checks in this plugin were extracted from
# Miracle Linux Security Advisory AXSA:2011-34:01.
##

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(284347);
  script_version("1.2");
  script_set_attribute(attribute:"plugin_modification_date", value:"2026/02/12");

  script_cve_id(
    "CVE-2010-1780",
    "CVE-2010-1782",
    "CVE-2010-1783",
    "CVE-2010-1784",
    "CVE-2010-1785",
    "CVE-2010-1786",
    "CVE-2010-1787",
    "CVE-2010-1788",
    "CVE-2010-1790",
    "CVE-2010-1792",
    "CVE-2010-1793",
    "CVE-2010-1807",
    "CVE-2010-1812",
    "CVE-2010-1814",
    "CVE-2010-3113",
    "CVE-2010-3114",
    "CVE-2010-3115",
    "CVE-2010-3116",
    "CVE-2010-3119",
    "CVE-2010-3255"
  );

  script_name(english:"MiracleLinux 4 : webkitgtk-1.2.6-2.AXS4 (AXSA:2011-34:01)");

  script_set_attribute(attribute:"synopsis", value:
"The remote MiracleLinux host is missing one or more security updates.");
  script_set_attribute(attribute:"description", value:
"The remote MiracleLinux 4 host has a package installed that is affected by multiple vulnerabilities as referenced in the
AXSA:2011-34:01 advisory.

    WebKitGTK+ is the port of the portable web rendering engine WebKit to the
    GTK+ platform.
    Security issues fixed with this release:
    CVE-2010-1780
    Use-after-free vulnerability in WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and
    Windows, and before 4.1.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a
    denial of service (application crash) via vectors related to element focus.
    CVE-2010-1782
    WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS
    X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption
    and application crash) via vectors related to the rendering of an inline element.
    CVE-2010-1783
    WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS
    X 10.4, does not properly handle dynamic modification of a text node, which allows remote attackers to
    execute arbitrary code or cause a denial of service (memory corruption and application crash) via a
    crafted HTML document.
    CVE-2010-1784
    The counters functionality in the Cascading Style Sheets (CSS) implementation in WebKit in Apple Safari
    before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4, allows remote
    attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash)
    via a crafted HTML document.
    CVE-2010-1785
    WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS
    X 10.4, accesses uninitialized memory during processing of the (1) :first-letter and (2) :first-line
    pseudo-elements in an SVG text element, which allows remote attackers to execute arbitrary code or cause a
    denial of service (application crash) via a crafted document.
    CVE-2010-1786
    Use-after-free vulnerability in WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and
    Windows, and before 4.1.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a
    denial of service (application crash) via a foreignObject element in an SVG document.
    CVE-2010-1787
    WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS
    X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption
    and application crash) via a floating element in an SVG document.
    CVE-2010-1788
    WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS
    X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption
    and application crash) via a use element in an SVG document.
    CVE-2010-1790
    WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS
    X 10.4, does not properly handle just-in-time (JIT) compiled JavaScript stubs, which allows remote
    attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted HTML
    document, related to a 'reentrancy issue.'
    CVE-2010-1792
    WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS
    X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption
    and application crash) via a crafted regular expression.
    CVE-2010-1793
    Multiple use-after-free vulnerabilities in WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through
    10.6 and Windows, and before 4.1.1 on Mac OS X 10.4, allow remote attackers to execute arbitrary code or
    cause a denial of service (application crash) via a (1) font-face or (2) use element in an SVG document.
    CVE-2010-1807
    WebKit in Apple Safari 4.x before 4.1.2 and 5.x before 5.0.2, and Android before 2.2, does not properly
    validate floating-point data, which allows remote attackers to execute arbitrary code or cause a denial of
    service (application crash) via a crafted HTML document.
    CVE-2010-1812
    Use-after-free vulnerability in WebKit in Apple iOS before 4.1 on the iPhone and iPod touch allows remote
    attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving
    selections.
    CVE-2010-1814
    WebKit in Apple iOS before 4.1 on the iPhone and iPod touch allows remote attackers to execute arbitrary
    code or cause a denial of service (memory corruption and application crash) via vectors involving form
    menus.
    CVE-2010-1815
    CVE-2010-3113
    Use-after-free vulnerability in WebKit in Apple iOS before 4.1 on the iPhone and iPod touch allows remote
    attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving
    scrollbars.
    CVE-2010-3114
    Google Chrome before 5.0.375.127 does not properly handle SVG documents, which allows remote attackers to
    cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown
    vectors.
    CVE-2010-3115
    The text-editing implementation in Google Chrome before 5.0.375.127 does not properly perform casts, which
    has unspecified impact and attack vectors.
    CVE-2010-3116
    Multiple use-after-free vulnerabilities in WebKit, as used in Apple Safari before 4.1.3 and 5.0.x before
    5.0.3 and Google Chrome before 5.0.375.127, allow remote attackers to execute arbitrary code or cause a
    denial of service (application crash) via vectors related to improper handling of MIME types by plug-ins.
    CVE-2010-3119
    Google Chrome before 5.0.375.127 does not properly support the Ruby language, which allows attackers to
    cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown
    vectors.
    CVE-2010-3255
    Google Chrome before 6.0.472.53 does not properly handle counter nodes, which allows remote attackers to
    cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown
    vectors.
    CVE-2010-3257
    Use-after-free vulnerability in WebKit, as used in Apple Safari before 4.1.3 and 5.0.x before 5.0.3 and
    Google Chrome before 6.0.472.53, allows remote attackers to execute arbitrary code or cause a denial of
    service (application crash) via vectors involving element focus.
    CVE-2010-3259
    WebKit, as used in Apple Safari before 4.1.3 and 5.0.x before 5.0.3 and Google Chrome before 6.0.472.53,
    does not properly restrict read access to images derived from CANVAS elements, which allows remote
    attackers to bypass the Same Origin Policy and obtain potentially sensitive image data via a crafted web
    site.
    CVE-2010-3812
    Integer overflow in the Text::wholeText method in dom/Text.cpp in WebKit, as used in Apple Safari before
    5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4; webkitgtk before
    1.2.6; and possibly other products allows remote attackers to execute arbitrary code or cause a denial of
    service (application crash) via vectors involving Text objects.
    CVE-2010-3813
    The WebCore::HTMLLinkElement::process function in WebCore/html/HTMLLinkElement.cpp in WebKit, as used in
    Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4;
    webkitgtk before 1.2.6; and possibly other products does not verify whether DNS prefetching is enabled
    when processing an HTML LINK element, which allows remote attackers to bypass intended access
    restrictions, as demonstrated by an HTML e-mail message that uses a LINK element for X-Confirm-Reading-To
    functionality.
    CVE-2010-4197
    Use-after-free vulnerability in WebKit, as used in Google Chrome before 7.0.517.44, webkitgtk before
    1.2.6, and other products, allows remote attackers to cause a denial of service or possibly have
    unspecified other impact via vectors involving text editing.
    CVE-2010-4198
    WebKit, as used in Google Chrome before 7.0.517.44, webkitgtk before 1.2.6, and other products, does not
    properly handle large text areas, which allows remote attackers to cause a denial of service (memory
    corruption) or possibly have unspecified other impact via a crafted HTML document.
    CVE-2010-4204
    WebKit, as used in Google Chrome before 7.0.517.44, webkitgtk before 1.2.6, and other products, accesses a
    frame object after this object has been destroyed, which allows remote attackers to cause a denial of
    service or possibly have unspecified other impact via unknown vectors.
    CVE-2010-4206
    Array index error in the FEBlend::apply function in WebCore/platform/graphics/filters/FEBlend.cpp in
    WebKit, as used in Google Chrome before 7.0.517.44, webkitgtk before 1.2.6, and other products, allows
    remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted SVG
    document, related to effects in the application of filters.
    CVE-2010-4577
    The CSSParser::parseFontFaceSrc function in WebCore/css/CSSParser.cpp in WebKit, as used in Google Chrome
    before 8.0.552.224, Chrome OS before 8.0.552.343, webkitgtk before 1.2.6, and other products does not
    properly parse Cascading Style Sheets (CSS) token sequences, which allows remote attackers to cause a
    denial of service (out-of-bounds read) via a crafted local font, related to 'Type Confusion.'

Tenable has extracted the preceding description block directly from the MiracleLinux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"https://tsn.miraclelinux.com/en/node/1713");
  script_set_attribute(attribute:"solution", value:
"Update the affected webkitgtk package.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:H/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2010-3119");
  script_set_attribute(attribute:"cvss3_score_source", value:"CVE-2010-1790");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"exploit_framework_core", value:"true");
  script_set_attribute(attribute:"exploited_by_malware", value:"true");
  script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
  script_set_attribute(attribute:"canvas_package", value:"CANVAS");
  script_set_attribute(attribute:"vendor_severity", value:"High");

  script_set_attribute(attribute:"vuln_publication_date", value:"2010/07/28");
  script_set_attribute(attribute:"patch_publication_date", value:"2011/02/15");
  script_set_attribute(attribute:"plugin_publication_date", value:"2026/01/14");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:miracle:linux:webkitgtk");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:miracle:linux:4");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Miracle Linux Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2026 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/MiracleLinux/release", "Host/MiracleLinux/rpm-list", "Host/cpu");

  exit(0);
}


include('rpm2.inc');

if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_product = get_kb_item('installed_os/local/SSH/0/product');
if (isnull(os_product) || 'MIRACLE LINUX' >!< os_product) audit(AUDIT_OS_NOT, 'MIRACLE LINUX');
var os_version = get_kb_item('installed_os/local/SSH/0/version');
if (isnull(os_version)) audit(AUDIT_UNKNOWN_APP_VER, 'MIRACLE LINUX');
if (! preg(pattern:"^4([^0-9]|$)", string:os_version)) audit(AUDIT_OS_NOT, 'MiracleLinux 4.x', 'MIRACLE LINUX ' + os_version);

if (!get_kb_item('Host/MiracleLinux/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);

var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('aarch64' >!< cpu && 'ppc' >!< cpu && 's390' >!< cpu && 'x86_64' >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'MIRACLE LINUX', cpu);

var constraints = [
  {
    'release': '4',
    'pkgs': [
      {'reference':'webkitgtk-1.2.6-2.AXS4', 'cpu':'i686', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'webkitgtk-1.2.6-2.AXS4', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'}
    ]
  }
];

var os_release = get_one_kb_item('installed_os/local/SSH/0/release');
var os_sp = get_one_kb_item('Host/*/minor_release');

var flag = 0;
var reference;
var sp;
var _cpu;
var el_string;
var rpm_spec_vers_cmp;
var epoch;
var allowmaj;
var exists_check;
var cves;
foreach var constraint ( constraints ) {
  # Check that the target release is equal to the affected release
  if (!empty_or_null(constraint['release'])){
    if (constraint['release'] != os_release) continue;
  }
  if (!empty_or_null(constraint['sp'])){
    if (constraint['sp'] != os_sp) continue;
  }
  foreach var pkg ( constraint['pkgs'] ) {
    reference = NULL;
    sp = NULL;
    _cpu = NULL;
    el_string = NULL;
    rpm_spec_vers_cmp = NULL;
    epoch = NULL;
    allowmaj = NULL;
    exists_check = NULL;
    cves = NULL;
    if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];
    if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];
    if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];
    if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];
    if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];
    if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];
    if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];
    if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];
    if (!empty_or_null(pkg['cves'])) cves = pkg['cves'];
    if (reference &&
        ## (no known rpm to check OR known rpm_exists)
        (!exists_check || rpm_exists(rpm:exists_check)) &&
        rpm_check(sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj, cves:cves)) flag++;
  }
}
if (flag)
{
  security_report_v4(
      port       : 0,
      severity   : SECURITY_HOLE,
      extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  var tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'webkitgtk');
}