DATABASE RESOURCES PRICING ABOUT US

{"id": "NEWSTART_CGSL_NS-SA-2019-0033_OPENSSL.NASL", "vendorId": null, "type": "nessus", "bulletinFamily": "scanner", "title": "NewStart CGSL CORE 5.04 / MAIN 5.04 : openssl Multiple Vulnerabilities (NS-SA-2019-0033)", "description": "The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has openssl packages installed that are affected by multiple vulnerabilities:\n\n - OpenSSL 1.0.2 (starting from version 1.0.2b) introduced an error state mechanism. The intent was that if a fatal error occurred during a handshake then OpenSSL would move into the error state and would immediately fail if you attempted to continue the handshake. This works as designed for the explicit handshake functions (SSL_do_handshake(), SSL_accept() and SSL_connect()), however due to a bug it does not work correctly if SSL_read() or SSL_write() is called directly. In that scenario, if the handshake fails then a fatal error will be returned in the initial function call. If SSL_read()/SSL_write() is subsequently called by the application for the same SSL object then it will succeed and the data is passed without being decrypted/encrypted directly from the SSL/TLS record layer. In order to exploit this issue an application bug would have to be present that resulted in a call to SSL_read()/SSL_write() being issued after having already received a fatal error. OpenSSL version 1.0.2b-1.0.2m are affected. Fixed in OpenSSL 1.0.2n. OpenSSL 1.1.0 is not affected. (CVE-2017-3737)\n\n - There is an overflow bug in the AVX2 Montgomery multiplication procedure used in exponentiation with 1024-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH1024 are considered just feasible, because most of the work necessary to deduce information about a private key may be performed offline. The amount of resources required for such an attack would be significant. However, for an attack on TLS to be meaningful, the server would have to share the DH1024 private key among multiple clients, which is no longer an option since CVE-2016-0701. This only affects processors that support the AVX2 but not ADX extensions like Intel Haswell (4th generation).\n Note: The impact from this issue is similar to CVE-2017-3736, CVE-2017-3732 and CVE-2015-3193. OpenSSL version 1.0.2-1.0.2m and 1.1.0-1.1.0g are affected.\n Fixed in OpenSSL 1.0.2n. Due to the low severity of this issue we are not issuing a new release of OpenSSL 1.1.0 at this time. The fix will be included in OpenSSL 1.1.0h when it becomes available. The fix is also available in commit e502cc86d in the OpenSSL git repository.\n (CVE-2017-3738)\n\n - There is a carry propagating bug in the x86_64 Montgomery squaring procedure in OpenSSL before 1.0.2m and 1.1.0 before 1.1.0g. No EC algorithms are affected.\n Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH are considered just feasible (although very difficult) because most of the work necessary to deduce information about a private key may be performed offline. The amount of resources required for such an attack would be very significant and likely only accessible to a limited number of attackers. An attacker would additionally need online access to an unpatched system using the target private key in a scenario with persistent DH parameters and a private key that is shared between multiple clients. This only affects processors that support the BMI1, BMI2 and ADX extensions like Intel Broadwell (5th generation) and later or AMD Ryzen. (CVE-2017-3736)\n\n - OpenSSL 0.9.7 before 0.9.7l and 0.9.8 before 0.9.8d allows remote attackers to cause a denial of service (infinite loop and memory consumption) via malformed ASN.1 structures that trigger an improperly handled error condition. (CVE-2006-2937)\n\n - OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions allows attackers to cause a denial of service (CPU consumption) via parasitic public keys with large (1) public exponent or (2) public modulus values in X.509 certificates that require extra time to process when using RSA signature verification.\n (CVE-2006-2940)\n\n - Buffer overflow in the SSL_get_shared_ciphers function in OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions has unspecified impact and remote attack vectors involving a long list of ciphers.\n (CVE-2006-3738)\n\n - OpenSSL before 0.9.7, 0.9.7 before 0.9.7k, and 0.9.8 before 0.9.8c, when using an RSA key with exponent 3, removes PKCS-1 padding before generating a hash, which allows remote attackers to forge a PKCS #1 v1.5 signature that is signed by that RSA key and prevents OpenSSL from correctly verifying X.509 and other certificates that use PKCS #1. (CVE-2006-4339)\n\n - The get_server_hello function in the SSLv2 client code in OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions allows remote servers to cause a denial of service (client crash) via unknown vectors that trigger a null pointer dereference. (CVE-2006-4343)\n\n - The BN_from_montgomery function in crypto/bn/bn_mont.c in OpenSSL 0.9.8e and earlier does not properly perform Montgomery multiplication, which might allow local users to conduct a side-channel attack and retrieve RSA private keys. (CVE-2007-3108)\n\n - Off-by-one error in the DTLS implementation in OpenSSL 0.9.8 before 0.9.8f allows remote attackers to execute arbitrary code via unspecified vectors. (CVE-2007-4995)\n\n - Off-by-one error in the SSL_get_shared_ciphers function in OpenSSL 0.9.7 up to 0.9.7l, and 0.9.8 up to 0.9.8f, might allow remote attackers to execute arbitrary code via a crafted packet that triggers a one-byte buffer underflow. NOTE: this issue was introduced as a result of a fix for CVE-2006-3738. As of 20071012, it is unknown whether code execution is possible.\n (CVE-2007-5135)\n\n - Double free vulnerability in OpenSSL 0.9.8f and 0.9.8g, when the TLS server name extensions are enabled, allows remote attackers to cause a denial of service (crash) via a malformed Client Hello packet. NOTE: some of these details are obtained from third party information.\n (CVE-2008-0891)\n\n - OpenSSL 0.9.8f and 0.9.8g allows remote attackers to cause a denial of service (crash) via a TLS handshake that omits the Server Key Exchange message and uses particular cipher suites, which triggers a NULL pointer dereference. (CVE-2008-1672)\n\n - The dtls1_buffer_record function in ssl/d1_pkt.c in OpenSSL 0.9.8k and earlier 0.9.8 versions allows remote attackers to cause a denial of service (memory consumption) via a large series of future epoch DTLS records that are buffered in a queue, aka DTLS record buffer limitation bug. (CVE-2009-1377)\n\n - Multiple memory leaks in the dtls1_process_out_of_seq_message function in ssl/d1_both.c in OpenSSL 0.9.8k and earlier 0.9.8 versions allow remote attackers to cause a denial of service (memory consumption) via DTLS records that (1) are duplicates or (2) have sequence numbers much greater than current sequence numbers, aka DTLS fragment handling memory leak. (CVE-2009-1378)\n\n - Use-after-free vulnerability in the dtls1_retrieve_buffered_fragment function in ssl/d1_both.c in OpenSSL 1.0.0 Beta 2 allows remote attackers to cause a denial of service (openssl s_client crash) and possibly have unspecified other impact via a DTLS packet, as demonstrated by a packet from a server that uses a crafted server certificate. (CVE-2009-1379)\n\n - The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post- renegotiation context, related to a plaintext injection attack, aka the Project Mogul issue.\n (CVE-2009-3555)\n\n - Memory leak in the zlib_stateful_finish function in crypto/comp/c_zlib.c in OpenSSL 0.9.8l and earlier and 1.0.0 Beta through Beta 4 allows remote attackers to cause a denial of service (memory consumption) via vectors that trigger incorrect calls to the CRYPTO_cleanup_all_ex_data function, as demonstrated by use of SSLv3 and PHP with the Apache HTTP Server, a related issue to CVE-2008-1678. (CVE-2009-4355)\n\n - The Cryptographic Message Syntax (CMS) implementation in crypto/cms/cms_asn1.c in OpenSSL before 0.9.8o and 1.x before 1.0.0a does not properly handle structures that contain OriginatorInfo, which allows context-dependent attackers to modify invalid memory locations or conduct double-free attacks, and possibly execute arbitrary code, via unspecified vectors. (CVE-2010-0742)\n\n - RSA verification recovery in the EVP_PKEY_verify_recover function in OpenSSL 1.x before 1.0.0a, as used by pkeyutl and possibly other applications, returns uninitialized memory upon failure, which might allow context-dependent attackers to bypass intended key requirements or obtain sensitive information via unspecified vectors. NOTE: some of these details are obtained from third party information. (CVE-2010-1633)\n\n - Multiple race conditions in ssl/t1_lib.c in OpenSSL 0.9.8f through 0.9.8o, 1.0.0, and 1.0.0a, when multi- threading and internal caching are enabled on a TLS server, might allow remote attackers to execute arbitrary code via client data that triggers a heap- based buffer overflow, related to (1) the TLS server name extension and (2) elliptic curve cryptography.\n (CVE-2010-3864)\n\n - OpenSSL before 0.9.8q, and 1.0.x before 1.0.0c, when SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG is enabled, does not properly prevent modification of the ciphersuite in the session cache, which allows remote attackers to force the downgrade to an unintended cipher via vectors involving sniffing network traffic to discover a session identifier. (CVE-2010-4180)\n\n - ssl/t1_lib.c in OpenSSL 0.9.8h through 0.9.8q and 1.0.0 through 1.0.0c allows remote attackers to cause a denial of service (crash), and possibly obtain sensitive information in applications that use OpenSSL, via a malformed ClientHello handshake message that triggers an out-of-bounds memory access, aka OCSP stapling vulnerability. (CVE-2011-0014)\n\n - crypto/x509/x509_vfy.c in OpenSSL 1.0.x before 1.0.0e does not initialize certain structure members, which makes it easier for remote attackers to bypass CRL validation by using a nextUpdate value corresponding to a time in the past. (CVE-2011-3207)\n\n - OpenSSL 0.9.8s and 1.0.0f does not properly support DTLS applications, which allows remote attackers to cause a denial of service (crash) via unspecified vectors related to an out-of-bounds read. NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-4108. (CVE-2012-0050)\n\n - The asn1_d2i_read_bio function in crypto/asn1/a_d2i_fp.c in OpenSSL before 0.9.8v, 1.0.0 before 1.0.0i, and 1.0.1 before 1.0.1a does not properly interpret integer data, which allows remote attackers to conduct buffer overflow attacks, and cause a denial of service (memory corruption) or possibly have unspecified other impact, via crafted DER data, as demonstrated by an X.509 certificate or an RSA public key. (CVE-2012-2110)\n\n - The ssl3_take_mac function in ssl/s3_both.c in OpenSSL 1.0.1 before 1.0.1f allows remote TLS servers to cause a denial of service (NULL pointer dereference and application crash) via a crafted Next Protocol Negotiation record in a TLS handshake. (CVE-2013-4353)\n\n - The ssl_get_algorithm2 function in ssl/s3_lib.c in OpenSSL before 1.0.2 obtains a certain version number from an incorrect data structure, which allows remote attackers to cause a denial of service (daemon crash) via crafted traffic from a TLS 1.2 client.\n (CVE-2013-6449)\n\n - The DTLS retransmission implementation in OpenSSL 1.0.0 before 1.0.0l and 1.0.1 before 1.0.1f does not properly maintain data structures for digest and encryption contexts, which might allow man-in-the-middle attackers to trigger the use of a different context and cause a denial of service (application crash) by interfering with packet delivery, related to ssl/d1_both.c and ssl/t1_enc.c. (CVE-2013-6450)\n\n - An information disclosure flaw was found in the way OpenSSL handled TLS and DTLS Heartbeat Extension packets. A malicious TLS or DTLS client or server could send a specially crafted TLS or DTLS Heartbeat packet to disclose a limited portion of memory per request from a connected client or server. Note that the disclosed portions of memory could potentially include sensitive information such as private keys. (CVE-2014-0160)\n\n - A flaw was found in the way SSL 3.0 handled padding bytes when decrypting messages encrypted using block ciphers in cipher block chaining (CBC) mode. This flaw allows a man-in-the-middle (MITM) attacker to decrypt a selected byte of a cipher text in as few as 256 tries if they are able to force a victim application to repeatedly send the same data over newly created SSL 3.0 connections. (CVE-2014-3566)\n\n - A flaw was found in the way the DES/3DES cipher was used as part of the TLS/SSL protocol. A man-in-the-middle attacker could use this flaw to recover some plaintext data by capturing large amounts of encrypted traffic between TLS/SSL server and client if the communication used a DES/3DES based ciphersuite. (CVE-2016-2183)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "published": "2019-08-12T00:00:00", "modified": "2022-05-19T00:00:00", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cvss2": {"cvssV2": {"version": "2.0", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "NONE", "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "baseScore": 10.0}, "severity": "HIGH", "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}, "cvss3": {"cvssV3": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH"}, "exploitabilityScore": 3.9, "impactScore": 3.6}, "href": "https://www.tenable.com/plugins/nessus/127201", "reporter": "This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6449", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2110", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3737", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6450", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3555", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1633", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2183", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4353", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0160", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0891", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4995", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1378", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3108", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3864", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3738", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4180", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3207", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0014", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4339", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5135", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0742", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0050", "http://security.gd-linux.com/notice/NS-SA-2019-0033", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4355", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1377", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1379", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1672", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3736", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940"], "cvelist": ["CVE-2006-2937", "CVE-2006-2940", "CVE-2006-3738", "CVE-2006-4339", "CVE-2006-4343", "CVE-2007-3108", "CVE-2007-4995", "CVE-2007-5135", "CVE-2008-0891", "CVE-2008-1672", "CVE-2008-1678", "CVE-2009-1377", "CVE-2009-1378", "CVE-2009-1379", "CVE-2009-3555", "CVE-2009-4355", "CVE-2010-0742", "CVE-2010-1633", "CVE-2010-3864", "CVE-2010-4180", "CVE-2011-0014", "CVE-2011-3207", "CVE-2011-4108", "CVE-2012-0050", "CVE-2012-2110", "CVE-2013-4353", "CVE-2013-6449", "CVE-2013-6450", "CVE-2014-0160", "CVE-2014-3566", "CVE-2015-3193", "CVE-2016-0701", "CVE-2016-2183", "CVE-2017-3732", "CVE-2017-3736", "CVE-2017-3737", "CVE-2017-3738"], "immutableFields": [], "lastseen": "2023-01-11T15:23:59", "viewCount": 10, "enchantments": {"dependencies": {"references": [{"type": "aix", "idList": ["JAVA_FEB2015_ADVISORY.ASC", "JAVA_JAN2017_ADVISORY.ASC", "JAVA_OCT2014_ADVISORY.ASC", "NETTCP_ADVISORY.ASC", "OPENSSL_ADVISORY11.ASC", "OPENSSL_ADVISORY21.ASC", "OPENSSL_ADVISORY25.ASC", "OPENSSL_ADVISORY3.ASC", "OPENSSL_ADVISORY4.ASC", "OPENSSL_ADVISORY6.ASC"]}, {"type": "altlinux", "idList": ["1AE3F028B45AFBA1000C345913245540", "B7D1FE39355177AD5293458DFFC43DC1"]}, {"type": "amazon", "idList": ["ALAS-2011-004", "ALAS-2012-038", "ALAS-2012-072", "ALAS-2012-073", "ALAS-2014-273", "ALAS-2014-320", "ALAS-2014-426", "ALAS-2014-429", "ALAS-2015-471", "ALAS-2015-472", "ALAS-2015-480", "ALAS-2016-755", "ALAS-2017-791", "ALAS-2017-797", "ALAS-2018-1016", "ALAS2-2018-1004"]}, {"type": "apple", "idList": ["APPLE:B767E2D26FA517686D44D7106CA489EB", "APPLE:HT207268"]}, {"type": "archlinux", "idList": ["ASA-201410-6", "ASA-201412-18", "ASA-201501-14", "ASA-201501-15", "ASA-201501-16", "ASA-201501-18", "ASA-201501-19", "ASA-201501-20", "ASA-201512-2", "ASA-201601-32", "ASA-201601-33", "ASA-201609-23", "ASA-201609-24", "ASA-201701-36", "ASA-201701-37", "ASA-201711-14", "ASA-201711-15", "ASA-201712-11", "ASA-201712-9", "ASA-201804-2", "ASA-201804-6"]}, {"type": "atlassian", "idList": ["ATLASSIAN:JRACLOUD-38927", "ATLASSIAN:JRASERVER-38927"]}, {"type": "attackerkb", "idList": ["AKB:38A528B1-7F68-45C8-911E-1D3F8DC5EDB4", "AKB:6840D66E-0E62-484F-9172-6FC67F905258", "AKB:7E88FA13-5594-41E0-B57C-734E78ACDD62", "AKB:9AB03E2E-596C-490F-8DCB-1A41D344A5AD", "AKB:D165638B-97C5-4C99-BFA0-70576DB52324"]}, {"type": "avleonov", "idList": ["AVLEONOV:B5CA8049524C96A911991EE8ADF24F64"]}, {"type": "centos", "idList": ["CESA-2006:0661", "CESA-2006:0661-01", "CESA-2006:0695", "CESA-2006:0695-01", "CESA-2007:0813", "CESA-2007:0813-01", "CESA-2007:0964", "CESA-2007:1003", "CESA-2009:1075", "CESA-2009:1335", "CESA-2009:1579", "CESA-2009:1580", "CESA-2010:0054", "CESA-2010:0162", "CESA-2010:0163", "CESA-2010:0164", "CESA-2010:0165", "CESA-2010:0166", "CESA-2010:0167", "CESA-2010:0339", "CESA-2010:0768", "CESA-2010:0977", "CESA-2010:0978", "CESA-2012:0059", "CESA-2012:0060", "CESA-2012:0518", "CESA-2014:0015", "CESA-2014:0376", "CESA-2014:1652", "CESA-2014:1653", "CESA-2014:1948", "CESA-2015:0067", "CESA-2015:0068", "CESA-2015:0069", "CESA-2015:0085", "CESA-2016:1940", "CESA-2017:0180", "CESA-2017:0269", "CESA-2018:0998", "CESA-2018:2123"]}, {"type": "cert", "idList": ["VU:120541", "VU:247744", "VU:257823", "VU:386964", "VU:423396", "VU:520586", "VU:547300", "VU:577193", "VU:661475", "VU:720951", "VU:724968", "VU:737740", "VU:845620"]}, {"type": "checkpoint_advisories", "idList": ["CPAI-2006-123", "CPAI-2008-014", "CPAI-2009-0308", "CPAI-2010-020", "CPAI-2010-354", "CPAI-2014-1066", "CPAI-2014-1083", "CPAI-2014-1170", "CPAI-2014-1173", "CPAI-2014-1336", "CPAI-2014-1909", "CPAI-2014-1927", "CPAI-2014-2415", "CPAI-2016-0822", "SBP-2009-23"]}, {"type": "checkpoint_security", "idList": ["CPS:SK100173", "CPS:SK102673", "CPS:SK102989", "CPS:SK103683", "CPS:SK105062", "CPS:SK32088", "CPS:SK32188", "CPS:SK32230", "CPS:SK33695", "CPS:SK33701", "CPS:SK33702", "CPS:SK33771", "CPS:SK35708", "CPS:SK71821"]}, {"type": "cisa_kev", "idList": ["CISA-KEV-CVE-2014-0160"]}, {"type": "cisco", "idList": ["CISCO-SA-20060905-CVE-2007-5810", "CISCO-SA-20091105-CVE-2009-3555", "CISCO-SA-20091109-TLS", "CISCO-SA-20140408-CVE-2014-0160", "CISCO-SA-20140409-ASA", "CISCO-SA-20140409-HEARTBLEED", "CISCO-SA-20140430-MXP", "CISCO-SA-20140430-TCTE", "CISCO-SA-20141015-POODLE", "CISCO-SA-20141211-CVE-2014-8730", "CISCO-SA-20151204-OPENSSL", "CISCO-SA-20160129-OPENSSL", "CISCO-SA-20160927-OPENSSL", "CISCO-SA-20170130-OPENSSL"]}, {"type": "citrix", "idList": ["CTX140605", "CTX200238", "CTX216642"]}, {"type": "cloudfoundry", "idList": ["CFOUNDRY:387B2BBB51760E1FFD4562D4008446F7", "CFOUNDRY:51A1D2F1D196381CC46CAE44EB5F5940", "CFOUNDRY:5C300E479531E65B86D1CE2C330F61A9", "CFOUNDRY:9243E8457D02CBA7A3505CB1E0E03739", "CFOUNDRY:927660022E9A31CE680A6AE3AFF33997", "CFOUNDRY:ACE3C7E4A01EEFAC1C8D47279076DC77"]}, {"type": "cve", "idList": ["CVE-2006-2937", "CVE-2006-2938", "CVE-2006-2940", "CVE-2006-3738", "CVE-2006-4339", "CVE-2006-4340", "CVE-2006-4343", "CVE-2006-4408", "CVE-2006-4790", "CVE-2006-5179", "CVE-2006-5484", "CVE-2006-7140", "CVE-2007-3108", "CVE-2007-4995", "CVE-2007-5135", "CVE-2008-0891", "CVE-2008-1672", "CVE-2008-1678", "CVE-2008-7270", "CVE-2009-1377", "CVE-2009-1378", "CVE-2009-1379", "CVE-2009-3555", "CVE-2009-3936", "CVE-2009-4355", "CVE-2010-0742", "CVE-2010-1633", "CVE-2010-3864", "CVE-2010-4180", "CVE-2011-0014", "CVE-2011-3207", "CVE-2011-4108", "CVE-2012-0050", "CVE-2012-0390", "CVE-2012-2110", "CVE-2012-2131", "CVE-2013-4353", "CVE-2013-6449", "CVE-2013-6450", "CVE-2014-0160", "CVE-2014-0346", "CVE-2014-0964", "CVE-2014-2601", "CVE-2014-3566", "CVE-2014-8730", "CVE-2015-2774", "CVE-2015-3193", "CVE-2015-3642", "CVE-2015-4078", "CVE-2015-5537", "CVE-2016-0701", "CVE-2016-2183", "CVE-2017-15896", "CVE-2017-3732", "CVE-2017-3736", "CVE-2017-3737", "CVE-2017-3738", "CVE-2021-4160"]}, {"type": "debian", "idList": ["DEBIAN:BSA-060:0BDFE", "DEBIAN:DLA-157-1:370F5", "DEBIAN:DLA-282-1:F03D5", "DEBIAN:DLA-400-1:76CCE", "DEBIAN:DLA-637-1:F8314", "DEBIAN:DLA-81-1:C60A9", "DEBIAN:DSA-1173-1:8498F", "DEBIAN:DSA-1174-1:77B2E", "DEBIAN:DSA-1185-1:2C57C", "DEBIAN:DSA-1185-2:4AF37", "DEBIAN:DSA-1195-1:12A42", "DEBIAN:DSA-1195-1:C6A33", "DEBIAN:DSA-1379-1:9887D", "DEBIAN:DSA-1379-1:DC268", "DEBIAN:DSA-1379-2:1563C", "DEBIAN:DSA-1379-2:61285", "DEBIAN:DSA-1571-1:611C4", "DEBIAN:DSA-1888-1:9C570", "DEBIAN:DSA-1934-1:46132", "DEBIAN:DSA-1934-1:699DB", "DEBIAN:DSA-1970-1:9C793", "DEBIAN:DSA-1970-1:F15BE", "DEBIAN:DSA-2125-1:26495", "DEBIAN:DSA-2125-1:4BD9E", "DEBIAN:DSA-2141-1:1F9CB", "DEBIAN:DSA-2141-1:49345", "DEBIAN:DSA-2141-1:4DDA2", "DEBIAN:DSA-2141-1:7D2D7", "DEBIAN:DSA-2141-2:2C2CF", "DEBIAN:DSA-2141-2:D493B", "DEBIAN:DSA-2141-4:01EC7", "DEBIAN:DSA-2141-4:2215A", "DEBIAN:DSA-2161-2:41E9C", "DEBIAN:DSA-2162-1:98AFD", "DEBIAN:DSA-2390-1:7F77A", "DEBIAN:DSA-2392-1:5DB15", "DEBIAN:DSA-2454-1:93836", "DEBIAN:DSA-2454-2:7B396", "DEBIAN:DSA-2626-1:B9AE9", "DEBIAN:DSA-2833-1:2F675", "DEBIAN:DSA-2837-1:B2C11", "DEBIAN:DSA-2896-1:7AEC1", "DEBIAN:DSA-2896-1:B52FE", "DEBIAN:DSA-2896-2:26053", "DEBIAN:DSA-2896-2:FEB91", "DEBIAN:DSA-3053-1:A743E", "DEBIAN:DSA-3144-1:1ABE5", "DEBIAN:DSA-3147-1:2E393", "DEBIAN:DSA-3253-1:0C444", "DEBIAN:DSA-3489-1:1F09B", "DEBIAN:DSA-3489-1:3D620", "DEBIAN:DSA-3673-1:477A4", "DEBIAN:DSA-4017-1:88D36", "DEBIAN:DSA-4017-1:AEF53", "DEBIAN:DSA-4018-1:01441", "DEBIAN:DSA-4018-1:DD3DF", "DEBIAN:DSA-4065-1:A75E5", "DEBIAN:DSA-4157-1:5A16B", "DEBIAN:DSA-4157-1:D7BEA"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2006-2937", "DEBIANCVE:CVE-2006-2940", "DEBIANCVE:CVE-2006-3738", "DEBIANCVE:CVE-2006-4339", "DEBIANCVE:CVE-2006-4340", "DEBIANCVE:CVE-2006-4343", "DEBIANCVE:CVE-2007-3108", "DEBIANCVE:CVE-2007-4995", "DEBIANCVE:CVE-2007-5135", "DEBIANCVE:CVE-2008-0891", "DEBIANCVE:CVE-2008-1672", "DEBIANCVE:CVE-2008-1678", "DEBIANCVE:CVE-2008-7270", "DEBIANCVE:CVE-2009-1377", "DEBIANCVE:CVE-2009-1378", "DEBIANCVE:CVE-2009-1379", "DEBIANCVE:CVE-2009-3555", "DEBIANCVE:CVE-2009-4355", "DEBIANCVE:CVE-2010-0742", "DEBIANCVE:CVE-2010-1633", "DEBIANCVE:CVE-2010-3864", "DEBIANCVE:CVE-2010-4180", "DEBIANCVE:CVE-2011-0014", "DEBIANCVE:CVE-2011-3207", "DEBIANCVE:CVE-2011-4108", "DEBIANCVE:CVE-2012-0050", "DEBIANCVE:CVE-2012-0390", "DEBIANCVE:CVE-2012-2110", "DEBIANCVE:CVE-2012-2131", "DEBIANCVE:CVE-2013-4353", "DEBIANCVE:CVE-2013-6449", "DEBIANCVE:CVE-2013-6450", "DEBIANCVE:CVE-2014-0160", "DEBIANCVE:CVE-2014-3566", "DEBIANCVE:CVE-2015-2774", "DEBIANCVE:CVE-2015-3193", "DEBIANCVE:CVE-2016-0701", "DEBIANCVE:CVE-2017-15896", "DEBIANCVE:CVE-2017-3732", "DEBIANCVE:CVE-2017-3736", "DEBIANCVE:CVE-2017-3737", "DEBIANCVE:CVE-2017-3738", "DEBIANCVE:CVE-2021-4160"]}, {"type": "exploitdb", "idList": ["EDB-ID:10579", "EDB-ID:18756", "EDB-ID:32745", "EDB-ID:32764", "EDB-ID:32998", "EDB-ID:4773", "EDB-ID:8720", "EDB-ID:8873"]}, {"type": "exploitpack", "idList": ["EXPLOITPACK:034D322B9C4D058098E22E5788CDA9A0", "EXPLOITPACK:069C31B8DD5A351921E96252215466D8", "EXPLOITPACK:1020403320036D688D074B47660E9F50", "EXPLOITPACK:2D0FC1C1F2F124951BBCC7BB430D23D1", "EXPLOITPACK:596E856FF8E5B47CBB4EE985B0B99685", "EXPLOITPACK:7E23ECB6ACB9195DA6326D4A18279A6B", "EXPLOITPACK:85DFC07A21CE638C0F80271A05CBC86C", "EXPLOITPACK:8B4E7E8DAE5A13C8250C6C33307CD66C", "EXPLOITPACK:B68BB9381148CAC1A9824EB84CA5D160", "EXPLOITPACK:BBA53240047E43646B744C9628FA5EFD", "EXPLOITPACK:E5ADFE523AF247AA238C3E63EF7B0A8F"]}, {"type": "f5", "idList": ["F5:K10065173", "F5:K10534046", "F5:K10737", "F5:K12543", "F5:K12566", "F5:K12853", "F5:K13167034", "F5:K14363514", "F5:K15158", "F5:K15159", "F5:K15318", "F5:K15359", "F5:K15702", "F5:K15882", "F5:K17248", "F5:K17454", "F5:K18364001", "F5:K30184101", "F5:K30714460", "F5:K34681653", "F5:K43452233", "F5:K44512851", "F5:K64009378", "F5:K6623", "F5:K6734", "F5:K8106", "F5:K8108", "F5:K8837", "F5:K93959105", "SOL10737", "SOL12543", "SOL12566", "SOL12853", "SOL13167034", "SOL15147", "SOL15158", "SOL15159", "SOL15180", "SOL15318", "SOL15350", "SOL15355", "SOL15359", "SOL15366", "SOL15388", "SOL15405", "SOL15417", "SOL15702", "SOL15882", "SOL16285", "SOL17248", "SOL17454", "SOL22071504", "SOL30714460", "SOL64009378", "SOL6623", "SOL6734", "SOL8106", "SOL8108", "SOL8837", "SOL90542710"]}, {"type": "fedora", "idList": ["FEDORA:0309060CF36E", "FEDORA:051C71116F9", "FEDORA:071841106DB", "FEDORA:0890F224F5", "FEDORA:09491110673", "FEDORA:0C0C510F85F", "FEDORA:0C15321D97", "FEDORA:0FD0F10F8DA", "FEDORA:0FE8860E4374", "FEDORA:113372305B", "FEDORA:13EED60DC938", "FEDORA:144BA1104EC", "FEDORA:176C3219DB", "FEDORA:1B80628EDC8", "FEDORA:1BCBD6087EFA", "FEDORA:2098021F25", "FEDORA:2DDF56087EFC", "FEDORA:30C4560E4589", "FEDORA:30C4A60C450A", "FEDORA:31EE01AD0FF", "FEDORA:340B120DED", "FEDORA:361B46048FC9", "FEDORA:37F8D10F892", "FEDORA:381402161C", "FEDORA:38DF511115F", "FEDORA:391F521A28", "FEDORA:3AA44605DCD5", "FEDORA:3BA3010F892", "FEDORA:3ED26601CEE3", "FEDORA:40D44605DFE4", "FEDORA:4227660CA765", "FEDORA:4329260E587A", "FEDORA:4413E6087D61", "FEDORA:4467B60E6CE0", "FEDORA:45EA7605A34A", "FEDORA:4853B37D0F", "FEDORA:4C4E710F878", "FEDORA:4C502110FE5", "FEDORA:4EF2660E458B", "FEDORA:4F615218BE", "FEDORA:50E7D60F2C0C", "FEDORA:5429A1108EB", "FEDORA:5502F10F89D", "FEDORA:561B260CE121", "FEDORA:564D5110A27", "FEDORA:568C0605A286", "FEDORA:58A826087D72", "FEDORA:58E1828ED7E", "FEDORA:59B0310F861", "FEDORA:5CD8320BD3", "FEDORA:611D110F917", "FEDORA:61A8C10FC13", "FEDORA:679F221C24", "FEDORA:6A214110D58", "FEDORA:6B3FC110D28", "FEDORA:6CE3D20E51", "FEDORA:6D641613A08A", "FEDORA:6DE61110C21", "FEDORA:6EB0220FFA", "FEDORA:706B621DA0", "FEDORA:776A61D72B0", "FEDORA:7B6DA60CB977", "FEDORA:7C53320C61", "FEDORA:7DB7E10F8B0", "FEDORA:7EA761108D8", "FEDORA:817C710F8A2", "FEDORA:8385C29043", "FEDORA:8559B21FC8", "FEDORA:89AF1217C1", "FEDORA:8A43D110815", "FEDORA:8D2D811080B", "FEDORA:8ED3020FF6", "FEDORA:90F2B2192D", "FEDORA:9278321934", "FEDORA:955A2608A1F0", "FEDORA:98315602F10D", "FEDORA:997B660D68A4", "FEDORA:9DFF1E720F", "FEDORA:A271421BA0", "FEDORA:A4305225F0", "FEDORA:A89A021670", "FEDORA:A8CDA60E1392", "FEDORA:AA6CF2159C", "FEDORA:AB2DD6067A04", "FEDORA:ABDD7608A209", "FEDORA:AC832604E903", "FEDORA:AD9B611063F", "FEDORA:AEECE6075DBF", "FEDORA:B1D43608A1FC", "FEDORA:B31D6110781", "FEDORA:B758360EE970", "FEDORA:B803860875BB", "FEDORA:BA663110F8E", "FEDORA:BA97628855", "FEDORA:BBBCA110998", "FEDORA:C277D20308", "FEDORA:C411B20546", "FEDORA:C42A8110D0A", "FEDORA:C4392608A4B4", "FEDORA:C7B0010F8AD", "FEDORA:C8F7F110906", "FEDORA:C9F3119737F", "FEDORA:CA803208421", "FEDORA:CA868607A1CD", "FEDORA:CBD0920588", "FEDORA:CF2EC6087E4E", "FEDORA:D241A60EFAEF", "FEDORA:D3A711119A1", "FEDORA:D404110F950", "FEDORA:D560A20FC7", "FEDORA:D9C0A2139E", "FEDORA:DB226111816", "FEDORA:DBB0F21109", "FEDORA:DDD696087CE5", "FEDORA:DEA206060997", "FEDORA:E042E10F89C", "FEDORA:E36CC10FA25", "FEDORA:E3F6C10FD89", "FEDORA:E523360D8734", "FEDORA:E67696087B8D", "FEDORA:E880C1107B8", "FEDORA:EABE2110DCF", "FEDORA:ED7C56087EF2", "FEDORA:EDD1B2141A", "FEDORA:F1AD728EDBF", "FEDORA:F38FB60CBEE0", "FEDORA:L76HVKWG014544", "FEDORA:L7DLNCJX011059", "FEDORA:L9FK5UIB022989", "FEDORA:L9I2PTVZ007013", "FEDORA:M4V2DWYQ023924"]}, {"type": "fortinet", "idList": ["FG-IR-14-011", "FG-IR-14-031", "FG-IR-15-023", "FG-IR-16-012", "FG-IR-16-048", "FG-IR-17-019", "FG-IR-17-137", "FG-IR-17-173"]}, {"type": "freebsd", "idList": ["03175E62-5494-11E4-9CC1-BC5FF4FB5E7B", "03532A19-D68E-11E6-9171-14DAE9D210B8", "077C2DCA-8F9A-11DB-AB33-000E0C2E438A", "0DAD9114-60CC-11E4-9E84-0022156E8794", "0F37D765-C5D4-11DB-9F82-000E0C2E438A", "1AAAA5C6-804D-11EC-8BE6-D4C9EF517024", "1FE734BF-4A06-11DB-B48D-00508D6A62DF", "2AE114DE-C064-11E1-B5E0-000C299B62E1", "2ECB7B20-D97E-11E0-B2E2-00215C6A37BB", "3042C33A-F237-11DF-9D02-0018FE623F2B", "3679FD10-C5D1-11E5-B85F-0018FE623F2B", "384FC0B2-0144-11E5-8FDA-002590263BF5", "3BB451FC-DB64-11E7-AC58-B499BAEBFEAF", "43EAA656-80BC-11E6-BF52-B499BAEBFEAF", "4C8D1D72-9B38-11E5-AECE-D050996490D0", "5631AE98-BE9E-11E3-B5E3-C80AA9043978", "5AAA257E-772D-11E3-A65A-3C970E169BC2", "5C5F19CE-43AF-11E1-89B4-001EC9578670", "7184F92E-8BB8-11E1-8D7B-003067B2972C", "76C7A0F5-5928-11E4-ADC7-001999F8D30B", "78CC8A46-3E56-11E1-89B4-001EC9578670", "82B55DF8-4D5A-11DE-8811-0030843D3802", "9442A811-DAB3-11E7-B5AF-A4BADB2F4699", "9CCFEE39-3C3B-11DF-9EDC-000F20797EDE", "9F7A0F39-DDC0-11E7-B5AF-A4BADB2F4699", "A8EC4DB7-A398-11E5-85E9-14DAE9D210B8", "B7CFF5A9-31CC-11E8-8F07-B499BAEBFEAF", "BEA84A7A-E0C9-11E7-B4F3-11BAA0C2DF21", "C97D7A37-2233-11DF-96DD-001B2134EF46", "D455708A-E3D3-11E6-9940-B499BAEBFEAF", "F40F07AA-C00F-11E7-AC58-B499BAEBFEAF"]}, {"type": "freebsd_advisory", "idList": ["FREEBSD_ADVISORY:FREEBSD-SA-06:19.OPENSSL", "FREEBSD_ADVISORY:FREEBSD-SA-06:23.OPENSSL", "FREEBSD_ADVISORY:FREEBSD-SA-07:08.OPENSSL", "FREEBSD_ADVISORY:FREEBSD-SA-09:15.SSL", "FREEBSD_ADVISORY:FREEBSD-SA-10:10.OPENSSL", "FREEBSD_ADVISORY:FREEBSD-SA-12:01.OPENSSL", "FREEBSD_ADVISORY:FREEBSD-SA-14:03.OPENSSL", "FREEBSD_ADVISORY:FREEBSD-SA-14:06.OPENSSL", "FREEBSD_ADVISORY:FREEBSD-SA-14:23.OPENSSL", "FREEBSD_ADVISORY:FREEBSD-SA-17:02.OPENSSL", "FREEBSD_ADVISORY:FREEBSD-SA-17:11.OPENSSL", "FREEBSD_ADVISORY:FREEBSD-SA-17:12.OPENSSL"]}, {"type": "gentoo", "idList": ["GLSA-200609-05", "GLSA-200610-06", "GLSA-200610-11", "GLSA-200612-11", "GLSA-200710-06", "GLSA-200710-30", "GLSA-200806-08", "GLSA-200807-06", "GLSA-200912-01", "GLSA-201006-18", "GLSA-201110-01", "GLSA-201110-05", "GLSA-201203-12", "GLSA-201203-22", "GLSA-201206-18", "GLSA-201301-01", "GLSA-201309-15", "GLSA-201311-13", "GLSA-201312-03", "GLSA-201402-25", "GLSA-201404-07", "GLSA-201406-32", "GLSA-201408-19", "GLSA-201411-10", "GLSA-201412-11", "GLSA-201412-39", "GLSA-201507-14", "GLSA-201601-05", "GLSA-201606-11", "GLSA-201612-16", "GLSA-201701-65", "GLSA-201702-07", "GLSA-201707-01", "GLSA-201712-03", "GLSA-201802-04"]}, {"type": "githubexploit", "idList": ["ECC3E825-EE29-59D3-BE28-1B30DB15940E"]}, {"type": "hackerone", "idList": ["H1:113288", "H1:1271701", "H1:128169", "H1:199436", "H1:199438", "H1:199445", "H1:207404", "H1:207457", "H1:216271", "H1:217431", "H1:288966", "H1:318594", "H1:32570", "H1:44294", "H1:49139", "H1:514421", "H1:5617", "H1:6475", "H1:6626"]}, {"type": "hp", "idList": ["HP:C04262495", "HP:C04262670", "HP:C04272043", "HP:C04720842"]}, {"type": "huawei", "idList": ["HUAWEI-SA-20140417-HEARTBLEED", "HUAWEI-SA-20141215-01-POODLE", "HUAWEI-SA-20170322-01-OPENSSL", "HUAWEI-SA-20170503-01-OPENSSL"]}, {"type": "ibm", "idList": ["002FDF1996A1F8AE22AB4EDA4016102371CF4507D9043BDF345F9697E8F43C02", "007E4732B5C858D68314FCBC681F238D11A80EC2685E0C320CE28F1D80CB4ECA", "00C392F80C93B9FD9D5E530029FDB643360FA8C14DBEEED32C8359B1CA0E28A9", "01545BBBB6B56A1AC3585E8A2BF8E87AD6E3B38925ACB3EDBB6DE4177CC56BBF", "015CED4DD111438880FFDB361B30E09A12892E262FEEA8F7178F7A49BBE7D4D2", "017198847549473B2F1109F9F4CE4C76950F186E9BE5A4FEADE9746A60AB9F69", "01762D3D37BB3ABAD72EAC79AB7F0CA81B4020CA550D2307B9B7977B86D63326", "04538659F2D47E517CB506D258BBD837F111577F7C1EAE6B24A915799A34897D", "045DF1202D179679EADDD7C7D4DC1332D8A557CA511775BC45FC7FCC4AD803E8", "04EED2117E1687EB241C7ABC5CB11968429DE85CA86DBFFC8AA9194D5653A8C9", "059BFBBD8CB8F92E03748427F677CBE26E890BA80C56429CEEE0842DFE7AAD52", "068E4774F9835C8E080EE324144DDF1D362B4CFF31E92E6F3B859DDEBD2C9E8C", "06C07D32B3694B9428DF66A58E914A3888518AA422ACA9C0FBE65C7D07FCACCA", "06FAF3AD79C8BAC8455C602C3F4C354C0CD9450DE060FB4D831ED000993782B4", "072EBEFE4EF574F4A87AC95BEA1237C43CF6D39DDD94C6BD9B965A322BB8CD15", "0751573D2E98D41D9FD5C53D769B2CC3007CDAB9443F2AB513D613437AF611AC", "07A7B6460487838EA6D909CF7053D5F8655D2911E06DDDDB16F801ECCC972111", "08F8D0B7EA0AFEA0B537D3C92CCA1CD2F37543CEE5C0324C3983B1853DEAA757", "09C0C603EECE682CFFD6D5C27B3EAA66D128B79E9D89A33E4AF2314E9BF9995F", "0A91F383EDB1A5476BA5F4BEFA4711A204F55592E531D145D7CB3D16EE4972D7", "0AB5A9CCDFB8C604D4ADAAA64BE06DEC4E17E1D4FDDE56566BA83011AF4C59A2", "0BB0F39865741AB9E1AFB9CA3C5508F7FB9BEACECB805F04C6C6B336AA66617E", "0BFFC8DA3D20D61485D3B937CF8B08468DB94C6B523B29DE9871511B28C3EEAE", "0C1A8A8F899BAD393CEAEFB362E8BA638024D8C0B7B920D545CE843E1DAA23DC", "0CB9447A86F4E057E6BCCE438A998B8AC6A17C94584F25C62A55D07D5D528CE3", "0CE9B36358C9687E7112577EA1304074A68EA6DD5359A3F6615F7BA94A6B8E7D", "0D7A334726D7F8214BDF965C6B0ED351221CB7A9A083042878EB2C3CB193A50A", "0DCB9190AD49CA4A44EED134393F472D4D903648111D70599B707F22E81A5F5B", "0E703A42B01F9DF3E0FEC04EEA4F7733F5A313C86865501C0F8A79378E425C34", "0EDBD09066818302150073FA499E426B9E1E957BDBE65933BB41C32EAC61E483", "0EE17D440C828A2F1F3F9C3FDE6036B28E45371AB043D8D00888155801644813", "0F03B5C9C2D06211B67D6937AD3D6F685DB8B1759561725DCC766A603D57FE2E", "0F4490A26A7A5960275AF6437143D350A19CD931C617E64E2575EA3E557FDA61", "0F66A0EBF2BB354FEE49365A0BFF63BC3375F7D75B03AEC0D3A10E90CC949472", "0F73246124CA58D05064BB5D07082DCA6F2A1D48630CAAC82BCFFB4A71F45CA7", "11452E38010E945A0FE01EFC4554F3798D8F99A1582985B386C674085821DFEE", "11A86E6641297DAF1F727CB55B1F67C48A1B3D5E2E1EF8DAADBD7B84B7DAA777", "124BC5B239FE67EC0AE43A8E0F0918B0BA544E977E72754946EBD146C916D64C", "142CC78D456D60E4C1854BC0E93F8802FF4122A7CF6BFD85E457671E02B96A45", "1552258BC602B501CB144C17FE55DEC12CEDE82B9F4351E9E4F47BE8C7003BA9", "159D15015A041EA5EFA6FE85663F44A48D3FD8F7BFC0631512B9DEB34EB3436A", "17334E2B2E377127A3DB9D8D2B3D751E05E47C0A957D29E8C9C6DB01E922B894", "17C5F79C4C7AA38B0382C6A83D3B5EB17A334C042A875A99DDFEE93B8FCB82B0", "185CA7A92837C359609A198BF638BED42D46EC58A2CC11C01C5142B98CF7B593", "191ED0FC710CC29D37F2021F055C5B6E215B0D429C955179B8D16255149183CC", "19836CFD4B17D54261C87EA5080CE00A6A0B8431CD9312140526446DBADCF9AE", "19FAFF710B3E3738F8567DADBCF7C6BE9748A2C12CD349CA0B858BA9A26AB606", "1AA4689F61391429998123661409491C7FFF90C591FBB12E8BE2CA2BE514C7C6", "1BFF63EB8AF39056E08427B06D34E43B32E43FBCC74FB2A85F32E708984FD60F", "1C7571B870C8E0F53BD1021F740C140F42C5E17DC0CF9E67A9EA518C91C58FE9", "1CC7A3B18C6A6840C27A5AD471020D77EDB5E679DE0DE0349AD85905B0A529BC", "1DC0A9C6D3EFE4EEA571DAAA9286B8F974D5ECF8F3BAAA188781D697B6DC2546", "1EBC77DA43FD0C2AC1B3FBFCD06096623AB926F98B7AC6367589E5222F2115BC", "1F6B81AB154A80A146411D1C6D8DE37C9365C325F08662BCDC13FC95E852E7BE", "23F4B88FE854F6472AF6E49BDCFC4F4C04A4941FED4D1CBE852D4468308A73E7", "2571018C4333BB3F6C19EC9F2B6BB5326A2BDD39E6D8AFC796E89DE41BBABC6B", "25A108BB00669C6AFB7F493C12E44D6EEF88BF241A2EA038F40197F15B5975F3", "2614071BF8D5B0482694D82BE1651280FCE95089D3BF507FE1CD1ED3591D2446", "26CE7C1AAFA750AEA550E154567083BB107029164FBC8A538FD7AE568423A32C", "27B62FE6F75F2FDC77F417B2E4F70DB2ACC8E40CF9E9E25340B88A272207CE07", "286F906018056591F4A9027FC1AD845C489369D42499BEA30D89978EDA680EBE", "28F09F928D8A64947630E0341FDF6E6F1981E04939D0DE4237070C2BDEC2DDA7", "2B1433F19093121457472DA5DF5E52AE542DBD8F435969C34F49B9AE9E8A2D1C", "2BB93AE1C7A3B73A6491F3A66D7F39AEF96849CFFB0026B650053C816A375F8C", "2DF4487CB3C4D7660AFDC280F9C0E84F0C2D6C5F4A2207259A023074EA35AD70", "2E9BC1AFBA9F34E20E313BA5B8B5B6C1AEEC0E8F6EC0B353125AA17460789A62", "2E9D4568B743B9BD75F8462B4F4198F10C55ACF509C02151171249327D3AA277", "2F4353DF684AD6726CB9491220A703D4AD06D4406D7B35BEBCB2D4EE11863E10", "2F7ADE520928E45BDECE0F1C3D8E8E07F934DF3F69918FC4829075AF2364237F", "301B538BBFC46479C631567610002A3C90A71686F341C9C711106324BEB1487D", "3048CBA7FDCF53E63595104F24F428E3014DB1EE5B3AE7E450E0E0C06E5736BB", "306F0F5B9EBAA5A123DBEA7D5C32E94515078239AFA1D40465B7275E07FFDD37", "308A05F5B1028A741D58EC30AC13C7A0A2B660380B87E8811177772F0014DA1B", "309C257881EC1B262C362A51A26ED2456552A2DE0687635F17746EA2BB9A63D6", "30CD66983833C710FEBDBB86E620F78B1353E7BF41B44CC7EBCBE9581842BA01", "30CE29210480BEEC2EB282BC15979827A9D22FD02B9CEC9C7CA1BFF2E6B78BD1", "30F31D61B76815116E40D478A4FF3D7F4375DE5C3DE9AF0D9789BB84723A1B12", "328EA4EC6B75924B9BAF1379828755E57421F5DD51277D579C2833A7289B6F85", "32C5F3A427C23B34350EBCA676883F18871AA834AA2E92920588454B1810F4E9", "340A46633C57BC64A513C7574F7A78D6AB2EB22FC581AFEB2E64A95AF1A94932", "34AB6D6D15816E142F80D91517900A17DDA91DDBA48EE54CE98D3BB991F889F6", "356FE57EA65A13321D1E838C9735B06928F0572E0C6AB0955DE122FCE0F71789", "35CEED27807DC1F06172146BBF8FEE7FFB0F2AF8AE15F30DAC2EB519801637DC", "35E8926C22ED4C3243C1B5C02680DD61921D50FF6BE976433A3D51EB64E6BBB8", "3646DAD163BA0A8E0A9E8DF2F16916F37F637C31CF558A434D42601D980745CD", "374411ADB66A6B6C60B3EE4DE9977ADF2AE7482BB4DDC9927957858BCCD39B02", "380CCDF94F63E9411CB17899AD61C96C46F6EEF9CF6D334DF2C4AC51A8FD2C67", "38458D3770070EAF0DF6F2EB778DE85F403B99890EB0B69F4B9333DB4492B9FB", "388EFD8B007684B48001D31307078170D5DBF01AEACBC98F2CB6247B827493F8", "38CCAB39CAFB6C2CE3724A92B67DF0EB31883A90C9A3CCC11561802DAE51A944", "3918C76EC7F53EFDF9D130FFCD6246ECA57AF2056C25E6C5539574FCFF5D00AA", "3950A1BC0426AE4D016159E4D2CAF54A8DB5C777E8AD57B2F2EABA89B5BA76DB", "3996F61A39895C8BF5DB89481CC4F649E2B90762965374C8A32E5395AE4CF526", "399718E68B1AC921F1F63310793CB30CE98BCB15C409BBB99985FB5BE97A027F", "39C9A1E43EB70658FE71D01538582B5D0389F6360A624E0B8B800D6692A15BC0", "3B9F6F5E9D79A8020104EEF5D0CC94C720D4533CBD170B94B66F7CFE87D9D97F", "3C34CA137D675C01FA30FF52E4840DE4F8835BDD73CFE7BE14C18869DE46A7B2", "3C86E9E9B80CE61FF34A70463FC2C9E86F96058B677B896D64601306CA1E6DE0", "3C938721A719BA4ABEFA84E7FF59F5BBFF5017EFC3984C6529565D42F73E68EA", "3D6246498CACCFF52D92DB28CC2A02DAA7ACB4972B156DE4B6CB298BFF2A769E", "3D737E91C4B3785D05EA6B518DF81A98A3D897F7446C9E2969F3A9E22A7F3BF4", "3DF4EFFCBD4398CD9D2C6995C59DEC9020B7665B1A75D2B23F0CFA94C34BBB8A", "3E23DDB4C3380B39D8666C5A0FD0663030F353603F83DC0E19F7843AA57B7A26", "3E3AF8AC7BA63076BEE8FFB670B3A3F27E0903C83526E54496E50EB2DF74B875", "3F517C6EB3F580D15A8688927C2FEDE369F340156A939E9A19A6F6469765380E", "3F620340060D88E0720BA249D5F4ACA92F27A7CB779A70DE86567AF5830BFFEE", "3F69F1D0D10816FD8495E0C83E350D2B9E6780C77327A103789FDAA73BA20599", "3FDC0101985ADD7D5774F255D78C573813EE11684088944BAF72283AB319514E", "40E960C4B69B3BC0992DCA14B0685310C0D6431B403E0338B65A7084D0D82E69", "411DE209066A00259E38D292C22264C2EDA3B961B523920D589433F42FB534BC", "41A2B080355DFAE7EADFECB4D5D6C7105784D83B969140D731128E3E9EDA0757", "42B553A5257DBCE0553E09359217D9B58850595C4F83DD12BEB3762A7D09FF2D", "42CD8D3219EBB2F9262228248E591AEF8A347AA1D644C8C78B1E5CF0F08F3525", "42DE03BFB60C7C03EC762C5A65E3D234775F9BF3F573DA84DD08CF37B63769A5", "4337F9AE4A5A2285A37D88E12A5DAC941D106D987FD93F7005C756BEB07720F5", "437063148C0599A3C3F1CECB075FB83EAFC46606410F01E39088624674767E08", "4459DBA28293AF1403AD407A733C16E72E17FD084713F91EEC73324E8EF214FD", "4532C7DA73DC2406AD4939A367B9E0C64E210793FA8F9E24679585A36617A133", "45A3D9451D9A042B4B823F72CB8D2728FECCB3D99F3D358EB95D984F7675F955", "4600571F6CE1CC296F684423035AFED51CBAFA3DBC1C24C76426526C65C05901", "470FB53E20DCF01D3FF4FB7251C5868A5D215FF7480131C88B1F5C06E159D01A", "47991D9067F3E8EA600E55446199432814A0D6200FFC38923B70F21CE2691318", "47EA320BD697B3B3A010CEFFA26D721AAEFB370CE3B13E7AFAD938F617DCA5F0", "4809400533FD6C30023AE955C69A543142E0C7DF76FF919FD4AE1E2A5EE20F64", "4829928E4C7715561CB19AF103394931A0114E34E269A614FDFFC77D2F61D9C7", "4A2C5224A5D45C6378C117215B6377F5D1277DE19E121950C3A6023758C715BC", "4A325EAEADE0B2570B74B5CC599F3C1975F694E5A8FF485F9EF08D83AF509833", "4A5BA6F806D70D220D317E2FD1565C67DD9D79F0CCCC6F2EE1DF9D7FEAB9A24F", "4B7EBAB09AB01A6A2993819DB2589A79B0751770B2E5A63287320AA02BEF3420", "4BD0DFC4EA5C8F35DAE1CAB11062FBDF5B950423CAC42536F2727916ED8065D5", "4C98F5463E3FBB67682E7F864F699DD4A99514832D6E44999F6672401F35C8B0", "4D46555CC0823FE00CE69BB661E3C164ECC9C67FF1657E99090AA350CB0CD0FB", "4D5E32921B9FDA0BABDB9FC856CA2C16B6015205472E4B5A027576A1AC49A0F6", "4D77034014EA28691F31F1A1AD3A78E0638E8CE056EBC57C6A804415C796E31B", "4DCD65078718A8D516F2EEE878B45FE5D131D6C4D4010E935F3E6A750A6D9BB3", "4E0EFF0D013B3FFE7E5660259848A887BD9155BA19EF19DA0730D3AB081E99C4", "4E170B8FD5682769ED75972FAE0552F568BCBFC890B02D2B0B3E378720026C6B", "4E2827C7B66E5750B0EA21231A352254C3192453528CBEDD0F4F230B934557F2", "4E6C1EBA661D25285AF0C9F31E6EA09A55FE027BFFDE55BD865350A689CF283E", "4E95B5EB959CBE5490B90287812FD445A690A3158E83D37882EADCE4A7BCD44F", "4EA215B3645DDAC4FD37F8734C45AA03E711B96215D9E5BD79734DA548CB9D4D", "4EF982C974766057C7B93AEAB363E572E77E92BC1EDE757D6871ACBFAED6158D", "5007847C128F9E3D31BFC95E261F4152F6B9DD1551B91A8CBFE6C1F12E8909A7", "517ED6B46A2D3B0E04DDB4B6B9CD4302B2390BD38C3C1127A87B5CADA67CA8DF", "523E603F9CB6DAA625DE97BC3524132F098EBC21A31108A9EFFCA3DA83C39A19", "5276D07236F09D5D4E1A38B4E304BC335E677F2639AAB1A09809E9794F9A17E1", "527B5E90CAB7DAC1C518A59BF77CDE34841C309262297FB18D36716B2A007A6D", "52BFEC965C91FFF9EB67268FE505ABA82DAD2FDA3420E0AE67F8478C590BB2EA", "53CE956F3CE348727C882EA932D60E2D4C329F872D27271C7562AA5A6027B697", "552CCD91DA9A5C1B6B08BED8115E70317A59E9D05C357D2E72183BB05B7E0CE8", "55916A93299C26CEFD57EAC9B4B44B5429F1C0F2F4BD066FC478F53F694F6BE0", "55CEBB9E20A58983B23E3C229BF737495693CC60EFC2B16F3EF9E573880A87C2", "55DACA18AFE52B9657ED6763ECD6310E15A2B6AF470F5EA9C7BA6E971FD15B5B", "55F8F21346EDEA63D23DEC5EBB44C524EAAD84D3EF679B21A46A79265F3AEF5D", "55FA67BCBAA6733CED0D492F89AF1B40789BC45C04CD857041D7C44A7C56ED1E", "5641564DE1A4B9249AC0EED2F265EE204961C428F093EC99321D93DA0AA23C3E", "56571F8D8AC469663A4379BD08C051690C597896DF1DC536B036CD0426D8412D", "5711509DD871227FC9F7CD530DA0E06F21DDA1D522E7B1C76AC95D3AD5F6BC07", "5747FAAC4DB997450DF1E4A3CFD060AD69BFCD4B26D50DD3A841B69D1DA33433", "57AD0C0FC8A00BEEF6E1F3C8A1E152181FB65DFF630150E0DA7D2BBD63A52DB2", "57CBD94F97013E208754F9AF764D3D11B1DD38D12A2436EA761D2BBFEB325C9A", "581C275093B683BB779DBFE1995D5CE6F40E4DDF3105B319DBB43DD3270F0131", "583215B42F049307CBBCA8930CB40F87016DA7B011EFC8B5B01AB18DCA1B1F3E", "58C9C23A20C5D55610ECFF1953DA7C91CDE42118EE0F8DBDBF1D696C4A948D37", "58E3C1C2679E08843B1DDFB050BD05651CBE0B5711398A1A5BB83E98D5839C8A", "591E98996DBAEC8DA2E30D3261AADF9BF750C358714362A5B9B9F30A1AC23AB8", "5A3DA932C26F9CF8D17B19C1875F653A0891006E087F0D4CB859C81D0D875725", "5A5125564C5E6100B8631DC69D64BB29F15CFE14C3E6A31A6DF6AD6E3808314A", "5A8825AD62C7A9668D229174BBF47E909FDDC63BC31C38BE196932E629C1F298", "5B0D973A3FED1AF2D6DC61C906D27DFB052F1D42B4263EA8695D5ECC3E5F9F09", "5B41DEBCF5F49169640E9C46254A5581FA9E8066E153CFC073F7BCB78C863D65", "5B4C19B2CA9D2714AEF1546FC810D709406148AD04288568A5EFCF5FDEF9B2D5", "5B64BCE3EE0E68F7C1E61B0134954FDB115D5AD76AD549C8F967018D7BA777A6", "5B8DB5501CBFC5531660077D652EC3653D10336551B5D40917AE357AD7F4FB93", "5C7923D63FE9E28C3232FA5E48C042DF1DAAEFFA269010E68C9B0664FF539864", "5D0CC6456D2278646647F1A4FEFECEB673F2B5D1F99FBBC5755735CEF5AA6268", "5EB502607883E6A042D2D4DC60A0E2A2ACAB576C3EB0BB62E9770B79899F0725", "5EEF79A5DC151FBAC5D5E48B9BE47FAA1CF6798A1667C8D02D50EC663EBF4FB4", "5F372B6F223ABF2FD142C3E3D01925FD31F6969DB13DA5F9B4220059E5854A64", "61017E9A33F2AF48C2143A4F8C20339857CDCE271B93772622C33DFBADFDEC1E", "6266ACC74295FF2D138A1AAB20D50CCD4E8EC9EE7F50E0E59B801F06DD3FB722", "6390A51C827FA9826D05D6F22A5DB62BFFC9752CF836C6B898D5F5BEA5C44130", "63D38F71582A2FD4A2EB4EEBBD8E93ECFB4B3FA1A98D545F9F3D9A6E747E0174", "63DAED287E5E589CB66DEE42D6AD62CBADA57BF5A22C757E4A6252674CC1D266", "64718A406CCFAE5D2AF591487FDFB0A189E939DF11D8C72E30AAF07C12098478", "650A9A77211F69137BAC17D5E4298C2133FCCDC13927C805DB7059805C98DEEA", "654F3603785F612FCB89C4655C367EC60F72994A083FCDAAF1A7F63C68137F21", "66015684C1166B9AFC7A09E01337D5D9FE20EF8B62A13053D95EA5EAE5B3DB9B", "661038D02866F33EB6B87BA93B6392F175A00BE95B7EEE223493C4967AEE22D5", "67EAB74129C18C510D45A8BE4796FB10CA7307ED79A3F5B643D86F3CC71C8995", "690D239C58B9390FCF645AFD52B371B51B1030E1E9C92B0826778C4F0564517B", "691A7F683AC2496D21C51C44AD02D677C2E591E44FCEE5B5CB44D3527127C663", "6A663A681263595D2882F213BE03BB05AA8F62FFCCF602AF57E6778E2E499DB8", "6AC3D160EBC9B7B2A7A56866F588F05DBD295AB4AE46EB1CD3A574DC726F9423", "6BD8E3DAEA6988B5ECFA9DE1BCC8F44BBFD4AC94E0B6BAB1B72FAC68AE3397B2", "6C0F44079202A6A29F40AF9312C9BF35D7AB32AC9A43F7E92F1C25DAD4A35A55", "6C107A2A52C3CB8C7043BF560ADFEC6B0BE2520229D91A88B3B29AD9C90B1F84", "6C7AB1012C7AEA493F61B3F3AE6FBBA52E283C9CF0A9AF85B280B9CA9D04A3EC", "6CDA9CBBD4E668C70A53BD4F7D7CDE00CF73C49E1D8C5300C858682BFBB02BCB", "6D1266D7512253D04698EC2DEB85B8BF906B1F2E64F7EABD217D462B19E8EBEC", "6D2739CB5EEAA7A3A1C71DE6B8DA41787C1350B34294A49002DC1ACAF827BCB8", "6DB274E6F7EB4D6F538135EC07CF4443980A5C2FC8C1652E16833E39D5F430D2", "6DFC02A34D3BB730D9CBA6C97A8D3284FFD1FB8F5F3DD7D9B65FE6CA089C2006", "6EE1809EEC7F8E899D29A5D629693347DEF4BE3A98140451F3CFB1F6F3D44734", "6F924CE97EAF01A558CD93CA2DE0592B84A0D2E46A023162677BE3BBE85AE3DC", "70D598FB0EC5B16C61F969E93550D01E02981B6F45DF9C62FFECF6A39D205317", "70D8566E5246B3550B562DC69BD9E44914B7C5D0DCD3C21264DA9CD5683C56E6", "72EF00C4B35D9599E1A58E00685282A8A55FD82A122F9FA814B19FB08B691740", "73AC0A21A1C1C6C3987AD6559B838B31C02E7FC2112C00D32E18ABA3B130AC8F", "7560D437DD0C0AD308430AD43B3F94576F228230126D44A08B79DFF991CA82E0", "76415522829E96D2199B1D5D63817545B42CAE7C008B9902D48D11CAEE020C66", "765EE754DDB2AFC25A4F81B453619E8DE782835F4B2ACED4DF8CE43B5D4C10B8", "774447A42E7584CA310C1D881A1B9F22575B31868A10B3206AEFDCC52F166509", "775B57CB49BD54DD08F0B362C9B1350CE27111393E547386D47B85F4B30A09B9", "779938A97DD75A10751E55A3B6E010476A868FD02B431E3A808A6AA73C5B9B18", "77FA959464E77CD2D3FEC090679425661D222D831CF3B1C6F715597D8077C55E", "78B5CDD949B0594AC0F181656CB6536E0B075D4B064576C915C9BFAF10028314", "7996A5B21090888A5E92985E9AA52C1DFFD5B468A73A1B32557A0A11DFBE0724", "79C9308A38227EABEE316B0407CBC46021561F829AEBF9659F93085D4FC63547", "79D11DDE94D9454365E3AA1412CDBD1A1B8D034E0320882C3AEA0F3D08C2ADD1", "79D43D17D2A976B2C3047912D4E3D7E3AD0E022693AF7355F8D1FB356A1EBD7E", "7A2D893F2FE7F77348033ABAB887687C87DB87D5D3A49EEC764B9B3146F2E94A", "7A811732B34C1BAA3F2209EA69EE01FCACF762E53C22EAE8A8FB7A45B4E7164D", "7AD451AFF17F2B4F6EB9CD3090185A0E80620336B204FFA21179DB7F339B9F8F", "7BB3B13ED998CBA6BA07BEEC944B8CFF6DAC92CCEF1D7F6E64E9E8CF3D77AA15", "7BD03C97D3450FEAE4EB4F8F33140691B9F85B4915C83AFD5212FE881A12ADDA", "7C26356586DAA6B4E139C967C18B932D1A22571BB403D6733844A6FF84BCFD1B", "7C32536CCC3AE2FC652286763B1CD20B210BA17E5CCD8D853CF310C392518CB3", "7C371350C79C6F7596054D8B19A4BAAD069A8ADE699FB847B44E70E03F3D6988", "7C630DEEF9C025461097DE30AF143B45E948D8E848AEF027D365F38629529B0E", "7CF53FE09C7D25161BFAD59060E2F4269BC90C0B892337805721A0FE0A9BDA22", "7D0E5A7E08D2A1C445DDBAF53CAC0637D270176243B7EF28DE13FA0114E07937", "7DB2321060F037EED9642AAB07924E717FAF7A026E4DD0160E61F5300D06D17C", "7DB6C2CA09E028522186834F9FCB09956130E6491477AC7C87B5AF5DEB923EC2", "7DB6C62E3DC8D14093067BD5875A863A8CE74E7D3D322F6342A9C74138ECF9B1", "7E0744D5936EDC5F018B0850D801B665D388060D6A81B986BC7AD81C9A78C0EE", "7E4E851053AF5C2BFADF66AC8494971BF986538EB9E1BEE4C5D8B83D2DB1BBB0", "7FE72ED4C858FD4F010CC95764D03AAC86CD4C73FE6C4B388FE981C9E76DD0F6", "809E4CF694B5B95B122BBA4091FD01DB408F612E91FB12D54920A9623768E6BA", "80C91CA022F79ACDEA0423AEF5701D511D848F98F4A10883EBD87E5B940F4449", "80CBA97D4C339564CDD3571C5AAD9B39B1141264FBCE736F56AFF8266EA88A1B", "80CE5AE28CB63EA9C59DCD3341ADFAF9A6896143362A5AFED51EA3A67C5B5A29", "814968E8DA38BD4EDC807F81466A9CB916F361B3980B9334A6F6CBDE0DD07FFC", "818D64FAB138724C60F014197EF2ABD600F61BDB47F446BB8AEED6AE2402076B", "8215E02FB88590F4B93468E9B3C6A2785DF30F06545A788005F8AA267BB66470", "8325E2E8632F22E10CD653162D8EFC2BD56BD809EC2298B08EF585D287E1CFA8", "84136D96DA7036EE5B9C3BE96A193173114E760A0B04831983D99C82317AF481", "843A643E29100FE80A1F85E4177BC532FD3AAA0F456EED8DC57146873CD867A7", "8451DCEAC7362310C8EAA923574AFEAD09CA58D139A870AE0ED1E3D11764573B", "853CEBE4F06FD3A5C0463E8330A070AE32FCC86552F66DF27BFA39F37FB08C35", "8566BD5ED9DDE4A30397E9B8DB1B50B3904BFF15F087A9F1B8F47F9C8E60E4FA", "8575D8248B9DA38940B8C0CCB82D1E07AFCED1CC97BE2C46A21CC51F08DEC7BC", "858AE0814B0606CAAD401114471EC230976E8E9BB8C23DEF159F31D3F5DBB1CE", "858FB8E97369CD4DDF4CD784282A9BBA036EEA4C10CBA1596C7F829494127C80", "85A5E5E5D0EA9EC5EEAE24FCB0F1DA68DC3900D8FF5F2B93C2E587EB0973AC71", "85C244F40F078C64D61F63F2C6CB1A6851B539CC7B4530BE8884CFAD733EEA2C", "85D99759D6DDD213709202E4F55212241CF73C31554DD57FB2F87409A7B0DFE1", "8759A08F8DCE05EB5B0136A785BCAFCDBFE613A7D435C0FA20FDB4424A7CAC70", "87B26C2B63AF8A971A79B4CB2207EC51AF74A57FD839002466AFD594F7918F65", "880C8CCFEF3637D915CD2A945EAB6F29F1CFADA9041654A93101F51058EC852E", "88434B8A216FA4E9A7EDA68EE4211C8B663C7638A841826D77EA59C924786031", "88AB81EF4773044E57A4B0519932B93A44584B2D567DE41B65A3D966948BD2BB", "896307A4DE5A8A307511C17A3D7E04F8D4CB2D14EA0FBA42C535CB5B4F0A58D5", "899EB53FF6D7EF5FCBB2C9D9531FFAF9D68313191F09BD0D43CD9D8F32F900AB", "89DB701FDA8D57E716DB17DC1D2B06DF3EA63347FFD5556F145651826A5D4927", "89FB1F6DCB93BD46FCFDD81C133FAF99D78B130334B30CD3B4040684BCED2BBD", "8A3C4FBF20635DD01A5B58269ABD76FF6451A13FCBB437C76C92D2484A5C9ECA", "8A400BB6A99E8B90EEAFDEAC498275CFF269AF50ED449DD7602246B8F3C6CA90", "8A4B8F016E20BE062D275D1D7DA531E398846FA5F653F9077E943F8758AD58E1", "8B152CDC9A53DF1C3A7E1D3C9E764839F5ED8E125E207AE55304C80E5625D456", "8C13A93038AC136772B2598C633467116BF44538BBB507D836B65485D5AA47D7", "8C189A4A1E730005F1F6728800F9EEB4D76D43743AEC3B91CE47044F6F13EBE4", "8DC736DE56FAB6587FE3F3374A135C46A0E7ED405164BCFB17F0C06DF2FA350A", "8EB2C9E7DB5013AD05B30490E2989C17EE64FBE9B0024B1E76805B1F1B95B816", "8F73A6D9460746098942CDD034332E627DD5C59C903F65333D90F95100657ED8", "8FC32FF825E7F34FFF1E058937771363F25EA13D9ABB207F7C96ACB9C5EF7010", "9214CE38F1DD3B6CCA3C0A0D3903A565EF865C916F6409B27D0CB5862470E985", "93AB36DA337BD0948599C903BE961AACA714BA542798E8A1A52B5604155A59E7", "94848C16029BFBFBE812A2B6CFCEE6411F037DEBD2A6C55A94A29047D7DE9759", "94B0133D91DD1AAA87A9EB1F82E658000D52DE57AFAFF6E711787FF54BEEB5D7", "9565FEEA0E13F1CACE459E1DD36D5E9CAB4712E2148193C52D850073C5948478", "972701C7DC1452FBCF01B7BFE4A7289076C9DC38C28E80665321248205EAAF12", "9765CC2CD4E8CF43C86EE7859F7012EB2A38E6A4A80E55865CD6E4E883D3188A", "97CF77A702900BA77E968389309024695F5A4B413BCB706E68F012C99DB07821", "9872D764206750F6FD9C7F555D6B4C23926B755B4AE368CDD8485546CDEBC462", "98C2299E82C81E1CC3EFB8629E8262393014376C64F3F09018090397A1EA00AE", "98FBC29C8A3721BDF3BD24351FB4EDFE39F3D687293733385EB60C6187F38E27", "996F645DC3B49CC7398E4C90C384D03751E395B6523F4594A6FC7F1B1941A5FA", "9ACD7329FC1F831F1AB2B7D915AB63D8F111A7045260F93F9D9FAD2B89A76E99", "9B0ACFF452374706F764D4FEC5E66F5BE1222C2B9DE832C586470B864A90F392", "9B29E95933D7FC3EBCF270BA84DE60106B20376EEAFD5D4DF4DCD949178CB0AB", "9B3FAF8E25D910B37ECDE9CDDF654F23BFDC8BF7D845184A2769393D46FD9EC9", "9C1D1FE90E2F187821C270EFC3B5F3A57AF88428D8DB76F072CD050048739C9F", "9C49B3B910ACAB3C030BC5586AFC34DCFAEE7EC64D7D8447E2AADA6C76053457", "9C5F005EDD59DDF4AA35915A18110FC11CB940EB2C453CB3DC3843CD28254682", "9C6F1EFD064B98941F8B42A32A91BAB15206AC55CF09BF3BAAA5925A1B9B55C9", "9CC05BC9AAF90AC9A35EC7A7CEE6806A4960FEA9D45AFD554B0BCC73294A38C3", "9CCEB90B89301ED91DF7A501EF3103FD54D3AD611D342CF6E4B19E5105E84E35", "9CF7AFC641D593C078C001F6D73228861A95BD08ECC59A04A92C63E668ABAD78", "9D892AD714895E9B8DA3E59547784D03B32EADD3AC421AB0003E3191C1AE27AD", "9ED43BB4CDEE5996AFFBB8BE301CBD62289B8BB9EA59070D1212F4A49D97E29F", "9F7403E8AEF30FAFBBEDCAA947D855EF987E8FD49503FA56BAF29681570597A0", "9FFD672388E3FD39EB2F7A51F8EA5C6593FD9BB5CBCF7E347F42124D11DA676C", "A13CD0434706AFE250A0195612E2504B6A23E6C6A50F2939677B3EA7AE5AFBFA", "A4167E89DAF98623836F64826EDC7413C8B06B29A2E76A886419750438EAEA04", "A41DD61CB741B6A4172AD3E7F0BE5B692C5DC2F9AAF2A501BDAED1C866852504", "A44A90E9B04B7C4B380EB943FF6ACFF64C74315668BA56172EFC9734F78EDAF5", "A53AB047D484B7CEFC288D2B4D810DAC537F3F75E6129B90A28D4BE9DA746C2D", "A705ABA01501A0DDCFF1162FE781B0D25BF0C629089E6B8446A0E7763A1A12C1", "A7D9F0241BE2D9397AAE8F1DD88653C257DBC2B8DC7B78A8F90BC6A60F559255", "A7E7A98C18A437DD59F5F1F10B7CE5B2BFBACAE3F6E564B5B4F9B2226C989CA5", "A940972EE8C6FDFEAA789156E684C0D5729686CEDFD51FCF6C875BE8FF25FBF6", "A965468AD7FD6E0FC84AAD8198928B8ABF25FC38D0638161A79D59279C9E678D", "A9B346426D7E045BF1AFCAA04855729B0A1174B2DAF2F97666408FD0C01D4B12", "A9CFDC9D4807EDD132C8A5C5CC10D1E0ED146D4064FDA44CF9F4A843B35576CC", "AAF98EDCD77216F7619EAA87B2183E6B8FD3629316B74220F9C3C826D5B93C05", "AB91AC52CDF597E93AF79DE0C8F08E926367250FBDE0DB3DAF33556D0061634A", "ABF8825C48969D423E885B7CCB57BDB86E27F87DD082837A7884ABA77320FDB1", "ACBD736D76ABF0AB3623E036AC6BC47E42139A1220680E700F18BF7798E7CC86", "ACF676405BBB5AE27485D9F48AD72AC6E8FE2D60EE0D4B0D45374459BCE07DA3", "AD24DE9115423BB2CB3853497E4C1DA1D8E55916F0CE3AEE3253F8DF8FFFE439", "AD89222617F895F6A68483970725D63E3E250AD136E5FC669CD376901654FE99", "AED3A66493C3939E184C67E808AAD3B5C01A31398E8573966247517E35DC5A65", "AF1A2AFC7CB48695F42467DC6626570D2A7797795C71348461D189D6DA28509A", "AF9FD56EA5BF3F5BCB57F75A6AE54511504240DA00654FA57F2B5BA41E8F0751", "B0549540072FC1BB0D803052330E32E656605B46C7EDC1BE259FE2273831E00B", "B0A606101370774E5FB3E4409A17D910B4B5997971AC7B7045727379D355B696", "B1C96325B356B6322CE436FE75F350F9005DF2C5631508657564896656251B8B", "B2B869E92E2C0B24C8D4ECF615EFC9ECCD16AE763051DCDFC50A28156E3A511F", "B36A668C28C4D760F6B565A18CA1708BA647B0486720FF7FEE833AC59F8D4800", "B49C4446E6FB71C3C0944852AB81096006AD85BA0DF0C93938657176A22CBD9E", "B4C324A6FD8EF22AF23E006EF9A141FD3EBA5B12341EF67665F1428E1D1AA71F", "B57836C680E5C7DF0307525BE8C7E45EFC17A6866B818F9F01947138A8ED9F8B", "B5FF3A0A4BEBE5C4947ADA43EB1B39C0645EF9ABEBE4A315AFFAEB9638C6CB41", "B6E330D558AEA3A63E5B06D47046243959B8C2B20BA7866AAE3FA6E59F30BEB1", "B7F4D2883D13C31A6534DD4AF564AE15525F392CFEBE754984BDF499D627BDEC", "B7FF1129A02D2738AED73A8C157F3D6D872B530527C875906B3678301D70ECBB", "B80E857F01B07BE9A7EE60BFD8FF52F82A16A63194D34BC2560D982812DC6722", "B8CDE2E20BC16C41FC85BA2A86684E11CDAD295FBFA9F508C045F715A67AC321", "B8E199CFC7A9C8DCF033928312B9AE0E344AB91916C93723350723B89FCB619A", "B92350DAAF295761666E616275C53B448D53547B60DB7478FE3FCCE518028947", "B93B1ED022809B9A00E51D3D9FF14D51097C6F07EC178C4396907981684D8768", "B9410A108CEB6D3C9DFE0C1617FB34D181E021D243C3FB7F5DB35969D7C4CE52", "B969FE7130BCAD03B5F16694D6DB94079140935ECAAF2DABA8FB7CA6CE7FD40E", "B9A37A9137A6A153E70081729BB78D8014252B973451FD1F85F546C27C63DFCA", "BB06E8BD028B2DF581C4E507E45CF66921EDD872018812A67B8FFD9CD3141ABF", "BBF5FBFE519F80A6B36C8E6B6ADC28B6EFD07A34E8008B141A42401A9CE1DE28", "BC2283C42C5754BA56D4B137D9299A766BC1E54917CDB4BD5C57BE600AAD1E60", "BC57AC1056A61CC76843C47F735B452A5A5F844C70175A7728D7F6370F0B6261", "BC7F561FAB80D5D0A48021AB45201595C02030C9CECEBEB548DFB50B6376384A", "BD03EE478D44A7C4C899090C9FF328560060F0170A87F64F2E81D7DD96BC3A37", "BD0B415C053FC80669F34B90324081AA9C7BB6D74CC54042D2661B32F9E38691", "BD244D6323B186793AF96234D84BC097585F104DD8186806E8394D4EE6A8D3B7", "BD43DD1867AC2917BC9CDC37222E975203BCC23E7C7CF119168DA166A717B0C9", "BD8C0A1C6CF7A152703C30BB58CB250DE8EF6981B86403CF103D9F8401EAC584", "BE6E8380C13D1103EE23BA2477B40F90E44B32F9B46BF16533F8DB60DB918AA5", "BEA0DEA8581DC561B3E0FB6213C2324D0764CB41F471CBFCCD4404F07F203E7F", "BF245510DD3456E6B91B4CAC1041A675D62C74E268B2C0039096D2A32DE43FDE", "BFE9D544106C1541B7344450CDC8AF62BBFF45143A15E7B97523F39086B55E9A", "BFFC97D9B867396253756A09ED28B13F581A2B14A0637B4684951D9BD6071488", "C05450FFDB392481643414F88F9150BF56385662E006B27CB5BA3386DA5295BC", "C0E0D2198BF99C1965DFAEC1C11F4784E7D189F41F262015ECEE9E5333D57537", "C0F80B7C16C9B80140D483C0FCD6882278F7435E15D4ED92C57FFA7E310185D5", "C18E4772030D674D152D69B21575B31602E8081D2A7D63F34DF5712FA898D8EA", "C1DE62607E696F3135AA44A9ED964385998509307175EDF6F47BDAEC9E4F6C06", "C288772B66D1EE7D2548AB9893315A88EF37DAAA5903A74756970E199AE4A91C", "C2E8B6DDE464206AEDDA1C71AA033CD48E5CBB40D6C71D0239B45AA056C35190", "C31436DA6C1FDD78E2ECB68688AFD20C432119CDF718A53729D0F429AE0174AA", "C3CAB0A180C284A278B88B085EE66F70FE6A8F53A5C4AA6A67DE90BCD1ED4D01", "C419E4AE704DBAFD5EFD078AE673E051D209740CCE61A07F500573B347A7F595", "C651E37BF4B96F4EB07264F5CD8AF5358C07A1B2AF852ACFC9AC82E9E6722BEB", "C6C30575B8111B1F0235943AFBFB3EFC95AC6BC7ED4517C4C9F4D899336D20C9", "C7752951E8085C186BF5D89E852FCD41F36C211BD9364B8CA87F6E4FF8AFF924", "C7AE65EB0D706F20B5B2D3D4E72252697ECA6AA7917A58A2DD40B4293B199DC0", "C7CBDBED0F63DA6EE5124570703632B6C2AAA8D5D0DF99F9E70413BFC17257F5", "C8B10EBB1C04E885A0F46598D7359140F659737A3C1249FEE363B6A29D7355AA", "C976F3FB2440651533AB7414A4F76FC3C66CAF49895BE704575E993E6B5F6D48", "C9A0F83DA43F98BB8749F1E06867002E1C69DB325BE1EE6ED8D3F245105C2D03", "CA022F6C74AB029507A536E48E400E3EBCD80F6563DFCB94ADFC3887F1C436C3", "CBAD9A5D72D7476363185541BD693344F4EEB28C6708F8A48B2849B3FD618351", "CBAE0492C38AA01FC003E13DF32DD0C20AADD9BC2874AEBB77AEE27AB42027B1", "CC1827A64689B74570896388F9C886597BB1BF215F1D08F69BBBFD770F5275A3", "CC714D6CB93526CA67C3B1AF953783F7648CF4A4936616886992C0290C5D5B18", "CCC6D48957ECA3F47A71227A950CA10E03F27DEE5E7F2458E5F9B6AA599422E8", "CD1271F65919F0A27ABAC5D2FB90AF847030089BEFBA36FA40622E14F85284D4", "CEF20F8B2F76F34D20A1332E089A276B62CD83365A66024B5AB7A6CB1887883E", "CF387EA027623942683EFC747D5E8C53C455A7B39987E11DF2162158A50271EA", "CF8080897BA997E374072C563D7B6C6088F56DDA07F407BD98DF25411FE5E09C", "CF99691D618EB1EA9A8A075EF91665712165EA871FA9FCC7A423963F869D124A", "D0436708E17AE06481C5D812D4085089BCF7263B197EC4C10E8312B7221AB351", "D06CD755DD4308E07BA22E8E6BEB92F9E30EE716DE6494CE9CFFE8486337E1E3", "D0917105241B3AF403EBCBDA7A2973304A787219E1BA33B2EC05560FF0A404EE", "D24802352877517E1A734910AA5B470C280E95428999292362B5DB5785262ED7", "D2A8B7FD0D3A20180EBF8484490243C0DC038E552B987004A03D622D69BBA611", "D2E48469AB3A6F2B1FEAEFDF00F68B8BC2F210C7E3BBABA5556DFDE4C6DB7ECD", "D3418B2E96E89CF57CA80D7EF71EB4B4A624C51867F542D04AC6C83CF95EA96D", "D3BED0E83235D9426D986A11755E3B30E87187B154AD1097AE25C384A5EC66B8", "D4C1C0E6A5170ECC8C7B3DFFE304FF401A904E8D9E1A70A203081EBBCDBE568F", "D5006110BB901C8B28332845E7232D26FD36B1609362E9BF8C8B8705EFBF33D5", "D5AA5A836C6CC887766560D5C0DEA7A00ECE08E7210420C4B9BBFF45EA1FF9F6", "D5DD24C882DBB1D9A7CA1FF6A2B5E71A2110BD5524772EF5C4D134F94002AC84", "D60E46330596DCE2059EC92EC698759ACCB875541CC622F435EF733178728B73", "D6EE1AE15F7BD96FCB1799E31A9E36026979DFE8E702302D459578E3398E8FC4", "D70C0CFD2132EBB5AAF3CF53E301E73B5E5845FB7B0FC143B5DBE6CBAF3A884B", "D7448193BEC97EC6B90CB3869926C86749C2FB9859BC66CA55A2B2E7B21D692F", "D9B33FAA9F87D18625F5A08EF5634D73168FBB4A49FD551EFF5B173DEC473E84", "D9BE0065398666E1D67CCC53BE7B141B9D057940F7F6EFEC200D45AA41B346EE", "DAA1AB493771F23C03A5CF68B32054DD0BF2FFAABB82BF77077C01F8D84DFBED", "DAB6CB181424781D3CAEADDD031227EAB5B67EECC36B24ACF558ADBC524F2D57", "DAD5A8456E75C3E0D61A94AD852443D8D2F457AD466BC30FEDC9E8F6256B0E5E", "DB90B12CB00DA651613B8CEA1042CD2F0BCE3752CA67DAA0D3AD348B3C4AA6F2", "DBC08F11E8C546F68BF3DB9830663489611F4366FD7EB52BF39808F516F3BEA2", "DBD29332B6E297F25422EB8C28791AE3DD704B7B9FDB714ACE7016CEEC63D122", "DC6CFA97AFC11ECA8AC903B07B25377D9849F6E270CE2A8494F78E7B651A0389", "DD276150642C7A4919049E6AEBEA80520991077A02AE872E9765C43C235BE583", "DD6D1ADB4E0823703EC8B875E430BC4DA6EC03FE4D9BEBF09A0A0BA75C5488A1", "DD74A94DCFD49E41C76C5DDF42C914B945842C457C59BD3AA077859815577B84", "DDAC6B14B8934B2E6C225A197BD36CA0AC38FD8684F572F5702537FFE8240DAB", "DDBD4BDAEE1412B8C8199BA8BCDE15F2A42D1C2982D2BFF3B062BFCD642CDD23", "DE6FC785FAEA5CDC22FA3DD95C1113BD7CE8E4668A2B0686DFF968822706AA72", "DEAFA2DB54593AA80919E191E6F6089E8FC07DD6414224DF7420DF6F55DF4BC8", "DF03CD856A57D7360B711A6E6395B099DEE028A64AE6341A99493DBAF1274A4B", "DF7E743258EECE8D977DB6645A6CF8DFDE1F2111B2363A0A163830CA509AD664", "E07E9939487B5F63C0252300712F7211E6C0B89676F9E5D5E2613D17BD23D356", "E0A58ED8F9D2EAC5F3D7B7629F5373292F4D9CAE0E0ACB4EFB9DF940BFA17EC8", "E0B94384680B705B44FF092CCD406D3C21502CF270D0853EFD258F97DB74E953", "E0C9BAECEFA76A39F668375CCE1FEF586F0BFB09CFFC885A638463548385207C", "E0CAD87D2D58A2FEE5B2191470CEB1BAD189DB6A091A60BC28E6B8904753BA45", "E1347202BCC47D3F31895563DF1F7842BEC89FA802656E5A1AA1C6417187343D", "E173DCA0E65F1BC893DFC386A3859828D95897C2E9C3CB8AB66C9F1FCD79D6C7", "E298AFAE6C10545EEFE2EDCB1E58ACEB81769C82FC173BB89206A046496B5501", "E30E73EC52C28C43A6E751E1BE29D05BB6EAB02BC422665D82F3C431254532A5", "E47CC3D807E088442F7028350C85D08162FCCBC6A1643D768407619ABA4B9399", "E6153C35BD44471C95F1EFEED9B29C46E12A43C017CCADB1D87BD84154E4A620", "E6339192F4D5A34C5450757F6F89CD12C85BA22B7375FD57D5B1C48F67C117CC", "E718305B80885810F902CE850143D8E41B3321E883AB24867E49DDC4822F4153", "E7A61D23F37BFE71387F349B7ABC627B2069E0DD06334950ECFFA79FDC6D4BE8", "E8A312ECF86D6A1C6D9722B8D51FDE987A400AF0C6568E0E843C6327878D3511", "E8A9D3E9EB263B8252AC392A110C5699C152EBE388EA85E79DC45D6A3DA9A738", "E8D1954E7F4E50A7F1CC861CDAF69D1A363FA2EE425AF143C971F230E8015C10", "E94DE2A00A2C1D8282756AE6867DE9CFD231A5D1A7411CA8146CFF2E3FD9CE7D", "EB20B672B0F8880C0E9D8D5292F68305326883CCEA193494DABCBD14BB06A184", "EB5B1F8ABFF3A7B214FBC4418A883224B5D8C2FEDD066A997E53E0DC10D67F18", "EB67E51171F7C34A22B244E03166CB1F7D74162E476DCFA216B46A44310996E5", "EC3E23A99CFAAD88B2FA49B712651D754EE84446F6DFEB6CC3571A65A744E234", "EC7DD37D5F4B9A5D139BAD89ACB67C9048FD7B2CAF35F5F63861CE6E55EADBAB", "ED1637B2624D26362BDB52FFE4446CD922E21738E4C506EA23FFF9A92362A011", "ED60AC8DA8519FF62B67D9A42CACC711F4D100223E77E6CCFEC7F0D7ADF7426D", "EDB34CD93CDAF5921CF795AC72A6405C79962D06DE79535AF74133F2884DA4EB", "EE2718514028559E6F27A557F3B2FF99E3B2AC3C33754AA2CB57AD5E245C7955", "EE7CE47E45F000B20D959427D19E89321C1C0E7DA85CD2ADF5A37945584874DC", "EF1E86E8C1821B2FE6F241A7F8B0060DAE69EB57B79276256A296E2116C4F120", "EF2B4F4110ACF96FDC34CF6D7B916C577277400859F5F464947088E0CE635995", "EF61076F398E7E703A00D1503205A1E6D7D23FD6F5942CC3C0F34D08EE3C113F", "EF8F0A9CABE55A98975A5E586449578AFBE0581CC3BBC4848706891FDC02ED1D", "EF8F5D2176643F60AAACF896D63970A0820FAB5D2142D03834334DF645116BBD", "EF9B6C270DCF82283BF13AFE4BD6A359C1D124B7D4895440A36E199964CDEF36", "EFC96C84FC6627E09277E1FB61859CD2CA1859DFD91107C5D299A533D68503BF", "F0864C914EFB62F7C48822F52BDF423B57466738327736DD211AEFBE34B7C109", "F08BFDC36857BBE15067A0715EC82D384F74D0BB5D6D364E364213D123C8F27A", "F09AD94B48DEE6804F3C9AEE48EB9BA274CE6A40FCE684B18CF3D4B1944D4CCE", "F0E62F1700EDD02BA2F3839DDD88EA046C8C342A2FAE608A27D02F8C7F20EE45", "F203E7CA492B52CC28D1E01B183656FCCDFA7E752086B898CC45C35460E61070", "F3758093EA44146C6BB9180D4A89ECCFA58C42ADF8707A861E087BF54975924C", "F481795A6FFE2977136F114C95687BE8F335EE9CADA223D9A249BC76B5EC8D5F", "F4BDACE4C2BD969BE014F58FD96BAC012DCB9FD40640A048ED223245FEA36AB5", "F631FBF3345C07F81D82B960695E1646F617E669785B8F63DB760D886F1B2C12", "F7862E3AFF4165C1E96904B0CC478B568FD7C29638F30D7255C5D201546C0450", "F7B18297158774ACB53730B0EDA1769CE1870FC3ACD164CDD833ED2C0723B090", "F90FD904FE2AD66DEF4FDDFD5D99DDE1F5E9A79893EE2F3ADB1619E2F648B6FC", "F967014534DCCC8F81A119D3F6C4F892D3391900CC61B075AAC35C3073D741FA", "F96732014CC74E0CD212E2641AC086C0DBA609B9E2E61E3DC4259C4E401BE0FA", "F9C3BC218F02B41A1EE998B0C9BACBCBA2A26044AA17D86E90806B1B4853903B", "FB60760FFBC4C1641885367A133FC454DC2E0574DCD44CF7D9CE310281E34594", "FC4C804F44282D78247FA90BC4C8C855819430A02725094AC97DBD89D0227589", "FC8C17DD115E571F97B5F3885C8242567934FD310C97F79C46B626881E94E7C9", "FCCC0F3B66FBDAD0D2E95FD368A9EC23B1CACB02F277AF6EB3B63115AB8DEECF", "FCE8CB9EC748BEA35F6D8F122632ACA729BC03129A749D9453A43D584D43CBDD", "FDE8E9C242ED2D257B3BCF9E013CB6CFC32441C70BF5803FE16A714EDE9E7DFB", "FE20A5D1F4849E14D48069BAF660E8CC8F27B6E1A52250832431EA5A43960BAB", "FE67874D43BC98A053A0BF58006D9985B49884BE885879B16D23006930E8AE3F", "FF8A5C202A165C6A86DAF62B5BC19ADD9FB787B84C46A73C2E35849265921673"]}, {"type": "ics", "idList": ["ICSA-14-105-02A", "ICSA-14-105-03B", "ICSA-14-114-01", "ICSA-14-126-01A", "ICSA-14-128-01", "ICSA-14-135-02", "ICSA-14-135-04", "ICSA-14-135-05", "ICSA-15-344-01", "ICSA-17-094-04", "ICSA-18-226-02", "ICSA-21-075-02", "ICSA-22-160-01", "ICSMA-18-058-02"]}, {"type": "intel", "idList": ["INTEL:INTEL-SA-00037"]}, {"type": "intothesymmetry", "idList": ["INTOTHESYMMETRY:458BCB1DFE42EF07F0FBAFB7EF82F028", "INTOTHESYMMETRY:E734ED1EBF3CAA516E338187A38075D9", "INTOTHESYMMETRY:E90923CAE21ADFC423A96B462BCBC0DF"]}, {"type": "jvn", "idList": ["JVN:51615542"]}, {"type": "kaspersky", "idList": ["KLA10359", "KLA10447", "KLA10452", "KLA10570", "KLA11179"]}, {"type": "kitploit", "idList": ["KITPLOIT:2973941148692546578", "KITPLOIT:6372579284509577146", "KITPLOIT:7013881512724945934", "KITPLOIT:7553690576096019209", "KITPLOIT:7835941952769002973", "KITPLOIT:7942195329946074809", "KITPLOIT:8661324951126484733", "KITPLOIT:8672599587089685905", "KITPLOIT:8800200070735873517"]}, {"type": "lenovo", "idList": ["LENOVO:PS500041-NOSID", "LENOVO:PS500041-POODLE-SSLV3-VULNERABILITY-NOSID", "LENOVO:PS500190-INTEL-PROSETWIRELESS-WIFI-SOFTWARE-VULNERABILITIES-NOSID", "LENOVO:PS500190-NOSID"]}, {"type": "mageia", "idList": ["MGASA-2014-0008", "MGASA-2014-0012", "MGASA-2014-0165", "MGASA-2014-0256", "MGASA-2014-0416", "MGASA-2014-0489", "MGASA-2014-0490", "MGASA-2014-0507", "MGASA-2015-0037", "MGASA-2016-0056", "MGASA-2016-0338", "MGASA-2016-0408", "MGASA-2017-0041", "MGASA-2017-0042", "MGASA-2017-0390", "MGASA-2017-0405", "MGASA-2017-0453", "MGASA-2018-0101"]}, {"type": "malwarebytes", "idList": ["MALWAREBYTES:AC8C8799BB0970C229AB0C432EECB10A"]}, {"type": "metasploit", "idList": ["MSF:AUXILIARY-SCANNER-SSL-SSL_VERSION-"]}, {"type": "mozilla", "idList": ["MFSA2006-60", "MFSA2010-22"]}, {"type": "mskb", "idList": ["KB980436"]}, {"type": "myhack58", "idList": ["MYHACK58:62201444409"]}, {"type": "n0where", "idList": ["N0WHERE:76566"]}, {"type": "nessus", "idList": ["3755.PRM", "4221.PRM", "4521.PRM", "4632.PRM", "5339.PRM", "5349.PRM", "5356.PRM", "5358.PRM", "5494.PRM", "5495.PRM", "5496.PRM", "5556.PRM", "5559.PRM", "5564.PRM", "5667.PRM", "5720.PRM", "5782.PRM", "5924.PRM", "5968.PRM", "6022.PRM", "6129.PRM", "6288.PRM", "6857.PRM", "700352.PASL", "700523.PRM", "700620.PRM", "700625.PRM", "700649.PRM", "7108.PASL", "800554.PRM", "800790.PRM", "800857.PRM", "801016.PRM", "801053.PRM", "801054.PRM", "801055.PRM", "801057.PRM", "801059.PRM", "801061.PRM", "801065.PRM", "801276.PRM", "801278.PRM", "8194.PRM", "8552.PRM", "8562.PRM", "9081.PRM", "9463.PRM", "9465.PRM", "9933.PRM", "9934.PRM", "ADOBE_FMS_4_0_2.NASL", "AIX_IV69768.NASL", "AIX_IV73316.NASL", "AIX_IV73319.NASL", "AIX_IV73324.NASL", "AIX_IV73416.NASL", "AIX_IV73417.NASL", "AIX_IV73418.NASL", "AIX_IV73419.NASL", "AIX_IV73973.NASL", "AIX_IV73974.NASL", "AIX_IV73975.NASL", "AIX_IV73976.NASL", "AIX_JAVA_FEB2015_ADVISORY.NASL", "AIX_JAVA_JAN2017_ADVISORY.NASL", "AIX_JAVA_OCT2014_ADVISORY.NASL", "AIX_OPENSSL_ADVISORY11.NASL", "AIX_OPENSSL_ADVISORY2.NASL", "AIX_OPENSSL_ADVISORY21.NASL", "AIX_OPENSSL_ADVISORY25.NASL", "AIX_OPENSSL_ADVISORY3.NASL", "AIX_OPENSSL_ADVISORY4.NASL", "AIX_OPENSSL_ADVISORY6.NASL", "AIX_OPENSSL_ADVISORY7.NASL", "AIX_SSL_ADVISORY.NASL", "AL2_ALAS-2018-1004.NASL", "ALA_ALAS-2011-04.NASL", "ALA_ALAS-2011-4.NASL", "ALA_ALAS-2012-38.NASL", "ALA_ALAS-2012-72.NASL", "ALA_ALAS-2012-73.NASL", "ALA_ALAS-2014-273.NASL", "ALA_ALAS-2014-320.NASL", "ALA_ALAS-2014-426.NASL", "ALA_ALAS-2014-429.NASL", "ALA_ALAS-2015-471.NASL", "ALA_ALAS-2015-472.NASL", "ALA_ALAS-2015-480.NASL", "ALA_ALAS-2016-755.NASL", "ALA_ALAS-2017-791.NASL", "ALA_ALAS-2017-797.NASL", "ALA_ALAS-2018-1016.NASL", "APACHE_2_0_64.NASL", "APACHE_2_2_15.NASL", "APACHE_TRAFFIC_SERVER_511.NASL", "APPLETV_7_0_1.NASL", "APPLE_IOS_81_CHECK.NBIN", "ARISTA_EOS_SA0024.NASL", "ARISTA_EOS_SA0024_4_17.NASL", "ASTERISK_AST_2014_011.NASL", "ATTACHMATE_REFLECTION_70_SP1.NASL", "ATTACHMATE_REFLECTION_HEARTBLEED.NASL", "ATTACHMATE_REFLECTION_SECURE_IT_FOR_WIN_CLIENT_HEARTBLEED.NASL", "ATTACHMATE_REFLECTION_X_HEARTBLEED.NASL", "BLACKBERRY_ES_UDS_KB35882.NASL", "BLUECOAT_PROXY_AV_3_5_1_9.NASL", "BLUECOAT_PROXY_SG_6_5_3_6.NASL", "CENTOS_RHSA-2006-0661.NASL", "CENTOS_RHSA-2006-0695.NASL", "CENTOS_RHSA-2007-0813.NASL", "CENTOS_RHSA-2007-0964.NASL", "CENTOS_RHSA-2007-1003.NASL", "CENTOS_RHSA-2009-1075.NASL", "CENTOS_RHSA-2009-1335.NASL", "CENTOS_RHSA-2009-1579.NASL", "CENTOS_RHSA-2009-1580.NASL", "CENTOS_RHSA-2010-0054.NASL", "CENTOS_RHSA-2010-0162.NASL", "CENTOS_RHSA-2010-0163.NASL", "CENTOS_RHSA-2010-0164.NASL", "CENTOS_RHSA-2010-0165.NASL", "CENTOS_RHSA-2010-0166.NASL", "CENTOS_RHSA-2010-0167.NASL", "CENTOS_RHSA-2010-0333.NASL", "CENTOS_RHSA-2010-0339.NASL", "CENTOS_RHSA-2010-0768.NASL", "CENTOS_RHSA-2010-0977.NASL", "CENTOS_RHSA-2010-0978.NASL", "CENTOS_RHSA-2012-0059.NASL", "CENTOS_RHSA-2012-0060.NASL", "CENTOS_RHSA-2012-0518.NASL", "CENTOS_RHSA-2014-0015.NASL", "CENTOS_RHSA-2014-0376.NASL", "CENTOS_RHSA-2014-1652.NASL", "CENTOS_RHSA-2014-1653.NASL", "CENTOS_RHSA-2014-1948.NASL", "CENTOS_RHSA-2015-0067.NASL", "CENTOS_RHSA-2015-0068.NASL", "CENTOS_RHSA-2015-0069.NASL", "CENTOS_RHSA-2015-0085.NASL", "CENTOS_RHSA-2016-1940.NASL", "CENTOS_RHSA-2017-0180.NASL", "CENTOS_RHSA-2017-0269.NASL", "CENTOS_RHSA-2018-0998.NASL", "CENTOS_RHSA-2018-2123.NASL", "CHECK_POINT_GAIA_SK103683.NASL", "CISCO-SA-20141015-POODLE-ASA.NASL", "CISCO-SA-20141015-POODLE-CUCM.NASL", "CISCO-SA-20141015-POODLE-WLC.NASL", "CISCO-VCS-CSCUO16472.NASL", "CISCO_ANYCONNECT_3_1_5187.NASL", "CISCO_ANYCONNECT_CSCUX41420.NASL", "CUPS_2_0_1.NASL", "DB2_95FP6.NASL", "DB2_97FP2.NASL", "DB2_9FP9.NASL", "DEBIAN_DLA-157.NASL", "DEBIAN_DLA-282.NASL", "DEBIAN_DLA-400.NASL", "DEBIAN_DLA-637.NASL", "DEBIAN_DLA-81.NASL", "DEBIAN_DSA-1173.NASL", "DEBIAN_DSA-1174.NASL", "DEBIAN_DSA-1185.NASL", "DEBIAN_DSA-1195.NASL", "DEBIAN_DSA-1379.NASL", "DEBIAN_DSA-1571.NASL", "DEBIAN_DSA-1888.NASL", "DEBIAN_DSA-1934.NASL", "DEBIAN_DSA-1970.NASL", "DEBIAN_DSA-2125.NASL", "DEBIAN_DSA-2141.NASL", "DEBIAN_DSA-2162.NASL", "DEBIAN_DSA-2390.NASL", "DEBIAN_DSA-2392.NASL", "DEBIAN_DSA-2454.NASL", "DEBIAN_DSA-2626.NASL", "DEBIAN_DSA-2833.NASL", "DEBIAN_DSA-2837.NASL", "DEBIAN_DSA-2896.NASL", "DEBIAN_DSA-3053.NASL", "DEBIAN_DSA-3144.NASL", "DEBIAN_DSA-3147.NASL", "DEBIAN_DSA-3253.NASL", "DEBIAN_DSA-3489.NASL", "DEBIAN_DSA-3673.NASL", "DEBIAN_DSA-4017.NASL", "DEBIAN_DSA-4018.NASL", "DEBIAN_DSA-4065.NASL", "DEBIAN_DSA-4157.NASL", "DEBIAN_DSA-5103.NASL", "EULEROS_SA-2016-1090.NASL", "EULEROS_SA-2017-1015.NASL", "EULEROS_SA-2017-1016.NASL", "EULEROS_SA-2017-1027.NASL", "EULEROS_SA-2017-1028.NASL", "EULEROS_SA-2018-1115.NASL", "EULEROS_SA-2018-1179.NASL", "EULEROS_SA-2018-1339.NASL", "EULEROS_SA-2019-1400.NASL", "EULEROS_SA-2019-1403.NASL", "EULEROS_SA-2019-1434.NASL", "EULEROS_SA-2019-1546.NASL", "EULEROS_SA-2019-1547.NASL", "EULEROS_SA-2019-1548.NASL", "EULEROS_SA-2019-2509.NASL", "EULEROS_SA-2019-2643.NASL", "EULEROS_SA-2021-2542.NASL", "EULEROS_SA-2021-2566.NASL", "EULEROS_SA-2021-2758.NASL", "EULEROS_SA-2021-2785.NASL", "EULEROS_SA-2022-1434.NASL", "EULEROS_SA-2022-1455.NASL", "EULEROS_SA-2022-1612.NASL", "EULEROS_SA-2022-1635.NASL", "EULEROS_SA-2022-1649.NASL", "EULEROS_SA-2022-1663.NASL", "EULEROS_SA-2022-2032.NASL", "EULEROS_SA-2022-2060.NASL", "F5_BIGIP_SOL10065173.NASL", "F5_BIGIP_SOL10737.NASL", "F5_BIGIP_SOL13167034.NASL", "F5_BIGIP_SOL14363514.NASL", "F5_BIGIP_SOL15147.NASL", "F5_BIGIP_SOL15158.NASL", "F5_BIGIP_SOL15159.NASL", "F5_BIGIP_SOL15388.NASL", "F5_BIGIP_SOL16285.NASL", "F5_BIGIP_SOL17248.NASL", "F5_BIGIP_SOL44512851.NASL", "F5_BIGIP_SOL6623.NASL", "F5_BIGIP_SOL6734.NASL", "F5_BIGIP_SOL8106.NASL", "F5_BIGIP_SOL8108.NASL", "FEDORA_2006-1004.NASL", "FEDORA_2006-953.NASL", "FEDORA_2007-1444.NASL", "FEDORA_2007-2530.NASL", "FEDORA_2007-661.NASL", "FEDORA_2007-725.NASL", "FEDORA_2008-4723.NASL", "FEDORA_2008-6393.NASL", "FEDORA_2009-12229.NASL", "FEDORA_2009-12305.NASL", "FEDORA_2009-12604.NASL", "FEDORA_2009-12606.NASL", "FEDORA_2009-12747.NASL", "FEDORA_2009-12750.NASL", "FEDORA_2009-12775.NASL", "FEDORA_2009-12782.NASL", "FEDORA_2009-12968.NASL", "FEDORA_2009-13236.NASL", "FEDORA_2009-13250.NASL", "FEDORA_2009-5412.NASL", "FEDORA_2009-5423.NASL", "FEDORA_2009-5452.NASL", "FEDORA_2010-1127.NASL", "FEDORA_2010-16240.NASL", "FEDORA_2010-16294.NASL", "FEDORA_2010-16312.NASL", "FEDORA_2010-17826.NASL", "FEDORA_2010-17827.NASL", "FEDORA_2010-17847.NASL", "FEDORA_2010-18736.NASL", "FEDORA_2010-18765.NASL", "FEDORA_2010-3905.NASL", "FEDORA_2010-3929.NASL", "FEDORA_2010-3956.NASL", "FEDORA_2010-5357.NASL", "FEDORA_2010-5744.NASL", "FEDORA_2010-5942.NASL", "FEDORA_2010-6025.NASL", "FEDORA_2010-6039.NASL", "FEDORA_2010-6131.NASL", "FEDORA_2010-6279.NASL", "FEDORA_2010-8742.NASL", "FEDORA_2010-9421.NASL", "FEDORA_2010-9487.NASL", "FEDORA_2010-9518.NASL", "FEDORA_2010-9574.NASL", "FEDORA_2010-9639.NASL", "FEDORA_2011-12233.NASL", "FEDORA_2011-12281.NASL", "FEDORA_2011-1255.NASL", "FEDORA_2011-1273.NASL", "FEDORA_2011-5865.NASL", "FEDORA_2011-5876.NASL", "FEDORA_2011-5878.NASL", "FEDORA_2012-0232.NASL", "FEDORA_2012-0250.NASL", "FEDORA_2012-0702.NASL", "FEDORA_2012-0708.NASL", "FEDORA_2012-18035.NASL", "FEDORA_2012-6343.NASL", "FEDORA_2012-6395.NASL", "FEDORA_2012-6403.NASL", "FEDORA_2013-23768.NASL", "FEDORA_2013-23788.NASL", "FEDORA_2013-23794.NASL", "FEDORA_2014-0456.NASL", "FEDORA_2014-0474.NASL", "FEDORA_2014-0476.NASL", "FEDORA_2014-12951.NASL", "FEDORA_2014-13012.NASL", "FEDORA_2014-13069.NASL", "FEDORA_2014-13399.NASL", "FEDORA_2014-13647.NASL", "FEDORA_2014-13764.NASL", "FEDORA_2014-13777.NASL", "FEDORA_2014-13781.NASL", "FEDORA_2014-13794.NASL", "FEDORA_2014-14217.NASL", "FEDORA_2014-14234.NASL", "FEDORA_2014-14237.NASL", "FEDORA_2014-15379.NASL", "FEDORA_2014-15390.NASL", "FEDORA_2014-15411.NASL", "FEDORA_2014-1560.NASL", "FEDORA_2014-1567.NASL", "FEDORA_2014-17576.NASL", "FEDORA_2014-17587.NASL", "FEDORA_2014-4879.NASL", "FEDORA_2014-4910.NASL", "FEDORA_2014-4982.NASL", "FEDORA_2014-4999.NASL", "FEDORA_2014-5321.NASL", "FEDORA_2014-5337.NASL", "FEDORA_2014-9301.NASL", "FEDORA_2014-9308.NASL", "FEDORA_2015-605DE37B7F.NASL", "FEDORA_2015-9090.NASL", "FEDORA_2015-9110.NASL", "FEDORA_2016-527018D2FF.NASL", "FEDORA_2017-3451DBEC48.NASL", "FEDORA_2017-E853B4144F.NASL", "FILEZILLA_SERVER_0944.NASL", "FORTINET_FG-IR-14-011.NASL", "FORTIOS_FG-IR-17-137.NASL", "FREEBSD_PKG_03175E62549411E49CC1BC5FF4FB5E7B.NASL", "FREEBSD_PKG_03532A19D68E11E6917114DAE9D210B8.NASL", "FREEBSD_PKG_077C2DCA8F9A11DBAB33000E0C2E438A.NASL", "FREEBSD_PKG_0DAD911460CC11E49E840022156E8794.NASL", "FREEBSD_PKG_0F37D765C5D411DB9F82000E0C2E438A.NASL", "FREEBSD_PKG_1AAAA5C6804D11EC8BE6D4C9EF517024.NASL", "FREEBSD_PKG_1FE734BF4A0611DBB48D00508D6A62DF.NASL", "FREEBSD_PKG_2AE114DEC06411E1B5E0000C299B62E1.NASL", "FREEBSD_PKG_2ECB7B20D97E11E0B2E200215C6A37BB.NASL", "FREEBSD_PKG_3042C33AF23711DF9D020018FE623F2B.NASL", "FREEBSD_PKG_3679FD10C5D111E5B85F0018FE623F2B.NASL", "FREEBSD_PKG_384FC0B2014411E58FDA002590263BF5.NASL", "FREEBSD_PKG_3BB451FCDB6411E7AC58B499BAEBFEAF.NASL", "FREEBSD_PKG_43EAA65680BC11E6BF52B499BAEBFEAF.NASL", "FREEBSD_PKG_4C8D1D729B3811E5AECED050996490D0.NASL", "FREEBSD_PKG_5631AE98BE9E11E3B5E3C80AA9043978.NASL", "FREEBSD_PKG_5AAA257E772D11E3A65A3C970E169BC2.NASL", "FREEBSD_PKG_5C5F19CE43AF11E189B4001EC9578670.NASL", "FREEBSD_PKG_7184F92E8BB811E18D7B003067B2972C.NASL", "FREEBSD_PKG_76C7A0F5592811E4ADC7001999F8D30B.NASL", "FREEBSD_PKG_78CC8A463E5611E189B4001EC9578670.NASL", "FREEBSD_PKG_82B55DF84D5A11DE88110030843D3802.NASL", "FREEBSD_PKG_9442A811DAB311E7B5AFA4BADB2F4699.NASL", "FREEBSD_PKG_9CCFEE393C3B11DF9EDC000F20797EDE.NASL", "FREEBSD_PKG_9F7A0F39DDC011E7B5AFA4BADB2F4699.NASL", "FREEBSD_PKG_A8EC4DB7A39811E585E914DAE9D210B8.NASL", "FREEBSD_PKG_B7CFF5A931CC11E88F07B499BAEBFEAF.NASL", "FREEBSD_PKG_BEA84A7AE0C911E7B4F311BAA0C2DF21.NASL", "FREEBSD_PKG_C97D7A37223311DF96DD001B2134EF46.NASL", "FREEBSD_PKG_D455708AE3D311E69940B499BAEBFEAF.NASL", "FREEBSD_PKG_F40F07AAC00F11E7AC58B499BAEBFEAF.NASL", "GENTOO_GLSA-200609-05.NASL", "GENTOO_GLSA-200610-06.NASL", "GENTOO_GLSA-200610-11.NASL", "GENTOO_GLSA-200612-11.NASL", "GENTOO_GLSA-200710-06.NASL", "GENTOO_GLSA-200710-30.NASL", "GENTOO_GLSA-200806-08.NASL", "GENTOO_GLSA-200807-06.NASL", "GENTOO_GLSA-200912-01.NASL", "GENTOO_GLSA-201006-18.NASL", "GENTOO_GLSA-201110-01.NASL", "GENTOO_GLSA-201110-05.NASL", "GENTOO_GLSA-201203-12.NASL", "GENTOO_GLSA-201203-22.NASL", "GENTOO_GLSA-201206-18.NASL", "GENTOO_GLSA-201301-01.NASL", "GENTOO_GLSA-201309-15.NASL", "GENTOO_GLSA-201311-13.NASL", "GENTOO_GLSA-201312-03.NASL", "GENTOO_GLSA-201402-25.NASL", "GENTOO_GLSA-201404-07.NASL", "GENTOO_GLSA-201406-32.NASL", "GENTOO_GLSA-201408-19.NASL", "GENTOO_GLSA-201411-10.NASL", "GENTOO_GLSA-201412-11.NASL", "GENTOO_GLSA-201412-39.NASL", "GENTOO_GLSA-201507-14.NASL", "GENTOO_GLSA-201601-05.NASL", "GENTOO_GLSA-201606-11.NASL", "GENTOO_GLSA-201612-16.NASL", "GENTOO_GLSA-201701-65.NASL", "GENTOO_GLSA-201702-07.NASL", "GENTOO_GLSA-201707-01.NASL", "GENTOO_GLSA-201712-03.NASL", "GENTOO_GLSA-201802-04.NASL", "GENTOO_GLSA-202210-02.NASL", "GLASSFISH_CPU_APR_2015.NASL", "HPSMH_6_0_0_95.NASL", "HPSMH_6_1_0_102.NASL", "HPSMH_6_2_0_12.NASL", "HPSMH_7_0_0_24.NASL", "HPSMH_7_1_1_1.NASL", "HPSMH_7_2_1_0.NASL", "HPSMH_7_3_2.NASL", "HPSMH_7_4_1.NASL", "HPUX_PHNE_35920.NASL", "HPUX_PHSS_35110.NASL", "HPUX_PHSS_35111.NASL", "HPUX_PHSS_35436.NASL", "HPUX_PHSS_35437.NASL", "HPUX_PHSS_35458.NASL", "HPUX_PHSS_35459.NASL", "HPUX_PHSS_35460.NASL", "HPUX_PHSS_35461.NASL", "HPUX_PHSS_35462.NASL", "HPUX_PHSS_35463.NASL", "HPUX_PHSS_35480.NASL", "HPUX_PHSS_35481.NASL", "HP_INSIGHT_CONTROL_SERVER_MIGRATION_7_3_2.NASL", "HP_LASERJETPRO_HPSBPI03014.NBIN", "HP_LOADRUNNER_12_00_1.NASL", "HP_OFFICEJET_PRO_HEARTBLEED.NASL", "HP_ONBOARD_ADMIN_HEARTBLEED_VERSIONS.NASL", "HP_SITESCOPE_HPSBMU03184.NASL", "HP_SYSTEMS_INSIGHT_MANAGER_700_MULTIPLE_VULNS.NASL", "HP_VCA_SSRT101531-RHEL.NASL", "HP_VCA_SSRT101531-SLES.NASL", "HP_VCA_SSRT101531.NASL", "HP_VCRM_SSRT101531.NASL", "IBM_BIGFIX_REMOTE_CONTROL_9_1_3.NASL", "IBM_DOMINO_9_0_1_FP2.NASL", "IBM_DOMINO_SWG21693142.NASL", "IBM_GPFS_ISG3T1020683.NASL", "IBM_GPFS_ISG3T1021546_WINDOWS.NASL", "IBM_HTTP_SERVER_521711.NASL", "IBM_HTTP_SERVER_553351.NASL", "IBM_HTTP_SERVER_569301.NASL", "IBM_INFORMIX_SERVER_SWG22002897.NASL", "IBM_JAVA_2017_01_17.NASL", "IBM_JAVA_2018_08_01.NASL", "IBM_RATIONAL_CLEARQUEST_8_0_1_3_01.NASL", "IBM_RATIONAL_CLEARQUEST_8_0_1_6.NASL", "IIS_7_PCI.NASL", "IPSWITCH_IMAIL_12_4_1_15.NASL", "JUNIPER_JSA10623.NASL", "JUNIPER_JSA10759.NASL", "JUNIPER_JSA10775.NASL", "JUNIPER_NSM_JSA10851.NASL", "JUNIPER_PSN-2012-07-645.NASL", "JUNIPER_SPACE_JSA10659.NASL", "JUNOS_PULSE_JSA10623.NASL", "KASPERSKY_INTERNET_SECURITY_HEARTBLEED.NASL", "KERIO_CONNECT_824.NASL", "LIBREOFFICE_423.NASL", "MACOSX_10_10.NASL", "MACOSX_10_10_2.NASL", "MACOSX_10_6_8.NASL", "MACOSX_10_8_4.NASL", "MACOSX_CISCO_ANYCONNECT_3_1_5187.NASL", "MACOSX_CISCO_ANYCONNECT_CSCUX41420.NASL", "MACOSX_FUSION_6_0_3.NASL", "MACOSX_JAVA_10_5_UPDATE7.NASL", "MACOSX_JAVA_10_5_UPDATE8.NASL", "MACOSX_JAVA_10_6_UPDATE2.NASL", "MACOSX_JAVA_10_6_UPDATE3.NASL", "MACOSX_JAVA_REL6.NASL", "MACOSX_LIBREOFFICE_423.NASL", "MACOSX_SECUPD2008-005.NASL", "MACOSX_SECUPD2008-007.NASL", "MACOSX_SECUPD2010-001.NASL", "MACOSX_SECUPD2013-002.NASL", "MACOSX_SECUPD2014-005.NASL", "MACOSX_SECUPD2015-001.NASL", "MACOSX_SERVER_2_2_5.NASL", "MACOSX_SERVER_3_2_2.NASL", "MACOSX_SERVER_4_0.NASL", "MACOSX_SERVER_4_1.NASL", "MACOSX_XCODE_7_0.NASL", "MACOSX_XCODE_81.NASL", "MANDRAKE_MDKSA-2006-161.NASL", "MANDRAKE_MDKSA-2006-166.NASL", "MANDRAKE_MDKSA-2006-172.NASL", "MANDRAKE_MDKSA-2006-177.NASL", "MANDRAKE_MDKSA-2006-178.NASL", "MANDRAKE_MDKSA-2006-207.NASL", "MANDRAKE_MDKSA-2007-193.NASL", "MANDRAKE_MDKSA-2007-237.NASL", "MANDRIVA_MDVSA-2008-107.NASL", "MANDRIVA_MDVSA-2009-120.NASL", "MANDRIVA_MDVSA-2009-124.NASL", "MANDRIVA_MDVSA-2009-238.NASL", "MANDRIVA_MDVSA-2009-239.NASL", "MANDRIVA_MDVSA-2009-295.NASL", "MANDRIVA_MDVSA-2009-310.NASL", "MANDRIVA_MDVSA-2009-323.NASL", "MANDRIVA_MDVSA-2009-337.NASL", "MANDRIVA_MDVSA-2010-022.NASL", "MANDRIVA_MDVSA-2010-069.NASL", "MANDRIVA_MDVSA-2010-070.NASL", "MANDRIVA_MDVSA-2010-076.NASL", "MANDRIVA_MDVSA-2010-084.NASL", "MANDRIVA_MDVSA-2010-238.NASL", "MANDRIVA_MDVSA-2010-248.NASL", "MANDRIVA_MDVSA-2011-028.NASL", "MANDRIVA_MDVSA-2011-137.NASL", "MANDRIVA_MDVSA-2012-006.NASL", "MANDRIVA_MDVSA-2012-007.NASL", "MANDRIVA_MDVSA-2012-011.NASL", "MANDRIVA_MDVSA-2012-060.NASL", "MANDRIVA_MDVSA-2012-064.NASL", "MANDRIVA_MDVSA-2014-007.NASL", "MANDRIVA_MDVSA-2014-123.NASL", "MANDRIVA_MDVSA-2014-203.NASL", "MANDRIVA_MDVSA-2014-218.NASL", "MANDRIVA_MDVSA-2014-252.NASL", "MANDRIVA_MDVSA-2015-033.NASL", "MANDRIVA_MDVSA-2015-062.NASL", "MANDRIVA_MDVSA-2015-198.NASL", "MCAFEE_EMAIL_GATEWAY_SB10071.NASL", "MCAFEE_EPO_SB10071.NASL", "MCAFEE_FIREWALL_ENTERPRISE_SB10071.NASL", "MCAFEE_NGFW_SB10071.NASL", "MCAFEE_VSEL_SB10071.NASL", "MCAFEE_WEB_GATEWAY_SB10071.NASL", "MOZILLA_FIREFOX_359.NASL", "MOZILLA_FIREFOX_362.NASL", "MOZILLA_THUNDERBIRD_304.NASL", "MYSQL_5_6_34.NASL", "MYSQL_5_6_34_RPM.NASL", "MYSQL_5_6_36.NASL", "MYSQL_5_6_36_RPM.NASL", "MYSQL_5_6_39.NASL", "MYSQL_5_6_39_RPM.NASL", "MYSQL_5_7_16.NASL", "MYSQL_5_7_16_RPM.NASL", "MYSQL_5_7_18.NASL", "MYSQL_5_7_18_RPM.NASL", "MYSQL_5_7_21.NASL", "MYSQL_5_7_21_RPM.NASL", "MYSQL_ENTERPRISE_MONITOR_3_1_5_7958.NASL", "MYSQL_ENTERPRISE_MONITOR_3_2_5_1141.NASL", "MYSQL_ENTERPRISE_MONITOR_3_3_1_1112.NASL", "MYSQL_ENTERPRISE_MONITOR_3_3_3_1199.NASL", "MYSQL_ENTERPRISE_MONITOR_4_0_2_5168.NASL", "MYSQL_ENTERPRISE_MONITOR_4_0_4_5233.NASL", "NESSUS_TNS_2016_16.NASL", "NEWSTART_CGSL_NS-SA-2019-0020_OPENSSL098E.NASL", "NEWSTART_CGSL_NS-SA-2019-0022_PYTHON.NASL", "NEWSTART_CGSL_NS-SA-2019-0118_HTTPD.NASL", "NGINX_0_7_64.NASL", "OPENOFFICE_32.NASL", "OPENOFFICE_321.NASL", "OPENSSL_0_9_7K_0_9_8C.NASL", "OPENSSL_0_9_7L_0_9_8D.NASL", "OPENSSL_0_9_7M_0_9_8E.NASL", "OPENSSL_0_9_8F.NASL", "OPENSSL_0_9_8H.NASL", "OPENSSL_0_9_8L.NASL", "OPENSSL_0_9_8M.NASL", "OPENSSL_0_9_8P_1_0_0B.NASL", "OPENSSL_0_9_8S.NASL", "OPENSSL_0_9_8T.NASL", "OPENSSL_0_9_8V.NASL", "OPENSSL_0_9_8ZC.NASL", "OPENSSL_1_0_0.NASL", "OPENSSL_1_0_0A.NASL", "OPENSSL_1_0_0C.NASL", "OPENSSL_1_0_0D.NASL", "OPENSSL_1_0_0E.NASL", "OPENSSL_1_0_0F.NASL", "OPENSSL_1_0_0G.NASL", "OPENSSL_1_0_0I.NASL", "OPENSSL_1_0_0L.NASL", "OPENSSL_1_0_0O.NASL", "OPENSSL_1_0_1A.NASL", "OPENSSL_1_0_1F.NASL", "OPENSSL_1_0_1G.NASL", "OPENSSL_1_0_1J.NASL", "OPENSSL_1_0_1U.NASL", "OPENSSL_1_0_2E.NASL", "OPENSSL_1_0_2F.NASL", "OPENSSL_1_0_2I.NASL", "OPENSSL_1_0_2K.NASL", "OPENSSL_1_0_2M.NASL", "OPENSSL_1_0_2N.NASL", "OPENSSL_1_0_2ZC_DEV.NASL", "OPENSSL_1_1_0.NASL", "OPENSSL_1_1_0D.NASL", "OPENSSL_1_1_0G.NASL", "OPENSSL_1_1_0H.NASL", "OPENSSL_1_1_1M.NASL", "OPENSSL_HEARTBLEED.NASL", "OPENSSL_RESUME_DIFFERENT_CIPHER.NASL", "OPENSUSE-2012-308.NASL", "OPENSUSE-2012-52.NASL", "OPENSUSE-2012-76.NASL", "OPENSUSE-2012-99.NASL", "OPENSUSE-2013-153.NASL", "OPENSUSE-2014-10.NASL", "OPENSUSE-2014-11.NASL", "OPENSUSE-2014-27.NASL", "OPENSUSE-2014-277.NASL", "OPENSUSE-2014-318.NASL", "OPENSUSE-2014-398.NASL", "OPENSUSE-2014-4.NASL", "OPENSUSE-2014-60.NASL", "OPENSUSE-2014-605.NASL", "OPENSUSE-2014-62.NASL", "OPENSUSE-2014-63.NASL", "OPENSUSE-2014-640.NASL", "OPENSUSE-2014-647.NASL", "OPENSUSE-2014-671.NASL", "OPENSUSE-2015-91.NASL", "OPENSUSE-2016-1130.NASL", "OPENSUSE-2016-1134.NASL", "OPENSUSE-2016-1172.NASL", "OPENSUSE-2016-1189.NASL", "OPENSUSE-2016-1339.NASL", "OPENSUSE-2016-294.NASL", "OPENSUSE-2017-1324.NASL", "OPENSUSE-2017-1381.NASL", "OPENSUSE-2017-201.NASL", "OPENSUSE-2017-256.NASL", "OPENSUSE-2017-278.NASL", "OPENSUSE-2017-284.NASL", "OPENSUSE-2017-442.NASL", "OPENSUSE-2017-459.NASL", "OPENSUSE-2017-866.NASL", "OPENSUSE-2018-116.NASL", "OPENSUSE-2018-168.NASL", "OPENSUSE-2018-389.NASL", "OPENSUSE-2018-5.NASL", "OPENSUSE-2018-90.NASL", "OPENVPN_2_3_3_0.NASL", "OPENVPN_HEARTBLEED.NASL", "OPERA_1050.NASL", "ORACLELINUX_ELSA-2006-0661.NASL", "ORACLELINUX_ELSA-2006-0695.NASL", "ORACLELINUX_ELSA-2007-0813.NASL", "ORACLELINUX_ELSA-2007-0964.NASL", "ORACLELINUX_ELSA-2009-1075.NASL", "ORACLELINUX_ELSA-2009-1579.NASL", "ORACLELINUX_ELSA-2009-1580.NASL", "ORACLELINUX_ELSA-2010-0054.NASL", "ORACLELINUX_ELSA-2010-0162.NASL", "ORACLELINUX_ELSA-2010-0163.NASL", "ORACLELINUX_ELSA-2010-0164.NASL", "ORACLELINUX_ELSA-2010-0165.NASL", "ORACLELINUX_ELSA-2010-0166.NASL", "ORACLELINUX_ELSA-2010-0167.NASL", "ORACLELINUX_ELSA-2010-0333.NASL", "ORACLELINUX_ELSA-2010-0339.NASL", "ORACLELINUX_ELSA-2010-0768.NASL", "ORACLELINUX_ELSA-2010-0977.NASL", "ORACLELINUX_ELSA-2010-0978.NASL", "ORACLELINUX_ELSA-2010-0979.NASL", "ORACLELINUX_ELSA-2011-1409.NASL", "ORACLELINUX_ELSA-2012-0059.NASL", "ORACLELINUX_ELSA-2012-0060.NASL", "ORACLELINUX_ELSA-2012-0518.NASL", "ORACLELINUX_ELSA-2012-2011.NASL", "ORACLELINUX_ELSA-2014-0015.NASL", "ORACLELINUX_ELSA-2014-0376.NASL", "ORACLELINUX_ELSA-2014-1652.NASL", "ORACLELINUX_ELSA-2014-1653.NASL", "ORACLELINUX_ELSA-2014-1948.NASL", "ORACLELINUX_ELSA-2015-0067.NASL", "ORACLELINUX_ELSA-2015-0068.NASL", "ORACLELINUX_ELSA-2015-0069.NASL", "ORACLELINUX_ELSA-2015-0085.NASL", "ORACLELINUX_ELSA-2016-1940.NASL", "ORACLELINUX_ELSA-2016-3627.NASL", "ORACLELINUX_ELSA-2017-0180.NASL", "ORACLELINUX_ELSA-2017-0269.NASL", "ORACLELINUX_ELSA-2018-0998.NASL", "ORACLELINUX_ELSA-2018-2123.NASL", "ORACLEVM_OVMSA-2014-0007.NASL", "ORACLEVM_OVMSA-2014-0008.NASL", "ORACLEVM_OVMSA-2014-0032.NASL", "ORACLEVM_OVMSA-2014-0037.NASL", "ORACLEVM_OVMSA-2014-0038.NASL", "ORACLEVM_OVMSA-2014-0039.NASL", "ORACLEVM_OVMSA-2014-0040.NASL", "ORACLEVM_OVMSA-2014-0041.NASL", "ORACLEVM_OVMSA-2015-0068.NASL", "ORACLEVM_OVMSA-2016-0135.NASL", "ORACLEVM_OVMSA-2016-0141.NASL", "ORACLEVM_OVMSA-2018-0248.NASL", "ORACLEVM_OVMSA-2020-0039.NASL", "ORACLE_ACCESS_MANAGER_CPU_JAN_2018.NASL", "ORACLE_E-BUSINESS_CPU_JAN_2018.NASL", "ORACLE_E-BUSINESS_CPU_JUL_2017.NASL", "ORACLE_ENTERPRISE_MANAGER_APR_2017_CPU.NASL", "ORACLE_ENTERPRISE_MANAGER_APR_2018_CPU.NASL", "ORACLE_ENTERPRISE_MANAGER_JUL_2017_CPU.NASL", "ORACLE_ENTERPRISE_MANAGER_OPS_CENTER_JAN_2019_CPU.NASL", "ORACLE_HTTP_SERVER_CPU_JAN_2015.NASL", "ORACLE_HTTP_SERVER_CPU_JAN_2018.NASL", "ORACLE_HTTP_SERVER_CPU_JUL_2016.NASL", "ORACLE_HTTP_SERVER_CPU_OCT_2015.NASL", "ORACLE_JAVA_CPU_JAN_2015.NASL", "ORACLE_JAVA_CPU_JAN_2015_UNIX.NASL", "ORACLE_JAVA_CPU_JAN_2017.NASL", "ORACLE_JAVA_CPU_JAN_2017_UNIX.NASL", "ORACLE_JAVA_CPU_MAR_2010.NASL", "ORACLE_JAVA_CPU_MAR_2010_UNIX.NASL", "ORACLE_JAVA_CPU_OCT_2010.NASL", "ORACLE_JAVA_CPU_OCT_2010_UNIX.NASL", "ORACLE_JROCKIT_CPU_JAN_2015.NASL", "ORACLE_MYSQL_CONNECTORS_CPU_JAN_2018.NASL", "ORACLE_RDBMS_CPU_APR_2011.NASL", "ORACLE_RDBMS_CPU_JUL_2017.NASL", "ORACLE_SECURE_GLOBAL_DESKTOP_APR_2017_CPU.NASL", "ORACLE_SECURE_GLOBAL_DESKTOP_APR_2018_CPU.NASL", "ORACLE_SECURE_GLOBAL_DESKTOP_JAN_2015_CPU.NASL", "ORACLE_SECURE_GLOBAL_DESKTOP_JAN_2018_CPU.NASL", "ORACLE_SECURE_GLOBAL_DESKTOP_JUL_2016_CPU.NASL", "ORACLE_SECURE_GLOBAL_DESKTOP_JUL_2018_CPU.NASL", "ORACLE_TUXEDO_CPU_APR_2018.NASL", "ORACLE_WEBLOGIC_SERVER_CPU_APR_2015.NBIN", "OT_500424.NASL", "PFSENSE_SA-14_03.NASL", "PFSENSE_SA-17_07.NASL", "PFSENSE_SA-17_11.NASL", "PHOTONOS_PHSA-2017-0042.NASL", "PHOTONOS_PHSA-2017-0042_OPENSSL.NASL", "PHOTONOS_PHSA-2018-1_0-0097-A.NASL", "PHOTONOS_PHSA-2018-1_0-0097-A_OPENSSL.NASL", "PHOTONOS_PHSA-2018-2_0-0010-A.NASL", "PHOTONOS_PHSA-2018-2_0-0010-A_OPENSSL.NASL", "PUPPET_ENTERPRISE_312.NASL", "PVS_5_2_0.NASL", "REDHAT-RHSA-2006-0661.NASL", "REDHAT-RHSA-2006-0695.NASL", "REDHAT-RHSA-2007-0062.NASL", "REDHAT-RHSA-2007-0072.NASL", "REDHAT-RHSA-2007-0073.NASL", "REDHAT-RHSA-2007-0813.NASL", "REDHAT-RHSA-2007-0964.NASL", "REDHAT-RHSA-2007-1003.NASL", "REDHAT-RHSA-2008-0264.NASL", "REDHAT-RHSA-2008-0525.NASL", "REDHAT-RHSA-2008-0629.NASL", "REDHAT-RHSA-2009-1075.NASL", "REDHAT-RHSA-2009-1335.NASL", "REDHAT-RHSA-2009-1579.NASL", "REDHAT-RHSA-2009-1580.NASL", "REDHAT-RHSA-2009-1694.NASL", "REDHAT-RHSA-2010-0054.NASL", "REDHAT-RHSA-2010-0130.NASL", "REDHAT-RHSA-2010-0155.NASL", "REDHAT-RHSA-2010-0162.NASL", "REDHAT-RHSA-2010-0163.NASL", "REDHAT-RHSA-2010-0164.NASL", "REDHAT-RHSA-2010-0165.NASL", "REDHAT-RHSA-2010-0166.NASL", "REDHAT-RHSA-2010-0167.NASL", "REDHAT-RHSA-2010-0333.NASL", "REDHAT-RHSA-2010-0337.NASL", "REDHAT-RHSA-2010-0338.NASL", "REDHAT-RHSA-2010-0339.NASL", "REDHAT-RHSA-2010-0768.NASL", "REDHAT-RHSA-2010-0770.NASL", "REDHAT-RHSA-2010-0786.NASL", "REDHAT-RHSA-2010-0807.NASL", "REDHAT-RHSA-2010-0865.NASL", "REDHAT-RHSA-2010-0888.NASL", "REDHAT-RHSA-2010-0977.NASL", "REDHAT-RHSA-2010-0978.NASL", "REDHAT-RHSA-2010-0979.NASL", "REDHAT-RHSA-2010-0987.NASL", "REDHAT-RHSA-2011-0677.NASL", "REDHAT-RHSA-2011-0880.NASL", "REDHAT-RHSA-2011-1409.NASL", "REDHAT-RHSA-2012-0059.NASL", "REDHAT-RHSA-2012-0060.NASL", "REDHAT-RHSA-2012-0109.NASL", "REDHAT-RHSA-2012-0168.NASL", "REDHAT-RHSA-2012-0518.NASL", "REDHAT-RHSA-2012-0522.NASL", "REDHAT-RHSA-2014-0015.NASL", "REDHAT-RHSA-2014-0041.NASL", "REDHAT-RHSA-2014-0376.NASL", "REDHAT-RHSA-2014-0377.NASL", "REDHAT-RHSA-2014-0378.NASL", "REDHAT-RHSA-2014-0396.NASL", "REDHAT-RHSA-2014-0416.NASL", "REDHAT-RHSA-2014-1652.NASL", "REDHAT-RHSA-2014-1653.NASL", "REDHAT-RHSA-2014-1692.NASL", "REDHAT-RHSA-2014-1876.NASL", "REDHAT-RHSA-2014-1877.NASL", "REDHAT-RHSA-2014-1880.NASL", "REDHAT-RHSA-2014-1881.NASL", "REDHAT-RHSA-2014-1882.NASL", "REDHAT-RHSA-2014-1948.NASL", "REDHAT-RHSA-2015-0067.NASL", "REDHAT-RHSA-2015-0068.NASL", "REDHAT-RHSA-2015-0069.NASL", "REDHAT-RHSA-2015-0079.NASL", "REDHAT-RHSA-2015-0080.NASL", "REDHAT-RHSA-2015-0085.NASL", "REDHAT-RHSA-2015-0086.NASL", "REDHAT-RHSA-2015-0264.NASL", "REDHAT-RHSA-2015-0698.NASL", "REDHAT-RHSA-2015-1545.NASL", "REDHAT-RHSA-2015-1546.NASL", "REDHAT-RHSA-2016-1940.NASL", "REDHAT-RHSA-2017-0175.NASL", "REDHAT-RHSA-2017-0176.NASL", "REDHAT-RHSA-2017-0177.NASL", "REDHAT-RHSA-2017-0180.NASL", "REDHAT-RHSA-2017-0269.NASL", "REDHAT-RHSA-2017-0336.NASL", "REDHAT-RHSA-2017-0337.NASL", "REDHAT-RHSA-2017-0338.NASL", "REDHAT-RHSA-2017-0462.NASL", "REDHAT-RHSA-2017-1216.NASL", "REDHAT-RHSA-2017-2709.NASL", "REDHAT-RHSA-2017-2710.NASL", "REDHAT-RHSA-2017-3113.NASL", "REDHAT-RHSA-2017-3240.NASL", "REDHAT-RHSA-2018-0998.NASL", "REDHAT-RHSA-2018-2123.NASL", "REDHAT-RHSA-2018-2185.NASL", "REDHAT-RHSA-2018-2186.NASL", "REDHAT-RHSA-2018-2568.NASL", "REDHAT-RHSA-2018-2575.NASL", "REDHAT-RHSA-2018-2713.NASL", "SCADA_TRIANGLE_GATEWAY_3_3_729.NBIN", "SEAMONKEY_204.NASL", "SECURITYCENTER_5_4_3_TNS_2017_04.NASL", "SECURITYCENTER_OPENSSL_1_0_1U.NASL", "SECURITYCENTER_OPENSSL_1_0_2K.NASL", "SECURITYCENTER_OPENSSL_1_0_2M.NASL", "SECURITYCENTER_OPENSSL_1_0_2N.NASL", "SLACKWARE_SSA_2006-257-02.NASL", "SLACKWARE_SSA_2006-272-01.NASL", "SLACKWARE_SSA_2006-310-01.NASL", "SLACKWARE_SSA_2008-210-08.NASL", "SLACKWARE_SSA_2009-320-01.NASL", "SLACKWARE_SSA_2010-060-02.NASL", "SLACKWARE_SSA_2010-067-01.NASL", "SLACKWARE_SSA_2010-326-01.NASL", "SLACKWARE_SSA_2010-340-01.NASL", "SLACKWARE_SSA_2011-041-04.NASL", "SLACKWARE_SSA_2014-013-02.NASL", "SLACKWARE_SSA_2014-098-01.NASL", "SLACKWARE_SSA_2014-288-01.NASL", "SLACKWARE_SSA_2015-349-01.NASL", "SLACKWARE_SSA_2015-349-04.NASL", "SLACKWARE_SSA_2016-266-01.NASL", "SLACKWARE_SSA_2016-363-01.NASL", "SLACKWARE_SSA_2017-041-02.NASL", "SLACKWARE_SSA_2017-306-02.NASL", "SLACKWARE_SSA_2017-342-01.NASL", "SL_20071012_OPENSSL_ON_SL5_X.NASL", "SL_20071022_OPENSSL_ON_SL3.NASL", "SL_20071115_OPENSSL_ON_SL4_X.NASL", "SL_20090527_HTTPD_ON_SL5_X.NASL", "SL_20090902_OPENSSL_ON_SL5_X.NASL", "SL_20091111_HTTPD_ON_SL3_X.NASL", "SL_20100119_OPENSSL_ON_SL5_X.NASL", "SL_20100325_GNUTLS_ON_SL4_X.NASL", "SL_20100325_NSS_ON_SL4_X.NASL", "SL_20100325_OPENSSL097A_ON_SL5_X.NASL", "SL_20100325_OPENSSL_ON_SL3_X.NASL", "SL_20100325_OPENSSL_ON_SL5_X.NASL", "SL_20100331_JAVA_1_6_0_OPENJDK_ON_SL5_X.NASL", "SL_20100331_JAVA__JDK_1_6_0__ON_SL4_X.NASL", "SL_20101013_JAVA_1_6_0_OPENJDK_ON_SL5_X.NASL", "SL_20101014_JAVA__JDK_1_6_0__ON_SL4_X.NASL", "SL_20101110_JAVA_1_6_0_OPENJDK_ON_SL6_X.NASL", "SL_20101116_OPENSSL_ON_SL6_X.NASL", "SL_20101213_OPENSSL_ON_SL4_X.NASL", "SL_20101213_OPENSSL_ON_SL6_X.NASL", "SL_20110519_OPENSSL_ON_SL6_X.NASL", "SL_20111026_OPENSSL_ON_SL6_X.NASL", "SL_20120124_OPENSSL_ON_SL5_X.NASL", "SL_20120124_OPENSSL_ON_SL6_X.NASL", "SL_20120424_OPENSSL_ON_SL5_X.NASL", "SL_20140108_OPENSSL_ON_SL6_X.NASL", "SL_20140408_OPENSSL_ON_SL6_X.NASL", "SL_20141016_OPENSSL_ON_SL5_X.NASL", "SL_20141016_OPENSSL_ON_SL6_X.NASL", "SL_20141202_NSS__NSS_UTIL__AND_NSS_SOFTOKN_ON_SL5_X.NASL", "SL_20150121_JAVA_1_7_0_OPENJDK_ON_SL5_X.NASL", "SL_20150121_JAVA_1_7_0_OPENJDK_ON_SL6_X.NASL", "SL_20150121_JAVA_1_8_0_OPENJDK_ON_SL6_X.NASL", "SL_20150126_JAVA_1_6_0_OPENJDK_ON_SL5_X.NASL", "SL_20160927_OPENSSL_ON_SL6_X.NASL", "SL_20170120_JAVA_1_8_0_OPENJDK_ON_SL6_X.NASL", "SL_20170213_JAVA_1_7_0_OPENJDK_ON_SL5_X.NASL", "SL_20180410_OPENSSL_ON_SL7_X.NASL", "SL_20180703_PYTHON_ON_SL7_X.NASL", "SMB_KB2962393.NASL", "SMB_KB3009008.NASL", "SMB_NT_MS10-049.NASL", "SOLARIS10_116648-25.NASL", "SOLARIS10_116648.NASL", "SOLARIS10_118371.NASL", "SOLARIS10_119213-27.NASL", "SOLARIS10_119213-30.NASL", "SOLARIS10_119213-31.NASL", "SOLARIS10_119213-32.NASL", "SOLARIS10_119213-33.NASL", "SOLARIS10_119213-36.NASL", "SOLARIS10_119213-37.NASL", "SOLARIS10_119213-38.NASL", "SOLARIS10_119213.NASL", "SOLARIS10_121229-02.NASL", "SOLARIS10_121229.NASL", "SOLARIS10_125437-22.NASL", "SOLARIS10_125437.NASL", "SOLARIS10_128640-30.NASL", "SOLARIS10_128640.NASL", "SOLARIS10_142824-24.NASL", "SOLARIS10_143140-04.NASL", "SOLARIS10_145102-01.NASL", "SOLARIS10_146857-01.NASL", "SOLARIS10_X86_116649-25.NASL", "SOLARIS10_X86_118372.NASL", "SOLARIS10_X86_119214-27.NASL", "SOLARIS10_X86_119214-30.NASL", "SOLARIS10_X86_119214-31.NASL", "SOLARIS10_X86_119214-32.NASL", "SOLARIS10_X86_119214-33.NASL", "SOLARIS10_X86_119214-36.NASL", "SOLARIS10_X86_119214-37.NASL", "SOLARIS10_X86_119214-38.NASL", "SOLARIS10_X86_119214.NASL", "SOLARIS10_X86_121230-02.NASL", "SOLARIS10_X86_121230.NASL", "SOLARIS10_X86_125438-22.NASL", "SOLARIS10_X86_125438.NASL", "SOLARIS10_X86_128641-30.NASL", "SOLARIS10_X86_128641.NASL", "SOLARIS10_X86_141525-10.NASL", "SOLARIS10_X86_146859-01.NASL", "SOLARIS11_OPENSSL_20120404.NASL", "SOLARIS11_OPENSSL_20120626.NASL", "SOLARIS11_OPENSSL_20140623.NASL", "SOLARIS11_OPENSSL_20140731.NASL", "SOLARIS11_OPENSSL_20141104.NASL", "SOLARIS8_114045.NASL", "SOLARIS8_116648.NASL", "SOLARIS8_119209.NASL", "SOLARIS8_125437.NASL", "SOLARIS9_113451.NASL", "SOLARIS9_113713.NASL", "SOLARIS9_114049.NASL", "SOLARIS9_116648.NASL", "SOLARIS9_117123.NASL", "SOLARIS9_119211.NASL", "SOLARIS9_125437.NASL", "SOLARIS9_128640.NASL", "SOLARIS9_X86_114050.NASL", "SOLARIS9_X86_114435.NASL", "SOLARIS9_X86_114568.NASL", "SOLARIS9_X86_119212.NASL", "SOLARIS9_X86_122715.NASL", "SOLARIS9_X86_125438.NASL", "SOLARIS9_X86_128641.NASL", "SOLARWINDS_DAMEWARE_MINI_REMOTE_CONTROL_V12_0_HOTFIX_2.NASL", "SOLARWINDS_SRM_PROFILER_6_2_3.NASL", "SPLUNK_5011.NASL", "SPLUNK_603.NASL", "SPLUNK_607.NASL", "SSL_64BITBLOCK_SUPPORTED_CIPHERS.NASL", "SSL_MEDIUM_SUPPORTED_CIPHERS.NASL", "SSL_POODLE.NASL", "SSL_RENEGOTIATION.NASL", "STUNNEL_5_01.NASL", "STUNNEL_5_06.NASL", "SUN_JAVA_WEB_SERVER_7_0_27.NASL", "SUSE9_11843.NASL", "SUSE9_12550.NASL", "SUSE9_12606.NASL", "SUSE9_12621.NASL", "SUSE9_12623.NASL", "SUSE9_12658.NASL", "SUSE9_12659.NASL", "SUSE9_12701.NASL", "SUSE9_12705.NASL", "SUSE_11_0_APACHE2-080925.NASL", "SUSE_11_0_COMPAT-OPENSSL097G-091113.NASL", "SUSE_11_0_FIREFOX35UPGRADE-100407.NASL", "SUSE_11_0_JAVA-1_6_0-OPENJDK-100428.NASL", "SUSE_11_0_JAVA-1_6_0-SUN-100331.NASL", "SUSE_11_0_LIBFREEBL3-100407.NASL", "SUSE_11_0_LIBOPENSSL-DEVEL-090522.NASL", "SUSE_11_0_LIBOPENSSL-DEVEL-091112.NASL", "SUSE_11_0_MOZILLA-XULRUNNER190-100407.NASL", "SUSE_11_0_OPENSSL-CVE-2009-4355_PATCH-100115.NASL", "SUSE_11_1_COMPAT-OPENSSL097G-091113.NASL", "SUSE_11_1_FIREFOX35UPGRADE-100407.NASL", "SUSE_11_1_GNUTLS-101025.NASL", "SUSE_11_1_GNUTLS-101206.NASL", "SUSE_11_1_JAVA-1_6_0-OPENJDK-100428.NASL", "SUSE_11_1_JAVA-1_6_0-OPENJDK-101103.NASL", "SUSE_11_1_JAVA-1_6_0-SUN-100331.NASL", "SUSE_11_1_JAVA-1_6_0-SUN-101019.NASL", "SUSE_11_1_LIBFREEBL3-100407.NASL", "SUSE_11_1_LIBOPENSSL-DEVEL-090522.NASL", "SUSE_11_1_LIBOPENSSL-DEVEL-091112.NASL", "SUSE_11_1_LIBOPENSSL-DEVEL-100331.NASL", "SUSE_11_1_LIBOPENSSL-DEVEL-101111.NASL", "SUSE_11_1_LIBOPENSSL-DEVEL-101207.NASL", "SUSE_11_1_MOZILLA-XULRUNNER190-100407.NASL", "SUSE_11_1_MOZILLAFIREFOX-BRANDING-OPENSUSE-100413.NASL", "SUSE_11_1_OPENSSL-CVE-2009-4355_PATCH-100120.NASL", "SUSE_11_2_COMPAT-OPENSSL097G-091113.NASL", "SUSE_11_2_GNUTLS-101025.NASL", "SUSE_11_2_GNUTLS-101206.NASL", "SUSE_11_2_JAVA-1_6_0-OPENJDK-100412.NASL", "SUSE_11_2_JAVA-1_6_0-OPENJDK-101103.NASL", "SUSE_11_2_JAVA-1_6_0-SUN-100331.NASL", "SUSE_11_2_JAVA-1_6_0-SUN-101019.NASL", "SUSE_11_2_LIBFREEBL3-100406.NASL", "SUSE_11_2_LIBOPENSSL-DEVEL-091113.NASL", "SUSE_11_2_LIBOPENSSL-DEVEL-100401.NASL", "SUSE_11_2_LIBOPENSSL-DEVEL-101119.NASL", "SUSE_11_2_LIBOPENSSL-DEVEL-101207.NASL", "SUSE_11_2_LIBOPENSSL-DEVEL-110210.NASL", "SUSE_11_2_MOZILLAFIREFOX-100412.NASL", "SUSE_11_2_MOZILLATHUNDERBIRD-100406.NASL", "SUSE_11_2_OPENSSL-CVE-2009-4355_PATCH-100115.NASL", "SUSE_11_2_SEAMONKEY-100406.NASL", "SUSE_11_3_COMPAT-OPENSSL097G-110721.NASL", "SUSE_11_3_GNUTLS-101025.NASL", "SUSE_11_3_GNUTLS-101206.NASL", "SUSE_11_3_JAVA-1_6_0-OPENJDK-101103.NASL", "SUSE_11_3_JAVA-1_6_0-SUN-101019.NASL", "SUSE_11_3_LIBOPENSSL-DEVEL-101119.NASL", "SUSE_11_3_LIBOPENSSL-DEVEL-101207.NASL", "SUSE_11_3_LIBOPENSSL-DEVEL-110210.NASL", "SUSE_11_3_LIBOPENSSL-DEVEL-110920.NASL", "SUSE_11_3_LIBOPENSSL-DEVEL-120111.NASL", "SUSE_11_4_COMPAT-OPENSSL097G-110721.NASL", "SUSE_11_4_CURL-120124.NASL", "SUSE_11_4_LIBOPENSSL-DEVEL-110920.NASL", "SUSE_11_4_LIBOPENSSL-DEVEL-120111.NASL", "SUSE_11_4_LIBOPENSSL-DEVEL-120206.NASL", "SUSE_11_COMPAT-OPENSSL097G-091113.NASL", "SUSE_11_COMPAT-OPENSSL097G-110721.NASL", "SUSE_11_COMPAT-OPENSSL097G-120830.NASL", "SUSE_11_COMPAT-OPENSSL097G-141202.NASL", "SUSE_11_GNUTLS-101206.NASL", "SUSE_11_JAVA-1_4_2-IBM-100510.NASL", "SUSE_11_JAVA-1_4_2-IBM-101112.NASL", "SUSE_11_JAVA-1_6_0-IBM-101220.NASL", "SUSE_11_JAVA-1_6_0-IBM-141119.NASL", "SUSE_11_JAVA-1_6_0-SUN-100331.NASL", "SUSE_11_JAVA-1_6_0-SUN-101019.NASL", "SUSE_11_JAVA-1_7_0-IBM-141121.NASL", "SUSE_11_JAVA-1_7_0-OPENJDK-150206.NASL", "SUSE_11_LIBFREEBL3-100406.NASL", "SUSE_11_LIBOPENSSL-DEVEL-090522.NASL", "SUSE_11_LIBOPENSSL-DEVEL-091112.NASL", "SUSE_11_LIBOPENSSL-DEVEL-100331.NASL", "SUSE_11_LIBOPENSSL-DEVEL-101111.NASL", "SUSE_11_LIBOPENSSL-DEVEL-101116.NASL", "SUSE_11_LIBOPENSSL-DEVEL-101207.NASL", "SUSE_11_LIBOPENSSL-DEVEL-110210.NASL", "SUSE_11_LIBOPENSSL-DEVEL-120111.NASL", "SUSE_11_LIBOPENSSL-DEVEL-120209.NASL", "SUSE_11_LIBOPENSSL-DEVEL-120503.NASL", "SUSE_11_LIBOPENSSL-DEVEL-141024.NASL", "SUSE_11_LIBWSMAN-DEVEL-141021.NASL", "SUSE_11_MOZILLA-XULRUNNER190-100406.NASL", "SUSE_11_MOZILLA-XULRUNNER190-100407.NASL", "SUSE_11_MOZILLAFIREFOX-100406.NASL", "SUSE_11_MOZILLAFIREFOX-100407.NASL", "SUSE_11_OPENSSL-CVE-2009-4355_PATCH-100115.NASL", "SUSE_11_PURE-FTPD-141120.NASL", "SUSE_11_SUSEREGISTER-141121.NASL", "SUSE_APACHE2-5648.NASL", "SUSE_BIND-2268.NASL", "SUSE_BIND-2269.NASL", "SUSE_COMPAT-OPENSSL097G-2163.NASL", "SUSE_COMPAT-OPENSSL097G-2171.NASL", "SUSE_COMPAT-OPENSSL097G-5054.NASL", "SUSE_COMPAT-OPENSSL097G-5055.NASL", "SUSE_COMPAT-OPENSSL097G-6656.NASL", "SUSE_COMPAT-OPENSSL097G-6657.NASL", "SUSE_COMPAT-OPENSSL097G-7644.NASL", "SUSE_COMPAT-OPENSSL097G-7645.NASL", "SUSE_COMPAT-OPENSSL097G-8262.NASL", "SUSE_GNUTLS-7299.NASL", "SUSE_JAVA-1_4_2-IBM-7036.NASL", "SUSE_JAVA-1_4_2-IBM-7231.NASL", "SUSE_JAVA-1_5_0-IBM-7077.NASL", "SUSE_JAVA-1_5_0-IBM-7205.NASL", "SUSE_JAVA-1_6_0-IBM-7312.NASL", "SUSE_JAVA-1_6_0-SUN-7204.NASL", "SUSE_LIBCURL4-8618.NASL", "SUSE_LIBOPENSSL-DEVEL-4476.NASL", "SUSE_LIBOPENSSL-DEVEL-4560.NASL", "SUSE_LIBOPENSSL-DEVEL-6268.NASL", "SUSE_MOZILLA-NSPR-6977.NASL", "SUSE_MOZILLA-NSS-6978.NASL", "SUSE_MOZILLA-XULRUNNER190-6971.NASL", "SUSE_MOZILLA-XULRUNNER190-6976.NASL", "SUSE_MOZILLAFIREFOX-6970.NASL", "SUSE_MOZILLAFIREFOX-6979.NASL", "SUSE_OPENSSL-2069.NASL", "SUSE_OPENSSL-2082.NASL", "SUSE_OPENSSL-2140.NASL", "SUSE_OPENSSL-2141.NASL", "SUSE_OPENSSL-2162.NASL", "SUSE_OPENSSL-2175.NASL", "SUSE_OPENSSL-2349.NASL", "SUSE_OPENSSL-4477.NASL", "SUSE_OPENSSL-4559.NASL", "SUSE_OPENSSL-6267.NASL", "SUSE_OPENSSL-6654.NASL", "SUSE_OPENSSL-6655.NASL", "SUSE_OPENSSL-6943.NASL", "SUSE_OPENSSL-6944.NASL", "SUSE_OPENSSL-7462.NASL", "SUSE_OPENSSL-7463.NASL", "SUSE_OPENSSL-7923.NASL", "SUSE_OPENSSL-7961.NASL", "SUSE_OPENSSL-8112.NASL", "SUSE_OPENSSL-CVE-2009-4355.PATCH-6783.NASL", "SUSE_OPENSSL-CVE-2009-4355.PATCH-6784.NASL", "SUSE_OPERA-2181.NASL", "SUSE_SA_2006_055.NASL", "SUSE_SA_2006_058.NASL", "SUSE_SA_2006_061.NASL", "SUSE_SU-2014-1387-1.NASL", "SUSE_SU-2014-1512-1.NASL", "SUSE_SU-2014-1524-1.NASL", "SUSE_SU-2014-1541-1.NASL", "SUSE_SU-2015-0503-1.NASL", "SUSE_SU-2016-1457-1.NASL", "SUSE_SU-2016-2285-1.NASL", "SUSE_SU-2016-2329-1.NASL", "SUSE_SU-2016-2387-1.NASL", "SUSE_SU-2016-2394-1.NASL", "SUSE_SU-2016-2396-1.NASL", "SUSE_SU-2016-2458-1.NASL", "SUSE_SU-2016-2468-1.NASL", "SUSE_SU-2016-2470-1.NASL", "SUSE_SU-2017-0346-1.NASL", "SUSE_SU-2017-0431-1.NASL", "SUSE_SU-2017-0441-1.NASL", "SUSE_SU-2017-0460-1.NASL", "SUSE_SU-2017-0490-1.NASL", "SUSE_SU-2017-0716-1.NASL", "SUSE_SU-2017-0719-1.NASL", "SUSE_SU-2017-0720-1.NASL", "SUSE_SU-2017-0726-1.NASL", "SUSE_SU-2017-0839-1.NASL", "SUSE_SU-2017-0855-1.NASL", "SUSE_SU-2017-1389-1.NASL", "SUSE_SU-2017-1444-1.NASL", "SUSE_SU-2017-3169-1.NASL", "SUSE_SU-2017-3343-1.NASL", "SUSE_SU-2018-0002-1.NASL", "SUSE_SU-2018-0053-1.NASL", "SUSE_SU-2018-0293-1.NASL", "SUSE_SU-2018-2839-1.NASL", "SUSE_SU-2018-2839-2.NASL", "SUSE_SU-2018-3082-1.NASL", "SYMANTEC_ENDPOINT_PROT_MGR_12_1_RU4_MP1A.NASL", "TENABLE_OT_SIEMENS_CVE-2014-0160.NASL", "TOMCAT_6_0_43.NASL", "TOMCAT_7_0_57.NASL", "TOMCAT_8_0_15.NASL", "UBUNTU_USN-1010-1.NASL", "UBUNTU_USN-1018-1.NASL", "UBUNTU_USN-1029-1.NASL", "UBUNTU_USN-1064-1.NASL", "UBUNTU_USN-1357-1.NASL", "UBUNTU_USN-1424-1.NASL", "UBUNTU_USN-1428-1.NASL", "UBUNTU_USN-2079-1.NASL", "UBUNTU_USN-2165-1.NASL", "UBUNTU_USN-2486-1.NASL", "UBUNTU_USN-2487-1.NASL", "UBUNTU_USN-2830-1.NASL", "UBUNTU_USN-2883-1.NASL", "UBUNTU_USN-3087-1.NASL", "UBUNTU_USN-3087-2.NASL", "UBUNTU_USN-3179-1.NASL", "UBUNTU_USN-3181-1.NASL", "UBUNTU_USN-3194-1.NASL", "UBUNTU_USN-3198-1.NASL", "UBUNTU_USN-3270-1.NASL", "UBUNTU_USN-339-1.NASL", "UBUNTU_USN-3475-1.NASL", "UBUNTU_USN-3512-1.NASL", "UBUNTU_USN-353-1.NASL", "UBUNTU_USN-353-2.NASL", "UBUNTU_USN-522-1.NASL", "UBUNTU_USN-534-1.NASL", "UBUNTU_USN-620-1.NASL", "UBUNTU_USN-731-1.NASL", "UBUNTU_USN-792-1.NASL", "UBUNTU_USN-860-1.NASL", "UBUNTU_USN-884-1.NASL", "UBUNTU_USN-923-1.NASL", "UBUNTU_USN-927-1.NASL", "UBUNTU_USN-927-4.NASL", "UBUNTU_USN-927-6.NASL", "UBUNTU_USN-990-1.NASL", "UBUNTU_USN-990-2.NASL", "VCENTER_OPERATIONS_MANAGER_VMSA_2015-0003-LINUX.NASL", "VCENTER_OPERATIONS_MANAGER_VMSA_2015-0003-VAPP.NASL", "VCENTER_OPERATIONS_MANAGER_VMSA_2015-0003-WIN.NASL", "VIRTUALBOX_5_0_18.NASL", "VIRTUALBOX_5_2_6.NASL", "VIRTUOZZO_VZLSA-2017-0180.NASL", "VIRTUOZZO_VZLSA-2017-0269.NASL", "VMWARE_ESXI_5_0_BUILD_912577_REMOTE.NASL", "VMWARE_ESXI_5_5_BUILD_1746974_REMOTE.NASL", "VMWARE_ESXI_5_5_BUILD_2352327_REMOTE.NASL", "VMWARE_ESXI_6_0_BUILD_5485776_REMOTE.NASL", "VMWARE_ESX_VMSA-2013-0003_REMOTE.NASL", "VMWARE_HORIZON_VIEW_VMSA-2015-0003.NASL", "VMWARE_HORIZON_WORKSPACE_VMSA2014-0004.NASL", "VMWARE_MULTIPLE_VMSA_2008_0005.NASL", "VMWARE_PLAYER_LINUX_6_0_2.NASL", "VMWARE_PLAYER_MULTIPLE_VMSA_2014-0004.NASL", "VMWARE_VCENTER_CHARGEBACK_MANAGER_VMSA_2015_0003.NASL", "VMWARE_VCENTER_VMSA-2015-0001.NASL", "VMWARE_VCENTER_VMSA-2015-0003.NASL", "VMWARE_VMSA-2008-0001.NASL", "VMWARE_VMSA-2008-0013.NASL", "VMWARE_VMSA-2010-0004.NASL", "VMWARE_VMSA-2010-0004_REMOTE.NASL", "VMWARE_VMSA-2010-0009.NASL", "VMWARE_VMSA-2010-0009_REMOTE.NASL", "VMWARE_VMSA-2010-0015.NASL", "VMWARE_VMSA-2010-0015_REMOTE.NASL", "VMWARE_VMSA-2010-0019.NASL", "VMWARE_VMSA-2010-0019_REMOTE.NASL", "VMWARE_VMSA-2011-0003.NASL", "VMWARE_VMSA-2011-0003_REMOTE.NASL", "VMWARE_VMSA-2011-0013.NASL", "VMWARE_VMSA-2011-0013_REMOTE.NASL", "VMWARE_VMSA-2012-0013.NASL", "VMWARE_VMSA-2012-0013_REMOTE.NASL", "VMWARE_VMSA-2013-0003.NASL", "VMWARE_VMSA-2014-0004.NASL", "VMWARE_VMSA-2014-0004_REMOTE.NASL", "VMWARE_VMSA-2015-0001.NASL", "VMWARE_WORKSPACE_PORTAL_VMSA2015-0003.NASL", "VMWARE_WORKSTATION_LINUX_10_0_2.NASL", "VMWARE_WORKSTATION_MULTIPLE_VMSA_2014_0004.NASL", "WD_ARKEIA_10_1_19_VER_CHECK.NASL", "WEBSENSE_EMAIL_SECURITY_HEARTBLEED.NASL", "WEBSENSE_WEB_SECURITY_HEARTBLEED.NASL", "WEBSPHERE_7_0_0_37.NASL", "WEBSPHERE_8_0_0_10.NASL", "WEBSPHERE_8_5_5_4.NASL", "WINSCP_5_5_3.NASL", "XEROX_XRX07_001.NASL", "XEROX_XRX15AD_COLORQUBE.NASL", "XEROX_XRX15AJ.NASL", "XEROX_XRX15AM.NASL"]}, {"type": "nginx", "idList": ["NGINX:CVE-2009-3555"]}, {"type": "nmap", "idList": ["NMAP:SSL-HEARTBLEED.NSE", "NMAP:SSL-POODLE.NSE"]}, {"type": "nodejsblog", "idList": ["NODEJSBLOG:DECEMBER-2015-SECURITY-RELEASES", "NODEJSBLOG:DECEMBER-2017-SECURITY-RELEASES", "NODEJSBLOG:FEBRUARY-2016-SECURITY-RELEASES", "NODEJSBLOG:OPENSSL-JANUARY-2017", "NODEJSBLOG:OPENSSL-NOVEMBER-2017", "NODEJSBLOG:SEPTEMBER-2016-SECURITY-RELEASES"]}, {"type": "openssl", "idList": ["OPENSSL:CVE-2006-2937", "OPENSSL:CVE-2006-2940", "OPENSSL:CVE-2006-3738", "OPENSSL:CVE-2006-4339", "OPENSSL:CVE-2006-4343", "OPENSSL:CVE-2007-4995", "OPENSSL:CVE-2007-5135", "OPENSSL:CVE-2008-0891", "OPENSSL:CVE-2008-1672", "OPENSSL:CVE-2009-1377", "OPENSSL:CVE-2009-1378", "OPENSSL:CVE-2009-1379", "OPENSSL:CVE-2009-3555", "OPENSSL:CVE-2009-4355", "OPENSSL:CVE-2010-0742", "OPENSSL:CVE-2010-1633", "OPENSSL:CVE-2010-3864", "OPENSSL:CVE-2010-4180", "OPENSSL:CVE-2011-0014", "OPENSSL:CVE-2011-3207", "OPENSSL:CVE-2011-4108", "OPENSSL:CVE-2012-0050", "OPENSSL:CVE-2012-2110", "OPENSSL:CVE-2012-2131", "OPENSSL:CVE-2013-4353", "OPENSSL:CVE-2013-6449", "OPENSSL:CVE-2013-6450", "OPENSSL:CVE-2014-0160", "OPENSSL:CVE-2015-3193", "OPENSSL:CVE-2016-0701", "OPENSSL:CVE-2016-2183", "OPENSSL:CVE-2017-3732", "OPENSSL:CVE-2017-3736", "OPENSSL:CVE-2017-3737", "OPENSSL:CVE-2017-3738", "OPENSSL:CVE-2021-4160"]}, {"type": "openvas", "idList": ["OPENVAS:102020", "OPENVAS:102024", "OPENVAS:102025", "OPENVAS:102045", "OPENVAS:102047", "OPENVAS:103451", "OPENVAS:103454", "OPENVAS:103468", "OPENVAS:103558", "OPENVAS:103672", "OPENVAS:103849", "OPENVAS:105021", "OPENVAS:105022", "OPENVAS:1361412562310100668", "OPENVAS:1361412562310100751", "OPENVAS:1361412562310102020", "OPENVAS:1361412562310102024", "OPENVAS:1361412562310102025", "OPENVAS:1361412562310102045", "OPENVAS:1361412562310102047", "OPENVAS:1361412562310103394", "OPENVAS:1361412562310103451", "OPENVAS:1361412562310103454", "OPENVAS:1361412562310103468", "OPENVAS:1361412562310103558", "OPENVAS:1361412562310103672", "OPENVAS:1361412562310103849", "OPENVAS:1361412562310103936", "OPENVAS:1361412562310105010", "OPENVAS:1361412562310105021", "OPENVAS:1361412562310105022", "OPENVAS:1361412562310105040", "OPENVAS:1361412562310105190", "OPENVAS:1361412562310105191", "OPENVAS:1361412562310105413", "OPENVAS:1361412562310105722", "OPENVAS:1361412562310105950", "OPENVAS:1361412562310106284", "OPENVAS:1361412562310106285", "OPENVAS:1361412562310106286", "OPENVAS:1361412562310106353", "OPENVAS:1361412562310106460", "OPENVAS:1361412562310106609", "OPENVAS:1361412562310106619", "OPENVAS:1361412562310106949", "OPENVAS:1361412562310107203", "OPENVAS:1361412562310107204", "OPENVAS:1361412562310107260", "OPENVAS:1361412562310107268", "OPENVAS:1361412562310107269", "OPENVAS:1361412562310107270", "OPENVAS:1361412562310108031", "OPENVAS:1361412562310108372", "OPENVAS:1361412562310108772", "OPENVAS:1361412562310111012", "OPENVAS:1361412562310120151", "OPENVAS:1361412562310120152", "OPENVAS:1361412562310120188", "OPENVAS:1361412562310120189", "OPENVAS:1361412562310120204", "OPENVAS:1361412562310120209", "OPENVAS:1361412562310120287", "OPENVAS:1361412562310120288", "OPENVAS:1361412562310120324", "OPENVAS:1361412562310120514", "OPENVAS:1361412562310120573", "OPENVAS:1361412562310120744", "OPENVAS:1361412562310121000", "OPENVAS:1361412562310121029", "OPENVAS:1361412562310121072", "OPENVAS:1361412562310121084", "OPENVAS:1361412562310121156", "OPENVAS:1361412562310121175", "OPENVAS:1361412562310121235", "OPENVAS:1361412562310121263", "OPENVAS:1361412562310121285", "OPENVAS:1361412562310121297", "OPENVAS:1361412562310121325", "OPENVAS:1361412562310121395", "OPENVAS:1361412562310121439", "OPENVAS:1361412562310122003", "OPENVAS:1361412562310122006", "OPENVAS:1361412562310122063", "OPENVAS:1361412562310122167", "OPENVAS:1361412562310122262", "OPENVAS:1361412562310122287", "OPENVAS:1361412562310122310", "OPENVAS:1361412562310122367", "OPENVAS:1361412562310122380", "OPENVAS:1361412562310122381", "OPENVAS:1361412562310122382", "OPENVAS:1361412562310122383", "OPENVAS:1361412562310122398", "OPENVAS:1361412562310122420", "OPENVAS:1361412562310122445", "OPENVAS:1361412562310122480", "OPENVAS:1361412562310122652", "OPENVAS:1361412562310123198", "OPENVAS:1361412562310123200", "OPENVAS:1361412562310123201", "OPENVAS:1361412562310123202", "OPENVAS:1361412562310123278", "OPENVAS:1361412562310123430", "OPENVAS:1361412562310123486", "OPENVAS:1361412562310123929", "OPENVAS:1361412562310131222", "OPENVAS:1361412562310140168", "OPENVAS:1361412562310143949", "OPENVAS:136141256231057389", "OPENVAS:136141256231057491", "OPENVAS:136141256231057698", "OPENVAS:136141256231061470", "OPENVAS:136141256231063141", "OPENVAS:136141256231064065", "OPENVAS:136141256231064118", "OPENVAS:136141256231064124", "OPENVAS:136141256231064132", "OPENVAS:136141256231064140", "OPENVAS:136141256231064196", "OPENVAS:136141256231064246", "OPENVAS:136141256231064247", "OPENVAS:136141256231064248", "OPENVAS:136141256231064377", "OPENVAS:136141256231064799", "OPENVAS:136141256231064920", "OPENVAS:136141256231064935", "OPENVAS:136141256231064948", "OPENVAS:136141256231064949", "OPENVAS:136141256231065145", "OPENVAS:136141256231065185", "OPENVAS:136141256231065349", "OPENVAS:136141256231065556", "OPENVAS:136141256231065603", "OPENVAS:136141256231065668", "OPENVAS:136141256231065793", "OPENVAS:136141256231065974", "OPENVAS:136141256231066240", "OPENVAS:136141256231066241", "OPENVAS:136141256231066270", "OPENVAS:136141256231066274", "OPENVAS:136141256231066275", "OPENVAS:136141256231066278", "OPENVAS:136141256231066279", "OPENVAS:136141256231066285", "OPENVAS:136141256231066302", "OPENVAS:136141256231066310", "OPENVAS:136141256231066353", "OPENVAS:136141256231066370", "OPENVAS:136141256231066414", "OPENVAS:136141256231066449", "OPENVAS:136141256231066450", "OPENVAS:136141256231066451", "OPENVAS:136141256231066497", "OPENVAS:136141256231066498", "OPENVAS:136141256231066517", "OPENVAS:136141256231066557", "OPENVAS:136141256231066562", "OPENVAS:136141256231066563", "OPENVAS:136141256231066583", "OPENVAS:136141256231066585", "OPENVAS:136141256231067042", "OPENVAS:136141256231067045", "OPENVAS:136141256231067053", "OPENVAS:136141256231067218", "OPENVAS:136141256231068671", "OPENVAS:136141256231068673", "OPENVAS:136141256231068703", "OPENVAS:136141256231068704", "OPENVAS:136141256231068921", "OPENVAS:136141256231068997", "OPENVAS:136141256231068998", "OPENVAS:136141256231069021", "OPENVAS:136141256231070248", "OPENVAS:1361412562310702833", "OPENVAS:1361412562310702837", "OPENVAS:1361412562310702896", "OPENVAS:1361412562310703053", "OPENVAS:1361412562310703144", "OPENVAS:1361412562310703147", "OPENVAS:1361412562310703253", "OPENVAS:1361412562310703489", "OPENVAS:1361412562310703673", "OPENVAS:1361412562310704017", "OPENVAS:1361412562310704018", "OPENVAS:1361412562310704065", "OPENVAS:1361412562310704157", "OPENVAS:136141256231070708", "OPENVAS:136141256231070711", "OPENVAS:136141256231070750", "OPENVAS:136141256231070756", "OPENVAS:136141256231070764", "OPENVAS:136141256231070768", "OPENVAS:136141256231071196", "OPENVAS:136141256231071259", "OPENVAS:136141256231071261", "OPENVAS:136141256231071273", "OPENVAS:136141256231071308", "OPENVAS:136141256231071533", "OPENVAS:136141256231071585", "OPENVAS:1361412562310800466", "OPENVAS:1361412562310800499", "OPENVAS:1361412562310800500", "OPENVAS:1361412562310802087", "OPENVAS:1361412562310804061", "OPENVAS:1361412562310806125", "OPENVAS:1361412562310806126", "OPENVAS:1361412562310806653", "OPENVAS:1361412562310806654", "OPENVAS:1361412562310806673", "OPENVAS:1361412562310806674", "OPENVAS:1361412562310807228", "OPENVAS:1361412562310808703", "OPENVAS:1361412562310809782", "OPENVAS:1361412562310810232", "OPENVAS:1361412562310810233", "OPENVAS:1361412562310810542", "OPENVAS:1361412562310811440", "OPENVAS:1361412562310811441", "OPENVAS:1361412562310812648", "OPENVAS:1361412562310812649", "OPENVAS:1361412562310830049", "OPENVAS:1361412562310830210", "OPENVAS:1361412562310830697", "OPENVAS:1361412562310830842", "OPENVAS:1361412562310830893", "OPENVAS:1361412562310830906", "OPENVAS:1361412562310830920", "OPENVAS:1361412562310830934", "OPENVAS:1361412562310830970", "OPENVAS:1361412562310830981", "OPENVAS:1361412562310830984", "OPENVAS:1361412562310831003", "OPENVAS:1361412562310831006", "OPENVAS:1361412562310831014", "OPENVAS:1361412562310831251", "OPENVAS:1361412562310831275", "OPENVAS:1361412562310831330", "OPENVAS:1361412562310831454", "OPENVAS:1361412562310831527", "OPENVAS:1361412562310831533", "OPENVAS:1361412562310831568", "OPENVAS:1361412562310831657", "OPENVAS:1361412562310831679", "OPENVAS:1361412562310835022", "OPENVAS:1361412562310835034", "OPENVAS:1361412562310835055", "OPENVAS:1361412562310835119", "OPENVAS:1361412562310835229", "OPENVAS:1361412562310835234", "OPENVAS:1361412562310835245", "OPENVAS:1361412562310835246", "OPENVAS:1361412562310835251", "OPENVAS:1361412562310840365", "OPENVAS:1361412562310840411", "OPENVAS:1361412562310840416", "OPENVAS:1361412562310840453", "OPENVAS:1361412562310840455", "OPENVAS:1361412562310840468", "OPENVAS:1361412562310840504", "OPENVAS:1361412562310840505", "OPENVAS:1361412562310840527", "OPENVAS:1361412562310840540", "OPENVAS:1361412562310840550", "OPENVAS:1361412562310840589", "OPENVAS:1361412562310840887", "OPENVAS:1361412562310840985", "OPENVAS:1361412562310840987", "OPENVAS:1361412562310841683", "OPENVAS:1361412562310841774", "OPENVAS:1361412562310842076", "OPENVAS:1361412562310842078", "OPENVAS:1361412562310842552", "OPENVAS:1361412562310842563", "OPENVAS:1361412562310842620", "OPENVAS:1361412562310842896", "OPENVAS:1361412562310842898", "OPENVAS:1361412562310843026", "OPENVAS:1361412562310843029", "OPENVAS:1361412562310843048", "OPENVAS:1361412562310843052", "OPENVAS:1361412562310843145", "OPENVAS:1361412562310843360", "OPENVAS:1361412562310843401", "OPENVAS:1361412562310850123", "OPENVAS:1361412562310850131", "OPENVAS:1361412562310850181", "OPENVAS:1361412562310850582", "OPENVAS:1361412562310850607", "OPENVAS:1361412562310850621", "OPENVAS:1361412562310850671", "OPENVAS:1361412562310850771", "OPENVAS:1361412562310850791", "OPENVAS:1361412562310850800", "OPENVAS:1361412562310850849", "OPENVAS:1361412562310850875", "OPENVAS:1361412562310850889", "OPENVAS:1361412562310850910", "OPENVAS:1361412562310850936", "OPENVAS:1361412562310850983", "OPENVAS:1361412562310851223", "OPENVAS:1361412562310851323", "OPENVAS:1361412562310851397", "OPENVAS:1361412562310851399", "OPENVAS:1361412562310851406", "OPENVAS:1361412562310851412", "OPENVAS:1361412562310851485", "OPENVAS:1361412562310851494", "OPENVAS:1361412562310851665", "OPENVAS:1361412562310851688", "OPENVAS:1361412562310851703", "OPENVAS:1361412562310851734", "OPENVAS:1361412562310855008", "OPENVAS:1361412562310855018", "OPENVAS:1361412562310855023", "OPENVAS:1361412562310855030", "OPENVAS:1361412562310855170", "OPENVAS:1361412562310855192", "OPENVAS:1361412562310855300", "OPENVAS:1361412562310855322", "OPENVAS:1361412562310855346", "OPENVAS:1361412562310855366", "OPENVAS:1361412562310855369", "OPENVAS:1361412562310855376", "OPENVAS:1361412562310855516", "OPENVAS:1361412562310855612", "OPENVAS:1361412562310855640", "OPENVAS:1361412562310855702", "OPENVAS:1361412562310855735", "OPENVAS:1361412562310855742", "OPENVAS:1361412562310855768", "OPENVAS:1361412562310855771", "OPENVAS:1361412562310855780", "OPENVAS:1361412562310855835", "OPENVAS:1361412562310855853", "OPENVAS:1361412562310861695", "OPENVAS:1361412562310861746", "OPENVAS:1361412562310861798", "OPENVAS:1361412562310861861", "OPENVAS:1361412562310861862", "OPENVAS:1361412562310861878", "OPENVAS:1361412562310861929", "OPENVAS:1361412562310861956", "OPENVAS:1361412562310862126", "OPENVAS:1361412562310862152", "OPENVAS:1361412562310862158", "OPENVAS:1361412562310862163", "OPENVAS:1361412562310862184", "OPENVAS:1361412562310862207", "OPENVAS:1361412562310862464", "OPENVAS:1361412562310862470", "OPENVAS:1361412562310862519", "OPENVAS:1361412562310862546", "OPENVAS:1361412562310862566", "OPENVAS:1361412562310862568", "OPENVAS:1361412562310862628", "OPENVAS:1361412562310862631", "OPENVAS:1361412562310862721", "OPENVAS:1361412562310862737", "OPENVAS:1361412562310862849", "OPENVAS:1361412562310862920", "OPENVAS:1361412562310863060", "OPENVAS:1361412562310863070", "OPENVAS:1361412562310863499", "OPENVAS:1361412562310863683", "OPENVAS:1361412562310863704", "OPENVAS:1361412562310863838", "OPENVAS:1361412562310863945", "OPENVAS:1361412562310864019", "OPENVAS:1361412562310864137", "OPENVAS:1361412562310864153", "OPENVAS:1361412562310864192", "OPENVAS:1361412562310864229", "OPENVAS:1361412562310864279", "OPENVAS:1361412562310864283", "OPENVAS:1361412562310864325", "OPENVAS:1361412562310867186", "OPENVAS:1361412562310867187", "OPENVAS:1361412562310867229", "OPENVAS:1361412562310867235", "OPENVAS:1361412562310867295", "OPENVAS:1361412562310867344", "OPENVAS:1361412562310867386", "OPENVAS:1361412562310867676", "OPENVAS:1361412562310867679", "OPENVAS:1361412562310867688", "OPENVAS:1361412562310867701", "OPENVAS:1361412562310867767", "OPENVAS:1361412562310867768", "OPENVAS:1361412562310867850", "OPENVAS:1361412562310867851", "OPENVAS:1361412562310868079", "OPENVAS:1361412562310868082", "OPENVAS:1361412562310868415", "OPENVAS:1361412562310868417", "OPENVAS:1361412562310868453", "OPENVAS:1361412562310868454", "OPENVAS:1361412562310868455", "OPENVAS:1361412562310868456", "OPENVAS:1361412562310868467", "OPENVAS:1361412562310868468", "OPENVAS:1361412562310868471", "OPENVAS:1361412562310868477", "OPENVAS:1361412562310868597", "OPENVAS:1361412562310868600", "OPENVAS:1361412562310868601", "OPENVAS:1361412562310868604", "OPENVAS:1361412562310868693", "OPENVAS:1361412562310868705", "OPENVAS:1361412562310868711", "OPENVAS:1361412562310868721", "OPENVAS:1361412562310868735", "OPENVAS:1361412562310868770", "OPENVAS:1361412562310868824", "OPENVAS:1361412562310868855", "OPENVAS:1361412562310868936", "OPENVAS:1361412562310869045", "OPENVAS:1361412562310869084", "OPENVAS:1361412562310869125", "OPENVAS:1361412562310870209", "OPENVAS:1361412562310870235", "OPENVAS:1361412562310870236", "OPENVAS:1361412562310870237", "OPENVAS:1361412562310870238", "OPENVAS:1361412562310870240", "OPENVAS:1361412562310870243", "OPENVAS:1361412562310870250", "OPENVAS:1361412562310870340", "OPENVAS:1361412562310870370", "OPENVAS:1361412562310870372", "OPENVAS:1361412562310870532", "OPENVAS:1361412562310870589", "OPENVAS:1361412562310870609", "OPENVAS:1361412562310870633", "OPENVAS:1361412562310870668", "OPENVAS:1361412562310871109", "OPENVAS:1361412562310871154", "OPENVAS:1361412562310871274", "OPENVAS:1361412562310871275", "OPENVAS:1361412562310871297", "OPENVAS:1361412562310871303", "OPENVAS:1361412562310871304", "OPENVAS:1361412562310871305", "OPENVAS:1361412562310871663", "OPENVAS:1361412562310871749", "OPENVAS:1361412562310871758", "OPENVAS:1361412562310872342", "OPENVAS:1361412562310872359", "OPENVAS:1361412562310873627", "OPENVAS:1361412562310873748", "OPENVAS:1361412562310873785", "OPENVAS:1361412562310873829", "OPENVAS:1361412562310873837", "OPENVAS:1361412562310880380", "OPENVAS:1361412562310880382", "OPENVAS:1361412562310880385", "OPENVAS:1361412562310880386", "OPENVAS:1361412562310880460", "OPENVAS:1361412562310880601", "OPENVAS:1361412562310880611", "OPENVAS:1361412562310880612", "OPENVAS:1361412562310880630", "OPENVAS:1361412562310880636", "OPENVAS:1361412562310880641", "OPENVAS:1361412562310880647", "OPENVAS:1361412562310880658", "OPENVAS:1361412562310880683", "OPENVAS:1361412562310880691", "OPENVAS:1361412562310880706", "OPENVAS:1361412562310880738", "OPENVAS:1361412562310880739", "OPENVAS:1361412562310881066", "OPENVAS:1361412562310881108", "OPENVAS:1361412562310881134", "OPENVAS:1361412562310881190", "OPENVAS:1361412562310881366", "OPENVAS:1361412562310881857", "OPENVAS:1361412562310881918", "OPENVAS:1361412562310882062", "OPENVAS:1361412562310882063", "OPENVAS:1361412562310882089", "OPENVAS:1361412562310882094", "OPENVAS:1361412562310882097", "OPENVAS:1361412562310882098", "OPENVAS:1361412562310882104", "OPENVAS:1361412562310882105", "OPENVAS:1361412562310882106", "OPENVAS:1361412562310882566", "OPENVAS:1361412562310882569", "OPENVAS:1361412562310882639", "OPENVAS:1361412562310882640", "OPENVAS:1361412562310882655", "OPENVAS:1361412562310882656", "OPENVAS:1361412562310882657", "OPENVAS:1361412562310882919", "OPENVAS:1361412562310892626", "OPENVAS:1361412562310900247", "OPENVAS:1361412562310900653", "OPENVAS:1361412562310900654", "OPENVAS:1361412562310902466", "OPENVAS:1361412562311220161090", "OPENVAS:1361412562311220171015", "OPENVAS:1361412562311220171016", "OPENVAS:1361412562311220171027", "OPENVAS:1361412562311220171028", "OPENVAS:1361412562311220181115", "OPENVAS:1361412562311220181179", "OPENVAS:1361412562311220181339", "OPENVAS:1361412562311220191400", "OPENVAS:1361412562311220191403", "OPENVAS:1361412562311220191434", "OPENVAS:1361412562311220191546", "OPENVAS:1361412562311220191547", "OPENVAS:1361412562311220191548", "OPENVAS:1361412562311220192509", "OPENVAS:1361412562311220192643", "OPENVAS:57326", "OPENVAS:57359", "OPENVAS:57360", "OPENVAS:57389", "OPENVAS:57405", "OPENVAS:57475", "OPENVAS:57478", "OPENVAS:57481", "OPENVAS:57491", "OPENVAS:57511", "OPENVAS:57698", "OPENVAS:57728", "OPENVAS:57883", "OPENVAS:57896", "OPENVAS:57904", "OPENVAS:57909", "OPENVAS:57950", "OPENVAS:58053", "OPENVAS:58634", "OPENVAS:58639", "OPENVAS:58645", "OPENVAS:58654", "OPENVAS:58709", "OPENVAS:61027", "OPENVAS:61041", "OPENVAS:61182", "OPENVAS:61381", "OPENVAS:61470", "OPENVAS:63141", "OPENVAS:63562", "OPENVAS:64065", "OPENVAS:64118", "OPENVAS:64124", "OPENVAS:64132", "OPENVAS:64140", "OPENVAS:64196", "OPENVAS:64246", "OPENVAS:64247", "OPENVAS:64248", "OPENVAS:64323", "OPENVAS:64377", "OPENVAS:64799", "OPENVAS:64920", "OPENVAS:64935", "OPENVAS:64948", "OPENVAS:64949", "OPENVAS:65145", "OPENVAS:65185", "OPENVAS:65349", "OPENVAS:65556", "OPENVAS:65603", "OPENVAS:65668", "OPENVAS:65793", "OPENVAS:65974", "OPENVAS:66240", "OPENVAS:66241", "OPENVAS:66270", "OPENVAS:66274", "OPENVAS:66275", "OPENVAS:66278", "OPENVAS:66279", "OPENVAS:66285", "OPENVAS:66302", "OPENVAS:66310", "OPENVAS:66353", "OPENVAS:66370", "OPENVAS:66414", "OPENVAS:66449", "OPENVAS:66450", "OPENVAS:66451", "OPENVAS:66497", "OPENVAS:66498", "OPENVAS:66517", "OPENVAS:66557", "OPENVAS:66562", "OPENVAS:66563", "OPENVAS:66583", "OPENVAS:66585", "OPENVAS:67042", "OPENVAS:67045", "OPENVAS:67053", "OPENVAS:67218", "OPENVAS:68671", "OPENVAS:68673", "OPENVAS:68703", "OPENVAS:68704", "OPENVAS:68921", "OPENVAS:68997", "OPENVAS:68998", "OPENVAS:69021", "OPENVAS:70248", "OPENVAS:702833", "OPENVAS:702837", "OPENVAS:702896", "OPENVAS:703053", "OPENVAS:703144", "OPENVAS:703147", "OPENVAS:703253", "OPENVAS:703489", "OPENVAS:703673", "OPENVAS:70708", "OPENVAS:70711", "OPENVAS:70750", "OPENVAS:70756", "OPENVAS:70764", "OPENVAS:70768", "OPENVAS:71196", "OPENVAS:71259", "OPENVAS:71261", "OPENVAS:71273", "OPENVAS:71308", "OPENVAS:71533", "OPENVAS:71585", "OPENVAS:800466", "OPENVAS:800499", "OPENVAS:830049", "OPENVAS:830210", "OPENVAS:830697", "OPENVAS:830842", "OPENVAS:830893", "OPENVAS:830906", "OPENVAS:830920", "OPENVAS:830934", "OPENVAS:830970", "OPENVAS:830981", "OPENVAS:830984", "OPENVAS:831003", "OPENVAS:831006", "OPENVAS:831014", "OPENVAS:831251", "OPENVAS:831275", "OPENVAS:831330", "OPENVAS:831454", "OPENVAS:831527", "OPENVAS:831533", "OPENVAS:831568", "OPENVAS:831657", "OPENVAS:831679", "OPENVAS:835022", "OPENVAS:835034", "OPENVAS:835055", "OPENVAS:835119", "OPENVAS:835229", "OPENVAS:835234", "OPENVAS:835245", "OPENVAS:835246", "OPENVAS:835251", "OPENVAS:840078", "OPENVAS:840138", "OPENVAS:840205", "OPENVAS:840365", "OPENVAS:840411", "OPENVAS:840416", "OPENVAS:840453", "OPENVAS:840455", "OPENVAS:840468", "OPENVAS:840504", "OPENVAS:840505", "OPENVAS:840527", "OPENVAS:840540", "OPENVAS:840550", "OPENVAS:840589", "OPENVAS:840887", "OPENVAS:840985", "OPENVAS:840987", "OPENVAS:841683", "OPENVAS:841774", "OPENVAS:850066", "OPENVAS:850123", "OPENVAS:850131", "OPENVAS:850181", "OPENVAS:850582", "OPENVAS:855008", "OPENVAS:855018", "OPENVAS:855023", "OPENVAS:855030", "OPENVAS:855170", "OPENVAS:855192", "OPENVAS:855300", "OPENVAS:855322", "OPENVAS:855346", "OPENVAS:855366", "OPENVAS:855369", "OPENVAS:855376", "OPENVAS:855516", "OPENVAS:855612", "OPENVAS:855640", "OPENVAS:855702", "OPENVAS:855735", "OPENVAS:855742", "OPENVAS:855768", "OPENVAS:855771", "OPENVAS:855780", "OPENVAS:855835", "OPENVAS:855853", "OPENVAS:860183", "OPENVAS:860638", "OPENVAS:861074", "OPENVAS:861274", "OPENVAS:861429", "OPENVAS:861545", "OPENVAS:861695", "OPENVAS:861746", "OPENVAS:861798", "OPENVAS:861861", "OPENVAS:861862", "OPENVAS:861878", "OPENVAS:861929", "OPENVAS:861956", "OPENVAS:862126", "OPENVAS:862152", "OPENVAS:862158", "OPENVAS:862163", "OPENVAS:862184", "OPENVAS:862207", "OPENVAS:862464", "OPENVAS:862470", "OPENVAS:862519", "OPENVAS:862546", "OPENVAS:862566", "OPENVAS:862568", "OPENVAS:862628", "OPENVAS:862631", "OPENVAS:862721", "OPENVAS:862737", "OPENVAS:862849", "OPENVAS:862920", "OPENVAS:863060", "OPENVAS:863070", "OPENVAS:863499", "OPENVAS:863683", "OPENVAS:863704", "OPENVAS:863838", "OPENVAS:863945", "OPENVAS:864019", "OPENVAS:864137", "OPENVAS:864153", "OPENVAS:864192", "OPENVAS:864229", "OPENVAS:864279", "OPENVAS:864283", "OPENVAS:864325", "OPENVAS:867186", "OPENVAS:867187", "OPENVAS:867229", "OPENVAS:867235", "OPENVAS:867295", "OPENVAS:867344", "OPENVAS:867386", "OPENVAS:867676", "OPENVAS:867679", "OPENVAS:867688", "OPENVAS:867701", "OPENVAS:867767", "OPENVAS:867768", "OPENVAS:870209", "OPENVAS:870235", "OPENVAS:870236", "OPENVAS:870237", "OPENVAS:870238", "OPENVAS:870240", "OPENVAS:870243", "OPENVAS:870250", "OPENVAS:870340", "OPENVAS:870370", "OPENVAS:870372", "OPENVAS:870532", "OPENVAS:870589", "OPENVAS:870609", "OPENVAS:870633", "OPENVAS:870668", "OPENVAS:871109", "OPENVAS:871154", "OPENVAS:880380", "OPENVAS:880382", "OPENVAS:880385", "OPENVAS:880386", "OPENVAS:880460", "OPENVAS:880601", "OPENVAS:880611", "OPENVAS:880612", "OPENVAS:880630", "OPENVAS:880636", "OPENVAS:880641", "OPENVAS:880647", "OPENVAS:880658", "OPENVAS:880683", "OPENVAS:880691", "OPENVAS:880706", "OPENVAS:880738", "OPENVAS:880739", "OPENVAS:881066", "OPENVAS:881108", "OPENVAS:881134", "OPENVAS:881190", "OPENVAS:881366", "OPENVAS:881857", "OPENVAS:881918", "OPENVAS:892626", "OPENVAS:900247", "OPENVAS:900654", "OPENVAS:902466"]}, {"type": "openwrt", "idList": ["OPENWRT-SA-000001", "OPENWRT-SA-000007", "OPENWRT-SA-000008"]}, {"type": "oracle", "idList": ["ORACLE:CPUAPR2011-301950", "ORACLE:CPUAPR2015", "ORACLE:CPUAPR2016V3", "ORACLE:CPUAPR2017", "ORACLE:CPUAPR2018", "ORACLE:CPUAPR2019", "ORACLE:CPUAPR2020", "ORACLE:CPUJAN2011-194091", "ORACLE:CPUJAN2015", "ORACLE:CPUJAN2017", "ORACLE:CPUJAN2018", "ORACLE:CPUJAN2019", "ORACLE:CPUJAN2020", "ORACLE:CPUJUL2010-155308", "ORACLE:CPUJUL2014-1972956", "ORACLE:CPUJUL2015", "ORACLE:CPUJUL2016", "ORACLE:CPUJUL2017", "ORACLE:CPUJUL2018", "ORACLE:CPUJUL2019", "ORACLE:CPUJUL2020", "ORACLE:CPUOCT2010-175626", "ORACLE:CPUOCT2016", "ORACLE:CPUOCT2017", "ORACLE:CPUOCT2018", "ORACLE:CPUOCT2020", "ORACLE:CPUOCT2021"]}, {"type": "oraclelinux", "idList": ["ELSA-2006-0661", "ELSA-2006-0695", "ELSA-2007-0813", "ELSA-2007-0964", "ELSA-2007-1003", "ELSA-2009-1075", "ELSA-2009-1335", "ELSA-2009-1579", "ELSA-2009-1580", "ELSA-2010-0054", "ELSA-2010-0162", "ELSA-2010-0163", "ELSA-2010-0164", "ELSA-2010-0165", "ELSA-2010-0166", "ELSA-2010-0167", "ELSA-2010-0339", "ELSA-2010-0768", "ELSA-2010-0977", "ELSA-2010-0978", "ELSA-2010-0979", "ELSA-2011-0677", "ELSA-2011-1409", "ELSA-2012-0059", "ELSA-2012-0060", "ELSA-2012-0518", "ELSA-2012-2011", "ELSA-2014-0015", "ELSA-2014-0376", "ELSA-2014-0626", "ELSA-2014-1652", "ELSA-2014-1653", "ELSA-2015-0067", "ELSA-2015-0068", "ELSA-2015-0069", "ELSA-2015-0085", "ELSA-2015-3022", "ELSA-2016-1940", "ELSA-2016-3621", "ELSA-2016-3627", "ELSA-2018-0998", "ELSA-2018-2123", "ELSA-2018-3041", "ELSA-2018-4077", "ELSA-2019-4581", "ELSA-2019-4747", "ELSA-2021-9150"]}, {"type": "osv", "idList": ["OSV:CVE-2016-2183", "OSV:DLA-157-1", "OSV:DLA-282-1", "OSV:DLA-400-1", "OSV:DLA-637-1", "OSV:DLA-81-1", "OSV:DSA-1173-1", "OSV:DSA-1174-1", "OSV:DSA-1185-2", "OSV:DSA-1195-1", "OSV:DSA-1379-1", "OSV:DSA-1571-1", "OSV:DSA-1888-1", "OSV:DSA-1934-1", "OSV:DSA-1970-1", "OSV:DSA-2125-1", "OSV:DSA-2141-1", "OSV:DSA-2141-2", "OSV:DSA-2162-1", "OSV:DSA-2390-1", "OSV:DSA-2392-1", "OSV:DSA-2454-1", "OSV:DSA-2454-2", "OSV:DSA-2626-1", "OSV:DSA-2833-1", "OSV:DSA-2837-1", "OSV:DSA-2896-1", "OSV:DSA-3053-1", "OSV:DSA-3092-1", "OSV:DSA-3144-1", "OSV:DSA-3147-1", "OSV:DSA-3253-1", "OSV:DSA-3489-1", "OSV:DSA-3673-1", "OSV:DSA-3673-2", "OSV:DSA-4017-1", "OSV:DSA-4018-1", "OSV:DSA-4065-1", "OSV:DSA-4157-1"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:126065", "PACKETSTORM:126069", "PACKETSTORM:126070", "PACKETSTORM:126072", "PACKETSTORM:126101", "PACKETSTORM:126288", "PACKETSTORM:126308", "PACKETSTORM:132254", "PACKETSTORM:142756", "PACKETSTORM:143369", "PACKETSTORM:151177", "PACKETSTORM:62019", "PACKETSTORM:84112"]}, {"type": "paloalto", "idList": ["PAN-SA-2012-0017", "PAN-SA-2014-0005"]}, {"type": "photon", "idList": ["PHSA-2018-0010", "PHSA-2018-0010-A", "PHSA-2018-0097", "PHSA-2018-1.0-0097-A"]}, {"type": "qt", "idList": ["QT:AA25C9F2A179C07C68BE4260EC5E6C9C"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:7535985DCB1FBEA5FAF46D9453037D10"]}, {"type": "rapid7community", "idList": ["RAPID7COMMUNITY:2D16953CACCA4F69B642B05183F60758", "RAPID7COMMUNITY:D35B422CE8C15A23745FD83E2205F7C7"]}, {"type": "redhat", "idList": ["RHSA-2006:0661", "RHSA-2006:0695", "RHSA-2007:0062", "RHSA-2007:0072", "RHSA-2007:0073", "RHSA-2007:0813", "RHSA-2007:0964", "RHSA-2007:1003", "RHSA-2008:0264", "RHSA-2008:0525", "RHSA-2008:0629", "RHSA-2009:1075", "RHSA-2009:1335", "RHSA-2009:1579", "RHSA-2009:1580", "RHSA-2009:1694", "RHSA-2010:0011", "RHSA-2010:0054", "RHSA-2010:0095", "RHSA-2010:0119", "RHSA-2010:0130", "RHSA-2010:0155", "RHSA-2010:0162", "RHSA-2010:0163", "RHSA-2010:0164", "RHSA-2010:0165", "RHSA-2010:0166", "RHSA-2010:0167", "RHSA-2010:0337", "RHSA-2010:0338", "RHSA-2010:0339", "RHSA-2010:0408", "RHSA-2010:0440", "RHSA-2010:0768", "RHSA-2010:0770", "RHSA-2010:0786", "RHSA-2010:0807", "RHSA-2010:0865", "RHSA-2010:0888", "RHSA-2010:0977", "RHSA-2010:0978", "RHSA-2010:0979", "RHSA-2010:0986", "RHSA-2010:0987", "RHSA-2011:0677", "RHSA-2011:0880", "RHSA-2011:1409", "RHSA-2012:0059", "RHSA-2012:0060", "RHSA-2012:0109", "RHSA-2012:0168", "RHSA-2012:0518", "RHSA-2012:0522", "RHSA-2012:1306", "RHSA-2012:1307", "RHSA-2012:1308", "RHSA-2014:0015", "RHSA-2014:0041", "RHSA-2014:0376", "RHSA-2014:0377", "RHSA-2014:0378", "RHSA-2014:0396", "RHSA-2014:0416", "RHSA-2014:1652", "RHSA-2014:1653", "RHSA-2014:1692", "RHSA-2014:1876", "RHSA-2014:1877", "RHSA-2014:1880", "RHSA-2014:1881", "RHSA-2014:1882", "RHSA-2014:1948", "RHSA-2015:0067", "RHSA-2015:0068", "RHSA-2015:0069", "RHSA-2015:0079", "RHSA-2015:0080", "RHSA-2015:0085", "RHSA-2015:0086", "RHSA-2015:0264", "RHSA-2015:0698", "RHSA-2015:1545", "RHSA-2015:1546", "RHSA-2015:1591", "RHSA-2016:1940", "RHSA-2017:0175", "RHSA-2017:0176", "RHSA-2017:0177", "RHSA-2017:0180", "RHSA-2017:0269", "RHSA-2017:0336", "RHSA-2017:0337", "RHSA-2017:0338", "RHSA-2017:0462", "RHSA-2017:1216", "RHSA-2017:2708", "RHSA-2017:2709", "RHSA-2017:2710", "RHSA-2017:3113", "RHSA-2017:3114", "RHSA-2017:3239", "RHSA-2017:3240", "RHSA-2018:0998", "RHSA-2018:2123", "RHSA-2018:2185", "RHSA-2018:2186", "RHSA-2018:2187", "RHSA-2018:2568", "RHSA-2018:2575", "RHSA-2018:2713", "RHSA-2019:1245", "RHSA-2019:2859", "RHSA-2020:0451", "RHSA-2020:3842", "RHSA-2021:0308", "RHSA-2021:2438"]}, {"type": "redhatcve", "idList": ["RH:CVE-2017-15896", "RH:CVE-2017-3736", "RH:CVE-2017-3737", "RH:CVE-2017-3738", "RH:CVE-2021-4160"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:14146", "SECURITYVULNS:DOC:14292", "SECURITYVULNS:DOC:14486", "SECURITYVULNS:DOC:14920", "SECURITYVULNS:DOC:17750", "SECURITYVULNS:DOC:18187", "SECURITYVULNS:DOC:18695", "SECURITYVULNS:DOC:18820", "SECURITYVULNS:DOC:19438", "SECURITYVULNS:DOC:20151", "SECURITYVULNS:DOC:21866", "SECURITYVULNS:DOC:21917", "SECURITYVULNS:DOC:22079", "SECURITYVULNS:DOC:22763", "SECURITYVULNS:DOC:22777", "SECURITYVULNS:DOC:22982", "SECURITYVULNS:DOC:23048", "SECURITYVULNS:DOC:23220", "SECURITYVULNS:DOC:23561", "SECURITYVULNS:DOC:23588", "SECURITYVULNS:DOC:23678", "SECURITYVULNS:DOC:23702", "SECURITYVULNS:DOC:23750", "SECURITYVULNS:DOC:23890", "SECURITYVULNS:DOC:24227", "SECURITYVULNS:DOC:24282", "SECURITYVULNS:DOC:24448", "SECURITYVULNS:DOC:24771", "SECURITYVULNS:DOC:24895", "SECURITYVULNS:DOC:25258", "SECURITYVULNS:DOC:25720", "SECURITYVULNS:DOC:26212", "SECURITYVULNS:DOC:26596", "SECURITYVULNS:DOC:27881", "SECURITYVULNS:DOC:27941", "SECURITYVULNS:DOC:28007", "SECURITYVULNS:DOC:28164", "SECURITYVULNS:DOC:28706", "SECURITYVULNS:DOC:29464", "SECURITYVULNS:DOC:29623", "SECURITYVULNS:DOC:29856", "SECURITYVULNS:DOC:30023", "SECURITYVULNS:DOC:30155", "SECURITYVULNS:DOC:30448", "SECURITYVULNS:DOC:30469", "SECURITYVULNS:DOC:30471", "SECURITYVULNS:DOC:30472", "SECURITYVULNS:DOC:30473", "SECURITYVULNS:DOC:30474", "SECURITYVULNS:DOC:30475", "SECURITYVULNS:DOC:30476", "SECURITYVULNS:DOC:30477", "SECURITYVULNS:DOC:30478", "SECURITYVULNS:DOC:30479", "SECURITYVULNS:DOC:30480", "SECURITYVULNS:DOC:30481", "SECURITYVULNS:DOC:30494", "SECURITYVULNS:DOC:30495", "SECURITYVULNS:DOC:30496", "SECURITYVULNS:DOC:30497", "SECURITYVULNS:DOC:30498", "SECURITYVULNS:DOC:30499", "SECURITYVULNS:DOC:30500", "SECURITYVULNS:DOC:30501", "SECURITYVULNS:DOC:30502", "SECURITYVULNS:DOC:30503", "SECURITYVULNS:DOC:30504", "SECURITYVULNS:DOC:30505", "SECURITYVULNS:DOC:30506", "SECURITYVULNS:DOC:30507", "SECURITYVULNS:DOC:30508", "SECURITYVULNS:DOC:30509", "SECURITYVULNS:DOC:30510", "SECURITYVULNS:DOC:30511", "SECURITYVULNS:DOC:30512", "SECURITYVULNS:DOC:30519", "SECURITYVULNS:DOC:30520", "SECURITYVULNS:DOC:30522", "SECURITYVULNS:DOC:30523", "SECURITYVULNS:DOC:30524", "SECURITYVULNS:DOC:30525", "SECURITYVULNS:DOC:30526", "SECURITYVULNS:DOC:30530", "SECURITYVULNS:DOC:30537", "SECURITYVULNS:DOC:30539", "SECURITYVULNS:DOC:30553", "SECURITYVULNS:DOC:30696", "SECURITYVULNS:DOC:30771", "SECURITYVULNS:DOC:30776", "SECURITYVULNS:DOC:31293", "SECURITYVULNS:DOC:31299", "SECURITYVULNS:DOC:31300", "SECURITYVULNS:DOC:31301", "SECURITYVULNS:DOC:31302", "SECURITYVULNS:DOC:31303", "SECURITYVULNS:DOC:31305", "SECURITYVULNS:DOC:31317", "SECURITYVULNS:DOC:31318", "SECURITYVULNS:DOC:31532", "SECURITYVULNS:DOC:31679", "SECURITYVULNS:DOC:31682", "SECURITYVULNS:DOC:32516", "SECURITYVULNS:VULN:10014", "SECURITYVULNS:VULN:10388", "SECURITYVULNS:VULN:10519", "SECURITYVULNS:VULN:10745", "SECURITYVULNS:VULN:10790", "SECURITYVULNS:VULN:10999", "SECURITYVULNS:VULN:11198", "SECURITYVULNS:VULN:11264", "SECURITYVULNS:VULN:11284", "SECURITYVULNS:VULN:11380", "SECURITYVULNS:VULN:11435", "SECURITYVULNS:VULN:11620", "SECURITYVULNS:VULN:11624", "SECURITYVULNS:VULN:11754", "SECURITYVULNS:VULN:11981", "SECURITYVULNS:VULN:12150", "SECURITYVULNS:VULN:12332", "SECURITYVULNS:VULN:12425", "SECURITYVULNS:VULN:12679", "SECURITYVULNS:VULN:13198", "SECURITYVULNS:VULN:13310", "SECURITYVULNS:VULN:13422", "SECURITYVULNS:VULN:13478", "SECURITYVULNS:VULN:13663", "SECURITYVULNS:VULN:13679", "SECURITYVULNS:VULN:13708", "SECURITYVULNS:VULN:14045", "SECURITYVULNS:VULN:14050", "SECURITYVULNS:VULN:14062", "SECURITYVULNS:VULN:14063", "SECURITYVULNS:VULN:14164", "SECURITYVULNS:VULN:14233", "SECURITYVULNS:VULN:14245", "SECURITYVULNS:VULN:14393", "SECURITYVULNS:VULN:14601", "SECURITYVULNS:VULN:14697", "SECURITYVULNS:VULN:6663", "SECURITYVULNS:VULN:8033", "SECURITYVULNS:VULN:8250", "SECURITYVULNS:VULN:9145", "SECURITYVULNS:VULN:9726", "SECURITYVULNS:VULN:9925"]}, {"type": "seebug", "idList": ["SSV:11330", "SSV:11378", "SSV:11490", "SSV:11530", "SSV:12600", "SSV:12673", "SSV:15088", "SSV:17956", "SSV:18637", "SSV:19727", "SSV:19735", "SSV:19736", "SSV:2066", "SSV:2297", "SSV:3348", "SSV:4254", "SSV:60076", "SSV:61276", "SSV:62086", "SSV:62180", "SSV:62181", "SSV:62182", "SSV:62185", "SSV:62186", "SSV:62187", "SSV:62188", "SSV:62189", "SSV:62190", "SSV:62192", "SSV:62197", "SSV:62198", "SSV:62199", "SSV:62238", "SSV:62239", "SSV:62240", "SSV:62241", "SSV:62244", "SSV:62245", "SSV:623", "SSV:65057", "SSV:66544", "SSV:66601", "SSV:67231", "SSV:72797", "SSV:7704", "SSV:82273", "SSV:86019", "SSV:86038", "SSV:86061", "SSV:86255", "SSV:92577", "SSV:92692", "SSV:93135", "SSV:95013", "SSV:97082"]}, {"type": "slackware", "idList": ["SSA-2006-257-02", "SSA-2006-272-01", "SSA-2006-310-01", "SSA-2008-210-08", "SSA-2009-320-01", "SSA-2010-067-01", "SSA-2010-326-01", "SSA-2010-340-01", "SSA-2011-041-04", "SSA-2014-013-02", "SSA-2014-098-01", "SSA-2014-288-01", "SSA-2015-349-01", "SSA-2015-349-04", "SSA-2016-266-01", "SSA-2016-363-01", "SSA-2017-041-02", "SSA-2017-306-02", "SSA-2017-342-01"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2011:0845-1", "OPENSUSE-SU-2012:0083-1", "OPENSUSE-SU-2014:0492-1", "OPENSUSE-SU-2014:1100-1", "OPENSUSE-SU-2014:1331-1", "OPENSUSE-SU-2015:0190-1", "OPENSUSE-SU-2016:0637-1", "OPENSUSE-SU-2016:0640-1", "OPENSUSE-SU-2016:2391-1", "OPENSUSE-SU-2016:2407-1", "OPENSUSE-SU-2016:2496-1", "OPENSUSE-SU-2016:2537-1", "OPENSUSE-SU-2017:0374-1", "OPENSUSE-SU-2017:0513-1", "OPENSUSE-SU-2017:3345-1", "OPENSUSE-SU-2018:0223-1", "OPENSUSE-SU-2018:0458-1", "OPENSUSE-SU-2018:1057-1", "SUSE-SA:2006:055", "SUSE-SA:2006:058", "SUSE-SA:2006:061", "SUSE-SA:2007:010", "SUSE-SA:2009:057", "SUSE-SA:2010:008", "SUSE-SA:2010:020", "SUSE-SA:2010:021", "SUSE-SA:2010:028", "SUSE-SA:2010:061", "SUSE-SA:2011:006", "SUSE-SU-2011:0847-1", "SUSE-SU-2012:0084-1", "SUSE-SU-2012:0623-1", "SUSE-SU-2012:0637-1", "SUSE-SU-2012:0674-1", "SUSE-SU-2012:1149-1", "SUSE-SU-2012:1149-2", "SUSE-SU-2014:0320-1", "SUSE-SU-2014:1357-1", "SUSE-SU-2014:1361-1", "SUSE-SU-2014:1386-1", "SUSE-SU-2014:1387-1", "SUSE-SU-2014:1387-2", "SUSE-SU-2014:1409-1", "SUSE-SU-2014:1526-1", "SUSE-SU-2014:1526-2", "SUSE-SU-2014:1549-1", "SUSE-SU-2015:0010-1", "SUSE-SU-2015:0336-1", "SUSE-SU-2015:0344-1", "SUSE-SU-2015:0345-1", "SUSE-SU-2015:0376-1", "SUSE-SU-2015:0392-1", "SUSE-SU-2015:0503-1", "SUSE-SU-2015:0578-1", "SUSE-SU-2016:1457-1", "SUSE-SU-2016:1459-1", "SUSE-SU-2016:2387-1", "SUSE-SU-2016:2394-1", "SUSE-SU-2016:2458-1", "SUSE-SU-2016:2468-1", "SUSE-SU-2016:2469-1", "SUSE-SU-2016:2470-1", "SUSE-SU-2016:2470-2", "SUSE-SU-2017:0346-1", "SUSE-SU-2017:0460-1", "SUSE-SU-2017:0490-1", "SUSE-SU-2017:1444-1", "SUSE-SU-2017:2699-1", "SUSE-SU-2017:2700-1", "SUSE-SU-2017:2701-1", "SUSE-SU-2017:3343-1"]}, {"type": "symantec", "idList": ["SMNTC-1338", "SMNTC-1347", "SMNTC-1364", "SMNTC-1392", "SMNTC-1395", "SMNTC-1423", "SMNTC-1428"]}, {"type": "tenable", "idList": ["TENABLE:50BE3CD37FC3509DDA43C11702778C75", "TENABLE:FF52F52E6157E81F57A22D9356B954AC"]}, {"type": "thn", "idList": ["THN:0F7112302CBABF46D19CACCCFA6103C5", "THN:1B1451C703B36A8CEE5DAEE33ECE8D47", "THN:244769C413FFA5BE647D8F6F93431B74", "THN:3E9A13AAEA7FDC38D7BD8A148F19663D", "THN:4868B616BCBA555DA2446F6F0EA837B0", "THN:847F48AE6816E6BFF25355FC0EA7439A", "THN:87650195BF482879C3C258B474B11411", "THN:8D999AEE5218AD3BFA68E5ACE101F201", "THN:B18DB0BB2ACAF13D6FBF3445755365E3", "THN:EBCB003D7DB7BD8BF73239F9718C6126"]}, {"type": "threatpost", "idList": ["THREATPOST:15624C23F5CD5AC1029501D08A99D294", "THREATPOST:2C5C82CF691D70F64A14DA1BEC242DD5", "THREATPOST:6B6CA377F53631E389C8D36D80FC782A", "THREATPOST:76E9C3B4FF9F862F31CF7EBE00893BDF", "THREATPOST:9012A325F248438FAC15C4FB3082A796", "THREATPOST:92734AB0515417387ACE7EE44D1D5100", "THREATPOST:9982AC17285494A6CE329FC5C04DD84A", "THREATPOST:99C5E70D89447B8402B9FBA7381541F0", "THREATPOST:B5CB39945899ADD3A3D3790E21175180", "THREATPOST:CF8A831748EC23AA2B67F64081A55155", "THREATPOST:D533EB88E7D7596BACF9A448FE23A374", "THREATPOST:DA06EE238F79D261C0FCB61902F3CDBD", "THREATPOST:F992B1B74265E26E8C7499D1F03622D7"]}, {"type": "ubuntu", "idList": ["USN-1010-1", "USN-1018-1", "USN-1029-1", "USN-1064-1", "USN-1357-1", "USN-1424-1", "USN-1428-1", "USN-2079-1", "USN-2165-1", "USN-2486-1", "USN-2487-1", "USN-2830-1", "USN-2883-1", "USN-3087-1", "USN-3087-2", "USN-3179-1", "USN-3181-1", "USN-3194-1", "USN-3198-1", "USN-3270-1", "USN-3372-1", "USN-339-1", "USN-3475-1", "USN-3512-1", "USN-353-1", "USN-353-2", "USN-522-1", "USN-534-1", "USN-620-1", "USN-731-1", "USN-792-1", "USN-860-1", "USN-884-1", "USN-923-1", "USN-927-1", "USN-927-4", "USN-927-6", "USN-990-1", "USN-990-2"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2006-2937", "UB:CVE-2006-2940", "UB:CVE-2006-3738", "UB:CVE-2006-4339", "UB:CVE-2006-4340", "UB:CVE-2006-4343", "UB:CVE-2006-4790", "UB:CVE-2007-3108", "UB:CVE-2007-4995", "UB:CVE-2007-5135", "UB:CVE-2008-0891", "UB:CVE-2008-1672", "UB:CVE-2008-1678", "UB:CVE-2008-7270", "UB:CVE-2009-1377", "UB:CVE-2009-1378", "UB:CVE-2009-1379", "UB:CVE-2009-3555", "UB:CVE-2009-4355", "UB:CVE-2010-0742", "UB:CVE-2010-1633", "UB:CVE-2010-3864", "UB:CVE-2010-4180", "UB:CVE-2011-0014", "UB:CVE-2011-3207", "UB:CVE-2011-4108", "UB:CVE-2012-0050", "UB:CVE-2012-0390", "UB:CVE-2012-2110", "UB:CVE-2012-2131", "UB:CVE-2013-4353", "UB:CVE-2013-6449", "UB:CVE-2013-6450", "UB:CVE-2014-0160", "UB:CVE-2014-3566", "UB:CVE-2015-2774", "UB:CVE-2015-3193", "UB:CVE-2016-0701", "UB:CVE-2016-2183", "UB:CVE-2017-15896", "UB:CVE-2017-3732", "UB:CVE-2017-3736", "UB:CVE-2017-3737", "UB:CVE-2017-3738", "UB:CVE-2021-4160"]}, {"type": "veracode", "idList": ["VERACODE:23690", "VERACODE:23818", "VERACODE:23962", "VERACODE:23963", "VERACODE:23964", "VERACODE:24138", "VERACODE:24527", "VERACODE:24610", "VERACODE:24864", "VERACODE:24954"]}, {"type": "virtuozzo", "idList": ["VZA-2017-081"]}, {"type": "vmware", "idList": ["VMSA-2008-0001", "VMSA-2008-0001.1", "VMSA-2008-0005", "VMSA-2008-0005.1", "VMSA-2008-0013", "VMSA-2008-0013.4", "VMSA-2010-0004", "VMSA-2010-0004.5", "VMSA-2010-0009", "VMSA-2010-0009.2", "VMSA-2010-0015", "VMSA-2010-0015.1", "VMSA-2010-0019", "VMSA-2010-0019.3", "VMSA-2011-0013", "VMSA-2011-0013.3", "VMSA-2012-0013", "VMSA-2012-0013.2", "VMSA-2013-0003", "VMSA-2014-0004", "VMSA-2014-0004.7", "VMSA-2015-0001", "VMSA-2015-0001.2"]}, {"type": "vulnerlab", "idList": ["VULNERABLE:1254", "VULNERABLE:967", "VULNERLAB:1254", "VULNERLAB:967"]}, {"type": "zdt", "idList": ["1337DAY-ID-22114", "1337DAY-ID-22118", "1337DAY-ID-22122", "1337DAY-ID-22129", "1337DAY-ID-22172", "1337DAY-ID-27866"]}]}, "score": {"value": 0.5, "vector": "NONE"}, "backreferences": {"references": [{"type": "aix", "idList": ["OPENSSL_ADVISORY25.ASC", "OPENSSL_ADVISORY3.ASC", "OPENSSL_ADVISORY6.ASC"]}, {"type": "amazon", "idList": ["ALAS-2014-320"]}, {"type": "archlinux", "idList": ["ASA-201501-16", "ASA-201711-14", "ASA-201711-15", "ASA-201712-9"]}, {"type": "atlassian", "idList": ["ATLASSIAN:JRASERVER-38927"]}, {"type": "attackerkb", "idList": ["AKB:38A528B1-7F68-45C8-911E-1D3F8DC5EDB4"]}, {"type": "avleonov", "idList": ["AVLEONOV:B5CA8049524C96A911991EE8ADF24F64"]}, {"type": "canvas", "idList": ["NSS"]}, {"type": "centos", "idList": ["CESA-2018:0998"]}, {"type": "cert", "idList": ["VU:423396", "VU:577193", "VU:661475"]}, {"type": "checkpoint_advisories", "idList": ["CPAI-2009-0308", "CPAI-2014-1083", "CPAI-2014-1170", "CPAI-2014-1173", "CPAI-2014-1336"]}, {"type": "checkpoint_security", "idList": ["CPS:SK100173", "CPS:SK102673", "CPS:SK102989", "CPS:SK103683", "CPS:SK105062", "CPS:SK32088", "CPS:SK32188", "CPS:SK32230", "CPS:SK33695", "CPS:SK33701", "CPS:SK33702", "CPS:SK33771", "CPS:SK35708", "CPS:SK71821"]}, {"type": "cisco", "idList": ["CISCO-SA-20091105-CVE-2009-3555"]}, {"type": "citrix", "idList": ["CTX140605"]}, {"type": "cloudfoundry", "idList": ["CFOUNDRY:9243E8457D02CBA7A3505CB1E0E03739"]}, {"type": "cve", "idList": ["CVE-2006-2937", "CVE-2006-2940", "CVE-2006-3738", "CVE-2006-4339", "CVE-2006-4343", "CVE-2007-3108", "CVE-2007-4995", "CVE-2007-5135", "CVE-2016-2183", "CVE-2017-3736", "CVE-2017-3737"]}, {"type": "debian", "idList": ["DEBIAN:DLA-400-1:76CCE", "DEBIAN:DLA-637-1:F8314", "DEBIAN:DLA-81-1:C60A9", "DEBIAN:DSA-2125-1:26495", "DEBIAN:DSA-2141-4:01EC7", "DEBIAN:DSA-2896-1:B52FE", "DEBIAN:DSA-4017-1:88D36", "DEBIAN:DSA-4018-1:01441", "DEBIAN:DSA-4065-1:A75E5", "DEBIAN:DSA-4157-1:5A16B"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2010-3864", "DEBIANCVE:CVE-2013-4353", "DEBIANCVE:CVE-2014-3566"]}, {"type": "exploitdb", "idList": ["EDB-ID:32745", "EDB-ID:32998"]}, {"type": "exploitpack", "idList": ["EXPLOITPACK:8B4E7E8DAE5A13C8250C6C33307CD66C", "EXPLOITPACK:B68BB9381148CAC1A9824EB84CA5D160"]}, {"type": "f5", "idList": ["F5:K10534046", "F5:K12543", "F5:K14363514", "F5:K18364001", "F5:K43452233", "F5:K93959105", "SOL10737", "SOL12543", "SOL12566", "SOL12853", "SOL15147", "SOL15158", "SOL15159", "SOL15180", "SOL15318", "SOL15350", "SOL15355", "SOL15359", "SOL15366", "SOL15405", "SOL15417", "SOL16285", "SOL17248", "SOL17454", "SOL6623", "SOL6734", "SOL8106", "SOL8108", "SOL8837"]}, {"type": "fedora", "idList": ["FEDORA:0FE8860E4374", "FEDORA:1B80628EDC8", "FEDORA:37F8D10F892", "FEDORA:3ED26601CEE3", "FEDORA:4853B37D0F", "FEDORA:50E7D60F2C0C", "FEDORA:5CD8320BD3", "FEDORA:61A8C10FC13", "FEDORA:679F221C24", "FEDORA:8ED3020FF6", "FEDORA:955A2608A1F0", "FEDORA:98315602F10D", "FEDORA:997B660D68A4", "FEDORA:AEECE6075DBF", "FEDORA:B803860875BB", "FEDORA:C411B20546", "FEDORA:C42A8110D0A", "FEDORA:C8F7F110906", "FEDORA:D241A60EFAEF", "FEDORA:DDD696087CE5", "FEDORA:DEA206060997", "FEDORA:E67696087B8D", "FEDORA:F1AD728EDBF", "FEDORA:L76HVKWG014544", "FEDORA:L7DLNCJX011059"]}, {"type": "fortinet", "idList": ["FG-IR-14-031"]}, {"type": "freebsd", "idList": ["077C2DCA-8F9A-11DB-AB33-000E0C2E438A", "0F37D765-C5D4-11DB-9F82-000E0C2E438A", "1FE734BF-4A06-11DB-B48D-00508D6A62DF", "2AE114DE-C064-11E1-B5E0-000C299B62E1", "2ECB7B20-D97E-11E0-B2E2-00215C6A37BB", "3042C33A-F237-11DF-9D02-0018FE623F2B", "5631AE98-BE9E-11E3-B5E3-C80AA9043978", "5AAA257E-772D-11E3-A65A-3C970E169BC2", "5C5F19CE-43AF-11E1-89B4-001EC9578670", "7184F92E-8BB8-11E1-8D7B-003067B2972C", "82B55DF8-4D5A-11DE-8811-0030843D3802", "9442A811-DAB3-11E7-B5AF-A4BADB2F4699", "9CCFEE39-3C3B-11DF-9EDC-000F20797EDE", "BEA84A7A-E0C9-11E7-B4F3-11BAA0C2DF21", "C97D7A37-2233-11DF-96DD-001B2134EF46", "F40F07AA-C00F-11E7-AC58-B499BAEBFEAF"]}, {"type": "gentoo", "idList": ["GLSA-200609-05", "GLSA-200612-11", "GLSA-201006-18", "GLSA-201110-05", "GLSA-201203-12", "GLSA-201408-19", "GLSA-201712-03"]}, {"type": "githubexploit", "idList": ["ECC3E825-EE29-59D3-BE28-1B30DB15940E"]}, {"type": "hackerone", "idList": ["H1:199436", "H1:207457", "H1:49139"]}, {"type": "hp", "idList": ["HP:C04262495"]}, {"type": "huawei", "idList": ["HUAWEI-SA-20140417-HEARTBLEED"]}, {"type": "ibm", "idList": ["002FDF1996A1F8AE22AB4EDA4016102371CF4507D9043BDF345F9697E8F43C02", "015CED4DD111438880FFDB361B30E09A12892E262FEEA8F7178F7A49BBE7D4D2", "06FAF3AD79C8BAC8455C602C3F4C354C0CD9450DE060FB4D831ED000993782B4", "1BFF63EB8AF39056E08427B06D34E43B32E43FBCC74FB2A85F32E708984FD60F", "1EBC77DA43FD0C2AC1B3FBFCD06096623AB926F98B7AC6367589E5222F2115BC", "35CEED27807DC1F06172146BBF8FEE7FFB0F2AF8AE15F30DAC2EB519801637DC", "3646DAD163BA0A8E0A9E8DF2F16916F37F637C31CF558A434D42601D980745CD", "388EFD8B007684B48001D31307078170D5DBF01AEACBC98F2CB6247B827493F8", "3E23DDB4C3380B39D8666C5A0FD0663030F353603F83DC0E19F7843AA57B7A26", "4A5BA6F806D70D220D317E2FD1565C67DD9D79F0CCCC6F2EE1DF9D7FEAB9A24F", "4C98F5463E3FBB67682E7F864F699DD4A99514832D6E44999F6672401F35C8B0", "4E0EFF0D013B3FFE7E5660259848A887BD9155BA19EF19DA0730D3AB081E99C4", "5B8DB5501CBFC5531660077D652EC3653D10336551B5D40917AE357AD7F4FB93", "5EEF79A5DC151FBAC5D5E48B9BE47FAA1CF6798A1667C8D02D50EC663EBF4FB4", "6A663A681263595D2882F213BE03BB05AA8F62FFCCF602AF57E6778E2E499DB8", "79C9308A38227EABEE316B0407CBC46021561F829AEBF9659F93085D4FC63547", "7C32536CCC3AE2FC652286763B1CD20B210BA17E5CCD8D853CF310C392518CB3", "7E4E851053AF5C2BFADF66AC8494971BF986538EB9E1BEE4C5D8B83D2DB1BBB0", "9C5F005EDD59DDF4AA35915A18110FC11CB940EB2C453CB3DC3843CD28254682", "9C6F1EFD064B98941F8B42A32A91BAB15206AC55CF09BF3BAAA5925A1B9B55C9", "9CCEB90B89301ED91DF7A501EF3103FD54D3AD611D342CF6E4B19E5105E84E35", "9FFD672388E3FD39EB2F7A51F8EA5C6593FD9BB5CBCF7E347F42124D11DA676C", "AAF98EDCD77216F7619EAA87B2183E6B8FD3629316B74220F9C3C826D5B93C05", "AB91AC52CDF597E93AF79DE0C8F08E926367250FBDE0DB3DAF33556D0061634A", "AD24DE9115423BB2CB3853497E4C1DA1D8E55916F0CE3AEE3253F8DF8FFFE439", "AF1A2AFC7CB48695F42467DC6626570D2A7797795C71348461D189D6DA28509A", "B2B869E92E2C0B24C8D4ECF615EFC9ECCD16AE763051DCDFC50A28156E3A511F", "B93B1ED022809B9A00E51D3D9FF14D51097C6F07EC178C4396907981684D8768", "BBF5FBFE519F80A6B36C8E6B6ADC28B6EFD07A34E8008B141A42401A9CE1DE28", "C18E4772030D674D152D69B21575B31602E8081D2A7D63F34DF5712FA898D8EA", "C419E4AE704DBAFD5EFD078AE673E051D209740CCE61A07F500573B347A7F595", "DD74A94DCFD49E41C76C5DDF42C914B945842C457C59BD3AA077859815577B84", "E1347202BCC47D3F31895563DF1F7842BEC89FA802656E5A1AA1C6417187343D", "EB5B1F8ABFF3A7B214FBC4418A883224B5D8C2FEDD066A997E53E0DC10D67F18", "EF2B4F4110ACF96FDC34CF6D7B916C577277400859F5F464947088E0CE635995", "F0864C914EFB62F7C48822F52BDF423B57466738327736DD211AEFBE34B7C109", "F08BFDC36857BBE15067A0715EC82D384F74D0BB5D6D364E364213D123C8F27A", "F7862E3AFF4165C1E96904B0CC478B568FD7C29638F30D7255C5D201546C0450", "F96732014CC74E0CD212E2641AC086C0DBA609B9E2E61E3DC4259C4E401BE0FA", "FDE8E9C242ED2D257B3BCF9E013CB6CFC32441C70BF5803FE16A714EDE9E7DFB"]}, {"type": "ics", "idList": ["ICSA-14-128-01", "ICSA-17-094-04"]}, {"type": "jvn", "idList": ["JVN:51615542"]}, {"type": "kaspersky", "idList": ["KLA11179"]}, {"type": "kitploit", "idList": ["KITPLOIT:6372579284509577146"]}, {"type": "lenovo", "idList": ["LENOVO:PS500041-POODLE-SSLV3-VULNERABILITY-NOSID", "LENOVO:PS500190-NOSID"]}, {"type": "malwarebytes", "idList": ["MALWAREBYTES:AC8C8799BB0970C229AB0C432EECB10A"]}, {"type": "metasploit", "idList": ["MSF:AUXILIARY/SERVER/OPENSSL_HEARTBEAT_CLIENT_MEMORY", "MSF:ILITIES/ALPINE-LINUX-CVE-2013-6449/", "MSF:ILITIES/AMAZON_LINUX-CVE-2017-3738/", "MSF:ILITIES/APPLE-OSX-OPENSSL-CVE-2010-4180/", "MSF:ILITIES/F5-BIG-IP-CVE-2013-6449/", "MSF:ILITIES/GENTOO-LINUX-CVE-2013-6449/", "MSF:ILITIES/HPSMH-CVE-2013-6449/", "MSF:ILITIES/HPUX-CVE-2012-2110/", "MSF:ILITIES/IBM-AIX-CVE-2013-6449/", "MSF:ILITIES/ORACLE-SOLARIS-CVE-2014-0160/", "MSF:ILITIES/PULSE-SECURE-PULSE-CONNECT-SECURE-CVE-2014-0160/", "MSF:ILITIES/SUSE-CVE-2013-6449/", "MSF:ILITIES/VMSA-2011-0013-CVE-2010-4180/"]}, {"type": "mozilla", "idList": ["MFSA2006-60"]}, {"type": "myhack58", "idList": ["MYHACK58:62201444409"]}, {"type": "n0where", "idList": ["N0WHERE:76566"]}, {"type": "nessus", "idList": ["5349.PRM", "5356.PRM", "5556.PRM", "801053.PRM", "801065.PRM", "9081.PRM", "AIX_IV73319.NASL", "AIX_IV73419.NASL", "AIX_IV73974.NASL", "AIX_OPENSSL_ADVISORY3.NASL", "ALA_ALAS-2011-4.NASL", "ALA_ALAS-2014-273.NASL", "ALA_ALAS-2014-429.NASL", "ALA_ALAS-2015-472.NASL", "ATTACHMATE_REFLECTION_HEARTBLEED.NASL", "BLUECOAT_PROXY_SG_6_5_3_6.NASL", "CENTOS_RHSA-2009-1335.NASL", "CENTOS_RHSA-2009-1579.NASL", "CENTOS_RHSA-2010-0163.NASL", "CENTOS_RHSA-2010-0164.NASL", "CENTOS_RHSA-2010-0165.NASL", "CENTOS_RHSA-2010-0768.NASL", "CENTOS_RHSA-2018-0998.NASL", "CISCO-SA-20141015-POODLE-ASA.NASL", "CISCO-SA-20141015-POODLE-WLC.NASL", "CISCO-VCS-CSCUO16472.NASL", "DEBIAN_DLA-282.NASL", "DEBIAN_DSA-1379.NASL", "DEBIAN_DSA-3053.NASL", "DEBIAN_DSA-4017.NASL", "DEBIAN_DSA-4018.NASL", "DEBIAN_DSA-4065.NASL", "DEBIAN_DSA-4157.NASL", "EULEROS_SA-2018-1115.NASL", "EULEROS_SA-2021-2542.NASL", "EULEROS_SA-2021-2566.NASL", "F5_BIGIP_SOL14363514.NASL", "F5_BIGIP_SOL6734.NASL", "F5_BIGIP_SOL8106.NASL", "FEDORA_2009-12229.NASL", "FEDORA_2009-12782.NASL", "FEDORA_2009-12968.NASL", "FEDORA_2010-3905.NASL", "FEDORA_2010-5357.NASL", "FEDORA_2010-5942.NASL", "FEDORA_2010-6131.NASL", "FEDORA_2011-12281.NASL", "FEDORA_2012-18035.NASL", "FEDORA_2012-6343.NASL", "FEDORA_2014-15411.NASL", "FEDORA_2014-1560.NASL", "FEDORA_2014-17587.NASL", "FEDORA_2014-4879.NASL", "FILEZILLA_SERVER_0944.NASL", "FORTIOS_FG-IR-17-137.NASL", "FREEBSD_PKG_03532A19D68E11E6917114DAE9D210B8.NASL", "FREEBSD_PKG_2ECB7B20D97E11E0B2E200215C6A37BB.NASL", "FREEBSD_PKG_3BB451FCDB6411E7AC58B499BAEBFEAF.NASL", "FREEBSD_PKG_82B55DF84D5A11DE88110030843D3802.NASL", "FREEBSD_PKG_9442A811DAB311E7B5AFA4BADB2F4699.NASL", "FREEBSD_PKG_B7CFF5A931CC11E88F07B499BAEBFEAF.NASL", "FREEBSD_PKG_BEA84A7AE0C911E7B4F311BAA0C2DF21.NASL", "FREEBSD_PKG_F40F07AAC00F11E7AC58B499BAEBFEAF.NASL", "GENTOO_GLSA-201402-25.NASL", "GENTOO_GLSA-201404-07.NASL", "GENTOO_GLSA-201412-11.NASL", "GENTOO_GLSA-201712-03.NASL", "HPUX_PHSS_35481.NASL", "HP_INSIGHT_CONTROL_SERVER_MIGRATION_7_3_2.NASL", "IBM_DOMINO_9_0_1_FP2.NASL", "JUNIPER_PSN-2012-07-645.NASL", "KASPERSKY_INTERNET_SECURITY_HEARTBLEED.NASL", "LIBREOFFICE_423.NASL", "MACOSX_SECUPD2015-001.NASL", "MANDRAKE_MDKSA-2006-172.NASL", "MANDRIVA_MDVSA-2011-137.NASL", "MANDRIVA_MDVSA-2012-060.NASL", "MANDRIVA_MDVSA-2014-203.NASL", "MCAFEE_NGFW_SB10071.NASL", "MOZILLA_THUNDERBIRD_304.NASL", "MYSQL_5_6_39.NASL", "MYSQL_5_6_39_RPM.NASL", "MYSQL_5_7_21_RPM.NASL", "MYSQL_ENTERPRISE_MONITOR_4_0_2_5168.NASL", "OPENOFFICE_32.NASL", "OPENSSL_1_0_0D.NASL", "OPENSSL_1_0_0I.NASL", "OPENSSL_1_0_2N.NASL", "OPENSUSE-2012-76.NASL", "OPENSUSE-2017-1324.NASL", "OPENSUSE-2018-116.NASL", "OPENSUSE-2018-389.NASL", "OPENSUSE-2018-5.NASL", "OPENSUSE-2018-90.NASL", "ORACLELINUX_ELSA-2010-0166.NASL", "ORACLELINUX_ELSA-2010-0333.NASL", "ORACLELINUX_ELSA-2015-0085.NASL", "ORACLELINUX_ELSA-2018-0998.NASL", "ORACLEVM_OVMSA-2014-0037.NASL", "ORACLEVM_OVMSA-2018-0248.NASL", "ORACLE_E-BUSINESS_CPU_JAN_2018.NASL", "ORACLE_ENTERPRISE_MANAGER_APR_2018_CPU.NASL", "ORACLE_HTTP_SERVER_CPU_OCT_2015.NASL", "ORACLE_JAVA_CPU_JAN_2015_UNIX.NASL", "ORACLE_JAVA_CPU_MAR_2010_UNIX.NASL", "ORACLE_JAVA_CPU_OCT_2010_UNIX.NASL", "ORACLE_SECURE_GLOBAL_DESKTOP_APR_2018_CPU.NASL", "ORACLE_SECURE_GLOBAL_DESKTOP_JAN_2015_CPU.NASL", "ORACLE_SECURE_GLOBAL_DESKTOP_JAN_2018_CPU.NASL", "PFSENSE_SA-17_11.NASL", "REDHAT-RHSA-2007-0073.NASL", "REDHAT-RHSA-2007-0964.NASL", "REDHAT-RHSA-2010-0164.NASL", "REDHAT-RHSA-2010-0338.NASL", "REDHAT-RHSA-2011-0880.NASL", "REDHAT-RHSA-2014-0378.NASL", "REDHAT-RHSA-2014-1652.NASL", "REDHAT-RHSA-2018-2575.NASL", "SEAMONKEY_204.NASL", "SECURITYCENTER_OPENSSL_1_0_2N.NASL", "SLACKWARE_SSA_2006-272-01.NASL", "SLACKWARE_SSA_2014-288-01.NASL", "SLACKWARE_SSA_2017-306-02.NASL", "SLACKWARE_SSA_2017-342-01.NASL", "SL_20071012_OPENSSL_ON_SL5_X.NASL", "SL_20071022_OPENSSL_ON_SL3.NASL", "SL_20071115_OPENSSL_ON_SL4_X.NASL", "SL_20100325_OPENSSL_ON_SL5_X.NASL", "SL_20101013_JAVA_1_6_0_OPENJDK_ON_SL5_X.NASL", "SL_20110519_OPENSSL_ON_SL6_X.NASL", "SL_20180410_OPENSSL_ON_SL7_X.NASL", "SL_20180703_PYTHON_ON_SL7_X.NASL", "SOLARIS10_119213-38.NASL", "SOLARIS10_125437-22.NASL", "SOLARIS10_X86_118372.NASL", "SOLARIS10_X86_125438.NASL", "SOLARIS11_OPENSSL_20140731.NASL", "SOLARIS9_114049.NASL", "SOLARIS9_X86_114050.NASL", "SOLARIS9_X86_114568.NASL", "SOLARWINDS_SRM_PROFILER_6_2_3.NASL", "SPLUNK_5011.NASL", "SSL_MEDIUM_SUPPORTED_CIPHERS.NASL", "SUSE_11_0_COMPAT-OPENSSL097G-091113.NASL", "SUSE_11_0_FIREFOX35UPGRADE-100407.NASL", "SUSE_11_0_LIBOPENSSL-DEVEL-090522.NASL", "SUSE_11_1_COMPAT-OPENSSL097G-091113.NASL", "SUSE_11_1_LIBOPENSSL-DEVEL-090522.NASL", "SUSE_11_1_LIBOPENSSL-DEVEL-101111.NASL", "SUSE_11_1_LIBOPENSSL-DEVEL-101207.NASL", "SUSE_11_2_JAVA-1_6_0-SUN-100331.NASL", "SUSE_11_2_LIBOPENSSL-DEVEL-110210.NASL", "SUSE_11_2_SEAMONKEY-100406.NASL", "SUSE_11_3_GNUTLS-101025.NASL", "SUSE_11_3_LIBOPENSSL-DEVEL-101119.NASL", "SUSE_11_COMPAT-OPENSSL097G-110721.NASL", "SUSE_11_GNUTLS-101206.NASL", "SUSE_11_JAVA-1_6_0-IBM-141119.NASL", "SUSE_11_LIBFREEBL3-100406.NASL", "SUSE_11_LIBOPENSSL-DEVEL-091112.NASL", "SUSE_11_LIBWSMAN-DEVEL-141021.NASL", "SUSE_11_MOZILLAFIREFOX-100407.NASL", "SUSE_11_PURE-FTPD-141120.NASL", "SUSE_COMPAT-OPENSSL097G-2171.NASL", "SUSE_COMPAT-OPENSSL097G-6657.NASL", "SUSE_JAVA-1_5_0-IBM-7077.NASL", "SUSE_LIBCURL4-8618.NASL", "SUSE_OPENSSL-2140.NASL", "SUSE_OPENSSL-2349.NASL", "SUSE_OPENSSL-6654.NASL", "SUSE_OPENSSL-CVE-2009-4355.PATCH-6783.NASL", "SUSE_SU-2014-1541-1.NASL", "SUSE_SU-2015-0503-1.NASL", "SUSE_SU-2017-0346-1.NASL", "SUSE_SU-2017-0460-1.NASL", "SUSE_SU-2017-0490-1.NASL", "SUSE_SU-2017-0726-1.NASL", "SUSE_SU-2017-3169-1.NASL", "SYMANTEC_ENDPOINT_PROT_MGR_12_1_RU4_MP1A.NASL", "UBUNTU_USN-1010-1.NASL", "UBUNTU_USN-2079-1.NASL", "UBUNTU_USN-3194-1.NASL", "UBUNTU_USN-3270-1.NASL", "UBUNTU_USN-3475-1.NASL", "UBUNTU_USN-3512-1.NASL", "UBUNTU_USN-620-1.NASL", "UBUNTU_USN-927-4.NASL", "UBUNTU_USN-990-1.NASL", "VIRTUALBOX_5_2_6.NASL", "VMWARE_HORIZON_VIEW_VMSA-2015-0003.NASL", "VMWARE_VMSA-2010-0015_REMOTE.NASL", "VMWARE_VMSA-2012-0013_REMOTE.NASL", "WEBSENSE_EMAIL_SECURITY_HEARTBLEED.NASL", "WEBSPHERE_8_5_5_4.NASL", "XEROX_XRX15AJ.NASL"]}, {"type": "nmap", "idList": ["NMAP:SSL-HEARTBLEED.NSE"]}, {"type": "openssl", "idList": ["OPENSSL:CVE-2006-2940", "OPENSSL:CVE-2008-0891", "OPENSSL:CVE-2009-4355", "OPENSSL:CVE-2013-6449"]}, {"type": "openvas", "idList": ["OPENVAS:102024", "OPENVAS:102047", "OPENVAS:103849", "OPENVAS:105021", "OPENVAS:1361412562310102045", "OPENVAS:1361412562310102047", "OPENVAS:1361412562310103454", "OPENVAS:1361412562310105191", "OPENVAS:1361412562310107203", "OPENVAS:1361412562310107204", "OPENVAS:1361412562310107268", "OPENVAS:1361412562310107269", "OPENVAS:1361412562310107270", "OPENVAS:1361412562310108372", "OPENVAS:1361412562310120151", "OPENVAS:1361412562310120287", "OPENVAS:1361412562310120324", "OPENVAS:1361412562310120514", "OPENVAS:1361412562310121156", "OPENVAS:1361412562310122380", "OPENVAS:136141256231057389", "OPENVAS:136141256231057491", "OPENVAS:136141256231063141", "OPENVAS:136141256231064246", "OPENVAS:136141256231064248", "OPENVAS:136141256231064935", "OPENVAS:136141256231064949", "OPENVAS:136141256231065974", "OPENVAS:136141256231066240", "OPENVAS:136141256231066275", "OPENVAS:136141256231066302", "OPENVAS:136141256231066414", "OPENVAS:136141256231066450", "OPENVAS:136141256231066451", "OPENVAS:136141256231066517", "OPENVAS:136141256231066563", "OPENVAS:136141256231067218", "OPENVAS:1361412562310702896", "OPENVAS:1361412562310703253", "OPENVAS:1361412562310703489", "OPENVAS:1361412562310704017", "OPENVAS:1361412562310704018", "OPENVAS:1361412562310704065", "OPENVAS:1361412562310704157", "OPENVAS:1361412562310800499", "OPENVAS:1361412562310806126", "OPENVAS:1361412562310812648", "OPENVAS:1361412562310812649", "OPENVAS:1361412562310830934", "OPENVAS:1361412562310831454", "OPENVAS:1361412562310835229", "OPENVAS:1361412562310842078", "OPENVAS:1361412562310842563", "OPENVAS:1361412562310843401", "OPENVAS:1361412562310850582", "OPENVAS:1361412562310850910", "OPENVAS:1361412562310850936", "OPENVAS:1361412562310851688", "OPENVAS:1361412562310851734", "OPENVAS:1361412562310855170", "OPENVAS:1361412562310855192", "OPENVAS:1361412562310855300", "OPENVAS:1361412562310855346", "OPENVAS:1361412562310855376", "OPENVAS:1361412562310855612", "OPENVAS:1361412562310855702", "OPENVAS:1361412562310855768", "OPENVAS:1361412562310855771", "OPENVAS:1361412562310862207", "OPENVAS:1361412562310862721", "OPENVAS:1361412562310862920", "OPENVAS:1361412562310864153", "OPENVAS:1361412562310864229", "OPENVAS:1361412562310867235", "OPENVAS:1361412562310868705", "OPENVAS:1361412562310868721", "OPENVAS:1361412562310870236", "OPENVAS:1361412562310870237", "OPENVAS:1361412562310871274", "OPENVAS:1361412562310871275", "OPENVAS:1361412562310871304", "OPENVAS:1361412562310871305", "OPENVAS:1361412562310873627", "OPENVAS:1361412562310873748", "OPENVAS:1361412562310873785", "OPENVAS:1361412562310873829", "OPENVAS:1361412562310873837", "OPENVAS:1361412562310880611", "OPENVAS:1361412562310882104", "OPENVAS:1361412562310882106", "OPENVAS:1361412562310882640", "OPENVAS:57511", "OPENVAS:57909", "OPENVAS:61027", "OPENVAS:61182", "OPENVAS:64196", "OPENVAS:64246", "OPENVAS:64799", "OPENVAS:66498", "OPENVAS:66583", "OPENVAS:67053", "OPENVAS:67218", "OPENVAS:68673", "OPENVAS:68997", "OPENVAS:703253", "OPENVAS:830049", "OPENVAS:830842", "OPENVAS:830906", "OPENVAS:831014", "OPENVAS:831251", "OPENVAS:840138", "OPENVAS:840365", "OPENVAS:840411", "OPENVAS:855008", "OPENVAS:855735", "OPENVAS:861274", "OPENVAS:861861", "OPENVAS:862470", "OPENVAS:862628", "OPENVAS:863945", "OPENVAS:864283", "OPENVAS:867229", "OPENVAS:867344", "OPENVAS:867386", "OPENVAS:867768", "OPENVAS:870243", "OPENVAS:880612", "OPENVAS:880630"]}, {"type": "oracle", "idList": ["ORACLE:CPUAPR2015", "ORACLE:CPUJAN2011-194091", "ORACLE:CPUJAN2018", "ORACLE:CPUJAN2019-5072801", "ORACLE:CPUJUL2015-2367936"]}, {"type": "oraclelinux", "idList": ["ELSA-2006-0661", "ELSA-2009-1579", "ELSA-2010-0163", "ELSA-2010-0164", "ELSA-2010-0166", "ELSA-2010-0339", "ELSA-2010-0768", "ELSA-2014-1652", "ELSA-2015-0085", "ELSA-2018-0998", "ELSA-2018-4077"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:62019"]}, {"type": "photon", "idList": ["PHSA-2018-0010", "PHSA-2018-0010-A", "PHSA-2018-1.0-0097-A"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:7535985DCB1FBEA5FAF46D9453037D10"]}, {"type": "rapid7community", "idList": ["RAPID7COMMUNITY:2D16953CACCA4F69B642B05183F60758"]}, {"type": "redhat", "idList": ["RHSA-2009:1335", "RHSA-2010:0119", "RHSA-2010:0888", "RHSA-2010:0977", "RHSA-2010:0979", "RHSA-2010:0986", "RHSA-2011:0677", "RHSA-2012:0518", "RHSA-2012:1308", "RHSA-2014:0376", "RHSA-2014:0416", "RHSA-2015:0069", "RHSA-2015:0080", "RHSA-2015:0698", "RHSA-2018:2568", "RHSA-2021:0308"]}, {"type": "redhatcve", "idList": ["RH:CVE-2017-15896", "RH:CVE-2017-3736"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:31317", "SECURITYVULNS:DOC:31679", "SECURITYVULNS:VULN:10519", "SECURITYVULNS:VULN:13310", "SECURITYVULNS:VULN:13478", "SECURITYVULNS:VULN:14050", "SECURITYVULNS:VULN:14245", "SECURITYVULNS:VULN:14697", "SECURITYVULNS:VULN:9726"]}, {"type": "seebug", "idList": ["SSV:19736", "SSV:61276", "SSV:62185", "SSV:62186", "SSV:62190", "SSV:62238", "SSV:97082"]}, {"type": "slackware", "idList": ["SSA-2009-320-01", "SSA-2017-306-02", "SSA-2017-342-01"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2018:0223-1", "OPENSUSE-SU-2018:1057-1", "SUSE-SA:2006:058", "SUSE-SA:2007:010", "SUSE-SA:2010:061", "SUSE-SU-2012:0637-1", "SUSE-SU-2012:1149-2", "SUSE-SU-2015:0392-1", "SUSE-SU-2016:1459-1", "SUSE-SU-2017:1444-1"]}, {"type": "symantec", "idList": ["SMNTC-1423", "SMNTC-1428"]}, {"type": "tenable", "idList": ["TENABLE:50BE3CD37FC3509DDA43C11702778C75", "TENABLE:FF52F52E6157E81F57A22D9356B954AC"]}, {"type": "thn", "idList": ["THN:847F48AE6816E6BFF25355FC0EA7439A", "THN:EBCB003D7DB7BD8BF73239F9718C6126"]}, {"type": "threatpost", "idList": ["THREATPOST:6B6CA377F53631E389C8D36D80FC782A", "THREATPOST:76E9C3B4FF9F862F31CF7EBE00893BDF", "THREATPOST:B5CB39945899ADD3A3D3790E21175180"]}, {"type": "ubuntu", "idList": ["USN-3194-1", "USN-339-1", "USN-3475-1", "USN-3512-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2006-2940", "UB:CVE-2006-4339", "UB:CVE-2007-4995", "UB:CVE-2008-0891", "UB:CVE-2012-0050", "UB:CVE-2013-4353", "UB:CVE-2014-3566", "UB:CVE-2017-3736", "UB:CVE-2017-3737"]}, {"type": "virtuozzo", "idList": ["VZA-2017-081"]}, {"type": "vmware", "idList": ["VMSA-2010-0004", "VMSA-2011-0013", "VMSA-2015-0001.2"]}, {"type": "vulnerlab", "idList": ["VULNERLAB:967"]}, {"type": "zdt", "idList": ["1337DAY-ID-22122"]}]}, "exploitation": null, "epss": [{"cve": "CVE-2006-2937", "epss": "0.153130000", "percentile": "0.949480000", "modified": "2023-03-14"}, {"cve": "CVE-2006-2940", "epss": "0.028380000", "percentile": "0.891140000", "modified": "2023-03-14"}, {"cve": "CVE-2006-3738", "epss": "0.968750000", "percentile": "0.994640000", "modified": "2023-03-14"}, {"cve": "CVE-2006-4339", "epss": "0.012220000", "percentile": "0.832000000", "modified": "2023-03-14"}, {"cve": "CVE-2006-4343", "epss": "0.009150000", "percentile": "0.804260000", "modified": "2023-03-14"}, {"cve": "CVE-2007-3108", "epss": "0.000450000", "percentile": "0.124220000", "modified": "2023-03-14"}, {"cve": "CVE-2007-4995", "epss": "0.089100000", "percentile": "0.935670000", "modified": "2023-03-14"}, {"cve": "CVE-2007-5135", "epss": "0.571230000", "percentile": "0.971120000", "modified": "2023-03-14"}, {"cve": "CVE-2008-0891", "epss": "0.111560000", "percentile": "0.942190000", "modified": "2023-03-14"}, {"cve": "CVE-2008-1672", "epss": "0.043810000", "percentile": "0.910630000", "modified": "2023-03-14"}, {"cve": "CVE-2008-1678", "epss": "0.132390000", "percentile": "0.946240000", "modified": "2023-03-14"}, {"cve": "CVE-2009-1377", "epss": "0.053020000", "percentile": "0.918510000", "modified": "2023-03-14"}, {"cve": "CVE-2009-1378", "epss": "0.047500000", "percentile": "0.913980000", "modified": "2023-03-14"}, {"cve": "CVE-2009-1379", "epss": "0.117350000", "percentile": "0.943690000", "modified": "2023-03-14"}, {"cve": "CVE-2009-3555", "epss": "0.001750000", "percentile": "0.529230000", "modified": "2023-03-14"}, {"cve": "CVE-2009-4355", "epss": "0.203540000", "percentile": "0.955590000", "modified": "2023-03-14"}, {"cve": "CVE-2010-0742", "epss": "0.251030000", "percentile": "0.959100000", "modified": "2023-03-14"}, {"cve": "CVE-2010-1633", "epss": "0.008500000", "percentile": "0.796510000", "modified": "2023-03-14"}, {"cve": "CVE-2010-3864", "epss": "0.316350000", "percentile": "0.962770000", "modified": "2023-03-14"}, {"cve": "CVE-2010-4180", "epss": "0.002270000", "percentile": "0.590870000", "modified": "2023-03-14"}, {"cve": "CVE-2011-0014", "epss": "0.103370000", "percentile": "0.940210000", "modified": "2023-03-14"}, {"cve": "CVE-2011-3207", "epss": "0.013240000", "percentile": "0.839170000", "modified": "2023-03-14"}, {"cve": "CVE-2011-4108", "epss": "0.004850000", "percentile": "0.722660000", "modified": "2023-03-14"}, {"cve": "CVE-2012-0050", "epss": "0.464450000", "percentile": "0.968150000", "modified": "2023-03-14"}, {"cve": "CVE-2012-2110", "epss": "0.110130000", "percentile": "0.941900000", "modified": "2023-03-14"}, {"cve": "CVE-2013-4353", "epss": "0.684920000", "percentile": "0.973700000", "modified": "2023-03-14"}, {"cve": "CVE-2013-6449", "epss": "0.936840000", "percentile": "0.985520000", "modified": "2023-03-14"}, {"cve": "CVE-2013-6450", "epss": "0.043320000", "percentile": "0.910190000", "modified": "2023-03-14"}, {"cve": "CVE-2014-0160", "epss": "0.975900000", "percentile": "1.000000000", "modified": "2023-03-14"}, {"cve": "CVE-2014-3566", "epss": "0.975070000", "percentile": "0.999620000", "modified": "2023-03-14"}, {"cve": "CVE-2015-3193", "epss": "0.004530000", "percentile": "0.712820000", "modified": "2023-03-14"}, {"cve": "CVE-2016-0701", "epss": "0.118840000", "percentile": "0.943980000", "modified": "2023-03-14"}, {"cve": "CVE-2016-2183", "epss": "0.004390000", "percentile": "0.708160000", "modified": "2023-03-14"}, {"cve": "CVE-2017-3732", "epss": "0.008180000", "percentile": "0.792300000", "modified": "2023-03-14"}, {"cve": "CVE-2017-3736", "epss": "0.002810000", "percentile": "0.634960000", "modified": "2023-03-14"}, {"cve": "CVE-2017-3737", "epss": "0.966690000", "percentile": "0.993600000", "modified": "2023-03-14"}, {"cve": "CVE-2017-3738", "epss": "0.007640000", "percentile": "0.783640000", "modified": "2023-03-14"}], "vulnersScore": 0.5}, "_state": {"dependencies": 1673453919, "score": 1673455684, "epss": 1678882283}, "_internal": {"score_hash": "eb4dbab1707ad2f3c4739c409167fbdd"}, "pluginID": "127201", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\n# The descriptive text and package checks in this plugin were\n# extracted from ZTE advisory NS-SA-2019-0033. The text\n# itself is copyright (C) ZTE, Inc.\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(127201);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/19\");\n\n script_cve_id(\n \"CVE-2006-2937\",\n \"CVE-2006-2940\",\n \"CVE-2006-3738\",\n \"CVE-2006-4339\",\n \"CVE-2006-4343\",\n \"CVE-2007-3108\",\n \"CVE-2007-4995\",\n \"CVE-2007-5135\",\n \"CVE-2008-0891\",\n \"CVE-2008-1672\",\n \"CVE-2009-1377\",\n \"CVE-2009-1378\",\n \"CVE-2009-1379\",\n \"CVE-2009-3555\",\n \"CVE-2009-4355\",\n \"CVE-2010-0742\",\n \"CVE-2010-1633\",\n \"CVE-2010-3864\",\n \"CVE-2010-4180\",\n \"CVE-2011-0014\",\n \"CVE-2011-3207\",\n \"CVE-2012-0050\",\n \"CVE-2012-2110\",\n \"CVE-2013-4353\",\n \"CVE-2013-6449\",\n \"CVE-2013-6450\",\n \"CVE-2014-0160\",\n \"CVE-2014-3566\",\n \"CVE-2016-2183\",\n \"CVE-2017-3736\",\n \"CVE-2017-3737\",\n \"CVE-2017-3738\"\n );\n script_bugtraq_id(92630);\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/05/25\");\n\n script_name(english:\"NewStart CGSL CORE 5.04 / MAIN 5.04 : openssl Multiple Vulnerabilities (NS-SA-2019-0033)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote machine is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has openssl packages installed that are affected\nby multiple vulnerabilities:\n\n - OpenSSL 1.0.2 (starting from version 1.0.2b) introduced\n an error state mechanism. The intent was that if a\n fatal error occurred during a handshake then OpenSSL\n would move into the error state and would immediately\n fail if you attempted to continue the handshake. This\n works as designed for the explicit handshake functions\n (SSL_do_handshake(), SSL_accept() and SSL_connect()),\n however due to a bug it does not work correctly if\n SSL_read() or SSL_write() is called directly. In that\n scenario, if the handshake fails then a fatal error will\n be returned in the initial function call. If\n SSL_read()/SSL_write() is subsequently called by the\n application for the same SSL object then it will succeed\n and the data is passed without being decrypted/encrypted\n directly from the SSL/TLS record layer. In order to\n exploit this issue an application bug would have to be\n present that resulted in a call to\n SSL_read()/SSL_write() being issued after having already\n received a fatal error. OpenSSL version 1.0.2b-1.0.2m\n are affected. Fixed in OpenSSL 1.0.2n. OpenSSL 1.1.0 is\n not affected. (CVE-2017-3737)\n\n - There is an overflow bug in the AVX2 Montgomery\n multiplication procedure used in exponentiation with\n 1024-bit moduli. No EC algorithms are affected. Analysis\n suggests that attacks against RSA and DSA as a result of\n this defect would be very difficult to perform and are\n not believed likely. Attacks against DH1024 are\n considered just feasible, because most of the work\n necessary to deduce information about a private key may\n be performed offline. The amount of resources required\n for such an attack would be significant. However, for an\n attack on TLS to be meaningful, the server would have to\n share the DH1024 private key among multiple clients,\n which is no longer an option since CVE-2016-0701. This\n only affects processors that support the AVX2 but not\n ADX extensions like Intel Haswell (4th generation).\n Note: The impact from this issue is similar to\n CVE-2017-3736, CVE-2017-3732 and CVE-2015-3193. OpenSSL\n version 1.0.2-1.0.2m and 1.1.0-1.1.0g are affected.\n Fixed in OpenSSL 1.0.2n. Due to the low severity of this\n issue we are not issuing a new release of OpenSSL 1.1.0\n at this time. The fix will be included in OpenSSL 1.1.0h\n when it becomes available. The fix is also available in\n commit e502cc86d in the OpenSSL git repository.\n (CVE-2017-3738)\n\n - There is a carry propagating bug in the x86_64\n Montgomery squaring procedure in OpenSSL before 1.0.2m\n and 1.1.0 before 1.1.0g. No EC algorithms are affected.\n Analysis suggests that attacks against RSA and DSA as a\n result of this defect would be very difficult to perform\n and are not believed likely. Attacks against DH are\n considered just feasible (although very difficult)\n because most of the work necessary to deduce information\n about a private key may be performed offline. The amount\n of resources required for such an attack would be very\n significant and likely only accessible to a limited\n number of attackers. An attacker would additionally need\n online access to an unpatched system using the target\n private key in a scenario with persistent DH parameters\n and a private key that is shared between multiple\n clients. This only affects processors that support the\n BMI1, BMI2 and ADX extensions like Intel Broadwell (5th\n generation) and later or AMD Ryzen. (CVE-2017-3736)\n\n - OpenSSL 0.9.7 before 0.9.7l and 0.9.8 before 0.9.8d\n allows remote attackers to cause a denial of service\n (infinite loop and memory consumption) via malformed\n ASN.1 structures that trigger an improperly handled\n error condition. (CVE-2006-2937)\n\n - OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and\n earlier versions allows attackers to cause a denial of\n service (CPU consumption) via parasitic public keys with\n large (1) public exponent or (2) public modulus\n values in X.509 certificates that require extra time to\n process when using RSA signature verification.\n (CVE-2006-2940)\n\n - Buffer overflow in the SSL_get_shared_ciphers function\n in OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and\n earlier versions has unspecified impact and remote\n attack vectors involving a long list of ciphers.\n (CVE-2006-3738)\n\n - OpenSSL before 0.9.7, 0.9.7 before 0.9.7k, and 0.9.8\n before 0.9.8c, when using an RSA key with exponent 3,\n removes PKCS-1 padding before generating a hash, which\n allows remote attackers to forge a PKCS #1 v1.5\n signature that is signed by that RSA key and prevents\n OpenSSL from correctly verifying X.509 and other\n certificates that use PKCS #1. (CVE-2006-4339)\n\n - The get_server_hello function in the SSLv2 client code\n in OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and\n earlier versions allows remote servers to cause a denial\n of service (client crash) via unknown vectors that\n trigger a null pointer dereference. (CVE-2006-4343)\n\n - The BN_from_montgomery function in crypto/bn/bn_mont.c\n in OpenSSL 0.9.8e and earlier does not properly perform\n Montgomery multiplication, which might allow local users\n to conduct a side-channel attack and retrieve RSA\n private keys. (CVE-2007-3108)\n\n - Off-by-one error in the DTLS implementation in OpenSSL\n 0.9.8 before 0.9.8f allows remote attackers to execute\n arbitrary code via unspecified vectors. (CVE-2007-4995)\n\n - Off-by-one error in the SSL_get_shared_ciphers function\n in OpenSSL 0.9.7 up to 0.9.7l, and 0.9.8 up to 0.9.8f,\n might allow remote attackers to execute arbitrary code\n via a crafted packet that triggers a one-byte buffer\n underflow. NOTE: this issue was introduced as a result\n of a fix for CVE-2006-3738. As of 20071012, it is\n unknown whether code execution is possible.\n (CVE-2007-5135)\n\n - Double free vulnerability in OpenSSL 0.9.8f and 0.9.8g,\n when the TLS server name extensions are enabled, allows\n remote attackers to cause a denial of service (crash)\n via a malformed Client Hello packet. NOTE: some of these\n details are obtained from third party information.\n (CVE-2008-0891)\n\n - OpenSSL 0.9.8f and 0.9.8g allows remote attackers to\n cause a denial of service (crash) via a TLS handshake\n that omits the Server Key Exchange message and uses\n particular cipher suites, which triggers a NULL\n pointer dereference. (CVE-2008-1672)\n\n - The dtls1_buffer_record function in ssl/d1_pkt.c in\n OpenSSL 0.9.8k and earlier 0.9.8 versions allows remote\n attackers to cause a denial of service (memory\n consumption) via a large series of future epoch DTLS\n records that are buffered in a queue, aka DTLS record\n buffer limitation bug. (CVE-2009-1377)\n\n - Multiple memory leaks in the\n dtls1_process_out_of_seq_message function in\n ssl/d1_both.c in OpenSSL 0.9.8k and earlier 0.9.8\n versions allow remote attackers to cause a denial of\n service (memory consumption) via DTLS records that (1)\n are duplicates or (2) have sequence numbers much greater\n than current sequence numbers, aka DTLS fragment\n handling memory leak. (CVE-2009-1378)\n\n - Use-after-free vulnerability in the\n dtls1_retrieve_buffered_fragment function in\n ssl/d1_both.c in OpenSSL 1.0.0 Beta 2 allows remote\n attackers to cause a denial of service (openssl s_client\n crash) and possibly have unspecified other impact via a\n DTLS packet, as demonstrated by a packet from a server\n that uses a crafted server certificate. (CVE-2009-1379)\n\n - The TLS protocol, and the SSL protocol 3.0 and possibly\n earlier, as used in Microsoft Internet Information\n Services (IIS) 7.0, mod_ssl in the Apache HTTP Server\n 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5\n and earlier, Mozilla Network Security Services (NSS)\n 3.12.4 and earlier, multiple Cisco products, and other\n products, does not properly associate renegotiation\n handshakes with an existing connection, which allows\n man-in-the-middle attackers to insert data into HTTPS\n sessions, and possibly other types of sessions protected\n by TLS or SSL, by sending an unauthenticated request\n that is processed retroactively by a server in a post-\n renegotiation context, related to a plaintext\n injection attack, aka the Project Mogul issue.\n (CVE-2009-3555)\n\n - Memory leak in the zlib_stateful_finish function in\n crypto/comp/c_zlib.c in OpenSSL 0.9.8l and earlier and\n 1.0.0 Beta through Beta 4 allows remote attackers to\n cause a denial of service (memory consumption) via\n vectors that trigger incorrect calls to the\n CRYPTO_cleanup_all_ex_data function, as demonstrated by\n use of SSLv3 and PHP with the Apache HTTP Server, a\n related issue to CVE-2008-1678. (CVE-2009-4355)\n\n - The Cryptographic Message Syntax (CMS) implementation in\n crypto/cms/cms_asn1.c in OpenSSL before 0.9.8o and 1.x\n before 1.0.0a does not properly handle structures that\n contain OriginatorInfo, which allows context-dependent\n attackers to modify invalid memory locations or conduct\n double-free attacks, and possibly execute arbitrary\n code, via unspecified vectors. (CVE-2010-0742)\n\n - RSA verification recovery in the EVP_PKEY_verify_recover\n function in OpenSSL 1.x before 1.0.0a, as used by\n pkeyutl and possibly other applications, returns\n uninitialized memory upon failure, which might allow\n context-dependent attackers to bypass intended key\n requirements or obtain sensitive information via\n unspecified vectors. NOTE: some of these details are\n obtained from third party information. (CVE-2010-1633)\n\n - Multiple race conditions in ssl/t1_lib.c in OpenSSL\n 0.9.8f through 0.9.8o, 1.0.0, and 1.0.0a, when multi-\n threading and internal caching are enabled on a TLS\n server, might allow remote attackers to execute\n arbitrary code via client data that triggers a heap-\n based buffer overflow, related to (1) the TLS server\n name extension and (2) elliptic curve cryptography.\n (CVE-2010-3864)\n\n - OpenSSL before 0.9.8q, and 1.0.x before 1.0.0c, when\n SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG is enabled, does\n not properly prevent modification of the ciphersuite in\n the session cache, which allows remote attackers to\n force the downgrade to an unintended cipher via vectors\n involving sniffing network traffic to discover a session\n identifier. (CVE-2010-4180)\n\n - ssl/t1_lib.c in OpenSSL 0.9.8h through 0.9.8q and 1.0.0\n through 1.0.0c allows remote attackers to cause a denial\n of service (crash), and possibly obtain sensitive\n information in applications that use OpenSSL, via a\n malformed ClientHello handshake message that triggers an\n out-of-bounds memory access, aka OCSP stapling\n vulnerability. (CVE-2011-0014)\n\n - crypto/x509/x509_vfy.c in OpenSSL 1.0.x before 1.0.0e\n does not initialize certain structure members, which\n makes it easier for remote attackers to bypass CRL\n validation by using a nextUpdate value corresponding to\n a time in the past. (CVE-2011-3207)\n\n - OpenSSL 0.9.8s and 1.0.0f does not properly support DTLS\n applications, which allows remote attackers to cause a\n denial of service (crash) via unspecified vectors\n related to an out-of-bounds read. NOTE: this\n vulnerability exists because of an incorrect fix for\n CVE-2011-4108. (CVE-2012-0050)\n\n - The asn1_d2i_read_bio function in crypto/asn1/a_d2i_fp.c\n in OpenSSL before 0.9.8v, 1.0.0 before 1.0.0i, and 1.0.1\n before 1.0.1a does not properly interpret integer data,\n which allows remote attackers to conduct buffer overflow\n attacks, and cause a denial of service (memory\n corruption) or possibly have unspecified other impact,\n via crafted DER data, as demonstrated by an X.509\n certificate or an RSA public key. (CVE-2012-2110)\n\n - The ssl3_take_mac function in ssl/s3_both.c in OpenSSL\n 1.0.1 before 1.0.1f allows remote TLS servers to cause a\n denial of service (NULL pointer dereference and\n application crash) via a crafted Next Protocol\n Negotiation record in a TLS handshake. (CVE-2013-4353)\n\n - The ssl_get_algorithm2 function in ssl/s3_lib.c in\n OpenSSL before 1.0.2 obtains a certain version number\n from an incorrect data structure, which allows remote\n attackers to cause a denial of service (daemon crash)\n via crafted traffic from a TLS 1.2 client.\n (CVE-2013-6449)\n\n - The DTLS retransmission implementation in OpenSSL 1.0.0\n before 1.0.0l and 1.0.1 before 1.0.1f does not properly\n maintain data structures for digest and encryption\n contexts, which might allow man-in-the-middle attackers\n to trigger the use of a different context and cause a\n denial of service (application crash) by interfering\n with packet delivery, related to ssl/d1_both.c and\n ssl/t1_enc.c. (CVE-2013-6450)\n\n - An information disclosure flaw was found in the way\n OpenSSL handled TLS and DTLS Heartbeat Extension\n packets. A malicious TLS or DTLS client or server could\n send a specially crafted TLS or DTLS Heartbeat packet to\n disclose a limited portion of memory per request from a\n connected client or server. Note that the disclosed\n portions of memory could potentially include sensitive\n information such as private keys. (CVE-2014-0160)\n\n - A flaw was found in the way SSL 3.0 handled padding\n bytes when decrypting messages encrypted using block\n ciphers in cipher block chaining (CBC) mode. This flaw\n allows a man-in-the-middle (MITM) attacker to decrypt a\n selected byte of a cipher text in as few as 256 tries if\n they are able to force a victim application to\n repeatedly send the same data over newly created SSL 3.0\n connections. (CVE-2014-3566)\n\n - A flaw was found in the way the DES/3DES cipher was used\n as part of the TLS/SSL protocol. A man-in-the-middle\n attacker could use this flaw to recover some plaintext\n data by capturing large amounts of encrypted traffic\n between TLS/SSL server and client if the communication\n used a DES/3DES based ciphersuite. (CVE-2016-2183)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/notice/NS-SA-2019-0033\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade the vulnerable CGSL openssl packages. Note that updated packages may not be available yet. Please contact ZTE\nfor more information.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2006-3738\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2016-2183\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_cwe_id(119, 189, 287, 310, 399);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2006/09/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/07/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/08/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"NewStart CGSL Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/ZTE-CGSL/release\", \"Host/ZTE-CGSL/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/ZTE-CGSL/release\");\nif (isnull(release) || release !~ \"^CGSL (MAIN|CORE)\") audit(AUDIT_OS_NOT, \"NewStart Carrier Grade Server Linux\");\n\nif (release !~ \"CGSL CORE 5.04\" &&\n release !~ \"CGSL MAIN 5.04\")\n audit(AUDIT_OS_NOT, 'NewStart CGSL CORE 5.04 / NewStart CGSL MAIN 5.04');\n\nif (!get_kb_item(\"Host/ZTE-CGSL/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"NewStart Carrier Grade Server Linux\", cpu);\n\nflag = 0;\n\npkgs = {\n \"CGSL CORE 5.04\": [\n \"openssl-1.0.2k-12.el7.cgslv5lite.0.1.g0e5ddfd\",\n \"openssl-crypto-1.0.2k-12.el7.cgslv5lite.0.1.g0e5ddfd\",\n \"openssl-debuginfo-1.0.2k-12.el7.cgslv5lite.0.1.g0e5ddfd\",\n \"openssl-devel-1.0.2k-12.el7.cgslv5lite.0.1.g0e5ddfd\",\n \"openssl-libs-1.0.2k-12.el7.cgslv5lite.0.1.g0e5ddfd\",\n \"openssl-perl-1.0.2k-12.el7.cgslv5lite.0.1.g0e5ddfd\",\n \"openssl-static-1.0.2k-12.el7.cgslv5lite.0.1.g0e5ddfd\"\n ],\n \"CGSL MAIN 5.04\": [\n \"openssl-1.0.2k-12.el7.cgslv5\",\n \"openssl-debuginfo-1.0.2k-12.el7.cgslv5\",\n \"openssl-devel-1.0.2k-12.el7.cgslv5\",\n \"openssl-libs-1.0.2k-12.el7.cgslv5\",\n \"openssl-perl-1.0.2k-12.el7.cgslv5\",\n \"openssl-static-1.0.2k-12.el7.cgslv5\"\n ]\n};\npkg_list = pkgs[release];\n\nforeach (pkg in pkg_list)\n if (rpm_check(release:\"ZTE \" + release, reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssl\");\n}\n", "naslFamily": "NewStart CGSL Local Security Checks", "cpe": [], "solution": "Upgrade the vulnerable CGSL openssl packages. Note that updated packages may not be available yet. Please contact ZTE for more information.", "nessusSeverity": "Critical", "cvssScoreSource": "CVE-2006-3738", "vendor_cvss2": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "vendor_cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}, "vpr": {"risk factor": "High", "score": "7.7"}, "exploitAvailable": true, "exploitEase": "Exploits are available", "patchPublicationDate": "2019-07-17T00:00:00", "vulnerabilityPublicationDate": "2006-09-05T00:00:00", "exploitableWith": ["Core Impact"]}

{"openvas": [{"lastseen": "2017-07-02T21:13:54", "description": "Check for the Version of kernel", "cvss3": {}, "published": "2009-06-03T00:00:00", "type": "openvas", "title": "Solaris Update for kernel 127127-11", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2006-3738", "CVE-2006-2940", "CVE-2006-2937", "CVE-2006-4343", "CVE-2006-4339", "CVE-2007-5135"], "modified": "2017-02-20T00:00:00", "id": "OPENVAS:855322", "href": "http://plugins.openvas.org/nasl.php?oid=855322", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Solaris Update for kernel 127127-11\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_affected = \"kernel on solaris_5.10_sparc\";\ntag_insight = \"The remote host is missing a patch containing a security fix,\n which affects the following component(s): \n kernel\n For more information please visit the below reference link.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\nif(description)\n{\n script_id(855322);\n script_version(\"$Revision: 5359 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-02-20 12:20:19 +0100 (Mon, 20 Feb 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-06-03 12:31:50 +0200 (Wed, 03 Jun 2009)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"SUNSolve\", value: \"127127-11\");\n script_cve_id(\"CVE-2006-3738\", \"CVE-2006-4343\", \"CVE-2006-4339\", \"CVE-2006-2937\", \"CVE-2006-2940\", \"CVE-2007-5135\");\n script_name( \"Solaris Update for kernel 127127-11\");\n\n script_xref(name : \"URL\" , value : \"http://sunsolve.sun.com/search/document.do?assetkey=1-21-127127-11-1\");\n\n script_summary(\"Check for the Version of kernel\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Solaris Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/solosversion\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"solaris.inc\");\n\nrelease = get_kb_item(\"ssh/login/solosversion\");\n\nif(release == NULL){\n exit(0);\n}\n\nif(solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"127127-11\", package:\"SUNWgssdh SUNWcakr.u SUNWrcmdc SUNWpsu SUNWfss SUNWatfsu SUNWscplp SUNWudapltu SUNWrds SUNWarc SUNWcakrnt2000.v SUNWfmd SUNWintgige SUNWbtool SUNWidn.u FJSVcpcu SUNWperl584core SUNWypr SUNWcry SUNWkrbu SUNWdrcr.u SUNWsmapi SUNWtavor SUNWgssk SUNWmdb SUNWzfsu SUNWaudit SUNWtsr SUNWldomr.v SUNWiopc.v SUNWcakr.us SUNWpapi SUNWcart200.v SUNWcpr.u SUNWkvm.u SUNWsndmu SUNWnfssu SUNWkdcu SUNWmdr SUNWpcr SUNWkvm.v SUNWkvm.us FJSVhea SUNWxcu4 SUNWudapltr SUNWdtrc SUNWopenssl-libraries FJSVfmd SUNWus.u SUNWcsl FJSVmdbr SUNWcpcu SUNWrcmds SUNWvolu SUNWniumx.v SUNWcpc.v SUNWib SUNWnisu SUNWtoo SUNWcryr SUNWdrr.u FJSVpiclu SUNWkvmt200.v SUNWefc.u SUNWtnetc SUNWpiclu SUNWtsg SUNWypu SUNWftduu SUNWppm SUNWcakr.v SUNWusb SUNWn2cp.v SUNWcti2.u SUNWzfsr SUNWdrr.us SUNWckr SUNWcsr SUNWfruid SUNW1394 SUNWgss SUNWkrbr SUNWtsu SUNWmdbr SUNWpd SUNWldomu.v SUNWpcu SUNWzfskr SUNWarcr SUNWmdu FJSVmdb SUNWpamsc SUNWwbsup SUNWcar.v SUNWhea SUNWnfsckr SUNWdtrp SUNWspnego SUNWdcar SUNWcpc.us SUNWpl5u SUNWnfsskr SUNWtnetd SUNWcslr SUNWippcore SUNWcsu SUNWust1.v SUNWnxge.v SUNWnfscu SUNWesu SUNWnxge.u SUNWcsd SUNWfruip.u SUNWpsr SUNWssad SUNWpdu SUNWcpc.u SUNWipplr SUNWpsm-lpd SUNWluxl SUNWefc.us SUNWzoneu SUNWipplu SUNWust2.v SUNWnfscr SUNWwrsm.u SUNWftdur SUNWpiclr SUNWcstl\") < 0)\n{\n security_message(0);\n exit(0);\n}", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-09T11:39:16", "description": "Check for the Version of kernel", "cvss3": {}, "published": "2009-06-03T00:00:00", "type": "openvas", "title": "Solaris Update for kernel 127127-11", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2006-3738", "CVE-2006-2940", "CVE-2006-2937", "CVE-2006-4343", "CVE-2006-4339", "CVE-2007-5135"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:1361412562310855322", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310855322", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Solaris Update for kernel 127127-11\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_affected = \"kernel on solaris_5.10_sparc\";\ntag_insight = \"The remote host is missing a patch containing a security fix,\n which affects the following component(s): \n kernel\n For more information please visit the below reference link.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.855322\");\n script_version(\"$Revision: 9370 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:53:14 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-06-03 12:31:50 +0200 (Wed, 03 Jun 2009)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"SUNSolve\", value: \"127127-11\");\n script_cve_id(\"CVE-2006-3738\", \"CVE-2006-4343\", \"CVE-2006-4339\", \"CVE-2006-2937\", \"CVE-2006-2940\", \"CVE-2007-5135\");\n script_name( \"Solaris Update for kernel 127127-11\");\n\n script_xref(name : \"URL\" , value : \"http://sunsolve.sun.com/search/document.do?assetkey=1-21-127127-11-1\");\n\n script_tag(name:\"summary\", value:\"Check for the Version of kernel\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Solaris Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/solosversion\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"solaris.inc\");\n\nrelease = get_kb_item(\"ssh/login/solosversion\");\n\nif(release == NULL){\n exit(0);\n}\n\nif(solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"127127-11\", package:\"SUNWgssdh SUNWcakr.u SUNWrcmdc SUNWpsu SUNWfss SUNWatfsu SUNWscplp SUNWudapltu SUNWrds SUNWarc SUNWcakrnt2000.v SUNWfmd SUNWintgige SUNWbtool SUNWidn.u FJSVcpcu SUNWperl584core SUNWypr SUNWcry SUNWkrbu SUNWdrcr.u SUNWsmapi SUNWtavor SUNWgssk SUNWmdb SUNWzfsu SUNWaudit SUNWtsr SUNWldomr.v SUNWiopc.v SUNWcakr.us SUNWpapi SUNWcart200.v SUNWcpr.u SUNWkvm.u SUNWsndmu SUNWnfssu SUNWkdcu SUNWmdr SUNWpcr SUNWkvm.v SUNWkvm.us FJSVhea SUNWxcu4 SUNWudapltr SUNWdtrc SUNWopenssl-libraries FJSVfmd SUNWus.u SUNWcsl FJSVmdbr SUNWcpcu SUNWrcmds SUNWvolu SUNWniumx.v SUNWcpc.v SUNWib SUNWnisu SUNWtoo SUNWcryr SUNWdrr.u FJSVpiclu SUNWkvmt200.v SUNWefc.u SUNWtnetc SUNWpiclu SUNWtsg SUNWypu SUNWftduu SUNWppm SUNWcakr.v SUNWusb SUNWn2cp.v SUNWcti2.u SUNWzfsr SUNWdrr.us SUNWckr SUNWcsr SUNWfruid SUNW1394 SUNWgss SUNWkrbr SUNWtsu SUNWmdbr SUNWpd SUNWldomu.v SUNWpcu SUNWzfskr SUNWarcr SUNWmdu FJSVmdb SUNWpamsc SUNWwbsup SUNWcar.v SUNWhea SUNWnfsckr SUNWdtrp SUNWspnego SUNWdcar SUNWcpc.us SUNWpl5u SUNWnfsskr SUNWtnetd SUNWcslr SUNWippcore SUNWcsu SUNWust1.v SUNWnxge.v SUNWnfscu SUNWesu SUNWnxge.u SUNWcsd SUNWfruip.u SUNWpsr SUNWssad SUNWpdu SUNWcpc.u SUNWipplr SUNWpsm-lpd SUNWluxl SUNWefc.us SUNWzoneu SUNWipplu SUNWust2.v SUNWnfscr SUNWwrsm.u SUNWftdur SUNWpiclr SUNWcstl\") < 0)\n{\n security_message(0);\n exit(0);\n}", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-25T10:55:40", "description": "Check for the Version of openssl", "cvss3": {}, "published": "2011-03-24T00:00:00", "type": "openvas", "title": "Fedora Update for openssl FEDORA-2011-1255", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-4180", "CVE-2010-0742", "CVE-2011-0014", "CVE-2010-1633", "CVE-2010-3864"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:862920", "href": "http://plugins.openvas.org/nasl.php?oid=862920", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for openssl FEDORA-2011-1255\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"openssl on Fedora 13\";\ntag_insight = \"The OpenSSL toolkit provides support for secure communications between\n machines. OpenSSL includes a certificate management tool and shared\n libraries which provide various cryptographic algorithms and\n protocols.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056102.html\");\n script_id(862920);\n script_version(\"$Revision: 6626 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:30:10 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-03-24 14:29:52 +0100 (Thu, 24 Mar 2011)\");\n script_tag(name:\"cvss_base\", value:\"7.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:H/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"FEDORA\", value: \"2011-1255\");\n script_cve_id(\"CVE-2011-0014\", \"CVE-2010-4180\", \"CVE-2010-3864\", \"CVE-2010-0742\", \"CVE-2010-1633\");\n script_name(\"Fedora Update for openssl FEDORA-2011-1255\");\n\n script_summary(\"Check for the Version of openssl\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC13\")\n{\n\n if ((res = isrpmvuln(pkg:\"openssl\", rpm:\"openssl~1.0.0d~1.fc13\", rls:\"FC13\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 7.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:40:03", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2011-03-24T00:00:00", "type": "openvas", "title": "Fedora Update for openssl FEDORA-2011-1255", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-4180", "CVE-2010-0742", "CVE-2011-0014", "CVE-2010-1633", "CVE-2010-3864"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310862920", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310862920", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for openssl FEDORA-2011-1255\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056102.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.862920\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-03-24 14:29:52 +0100 (Thu, 24 Mar 2011)\");\n script_tag(name:\"cvss_base\", value:\"7.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:H/Au:N/C:C/I:C/A:C\");\n script_xref(name:\"FEDORA\", value:\"2011-1255\");\n script_cve_id(\"CVE-2011-0014\", \"CVE-2010-4180\", \"CVE-2010-3864\", \"CVE-2010-0742\", \"CVE-2010-1633\");\n script_name(\"Fedora Update for openssl FEDORA-2011-1255\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'openssl'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC13\");\n script_tag(name:\"affected\", value:\"openssl on Fedora 13\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC13\")\n{\n\n if ((res = isrpmvuln(pkg:\"openssl\", rpm:\"openssl~1.0.0d~1.fc13\", rls:\"FC13\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2017-07-02T21:14:08", "description": "Check for the Version of wanboot", "cvss3": {}, "published": "2009-06-03T00:00:00", "type": "openvas", "title": "Solaris Update for wanboot 122715-02", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2006-3738", "CVE-2006-2940", "CVE-2006-2937", "CVE-2006-4343", "CVE-2006-4339"], "modified": "2017-02-20T00:00:00", "id": "OPENVAS:855170", "href": "http://plugins.openvas.org/nasl.php?oid=855170", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Solaris Update for wanboot 122715-02\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_affected = \"wanboot on solaris_5.9_x86\";\ntag_insight = \"The remote host is missing a patch containing a security fix,\n which affects the following component(s): \n wanboot\n For more information please visit the below reference link.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\nif(description)\n{\n script_id(855170);\n script_version(\"$Revision: 5359 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-02-20 12:20:19 +0100 (Mon, 20 Feb 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-06-03 12:31:50 +0200 (Wed, 03 Jun 2009)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"SUNSolve\", value: \"122715-02\");\n script_cve_id(\"CVE-2006-3738\", \"CVE-2006-4343\", \"CVE-2006-4339\", \"CVE-2006-2937\", \"CVE-2006-2940\");\n script_name( \"Solaris Update for wanboot 122715-02\");\n\n script_xref(name : \"URL\" , value : \"http://sunsolve.sun.com/search/document.do?assetkey=1-21-122715-02-1\");\n\n script_summary(\"Check for the Version of wanboot\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Solaris Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/solosversion\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"solaris.inc\");\n\nrelease = get_kb_item(\"ssh/login/solosversion\");\n\nif(release == NULL){\n exit(0);\n}\n\nif(solaris_check_patch(release:\"5.9\", arch:\"i386\", patch:\"122715-02\", package:\"SUNWwbsup\") < 0)\n{\n security_message(0);\n exit(0);\n}", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-02T21:14:08", "description": "Check for the Version of wanboot", "cvss3": {}, "published": "2009-06-03T00:00:00", "type": "openvas", "title": "Solaris Update for wanboot 117123-08", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2006-3738", "CVE-2006-2940", "CVE-2006-2937", "CVE-2006-4343", "CVE-2006-4339"], "modified": "2017-02-20T00:00:00", "id": "OPENVAS:855008", "href": "http://plugins.openvas.org/nasl.php?oid=855008", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Solaris Update for wanboot 117123-08\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_affected = \"wanboot on solaris_5.9_sparc\";\ntag_insight = \"The remote host is missing a patch containing a security fix,\n which affects the following component(s): \n wanboot\n For more information please visit the below reference link.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\nif(description)\n{\n script_id(855008);\n script_version(\"$Revision: 5359 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-02-20 12:20:19 +0100 (Mon, 20 Feb 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-06-03 12:28:12 +0200 (Wed, 03 Jun 2009)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"SUNSolve\", value: \"117123-08\");\n script_cve_id(\"CVE-2006-3738\", \"CVE-2006-4343\", \"CVE-2006-4339\", \"CVE-2006-2937\", \"CVE-2006-2940\");\n script_name( \"Solaris Update for wanboot 117123-08\");\n\n script_xref(name : \"URL\" , value : \"http://sunsolve.sun.com/search/document.do?assetkey=1-21-117123-08-1\");\n\n script_summary(\"Check for the Version of wanboot\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Solaris Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/solosversion\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"solaris.inc\");\n\nrelease = get_kb_item(\"ssh/login/solosversion\");\n\nif(release == NULL){\n exit(0);\n}\n\nif(solaris_check_patch(release:\"5.9\", arch:\"sparc\", patch:\"117123-08\", package:\"SUNWcar.us SUNWwbsup SUNWcar.u\") < 0)\n{\n security_message(0);\n exit(0);\n}", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-02T21:14:09", "description": "Check for the Version of pkg utilities", "cvss3": {}, "published": "2009-09-23T00:00:00", "type": "openvas", "title": "Solaris Update for pkg utilities 114568-27", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2006-3738", "CVE-2006-2940", "CVE-2006-2937", "CVE-2006-4343", "CVE-2006-4339"], "modified": "2017-02-20T00:00:00", "id": "OPENVAS:855640", "href": "http://plugins.openvas.org/nasl.php?oid=855640", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Solaris Update for pkg utilities 114568-27\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_affected = \"pkg utilities on solaris_5.9_x86\";\ntag_insight = \"The remote host is missing a patch containing a security fix,\n which affects the following component(s): \n pkg utilities\n For more information please visit the below reference link.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\nif(description)\n{\n script_id(855640);\n script_version(\"$Revision: 5359 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-02-20 12:20:19 +0100 (Mon, 20 Feb 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-09-23 10:48:35 +0200 (Wed, 23 Sep 2009)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"SUNSolve\", value: \"114568-27\");\n script_cve_id(\"CVE-2006-3738\", \"CVE-2006-4343\", \"CVE-2006-4339\", \"CVE-2006-2937\", \"CVE-2006-2940\");\n script_name(\"Solaris Update for pkg utilities 114568-27\");\n\n script_xref(name : \"URL\" , value : \"http://sunsolve.sun.com/search/document.do?assetkey=1-21-114568-27-1\");\n\n script_summary(\"Check for the Version of pkg utilities\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Solaris Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/solosversion\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"solaris.inc\");\n\nrelease = get_kb_item(\"ssh/login/solosversion\");\n\nif(release == NULL){\n exit(0);\n}\n\nif(solaris_check_patch(release:\"5.9\", arch:\"i386\", patch:\"114568-27\", package:\"SUNWarc SUNWcsu SUNWcsr SUNWhea\") < 0)\n{\n security_message(0);\n exit(0);\n}", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-02T21:13:51", "description": "Check for the Version of pkg utilities", "cvss3": {}, "published": "2009-06-03T00:00:00", "type": "openvas", "title": "Solaris Update for pkg utilities 114568-26", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2006-3738", "CVE-2006-2940", "CVE-2006-2937", "CVE-2006-4343", "CVE-2006-4339"], "modified": "2017-02-20T00:00:00", "id": "OPENVAS:855346", "href": "http://plugins.openvas.org/nasl.php?oid=855346", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Solaris Update for pkg utilities 114568-26\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_affected = \"pkg utilities on solaris_5.9_x86\";\ntag_insight = \"The remote host is missing a patch containing a security fix,\n which affects the following component(s): \n pkg utilities\n For more information please visit the below reference link.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\nif(description)\n{\n script_id(855346);\n script_version(\"$Revision: 5359 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-02-20 12:20:19 +0100 (Mon, 20 Feb 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-06-03 12:24:08 +0200 (Wed, 03 Jun 2009)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"SUNSolve\", value: \"114568-26\");\n script_cve_id(\"CVE-2006-3738\", \"CVE-2006-4343\", \"CVE-2006-4339\", \"CVE-2006-2937\", \"CVE-2006-2940\");\n script_name( \"Solaris Update for pkg utilities 114568-26\");\n\n script_xref(name : \"URL\" , value : \"http://sunsolve.sun.com/search/document.do?assetkey=1-21-114568-26-1\");\n\n script_summary(\"Check for the Version of pkg utilities\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Solaris Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/solosversion\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"solaris.inc\");\n\nrelease = get_kb_item(\"ssh/login/solosversion\");\n\nif(release == NULL){\n exit(0);\n}\n\nif(solaris_check_patch(release:\"5.9\", arch:\"i386\", patch:\"114568-26\", package:\"SUNWarc SUNWcsr SUNWhea SUNWcsu\") < 0)\n{\n security_message(0);\n exit(0);\n}", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-02T21:13:48", "description": "Check for the Version of bootconfchk", "cvss3": {}, "published": "2009-06-03T00:00:00", "type": "openvas", "title": "Solaris Update for bootconfchk 123376-01", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2006-3738", "CVE-2006-2940", "CVE-2006-2937", "CVE-2006-4343", "CVE-2006-4339"], "modified": "2017-02-20T00:00:00", "id": "OPENVAS:855376", "href": "http://plugins.openvas.org/nasl.php?oid=855376", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Solaris Update for bootconfchk 123376-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_affected = \"bootconfchk on solaris_5.9_sparc\";\ntag_insight = \"The remote host is missing a patch containing a security fix,\n which affects the following component(s): \n bootconfchk\n For more information please visit the below reference link.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\nif(description)\n{\n script_id(855376);\n script_version(\"$Revision: 5359 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-02-20 12:20:19 +0100 (Mon, 20 Feb 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-06-03 12:31:50 +0200 (Wed, 03 Jun 2009)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"SUNSolve\", value: \"123376-01\");\n script_cve_id(\"CVE-2006-3738\", \"CVE-2006-4343\", \"CVE-2006-4339\", \"CVE-2006-2937\", \"CVE-2006-2940\");\n script_name( \"Solaris Update for bootconfchk 123376-01\");\n\n script_xref(name : \"URL\" , value : \"http://sunsolve.sun.com/search/document.do?assetkey=1-21-123376-01-1\");\n\n script_summary(\"Check for the Version of bootconfchk\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Solaris Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/solosversion\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"solaris.inc\");\n\nrelease = get_kb_item(\"ssh/login/solosversion\");\n\nif(release == NULL){\n exit(0);\n}\n\nif(solaris_check_patch(release:\"5.9\", arch:\"sparc\", patch:\"123376-01\", package:\"SUNWwbsup\") < 0)\n{\n security_message(0);\n exit(0);\n}", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-02T21:13:55", "description": "Check for the Version of bootconfchk", "cvss3": {}, "published": "2009-06-03T00:00:00", "type": "openvas", "title": "Solaris Update for bootconfchk 123377-01", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2006-3738", "CVE-2006-2940", "CVE-2006-2937", "CVE-2006-4343", "CVE-2006-4339"], "modified": "2017-02-20T00:00:00", "id": "OPENVAS:855366", "href": "http://plugins.openvas.org/nasl.php?oid=855366", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Solaris Update for bootconfchk 123377-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_affected = \"bootconfchk on solaris_5.9_x86\";\ntag_insight = \"The remote host is missing a patch containing a security fix,\n which affects the following component(s): \n bootconfchk\n For more information please visit the below reference link.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\nif(description)\n{\n script_id(855366);\n script_version(\"$Revision: 5359 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-02-20 12:20:19 +0100 (Mon, 20 Feb 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-06-03 12:31:50 +0200 (Wed, 03 Jun 2009)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"SUNSolve\", value: \"123377-01\");\n script_cve_id(\"CVE-2006-3738\", \"CVE-2006-4343\", \"CVE-2006-4339\", \"CVE-2006-2937\", \"CVE-2006-2940\");\n script_name( \"Solaris Update for bootconfchk 123377-01\");\n\n script_xref(name : \"URL\" , value : \"http://sunsolve.sun.com/search/document.do?assetkey=1-21-123377-01-1\");\n\n script_summary(\"Check for the Version of bootconfchk\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Solaris Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/solosversion\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"solaris.inc\");\n\nrelease = get_kb_item(\"ssh/login/solosversion\");\n\nif(release == NULL){\n exit(0);\n}\n\nif(solaris_check_patch(release:\"5.9\", arch:\"i386\", patch:\"123377-01\", package:\"SUNWwbsup\") < 0)\n{\n security_message(0);\n exit(0);\n}", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-02T21:14:19", "description": "Check for the Version of pkg utilities", "cvss3": {}, "published": "2009-06-03T00:00:00", "type": "openvas", "title": "Solaris Update for pkg utilities 113713-27", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2006-3738", "CVE-2006-2940", "CVE-2006-2937", "CVE-2006-4343", "CVE-2006-4339"], "modified": "2017-02-20T00:00:00", "id": "OPENVAS:855369", "href": "http://plugins.openvas.org/nasl.php?oid=855369", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Solaris Update for pkg utilities 113713-27\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_affected = \"pkg utilities on solaris_5.9_sparc\";\ntag_insight = \"The remote host is missing a patch containing a security fix,\n which affects the following component(s): \n pkg utilities\n For more information please visit the below reference link.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\nif(description)\n{\n script_id(855369);\n script_version(\"$Revision: 5359 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-02-20 12:20:19 +0100 (Mon, 20 Feb 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-06-03 12:24:08 +0200 (Wed, 03 Jun 2009)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"SUNSolve\", value: \"113713-27\");\n script_cve_id(\"CVE-2006-3738\", \"CVE-2006-4343\", \"CVE-2006-4339\", \"CVE-2006-2937\", \"CVE-2006-2940\");\n script_name( \"Solaris Update for pkg utilities 113713-27\");\n\n script_xref(name : \"URL\" , value : \"http://sunsolve.sun.com/search/document.do?assetkey=1-21-113713-27-1\");\n\n script_summary(\"Check for the Version of pkg utilities\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Solaris Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/solosversion\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"solaris.inc\");\n\nrelease = get_kb_item(\"ssh/login/solosversion\");\n\nif(release == NULL){\n exit(0);\n}\n\nif(solaris_check_patch(release:\"5.9\", arch:\"sparc\", patch:\"113713-27\", package:\"SUNWarc SUNWcsr SUNWhea SUNWcsu\") < 0)\n{\n security_message(0);\n exit(0);\n}", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-02T21:14:05", "description": "Check for the Version of pkg utilities", "cvss3": {}, "published": "2009-10-13T00:00:00", "type": "openvas", "title": "Solaris Update for pkg utilities 113713-28", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2006-3738", "CVE-2006-2940", "CVE-2006-2937", "CVE-2006-4343", "CVE-2006-4339"], "modified": "2017-02-20T00:00:00", "id": "OPENVAS:855735", "href": "http://plugins.openvas.org/nasl.php?oid=855735", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Solaris Update for pkg utilities 113713-28\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_affected = \"pkg utilities on solaris_5.9_sparc\";\ntag_insight = \"The remote host is missing a patch containing a security fix,\n which affects the following component(s): \n pkg utilities\n For more information please visit the below reference link.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\nif(description)\n{\n script_id(855735);\n script_version(\"$Revision: 5359 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-02-20 12:20:19 +0100 (Mon, 20 Feb 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-13 15:16:45 +0200 (Tue, 13 Oct 2009)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"SUNSolve\", value: \"113713-28\");\n script_cve_id(\"CVE-2006-3738\", \"CVE-2006-4343\", \"CVE-2006-4339\", \"CVE-2006-2937\", \"CVE-2006-2940\");\n script_name(\"Solaris Update for pkg utilities 113713-28\");\n\n script_xref(name : \"URL\" , value : \"http://sunsolve.sun.com/search/document.do?assetkey=1-21-113713-28-1\");\n\n script_summary(\"Check for the Version of pkg utilities\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Solaris Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/solosversion\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"solaris.inc\");\n\nrelease = get_kb_item(\"ssh/login/solosversion\");\n\nif(release == NULL){\n exit(0);\n}\n\nif(solaris_check_patch(release:\"5.9\", arch:\"sparc\", patch:\"113713-28\", package:\"SUNWarc SUNWcsu SUNWcsr SUNWhea\") < 0)\n{\n security_message(0);\n exit(0);\n}", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-09T11:41:46", "description": "Check for the Version of pkg utilities", "cvss3": {}, "published": "2009-06-03T00:00:00", "type": "openvas", "title": "Solaris Update for pkg utilities 113713-27", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2006-3738", "CVE-2006-2940", "CVE-2006-2937", "CVE-2006-4343", "CVE-2006-4339"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:1361412562310855369", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310855369", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Solaris Update for pkg utilities 113713-27\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_affected = \"pkg utilities on solaris_5.9_sparc\";\ntag_insight = \"The remote host is missing a patch containing a security fix,\n which affects the following component(s): \n pkg utilities\n For more information please visit the below reference link.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.855369\");\n script_version(\"$Revision: 9370 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:53:14 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-06-03 12:24:08 +0200 (Wed, 03 Jun 2009)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"SUNSolve\", value: \"113713-27\");\n script_cve_id(\"CVE-2006-3738\", \"CVE-2006-4343\", \"CVE-2006-4339\", \"CVE-2006-2937\", \"CVE-2006-2940\");\n script_name( \"Solaris Update for pkg utilities 113713-27\");\n\n script_xref(name : \"URL\" , value : \"http://sunsolve.sun.com/search/document.do?assetkey=1-21-113713-27-1\");\n\n script_tag(name:\"summary\", value:\"Check for the Version of pkg utilities\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Solaris Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/solosversion\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"solaris.inc\");\n\nrelease = get_kb_item(\"ssh/login/solosversion\");\n\nif(release == NULL){\n exit(0);\n}\n\nif(solaris_check_patch(release:\"5.9\", arch:\"sparc\", patch:\"113713-27\", package:\"SUNWarc SUNWcsr SUNWhea SUNWcsu\") < 0)\n{\n security_message(0);\n exit(0);\n}", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-09T11:40:23", "description": "Check for the Version of pkg utilities", "cvss3": {}, "published": "2009-10-13T00:00:00", "type": "openvas", "title": "Solaris Update for pkg utilities 113713-28", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2006-3738", "CVE-2006-2940", "CVE-2006-2937", "CVE-2006-4343", "CVE-2006-4339"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:1361412562310855735", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310855735", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Solaris Update for pkg utilities 113713-28\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_affected = \"pkg utilities on solaris_5.9_sparc\";\ntag_insight = \"The remote host is missing a patch containing a security fix,\n which affects the following component(s): \n pkg utilities\n For more information please visit the below reference link.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.855735\");\n script_version(\"$Revision: 9370 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:53:14 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-13 15:16:45 +0200 (Tue, 13 Oct 2009)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"SUNSolve\", value: \"113713-28\");\n script_cve_id(\"CVE-2006-3738\", \"CVE-2006-4343\", \"CVE-2006-4339\", \"CVE-2006-2937\", \"CVE-2006-2940\");\n script_name(\"Solaris Update for pkg utilities 113713-28\");\n\n script_xref(name : \"URL\" , value : \"http://sunsolve.sun.com/search/document.do?assetkey=1-21-113713-28-1\");\n\n script_tag(name:\"summary\", value:\"Check for the Version of pkg utilities\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Solaris Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/solosversion\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"solaris.inc\");\n\nrelease = get_kb_item(\"ssh/login/solosversion\");\n\nif(release == NULL){\n exit(0);\n}\n\nif(solaris_check_patch(release:\"5.9\", arch:\"sparc\", patch:\"113713-28\", package:\"SUNWarc SUNWcsu SUNWcsr SUNWhea\") < 0)\n{\n security_message(0);\n exit(0);\n}", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-09T11:38:38", "description": "Check for the Version of bootconfchk", "cvss3": {}, "published": "2009-06-03T00:00:00", "type": "openvas", "title": "Solaris Update for bootconfchk 123376-01", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2006-3738", "CVE-2006-2940", "CVE-2006-2937", "CVE-2006-4343", "CVE-2006-4339"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:1361412562310855376", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310855376", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Solaris Update for bootconfchk 123376-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_affected = \"bootconfchk on solaris_5.9_sparc\";\ntag_insight = \"The remote host is missing a patch containing a security fix,\n which affects the following component(s): \n bootconfchk\n For more information please visit the below reference link.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.855376\");\n script_version(\"$Revision: 9370 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:53:14 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-06-03 12:31:50 +0200 (Wed, 03 Jun 2009)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"SUNSolve\", value: \"123376-01\");\n script_cve_id(\"CVE-2006-3738\", \"CVE-2006-4343\", \"CVE-2006-4339\", \"CVE-2006-2937\", \"CVE-2006-2940\");\n script_name( \"Solaris Update for bootconfchk 123376-01\");\n\n script_xref(name : \"URL\" , value : \"http://sunsolve.sun.com/search/document.do?assetkey=1-21-123376-01-1\");\n\n script_tag(name:\"summary\", value:\"Check for the Version of bootconfchk\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Solaris Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/solosversion\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"solaris.inc\");\n\nrelease = get_kb_item(\"ssh/login/solosversion\");\n\nif(release == NULL){\n exit(0);\n}\n\nif(solaris_check_patch(release:\"5.9\", arch:\"sparc\", patch:\"123376-01\", package:\"SUNWwbsup\") < 0)\n{\n security_message(0);\n exit(0);\n}", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-09T11:38:59", "description": "Check for the Version of pkg utilities", "cvss3": {}, "published": "2009-06-03T00:00:00", "type": "openvas", "title": "Solaris Update for pkg utilities 114568-26", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2006-3738", "CVE-2006-2940", "CVE-2006-2937", "CVE-2006-4343", "CVE-2006-4339"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:1361412562310855346", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310855346", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Solaris Update for pkg utilities 114568-26\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_affected = \"pkg utilities on solaris_5.9_x86\";\ntag_insight = \"The remote host is missing a patch containing a security fix,\n which affects the following component(s): \n pkg utilities\n For more information please visit the below reference link.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.855346\");\n script_version(\"$Revision: 9370 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:53:14 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-06-03 12:24:08 +0200 (Wed, 03 Jun 2009)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"SUNSolve\", value: \"114568-26\");\n script_cve_id(\"CVE-2006-3738\", \"CVE-2006-4343\", \"CVE-2006-4339\", \"CVE-2006-2937\", \"CVE-2006-2940\");\n script_name( \"Solaris Update for pkg utilities 114568-26\");\n\n script_xref(name : \"URL\" , value : \"http://sunsolve.sun.com/search/document.do?assetkey=1-21-114568-26-1\");\n\n script_tag(name:\"summary\", value:\"Check for the Version of pkg utilities\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Solaris Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/solosversion\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"solaris.inc\");\n\nrelease = get_kb_item(\"ssh/login/solosversion\");\n\nif(release == NULL){\n exit(0);\n}\n\nif(solaris_check_patch(release:\"5.9\", arch:\"i386\", patch:\"114568-26\", package:\"SUNWarc SUNWcsr SUNWhea SUNWcsu\") < 0)\n{\n security_message(0);\n exit(0);\n}", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-09T11:40:37", "description": "Check for the Version of wanboot", "cvss3": {}, "published": "2009-06-03T00:00:00", "type": "openvas", "title": "Solaris Update for wanboot 122715-02", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2006-3738", "CVE-2006-2940", "CVE-2006-2937", "CVE-2006-4343", "CVE-2006-4339"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:1361412562310855170", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310855170", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Solaris Update for wanboot 122715-02\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_affected = \"wanboot on solaris_5.9_x86\";\ntag_insight = \"The remote host is missing a patch containing a security fix,\n which affects the following component(s): \n wanboot\n For more information please visit the below reference link.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.855170\");\n script_version(\"$Revision: 9370 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:53:14 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-06-03 12:31:50 +0200 (Wed, 03 Jun 2009)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"SUNSolve\", value: \"122715-02\");\n script_cve_id(\"CVE-2006-3738\", \"CVE-2006-4343\", \"CVE-2006-4339\", \"CVE-2006-2937\", \"CVE-2006-2940\");\n script_name( \"Solaris Update for wanboot 122715-02\");\n\n script_xref(name : \"URL\" , value : \"http://sunsolve.sun.com/search/document.do?assetkey=1-21-122715-02-1\");\n\n script_tag(name:\"summary\", value:\"Check for the Version of wanboot\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Solaris Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/solosversion\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"solaris.inc\");\n\nrelease = get_kb_item(\"ssh/login/solosversion\");\n\nif(release == NULL){\n exit(0);\n}\n\nif(solaris_check_patch(release:\"5.9\", arch:\"i386\", patch:\"122715-02\", package:\"SUNWwbsup\") < 0)\n{\n security_message(0);\n exit(0);\n}", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-09T11:40:39", "description": "Check for the Version of wanboot", "cvss3": {}, "published": "2009-06-03T00:00:00", "type": "openvas", "title": "Solaris Update for wanboot 117123-08", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2006-3738", "CVE-2006-2940", "CVE-2006-2937", "CVE-2006-4343", "CVE-2006-4339"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:1361412562310855008", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310855008", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Solaris Update for wanboot 117123-08\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_affected = \"wanboot on solaris_5.9_sparc\";\ntag_insight = \"The remote host is missing a patch containing a security fix,\n which affects the following component(s): \n wanboot\n For more information please visit the below reference link.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.855008\");\n script_version(\"$Revision: 9370 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:53:14 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-06-03 12:28:12 +0200 (Wed, 03 Jun 2009)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"SUNSolve\", value: \"117123-08\");\n script_cve_id(\"CVE-2006-3738\", \"CVE-2006-4343\", \"CVE-2006-4339\", \"CVE-2006-2937\", \"CVE-2006-2940\");\n script_name( \"Solaris Update for wanboot 117123-08\");\n\n script_xref(name : \"URL\" , value : \"http://sunsolve.sun.com/search/document.do?assetkey=1-21-117123-08-1\");\n\n script_tag(name:\"summary\", value:\"Check for the Version of wanboot\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Solaris Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/solosversion\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"solaris.inc\");\n\nrelease = get_kb_item(\"ssh/login/solosversion\");\n\nif(release == NULL){\n exit(0);\n}\n\nif(solaris_check_patch(release:\"5.9\", arch:\"sparc\", patch:\"117123-08\", package:\"SUNWcar.us SUNWwbsup SUNWcar.u\") < 0)\n{\n security_message(0);\n exit(0);\n}", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-09T11:40:44", "description": "Check for the Version of pkg utilities", "cvss3": {}, "published": "2009-09-23T00:00:00", "type": "openvas", "title": "Solaris Update for pkg utilities 114568-27", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2006-3738", "CVE-2006-2940", "CVE-2006-2937", "CVE-2006-4343", "CVE-2006-4339"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:1361412562310855640", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310855640", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Solaris Update for pkg utilities 114568-27\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_affected = \"pkg utilities on solaris_5.9_x86\";\ntag_insight = \"The remote host is missing a patch containing a security fix,\n which affects the following component(s): \n pkg utilities\n For more information please visit the below reference link.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.855640\");\n script_version(\"$Revision: 9370 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:53:14 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-09-23 10:48:35 +0200 (Wed, 23 Sep 2009)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"SUNSolve\", value: \"114568-27\");\n script_cve_id(\"CVE-2006-3738\", \"CVE-2006-4343\", \"CVE-2006-4339\", \"CVE-2006-2937\", \"CVE-2006-2940\");\n script_name(\"Solaris Update for pkg utilities 114568-27\");\n\n script_xref(name : \"URL\" , value : \"http://sunsolve.sun.com/search/document.do?assetkey=1-21-114568-27-1\");\n\n script_tag(name:\"summary\", value:\"Check for the Version of pkg utilities\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Solaris Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/solosversion\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"solaris.inc\");\n\nrelease = get_kb_item(\"ssh/login/solosversion\");\n\nif(release == NULL){\n exit(0);\n}\n\nif(solaris_check_patch(release:\"5.9\", arch:\"i386\", patch:\"114568-27\", package:\"SUNWarc SUNWcsu SUNWcsr SUNWhea\") < 0)\n{\n security_message(0);\n exit(0);\n}", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-09T11:39:22", "description": "Check for the Version of bootconfchk", "cvss3": {}, "published": "2009-06-03T00:00:00", "type": "openvas", "title": "Solaris Update for bootconfchk 123377-01", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2006-3738", "CVE-2006-2940", "CVE-2006-2937", "CVE-2006-4343", "CVE-2006-4339"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:1361412562310855366", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310855366", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Solaris Update for bootconfchk 123377-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_affected = \"bootconfchk on solaris_5.9_x86\";\ntag_insight = \"The remote host is missing a patch containing a security fix,\n which affects the following component(s): \n bootconfchk\n For more information please visit the below reference link.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.855366\");\n script_version(\"$Revision: 9370 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:53:14 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-06-03 12:31:50 +0200 (Wed, 03 Jun 2009)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"SUNSolve\", value: \"123377-01\");\n script_cve_id(\"CVE-2006-3738\", \"CVE-2006-4343\", \"CVE-2006-4339\", \"CVE-2006-2937\", \"CVE-2006-2940\");\n script_name( \"Solaris Update for bootconfchk 123377-01\");\n\n script_xref(name : \"URL\" , value : \"http://sunsolve.sun.com/search/document.do?assetkey=1-21-123377-01-1\");\n\n script_tag(name:\"summary\", value:\"Check for the Version of bootconfchk\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Solaris Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/solosversion\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"solaris.inc\");\n\nrelease = get_kb_item(\"ssh/login/solosversion\");\n\nif(release == NULL){\n exit(0);\n}\n\nif(solaris_check_patch(release:\"5.9\", arch:\"i386\", patch:\"123377-01\", package:\"SUNWwbsup\") < 0)\n{\n security_message(0);\n exit(0);\n}", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-12-20T13:17:37", "description": "Check for the Version of openssl", "cvss3": {}, "published": "2010-11-23T00:00:00", "type": "openvas", "title": "Fedora Update for openssl FEDORA-2010-17826", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-4355", "CVE-2010-0742", "CVE-2009-3555", "CVE-2010-1633", "CVE-2010-3864"], "modified": "2017-12-19T00:00:00", "id": "OPENVAS:862568", "href": "http://plugins.openvas.org/nasl.php?oid=862568", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for openssl FEDORA-2010-17826\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"openssl on Fedora 12\";\ntag_insight = \"The OpenSSL toolkit provides support for secure communications between\n machines. OpenSSL includes a certificate management tool and shared\n libraries which provide various cryptographic algorithms and\n protocols.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051255.html\");\n script_id(862568);\n script_version(\"$Revision: 8164 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-19 07:30:41 +0100 (Tue, 19 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-11-23 15:30:07 +0100 (Tue, 23 Nov 2010)\");\n script_tag(name:\"cvss_base\", value:\"7.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:H/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"FEDORA\", value: \"2010-17826\");\n script_cve_id(\"CVE-2010-3864\", \"CVE-2010-0742\", \"CVE-2010-1633\", \"CVE-2009-4355\", \"CVE-2009-3555\");\n script_name(\"Fedora Update for openssl FEDORA-2010-17826\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of openssl\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC12\")\n{\n\n if ((res = isrpmvuln(pkg:\"openssl\", rpm:\"openssl~1.0.0b~1.fc12\", rls:\"FC12\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 7.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-01-17T11:05:10", "description": "Check for the Version of openssl", "cvss3": {}, "published": "2010-11-23T00:00:00", "type": "openvas", "title": "Fedora Update for openssl FEDORA-2010-17826", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-4355", "CVE-2010-0742", "CVE-2009-3555", "CVE-2010-1633", "CVE-2010-3864"], "modified": "2018-01-16T00:00:00", "id": "OPENVAS:1361412562310862568", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310862568", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for openssl FEDORA-2010-17826\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"openssl on Fedora 12\";\ntag_insight = \"The OpenSSL toolkit provides support for secure communications between\n machines. OpenSSL includes a certificate management tool and shared\n libraries which provide various cryptographic algorithms and\n protocols.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051255.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.862568\");\n script_version(\"$Revision: 8438 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-16 18:38:23 +0100 (Tue, 16 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2010-11-23 15:30:07 +0100 (Tue, 23 Nov 2010)\");\n script_tag(name:\"cvss_base\", value:\"7.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:H/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"FEDORA\", value: \"2010-17826\");\n script_cve_id(\"CVE-2010-3864\", \"CVE-2010-0742\", \"CVE-2010-1633\", \"CVE-2009-4355\", \"CVE-2009-3555\");\n script_name(\"Fedora Update for openssl FEDORA-2010-17826\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of openssl\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC12\")\n{\n\n if ((res = isrpmvuln(pkg:\"openssl\", rpm:\"openssl~1.0.0b~1.fc12\", rls:\"FC12\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 7.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2020-01-31T18:28:04", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2017-12-17T00:00:00", "type": "openvas", "title": "openSUSE: Security Advisory for openssl (openSUSE-SU-2017:3345-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-0701", "CVE-2017-3737", "CVE-2015-3193", "CVE-2017-3732", "CVE-2017-3738", "CVE-2017-3736"], "modified": "2020-01-31T00:00:00", "id": "OPENVAS:1361412562310851665", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310851665", "sourceData": "# Copyright (C) 2017 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.851665\");\n script_version(\"2020-01-31T08:23:39+0000\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:23:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2017-12-17 07:32:27 +0100 (Sun, 17 Dec 2017)\");\n script_cve_id(\"CVE-2017-3737\", \"CVE-2017-3738\", \"CVE-2016-0701\", \"CVE-2017-3736\",\n \"CVE-2017-3732\", \"CVE-2015-3193\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"openSUSE: Security Advisory for openssl (openSUSE-SU-2017:3345-1)\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'openssl'\n package(s) announced via the referenced advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This update for openssl fixes the following issues:\n\n - OpenSSL Security Advisory [07 Dec 2017]\n\n * CVE-2017-3737: OpenSSL 1.0.2 (starting from version 1.0.2b) introduced\n an \\'error state\\' mechanism. The intent was that if a fatal error\n occurred during a handshake then OpenSSL would move into the error\n state and would immediately fail if you attempted to continue the\n handshake. This works as designed for the explicit handshake functions\n (SSL_do_handshake(), SSL_accept() and SSL_connect()), however due to a\n bug it does not work correctly if SSL_read() or SSL_write() is called\n directly. In that scenario, if the handshake fails then a fatal error\n will be returned in the initial function call. If\n SSL_read()/SSL_write() is subsequently called by the application for\n the same SSL object then it will succeed and the data is passed\n without being decrypted/encrypted directly from the SSL/TLS record\n layer. In order to exploit this issue an application bug would have to\n be present that resulted in a call to SSL_read()/SSL_write() being\n issued after having already received a fatal error. OpenSSL version\n 1.0.2b-1.0.2m are affected. Fixed in OpenSSL 1.0.2n. OpenSSL 1.1.0 is\n not affected. (bsc#1071905)\n\n * CVE-2017-3738: There is an overflow bug in the AVX2 Montgomery\n multiplication procedure used in exponentiation with 1024-bit moduli.\n No EC algorithms are affected. Analysis suggests that attacks against\n RSA and DSA as a result of this defect would be very difficult to\n perform and are not believed likely. Attacks against DH1024 are\n considered just feasible, because most of the work necessary to deduce\n information about a private key may be performed offline. The amount\n of resources required for such an attack would be significant.\n However, for an attack on TLS to be meaningful, the server would have\n to share the DH1024 private key among multiple clients, which is no\n longer an option since CVE-2016-0701. This only affects processors\n that support the AVX2 but not ADX extensions like Intel Haswell (4th\n generation). Note: The impact from this issue is similar to\n CVE-2017-3736, CVE-2017-3732 and CVE-2015-3193. (bsc#1071906)\n\n This update was imported from the SUSE:SLE-12-SP2:Update update project.\");\n\n script_tag(name:\"affected\", value:\"openssl on openSUSE Leap 42.3, openSUSE Leap 42.2\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2017:3345-1\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=(openSUSELeap42\\.2|openSUSELeap42\\.3)\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSELeap42.2\") {\n if(!isnull(res = isrpmvuln(pkg:\"libopenssl-devel\", rpm:\"libopenssl-devel~1.0.2j~6.9.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libopenssl1_0_0\", rpm:\"libopenssl1_0_0~1.0.2j~6.9.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libopenssl1_0_0-debuginfo\", rpm:\"libopenssl1_0_0-debuginfo~1.0.2j~6.9.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libopenssl1_0_0-hmac\", rpm:\"libopenssl1_0_0-hmac~1.0.2j~6.9.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"openssl\", rpm:\"openssl~1.0.2j~6.9.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"openssl-cavs\", rpm:\"openssl-cavs~1.0.2j~6.9.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"openssl-cavs-debuginfo\", rpm:\"openssl-cavs-debuginfo~1.0.2j~6.9.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"openssl-debuginfo\", rpm:\"openssl-debuginfo~1.0.2j~6.9.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"openssl-debugsource\", rpm:\"openssl-debugsource~1.0.2j~6.9.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libopenssl-devel-32bit\", rpm:\"libopenssl-devel-32bit~1.0.2j~6.9.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libopenssl1_0_0-32bit\", rpm:\"libopenssl1_0_0-32bit~1.0.2j~6.9.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libopenssl1_0_0-debuginfo-32bit\", rpm:\"libopenssl1_0_0-debuginfo-32bit~1.0.2j~6.9.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libopenssl1_0_0-hmac-32bit\", rpm:\"libopenssl1_0_0-hmac-32bit~1.0.2j~6.9.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"openssl-doc\", rpm:\"openssl-doc~1.0.2j~6.9.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nif(release == \"openSUSELeap42.3\") {\n if(!isnull(res = isrpmvuln(pkg:\"libopenssl-devel\", rpm:\"libopenssl-devel~1.0.2j~16.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libopenssl1_0_0\", rpm:\"libopenssl1_0_0~1.0.2j~16.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libopenssl1_0_0-debuginfo\", rpm:\"libopenssl1_0_0-debuginfo~1.0.2j~16.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libopenssl1_0_0-hmac\", rpm:\"libopenssl1_0_0-hmac~1.0.2j~16.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"openssl\", rpm:\"openssl~1.0.2j~16.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"openssl-cavs\", rpm:\"openssl-cavs~1.0.2j~16.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"openssl-cavs-debuginfo\", rpm:\"openssl-cavs-debuginfo~1.0.2j~16.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"openssl-debuginfo\", rpm:\"openssl-debuginfo~1.0.2j~16.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"openssl-debugsource\", rpm:\"openssl-debugsource~1.0.2j~16.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"openssl-doc\", rpm:\"openssl-doc~1.0.2j~16.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libopenssl-devel-32bit\", rpm:\"libopenssl-devel-32bit~1.0.2j~16.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libopenssl1_0_0-32bit\", rpm:\"libopenssl1_0_0-32bit~1.0.2j~16.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libopenssl1_0_0-debuginfo-32bit\", rpm:\"libopenssl1_0_0-debuginfo-32bit~1.0.2j~16.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libopenssl1_0_0-hmac-32bit\", rpm:\"libopenssl1_0_0-hmac-32bit~1.0.2j~16.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2017-07-02T21:14:20", "description": "Check for the Version of kernel", "cvss3": {}, "published": "2009-06-03T00:00:00", "type": "openvas", "title": "Solaris Update for kernel 127128-11", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2006-3738", "CVE-2006-2940", "CVE-2006-2937", "CVE-2006-4343", "CVE-2005-2969", "CVE-2006-4339", "CVE-2007-5135"], "modified": "2017-02-20T00:00:00", "id": "OPENVAS:855192", "href": "http://plugins.openvas.org/nasl.php?oid=855192", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Solaris Update for kernel 127128-11\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_affected = \"kernel on solaris_5.10_x86\";\ntag_insight = \"The remote host is missing a patch containing a security fix,\n which affects the following component(s): \n kernel\n For more information please visit the below reference link.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\nif(description)\n{\n script_id(855192);\n script_version(\"$Revision: 5359 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-02-20 12:20:19 +0100 (Mon, 20 Feb 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-06-03 12:31:50 +0200 (Wed, 03 Jun 2009)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"SUNSolve\", value: \"127128-11\");\n script_cve_id(\"CVE-2007-5135\", \"CVE-2006-3738\", \"CVE-2006-4343\", \"CVE-2006-4339\", \"CVE-2006-2937\", \"CVE-2006-2940\", \"CVE-2005-2969\");\n script_name( \"Solaris Update for kernel 127128-11\");\n\n script_xref(name : \"URL\" , value : \"http://sunsolve.sun.com/search/document.do?assetkey=1-21-127128-11-1\");\n\n script_summary(\"Check for the Version of kernel\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Solaris Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/solosversion\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"solaris.inc\");\n\nrelease = get_kb_item(\"ssh/login/solosversion\");\n\nif(release == NULL){\n exit(0);\n}\n\nif(solaris_check_patch(release:\"5.10\", arch:\"i386\", patch:\"127128-11\", package:\"SUNWcpc.i SUNWrcmdc SUNWpsu SUNWfss SUNWatfsu SUNWscplp SUNWopenssl-include SUNWudapltu SUNWrds SUNWarc SUNWahci SUNWfmd SUNWintgige SUNWbtool SUNWperl584core SUNWypr SUNWcry SUNWkrbu SUNWsmapi SUNWtavor SUNWgssk SUNWpsdcr SUNWmdb SUNWzfsu SUNWaudit SUNWtsr SUNWpapi SUNWsndmu SUNWnfssu SUNWkdcu SUNWmdr SUNWpcr SUNWpsdir SUNWxcu4 SUNWudapltr SUNWdtrc SUNWopenssl-libraries SUNWcsl SUNWcpcu SUNWrcmds SUNWvolu SUNWib SUNWnisu SUNWos86r SUNWtoo SUNWcryr SUNWsi3124 SUNWtnetc SUNWtsg SUNWypu SUNWmv88sx SUNWftduu SUNWppm SUNWusb SUNWzfsr SUNWckr SUNWcsr SUNW1394 SUNWgss SUNWkrbr SUNWtsu SUNWmdbr SUNWlxr SUNWpcu SUNWzfskr SUNWarcr SUNWmdu SUNWpamsc SUNWnxge.i SUNWpsh SUNWhea SUNWcakr.i SUNWnfsckr SUNWdtrp SUNWspnego SUNWdcar SUNWpl5u SUNWnfsskr SUNWtnetd SUNWcslr SUNWippcore SUNWlxu SUNWcsu SUNWnfscu SUNWesu SUNWcsd SUNWpsr SUNWipplr SUNWpsm-lpd SUNWzoneu SUNWipplu SUNWnfscr SUNWftdur SUNWcstl\") < 0)\n{\n security_message(0);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-09T11:41:49", "description": "Check for the Version of kernel", "cvss3": {}, "published": "2009-06-03T00:00:00", "type": "openvas", "title": "Solaris Update for kernel 127128-11", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2006-3738", "CVE-2006-2940", "CVE-2006-2937", "CVE-2006-4343", "CVE-2005-2969", "CVE-2006-4339", "CVE-2007-5135"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:1361412562310855192", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310855192", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Solaris Update for kernel 127128-11\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_affected = \"kernel on solaris_5.10_x86\";\ntag_insight = \"The remote host is missing a patch containing a security fix,\n which affects the following component(s): \n kernel\n For more information please visit the below reference link.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.855192\");\n script_version(\"$Revision: 9370 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:53:14 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-06-03 12:31:50 +0200 (Wed, 03 Jun 2009)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"SUNSolve\", value: \"127128-11\");\n script_cve_id(\"CVE-2007-5135\", \"CVE-2006-3738\", \"CVE-2006-4343\", \"CVE-2006-4339\", \"CVE-2006-2937\", \"CVE-2006-2940\", \"CVE-2005-2969\");\n script_name( \"Solaris Update for kernel 127128-11\");\n\n script_xref(name : \"URL\" , value : \"http://sunsolve.sun.com/search/document.do?assetkey=1-21-127128-11-1\");\n\n script_tag(name:\"summary\", value:\"Check for the Version of kernel\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Solaris Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/solosversion\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"solaris.inc\");\n\nrelease = get_kb_item(\"ssh/login/solosversion\");\n\nif(release == NULL){\n exit(0);\n}\n\nif(solaris_check_patch(release:\"5.10\", arch:\"i386\", patch:\"127128-11\", package:\"SUNWcpc.i SUNWrcmdc SUNWpsu SUNWfss SUNWatfsu SUNWscplp SUNWopenssl-include SUNWudapltu SUNWrds SUNWarc SUNWahci SUNWfmd SUNWintgige SUNWbtool SUNWperl584core SUNWypr SUNWcry SUNWkrbu SUNWsmapi SUNWtavor SUNWgssk SUNWpsdcr SUNWmdb SUNWzfsu SUNWaudit SUNWtsr SUNWpapi SUNWsndmu SUNWnfssu SUNWkdcu SUNWmdr SUNWpcr SUNWpsdir SUNWxcu4 SUNWudapltr SUNWdtrc SUNWopenssl-libraries SUNWcsl SUNWcpcu SUNWrcmds SUNWvolu SUNWib SUNWnisu SUNWos86r SUNWtoo SUNWcryr SUNWsi3124 SUNWtnetc SUNWtsg SUNWypu SUNWmv88sx SUNWftduu SUNWppm SUNWusb SUNWzfsr SUNWckr SUNWcsr SUNW1394 SUNWgss SUNWkrbr SUNWtsu SUNWmdbr SUNWlxr SUNWpcu SUNWzfskr SUNWarcr SUNWmdu SUNWpamsc SUNWnxge.i SUNWpsh SUNWhea SUNWcakr.i SUNWnfsckr SUNWdtrp SUNWspnego SUNWdcar SUNWpl5u SUNWnfsskr SUNWtnetd SUNWcslr SUNWippcore SUNWlxu SUNWcsu SUNWnfscu SUNWesu SUNWcsd SUNWpsr SUNWipplr SUNWpsm-lpd SUNWzoneu SUNWipplu SUNWnfscr SUNWftdur SUNWcstl\") < 0)\n{\n security_message(0);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-25T10:55:45", "description": "Check for the Version of openssl", "cvss3": {}, "published": "2011-09-12T00:00:00", "type": "openvas", "title": "Fedora Update for openssl FEDORA-2011-12281", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-4180", "CVE-2011-0014", "CVE-2010-3864", "CVE-2011-3207"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:863499", "href": "http://plugins.openvas.org/nasl.php?oid=863499", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for openssl FEDORA-2011-12281\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"openssl on Fedora 14\";\ntag_insight = \"The OpenSSL toolkit provides support for secure communications between\n machines. OpenSSL includes a certificate management tool and shared\n libraries which provide various cryptographic algorithms and\n protocols.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065712.html\");\n script_id(863499);\n script_version(\"$Revision: 6626 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:30:10 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-09-12 16:29:49 +0200 (Mon, 12 Sep 2011)\");\n script_tag(name:\"cvss_base\", value:\"7.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:H/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"FEDORA\", value: \"2011-12281\");\n script_cve_id(\"CVE-2011-3207\", \"CVE-2011-0014\", \"CVE-2010-4180\", \"CVE-2010-3864\");\n script_name(\"Fedora Update for openssl FEDORA-2011-12281\");\n\n script_summary(\"Check for the Version of openssl\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC14\")\n{\n\n if ((res = isrpmvuln(pkg:\"openssl\", rpm:\"openssl~1.0.0e~1.fc14\", rls:\"FC14\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 7.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:39:56", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2011-09-12T00:00:00", "type": "openvas", "title": "Fedora Update for openssl FEDORA-2011-12281", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-4180", "CVE-2011-0014", "CVE-2010-3864", "CVE-2011-3207"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310863499", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310863499", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for openssl FEDORA-2011-12281\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065712.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.863499\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-09-12 16:29:49 +0200 (Mon, 12 Sep 2011)\");\n script_tag(name:\"cvss_base\", value:\"7.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:H/Au:N/C:C/I:C/A:C\");\n script_xref(name:\"FEDORA\", value:\"2011-12281\");\n script_cve_id(\"CVE-2011-3207\", \"CVE-2011-0014\", \"CVE-2010-4180\", \"CVE-2010-3864\");\n script_name(\"Fedora Update for openssl FEDORA-2011-12281\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'openssl'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC14\");\n script_tag(name:\"affected\", value:\"openssl on Fedora 14\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC14\")\n{\n\n if ((res = isrpmvuln(pkg:\"openssl\", rpm:\"openssl~1.0.0e~1.fc14\", rls:\"FC14\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2017-12-15T11:57:59", "description": "Check for the Version of openssl", "cvss3": {}, "published": "2010-12-28T00:00:00", "type": "openvas", "title": "Fedora Update for openssl FEDORA-2010-18736", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-4180", "CVE-2010-0742", "CVE-2010-1633", "CVE-2010-3864"], "modified": "2017-12-15T00:00:00", "id": "OPENVAS:862737", "href": "http://plugins.openvas.org/nasl.php?oid=862737", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for openssl FEDORA-2010-18736\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"openssl on Fedora 13\";\ntag_insight = \"The OpenSSL toolkit provides support for secure communications between\n machines. OpenSSL includes a certificate management tool and shared\n libraries which provide various cryptographic algorithms and\n protocols.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052315.html\");\n script_id(862737);\n script_version(\"$Revision: 8130 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-15 07:31:09 +0100 (Fri, 15 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-12-28 07:11:56 +0100 (Tue, 28 Dec 2010)\");\n script_tag(name:\"cvss_base\", value:\"7.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:H/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"FEDORA\", value: \"2010-18736\");\n script_cve_id(\"CVE-2010-4180\", \"CVE-2010-3864\", \"CVE-2010-0742\", \"CVE-2010-1633\");\n script_name(\"Fedora Update for openssl FEDORA-2010-18736\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of openssl\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC13\")\n{\n\n if ((res = isrpmvuln(pkg:\"openssl\", rpm:\"openssl~1.0.0c~1.fc13\", rls:\"FC13\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 7.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-01-03T10:54:37", "description": "Check for the Version of openssl", "cvss3": {}, "published": "2010-12-28T00:00:00", "type": "openvas", "title": "Fedora Update for openssl FEDORA-2010-18736", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-4180", "CVE-2010-0742", "CVE-2010-1633", "CVE-2010-3864"], "modified": "2018-01-02T00:00:00", "id": "OPENVAS:1361412562310862737", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310862737", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for openssl FEDORA-2010-18736\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"openssl on Fedora 13\";\ntag_insight = \"The OpenSSL toolkit provides support for secure communications between\n machines. OpenSSL includes a certificate management tool and shared\n libraries which provide various cryptographic algorithms and\n protocols.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052315.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.862737\");\n script_version(\"$Revision: 8269 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-02 08:28:22 +0100 (Tue, 02 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2010-12-28 07:11:56 +0100 (Tue, 28 Dec 2010)\");\n script_tag(name:\"cvss_base\", value:\"7.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:H/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"FEDORA\", value: \"2010-18736\");\n script_cve_id(\"CVE-2010-4180\", \"CVE-2010-3864\", \"CVE-2010-0742\", \"CVE-2010-1633\");\n script_name(\"Fedora Update for openssl FEDORA-2010-18736\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of openssl\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC13\")\n{\n\n if ((res = isrpmvuln(pkg:\"openssl\", rpm:\"openssl~1.0.0c~1.fc13\", rls:\"FC13\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 7.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-25T10:56:04", "description": "The remote host is missing an update to openssl\nannounced via advisory FEDORA-2009-5423.", "cvss3": {}, "published": "2009-06-23T00:00:00", "type": "openvas", "title": "Fedora Core 9 FEDORA-2009-5423 (openssl)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1379", "CVE-2009-1377", "CVE-2008-0891", "CVE-2008-5077", "CVE-2009-1378", "CVE-2008-1672"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:64247", "href": "http://plugins.openvas.org/nasl.php?oid=64247", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: fcore_2009_5423.nasl 6624 2017-07-10 06:11:55Z cfischer $\n# Description: Auto-generated from advisory FEDORA-2009-5423 (openssl)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The OpenSSL toolkit provides support for secure communications between\nmachines. OpenSSL includes a certificate management tool and shared\nlibraries which provide various cryptographic algorithms and\nprotocols.\n\nUpdate Information:\n\nSecurity update fixing DoS bugs in DTLS code. CVE-2009-1377 CVE-2009-1378\nCVE-2009-1379\n\nChangeLog:\n\n* Thu May 21 2009 Tomas Mraz 0.9.8g-9.14\n- fix CVE-2009-1377 CVE-2009-1378 CVE-2009-1379\n(DTLS DoS problems) (#501253, #501254, #501572)\n- support compatibility DTLS mode for CISCO AnyConnect (#464629)\n- fix crash when parsing malformed mime headers in the smime app\";\ntag_solution = \"Apply the appropriate updates.\n\nThis update can be installed with the yum update program. Use \nsu -c 'yum update openssl' at the command line.\nFor more information, refer to Managing Software with yum,\navailable at http://docs.fedoraproject.org/yum/.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2009-5423\";\ntag_summary = \"The remote host is missing an update to openssl\nannounced via advisory FEDORA-2009-5423.\";\n\n\n\nif(description)\n{\n script_id(64247);\n script_version(\"$Revision: 6624 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:11:55 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-06-23 15:49:15 +0200 (Tue, 23 Jun 2009)\");\n script_cve_id(\"CVE-2009-1377\", \"CVE-2009-1378\", \"CVE-2009-1379\", \"CVE-2008-5077\", \"CVE-2008-0891\", \"CVE-2008-1672\");\n script_tag(name:\"cvss_base\", value:\"5.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:P\");\n script_name(\"Fedora Core 9 FEDORA-2009-5423 (openssl)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=501253\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=501254\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=501572\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"openssl\", rpm:\"openssl~0.9.8g~9.14.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"openssl-devel\", rpm:\"openssl-devel~0.9.8g~9.14.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"openssl-perl\", rpm:\"openssl-perl~0.9.8g~9.14.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"openssl-debuginfo\", rpm:\"openssl-debuginfo~0.9.8g~9.14.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 5.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-04-06T11:37:21", "description": "The remote host is missing an update to openssl\nannounced via advisory FEDORA-2009-5423.", "cvss3": {}, "published": "2009-06-23T00:00:00", "type": "openvas", "title": "Fedora Core 9 FEDORA-2009-5423 (openssl)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1379", "CVE-2009-1377", "CVE-2008-0891", "CVE-2008-5077", "CVE-2009-1378", "CVE-2008-1672"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:136141256231064247", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231064247", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: fcore_2009_5423.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory FEDORA-2009-5423 (openssl)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The OpenSSL toolkit provides support for secure communications between\nmachines. OpenSSL includes a certificate management tool and shared\nlibraries which provide various cryptographic algorithms and\nprotocols.\n\nUpdate Information:\n\nSecurity update fixing DoS bugs in DTLS code. CVE-2009-1377 CVE-2009-1378\nCVE-2009-1379\n\nChangeLog:\n\n* Thu May 21 2009 Tomas Mraz 0.9.8g-9.14\n- fix CVE-2009-1377 CVE-2009-1378 CVE-2009-1379\n(DTLS DoS problems) (#501253, #501254, #501572)\n- support compatibility DTLS mode for CISCO AnyConnect (#464629)\n- fix crash when parsing malformed mime headers in the smime app\";\ntag_solution = \"Apply the appropriate updates.\n\nThis update can be installed with the yum update program. Use \nsu -c 'yum update openssl' at the command line.\nFor more information, refer to Managing Software with yum,\navailable at http://docs.fedoraproject.org/yum/.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2009-5423\";\ntag_summary = \"The remote host is missing an update to openssl\nannounced via advisory FEDORA-2009-5423.\";\n\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.64247\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-06-23 15:49:15 +0200 (Tue, 23 Jun 2009)\");\n script_cve_id(\"CVE-2009-1377\", \"CVE-2009-1378\", \"CVE-2009-1379\", \"CVE-2008-5077\", \"CVE-2008-0891\", \"CVE-2008-1672\");\n script_tag(name:\"cvss_base\", value:\"5.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:P\");\n script_name(\"Fedora Core 9 FEDORA-2009-5423 (openssl)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=501253\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=501254\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=501572\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"openssl\", rpm:\"openssl~0.9.8g~9.14.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"openssl-devel\", rpm:\"openssl-devel~0.9.8g~9.14.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"openssl-perl\", rpm:\"openssl-perl~0.9.8g~9.14.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"openssl-debuginfo\", rpm:\"openssl-debuginfo~0.9.8g~9.14.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 5.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-24T12:50:00", "description": "The remote host is missing updates announced in\nadvisory GLSA 200610-11.", "cvss3": {}, "published": "2008-09-24T00:00:00", "type": "openvas", "title": "Gentoo Security Advisory GLSA 200610-11 (openssl)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2006-3738", "CVE-2006-2940", "CVE-2006-2937", "CVE-2006-4343"], "modified": "2017-07-07T00:00:00", "id": "OPENVAS:57909", "href": "http://plugins.openvas.org/nasl.php?oid=57909", "sourceData": "# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from Gentoo's XML based advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"OpenSSL contains multiple vulnerabilities including the possible remote\nexecution of arbitrary code.\";\ntag_solution = \"All OpenSSL 0.9.8 users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=dev-libs/openssl-0.9.8d'\n\nAll OpenSSL 0.9.7 users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=dev-libs/openssl-0.9.7l'\n\nhttp://www.securityspace.com/smysecure/catid.html?in=GLSA%20200610-11\nhttp://bugs.gentoo.org/show_bug.cgi?id=145510\";\ntag_summary = \"The remote host is missing updates announced in\nadvisory GLSA 200610-11.\";\n\n \n\nif(description)\n{\n script_id(57909);\n script_version(\"$Revision: 6596 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 11:21:37 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-09-24 21:14:03 +0200 (Wed, 24 Sep 2008)\");\n script_cve_id(\"CVE-2006-2937\", \"CVE-2006-2940\", \"CVE-2006-3738\", \"CVE-2006-4343\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Gentoo Security Advisory GLSA 200610-11 (openssl)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Gentoo Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-gentoo.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = ispkgvuln(pkg:\"dev-libs/openssl\", unaffected: make_list(\"ge 0.9.8d\", \"rge 0.9.7l\"), vulnerable: make_list(\"lt 0.9.8d\"))) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-24T12:49:53", "description": "The remote host is missing an update to openssl\nannounced via advisory DSA 1185-1.\n\nMultiple vulnerabilities have been discovered in the OpenSSL\ncryptographic software package that could allow an attacker to launch\na denial of service attack by exhausting system resources or crashing\nprocesses on a victim's computer.\n\nCVE-2006-2937\nDr S N Henson of the OpenSSL core team and Open Network\nSecurity recently developed an ASN1 test suite for NISCC\n(www.niscc.gov.uk). When the test suite was run against\nOpenSSL two denial of service vulnerabilities were discovered.\n\nDuring the parsing of certain invalid ASN1 structures an error\ncondition is mishandled. This can result in an infinite loop\nwhich consumes system memory.\n\nAny code which uses OpenSSL to parse ASN1 data from untrusted\nsources is affected. This includes SSL servers which enable\nclient authentication and S/MIME applications.\n\nCVE-2006-3738\nTavis Ormandy and Will Drewry of the Google Security Team\ndiscovered a buffer overflow in SSL_get_shared_ciphers utility\nfunction, used by some applications such as exim and mysql. An\nattacker could send a list of ciphers that would overrun a\nbuffer.\n\nCVE-2006-4343\nTavis Ormandy and Will Drewry of the Google Security Team\ndiscovered a possible DoS in the sslv2 client code. Where a\nclient application uses OpenSSL to make a SSLv2 connection to\na malicious server that server could cause the client to\ncrash.\n\nCVE-2006-2940\nDr S N Henson of the OpenSSL core team and Open Network\nSecurity recently developed an ASN1 test suite for NISCC\n(www.niscc.gov.uk). When the test suite was run against\nOpenSSL a DoS was discovered.\n\nCertain types of public key can take disproportionate amounts\nof time to process. This could be used by an attacker in a\ndenial of service attack.", "cvss3": {}, "published": "2008-01-17T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 1185-1 (openssl)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2006-3738", "CVE-2006-2940", "CVE-2006-2937", "CVE-2006-4343"], "modified": "2017-07-07T00:00:00", "id": "OPENVAS:57478", "href": "http://plugins.openvas.org/nasl.php?oid=57478", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_1185_1.nasl 6616 2017-07-07 12:10:49Z cfischer $\n# Description: Auto-generated from advisory DSA 1185-1\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largerly excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_solution = \"For the stable distribution (sarge) these problems have been fixed in\nversion 0.9.7e-3sarge3.\n\nFor the unstable and testing distributions (sid and etch,\nrespectively), these problems will be fixed in version 0.9.7k-2 of the\nopenssl097 compatibility libraries, and version 0.9.8c-2 of the\nopenssl package.\n\nWe recommend that you upgrade your openssl package. Note that\n\n https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201185-1\";\ntag_summary = \"The remote host is missing an update to openssl\nannounced via advisory DSA 1185-1.\n\nMultiple vulnerabilities have been discovered in the OpenSSL\ncryptographic software package that could allow an attacker to launch\na denial of service attack by exhausting system resources or crashing\nprocesses on a victim's computer.\n\nCVE-2006-2937\nDr S N Henson of the OpenSSL core team and Open Network\nSecurity recently developed an ASN1 test suite for NISCC\n(www.niscc.gov.uk). When the test suite was run against\nOpenSSL two denial of service vulnerabilities were discovered.\n\nDuring the parsing of certain invalid ASN1 structures an error\ncondition is mishandled. This can result in an infinite loop\nwhich consumes system memory.\n\nAny code which uses OpenSSL to parse ASN1 data from untrusted\nsources is affected. This includes SSL servers which enable\nclient authentication and S/MIME applications.\n\nCVE-2006-3738\nTavis Ormandy and Will Drewry of the Google Security Team\ndiscovered a buffer overflow in SSL_get_shared_ciphers utility\nfunction, used by some applications such as exim and mysql. An\nattacker could send a list of ciphers that would overrun a\nbuffer.\n\nCVE-2006-4343\nTavis Ormandy and Will Drewry of the Google Security Team\ndiscovered a possible DoS in the sslv2 client code. Where a\nclient application uses OpenSSL to make a SSLv2 connection to\na malicious server that server could cause the client to\ncrash.\n\nCVE-2006-2940\nDr S N Henson of the OpenSSL core team and Open Network\nSecurity recently developed an ASN1 test suite for NISCC\n(www.niscc.gov.uk). When the test suite was run against\nOpenSSL a DoS was discovered.\n\nCertain types of public key can take disproportionate amounts\nof time to process. This could be used by an attacker in a\ndenial of service attack.\";\n\n\nif(description)\n{\n script_id(57478);\n script_version(\"$Revision: 6616 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:10:49 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-01-17 23:13:11 +0100 (Thu, 17 Jan 2008)\");\n script_cve_id(\"CVE-2006-2940\", \"CVE-2006-3738\", \"CVE-2006-4343\", \"CVE-2006-2937\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Debian Security Advisory DSA 1185-1 (openssl)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2006 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"libssl-dev\", ver:\"0.9.7e-3sarge3\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libssl0.9.7\", ver:\"0.9.7e-3sarge3\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"openssl\", ver:\"0.9.7e-3sarge3\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-24T12:50:22", "description": "The remote host is missing updates announced in\nadvisory GLSA 200612-11.", "cvss3": {}, "published": "2008-09-24T00:00:00", "type": "openvas", "title": "Gentoo Security Advisory GLSA 200612-11 (emul-linux-x86-baselibs)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2006-3738", "CVE-2006-2940", "CVE-2006-2937", "CVE-2006-4343"], "modified": "2017-07-07T00:00:00", "id": "OPENVAS:57950", "href": "http://plugins.openvas.org/nasl.php?oid=57950", "sourceData": "# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from Gentoo's XML based advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"OpenSSL contains multiple vulnerabilities including the possible execution\nof remote arbitrary code.\";\ntag_solution = \"All AMD64 x86 emulation base libraries users should upgrade to the latest\nversion:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose\n'>=app-emulation/emul-linux-x86-baselibs-2.5.5'\n\nhttp://www.securityspace.com/smysecure/catid.html?in=GLSA%20200612-11\nhttp://bugs.gentoo.org/show_bug.cgi?id=152640\";\ntag_summary = \"The remote host is missing updates announced in\nadvisory GLSA 200612-11.\";\n\n \n\nif(description)\n{\n script_id(57950);\n script_version(\"$Revision: 6596 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 11:21:37 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-09-24 21:14:03 +0200 (Wed, 24 Sep 2008)\");\n script_cve_id(\"CVE-2006-2937\", \"CVE-2006-2940\", \"CVE-2006-3738\", \"CVE-2006-4343\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Gentoo Security Advisory GLSA 200612-11 (emul-linux-x86-baselibs)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Gentoo Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-gentoo.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = ispkgvuln(pkg:\"app-emulation/emul-linux-x86-baselibs\", unaffected: make_list(\"ge 2.5.5\"), vulnerable: make_list(\"lt 2.5.5\"))) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-12-08T11:44:22", "description": "The remote host is missing an update to the system\nas announced in the referenced advisory FreeBSD-SA-06:23.openssl.asc", "cvss3": {}, "published": "2008-09-04T00:00:00", "type": "openvas", "title": "FreeBSD Security Advisory (FreeBSD-SA-06:23.openssl.asc)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2006-3738", "CVE-2006-2940", "CVE-2006-2937", "CVE-2006-4343"], "modified": "2017-12-07T00:00:00", "id": "OPENVAS:57475", "href": "http://plugins.openvas.org/nasl.php?oid=57475", "sourceData": "#\n#ADV FreeBSD-SA-06:23.openssl.asc\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from vuxml or freebsd advisories\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n#\n\ntag_insight = \"FreeBSD includes software from the OpenSSL Project. The OpenSSL Project is\na collaborative effort to develop a robust, commercial-grade, full-featured,\nand Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3)\nand Transport Layer Security (TLS v1) protocols as well as a full-strength\ngeneral purpose cryptography library.\n\nSeveral problems have been found in OpenSSL:\n\n1. During the parsing of certain invalid ASN1 structures an error condition\nis mishandled, possibly resulting in an infinite loop. [CVE-2006-2937]\n\n2. A buffer overflow exists in the SSL_get_shared_ciphers function.\n[CVE-2006-3738]\n\n3. A NULL pointer may be dereferenced in the SSL version 2 client code.\n[CVE-2006-4343]\n\nIn addition, many applications using OpenSSL do not perform any validation\nof the lengths of public keys being used. [CVE-2006-2940]\";\ntag_solution = \"Upgrade your system to the appropriate stable release\nor security branch dated after the correction date\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=FreeBSD-SA-06:23.openssl.asc\";\ntag_summary = \"The remote host is missing an update to the system\nas announced in the referenced advisory FreeBSD-SA-06:23.openssl.asc\";\n\n \nif(description)\n{\n script_id(57475);\n script_version(\"$Revision: 8023 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-07 09:36:26 +0100 (Thu, 07 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-09-04 20:41:11 +0200 (Thu, 04 Sep 2008)\");\n script_cve_id(\"CVE-2006-2937\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n name = \"FreeBSD Security Advisory (FreeBSD-SA-06:23.openssl.asc)\";\n script_name(name);\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2006 E-Soft Inc. http://www.securityspace.com\");\n family = \"FreeBSD Local Security Checks\";\n script_family(family);\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/freebsdpatchlevel\", \"login/SSH/success\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-bsd.inc\");\nvuln = 0;\nif(patchlevelcmp(rel:\"6.1\", patchlevel:\"8\")<0) {\n vuln = 1;\n}\nif(patchlevelcmp(rel:\"6.0\", patchlevel:\"13\")<0) {\n vuln = 1;\n}\nif(patchlevelcmp(rel:\"5.5\", patchlevel:\"6\")<0) {\n vuln = 1;\n}\nif(patchlevelcmp(rel:\"5.4\", patchlevel:\"20\")<0) {\n vuln = 1;\n}\nif(patchlevelcmp(rel:\"5.3\", patchlevel:\"35\")<0) {\n vuln = 1;\n}\nif(patchlevelcmp(rel:\"4.11\", patchlevel:\"23\")<0) {\n vuln = 1;\n}\n\nif(vuln) {\n security_message(0);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-26T08:55:11", "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n openssl-devel\n openssl\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5018586 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/", "cvss3": {}, "published": "2009-10-10T00:00:00", "type": "openvas", "title": "SLES9: Security update for OpenSSL", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2006-3738", "CVE-2006-2940", "CVE-2006-2937", "CVE-2006-4343"], "modified": "2017-07-11T00:00:00", "id": "OPENVAS:65603", "href": "http://plugins.openvas.org/nasl.php?oid=65603", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: sles9p5018586.nasl 6666 2017-07-11 13:13:36Z cfischer $\n# Description: Security update for OpenSSL\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n openssl-devel\n openssl\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5018586 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/\";\n\ntag_solution = \"Please install the updates provided by SuSE.\";\n \nif(description)\n{\n script_id(65603);\n script_version(\"$Revision: 6666 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-11 15:13:36 +0200 (Tue, 11 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-10 16:11:46 +0200 (Sat, 10 Oct 2009)\");\n script_cve_id(\"CVE-2006-2937\", \"CVE-2006-2940\", \"CVE-2006-3738\", \"CVE-2006-4343\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"SLES9: Security update for OpenSSL\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse_sles\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"openssl-devel\", rpm:\"openssl-devel~0.9.7d~15.29\", rls:\"SLES9.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-24T12:50:56", "description": "The remote host is missing an update as announced\nvia advisory SSA:2006-272-01.", "cvss3": {}, "published": "2012-09-11T00:00:00", "type": "openvas", "title": "Slackware Advisory SSA:2006-272-01 openssl", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2006-3738", "CVE-2006-2940", "CVE-2006-2937", "CVE-2006-4343"], "modified": "2017-07-07T00:00:00", "id": "OPENVAS:57491", "href": "http://plugins.openvas.org/nasl.php?oid=57491", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: esoft_slk_ssa_2006_272_01.nasl 6598 2017-07-07 09:36:44Z cfischer $\n# Description: Auto-generated from the corresponding slackware advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"New openssl packages are available for Slackware 9.0, 9.1, 10.0, 10.1,\n10.2, and -current to fix security issues.\";\ntag_summary = \"The remote host is missing an update as announced\nvia advisory SSA:2006-272-01.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=SSA:2006-272-01\";\n \nif(description)\n{\n script_id(57491);\n script_tag(name:\"creation_date\", value:\"2012-09-11 01:34:21 +0200 (Tue, 11 Sep 2012)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 11:36:44 +0200 (Fri, 07 Jul 2017) $\");\n script_cve_id(\"CVE-2006-2937\", \"CVE-2006-3738\", \"CVE-2006-2940\", \"CVE-2006-4343\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_version(\"$Revision: 6598 $\");\n name = \"Slackware Advisory SSA:2006-272-01 openssl \";\n script_name(name);\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Slackware Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/slackware_linux\", \"ssh/login/slackpack\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-slack.inc\");\nvuln = 0;\nif(isslkpkgvuln(pkg:\"openssl-solibs\", ver:\"0.9.7l-i386-1_slack9.0\", rls:\"SLK9.0\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"openssl\", ver:\"0.9.7l-i386-1_slack9.0\", rls:\"SLK9.0\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"openssl-solibs\", ver:\"0.9.7l-i486-1_slack9.1\", rls:\"SLK9.1\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"openssl\", ver:\"0.9.7l-i486-1_slack9.1\", rls:\"SLK9.1\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"openssl-solibs\", ver:\"0.9.7l-i486-1_slack10.0\", rls:\"SLK10.0\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"openssl\", ver:\"0.9.7l-i486-1_slack10.0\", rls:\"SLK10.0\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"openssl-solibs\", ver:\"0.9.7l-i486-1_slack10.1\", rls:\"SLK10.1\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"openssl\", ver:\"0.9.7l-i486-1_slack10.1\", rls:\"SLK10.1\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"openssl-solibs\", ver:\"0.9.7l-i486-1_slack10.2\", rls:\"SLK10.2\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"openssl\", ver:\"0.9.7l-i486-1_slack10.2\", rls:\"SLK10.2\")) {\n vuln = 1;\n}\n\nif(vuln) {\n security_message(0);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:38:56", "description": "The remote host is missing an update as announced\nvia advisory SSA:2006-272-01.", "cvss3": {}, "published": "2012-09-11T00:00:00", "type": "openvas", "title": "Slackware Advisory SSA:2006-272-01 openssl", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2006-3738", "CVE-2006-2940", "CVE-2006-2937", "CVE-2006-4343"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:136141256231057491", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231057491", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: esoft_slk_ssa_2006_272_01.nasl 14202 2019-03-15 09:16:15Z cfischer $\n# Description: Auto-generated from the corresponding slackware advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.57491\");\n script_tag(name:\"creation_date\", value:\"2012-09-11 01:34:21 +0200 (Tue, 11 Sep 2012)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 10:16:15 +0100 (Fri, 15 Mar 2019) $\");\n script_cve_id(\"CVE-2006-2937\", \"CVE-2006-3738\", \"CVE-2006-2940\", \"CVE-2006-4343\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_version(\"$Revision: 14202 $\");\n script_name(\"Slackware Advisory SSA:2006-272-01 openssl\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Slackware Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/slackware_linux\", \"ssh/login/slackpack\", re:\"ssh/login/release=SLK(9\\.0|9\\.1|10\\.0|10\\.1|10\\.2)\");\n\n script_xref(name:\"URL\", value:\"https://secure1.securityspace.com/smysecure/catid.html?in=SSA:2006-272-01\");\n\n script_tag(name:\"insight\", value:\"New openssl packages are available for Slackware 9.0, 9.1, 10.0, 10.1,\n10.2, and -current to fix security issues.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to the new package(s).\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update as announced\nvia advisory SSA:2006-272-01.\");\n\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-slack.inc\");\n\nreport = \"\";\nres = \"\";\n\nif((res = isslkpkgvuln(pkg:\"openssl-solibs\", ver:\"0.9.7l-i386-1_slack9.0\", rls:\"SLK9.0\")) != NULL) {\n report += res;\n}\nif((res = isslkpkgvuln(pkg:\"openssl\", ver:\"0.9.7l-i386-1_slack9.0\", rls:\"SLK9.0\")) != NULL) {\n report += res;\n}\nif((res = isslkpkgvuln(pkg:\"openssl-solibs\", ver:\"0.9.7l-i486-1_slack9.1\", rls:\"SLK9.1\")) != NULL) {\n report += res;\n}\nif((res = isslkpkgvuln(pkg:\"openssl\", ver:\"0.9.7l-i486-1_slack9.1\", rls:\"SLK9.1\")) != NULL) {\n report += res;\n}\nif((res = isslkpkgvuln(pkg:\"openssl-solibs\", ver:\"0.9.7l-i486-1_slack10.0\", rls:\"SLK10.0\")) != NULL) {\n report += res;\n}\nif((res = isslkpkgvuln(pkg:\"openssl\", ver:\"0.9.7l-i486-1_slack10.0\", rls:\"SLK10.0\")) != NULL) {\n report += res;\n}\nif((res = isslkpkgvuln(pkg:\"openssl-solibs\", ver:\"0.9.7l-i486-1_slack10.1\", rls:\"SLK10.1\")) != NULL) {\n report += res;\n}\nif((res = isslkpkgvuln(pkg:\"openssl\", ver:\"0.9.7l-i486-1_slack10.1\", rls:\"SLK10.1\")) != NULL) {\n report += res;\n}\nif((res = isslkpkgvuln(pkg:\"openssl-solibs\", ver:\"0.9.7l-i486-1_slack10.2\", rls:\"SLK10.2\")) != NULL) {\n report += res;\n}\nif((res = isslkpkgvuln(pkg:\"openssl\", ver:\"0.9.7l-i486-1_slack10.2\", rls:\"SLK10.2\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2018-04-06T11:37:14", "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n openssl-devel\n openssl\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5018586 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/", "cvss3": {}, "published": "2009-10-10T00:00:00", "type": "openvas", "title": "SLES9: Security update for OpenSSL", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2006-3738", "CVE-2006-2940", "CVE-2006-2937", "CVE-2006-4343"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:136141256231065603", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231065603", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: sles9p5018586.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Security update for OpenSSL\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n openssl-devel\n openssl\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5018586 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/\";\n\ntag_solution = \"Please install the updates provided by SuSE.\";\n \nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.65603\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-10 16:11:46 +0200 (Sat, 10 Oct 2009)\");\n script_cve_id(\"CVE-2006-2937\", \"CVE-2006-2940\", \"CVE-2006-3738\", \"CVE-2006-4343\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"SLES9: Security update for OpenSSL\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse_sles\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"openssl-devel\", rpm:\"openssl-devel~0.9.7d~15.29\", rls:\"SLES9.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-01-02T10:54:30", "description": "Check for the Version of openssl", "cvss3": {}, "published": "2010-06-18T00:00:00", "type": "openvas", "title": "Fedora Update for openssl FEDORA-2010-9639", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-4355", "CVE-2010-0742", "CVE-2009-3555", "CVE-2010-1633"], "modified": "2017-12-22T00:00:00", "id": "OPENVAS:862152", "href": "http://plugins.openvas.org/nasl.php?oid=862152", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for openssl FEDORA-2010-9639\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"openssl on Fedora 12\";\ntag_insight = \"The OpenSSL toolkit provides support for secure communications between\n machines. OpenSSL includes a certificate management tool and shared\n libraries which provide various cryptographic algorithms and\n protocols.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2010-June/042919.html\");\n script_id(862152);\n script_version(\"$Revision: 8226 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-22 07:30:26 +0100 (Fri, 22 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-06-18 17:26:33 +0200 (Fri, 18 Jun 2010)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"FEDORA\", value: \"2010-9639\");\n script_cve_id(\"CVE-2010-0742\", \"CVE-2010-1633\", \"CVE-2009-4355\", \"CVE-2009-3555\");\n script_name(\"Fedora Update for openssl FEDORA-2010-9639\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of openssl\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC12\")\n{\n\n if ((res = isrpmvuln(pkg:\"openssl\", rpm:\"openssl~1.0.0a~1.fc12\", rls:\"FC12\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-01-22T13:05:53", "description": "Check for the Version of openssl", "cvss3": {}, "published": "2010-06-18T00:00:00", "type": "openvas", "title": "Fedora Update for openssl FEDORA-2010-9639", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-4355", "CVE-2010-0742", "CVE-2009-3555", "CVE-2010-1633"], "modified": "2018-01-22T00:00:00", "id": "OPENVAS:1361412562310862152", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310862152", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for openssl FEDORA-2010-9639\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"openssl on Fedora 12\";\ntag_insight = \"The OpenSSL toolkit provides support for secure communications between\n machines. OpenSSL includes a certificate management tool and shared\n libraries which provide various cryptographic algorithms and\n protocols.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2010-June/042919.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.862152\");\n script_version(\"$Revision: 8485 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-22 08:57:57 +0100 (Mon, 22 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2010-06-18 17:26:33 +0200 (Fri, 18 Jun 2010)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"FEDORA\", value: \"2010-9639\");\n script_cve_id(\"CVE-2010-0742\", \"CVE-2010-1633\", \"CVE-2009-4355\", \"CVE-2009-3555\");\n script_name(\"Fedora Update for openssl FEDORA-2010-9639\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of openssl\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC12\")\n{\n\n if ((res = isrpmvuln(pkg:\"openssl\", rpm:\"openssl~1.0.0a~1.fc12\", rls:\"FC12\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-24T12:50:49", "description": "The remote host is missing an update as announced\nvia advisory SSA:2010-060-02.", "cvss3": {}, "published": "2012-09-11T00:00:00", "type": "openvas", "title": "Slackware Advisory SSA:2010-060-02 openssl ", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1379", "CVE-2009-1377", "CVE-2008-1678", "CVE-2009-4355", "CVE-2009-3245", "CVE-2009-1378"], "modified": "2017-07-07T00:00:00", "id": "OPENVAS:67042", "href": "http://plugins.openvas.org/nasl.php?oid=67042", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: esoft_slk_ssa_2010_060_02.nasl 6598 2017-07-07 09:36:44Z cfischer $\n# Description: Auto-generated from the corresponding slackware advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"New openssl packages are available for Slackware 11.0, 12.0, 12.1, 12.2, 13.0,\nand -current to fix security issues.\";\ntag_summary = \"The remote host is missing an update as announced\nvia advisory SSA:2010-060-02.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=SSA:2010-060-02\";\n \nif(description)\n{\n script_id(67042);\n script_tag(name:\"creation_date\", value:\"2012-09-11 01:34:21 +0200 (Tue, 11 Sep 2012)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 11:36:44 +0200 (Fri, 07 Jul 2017) $\");\n script_cve_id(\"CVE-2008-1678\", \"CVE-2009-1378\", \"CVE-2009-1377\", \"CVE-2009-1379\", \"CVE-2009-3245\", \"CVE-2009-4355\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_version(\"$Revision: 6598 $\");\n script_name(\"Slackware Advisory SSA:2010-060-02 openssl \");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Slackware Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/slackware_linux\", \"ssh/login/slackpack\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-slack.inc\");\nvuln = 0;\nif(isslkpkgvuln(pkg:\"openssl\", ver:\"0.9.8m-i486-1_slack11.0\", rls:\"SLK11.0\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"openssl-solibs\", ver:\"0.9.8m-i486-1_slack11.0\", rls:\"SLK11.0\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"openssl\", ver:\"0.9.8m-i486-1_slack12.0\", rls:\"SLK12.0\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"openssl-solibs\", ver:\"0.9.8m-i486-1_slack12.0\", rls:\"SLK12.0\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"openssl\", ver:\"0.9.8m-i486-1_slack12.1\", rls:\"SLK12.1\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"openssl-solibs\", ver:\"0.9.8m-i486-1_slack12.1\", rls:\"SLK12.1\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"openssl\", ver:\"0.9.8m-i486-1_slack12.2\", rls:\"SLK12.2\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"openssl-solibs\", ver:\"0.9.8m-i486-1_slack12.2\", rls:\"SLK12.2\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"openssl\", ver:\"0.9.8m-i486-1_slack13.0\", rls:\"SLK13.0\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"openssl-solibs\", ver:\"0.9.8m-i486-1_slack13.0\", rls:\"SLK13.0\")) {\n vuln = 1;\n}\n\nif(vuln) {\n security_message(0);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:39:01", "description": "The remote host is missing an update as announced\nvia advisory SSA:2010-060-02.", "cvss3": {}, "published": "2012-09-11T00:00:00", "type": "openvas", "title": "Slackware Advisory SSA:2010-060-02 openssl", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1379", "CVE-2009-1377", "CVE-2008-1678", "CVE-2009-4355", "CVE-2009-3245", "CVE-2009-1378"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:136141256231067042", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231067042", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: esoft_slk_ssa_2010_060_02.nasl 14202 2019-03-15 09:16:15Z cfischer $\n# Description: Auto-generated from the corresponding slackware advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.67042\");\n script_tag(name:\"creation_date\", value:\"2012-09-11 01:34:21 +0200 (Tue, 11 Sep 2012)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 10:16:15 +0100 (Fri, 15 Mar 2019) $\");\n script_cve_id(\"CVE-2008-1678\", \"CVE-2009-1378\", \"CVE-2009-1377\", \"CVE-2009-1379\", \"CVE-2009-3245\", \"CVE-2009-4355\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_version(\"$Revision: 14202 $\");\n script_name(\"Slackware Advisory SSA:2010-060-02 openssl\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Slackware Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/slackware_linux\", \"ssh/login/slackpack\", re:\"ssh/login/release=SLK(11\\.0|12\\.0|12\\.1|12\\.2|13\\.0)\");\n\n script_xref(name:\"URL\", value:\"https://secure1.securityspace.com/smysecure/catid.html?in=SSA:2010-060-02\");\n\n script_tag(name:\"insight\", value:\"New openssl packages are available for Slackware 11.0, 12.0, 12.1, 12.2, 13.0,\nand -current to fix security issues.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to the new package(s).\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update as announced\nvia advisory SSA:2010-060-02.\");\n\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-slack.inc\");\n\nreport = \"\";\nres = \"\";\n\nif((res = isslkpkgvuln(pkg:\"openssl\", ver:\"0.9.8m-i486-1_slack11.0\", rls:\"SLK11.0\")) != NULL) {\n report += res;\n}\nif((res = isslkpkgvuln(pkg:\"openssl-solibs\", ver:\"0.9.8m-i486-1_slack11.0\", rls:\"SLK11.0\")) != NULL) {\n report += res;\n}\nif((res = isslkpkgvuln(pkg:\"openssl\", ver:\"0.9.8m-i486-1_slack12.0\", rls:\"SLK12.0\")) != NULL) {\n report += res;\n}\nif((res = isslkpkgvuln(pkg:\"openssl-solibs\", ver:\"0.9.8m-i486-1_slack12.0\", rls:\"SLK12.0\")) != NULL) {\n report += res;\n}\nif((res = isslkpkgvuln(pkg:\"openssl\", ver:\"0.9.8m-i486-1_slack12.1\", rls:\"SLK12.1\")) != NULL) {\n report += res;\n}\nif((res = isslkpkgvuln(pkg:\"openssl-solibs\", ver:\"0.9.8m-i486-1_slack12.1\", rls:\"SLK12.1\")) != NULL) {\n report += res;\n}\nif((res = isslkpkgvuln(pkg:\"openssl\", ver:\"0.9.8m-i486-1_slack12.2\", rls:\"SLK12.2\")) != NULL) {\n report += res;\n}\nif((res = isslkpkgvuln(pkg:\"openssl-solibs\", ver:\"0.9.8m-i486-1_slack12.2\", rls:\"SLK12.2\")) != NULL) {\n report += res;\n}\nif((res = isslkpkgvuln(pkg:\"openssl\", ver:\"0.9.8m-i486-1_slack13.0\", rls:\"SLK13.0\")) != NULL) {\n report += res;\n}\nif((res = isslkpkgvuln(pkg:\"openssl-solibs\", ver:\"0.9.8m-i486-1_slack13.0\", rls:\"SLK13.0\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2017-07-02T21:13:59", "description": "Check for the Version of Kernel", "cvss3": {}, "published": "2009-10-13T00:00:00", "type": "openvas", "title": "Solaris Update for Kernel 122300-44", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2006-3738", "CVE-2006-2940", "CVE-2006-2937", "CVE-2006-4343", "CVE-2006-4339", "CVE-2008-1483"], "modified": "2017-02-20T00:00:00", "id": "OPENVAS:855780", "href": "http://plugins.openvas.org/nasl.php?oid=855780", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Solaris Update for Kernel 122300-44\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_affected = \"Kernel on solaris_5.9_sparc\";\ntag_insight = \"The remote host is missing a patch containing a security fix,\n which affects the following component(s): \n Kernel\n For more information please visit the below reference link.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\nif(description)\n{\n script_id(855780);\n script_version(\"$Revision: 5359 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-02-20 12:20:19 +0100 (Mon, 20 Feb 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-13 15:16:45 +0200 (Tue, 13 Oct 2009)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"SUNSolve\", value: \"122300-44\");\n script_cve_id(\"CVE-2008-1483\", \"CVE-2006-3738\", \"CVE-2006-4343\", \"CVE-2006-4339\", \"CVE-2006-2937\", \"CVE-2006-2940\");\n script_name(\"Solaris Update for Kernel 122300-44\");\n\n script_xref(name : \"URL\" , value : \"http://sunsolve.sun.com/search/document.do?assetkey=1-21-122300-44-1\");\n\n script_summary(\"Check for the Version of Kernel\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Solaris Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/solosversion\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"solaris.inc\");\n\nrelease = get_kb_item(\"ssh/login/solosversion\");\n\nif(release == NULL){\n exit(0);\n}\n\nif(solaris_check_patch(release:\"5.9\", arch:\"sparc\", patch:\"122300-44\", package:\"SUNWatfsu SUNWudfrx SUNWarc SUNWcarx.u SUNWrsg SUNWvolr SUNWcstl SUNWnfscx SUNWcslx SUNWsshdu SUNWcstlx SUNWrsgk SUNWpdx SUNWcsu SUNWnfssx SUNWnfscr SUNWcsxu SUNWnfssu SUNWaudit SUNWpd SUNWcsr SUNWsshdr SUNWefcx.us SUNWmdbx SUNWmdb SUNWdrrx.u SUNWvolu SUNWcar.u SUNWdrr.us SUNWudfr SUNWnfscu SUNWrsgx SUNWcar.m SUNWsshcu SUNWcar.us FJSVhea SUNWatfsr SUNWpiclu SUNWdrrx.us SUNWsshu SUNWcsl SUNWsshr SUNWdrr.u SUNWefcx.u SUNWnfssr SUNWcarx.us SUNWdrcrx.u SUNWhea\") < 0)\n{\n security_message(0);\n exit(0);\n}", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-24T12:57:16", "description": "Check for the Version of Apache Remote Execution of Arbitrary Code", "cvss3": {}, "published": "2009-05-05T00:00:00", "type": "openvas", "title": "HP-UX Update for Apache Remote Execution of Arbitrary Code HPSBUX02186", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2006-3738", "CVE-2006-2940", "CVE-2006-2937", "CVE-2006-4343", "CVE-2005-2969", "CVE-2006-4339"], "modified": "2017-07-06T00:00:00", "id": "OPENVAS:835119", "href": "http://plugins.openvas.org/nasl.php?oid=835119", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# HP-UX Update for Apache Remote Execution of Arbitrary Code HPSBUX02186\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_impact = \"Remote execution of arbitrary code\n Denial of Service (DoS)\n and unauthorized access.\";\ntag_affected = \"Apache Remote Execution of Arbitrary Code on\n HP-UX B.11.11, B.11.23, and B.11.31\";\ntag_insight = \"Potential security vulnerabilities have been identified with Apache running \n on HP-UX. These vulnerabilities could be exploited remotely to allow \n execution of arbitrary code, Denial of Service (DoS), or unauthorized \n access.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://www11.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c00849540-2\");\n script_id(835119);\n script_version(\"$Revision: 6584 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-06 16:13:23 +0200 (Thu, 06 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-05-05 12:14:23 +0200 (Tue, 05 May 2009)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"HPSBUX\", value: \"02186\");\n script_cve_id(\"CVE-2006-2940\", \"CVE-2006-2937\", \"CVE-2006-3738\", \"CVE-2006-4343\", \"CVE-2006-4339\", \"CVE-2005-2969\");\n script_name( \"HP-UX Update for Apache Remote Execution of Arbitrary Code HPSBUX02186\");\n\n script_summary(\"Check for the Version of Apache Remote Execution of Arbitrary Code\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"HP-UX Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/hp_hp-ux\", \"ssh/login/release\");\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-hpux.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"HPUX11.00\")\n{\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPACHE\", revision:\"A.2.0.58.01\", rls:\"HPUX11.00\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"HPUX11.23\")\n{\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPACHE\", revision:\"B.2.0.58.01\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"HPUX11.11\")\n{\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPACHE\", revision:\"A.2.0.58.01\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPACHE\", revision:\"B.2.0.58.01\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-02T21:13:55", "description": "Check for the Version of Kernel", "cvss3": {}, "published": "2009-09-23T00:00:00", "type": "openvas", "title": "Solaris Update for Kernel 122301-42", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2006-3738", "CVE-2006-2940", "CVE-2006-2937", "CVE-2006-4343", "CVE-2006-4339", "CVE-2008-1483"], "modified": "2017-02-20T00:00:00", "id": "OPENVAS:855702", "href": "http://plugins.openvas.org/nasl.php?oid=855702", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Solaris Update for Kernel 122301-42\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_affected = \"Kernel on solaris_5.9_x86\";\ntag_insight = \"The remote host is missing a patch containing a security fix,\n which affects the following component(s): \n Kernel\n For more information please visit the below reference link.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\nif(description)\n{\n script_id(855702);\n script_version(\"$Revision: 5359 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-02-20 12:20:19 +0100 (Mon, 20 Feb 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-09-23 10:48:35 +0200 (Wed, 23 Sep 2009)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"SUNSolve\", value: \"122301-42\");\n script_cve_id(\"CVE-2008-1483\", \"CVE-2006-3738\", \"CVE-2006-4343\", \"CVE-2006-4339\", \"CVE-2006-2937\", \"CVE-2006-2940\");\n script_name(\"Solaris Update for Kernel 122301-42\");\n\n script_xref(name : \"URL\" , value : \"http://sunsolve.sun.com/search/document.do?assetkey=1-21-122301-42-1\");\n\n script_summary(\"Check for the Version of Kernel\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Solaris Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/solosversion\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"solaris.inc\");\n\nrelease = get_kb_item(\"ssh/login/solosversion\");\n\nif(release == NULL){\n exit(0);\n}\n\nif(solaris_check_patch(release:\"5.9\", arch:\"i386\", patch:\"122301-42\", package:\"SUNWatfsu SUNWarc SUNWrsg SUNWcstl SUNWsshdu SUNWcar.i SUNWrsgk SUNWcsu SUNWnfscr SUNWnfssu SUNWaudit SUNWcsr SUNWsshdr SUNWmdb SUNWvolu SUNWudfr SUNWnfscu SUNWsshcu SUNWatfsr SUNWsshu SUNWcsl SUNWsshr SUNWnfssr SUNWhea\") < 0)\n{\n security_message(0);\n exit(0);\n}", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-02T21:13:47", "description": "Check for the Version of Kernel", "cvss3": {}, "published": "2009-10-13T00:00:00", "type": "openvas", "title": "Solaris Update for Kernel 122301-44", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2006-3738", "CVE-2006-2940", "CVE-2006-2937", "CVE-2006-4343", "CVE-2006-4339", "CVE-2008-1483"], "modified": "2017-02-20T00:00:00", "id": "OPENVAS:855768", "href": "http://plugins.openvas.org/nasl.php?oid=855768", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Solaris Update for Kernel 122301-44\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_affected = \"Kernel on solaris_5.9_x86\";\ntag_insight = \"The remote host is missing a patch containing a security fix,\n which affects the following component(s): \n Kernel\n For more information please visit the below reference link.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\nif(description)\n{\n script_id(855768);\n script_version(\"$Revision: 5359 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-02-20 12:20:19 +0100 (Mon, 20 Feb 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-13 15:16:45 +0200 (Tue, 13 Oct 2009)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"SUNSolve\", value: \"122301-44\");\n script_cve_id(\"CVE-2008-1483\", \"CVE-2006-3738\", \"CVE-2006-4343\", \"CVE-2006-4339\", \"CVE-2006-2937\", \"CVE-2006-2940\");\n script_name(\"Solaris Update for Kernel 122301-44\");\n\n script_xref(name : \"URL\" , value : \"http://sunsolve.sun.com/search/document.do?assetkey=1-21-122301-44-1\");\n\n script_summary(\"Check for the Version of Kernel\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Solaris Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/solosversion\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"solaris.inc\");\n\nrelease = get_kb_item(\"ssh/login/solosversion\");\n\nif(release == NULL){\n exit(0);\n}\n\nif(solaris_check_patch(release:\"5.9\", arch:\"i386\", patch:\"122301-44\", package:\"SUNWatfsu SUNWarc SUNWrsg SUNWcstl SUNWsshdu SUNWcar.i SUNWrsgk SUNWcsu SUNWnfscr SUNWnfssu SUNWaudit SUNWcsr SUNWsshdr SUNWmdb SUNWvolu SUNWudfr SUNWnfscu SUNWsshcu SUNWatfsr SUNWsshu SUNWcsl SUNWsshr SUNWnfssr SUNWhea\") < 0)\n{\n security_message(0);\n exit(0);\n}", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-02T21:14:20", "description": "Check for the Version of Kernel", "cvss3": {}, "published": "2009-06-03T00:00:00", "type": "openvas", "title": "Solaris Update for Kernel 122300-40", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2006-3738", "CVE-2006-2940", "CVE-2006-2937", "CVE-2006-4343", "CVE-2006-4339", "CVE-2008-1483"], "modified": "2017-02-20T00:00:00", "id": "OPENVAS:855612", "href": "http://plugins.openvas.org/nasl.php?oid=855612", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Solaris Update for Kernel 122300-40\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_affected = \"Kernel on solaris_5.9_sparc\";\ntag_insight = \"The remote host is missing a patch containing a security fix,\n which affects the following component(s): \n Kernel\n For more information please visit the below reference link.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\nif(description)\n{\n script_id(855612);\n script_version(\"$Revision: 5359 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-02-20 12:20:19 +0100 (Mon, 20 Feb 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-06-03 12:31:50 +0200 (Wed, 03 Jun 2009)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"SUNSolve\", value: \"122300-40\");\n script_cve_id(\"CVE-2008-1483\", \"CVE-2006-3738\", \"CVE-2006-4343\", \"CVE-2006-4339\", \"CVE-2006-2937\", \"CVE-2006-2940\");\n script_name( \"Solaris Update for Kernel 122300-40\");\n\n script_xref(name : \"URL\" , value : \"http://sunsolve.sun.com/search/document.do?assetkey=1-21-122300-40-1\");\n\n script_summary(\"Check for the Version of Kernel\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Solaris Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/solosversion\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"solaris.inc\");\n\nrelease = get_kb_item(\"ssh/login/solosversion\");\n\nif(release == NULL){\n exit(0);\n}\n\nif(solaris_check_patch(release:\"5.9\", arch:\"sparc\", patch:\"122300-40\", package:\"SUNWsshcu SUNWcar.us SUNWarc SUNWcar.m SUNWpdx SUNWmdb SUNWaudit SUNWsshdu FJSVhea SUNWcsl SUNWsshdr SUNWefcx.u SUNWsshr SUNWdrr.u SUNWdrrx.us SUNWcsxu SUNWcarx.us SUNWpiclu SUNWmdbx SUNWvolr SUNWdrr.us SUNWcsr SUNWefcx.us SUNWpd SUNWhea SUNWcslx SUNWcstlx SUNWcarx.u SUNWsshu SUNWcsu SUNWcar.u SUNWdrcrx.u SUNWdrrx.u SUNWcstl\") < 0)\n{\n security_message(0);\n exit(0);\n}", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-02T21:14:18", "description": "Check for the Version of Kernel", "cvss3": {}, "published": "2009-06-03T00:00:00", "type": "openvas", "title": "Solaris Update for Kernel 122301-40", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2006-3738", "CVE-2006-2940", "CVE-2006-2937", "CVE-2006-4343", "CVE-2006-4339", "CVE-2008-1483"], "modified": "2017-02-20T00:00:00", "id": "OPENVAS:855018", "href": "http://plugins.openvas.org/nasl.php?oid=855018", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Solaris Update for Kernel 122301-40\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_affected = \"Kernel on solaris_5.9_x86\";\ntag_insight = \"The remote host is missing a patch containing a security fix,\n which affects the following component(s): \n Kernel\n For more information please visit the below reference link.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\nif(description)\n{\n script_id(855018);\n script_version(\"$Revision: 5359 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-02-20 12:20:19 +0100 (Mon, 20 Feb 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-06-03 12:31:50 +0200 (Wed, 03 Jun 2009)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"SUNSolve\", value: \"122301-40\");\n script_cve_id(\"CVE-2008-1483\", \"CVE-2006-3738\", \"CVE-2006-4343\", \"CVE-2006-4339\", \"CVE-2006-2937\", \"CVE-2006-2940\");\n script_name( \"Solaris Update for Kernel 122301-40\");\n\n script_xref(name : \"URL\" , value : \"http://sunsolve.sun.com/search/document.do?assetkey=1-21-122301-40-1\");\n\n script_summary(\"Check for the Version of Kernel\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Solaris Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/solosversion\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"solaris.inc\");\n\nrelease = get_kb_item(\"ssh/login/solosversion\");\n\nif(release == NULL){\n exit(0);\n}\n\nif(solaris_check_patch(release:\"5.9\", arch:\"i386\", patch:\"122301-40\", package:\"SUNWsshcu SUNWcar.i SUNWarc SUNWmdb SUNWaudit SUNWsshdu SUNWcsl SUNWsshdr SUNWsshr SUNWcsr SUNWhea SUNWsshu SUNWcsu SUNWcstl\") < 0)\n{\n security_message(0);\n exit(0);\n}", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-09T11:41:48", "description": "Check for the Version of Kernel", "cvss3": {}, "published": "2009-06-03T00:00:00", "type": "openvas", "title": "Solaris Update for Kernel 122300-40", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2006-3738", "CVE-2006-2940", "CVE-2006-2937", "CVE-2006-4343", "CVE-2006-4339", "CVE-2008-1483"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:1361412562310855612", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310855612", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Solaris Update for Kernel 122300-40\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_affected = \"Kernel on solaris_5.9_sparc\";\ntag_insight = \"The remote host is missing a patch containing a security fix,\n which affects the following component(s): \n Kernel\n For more information please visit the below reference link.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.855612\");\n script_version(\"$Revision: 9370 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:53:14 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-06-03 12:31:50 +0200 (Wed, 03 Jun 2009)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"SUNSolve\", value: \"122300-40\");\n script_cve_id(\"CVE-2008-1483\", \"CVE-2006-3738\", \"CVE-2006-4343\", \"CVE-2006-4339\", \"CVE-2006-2937\", \"CVE-2006-2940\");\n script_name( \"Solaris Update for Kernel 122300-40\");\n\n script_xref(name : \"URL\" , value : \"http://sunsolve.sun.com/search/document.do?assetkey=1-21-122300-40-1\");\n\n script_tag(name:\"summary\", value:\"Check for the Version of Kernel\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Solaris Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/solosversion\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"solaris.inc\");\n\nrelease = get_kb_item(\"ssh/login/solosversion\");\n\nif(release == NULL){\n exit(0);\n}\n\nif(solaris_check_patch(release:\"5.9\", arch:\"sparc\", patch:\"122300-40\", package:\"SUNWsshcu SUNWcar.us SUNWarc SUNWcar.m SUNWpdx SUNWmdb SUNWaudit SUNWsshdu FJSVhea SUNWcsl SUNWsshdr SUNWefcx.u SUNWsshr SUNWdrr.u SUNWdrrx.us SUNWcsxu SUNWcarx.us SUNWpiclu SUNWmdbx SUNWvolr SUNWdrr.us SUNWcsr SUNWefcx.us SUNWpd SUNWhea SUNWcslx SUNWcstlx SUNWcarx.u SUNWsshu SUNWcsu SUNWcar.u SUNWdrcrx.u SUNWdrrx.u SUNWcstl\") < 0)\n{\n security_message(0);\n exit(0);\n}", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-09T11:41:55", "description": "Check for the Version of Apache Remote Execution of Arbitrary Code", "cvss3": {}, "published": "2009-05-05T00:00:00", "type": "openvas", "title": "HP-UX Update for Apache Remote Execution of Arbitrary Code HPSBUX02186", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2006-3738", "CVE-2006-2940", "CVE-2006-2937", "CVE-2006-4343", "CVE-2005-2969", "CVE-2006-4339"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:1361412562310835119", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310835119", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# HP-UX Update for Apache Remote Execution of Arbitrary Code HPSBUX02186\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_impact = \"Remote execution of arbitrary code\n Denial of Service (DoS)\n and unauthorized access.\";\ntag_affected = \"Apache Remote Execution of Arbitrary Code on\n HP-UX B.11.11, B.11.23, and B.11.31\";\ntag_insight = \"Potential security vulnerabilities have been identified with Apache running \n on HP-UX. These vulnerabilities could be exploited remotely to allow \n execution of arbitrary code, Denial of Service (DoS), or unauthorized \n access.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://www11.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c00849540-2\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.835119\");\n script_version(\"$Revision: 9370 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:53:14 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-05-05 12:14:23 +0200 (Tue, 05 May 2009)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"HPSBUX\", value: \"02186\");\n script_cve_id(\"CVE-2006-2940\", \"CVE-2006-2937\", \"CVE-2006-3738\", \"CVE-2006-4343\", \"CVE-2006-4339\", \"CVE-2005-2969\");\n script_name( \"HP-UX Update for Apache Remote Execution of Arbitrary Code HPSBUX02186\");\n\n script_tag(name:\"summary\", value:\"Check for the Version of Apache Remote Execution of Arbitrary Code\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"HP-UX Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/hp_hp-ux\", \"ssh/login/release\");\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-hpux.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"HPUX11.00\")\n{\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPACHE\", revision:\"A.2.0.58.01\", rls:\"HPUX11.00\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"HPUX11.23\")\n{\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPACHE\", revision:\"B.2.0.58.01\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"HPUX11.11\")\n{\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPACHE\", revision:\"A.2.0.58.01\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPACHE\", revision:\"B.2.0.58.01\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-09T11:38:32", "description": "Check for the Version of Kernel", "cvss3": {}, "published": "2009-10-13T00:00:00", "type": "openvas", "title": "Solaris Update for Kernel 122301-44", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2006-3738", "CVE-2006-2940", "CVE-2006-2937", "CVE-2006-4343", "CVE-2006-4339", "CVE-2008-1483"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:1361412562310855768", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310855768", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Solaris Update for Kernel 122301-44\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_affected = \"Kernel on solaris_5.9_x86\";\ntag_insight = \"The remote host is missing a patch containing a security fix,\n which affects the following component(s): \n Kernel\n For more information please visit the below reference link.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.855768\");\n script_version(\"$Revision: 9370 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:53:14 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-13 15:16:45 +0200 (Tue, 13 Oct 2009)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"SUNSolve\", value: \"122301-44\");\n script_cve_id(\"CVE-2008-1483\", \"CVE-2006-3738\", \"CVE-2006-4343\", \"CVE-2006-4339\", \"CVE-2006-2937\", \"CVE-2006-2940\");\n script_name(\"Solaris Update for Kernel 122301-44\");\n\n script_xref(name : \"URL\" , value : \"http://sunsolve.sun.com/search/document.do?assetkey=1-21-122301-44-1\");\n\n script_tag(name:\"summary\", value:\"Check for the Version of Kernel\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Solaris Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/solosversion\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"solaris.inc\");\n\nrelease = get_kb_item(\"ssh/login/solosversion\");\n\nif(release == NULL){\n exit(0);\n}\n\nif(solaris_check_patch(release:\"5.9\", arch:\"i386\", patch:\"122301-44\", package:\"SUNWatfsu SUNWarc SUNWrsg SUNWcstl SUNWsshdu SUNWcar.i SUNWrsgk SUNWcsu SUNWnfscr SUNWnfssu SUNWaudit SUNWcsr SUNWsshdr SUNWmdb SUNWvolu SUNWudfr SUNWnfscu SUNWsshcu SUNWatfsr SUNWsshu SUNWcsl SUNWsshr SUNWnfssr SUNWhea\") < 0)\n{\n security_message(0);\n exit(0);\n}", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-09T11:39:46", "description": "Check for the Version of Kernel", "cvss3": {}, "published": "2009-10-13T00:00:00", "type": "openvas", "title": "Solaris Update for Kernel 122300-44", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2006-3738", "CVE-2006-2940", "CVE-2006-2937", "CVE-2006-4343", "CVE-2006-4339", "CVE-2008-1483"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:1361412562310855780", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310855780", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Solaris Update for Kernel 122300-44\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_affected = \"Kernel on solaris_5.9_sparc\";\ntag_insight = \"The remote host is missing a patch containing a security fix,\n which affects the following component(s): \n Kernel\n For more information please visit the below reference link.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.855780\");\n script_version(\"$Revision: 9370 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:53:14 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-13 15:16:45 +0200 (Tue, 13 Oct 2009)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"SUNSolve\", value: \"122300-44\");\n script_cve_id(\"CVE-2008-1483\", \"CVE-2006-3738\", \"CVE-2006-4343\", \"CVE-2006-4339\", \"CVE-2006-2937\", \"CVE-2006-2940\");\n script_name(\"Solaris Update for Kernel 122300-44\");\n\n script_xref(name : \"URL\" , value : \"http://sunsolve.sun.com/search/document.do?assetkey=1-21-122300-44-1\");\n\n script_tag(name:\"summary\", value:\"Check for the Version of Kernel\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Solaris Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/solosversion\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"solaris.inc\");\n\nrelease = get_kb_item(\"ssh/login/solosversion\");\n\nif(release == NULL){\n exit(0);\n}\n\nif(solaris_check_patch(release:\"5.9\", arch:\"sparc\", patch:\"122300-44\", package:\"SUNWatfsu SUNWudfrx SUNWarc SUNWcarx.u SUNWrsg SUNWvolr SUNWcstl SUNWnfscx SUNWcslx SUNWsshdu SUNWcstlx SUNWrsgk SUNWpdx SUNWcsu SUNWnfssx SUNWnfscr SUNWcsxu SUNWnfssu SUNWaudit SUNWpd SUNWcsr SUNWsshdr SUNWefcx.us SUNWmdbx SUNWmdb SUNWdrrx.u SUNWvolu SUNWcar.u SUNWdrr.us SUNWudfr SUNWnfscu SUNWrsgx SUNWcar.m SUNWsshcu SUNWcar.us FJSVhea SUNWatfsr SUNWpiclu SUNWdrrx.us SUNWsshu SUNWcsl SUNWsshr SUNWdrr.u SUNWefcx.u SUNWnfssr SUNWcarx.us SUNWdrcrx.u SUNWhea\") < 0)\n{\n security_message(0);\n exit(0);\n}", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-09T11:41:40", "description": "Check for the Version of Kernel", "cvss3": {}, "published": "2009-06-03T00:00:00", "type": "openvas", "title": "Solaris Update for Kernel 122301-40", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2006-3738", "CVE-2006-2940", "CVE-2006-2937", "CVE-2006-4343", "CVE-2006-4339", "CVE-2008-1483"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:1361412562310855018", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310855018", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Solaris Update for Kernel 122301-40\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_affected = \"Kernel on solaris_5.9_x86\";\ntag_insight = \"The remote host is missing a patch containing a security fix,\n which affects the following component(s): \n Kernel\n For more information please visit the below reference link.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.855018\");\n script_version(\"$Revision: 9370 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:53:14 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-06-03 12:31:50 +0200 (Wed, 03 Jun 2009)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"SUNSolve\", value: \"122301-40\");\n script_cve_id(\"CVE-2008-1483\", \"CVE-2006-3738\", \"CVE-2006-4343\", \"CVE-2006-4339\", \"CVE-2006-2937\", \"CVE-2006-2940\");\n script_name( \"Solaris Update for Kernel 122301-40\");\n\n script_xref(name : \"URL\" , value : \"http://sunsolve.sun.com/search/document.do?assetkey=1-21-122301-40-1\");\n\n script_tag(name:\"summary\", value:\"Check for the Version of Kernel\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Solaris Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/solosversion\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"solaris.inc\");\n\nrelease = get_kb_item(\"ssh/login/solosversion\");\n\nif(release == NULL){\n exit(0);\n}\n\nif(solaris_check_patch(release:\"5.9\", arch:\"i386\", patch:\"122301-40\", package:\"SUNWsshcu SUNWcar.i SUNWarc SUNWmdb SUNWaudit SUNWsshdu SUNWcsl SUNWsshdr SUNWsshr SUNWcsr SUNWhea SUNWsshu SUNWcsu SUNWcstl\") < 0)\n{\n security_message(0);\n exit(0);\n}", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-09T11:39:24", "description": "Check for the Version of Kernel", "cvss3": {}, "published": "2009-09-23T00:00:00", "type": "openvas", "title": "Solaris Update for Kernel 122301-42", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2006-3738", "CVE-2006-2940", "CVE-2006-2937", "CVE-2006-4343", "CVE-2006-4339", "CVE-2008-1483"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:1361412562310855702", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310855702", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Solaris Update for Kernel 122301-42\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_affected = \"Kernel on solaris_5.9_x86\";\ntag_insight = \"The remote host is missing a patch containing a security fix,\n which affects the following component(s): \n Kernel\n For more information please visit the below reference link.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.855702\");\n script_version(\"$Revision: 9370 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:53:14 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-09-23 10:48:35 +0200 (Wed, 23 Sep 2009)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"SUNSolve\", value: \"122301-42\");\n script_cve_id(\"CVE-2008-1483\", \"CVE-2006-3738\", \"CVE-2006-4343\", \"CVE-2006-4339\", \"CVE-2006-2937\", \"CVE-2006-2940\");\n script_name(\"Solaris Update for Kernel 122301-42\");\n\n script_xref(name : \"URL\" , value : \"http://sunsolve.sun.com/search/document.do?assetkey=1-21-122301-42-1\");\n\n script_tag(name:\"summary\", value:\"Check for the Version of Kernel\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Solaris Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/solosversion\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"solaris.inc\");\n\nrelease = get_kb_item(\"ssh/login/solosversion\");\n\nif(release == NULL){\n exit(0);\n}\n\nif(solaris_check_patch(release:\"5.9\", arch:\"i386\", patch:\"122301-42\", package:\"SUNWatfsu SUNWarc SUNWrsg SUNWcstl SUNWsshdu SUNWcar.i SUNWrsgk SUNWcsu SUNWnfscr SUNWnfssu SUNWaudit SUNWcsr SUNWsshdr SUNWmdb SUNWvolu SUNWudfr SUNWnfscu SUNWsshcu SUNWatfsr SUNWsshu SUNWcsl SUNWsshr SUNWnfssr SUNWhea\") < 0)\n{\n security_message(0);\n exit(0);\n}", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-25T10:48:18", "description": "Check for the Version of mingw-openssl", "cvss3": {}, "published": "2014-04-15T00:00:00", "type": "openvas", "title": "Fedora Update for mingw-openssl FEDORA-2014-4982", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-6449", "CVE-2013-6450", "CVE-2014-0160", "CVE-2013-4353"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:867688", "href": "http://plugins.openvas.org/nasl.php?oid=867688", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for mingw-openssl FEDORA-2014-4982\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\nif(description)\n{\n script_id(867688);\n script_version(\"$Revision: 6629 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:33:41 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2014-04-15 09:41:59 +0530 (Tue, 15 Apr 2014)\");\n script_cve_id(\"CVE-2014-0160\", \"CVE-2013-6450\", \"CVE-2013-4353\", \"CVE-2013-6449\");\n script_tag(name:\"cvss_base\", value:\"5.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:P\");\n script_name(\"Fedora Update for mingw-openssl FEDORA-2014-4982\");\n\n tag_insight = \"The OpenSSL toolkit provides support for secure communications between\nmachines. OpenSSL includes a certificate management tool and shared\nlibraries which provide various cryptographic algorithms and\nprotocols.\n\nThis package contains Windows (MinGW) libraries and development tools.\n\";\n\n tag_affected = \"mingw-openssl on Fedora 20\";\n\n tag_solution = \"Please Install the Updated Packages.\";\n\n\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name: \"FEDORA\", value: \"2014-4982\");\n script_xref(name: \"URL\" , value: \"https://lists.fedoraproject.org/pipermail/package-announce/2014-April/131346.html\");\n script_summary(\"Check for the Version of mingw-openssl\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC20\")\n{\n\n if ((res = isrpmvuln(pkg:\"mingw-openssl\", rpm:\"mingw-openssl~1.0.1e~6.fc20\", rls:\"FC20\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 5.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:37:34", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2014-04-16T00:00:00", "type": "openvas", "title": "Fedora Update for mingw-openssl FEDORA-2014-4999", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-6449", "CVE-2013-6450", "CVE-2014-0160", "CVE-2013-4353"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310867701", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310867701", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for mingw-openssl FEDORA-2014-4999\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.867701\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2014-04-16 11:33:27 +0530 (Wed, 16 Apr 2014)\");\n script_cve_id(\"CVE-2014-0160\", \"CVE-2013-6450\", \"CVE-2013-4353\", \"CVE-2013-6449\");\n script_tag(name:\"cvss_base\", value:\"5.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:P\");\n script_name(\"Fedora Update for mingw-openssl FEDORA-2014-4999\");\n script_tag(name:\"affected\", value:\"mingw-openssl on Fedora 19\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"FEDORA\", value:\"2014-4999\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2014-April/131532.html\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'mingw-openssl'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC19\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC19\")\n{\n\n if ((res = isrpmvuln(pkg:\"mingw-openssl\", rpm:\"mingw-openssl~1.0.1e~6.fc19\", rls:\"FC19\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:P"}}, {"lastseen": "2019-05-29T18:37:22", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2014-04-15T00:00:00", "type": "openvas", "title": "Fedora Update for mingw-openssl FEDORA-2014-4982", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-6449", "CVE-2013-6450", "CVE-2014-0160", "CVE-2013-4353"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310867688", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310867688", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for mingw-openssl FEDORA-2014-4982\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.867688\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2014-04-15 09:41:59 +0530 (Tue, 15 Apr 2014)\");\n script_cve_id(\"CVE-2014-0160\", \"CVE-2013-6450\", \"CVE-2013-4353\", \"CVE-2013-6449\");\n script_tag(name:\"cvss_base\", value:\"5.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:P\");\n script_name(\"Fedora Update for mingw-openssl FEDORA-2014-4982\");\n script_tag(name:\"affected\", value:\"mingw-openssl on Fedora 20\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"FEDORA\", value:\"2014-4982\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2014-April/131346.html\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'mingw-openssl'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC20\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC20\")\n{\n\n if ((res = isrpmvuln(pkg:\"mingw-openssl\", rpm:\"mingw-openssl~1.0.1e~6.fc20\", rls:\"FC20\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:P"}}, {"lastseen": "2019-05-29T18:37:47", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2014-04-10T00:00:00", "type": "openvas", "title": "Fedora Update for openssl FEDORA-2014-4910", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-6449", "CVE-2013-6450", "CVE-2014-0160", "CVE-2013-4353"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310867676", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310867676", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for openssl FEDORA-2014-4910\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.867676\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2014-04-10 13:15:09 +0530 (Thu, 10 Apr 2014)\");\n script_cve_id(\"CVE-2014-0160\", \"CVE-2013-4353\", \"CVE-2013-6450\", \"CVE-2013-6449\");\n script_tag(name:\"cvss_base\", value:\"5.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:P\");\n script_name(\"Fedora Update for openssl FEDORA-2014-4910\");\n script_tag(name:\"affected\", value:\"openssl on Fedora 19\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"FEDORA\", value:\"2014-4910\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2014-April/131291.html\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'openssl'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC19\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC19\")\n{\n\n if ((res = isrpmvuln(pkg:\"openssl\", rpm:\"openssl~1.0.1e~37.fc19.1\", rls:\"FC19\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:P"}}, {"lastseen": "2019-05-29T18:37:43", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2014-04-10T00:00:00", "type": "openvas", "title": "Fedora Update for openssl FEDORA-2014-4879", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-6449", "CVE-2013-6450", "CVE-2014-0160", "CVE-2013-4353"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310867679", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310867679", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for openssl FEDORA-2014-4879\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.867679\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2014-04-10 13:15:51 +0530 (Thu, 10 Apr 2014)\");\n script_cve_id(\"CVE-2014-0160\", \"CVE-2013-4353\", \"CVE-2013-6450\", \"CVE-2013-6449\");\n script_tag(name:\"cvss_base\", value:\"5.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:P\");\n script_name(\"Fedora Update for openssl FEDORA-2014-4879\");\n script_tag(name:\"affected\", value:\"openssl on Fedora 20\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"FEDORA\", value:\"2014-4879\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2014-April/131221.html\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'openssl'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC20\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC20\")\n{\n\n if ((res = isrpmvuln(pkg:\"openssl\", rpm:\"openssl~1.0.1e~37.fc20.1\", rls:\"FC20\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:P"}}, {"lastseen": "2017-07-25T10:48:25", "description": "Check for the Version of openssl", "cvss3": {}, "published": "2014-04-10T00:00:00", "type": "openvas", "title": "Fedora Update for openssl FEDORA-2014-4910", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-6449", "CVE-2013-6450", "CVE-2014-0160", "CVE-2013-4353"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:867676", "href": "http://plugins.openvas.org/nasl.php?oid=867676", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for openssl FEDORA-2014-4910\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\nif(description)\n{\n script_id(867676);\n script_version(\"$Revision: 6629 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:33:41 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2014-04-10 13:15:09 +0530 (Thu, 10 Apr 2014)\");\n script_cve_id(\"CVE-2014-0160\", \"CVE-2013-4353\", \"CVE-2013-6450\", \"CVE-2013-6449\");\n script_tag(name:\"cvss_base\", value:\"5.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:P\");\n script_name(\"Fedora Update for openssl FEDORA-2014-4910\");\n\n tag_insight = \"The OpenSSL toolkit provides support for secure communications between\nmachines. OpenSSL includes a certificate management tool and shared\nlibraries which provide various cryptographic algorithms and\nprotocols.\n\";\n\n tag_affected = \"openssl on Fedora 19\";\n\n tag_solution = \"Please Install the Updated Packages.\";\n\n\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name: \"FEDORA\", value: \"2014-4910\");\n script_xref(name: \"URL\" , value: \"https://lists.fedoraproject.org/pipermail/package-announce/2014-April/131291.html\");\n script_summary(\"Check for the Version of openssl\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC19\")\n{\n\n if ((res = isrpmvuln(pkg:\"openssl\", rpm:\"openssl~1.0.1e~37.fc19.1\", rls:\"FC19\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 5.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-25T10:48:25", "description": "Check for the Version of openssl", "cvss3": {}, "published": "2014-04-10T00:00:00", "type": "openvas", "title": "Fedora Update for openssl FEDORA-2014-4879", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-6449", "CVE-2013-6450", "CVE-2014-0160", "CVE-2013-4353"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:867679", "href": "http://plugins.openvas.org/nasl.php?oid=867679", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for openssl FEDORA-2014-4879\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\nif(description)\n{\n script_id(867679);\n script_version(\"$Revision: 6629 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:33:41 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2014-04-10 13:15:51 +0530 (Thu, 10 Apr 2014)\");\n script_cve_id(\"CVE-2014-0160\", \"CVE-2013-4353\", \"CVE-2013-6450\", \"CVE-2013-6449\");\n script_tag(name:\"cvss_base\", value:\"5.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:P\");\n script_name(\"Fedora Update for openssl FEDORA-2014-4879\");\n\n tag_insight = \"The OpenSSL toolkit provides support for secure communications between\nmachines. OpenSSL includes a certificate management tool and shared\nlibraries which provide various cryptographic algorithms and\nprotocols.\n\";\n\n tag_affected = \"openssl on Fedora 20\";\n\n tag_solution = \"Please Install the Updated Packages.\";\n\n\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name: \"FEDORA\", value: \"2014-4879\");\n script_xref(name: \"URL\" , value: \"https://lists.fedoraproject.org/pipermail/package-announce/2014-April/131221.html\");\n script_summary(\"Check for the Version of openssl\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC20\")\n{\n\n if ((res = isrpmvuln(pkg:\"openssl\", rpm:\"openssl~1.0.1e~37.fc20.1\", rls:\"FC20\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 5.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-25T10:48:56", "description": "Check for the Version of mingw-openssl", "cvss3": {}, "published": "2014-04-16T00:00:00", "type": "openvas", "title": "Fedora Update for mingw-openssl FEDORA-2014-4999", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-6449", "CVE-2013-6450", "CVE-2014-0160", "CVE-2013-4353"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:867701", "href": "http://plugins.openvas.org/nasl.php?oid=867701", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for mingw-openssl FEDORA-2014-4999\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\nif(description)\n{\n script_id(867701);\n script_version(\"$Revision: 6629 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:33:41 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2014-04-16 11:33:27 +0530 (Wed, 16 Apr 2014)\");\n script_cve_id(\"CVE-2014-0160\", \"CVE-2013-6450\", \"CVE-2013-4353\", \"CVE-2013-6449\");\n script_tag(name:\"cvss_base\", value:\"5.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:P\");\n script_name(\"Fedora Update for mingw-openssl FEDORA-2014-4999\");\n\n tag_insight = \"The OpenSSL toolkit provides support for secure communications between\nmachines. OpenSSL includes a certificate management tool and shared\nlibraries which provide various cryptographic algorithms and\nprotocols.\n\nThis package contains Windows (MinGW) libraries and development tools.\n\";\n\n tag_affected = \"mingw-openssl on Fedora 19\";\n\n tag_solution = \"Please Install the Updated Packages.\";\n\n\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name: \"FEDORA\", value: \"2014-4999\");\n script_xref(name: \"URL\" , value: \"https://lists.fedoraproject.org/pipermail/package-announce/2014-April/131532.html\");\n script_summary(\"Check for the Version of mingw-openssl\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC19\")\n{\n\n if ((res = isrpmvuln(pkg:\"mingw-openssl\", rpm:\"mingw-openssl~1.0.1e~6.fc19\", rls:\"FC19\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 5.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2020-01-27T18:36:55", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "cvss3": {}, "published": "2020-01-23T00:00:00", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for openssl (EulerOS-SA-2018-1179)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-0701", "CVE-2017-3737", "CVE-2017-3738", "CVE-2017-3736"], "modified": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220181179", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220181179", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2018.1179\");\n script_version(\"2020-01-23T11:15:59+0000\");\n script_cve_id(\"CVE-2017-3736\", \"CVE-2017-3737\", \"CVE-2017-3738\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 11:15:59 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 11:15:59 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for openssl (EulerOS-SA-2018-1179)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP3\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2018-1179\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2018-1179\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'openssl' package(s) announced via the EulerOS-SA-2018-1179 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"There is a carry propagating bug in the x86_64 Montgomery squaring procedure in OpenSSL before 1.0.2m and 1.1.0 before 1.1.0g. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH are considered just feasible (although very difficult) because most of the work necessary to deduce information about a private key may be performed offline. The amount of resources required for such an attack would be very significant and likely only accessible to a limited number of attackers. An attacker would additionally need online access to an unpatched system using the target private key in a scenario with persistent DH parameters and a private key that is shared between multiple clients. This only affects processors that support the BMI1, BMI2 and ADX extensions like Intel Broadwell (5th generation) and later or AMD Ryzen. (CVE-2017-3736)\n\nOpenSSL 1.0.2 (starting from version 1.0.2b) introduced an 'error state' mechanism. The intent was that if a fatal error occurred during a handshake then OpenSSL would move into the error state and would immediately fail if you attempted to continue the handshake. This works as designed for the explicit handshake functions (SSL_do_handshake(), SSL_accept() and SSL_connect()), however due to a bug it does not work correctly if SSL_read() or SSL_write() is called directly. In that scenario, if the handshake fails then a fatal error will be returned in the initial function call. If SSL_read()/SSL_write() is subsequently called by the application for the same SSL object then it will succeed and the data is passed without being decrypted/encrypted directly from the SSL/TLS record layer. In order to exploit this issue an application bug would have to be present that resulted in a call to SSL_read()/SSL_write() being issued after having already received a fatal error. (CVE-2017-3737)\n\nThere is an overflow bug in the AVX2 Montgomery multiplication procedure used in exponentiation with 1024-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH1024 are considered just feasible, because most of the work necessary to deduce information about a private key may be performed offline. The amount of resources required for such an attack would be significant. However, for an attack on TLS to be meaningful, the server would have to share the DH1024 private key among multiple clients, which is no longer an option since CVE-2016-0701. This only affects processors that support the AVX2 but not ADX extensions like Intel Haswell (4th generation). (CVE-2017-3738)\");\n\n script_tag(name:\"affected\", value:\"'openssl' package(s) on Huawei EulerOS V2.0SP3.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP3\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"openssl\", rpm:\"openssl~1.0.2k~12.h2\", rls:\"EULEROS-2.0SP3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"openssl-devel\", rpm:\"openssl-devel~1.0.2k~12.h2\", rls:\"EULEROS-2.0SP3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"openssl-libs\", rpm:\"openssl-libs~1.0.2k~12.h2\", rls:\"EULEROS-2.0SP3\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2020-01-27T18:32:56", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "cvss3": {}, "published": "2020-01-23T00:00:00", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for openssl (EulerOS-SA-2018-1115)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-0701", "CVE-2017-3737", "CVE-2017-3738", "CVE-2017-3736"], "modified": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220181115", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220181115", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2018.1115\");\n script_version(\"2020-01-23T11:13:04+0000\");\n script_cve_id(\"CVE-2017-3736\", \"CVE-2017-3737\", \"CVE-2017-3738\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 11:13:04 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 11:13:04 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for openssl (EulerOS-SA-2018-1115)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP2\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2018-1115\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2018-1115\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'openssl' package(s) announced via the EulerOS-SA-2018-1115 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"There is a carry propagating bug in the x86_64 Montgomery squaring procedure in OpenSSL before 1.0.2m and 1.1.0 before 1.1.0g. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH are considered just feasible (although very difficult) because most of the work necessary to deduce information about a private key may be performed offline. The amount of resources required for such an attack would be very significant and likely only accessible to a limited number of attackers. An attacker would additionally need online access to an unpatched system using the target private key in a scenario with persistent DH parameters and a private key that is shared between multiple clients. This only affects processors that support the BMI1, BMI2 and ADX extensions like Intel Broadwell (5th generation) and later or AMD Ryzen. (CVE-2017-3736)\n\nOpenSSL 1.0.2 (starting from version 1.0.2b) introduced an 'error state' mechanism. The intent was that if a fatal error occurred during a handshake then OpenSSL would move into the error state and would immediately fail if you attempted to continue the handshake. This works as designed for the explicit handshake functions (SSL_do_handshake(), SSL_accept() and SSL_connect()), however due to a bug it does not work correctly if SSL_read() or SSL_write() is called directly. In that scenario, if the handshake fails then a fatal error will be returned in the initial function call. If SSL_read()/SSL_write() is subsequently called by the application for the same SSL object then it will succeed and the data is passed without being decrypted/encrypted directly from the SSL/TLS record layer. In order to exploit this issue an application bug would have to be present that resulted in a call to SSL_read()/SSL_write() being issued after having already received a fatal error. (CVE-2017-3737)\n\nThere is an overflow bug in the AVX2 Montgomery multiplication procedure used in exponentiation with 1024-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH1024 are considered just feasible, because most of the work necessary to deduce information about a private key may be performed offline. The amount of resources required for such an attack would be significant. However, for an attack on TLS to be meaningful, the server would have to share the DH1024 private key among multiple clients, which is no longer an option since CVE-2016-0701. This only affects processors that support the AVX2 but not ADX extensions like Intel Haswell (4th generation). (CVE-2017-3738)\");\n\n script_tag(name:\"affected\", value:\"'openssl' package(s) on Huawei EulerOS V2.0SP2.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP2\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"openssl\", rpm:\"openssl~1.0.2k~12.h1\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"openssl-devel\", rpm:\"openssl-devel~1.0.2k~12.h1\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"openssl-libs\", rpm:\"openssl-libs~1.0.2k~12.h1\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2017-12-20T13:18:07", "description": "Check for the Version of Kernel", "cvss3": {}, "published": "2010-02-03T00:00:00", "type": "openvas", "title": "Solaris Update for Kernel 122300-48", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2006-3738", "CVE-2006-2940", "CVE-2006-2937", "CVE-2006-4343", "CVE-2006-4339", "CVE-2008-1483", "CVE-2006-0225"], "modified": "2017-12-19T00:00:00", "id": "OPENVAS:855835", "href": "http://plugins.openvas.org/nasl.php?oid=855835", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Solaris Update for Kernel 122300-48\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_affected = \"Kernel on solaris_5.9_sparc\";\ntag_insight = \"The remote host is missing a patch containing a security fix,\n which affects the following component(s): \n Kernel\n For more information please visit the below reference link.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\nif(description)\n{\n script_id(855835);\n script_version(\"$Revision: 8164 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-19 07:30:41 +0100 (Tue, 19 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-02-03 13:24:57 +0100 (Wed, 03 Feb 2010)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"SUNSolve\", value: \"122300-48\");\n script_cve_id(\"CVE-2008-1483\", \"CVE-2006-3738\", \"CVE-2006-4343\", \"CVE-2006-4339\", \"CVE-2006-2937\", \"CVE-2006-2940\", \"CVE-2006-0225\");\n script_name(\"Solaris Update for Kernel 122300-48\");\n\n script_xref(name : \"URL\" , value : \"http://sunsolve.sun.com/search/document.do?assetkey=1-21-122300-48-1\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of Kernel\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Solaris Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/solosversion\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"solaris.inc\");\n\nrelease = get_kb_item(\"ssh/login/solosversion\");\n\nif(release == NULL){\n exit(0);\n}\n\nif(solaris_check_patch(release:\"5.9\", arch:\"sparc\", patch:\"122300-48\", package:\"SUNWcar.us SUNWatfsu SUNWarc SUNWnfssx SUNWcar.m SUNWudfrx SUNWpdx SUNWmdb SUNWaudit SUNWsshdu SUNWnfscx SUNWnfssu FJSVhea SUNWcsl SUNWrsg SUNWrsgx SUNWrsgk SUNWsshdr SUNWses SUNWefcx.u SUNWvolu SUNWsshr SUNWdrr.u SUNWdrrx.us SUNWssadx SUNWcsxu SUNWcarx.us SUNWpiclu SUNWmdbx SUNWnfssr SUNWvolr SUNWdrr.us SUNWcsr SUNWefcx.us SUNWpd SUNWhea SUNWcslx SUNWcstlx SUNWcarx.u SUNWatfsr SUNWsshu SUNWcsu SUNWcar.u SUNWnfscu SUNWdrcrx.u SUNWdrrx.u SUNWssad SUNWpdu SUNWnfscr SUNWcstl SUNWudfr\") < 0)\n{\n security_message(0);\n exit(0);\n}", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-12-12T11:11:14", "description": "Check for the Version of Kernel", "cvss3": {}, "published": "2010-02-03T00:00:00", "type": "openvas", "title": "Solaris Update for Kernel 122301-48", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2006-3738", "CVE-2006-2940", "CVE-2006-2937", "CVE-2006-4343", "CVE-2006-4339", "CVE-2008-1483", "CVE-2006-0225"], "modified": "2017-12-12T00:00:00", "id": "OPENVAS:855853", "href": "http://plugins.openvas.org/nasl.php?oid=855853", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Solaris Update for Kernel 122301-48\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_affected = \"Kernel on solaris_5.9_x86\";\ntag_insight = \"The remote host is missing a patch containing a security fix,\n which affects the following component(s): \n Kernel\n For more information please visit the below reference link.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\nif(description)\n{\n script_id(855853);\n script_version(\"$Revision: 8082 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-12 07:31:24 +0100 (Tue, 12 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-02-03 13:24:57 +0100 (Wed, 03 Feb 2010)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"SUNSolve\", value: \"122301-48\");\n script_cve_id(\"CVE-2008-1483\", \"CVE-2006-3738\", \"CVE-2006-4343\", \"CVE-2006-4339\", \"CVE-2006-2937\", \"CVE-2006-2940\", \"CVE-2006-0225\");\n script_name(\"Solaris Update for Kernel 122301-48\");\n\n script_xref(name : \"URL\" , value : \"http://sunsolve.sun.com/search/document.do?assetkey=1-21-122301-48-1\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of Kernel\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Solaris Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/solosversion\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"solaris.inc\");\n\nrelease = get_kb_item(\"ssh/login/solosversion\");\n\nif(release == NULL){\n exit(0);\n}\n\nif(solaris_check_patch(release:\"5.9\", arch:\"i386\", patch:\"122301-48\", package:\"SUNWsshcu SUNWcar.i SUNWatfsu SUNWarc SUNWmdb SUNWaudit SUNWsshdu SUNWnfssu SUNWcsl SUNWrsg SUNWrsgk SUNWsshdr SUNWvolu SUNWsshr SUNWnfssr SUNWcsr SUNWhea SUNWatfsr SUNWsshu SUNWcsu SUNWnfscu SUNWnfscr SUNWcstl SUNWudfr\") < 0)\n{\n security_message(0);\n exit(0);\n}", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-02T21:13:58", "description": "Check for the Version of /usr/bin/ssh", "cvss3": {}, "published": "2009-10-13T00:00:00", "type": "openvas", "title": "Solaris Update for /usr/bin/ssh 114357-18", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2006-3738", "CVE-2006-2940", "CVE-2006-2937", "CVE-2006-4343", "CVE-2006-4339", "CVE-2008-1483", "CVE-2006-0225"], "modified": "2017-02-20T00:00:00", "id": "OPENVAS:855771", "href": "http://plugins.openvas.org/nasl.php?oid=855771", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Solaris Update for /usr/bin/ssh 114357-18\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_affected = \"/usr/bin/ssh on solaris_5.9_x86\";\ntag_insight = \"The remote host is missing a patch containing a security fix,\n which affects the following component(s): \n /usr/bin/ssh\n For more information please visit the below reference link.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\nif(description)\n{\n script_id(855771);\n script_version(\"$Revision: 5359 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-02-20 12:20:19 +0100 (Mon, 20 Feb 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-13 15:16:45 +0200 (Tue, 13 Oct 2009)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"SUNSolve\", value: \"114357-18\");\n script_cve_id(\"CVE-2008-1483\", \"CVE-2006-0225\", \"CVE-2006-3738\", \"CVE-2006-4343\", \"CVE-2006-4339\", \"CVE-2006-2937\", \"CVE-2006-2940\");\n script_name(\"Solaris Update for /usr/bin/ssh 114357-18\");\n\n script_xref(name : \"URL\" , value : \"http://sunsolve.sun.com/search/document.do?assetkey=1-21-114357-18-1\");\n\n script_summary(\"Check for the Version of /usr/bin/ssh\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Solaris Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/solosversion\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"solaris.inc\");\n\nrelease = get_kb_item(\"ssh/login/solosversion\");\n\nif(release == NULL){\n exit(0);\n}\n\nif(solaris_check_patch(release:\"5.9\", arch:\"i386\", patch:\"114357-18\", package:\"SUNWsshcu SUNWsshu\") < 0)\n{\n security_message(0);\n exit(0);\n}", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-01-02T10:54:46", "description": "Check for the Version of Kernel", "cvss3": {}, "published": "2010-02-03T00:00:00", "type": "openvas", "title": "Solaris Update for Kernel 122301-48", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2006-3738", "CVE-2006-2940", "CVE-2006-2937", "CVE-2006-4343", "CVE-2006-4339", "CVE-2008-1483", "CVE-2006-0225"], "modified": "2017-12-21T00:00:00", "id": "OPENVAS:1361412562310855853", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310855853", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Solaris Update for Kernel 122301-48\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_affected = \"Kernel on solaris_5.9_x86\";\ntag_insight = \"The remote host is missing a patch containing a security fix,\n which affects the following component(s): \n Kernel\n For more information please visit the below reference link.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.855853\");\n script_version(\"$Revision: 8207 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-21 08:30:12 +0100 (Thu, 21 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-02-03 13:24:57 +0100 (Wed, 03 Feb 2010)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"SUNSolve\", value: \"122301-48\");\n script_cve_id(\"CVE-2008-1483\", \"CVE-2006-3738\", \"CVE-2006-4343\", \"CVE-2006-4339\", \"CVE-2006-2937\", \"CVE-2006-2940\", \"CVE-2006-0225\");\n script_name(\"Solaris Update for Kernel 122301-48\");\n\n script_xref(name : \"URL\" , value : \"http://sunsolve.sun.com/search/document.do?assetkey=1-21-122301-48-1\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of Kernel\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Solaris Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/solosversion\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"solaris.inc\");\n\nrelease = get_kb_item(\"ssh/login/solosversion\");\n\nif(release == NULL){\n exit(0);\n}\n\nif(solaris_check_patch(release:\"5.9\", arch:\"i386\", patch:\"122301-48\", package:\"SUNWsshcu SUNWcar.i SUNWatfsu SUNWarc SUNWmdb SUNWaudit SUNWsshdu SUNWnfssu SUNWcsl SUNWrsg SUNWrsgk SUNWsshdr SUNWvolu SUNWsshr SUNWnfssr SUNWcsr SUNWhea SUNWatfsr SUNWsshu SUNWcsu SUNWnfscu SUNWnfscr SUNWcstl SUNWudfr\") < 0)\n{\n security_message(0);\n exit(0);\n}", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-02T21:14:14", "description": "Check for the Version of /usr/bin/ssh", "cvss3": {}, "published": "2009-06-03T00:00:00", "type": "openvas", "title": "Solaris Update for /usr/bin/ssh 114357-17", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2006-3738", "CVE-2006-2940", "CVE-2006-2937", "CVE-2006-4343", "CVE-2006-4339", "CVE-2008-1483", "CVE-2006-0225"], "modified": "2017-02-20T00:00:00", "id": "OPENVAS:855030", "href": "http://plugins.openvas.org/nasl.php?oid=855030", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Solaris Update for /usr/bin/ssh 114357-17\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_affected = \"/usr/bin/ssh on solaris_5.9_x86\";\ntag_insight = \"The remote host is missing a patch containing a security fix,\n which affects the following component(s): \n /usr/bin/ssh\n For more information please visit the below reference link.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\nif(description)\n{\n script_id(855030);\n script_version(\"$Revision: 5359 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-02-20 12:20:19 +0100 (Mon, 20 Feb 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-06-03 12:24:08 +0200 (Wed, 03 Jun 2009)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"SUNSolve\", value: \"114357-17\");\n script_cve_id(\"CVE-2008-1483\", \"CVE-2006-0225\", \"CVE-2006-3738\", \"CVE-2006-4343\", \"CVE-2006-4339\", \"CVE-2006-2937\", \"CVE-2006-2940\");\n script_name( \"Solaris Update for /usr/bin/ssh 114357-17\");\n\n script_xref(name : \"URL\" , value : \"http://sunsolve.sun.com/search/document.do?assetkey=1-21-114357-17-1\");\n\n script_summary(\"Check for the Version of /usr/bin/ssh\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Solaris Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/solosversion\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"solaris.inc\");\n\nrelease = get_kb_item(\"ssh/login/solosversion\");\n\nif(release == NULL){\n exit(0);\n}\n\nif(solaris_check_patch(release:\"5.9\", arch:\"i386\", patch:\"114357-17\", package:\"SUNWsshcu SUNWsshu\") < 0)\n{\n security_message(0);\n exit(0);\n}", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-02T21:14:15", "description": "Check for the Version of /usr/bin/ssh", "cvss3": {}, "published": "2009-10-13T00:00:00", "type": "openvas", "title": "Solaris Update for /usr/bin/ssh 114356-19", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2006-3738", "CVE-2006-2940", "CVE-2006-2937", "CVE-2006-4343", "CVE-2006-4339", "CVE-2008-1483", "CVE-2006-0225"], "modified": "2017-02-20T00:00:00", "id": "OPENVAS:855742", "href": "http://plugins.openvas.org/nasl.php?oid=855742", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Solaris Update for /usr/bin/ssh 114356-19\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_affected = \"/usr/bin/ssh on solaris_5.9_sparc\";\ntag_insight = \"The remote host is missing a patch containing a security fix,\n which affects the following component(s): \n /usr/bin/ssh\n For more information please visit the below reference link.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\nif(description)\n{\n script_id(855742);\n script_version(\"$Revision: 5359 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-02-20 12:20:19 +0100 (Mon, 20 Feb 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-13 15:16:45 +0200 (Tue, 13 Oct 2009)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"SUNSolve\", value: \"114356-19\");\n script_cve_id(\"CVE-2008-1483\", \"CVE-2006-0225\", \"CVE-2006-3738\", \"CVE-2006-4343\", \"CVE-2006-4339\", \"CVE-2006-2937\", \"CVE-2006-2940\");\n script_name(\"Solaris Update for /usr/bin/ssh 114356-19\");\n\n script_xref(name : \"URL\" , value : \"http://sunsolve.sun.com/search/document.do?assetkey=1-21-114356-19-1\");\n\n script_summary(\"Check for the Version of /usr/bin/ssh\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Solaris Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/solosversion\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"solaris.inc\");\n\nrelease = get_kb_item(\"ssh/login/solosversion\");\n\nif(release == NULL){\n exit(0);\n}\n\nif(solaris_check_patch(release:\"5.9\", arch:\"sparc\", patch:\"114356-19\", package:\"SUNWsshcu SUNWsshu\") < 0)\n{\n security_message(0);\n exit(0);\n}", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-02T21:14:19", "description": "Check for the Version of /usr/bin/ssh", "cvss3": {}, "published": "2009-06-03T00:00:00", "type": "openvas", "title": "Solaris Update for /usr/bin/ssh 114356-18", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2006-3738", "CVE-2006-2940", "CVE-2006-2937", "CVE-2006-4343", "CVE-2006-4339", "CVE-2008-1483", "CVE-2006-0225"], "modified": "2017-02-20T00:00:00", "id": "OPENVAS:855023", "href": "http://plugins.openvas.org/nasl.php?oid=855023", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Solaris Update for /usr/bin/ssh 114356-18\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_affected = \"/usr/bin/ssh on solaris_5.9_sparc\";\ntag_insight = \"The remote host is missing a patch containing a security fix,\n which affects the following component(s): \n /usr/bin/ssh\n For more information please visit the below reference link.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\nif(description)\n{\n script_id(855023);\n script_version(\"$Revision: 5359 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-02-20 12:20:19 +0100 (Mon, 20 Feb 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-06-03 12:24:08 +0200 (Wed, 03 Jun 2009)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"SUNSolve\", value: \"114356-18\");\n script_cve_id(\"CVE-2008-1483\", \"CVE-2006-0225\", \"CVE-2006-3738\", \"CVE-2006-4343\", \"CVE-2006-4339\", \"CVE-2006-2937\", \"CVE-2006-2940\");\n script_name( \"Solaris Update for /usr/bin/ssh 114356-18\");\n\n script_xref(name : \"URL\" , value : \"http://sunsolve.sun.com/search/document.do?assetkey=1-21-114356-18-1\");\n\n script_summary(\"Check for the Version of /usr/bin/ssh\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Solaris Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/solosversion\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"solaris.inc\");\n\nrelease = get_kb_item(\"ssh/login/solosversion\");\n\nif(release == NULL){\n exit(0);\n}\n\nif(solaris_check_patch(release:\"5.9\", arch:\"sparc\", patch:\"114356-18\", package:\"SUNWsshcu SUNWsshu\") < 0)\n{\n security_message(0);\n exit(0);\n}", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-09T11:41:42", "description": "Check for the Version of /usr/bin/ssh", "cvss3": {}, "published": "2009-06-03T00:00:00", "type": "openvas", "title": "Solaris Update for /usr/bin/ssh 114356-18", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2006-3738", "CVE-2006-2940", "CVE-2006-2937", "CVE-2006-4343", "CVE-2006-4339", "CVE-2008-1483", "CVE-2006-0225"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:1361412562310855023", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310855023", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Solaris Update for /usr/bin/ssh 114356-18\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_affected = \"/usr/bin/ssh on solaris_5.9_sparc\";\ntag_insight = \"The remote host is missing a patch containing a security fix,\n which affects the following component(s): \n /usr/bin/ssh\n For more information please visit the below reference link.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.855023\");\n script_version(\"$Revision: 9370 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:53:14 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-06-03 12:24:08 +0200 (Wed, 03 Jun 2009)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"SUNSolve\", value: \"114356-18\");\n script_cve_id(\"CVE-2008-1483\", \"CVE-2006-0225\", \"CVE-2006-3738\", \"CVE-2006-4343\", \"CVE-2006-4339\", \"CVE-2006-2937\", \"CVE-2006-2940\");\n script_name( \"Solaris Update for /usr/bin/ssh 114356-18\");\n\n script_xref(name : \"URL\" , value : \"http://sunsolve.sun.com/search/document.do?assetkey=1-21-114356-18-1\");\n\n script_tag(name:\"summary\", value:\"Check for the Version of /usr/bin/ssh\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Solaris Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/solosversion\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"solaris.inc\");\n\nrelease = get_kb_item(\"ssh/login/solosversion\");\n\nif(release == NULL){\n exit(0);\n}\n\nif(solaris_check_patch(release:\"5.9\", arch:\"sparc\", patch:\"114356-18\", package:\"SUNWsshcu SUNWsshu\") < 0)\n{\n security_message(0);\n exit(0);\n}", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-09T11:41:22", "description": "Check for the Version of /usr/bin/ssh", "cvss3": {}, "published": "2009-10-13T00:00:00", "type": "openvas", "title": "Solaris Update for /usr/bin/ssh 114356-19", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2006-3738", "CVE-2006-2940", "CVE-2006-2937", "CVE-2006-4343", "CVE-2006-4339", "CVE-2008-1483", "CVE-2006-0225"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:1361412562310855742", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310855742", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Solaris Update for /usr/bin/ssh 114356-19\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_affected = \"/usr/bin/ssh on solaris_5.9_sparc\";\ntag_insight = \"The remote host is missing a patch containing a security fix,\n which affects the following component(s): \n /usr/bin/ssh\n For more information please visit the below reference link.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.855742\");\n script_version(\"$Revision: 9370 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:53:14 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-13 15:16:45 +0200 (Tue, 13 Oct 2009)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"SUNSolve\", value: \"114356-19\");\n script_cve_id(\"CVE-2008-1483\", \"CVE-2006-0225\", \"CVE-2006-3738\", \"CVE-2006-4343\", \"CVE-2006-4339\", \"CVE-2006-2937\", \"CVE-2006-2940\");\n script_name(\"Solaris Update for /usr/bin/ssh 114356-19\");\n\n script_xref(name : \"URL\" , value : \"http://sunsolve.sun.com/search/document.do?assetkey=1-21-114356-19-1\");\n\n script_tag(name:\"summary\", value:\"Check for the Version of /usr/bin/ssh\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Solaris Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/solosversion\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"solaris.inc\");\n\nrelease = get_kb_item(\"ssh/login/solosversion\");\n\nif(release == NULL){\n exit(0);\n}\n\nif(solaris_check_patch(release:\"5.9\", arch:\"sparc\", patch:\"114356-19\", package:\"SUNWsshcu SUNWsshu\") < 0)\n{\n security_message(0);\n exit(0);\n}", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-01-18T11:04:54", "description": "Check for the Version of Kernel", "cvss3": {}, "published": "2010-02-03T00:00:00", "type": "openvas", "title": "Solaris Update for Kernel 122300-48", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2006-3738", "CVE-2006-2940", "CVE-2006-2937", "CVE-2006-4343", "CVE-2006-4339", "CVE-2008-1483", "CVE-2006-0225"], "modified": "2018-01-17T00:00:00", "id": "OPENVAS:1361412562310855835", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310855835", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Solaris Update for Kernel 122300-48\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_affected = \"Kernel on solaris_5.9_sparc\";\ntag_insight = \"The remote host is missing a patch containing a security fix,\n which affects the following component(s): \n Kernel\n For more information please visit the below reference link.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.855835\");\n script_version(\"$Revision: 8440 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-17 08:58:46 +0100 (Wed, 17 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2010-02-03 13:24:57 +0100 (Wed, 03 Feb 2010)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"SUNSolve\", value: \"122300-48\");\n script_cve_id(\"CVE-2008-1483\", \"CVE-2006-3738\", \"CVE-2006-4343\", \"CVE-2006-4339\", \"CVE-2006-2937\", \"CVE-2006-2940\", \"CVE-2006-0225\");\n script_name(\"Solaris Update for Kernel 122300-48\");\n\n script_xref(name : \"URL\" , value : \"http://sunsolve.sun.com/search/document.do?assetkey=1-21-122300-48-1\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of Kernel\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Solaris Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/solosversion\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"solaris.inc\");\n\nrelease = get_kb_item(\"ssh/login/solosversion\");\n\nif(release == NULL){\n exit(0);\n}\n\nif(solaris_check_patch(release:\"5.9\", arch:\"sparc\", patch:\"122300-48\", package:\"SUNWcar.us SUNWatfsu SUNWarc SUNWnfssx SUNWcar.m SUNWudfrx SUNWpdx SUNWmdb SUNWaudit SUNWsshdu SUNWnfscx SUNWnfssu FJSVhea SUNWcsl SUNWrsg SUNWrsgx SUNWrsgk SUNWsshdr SUNWses SUNWefcx.u SUNWvolu SUNWsshr SUNWdrr.u SUNWdrrx.us SUNWssadx SUNWcsxu SUNWcarx.us SUNWpiclu SUNWmdbx SUNWnfssr SUNWvolr SUNWdrr.us SUNWcsr SUNWefcx.us SUNWpd SUNWhea SUNWcslx SUNWcstlx SUNWcarx.u SUNWatfsr SUNWsshu SUNWcsu SUNWcar.u SUNWnfscu SUNWdrcrx.u SUNWdrrx.u SUNWssad SUNWpdu SUNWnfscr SUNWcstl SUNWudfr\") < 0)\n{\n security_message(0);\n exit(0);\n}", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-09T11:39:42", "description": "Check for the Version of /usr/bin/ssh", "cvss3": {}, "published": "2009-10-13T00:00:00", "type": "openvas", "title": "Solaris Update for /usr/bin/ssh 114357-18", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2006-3738", "CVE-2006-2940", "CVE-2006-2937", "CVE-2006-4343", "CVE-2006-4339", "CVE-2008-1483", "CVE-2006-0225"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:1361412562310855771", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310855771", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Solaris Update for /usr/bin/ssh 114357-18\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_affected = \"/usr/bin/ssh on solaris_5.9_x86\";\ntag_insight = \"The remote host is missing a patch containing a security fix,\n which affects the following component(s): \n /usr/bin/ssh\n For more information please visit the below reference link.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.855771\");\n script_version(\"$Revision: 9370 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:53:14 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-13 15:16:45 +0200 (Tue, 13 Oct 2009)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"SUNSolve\", value: \"114357-18\");\n script_cve_id(\"CVE-2008-1483\", \"CVE-2006-0225\", \"CVE-2006-3738\", \"CVE-2006-4343\", \"CVE-2006-4339\", \"CVE-2006-2937\", \"CVE-2006-2940\");\n script_name(\"Solaris Update for /usr/bin/ssh 114357-18\");\n\n script_xref(name : \"URL\" , value : \"http://sunsolve.sun.com/search/document.do?assetkey=1-21-114357-18-1\");\n\n script_tag(name:\"summary\", value:\"Check for the Version of /usr/bin/ssh\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Solaris Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/solosversion\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"solaris.inc\");\n\nrelease = get_kb_item(\"ssh/login/solosversion\");\n\nif(release == NULL){\n exit(0);\n}\n\nif(solaris_check_patch(release:\"5.9\", arch:\"i386\", patch:\"114357-18\", package:\"SUNWsshcu SUNWsshu\") < 0)\n{\n security_message(0);\n exit(0);\n}", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-09T11:41:12", "description": "Check for the Version of /usr/bin/ssh", "cvss3": {}, "published": "2009-06-03T00:00:00", "type": "openvas", "title": "Solaris Update for /usr/bin/ssh 114357-17", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2006-3738", "CVE-2006-2940", "CVE-2006-2937", "CVE-2006-4343", "CVE-2006-4339", "CVE-2008-1483", "CVE-2006-0225"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:1361412562310855030", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310855030", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Solaris Update for /usr/bin/ssh 114357-17\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_affected = \"/usr/bin/ssh on solaris_5.9_x86\";\ntag_insight = \"The remote host is missing a patch containing a security fix,\n which affects the following component(s): \n /usr/bin/ssh\n For more information please visit the below reference link.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.855030\");\n script_version(\"$Revision: 9370 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:53:14 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-06-03 12:24:08 +0200 (Wed, 03 Jun 2009)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"SUNSolve\", value: \"114357-17\");\n script_cve_id(\"CVE-2008-1483\", \"CVE-2006-0225\", \"CVE-2006-3738\", \"CVE-2006-4343\", \"CVE-2006-4339\", \"CVE-2006-2937\", \"CVE-2006-2940\");\n script_name( \"Solaris Update for /usr/bin/ssh 114357-17\");\n\n script_xref(name : \"URL\" , value : \"http://sunsolve.sun.com/search/document.do?assetkey=1-21-114357-17-1\");\n\n script_tag(name:\"summary\", value:\"Check for the Version of /usr/bin/ssh\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Solaris Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/solosversion\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"solaris.inc\");\n\nrelease = get_kb_item(\"ssh/login/solosversion\");\n\nif(release == NULL){\n exit(0);\n}\n\nif(solaris_check_patch(release:\"5.9\", arch:\"i386\", patch:\"114357-17\", package:\"SUNWsshcu SUNWsshu\") < 0)\n{\n security_message(0);\n exit(0);\n}", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-01-02T10:54:23", "description": "Check for the Version of openssl", "cvss3": {}, "published": "2010-06-25T00:00:00", "type": "openvas", "title": "Fedora Update for openssl FEDORA-2010-9421", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-0740", "CVE-2009-1379", "CVE-2009-1377", "CVE-2009-4355", "CVE-2010-0742", "CVE-2009-3245", "CVE-2009-1378", "CVE-2009-3555", "CVE-2010-0433"], "modified": "2017-12-29T00:00:00", "id": "OPENVAS:1361412562310862163", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310862163", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for openssl FEDORA-2010-9421\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"openssl on Fedora 11\";\ntag_insight = \"The OpenSSL toolkit provides support for secure communications between\n machines. OpenSSL includes a certificate management tool and shared\n libraries which provide various cryptographic algorithms and\n protocols.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2010-June/043193.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.862163\");\n script_version(\"$Revision: 8258 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-29 08:28:57 +0100 (Fri, 29 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-06-25 12:25:26 +0200 (Fri, 25 Jun 2010)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"FEDORA\", value: \"2010-9421\");\n script_cve_id(\"CVE-2010-0742\", \"CVE-2010-0740\", \"CVE-2009-3245\", \"CVE-2009-3555\", \"CVE-2009-4355\", \"CVE-2010-0433\", \"CVE-2009-1377\", \"CVE-2009-1378\", \"CVE-2009-1379\");\n script_name(\"Fedora Update for openssl FEDORA-2010-9421\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of openssl\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC11\")\n{\n\n if ((res = isrpmvuln(pkg:\"openssl\", rpm:\"openssl~0.9.8n~2.fc11\", rls:\"FC11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-12-14T11:48:38", "description": "Check for the Version of openssl", "cvss3": {}, "published": "2010-06-25T00:00:00", "type": "openvas", "title": "Fedora Update for openssl FEDORA-2010-9421", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-0740", "CVE-2009-1379", "CVE-2009-1377", "CVE-2009-4355", "CVE-2010-0742", "CVE-2009-3245", "CVE-2009-1378", "CVE-2009-3555", "CVE-2010-0433"], "modified": "2017-12-14T00:00:00", "id": "OPENVAS:862163", "href": "http://plugins.openvas.org/nasl.php?oid=862163", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for openssl FEDORA-2010-9421\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"openssl on Fedora 11\";\ntag_insight = \"The OpenSSL toolkit provides support for secure communications between\n machines. OpenSSL includes a certificate management tool and shared\n libraries which provide various cryptographic algorithms and\n protocols.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2010-June/043193.html\");\n script_id(862163);\n script_version(\"$Revision: 8109 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-14 07:31:15 +0100 (Thu, 14 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-06-25 12:25:26 +0200 (Fri, 25 Jun 2010)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"FEDORA\", value: \"2010-9421\");\n script_cve_id(\"CVE-2010-0742\", \"CVE-2010-0740\", \"CVE-2009-3245\", \"CVE-2009-3555\", \"CVE-2009-4355\", \"CVE-2010-0433\", \"CVE-2009-1377\", \"CVE-2009-1378\", \"CVE-2009-1379\");\n script_name(\"Fedora Update for openssl FEDORA-2010-9421\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of openssl\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC11\")\n{\n\n if ((res = isrpmvuln(pkg:\"openssl\", rpm:\"openssl~0.9.8n~2.fc11\", rls:\"FC11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-25T10:56:59", "description": "Check for the Version of openssl", "cvss3": {}, "published": "2009-02-27T00:00:00", "type": "openvas", "title": "Fedora Update for openssl FEDORA-2007-2530", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2007-4995", "CVE-2007-3108", "CVE-2007-5135"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:861429", "href": "http://plugins.openvas.org/nasl.php?oid=861429", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for openssl FEDORA-2007-2530\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"openssl on Fedora 7\";\ntag_insight = \"The OpenSSL toolkit provides support for secure communications between\n machines. OpenSSL includes a certificate management tool and shared\n libraries which provide various cryptographic algorithms and\n protocols.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00263.html\");\n script_id(861429);\n script_version(\"$Revision: 6623 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:10:20 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-27 16:01:32 +0100 (Fri, 27 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"FEDORA\", value: \"2007-2530\");\n script_cve_id(\"CVE-2007-5135\", \"CVE-2007-4995\", \"CVE-2007-3108\");\n script_name( \"Fedora Update for openssl FEDORA-2007-2530\");\n\n script_summary(\"Check for the Version of openssl\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC7\")\n{\n\n if ((res = isrpmvuln(pkg:\"openssl\", rpm:\"openssl~0.9.8b~15.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openssl-debuginfo\", rpm:\"openssl-debuginfo~0.9.8b~15.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openssl-devel\", rpm:\"openssl-devel~0.9.8b~15.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openssl-perl\", rpm:\"openssl-perl~0.9.8b~15.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openssl\", rpm:\"openssl~0.9.8b~15.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openssl-perl\", rpm:\"openssl-perl~0.9.8b~15.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openssl\", rpm:\"openssl~0.9.8b~15.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openssl-devel\", rpm:\"openssl-devel~0.9.8b~15.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openssl-debuginfo\", rpm:\"openssl-debuginfo~0.9.8b~15.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:36:26", "description": "Oracle Linux Local Security Checks ELSA-2007-0964", "cvss3": {}, "published": "2015-10-08T00:00:00", "type": "openvas", "title": "Oracle Linux Local Check: ELSA-2007-0964", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2007-4995", "CVE-2007-3108", "CVE-2007-5135"], "modified": "2018-09-28T00:00:00", "id": "OPENVAS:1361412562310122652", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310122652", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2007-0964.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.122652\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-08 14:50:20 +0300 (Thu, 08 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2007-0964\");\n script_tag(name:\"insight\", value:\"ELSA-2007-0964 - Important: openssl security update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2007-0964\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2007-0964.html\");\n script_cve_id(\"CVE-2007-3108\", \"CVE-2007-4995\", \"CVE-2007-5135\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux5\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux5\")\n{\n if ((res = isrpmvuln(pkg:\"openssl\", rpm:\"openssl~0.9.8b~8.3.el5_0.2\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"openssl-devel\", rpm:\"openssl-devel~0.9.8b~8.3.el5_0.2\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"openssl-perl\", rpm:\"openssl-perl~0.9.8b~8.3.el5_0.2\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2017-07-02T21:10:23", "description": "The remote host is missing an update to the system\nas announced in the referenced advisory.", "cvss3": {}, "published": "2008-09-04T00:00:00", "type": "openvas", "title": "FreeBSD Ports: openssl", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2006-3738", "CVE-2006-2940", "CVE-2006-2937", "CVE-2006-4343", "CVE-2006-2938"], "modified": "2016-09-26T00:00:00", "id": "OPENVAS:58053", "href": "http://plugins.openvas.org/nasl.php?oid=58053", "sourceData": "#\n#VID 0f37d765-c5d4-11db-9f82-000e0c2e438a\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from vuxml or freebsd advisories\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The following package is affected: openssl\n\nCVE-2006-2937\nOpenSSL 0.9.7 before 0.9.7l and 0.9.8 before 0.9.8d allows remote\nattackers to cause a denial of service (infinite loop and memory\nconsumption) via malformed ASN.1 structures that trigger an improperly\nhandled error condition.\nCVE-2006-2938\n** RESERVED **\nThis candidate has been reserved by an organization or individual that\nwill use it when announcing a new security problem. When the\ncandidate has been publicized, the details for this candidate will be\nprovided.\nCVE-2006-2940\nOpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions\nallows attackers to cause a denial of service (CPU consumption) via\nparasitic public keys with large (1) 'public exponent' or (2) 'public\nmodulus' values in X.509 certificates that require extra time to\nprocess when using RSA signature verification.\nCVE-2006-3738\nBuffer overflow in the SSL_get_shared_ciphers function in OpenSSL\n0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions has\nunspecified impact and remote attack vectors involving a long list of\nciphers.\nCVE-2006-4343\nThe get_server_hello function in the SSLv2 client code in OpenSSL\n0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions allows\nremote servers to cause a denial of service (client crash) via unknown\nvectors that trigger a null pointer dereference.\";\ntag_summary = \"The remote host is missing an update to the system\nas announced in the referenced advisory.\";\n\ntag_solution = \"Update your system with the appropriate patches or\nsoftware upgrades.\";\nif(description)\n{\n script_id(58053);\n script_version(\"$Revision: 4144 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2016-09-26 07:28:56 +0200 (Mon, 26 Sep 2016) $\");\n script_tag(name:\"creation_date\", value:\"2008-09-04 20:41:11 +0200 (Thu, 04 Sep 2008)\");\n script_cve_id(\"CVE-2006-2937\", \"CVE-2006-2938\", \"CVE-2006-2940\", \"CVE-2006-3738\", \"CVE-2006-4343\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"FreeBSD Ports: openssl\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"FreeBSD Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/freebsdrel\", \"login/SSH/success\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-bsd.inc\");\n\ntxt = \"\";\nvuln = 0;\nbver = portver(pkg:\"openssl\");\nif(!isnull(bver) && revcomp(a:bver, b:\"0.9.7l_0\")<0) {\n txt += 'Package openssl version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nif(!isnull(bver) && revcomp(a:bver, b:\"0.9.8\")>0 && revcomp(a:bver, b:\"0.9.8d_0\")<0) {\n txt += 'Package openssl version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\n\nif(vuln) {\n security_message(data:string(txt));\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-12-20T13:17:47", "description": "Check for the Version of openssl", "cvss3": {}, "published": "2010-11-23T00:00:00", "type": "openvas", "title": "Fedora Update for openssl FEDORA-2010-17847", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-0742", "CVE-2010-1633", "CVE-2010-3864"], "modified": "2017-12-19T00:00:00", "id": "OPENVAS:862566", "href": "http://plugins.openvas.org/nasl.php?oid=862566", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for openssl FEDORA-2010-17847\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"openssl on Fedora 13\";\ntag_insight = \"The OpenSSL toolkit provides support for secure communications between\n machines. OpenSSL includes a certificate management tool and shared\n libraries which provide various cryptographic algorithms and\n protocols.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051237.html\");\n script_id(862566);\n script_version(\"$Revision: 8164 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-19 07:30:41 +0100 (Tue, 19 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-11-23 15:30:07 +0100 (Tue, 23 Nov 2010)\");\n script_tag(name:\"cvss_base\", value:\"7.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:H/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"FEDORA\", value: \"2010-17847\");\n script_cve_id(\"CVE-2010-3864\", \"CVE-2010-0742\", \"CVE-2010-1633\");\n script_name(\"Fedora Update for openssl FEDORA-2010-17847\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of openssl\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC13\")\n{\n\n if ((res = isrpmvuln(pkg:\"openssl\", rpm:\"openssl~1.0.0b~1.fc13\", rls:\"FC13\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 7.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-01-18T11:04:39", "description": "Check for the Version of openssl", "cvss3": {}, "published": "2010-11-23T00:00:00", "type": "openvas", "title": "Fedora Update for openssl FEDORA-2010-17847", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-0742", "CVE-2010-1633", "CVE-2010-3864"], "modified": "2018-01-17T00:00:00", "id": "OPENVAS:1361412562310862566", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310862566", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for openssl FEDORA-2010-17847\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"openssl on Fedora 13\";\ntag_insight = \"The OpenSSL toolkit provides support for secure communications between\n machines. OpenSSL includes a certificate management tool and shared\n libraries which provide various cryptographic algorithms and\n protocols.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051237.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.862566\");\n script_version(\"$Revision: 8440 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-17 08:58:46 +0100 (Wed, 17 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2010-11-23 15:30:07 +0100 (Tue, 23 Nov 2010)\");\n script_tag(name:\"cvss_base\", value:\"7.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:H/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"FEDORA\", value: \"2010-17847\");\n script_cve_id(\"CVE-2010-3864\", \"CVE-2010-0742\", \"CVE-2010-1633\");\n script_name(\"Fedora Update for openssl FEDORA-2010-17847\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of openssl\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC13\")\n{\n\n if ((res = isrpmvuln(pkg:\"openssl\", rpm:\"openssl~1.0.0b~1.fc13\", rls:\"FC13\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 7.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-01-03T10:56:38", "description": "Check for the Version of openssl", "cvss3": {}, "published": "2012-01-25T00:00:00", "type": "openvas", "title": "Fedora Update for openssl FEDORA-2012-0702", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-4108", "CVE-2012-0050", "CVE-2011-3207"], "modified": "2018-01-03T00:00:00", "id": "OPENVAS:863704", "href": "http://plugins.openvas.org/nasl.php?oid=863704", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for openssl FEDORA-2012-0702\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"openssl on Fedora 15\";\ntag_insight = \"The OpenSSL toolkit provides support for secure communications between\n machines. OpenSSL includes a certificate management tool and shared\n libraries which provide various cryptographic algorithms and\n protocols.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2012-January/072380.html\");\n script_id(863704);\n script_version(\"$Revision: 8273 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-03 07:29:19 +0100 (Wed, 03 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-01-25 11:14:25 +0530 (Wed, 25 Jan 2012)\");\n script_cve_id(\"CVE-2012-0050\", \"CVE-2011-3207\", \"CVE-2011-4108\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_xref(name: \"FEDORA\", value: \"2012-0702\");\n script_name(\"Fedora Update for openssl FEDORA-2012-0702\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of openssl\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC15\")\n{\n\n if ((res = isrpmvuln(pkg:\"openssl\", rpm:\"openssl~1.0.0g~1.fc15\", rls:\"FC15\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:38:58", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2012-01-25T00:00:00", "type": "openvas", "title": "Fedora Update for openssl FEDORA-2012-0702", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-4108", "CVE-2012-0050", "CVE-2011-3207"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310863704", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310863704", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for openssl FEDORA-2012-0702\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.fedoraproject.org/pipermail/package-announce/2012-January/072380.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.863704\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-01-25 11:14:25 +0530 (Wed, 25 Jan 2012)\");\n script_cve_id(\"CVE-2012-0050\", \"CVE-2011-3207\", \"CVE-2011-4108\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_xref(name:\"FEDORA\", value:\"2012-0702\");\n script_name(\"Fedora Update for openssl FEDORA-2012-0702\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'openssl'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC15\");\n script_tag(name:\"affected\", value:\"openssl on Fedora 15\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC15\")\n{\n\n if ((res = isrpmvuln(pkg:\"openssl\", rpm:\"openssl~1.0.0g~1.fc15\", rls:\"FC15\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2017-07-26T08:56:09", "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n openssl\n openssl-devel\n openssl-doc\n\n\nMore details may also be found by searching for the SuSE\nEnterprise Server 10 patch database located at\nhttp://download.novell.com/patch/finder/", "cvss3": {}, "published": "2009-10-13T00:00:00", "type": "openvas", "title": "SLES10: Security update for OpenSSL", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1379", "CVE-2009-1377", "CVE-2009-1378"], "modified": "2017-07-11T00:00:00", "id": "OPENVAS:65793", "href": "http://plugins.openvas.org/nasl.php?oid=65793", "sourceData": "#\n#VID slesp2-openssl-6267\n# OpenVAS Vulnerability Test\n# $\n# Description: Security update for OpenSSL\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n openssl\n openssl-devel\n openssl-doc\n\n\nMore details may also be found by searching for the SuSE\nEnterprise Server 10 patch database located at\nhttp://download.novell.com/patch/finder/\";\n\ntag_solution = \"Please install the updates provided by SuSE.\";\n\nif(description)\n{\n script_id(65793);\n script_version(\"$Revision: 6666 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-11 15:13:36 +0200 (Tue, 11 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-13 18:25:40 +0200 (Tue, 13 Oct 2009)\");\n script_cve_id(\"CVE-2009-1377\", \"CVE-2009-1378\", \"CVE-2009-1379\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_name(\"SLES10: Security update for OpenSSL\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse_sles\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"openssl\", rpm:\"openssl~0.9.8a~18.32\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"openssl-devel\", rpm:\"openssl-devel~0.9.8a~18.32\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"openssl-doc\", rpm:\"openssl-doc~0.9.8a~18.32\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:40:25", "description": "OpenSSL is prone to multiple Denial of Service Vulnerabilities.", "cvss3": {}, "published": "2009-05-28T00:00:00", "type": "openvas", "title": "OpenSSL DTLS Packets Multiple Denial of Service Vulnerabilities (Linux)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1379", "CVE-2009-1377", "CVE-2009-1378"], "modified": "2019-02-27T00:00:00", "id": "OPENVAS:1361412562310900653", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310900653", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: secpod_openssl_mult_dos_vuln_lin.nasl 13899 2019-02-27 09:14:23Z cfischer $\n#\n# OpenSSL DTLS Packets Multiple Denial of Service Vulnerabilities (Linux)\n#\n# Authors:\n# Antu Sanadi <santu@secpod.com>\n#\n# Updated by: Antu Sanadi<santu@secpod.com> on 2010-11-08\n# Updated the description part\n#\n# Copyright:\n# Copyright (c) 2009 SecPod, http://www.secpod.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:openssl:openssl\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.900653\");\n script_version(\"$Revision: 13899 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-02-27 10:14:23 +0100 (Wed, 27 Feb 2019) $\");\n script_tag(name:\"creation_date\", value:\"2009-05-28 07:14:08 +0200 (Thu, 28 May 2009)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_cve_id(\"CVE-2009-1377\", \"CVE-2009-1378\", \"CVE-2009-1379\");\n script_bugtraq_id(35001);\n script_name(\"OpenSSL DTLS Packets Multiple Denial of Service Vulnerabilities (Linux)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 SecPod\");\n script_family(\"Denial of Service\");\n script_dependencies(\"gb_openssl_detect.nasl\", \"gb_openssl_detect_lin.nasl\", \"os_detection.nasl\");\n script_mandatory_keys(\"openssl/detected\", \"Host/runs_unixoide\");\n\n script_xref(name:\"URL\", value:\"http://rt.openssl.org/Ticket/Display.html?id=1923&user=guest&pass=guest\");\n script_xref(name:\"URL\", value:\"https://launchpad.net/bugs/cve/2009-1379\");\n script_xref(name:\"URL\", value:\"http://www.openwall.com/lists/oss-security/2009/05/18/4\");\n script_xref(name:\"URL\", value:\"http://secunia.com/advisories/35128\");\n script_xref(name:\"URL\", value:\"http://cvs.openssl.org/chngview?cn=18188\");\n script_xref(name:\"URL\", value:\"http://www.openwall.com/lists/oss-security/2009/05/18/1\");\n\n script_tag(name:\"summary\", value:\"OpenSSL is prone to multiple Denial of Service Vulnerabilities.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow attacker to cause denial-of-service\n conditions, crash the client, and exhaust all memory.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws are due to,\n\n - The library does not limit the number of buffered DTLS records with a future epoch.\n\n - An error when processing DTLS messages can be exploited to exhaust all available memory by sending a\n large number of out of sequence handshake messages.\n\n - A use-after-free error in the 'dtls1_retrieve_buffered_fragment()' function can be exploited to cause\n a crash in a client context.\");\n\n script_tag(name:\"affected\", value:\"OpenSSL version 0.9.8 to version 0.9.8k and version 1.0.x versions 1.0.0 Beta2 and prior.\");\n\n script_tag(name:\"qod_type\", value:\"remote_banner_unreliable\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif( isnull( port = get_app_port( cpe:CPE ) ) )\n exit( 0 );\n\nif( ! infos = get_app_version_and_location( cpe:CPE, port:port, exit_no_version:TRUE ) )\n exit( 0 );\n\nvers = infos['version'];\npath = infos['location'];\n\nif( version_in_range( version:vers, test_version:\"0.9.8\", test_version2:\"0.9.8k\" ) ||\n ( vers =~ \"^1\\.0\\.0\" && version_is_less_equal( version:vers, test_version:\"1.0.0beta2\" ) ) ) {\n report = report_fixed_ver( installed_version:vers, fixed_version:\"See references\", install_path:path );\n security_message( port:port, data:report );\n exit( 0 );\n}\n\nexit( 99 );", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2017-07-25T10:57:05", "description": "The remote host is missing an update to openssl\nannounced via advisory FEDORA-2009-5452.", "cvss3": {}, "published": "2009-06-23T00:00:00", "type": "openvas", "title": "Fedora Core 11 FEDORA-2009-5452 (openssl)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1379", "CVE-2009-1377", "CVE-2009-1378"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:64248", "href": "http://plugins.openvas.org/nasl.php?oid=64248", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: fcore_2009_5452.nasl 6624 2017-07-10 06:11:55Z cfischer $\n# Description: Auto-generated from advisory FEDORA-2009-5452 (openssl)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Update Information:\n\nSecurity update fixing DoS bugs in DTLS code. CVE-2009-1377 CVE-2009-1378\nCVE-2009-1379\n\nChangeLog:\n\n* Thu May 21 2009 Tomas Mraz 0.9.8k-5\n- fix CVE-2009-1377 CVE-2009-1378 CVE-2009-1379\n(DTLS DoS problems) (#501253, #501254, #501572)\";\ntag_solution = \"Apply the appropriate updates.\n\nThis update can be installed with the yum update program. Use \nsu -c 'yum update openssl' at the command line.\nFor more information, refer to Managing Software with yum,\navailable at http://docs.fedoraproject.org/yum/.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2009-5452\";\ntag_summary = \"The remote host is missing an update to openssl\nannounced via advisory FEDORA-2009-5452.\";\n\n\n\nif(description)\n{\n script_id(64248);\n script_version(\"$Revision: 6624 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:11:55 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-06-23 15:49:15 +0200 (Tue, 23 Jun 2009)\");\n script_cve_id(\"CVE-2009-1377\", \"CVE-2009-1378\", \"CVE-2009-1379\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_name(\"Fedora Core 11 FEDORA-2009-5452 (openssl)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=501253\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=501254\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=501572\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"openssl\", rpm:\"openssl~0.9.8k~5.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"openssl-devel\", rpm:\"openssl-devel~0.9.8k~5.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"openssl-perl\", rpm:\"openssl-perl~0.9.8k~5.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"openssl-static\", rpm:\"openssl-static~0.9.8k~5.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"openssl-debuginfo\", rpm:\"openssl-debuginfo~0.9.8k~5.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-12-21T11:44:23", "description": "This host is running OpenSSL and is prone to Multiple Denial of\n Service Vulnerabilities", "cvss3": {}, "published": "2009-05-28T00:00:00", "type": "openvas", "title": "OpenSSL DTLS Packets Multiple DOS Vulnerabilities (win)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1379", "CVE-2009-1377", "CVE-2009-1378"], "modified": "2017-12-20T00:00:00", "id": "OPENVAS:900654", "href": "http://plugins.openvas.org/nasl.php?oid=900654", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: secpod_openssl_mult_dos_vuln_win.nasl 8193 2017-12-20 10:46:55Z cfischer $\n#\n# OpenSSL DTLS Packets Multiple DOS Vulnerabilities (Windows)\n#\n# Authors:\n# Antu Sanadi <santu@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2009 SecPod, http://www.secpod.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:openssl:openssl\";\n\ntag_impact = \"Successful exploitation will allow attacker to cause denial-of-service\n conditions,crash the client,and exhaust all memory.\n\n Impact Level: System/Application\";\n\ntag_affected = \"OpenSSL version 0.9.8 to version 0.9.8k on Windows.\n OpenSSL version 1.0.0 Beta2 and prior on Windows.\";\n\ntag_insight = \"Multiple flaws are due to,\n\n - The library does not limit the number of buffered DTLS records with a\n future epoch.\n\n - An error when processing DTLS messages can be exploited to exhaust all\n available memory by sending a large number of out of sequence handshake\n messages.\n\n - A use-after-free error in the 'dtls1_retrieve_buffered_fragment()' function\n can be exploited to cause a crash in a client context.\";\n\ntag_solution = \"Apply patches or upgrade to the latest version.\n For updates refer tohttp://www.slproweb.com/products/Win32OpenSSL.html\";\n\ntag_summary = \"This host is running OpenSSL and is prone to Multiple Denial of\n Service Vulnerabilities\";\n\nif(description)\n{\n script_id(900654);\n script_version(\"$Revision: 8193 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-20 11:46:55 +0100 (Wed, 20 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-05-28 07:14:08 +0200 (Thu, 28 May 2009)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_cve_id(\"CVE-2009-1377\", \"CVE-2009-1378\",\"CVE-2009-1379\");\n script_bugtraq_id(35001);\n script_name(\"OpenSSL DTLS Packets Multiple DOS Vulnerabilities (win)\");\n script_xref(name : \"URL\" , value : \"http://secunia.com/advisories/35128\");\n script_xref(name : \"URL\" , value : \"http://cvs.openssl.org/chngview?cn=18188\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 SecPod\");\n script_family(\"Denial of Service\");\n script_dependencies(\"gb_openssl_detect_win.nasl\");\n script_mandatory_keys(\"OpenSSL/Win/Installed\");\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"registry\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\ninfos = get_app_version_and_location( cpe:CPE, exit_no_version:TRUE );\nvers = infos['version'];\npath = infos['location'];\n\nif( version_in_range( version:vers, test_version:\"0.9.8\", test_version2:\"0.9.8k\" ) ) {\n report = report_fixed_ver( installed_version:vers, fixed_version:\"See references\", install_path:path );\n security_message( port:0, data:report );\n exit( 0 );\n}\n\nexit( 99 );", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-07-26T08:55:50", "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n libopenssl0_9_8\n openssl\n openssl-doc\n\n\nMore details may also be found by searching for the SuSE\nEnterprise Server 11 patch database located at\nhttp://download.novell.com/patch/finder/", "cvss3": {}, "published": "2009-10-11T00:00:00", "type": "openvas", "title": "SLES11: Security update for OpenSSL", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1379", "CVE-2009-1377", "CVE-2009-1378"], "modified": "2017-07-11T00:00:00", "id": "OPENVAS:65668", "href": "http://plugins.openvas.org/nasl.php?oid=65668", "sourceData": "#\n#VID d4ddbfaf8e97ad6cc1b69035fcaf1610\n# OpenVAS Vulnerability Test\n# $\n# Description: Security update for OpenSSL\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n libopenssl0_9_8\n openssl\n openssl-doc\n\n\nMore details may also be found by searching for the SuSE\nEnterprise Server 11 patch database located at\nhttp://download.novell.com/patch/finder/\";\n\ntag_solution = \"Please install the updates provided by SuSE.\";\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://bugzilla.novell.com/show_bug.cgi?id=504687\");\n script_id(65668);\n script_version(\"$Revision: 6666 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-11 15:13:36 +0200 (Tue, 11 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-11 22:58:51 +0200 (Sun, 11 Oct 2009)\");\n script_cve_id(\"CVE-2009-1377\", \"CVE-2009-1378\", \"CVE-2009-1379\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_name(\"SLES11: Security update for OpenSSL\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse_sles\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"libopenssl0_9_8\", rpm:\"libopenssl0_9_8~0.9.8h~30.13.1\", rls:\"SLES11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"openssl\", rpm:\"openssl~0.9.8h~30.13.1\", rls:\"SLES11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"openssl-doc\", rpm:\"openssl-doc~0.9.8h~30.13.1\", rls:\"SLES11.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "nessus": [{"lastseen": "2023-02-18T15:29:27", "description": "It was discovered that OpenSSL did not correctly perform Montgomery multiplications. Local attackers might be able to reconstruct RSA private keys by examining another user's OpenSSL processes.\n(CVE-2007-3108)\n\nMoritz Jodeit discovered that OpenSSL's SSL_get_shared_ciphers function did not correctly check the size of the buffer it was writing to. A remote attacker could exploit this to write one NULL byte past the end of an application's cipher list buffer, possibly leading to arbitrary code execution or a denial of service. (CVE-2007-5135).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2007-11-10T00:00:00", "type": "nessus", "title": "Ubuntu 6.06 LTS / 6.10 / 7.04 : openssl vulnerabilities (USN-522-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2006-2937", "CVE-2006-2940", "CVE-2006-3738", "CVE-2006-4343", "CVE-2007-3108", "CVE-2007-5135"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:libssl-dev", "p-cpe:/a:canonical:ubuntu_linux:libssl0.9.8", "p-cpe:/a:canonical:ubuntu_linux:libssl0.9.8-dbg", "p-cpe:/a:canonical:ubuntu_linux:openssl", "cpe:/o:canonical:ubuntu_linux:6.06:-:lts", "cpe:/o:canonical:ubuntu_linux:6.10", "cpe:/o:canonical:ubuntu_linux:7.04"], "id": "UBUNTU_USN-522-1.NASL", "href": "https://www.tenable.com/plugins/nessus/28127", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-522-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(28127);\n script_version(\"1.18\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2006-2937\", \"CVE-2006-2940\", \"CVE-2006-3738\", \"CVE-2006-4343\", \"CVE-2007-3108\", \"CVE-2007-5135\");\n script_xref(name:\"USN\", value:\"522-1\");\n\n script_name(english:\"Ubuntu 6.06 LTS / 6.10 / 7.04 : openssl vulnerabilities (USN-522-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that OpenSSL did not correctly perform Montgomery\nmultiplications. Local attackers might be able to reconstruct RSA\nprivate keys by examining another user's OpenSSL processes.\n(CVE-2007-3108)\n\nMoritz Jodeit discovered that OpenSSL's SSL_get_shared_ciphers\nfunction did not correctly check the size of the buffer it was writing\nto. A remote attacker could exploit this to write one NULL byte past\nthe end of an application's cipher list buffer, possibly leading to\narbitrary code execution or a denial of service. (CVE-2007-5135).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/522-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_cwe_id(119, 189, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libssl-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libssl0.9.8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libssl0.9.8-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:6.06:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:6.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:7.04\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/09/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/11/10\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2007-2019 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! ereg(pattern:\"^(6\\.06|6\\.10|7\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 6.06 / 6.10 / 7.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"6.06\", pkgname:\"libssl-dev\", pkgver:\"0.9.8a-7ubuntu0.4\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"libssl0.9.8\", pkgver:\"0.9.8a-7ubuntu0.4\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"libssl0.9.8-dbg\", pkgver:\"0.9.8a-7ubuntu0.4\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"openssl\", pkgver:\"0.9.8a-7ubuntu0.4\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"libssl-dev\", pkgver:\"0.9.8b-2ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"libssl0.9.8\", pkgver:\"0.9.8b-2ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"libssl0.9.8-dbg\", pkgver:\"0.9.8b-2ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"openssl\", pkgver:\"0.9.8b-2ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"libssl-dev\", pkgver:\"0.9.8c-4ubuntu0.1\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"libssl0.9.8\", pkgver:\"0.9.8c-4ubuntu0.1\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"libssl0.9.8-dbg\", pkgver:\"0.9.8c-4ubuntu0.1\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"openssl\", pkgver:\"0.9.8c-4ubuntu0.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libssl-dev / libssl0.9.8 / libssl0.9.8-dbg / openssl\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-03-27T14:16:30", "description": "- Thu Sep 28 2006 Tomas Mraz <tmraz at redhat.com> 0.9.8a-5.4\n\n - fix CVE-2006-2937 - mishandled error on ASN.1 parsing (#207276)\n\n - fix CVE-2006-2940 - parasitic public keys DoS (#207274)\n\n - fix CVE-2006-3738 - buffer overflow in SSL_get_shared_ciphers (#206940)\n\n - fix CVE-2006-4343 - sslv2 client DoS (#206940)\n\n - Sat Sep 9 2006 Tomas Mraz <tmraz at redhat.com> 0.9.8a-5.3\n\n - fix CVE-2006-4339 - prevent attack on PKCS#1 v1.5 signatures (#205180)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2007-01-17T00:00:00", "type": "nessus", "title": "Fedora Core 5 : openssl-0.9.8a-5.4 (2006-1004)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2006-2937", "CVE-2006-2940", "CVE-2006-3738", "CVE-2006-4339", "CVE-2006-4343"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:openssl", "p-cpe:/a:fedoraproject:fedora:openssl-debuginfo", "p-cpe:/a:fedoraproject:fedora:openssl-devel", "p-cpe:/a:fedoraproject:fedora:openssl-perl", "cpe:/o:fedoraproject:fedora_core:5"], "id": "FEDORA_2006-1004.NASL", "href": "https://www.tenable.com/plugins/nessus/24028", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2006-1004.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(24028);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_xref(name:\"FEDORA\", value:\"2006-1004\");\n\n script_name(english:\"Fedora Core 5 : openssl-0.9.8a-5.4 (2006-1004)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora Core host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - Thu Sep 28 2006 Tomas Mraz <tmraz at redhat.com>\n 0.9.8a-5.4\n\n - fix CVE-2006-2937 - mishandled error on ASN.1 parsing\n (#207276)\n\n - fix CVE-2006-2940 - parasitic public keys DoS\n (#207274)\n\n - fix CVE-2006-3738 - buffer overflow in\n SSL_get_shared_ciphers (#206940)\n\n - fix CVE-2006-4343 - sslv2 client DoS (#206940)\n\n - Sat Sep 9 2006 Tomas Mraz <tmraz at redhat.com>\n 0.9.8a-5.3\n\n - fix CVE-2006-4339 - prevent attack on PKCS#1 v1.5\n signatures (#205180)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2006-September/000636.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?7928ca04\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_attribute(attribute:\"risk_factor\", value:\"High\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:openssl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:openssl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:openssl-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora_core:5\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2006/09/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/01/17\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 5.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC5\", reference:\"openssl-0.9.8a-5.4\")) flag++;\nif (rpm_check(release:\"FC5\", reference:\"openssl-debuginfo-0.9.8a-5.4\")) flag++;\nif (rpm_check(release:\"FC5\", reference:\"openssl-devel-0.9.8a-5.4\")) flag++;\nif (rpm_check(release:\"FC5\", reference:\"openssl-perl-0.9.8a-5.4\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssl / openssl-debuginfo / openssl-devel / openssl-perl\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-02-18T15:28:49", "description": "A buffer overflow condition within the SSL_get_shared_ciphers() function and a DoS condition known as 'parasitic public keys' have been fixed. The later problem allowed attackers to trick the OpenSSL engine to spend an extraordinary amount of time to process public keys. The following CAN numbers have been assigned: CVE-2006-2937, CVE-2006-2940, CVE-2006-3738, CVE-2006-4339 and CVE-2006-4343.", "cvss3": {}, "published": "2007-10-17T00:00:00", "type": "nessus", "title": "openSUSE 10 Security Update : compat-openssl097g (compat-openssl097g-2171)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2006-2937", "CVE-2006-2940", "CVE-2006-3738", "CVE-2006-4339", "CVE-2006-4343"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:compat-openssl097g", "p-cpe:/a:novell:opensuse:compat-openssl097g-32bit", "cpe:/o:novell:opensuse:10.1"], "id": "SUSE_COMPAT-OPENSSL097G-2171.NASL", "href": "https://www.tenable.com/plugins/nessus/27187", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update compat-openssl097g-2171.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(27187);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2006-2937\", \"CVE-2006-2940\", \"CVE-2006-3738\", \"CVE-2006-4339\", \"CVE-2006-4343\");\n\n script_name(english:\"openSUSE 10 Security Update : compat-openssl097g (compat-openssl097g-2171)\");\n script_summary(english:\"Check for the compat-openssl097g-2171 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A buffer overflow condition within the SSL_get_shared_ciphers()\nfunction and a DoS condition known as 'parasitic public keys' have\nbeen fixed. The later problem allowed attackers to trick the OpenSSL\nengine to spend an extraordinary amount of time to process public\nkeys. The following CAN numbers have been assigned: CVE-2006-2937,\nCVE-2006-2940, CVE-2006-3738, CVE-2006-4339 and CVE-2006-4343.\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected compat-openssl097g packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_cwe_id(119, 310, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:compat-openssl097g\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:compat-openssl097g-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:10.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2006/10/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/10/17\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE10\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"10.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE10.1\", reference:\"compat-openssl097g-0.9.7g-13.5\") ) flag++;\nif ( rpm_check(release:\"SUSE10.1\", cpu:\"x86_64\", reference:\"compat-openssl097g-32bit-0.9.7g-13.5\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"compat-openssl097g\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-18T15:03:03", "description": "Updated OpenSSL packages are now available to correct several security issues. \n\nThis update has been rated as having important security impact by the Red Hat Security Response Team. \n\nThe OpenSSL toolkit provides support for secure communications between machines. OpenSSL includes a certificate management tool and shared libraries which provide various cryptographic algorithms and protocols. \n\nThese vulnerabilities can affect applications which use OpenSSL to parse ASN.1 data from untrusted sources, including SSL servers which enable client authentication and S/MIME applications.\n\nUsers are advised to upgrade to these updated packages, which contain backported patches to correct these issues.\n\nNote: After installing this update, users are advised to either restart all services that use OpenSSL or restart their system.\n\n\nFrom Red Hat Security Advisory 2006:0695 :\n\nTavis Ormandy and Will Drewry of the Google Security Team discovered a buffer overflow in the SSL_get_shared_ciphers() utility function. An attacker could send a list of ciphers to an application that used this function and overrun a buffer (CVE-2006-3738). Few applications make use of this vulnerable function and generally it is used only when applications are compiled for debugging.\n\nTavis Ormandy and Will Drewry of the Google Security Team discovered a flaw in the SSLv2 client code. When a client application used OpenSSL to create an SSLv2 connection to a malicious server, that server could cause the client to crash. (CVE-2006-4343)\n\nDr S. N. Henson of the OpenSSL core team and Open Network Security recently developed an ASN.1 test suite for NISCC (www.niscc.gov.uk) which uncovered denial of service vulnerabilities :\n\n* Certain public key types can take disproportionate amounts of time to process, leading to a denial of service. (CVE-2006-2940)\n\n* During parsing of certain invalid ASN.1 structures an error condition was mishandled. This can result in an infinite loop which consumed system memory (CVE-2006-2937). This issue does not affect the OpenSSL version distributed in Red Hat Enterprise Linux 2.1.\n\n\nFrom Red Hat Security Advisory 2006:0661 :\n\nDaniel Bleichenbacher recently described an attack on PKCS #1 v1.5 signatures. Where an RSA key with exponent 3 is used it may be possible for an attacker to forge a PKCS #1 v1.5 signature that would be incorrectly verified by implementations that do not check for excess data in the RSA exponentiation result of the signature.\n\nThe Google Security Team discovered that OpenSSL is vulnerable to this attack. This issue affects applications that use OpenSSL to verify X.509 certificates as well as other uses of PKCS #1 v1.5.\n(CVE-2006-4339)\n\nThis errata also resolves a problem where a customized ca-bundle.crt file was overwritten when the openssl package was upgraded.", "cvss3": {}, "published": "2013-07-12T00:00:00", "type": "nessus", "title": "Oracle Linux 4 : openssl (ELSA-2006-0695 / ELSA-2006-0661)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2006-2937", "CVE-2006-2940", "CVE-2006-3738", "CVE-2006-4339", "CVE-2006-4343"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:openssl", "p-cpe:/a:oracle:linux:openssl096b", "p-cpe:/a:oracle:linux:openssl-devel", "p-cpe:/a:oracle:linux:openssl-perl", "cpe:/o:oracle:linux:4"], "id": "ORACLELINUX_ELSA-2006-0661.NASL", "href": "https://www.tenable.com/plugins/nessus/67405", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisories ELSA-2006-0695 / \n# ELSA-2006-0661.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(67405);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2006-2937\", \"CVE-2006-2940\", \"CVE-2006-3738\", \"CVE-2006-4339\", \"CVE-2006-4343\");\n script_bugtraq_id(19849);\n script_xref(name:\"RHSA\", value:\"2006:0661\");\n script_xref(name:\"RHSA\", value:\"2006:0695\");\n\n script_name(english:\"Oracle Linux 4 : openssl (ELSA-2006-0695 / ELSA-2006-0661)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated OpenSSL packages are now available to correct several security\nissues. \n\nThis update has been rated as having important security impact by the\nRed Hat Security Response Team. \n\nThe OpenSSL toolkit provides support for secure communications between\nmachines. OpenSSL includes a certificate management tool and shared\nlibraries which provide various cryptographic algorithms and protocols. \n\nThese vulnerabilities can affect applications which use OpenSSL to\nparse ASN.1 data from untrusted sources, including SSL servers which\nenable client authentication and S/MIME applications.\n\nUsers are advised to upgrade to these updated packages, which contain\nbackported patches to correct these issues.\n\nNote: After installing this update, users are advised to either\nrestart all services that use OpenSSL or restart their system.\n\n\nFrom Red Hat Security Advisory 2006:0695 :\n\nTavis Ormandy and Will Drewry of the Google Security Team discovered a\nbuffer overflow in the SSL_get_shared_ciphers() utility function. An\nattacker could send a list of ciphers to an application that used this\nfunction and overrun a buffer (CVE-2006-3738). Few applications make\nuse of this vulnerable function and generally it is used only when\napplications are compiled for debugging.\n\nTavis Ormandy and Will Drewry of the Google Security Team discovered a\nflaw in the SSLv2 client code. When a client application used OpenSSL\nto create an SSLv2 connection to a malicious server, that server could\ncause the client to crash. (CVE-2006-4343)\n\nDr S. N. Henson of the OpenSSL core team and Open Network Security\nrecently developed an ASN.1 test suite for NISCC (www.niscc.gov.uk)\nwhich uncovered denial of service vulnerabilities :\n\n* Certain public key types can take disproportionate amounts of time\nto process, leading to a denial of service. (CVE-2006-2940)\n\n* During parsing of certain invalid ASN.1 structures an error\ncondition was mishandled. This can result in an infinite loop which\nconsumed system memory (CVE-2006-2937). This issue does not affect the\nOpenSSL version distributed in Red Hat Enterprise Linux 2.1.\n\n\nFrom Red Hat Security Advisory 2006:0661 :\n\nDaniel Bleichenbacher recently described an attack on PKCS #1 v1.5\nsignatures. Where an RSA key with exponent 3 is used it may be\npossible for an attacker to forge a PKCS #1 v1.5 signature that would\nbe incorrectly verified by implementations that do not check for\nexcess data in the RSA exponentiation result of the signature.\n\nThe Google Security Team discovered that OpenSSL is vulnerable to this\nattack. This issue affects applications that use OpenSSL to verify\nX.509 certificates as well as other uses of PKCS #1 v1.5.\n(CVE-2006-4339)\n\nThis errata also resolves a problem where a customized ca-bundle.crt\nfile was overwritten when the openssl package was upgraded.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2006-November/000009.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected openssl packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(119, 310, 399);\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2006/11/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:openssl096b\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:openssl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:openssl-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:4\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2006/09/05\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"EL4\", cpu:\"i386\", reference:\"openssl-0.9.7a-43.14\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"x86_64\", reference:\"openssl-0.9.7a-43.14\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"i386\", reference:\"openssl-devel-0.9.7a-43.14\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"x86_64\", reference:\"openssl-devel-0.9.7a-43.14\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"i386\", reference:\"openssl-perl-0.9.7a-43.14\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"x86_64\", reference:\"openssl-perl-0.9.7a-43.14\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"i386\", reference:\"openssl096b-0.9.6b-22.46\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"x86_64\", reference:\"openssl096b-0.9.6b-22.46\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-18T15:30:55", "description": "A buffer overflow condition within the SSL_get_shared_ciphers() function and a DoS condition known as 'parasitic public keys' have been fixed. The later problem allowed attackers to trick the OpenSSL engine to spend an extraordinary amount of time to process public keys. The following CAN numbers have been assigned: CVE-2006-2937 / CVE-2006-2940 / CVE-2006-3738 / CVE-2006-4339 / CVE-2006-4343.", "cvss3": {}, "published": "2007-12-13T00:00:00", "type": "nessus", "title": "SuSE 10 Security Update : compat-openssl097g (ZYPP Patch Number 2163)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2006-2937", "CVE-2006-2940", "CVE-2006-3738", "CVE-2006-4339", "CVE-2006-4343"], "modified": "2021-01-14T00:00:00", "cpe": ["cpe:/o:suse:suse_linux"], "id": "SUSE_COMPAT-OPENSSL097G-2163.NASL", "href": "https://www.tenable.com/plugins/nessus/29405", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(29405);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2006-2937\", \"CVE-2006-2940\", \"CVE-2006-3738\", \"CVE-2006-4339\", \"CVE-2006-4343\");\n\n script_name(english:\"SuSE 10 Security Update : compat-openssl097g (ZYPP Patch Number 2163)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 10 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A buffer overflow condition within the SSL_get_shared_ciphers()\nfunction and a DoS condition known as 'parasitic public keys' have\nbeen fixed. The later problem allowed attackers to trick the OpenSSL\nengine to spend an extraordinary amount of time to process public\nkeys. The following CAN numbers have been assigned: CVE-2006-2937 /\nCVE-2006-2940 / CVE-2006-3738 / CVE-2006-4339 / CVE-2006-4343.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2006-2937.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2006-2940.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2006-3738.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2006-4339.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2006-4343.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply ZYPP patch number 2163.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_cwe_id(119, 310, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2006/10/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/12/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 10 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED10\", sp:0, reference:\"compat-openssl097g-0.9.7g-13.5\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:0, cpu:\"x86_64\", reference:\"compat-openssl097g-32bit-0.9.7g-13.5\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:0, reference:\"compat-openssl097g-0.9.7g-13.5\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:0, cpu:\"x86_64\", reference:\"compat-openssl097g-32bit-0.9.7g-13.5\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-18T15:24:40", "description": "Dr S N Henson of the OpenSSL core team and Open Network Security recently developed an ASN1 test suite for NISCC (www.niscc.gov.uk).\nWhen the test suite was run against OpenSSL two denial of service vulnerabilities were discovered.\n\nDuring the parsing of certain invalid ASN1 structures an error condition is mishandled. This can result in an infinite loop which consumes system memory. (CVE-2006-2937)\n\nCertain types of public key can take disproportionate amounts of time to process. This could be used by an attacker in a denial of service attack. (CVE-2006-2940)\n\nTavis Ormandy and Will Drewry of the Google Security Team discovered a buffer overflow in the SSL_get_shared_ciphers utility function, used by some applications such as exim and mysql. An attacker could send a list of ciphers that would overrun a buffer. (CVE-2006-3738)\n\nTavis Ormandy and Will Drewry of the Google Security Team discovered a possible DoS in the sslv2 client code. Where a client application uses OpenSSL to make a SSLv2 connection to a malicious server that server could cause the client to crash. (CVE-2006-4343)\n\nUpdated packages are patched to address these issues.\n\nUpdate :\n\nThere was an error in the original published patches for CVE-2006-2940. New packages have corrected this issue.", "cvss3": {}, "published": "2007-02-18T00:00:00", "type": "nessus", "title": "Mandrake Linux Security Advisory : openssl (MDKSA-2006:172-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2006-2937", "CVE-2006-2940", "CVE-2006-3738", "CVE-2006-4343", "CVE-2007-5135"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:mandriva:linux:lib64openssl0.9.7", "p-cpe:/a:mandriva:linux:lib64openssl0.9.7-devel", "p-cpe:/a:mandriva:linux:lib64openssl0.9.7-static-devel", "p-cpe:/a:mandriva:linux:lib64openssl0.9.8", "p-cpe:/a:mandriva:linux:lib64openssl0.9.8-devel", "p-cpe:/a:mandriva:linux:lib64openssl0.9.8-static-devel", "p-cpe:/a:mandriva:linux:libopenssl0.9.7", "p-cpe:/a:mandriva:linux:libopenssl0.9.7-devel", "p-cpe:/a:mandriva:linux:libopenssl0.9.7-static-devel", "p-cpe:/a:mandriva:linux:libopenssl0.9.8", "p-cpe:/a:mandriva:linux:libopenssl0.9.8-devel", "p-cpe:/a:mandriva:linux:libopenssl0.9.8-static-devel", "p-cpe:/a:mandriva:linux:openssl", "cpe:/o:mandriva:linux:2006", "cpe:/o:mandriva:linux:2007"], "id": "MANDRAKE_MDKSA-2006-172.NASL", "href": "https://www.tenable.com/plugins/nessus/24558", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandrake Linux Security Advisory MDKSA-2006:172. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(24558);\n script_version(\"1.17\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2006-2937\", \"CVE-2006-2940\", \"CVE-2006-3738\", \"CVE-2006-4343\", \"CVE-2007-5135\");\n script_xref(name:\"MDKSA\", value:\"2006:172-1\");\n\n script_name(english:\"Mandrake Linux Security Advisory : openssl (MDKSA-2006:172-1)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandrake Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Dr S N Henson of the OpenSSL core team and Open Network Security\nrecently developed an ASN1 test suite for NISCC (www.niscc.gov.uk).\nWhen the test suite was run against OpenSSL two denial of service\nvulnerabilities were discovered.\n\nDuring the parsing of certain invalid ASN1 structures an error\ncondition is mishandled. This can result in an infinite loop which\nconsumes system memory. (CVE-2006-2937)\n\nCertain types of public key can take disproportionate amounts of time\nto process. This could be used by an attacker in a denial of service\nattack. (CVE-2006-2940)\n\nTavis Ormandy and Will Drewry of the Google Security Team discovered a\nbuffer overflow in the SSL_get_shared_ciphers utility function, used\nby some applications such as exim and mysql. An attacker could send a\nlist of ciphers that would overrun a buffer. (CVE-2006-3738)\n\nTavis Ormandy and Will Drewry of the Google Security Team discovered a\npossible DoS in the sslv2 client code. Where a client application uses\nOpenSSL to make a SSLv2 connection to a malicious server that server\ncould cause the client to crash. (CVE-2006-4343)\n\nUpdated packages are patched to address these issues.\n\nUpdate :\n\nThere was an error in the original published patches for\nCVE-2006-2940. New packages have corrected this issue.\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_cwe_id(119, 189, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64openssl0.9.7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64openssl0.9.7-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64openssl0.9.7-static-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64openssl0.9.8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64openssl0.9.8-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64openssl0.9.8-static-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libopenssl0.9.7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libopenssl0.9.7-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libopenssl0.9.7-static-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libopenssl0.9.8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libopenssl0.9.8-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libopenssl0.9.8-static-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2006\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2007\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2006/10/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/02/18\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK2006.0\", cpu:\"x86_64\", reference:\"lib64openssl0.9.7-0.9.7g-2.5.20060mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK2006.0\", cpu:\"x86_64\", reference:\"lib64openssl0.9.7-devel-0.9.7g-2.5.20060mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK2006.0\", cpu:\"x86_64\", reference:\"lib64openssl0.9.7-static-devel-0.9.7g-2.5.20060mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK2006.0\", cpu:\"i386\", reference:\"libopenssl0.9.7-0.9.7g-2.5.20060mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK2006.0\", cpu:\"i386\", reference:\"libopenssl0.9.7-devel-0.9.7g-2.5.20060mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK2006.0\", cpu:\"i386\", reference:\"libopenssl0.9.7-static-devel-0.9.7g-2.5.20060mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK2006.0\", reference:\"openssl-0.9.7g-2.5.20060mdk\", yank:\"mdk\")) flag++;\n\nif (rpm_check(release:\"MDK2007.0\", cpu:\"x86_64\", reference:\"lib64openssl0.9.8-0.9.8b-2.2mdv2007.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.0\", cpu:\"x86_64\", reference:\"lib64openssl0.9.8-devel-0.9.8b-2.2mdv2007.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.0\", cpu:\"x86_64\", reference:\"lib64openssl0.9.8-static-devel-0.9.8b-2.2mdv2007.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.0\", cpu:\"i386\", reference:\"libopenssl0.9.8-0.9.8b-2.2mdv2007.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.0\", cpu:\"i386\", reference:\"libopenssl0.9.8-devel-0.9.8b-2.2mdv2007.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.0\", cpu:\"i386\", reference:\"libopenssl0.9.8-static-devel-0.9.8b-2.2mdv2007.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.0\", reference:\"openssl-0.9.8b-2.2mdv2007.0\", yank:\"mdv\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-18T15:29:48", "description": "Dr. Henson of the OpenSSL core team and Open Network Security discovered a mishandled error condition in the ASN.1 parser. By sending specially crafted packet data, a remote attacker could exploit this to trigger an infinite loop, which would render the service unusable and consume all available system memory. (CVE-2006-2937)\n\nCertain types of public key could take disproportionate amounts of time to process. The library now limits the maximum key exponent size to avoid Denial of Service attacks. (CVE-2006-2940)\n\nTavis Ormandy and Will Drewry of the Google Security Team discovered a buffer overflow in the SSL_get_shared_ciphers() function. By sending specially crafted packets to applications that use this function (like Exim, MySQL, or the openssl command line tool), a remote attacker could exploit this to execute arbitrary code with the server's privileges. (CVE-2006-3738)\n\nTavis Ormandy and Will Drewry of the Google Security Team reported that the get_server_hello() function did not sufficiently check the client's session certificate. This could be exploited to crash clients by remote attackers sending specially crafted SSL responses.\n(CVE-2006-4343).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2007-11-10T00:00:00", "type": "nessus", "title": "Ubuntu 5.04 / 5.10 / 6.06 LTS : openssl vulnerabilities (USN-353-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2006-2937", "CVE-2006-2940", "CVE-2006-3738", "CVE-2006-4343", "CVE-2007-5135"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:libssl-dev", "p-cpe:/a:canonical:ubuntu_linux:libssl0.9.7", "p-cpe:/a:canonical:ubuntu_linux:libssl0.9.8", "p-cpe:/a:canonical:ubuntu_linux:libssl0.9.8-dbg", "p-cpe:/a:canonical:ubuntu_linux:openssl", "cpe:/o:canonical:ubuntu_linux:5.04", "cpe:/o:canonical:ubuntu_linux:5.10", "cpe:/o:canonical:ubuntu_linux:6.06:-:lts"], "id": "UBUNTU_USN-353-1.NASL", "href": "https://www.tenable.com/plugins/nessus/27933", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-353-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(27933);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2006-2937\", \"CVE-2006-2940\", \"CVE-2006-3738\", \"CVE-2006-4343\", \"CVE-2007-5135\");\n script_xref(name:\"USN\", value:\"353-1\");\n\n script_name(english:\"Ubuntu 5.04 / 5.10 / 6.06 LTS : openssl vulnerabilities (USN-353-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Dr. Henson of the OpenSSL core team and Open Network Security\ndiscovered a mishandled error condition in the ASN.1 parser. By\nsending specially crafted packet data, a remote attacker could exploit\nthis to trigger an infinite loop, which would render the service\nunusable and consume all available system memory. (CVE-2006-2937)\n\nCertain types of public key could take disproportionate amounts of\ntime to process. The library now limits the maximum key exponent size\nto avoid Denial of Service attacks. (CVE-2006-2940)\n\nTavis Ormandy and Will Drewry of the Google Security Team discovered a\nbuffer overflow in the SSL_get_shared_ciphers() function. By sending\nspecially crafted packets to applications that use this function (like\nExim, MySQL, or the openssl command line tool), a remote attacker\ncould exploit this to execute arbitrary code with the server's\nprivileges. (CVE-2006-3738)\n\nTavis Ormandy and Will Drewry of the Google Security Team reported\nthat the get_server_hello() function did not sufficiently check the\nclient's session certificate. This could be exploited to crash clients\nby remote attackers sending specially crafted SSL responses.\n(CVE-2006-4343).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/353-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_cwe_id(119, 189, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libssl-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libssl0.9.7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libssl0.9.8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libssl0.9.8-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:5.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:5.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:6.06:-:lts\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2006/09/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/11/10\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2007-2019 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! ereg(pattern:\"^(5\\.04|5\\.10|6\\.06)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 5.04 / 5.10 / 6.06\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"5.04\", pkgname:\"libssl-dev\", pkgver:\"0.9.7e-3ubuntu0.4\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"libssl0.9.7\", pkgver:\"0.9.7e-3ubuntu0.4\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"openssl\", pkgver:\"0.9.7e-3ubuntu0.4\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"libssl-dev\", pkgver:\"0.9.7g-1ubuntu1.3\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"libssl0.9.7\", pkgver:\"0.9.7g-1ubuntu1.3\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"openssl\", pkgver:\"0.9.7g-1ubuntu1.3\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"libssl-dev\", pkgver:\"0.9.8a-7ubuntu0.2\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"libssl0.9.8\", pkgver:\"0.9.8a-7ubuntu0.2\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"libssl0.9.8-dbg\", pkgver:\"0.9.8a-7ubuntu0.2\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"openssl\", pkgver:\"0.9.8a-7ubuntu0.2\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libssl-dev / libssl0.9.7 / libssl0.9.8 / libssl0.9.8-dbg / openssl\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-18T15:28:30", "description": "F5 Product Development has determined that the BIG-IP and Enterprise Manager products use a vulnerable version of OpenSSL; however, the vulnerable code is not used in either TMM or in Apache on the BIG-IP system. The vulnerability is considered to be a local vulnerability and cannot be exploited remotely.", "cvss3": {}, "published": "2015-09-18T00:00:00", "type": "nessus", "title": "F5 Networks BIG-IP : OpenSSL SSL_get_shared_ciphers vulnerability (SOL8106)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2006-2937", "CVE-2006-2940", "CVE-2006-3738", "CVE-2006-4343", "CVE-2007-5135"], "modified": "2021-01-11T00:00:00", "cpe": ["cpe:/a:f5:big-ip_application_security_manager", "cpe:/a:f5:big-ip_global_traffic_manager", "cpe:/a:f5:big-ip_link_controller", "cpe:/a:f5:big-ip_local_traffic_manager", "cpe:/a:f5:big-ip_webaccelerator", "cpe:/h:f5:big-ip"], "id": "F5_BIGIP_SOL8106.NASL", "href": "https://www.tenable.com/plugins/nessus/86017", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from F5 Networks BIG-IP Solution SOL8106.\n#\n# The text description of this plugin is (C) F5 Networks.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(86017);\n script_version(\"2.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2006-2937\", \"CVE-2006-2940\", \"CVE-2006-3738\", \"CVE-2006-4343\", \"CVE-2007-5135\");\n script_bugtraq_id(25831);\n\n script_name(english:\"F5 Networks BIG-IP : OpenSSL SSL_get_shared_ciphers vulnerability (SOL8106)\");\n script_summary(english:\"Checks the BIG-IP version.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote device is missing a vendor-supplied security patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"F5 Product Development has determined that the BIG-IP and Enterprise\nManager products use a vulnerable version of OpenSSL; however, the\nvulnerable code is not used in either TMM or in Apache on the BIG-IP\nsystem. The vulnerability is considered to be a local vulnerability\nand cannot be exploited remotely.\"\n );\n # http://www.openssl.org/news/secadv/20071012.txt\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.openssl.org/news/secadv/20071012.txt\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://support.f5.com/csp/article/K8106\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade to one of the non-vulnerable versions listed in the F5\nSolution SOL8106.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(119, 189, 399);\n\n script_set_attribute(attribute:\"potential_vulnerability\", value:\"true\");\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_application_security_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_global_traffic_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_link_controller\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_local_traffic_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_webaccelerator\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/h:f5:big-ip\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/11/15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/09/18\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"F5 Networks Local Security Checks\");\n\n script_dependencies(\"f5_bigip_detect.nbin\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/BIG-IP/hotfix\", \"Host/BIG-IP/modules\", \"Host/BIG-IP/version\", \"Settings/ParanoidReport\");\n\n exit(0);\n}\n\n\ninclude(\"f5_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nversion = get_kb_item(\"Host/BIG-IP/version\");\nif ( ! version ) audit(AUDIT_OS_NOT, \"F5 Networks BIG-IP\");\nif ( isnull(get_kb_item(\"Host/BIG-IP/hotfix\")) ) audit(AUDIT_KB_MISSING, \"Host/BIG-IP/hotfix\");\nif ( ! get_kb_item(\"Host/BIG-IP/modules\") ) audit(AUDIT_KB_MISSING, \"Host/BIG-IP/modules\");\n\nsol = \"SOL8106\";\nvmatrix = make_array();\n\nif (report_paranoia < 2) audit(AUDIT_PARANOID);\n\n# ASM\nvmatrix[\"ASM\"] = make_array();\nvmatrix[\"ASM\"][\"affected\" ] = make_list(\"9.3.0\",\"9.4.2-9.4.4\");\nvmatrix[\"ASM\"][\"unaffected\"] = make_list(\"9.2\",\"9.3.1\",\"9.4.5-9.4.8\",\"10\",\"11\",\"9.2\",\"9.4.0-9.4.1\");\n\n# GTM\nvmatrix[\"GTM\"] = make_array();\nvmatrix[\"GTM\"][\"affected\" ] = make_list(\"9.3.0\",\"9.4.2-9.4.4\");\nvmatrix[\"GTM\"][\"unaffected\"] = make_list(\"9.2\",\"9.3.1\",\"9.4.5-9.4.8\",\"10\",\"11\",\"9.2\",\"9.4.0-9.4.1\");\n\n# LC\nvmatrix[\"LC\"] = make_array();\nvmatrix[\"LC\"][\"affected\" ] = make_list(\"9.3.0\",\"9.4.2-9.4.4\");\nvmatrix[\"LC\"][\"unaffected\"] = make_list(\"9.2\",\"9.3.1\",\"9.4.5-9.4.8\",\"10\",\"11\",\"9.2\",\"9.4.0-9.4.1\");\n\n# LTM\nvmatrix[\"LTM\"] = make_array();\nvmatrix[\"LTM\"][\"affected\" ] = make_list(\"9.1.3\",\"9.3.0\",\"9.4.2-9.4.4\");\nvmatrix[\"LTM\"][\"unaffected\"] = make_list(\"9.0.0-9.1.3\",\"9.2\",\"9.3.1\",\"9.4.5-9.4.8\",\"9.6\",\"10\",\"11\",\"9.0.0-9.1.2\",\"9.2\",\"9.4.0-9.4.1\");\n\n# WAM\nvmatrix[\"WAM\"] = make_array();\nvmatrix[\"WAM\"][\"affected\" ] = make_list(\"9.4.2-9.4.4\");\nvmatrix[\"WAM\"][\"unaffected\"] = make_list(\"9.4.5-9.4.8\",\"10\",\"11\",\"9.4.0-9.4.1\");\n\n\nif (bigip_is_affected(vmatrix:vmatrix, sol:sol))\n{\n if (report_verbosity > 0) security_hole(port:0, extra:bigip_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = bigip_get_tested_modules();\n audit_extra = \"For BIG-IP module(s) \" + tested + \",\";\n if (tested) audit(AUDIT_INST_VER_NOT_VULN, audit_extra, version);\n else audit(AUDIT_HOST_NOT, \"running any of the affected modules\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-18T15:28:28", "description": "An off-by-one error has been identified in the SSL_get_shared_ciphers() routine in the libssl library from OpenSSL, an implementation of Secure Socket Layer cryptographic libraries and utilities. This error could allow an attacker to crash an application making use of OpenSSL's libssl library, or potentially execute arbitrary code in the security context of the user running such an application.", "cvss3": {}, "published": "2007-10-03T00:00:00", "type": "nessus", "title": "Debian DSA-1379-1 : openssl - off-by-one error/buffer overflow", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2006-2937", "CVE-2006-2940", "CVE-2006-3738", "CVE-2006-4343", "CVE-2007-5135"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:openssl", "cpe:/o:debian:debian_linux:3.1", "cpe:/o:debian:debian_linux:4.0"], "id": "DEBIAN_DSA-1379.NASL", "href": "https://www.tenable.com/plugins/nessus/26209", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-1379. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(26209);\n script_version(\"1.25\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2006-2937\", \"CVE-2006-2940\", \"CVE-2006-3738\", \"CVE-2006-4343\", \"CVE-2007-5135\");\n script_xref(name:\"DSA\", value:\"1379\");\n\n script_name(english:\"Debian DSA-1379-1 : openssl - off-by-one error/buffer overflow\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An off-by-one error has been identified in the\nSSL_get_shared_ciphers() routine in the libssl library from OpenSSL,\nan implementation of Secure Socket Layer cryptographic libraries and\nutilities. This error could allow an attacker to crash an application\nmaking use of OpenSSL's libssl library, or potentially execute\narbitrary code in the security context of the user running such an\napplication.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=444435\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2007/dsa-1379\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the openssl packages.\n\nFor the old stable distribution (sarge), this problem has been fixed\nin version 0.9.7e-3sarge5.\n\nFor the stable distribution (etch), this problem has been fixed in\nversion 0.9.8c-4etch1.\n\nFor the unstable and testing distributions (sid and lenny,\nrespectively), this problem has been fixed in version 0.9.8e-9.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_cwe_id(119, 189, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:3.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:4.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/10/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/10/03\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"3.1\", prefix:\"libssl-dev\", reference:\"0.9.7e-3sarge5\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"libssl0.9.7\", reference:\"0.9.7e-3sarge5\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"openssl\", reference:\"0.9.7e-3sarge5\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"libssl-dev\", reference:\"0.9.8c-4etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"libssl0.9.8\", reference:\"0.9.8c-4etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"libssl0.9.8-dbg\", reference:\"0.9.8c-4etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"openssl\", reference:\"0.9.8c-4etch1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-03-04T16:21:27", "description": "There is an overflow bug in the AVX2 Montgomery multiplication procedure used in exponentiation with 1024-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH1024 are considered just feasible, because most of the work necessary to deduce information about a private key may be performed offline. The amount of resources required for such an attack would be significant.\nHowever, for an attack on TLS to be meaningful, the server would have to share the DH1024 private key among multiple clients, which is no longer an option since CVE-2016-0701 . This only affects processors that support the AVX2 but not ADX extensions like Intel Haswell (4th generation). Note: The impact from this issue is similar to CVE-2017-3736 , CVE-2017-3732 and CVE-2015-3193 . OpenSSL version 1.0.2-1.0.2m and 1.1.0-1.1.0g are affected. Fixed in OpenSSL 1.0.2n.\nDue to the low severity of this issue we are not issuing a new release of OpenSSL 1.1.0 at this time. The fix will be included in OpenSSL 1.1.0h when it becomes available. The fix is also available in commit e502cc86d in the OpenSSL git repository.(CVE-2017-3738)\n\nOpenSSL 1.0.2 (starting from version 1.0.2b) introduced an 'error state' mechanism. The intent was that if a fatal error occurred during a handshake then OpenSSL would move into the error state and would immediately fail if you attempted to continue the handshake. This works as designed for the explicit handshake functions (SSL_do_handshake(), SSL_accept() and SSL_connect()), however due to a bug it does not work correctly if SSL_read() or SSL_write() is called directly. In that scenario, if the handshake fails then a fatal error will be returned in the initial function call. If SSL_read()/SSL_write() is subsequently called by the application for the same SSL object then it will succeed and the data is passed without being decrypted/encrypted directly from the SSL/TLS record layer. In order to exploit this issue an application bug would have to be present that resulted in a call to SSL_read()/SSL_write() being issued after having already received a fatal error. OpenSSL version 1.0.2b-1.0.2m are affected. Fixed in OpenSSL 1.0.2n. OpenSSL 1.1.0 is not affected.(CVE-2017-3737)\n\nThere is a carry propagating bug in the x86_64 Montgomery squaring procedure in OpenSSL before 1.0.2m and 1.1.0 before 1.1.0g. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH are considered just feasible (although very difficult) because most of the work necessary to deduce information about a private key may be performed offline.\nThe amount of resources required for such an attack would be very significant and likely only accessible to a limited number of attackers. An attacker would additionally need online access to an unpatched system using the target private key in a scenario with persistent DH parameters and a private key that is shared between multiple clients. This only affects processors that support the BMI1, BMI2 and ADX extensions like Intel Broadwell (5th generation) and later or AMD Ryzen.(CVE-2017-3736)", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 6.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2018-05-11T00:00:00", "type": "nessus", "title": "Amazon Linux AMI : openssl (ALAS-2018-1016)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-3193", "CVE-2016-0701", "CVE-2017-3732", "CVE-2017-3736", "CVE-2017-3737", "CVE-2017-3738"], "modified": "2019-07-10T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:openssl", "p-cpe:/a:amazon:linux:openssl-debuginfo", "p-cpe:/a:amazon:linux:openssl-devel", "p-cpe:/a:amazon:linux:openssl-perl", "p-cpe:/a:amazon:linux:openssl-static", "cpe:/o:amazon:linux"], "id": "ALA_ALAS-2018-1016.NASL", "href": "https://www.tenable.com/plugins/nessus/109698", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2018-1016.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(109698);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2019/07/10 16:04:12\");\n\n script_cve_id(\"CVE-2017-3736\", \"CVE-2017-3737\", \"CVE-2017-3738\");\n script_xref(name:\"ALAS\", value:\"2018-1016\");\n\n script_name(english:\"Amazon Linux AMI : openssl (ALAS-2018-1016)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux AMI host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"There is an overflow bug in the AVX2 Montgomery multiplication\nprocedure used in exponentiation with 1024-bit moduli. No EC\nalgorithms are affected. Analysis suggests that attacks against RSA\nand DSA as a result of this defect would be very difficult to perform\nand are not believed likely. Attacks against DH1024 are considered\njust feasible, because most of the work necessary to deduce\ninformation about a private key may be performed offline. The amount\nof resources required for such an attack would be significant.\nHowever, for an attack on TLS to be meaningful, the server would have\nto share the DH1024 private key among multiple clients, which is no\nlonger an option since CVE-2016-0701 . This only affects processors\nthat support the AVX2 but not ADX extensions like Intel Haswell (4th\ngeneration). Note: The impact from this issue is similar to\nCVE-2017-3736 , CVE-2017-3732 and CVE-2015-3193 . OpenSSL version\n1.0.2-1.0.2m and 1.1.0-1.1.0g are affected. Fixed in OpenSSL 1.0.2n.\nDue to the low severity of this issue we are not issuing a new release\nof OpenSSL 1.1.0 at this time. The fix will be included in OpenSSL\n1.1.0h when it becomes available. The fix is also available in commit\ne502cc86d in the OpenSSL git repository.(CVE-2017-3738)\n\nOpenSSL 1.0.2 (starting from version 1.0.2b) introduced an 'error\nstate' mechanism. The intent was that if a fatal error occurred during\na handshake then OpenSSL would move into the error state and would\nimmediately fail if you attempted to continue the handshake. This\nworks as designed for the explicit handshake functions\n(SSL_do_handshake(), SSL_accept() and SSL_connect()), however due to a\nbug it does not work correctly if SSL_read() or SSL_write() is called\ndirectly. In that scenario, if the handshake fails then a fatal error\nwill be returned in the initial function call. If\nSSL_read()/SSL_write() is subsequently called by the application for\nthe same SSL object then it will succeed and the data is passed\nwithout being decrypted/encrypted directly from the SSL/TLS record\nlayer. In order to exploit this issue an application bug would have to\nbe present that resulted in a call to SSL_read()/SSL_write() being\nissued after having already received a fatal error. OpenSSL version\n1.0.2b-1.0.2m are affected. Fixed in OpenSSL 1.0.2n. OpenSSL 1.1.0 is\nnot affected.(CVE-2017-3737)\n\nThere is a carry propagating bug in the x86_64 Montgomery squaring\nprocedure in OpenSSL before 1.0.2m and 1.1.0 before 1.1.0g. No EC\nalgorithms are affected. Analysis suggests that attacks against RSA\nand DSA as a result of this defect would be very difficult to perform\nand are not believed likely. Attacks against DH are considered just\nfeasible (although very difficult) because most of the work necessary\nto deduce information about a private key may be performed offline.\nThe amount of resources required for such an attack would be very\nsignificant and likely only accessible to a limited number of\nattackers. An attacker would additionally need online access to an\nunpatched system using the target private key in a scenario with\npersistent DH parameters and a private key that is shared between\nmultiple clients. This only affects processors that support the BMI1,\nBMI2 and ADX extensions like Intel Broadwell (5th generation) and\nlater or AMD Ryzen.(CVE-2017-3736)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/ALAS-2018-1016.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Run 'yum update openssl' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:openssl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:openssl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:openssl-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:openssl-static\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/11/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/05/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/05/11\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", reference:\"openssl-1.0.2k-12.109.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"openssl-debuginfo-1.0.2k-12.109.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"openssl-devel-1.0.2k-12.109.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"openssl-perl-1.0.2k-12.109.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"openssl-static-1.0.2k-12.109.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssl / openssl-debuginfo / openssl-devel / openssl-perl / etc\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-03-04T15:58:29", "description": "This update for openssl fixes the following issues :\n\n - OpenSSL Security Advisory [07 Dec 2017]\n\n - CVE-2017-3737: OpenSSL 1.0.2 (starting from version 1.0.2b) introduced an \\'error state\\' mechanism. The intent was that if a fatal error occurred during a handshake then OpenSSL would move into the error state and would immediately fail if you attempted to continue the handshake. This works as designed for the explicit handshake functions (SSL_do_handshake(), SSL_accept() and SSL_connect()), however due to a bug it does not work correctly if SSL_read() or SSL_write() is called directly. In that scenario, if the handshake fails then a fatal error will be returned in the initial function call. If SSL_read()/SSL_write() is subsequently called by the application for the same SSL object then it will succeed and the data is passed without being decrypted/encrypted directly from the SSL/TLS record layer. In order to exploit this issue an application bug would have to be present that resulted in a call to SSL_read()/SSL_write() being issued after having already received a fatal error. OpenSSL version 1.0.2b-1.0.2m are affected. Fixed in OpenSSL 1.0.2n. OpenSSL 1.1.0 is not affected. (bsc#1071905)\n\n - CVE-2017-3738: There is an overflow bug in the AVX2 Montgomery multiplication procedure used in exponentiation with 1024-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely.\n Attacks against DH1024 are considered just feasible, because most of the work necessary to deduce information about a private key may be performed offline. The amount of resources required for such an attack would be significant. However, for an attack on TLS to be meaningful, the server would have to share the DH1024 private key among multiple clients, which is no longer an option since CVE-2016-0701. This only affects processors that support the AVX2 but not ADX extensions like Intel Haswell (4th generation). Note: The impact from this issue is similar to CVE-2017-3736, CVE-2017-3732 and CVE-2015-3193. (bsc#1071906)\n\nThis update was imported from the SUSE:SLE-12-SP2:Update update project.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2017-12-18T00:00:00", "type": "nessus", "title": "openSUSE Security Update : openssl (openSUSE-2017-1381)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-3193", "CVE-2016-0701", "CVE-2017-3732", "CVE-2017-3736", "CVE-2017-3737", "CVE-2017-3738"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:libopenssl-devel", "p-cpe:/a:novell:opensuse:libopenssl-devel-32bit", "p-cpe:/a:novell:opensuse:libopenssl1_0_0", "p-cpe:/a:novell:opensuse:libopenssl1_0_0-32bit", "p-cpe:/a:novell:opensuse:libopenssl1_0_0-debuginfo", "p-cpe:/a:novell:opensuse:libopenssl1_0_0-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libopenssl1_0_0-hmac", "p-cpe:/a:novell:opensuse:libopenssl1_0_0-hmac-32bit", "p-cpe:/a:novell:opensuse:openssl", "p-cpe:/a:novell:opensuse:openssl-cavs", "p-cpe:/a:novell:opensuse:openssl-cavs-debuginfo", "p-cpe:/a:novell:opensuse:openssl-debuginfo", "p-cpe:/a:novell:opensuse:openssl-debugsource", "cpe:/o:novell:opensuse:42.2", "cpe:/o:novell:opensuse:42.3"], "id": "OPENSUSE-2017-1381.NASL", "href": "https://www.tenable.com/plugins/nessus/105341", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2017-1381.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(105341);\n script_version(\"3.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2015-3193\", \"CVE-2016-0701\", \"CVE-2017-3732\", \"CVE-2017-3736\", \"CVE-2017-3737\", \"CVE-2017-3738\");\n\n script_name(english:\"openSUSE Security Update : openssl (openSUSE-2017-1381)\");\n script_summary(english:\"Check for the openSUSE-2017-1381 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for openssl fixes the following issues :\n\n - OpenSSL Security Advisory [07 Dec 2017]\n\n - CVE-2017-3737: OpenSSL 1.0.2 (starting from version\n 1.0.2b) introduced an \\'error state\\' mechanism. The\n intent was that if a fatal error occurred during a\n handshake then OpenSSL would move into the error state\n and would immediately fail if you attempted to continue\n the handshake. This works as designed for the explicit\n handshake functions (SSL_do_handshake(), SSL_accept()\n and SSL_connect()), however due to a bug it does not\n work correctly if SSL_read() or SSL_write() is called\n directly. In that scenario, if the handshake fails then\n a fatal error will be returned in the initial function\n call. If SSL_read()/SSL_write() is subsequently called\n by the application for the same SSL object then it will\n succeed and the data is passed without being\n decrypted/encrypted directly from the SSL/TLS record\n layer. In order to exploit this issue an application bug\n would have to be present that resulted in a call to\n SSL_read()/SSL_write() being issued after having already\n received a fatal error. OpenSSL version 1.0.2b-1.0.2m\n are affected. Fixed in OpenSSL 1.0.2n. OpenSSL 1.1.0 is\n not affected. (bsc#1071905)\n\n - CVE-2017-3738: There is an overflow bug in the AVX2\n Montgomery multiplication procedure used in\n exponentiation with 1024-bit moduli. No EC algorithms\n are affected. Analysis suggests that attacks against RSA\n and DSA as a result of this defect would be very\n difficult to perform and are not believed likely.\n Attacks against DH1024 are considered just feasible,\n because most of the work necessary to deduce information\n about a private key may be performed offline. The amount\n of resources required for such an attack would be\n significant. However, for an attack on TLS to be\n meaningful, the server would have to share the DH1024\n private key among multiple clients, which is no longer\n an option since CVE-2016-0701. This only affects\n processors that support the AVX2 but not ADX extensions\n like Intel Haswell (4th generation). Note: The impact\n from this issue is similar to CVE-2017-3736,\n CVE-2017-3732 and CVE-2015-3193. (bsc#1071906)\n\nThis update was imported from the SUSE:SLE-12-SP2:Update update\nproject.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1071905\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1071906\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected openssl packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libopenssl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libopenssl-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libopenssl1_0_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libopenssl1_0_0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libopenssl1_0_0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libopenssl1_0_0-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libopenssl1_0_0-hmac\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libopenssl1_0_0-hmac-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:openssl-cavs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:openssl-cavs-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:openssl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:openssl-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/12/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/12/18\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE42\\.2|SUSE42\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"42.2 / 42.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE42.2\", reference:\"libopenssl-devel-1.0.2j-6.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"libopenssl1_0_0-1.0.2j-6.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"libopenssl1_0_0-debuginfo-1.0.2j-6.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"libopenssl1_0_0-hmac-1.0.2j-6.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"openssl-1.0.2j-6.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"openssl-cavs-1.0.2j-6.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"openssl-cavs-debuginfo-1.0.2j-6.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"openssl-debuginfo-1.0.2j-6.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"openssl-debugsource-1.0.2j-6.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", cpu:\"x86_64\", reference:\"libopenssl-devel-32bit-1.0.2j-6.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", cpu:\"x86_64\", reference:\"libopenssl1_0_0-32bit-1.0.2j-6.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", cpu:\"x86_64\", reference:\"libopenssl1_0_0-debuginfo-32bit-1.0.2j-6.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", cpu:\"x86_64\", reference:\"libopenssl1_0_0-hmac-32bit-1.0.2j-6.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libopenssl-devel-1.0.2j-16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libopenssl1_0_0-1.0.2j-16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libopenssl1_0_0-debuginfo-1.0.2j-16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libopenssl1_0_0-hmac-1.0.2j-16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"openssl-1.0.2j-16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"openssl-cavs-1.0.2j-16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"openssl-cavs-debuginfo-1.0.2j-16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"openssl-debuginfo-1.0.2j-16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"openssl-debugsource-1.0.2j-16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"libopenssl-devel-32bit-1.0.2j-16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"libopenssl1_0_0-32bit-1.0.2j-16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"libopenssl1_0_0-debuginfo-32bit-1.0.2j-16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"libopenssl1_0_0-hmac-32bit-1.0.2j-16.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libopenssl-devel / libopenssl-devel-32bit / libopenssl1_0_0 / etc\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-03-04T15:58:38", "description": "This update for openssl fixes the following issues :\n\n - OpenSSL Security Advisory [07 Dec 2017]\n\n - CVE-2017-3737: OpenSSL 1.0.2 (starting from version 1.0.2b) introduced an \\'error state\\' mechanism. The intent was that if a fatal error occurred during a handshake then OpenSSL would move into the error state and would immediately fail if you attempted to continue the handshake. This works as designed for the explicit handshake functions (SSL_do_handshake(), SSL_accept() and SSL_connect()), however due to a bug it does not work correctly if SSL_read() or SSL_write() is called directly. In that scenario, if the handshake fails then a fatal error will be returned in the initial function call. If SSL_read()/SSL_write() is subsequently called by the application for the same SSL object then it will succeed and the data is passed without being decrypted/encrypted directly from the SSL/TLS record layer. In order to exploit this issue an application bug would have to be present that resulted in a call to SSL_read()/SSL_write() being issued after having already received a fatal error. OpenSSL version 1.0.2b-1.0.2m are affected. Fixed in OpenSSL 1.0.2n. OpenSSL 1.1.0 is not affected. (bsc#1071905)\n\n - CVE-2017-3738: There is an overflow bug in the AVX2 Montgomery multiplication procedure used in exponentiation with 1024-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely.\n Attacks against DH1024 are considered just feasible, because most of the work necessary to deduce information about a private key may be performed offline. The amount of resources required for such an attack would be significant. However, for an attack on TLS to be meaningful, the server would have to share the DH1024 private key among multiple clients, which is no longer an option since CVE-2016-0701. This only affects processors that support the AVX2 but not ADX extensions like Intel Haswell (4th generation). Note: The impact from this issue is similar to CVE-2017-3736, CVE-2017-3732 and CVE-2015-3193. (bsc#1071906)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2017-12-18T00:00:00", "type": "nessus", "title": "SUSE SLED12 / SLES12 Security Update : openssl (SUSE-SU-2017:3343-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-3193", "CVE-2016-0701", "CVE-2017-3732", "CVE-2017-3736", "CVE-2017-3737", "CVE-2017-3738"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:libopenssl-devel", "p-cpe:/a:novell:suse_linux:libopenssl1_0_0", "p-cpe:/a:novell:suse_linux:libopenssl1_0_0-debuginfo", "p-cpe:/a:novell:suse_linux:libopenssl1_0_0-hmac", "p-cpe:/a:novell:suse_linux:openssl", "p-cpe:/a:novell:suse_linux:openssl-debuginfo", "p-cpe:/a:novell:suse_linux:openssl-debugsource", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2017-3343-1.NASL", "href": "https://www.tenable.com/plugins/nessus/105353", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2017:3343-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(105353);\n script_version(\"3.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2015-3193\", \"CVE-2016-0701\", \"CVE-2017-3732\", \"CVE-2017-3736\", \"CVE-2017-3737\", \"CVE-2017-3738\");\n\n script_name(english:\"SUSE SLED12 / SLES12 Security Update : openssl (SUSE-SU-2017:3343-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for openssl fixes the following issues :\n\n - OpenSSL Security Advisory [07 Dec 2017]\n\n - CVE-2017-3737: OpenSSL 1.0.2 (starting from version\n 1.0.2b) introduced an \\'error state\\' mechanism. The\n intent was that if a fatal error occurred during a\n handshake then OpenSSL would move into the error state\n and would immediately fail if you attempted to continue\n the handshake. This works as designed for the explicit\n handshake functions (SSL_do_handshake(), SSL_accept()\n and SSL_connect()), however due to a bug it does not\n work correctly if SSL_read() or SSL_write() is called\n directly. In that scenario, if the handshake fails then\n a fatal error will be returned in the initial function\n call. If SSL_read()/SSL_write() is subsequently called\n by the application for the same SSL object then it will\n succeed and the data is passed without being\n decrypted/encrypted directly from the SSL/TLS record\n layer. In order to exploit this issue an application bug\n would have to be present that resulted in a call to\n SSL_read()/SSL_write() being issued after having already\n received a fatal error. OpenSSL version 1.0.2b-1.0.2m\n are affected. Fixed in OpenSSL 1.0.2n. OpenSSL 1.1.0 is\n not affected. (bsc#1071905)\n\n - CVE-2017-3738: There is an overflow bug in the AVX2\n Montgomery multiplication procedure used in\n exponentiation with 1024-bit moduli. No EC algorithms\n are affected. Analysis suggests that attacks against RSA\n and DSA as a result of this defect would be very\n difficult to perform and are not believed likely.\n Attacks against DH1024 are considered just feasible,\n because most of the work necessary to deduce information\n about a private key may be performed offline. The amount\n of resources required for such an attack would be\n significant. However, for an attack on TLS to be\n meaningful, the server would have to share the DH1024\n private key among multiple clients, which is no longer\n an option since CVE-2016-0701. This only affects\n processors that support the AVX2 but not ADX extensions\n like Intel Haswell (4th generation). Note: The impact\n from this issue is similar to CVE-2017-3736,\n CVE-2017-3732 and CVE-2015-3193. (bsc#1071906)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1071905\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1071906\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-3737/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-3738/\"\n );\n # https://www.suse.com/support/update/announcement/2017/suse-su-20173343-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?6ecfb0bf\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Software Development Kit 12-SP3:zypper in -t\npatch SUSE-SLE-SDK-12-SP3-2017-2097=1\n\nSUSE Linux Enterprise Software Development Kit 12-SP2:zypper in -t\npatch SUSE-SLE-SDK-12-SP2-2017-2097=1\n\nSUSE Linux Enterprise Server for Raspberry Pi 12-SP2:zypper in -t\npatch SUSE-SLE-RPI-12-SP2-2017-2097=1\n\nSUSE Linux Enterprise Server 12-SP3:zypper in -t patch\nSUSE-SLE-SERVER-12-SP3-2017-2097=1\n\nSUSE Linux Enterprise Server 12-SP2:zypper in -t patch\nSUSE-SLE-SERVER-12-SP2-2017-2097=1\n\nSUSE Linux Enterprise Desktop 12-SP3:zypper in -t patch\nSUSE-SLE-DESKTOP-12-SP3-2017-2097=1\n\nSUSE Linux Enterprise Desktop 12-SP2:zypper in -t patch\nSUSE-SLE-DESKTOP-12-SP2-2017-2097=1\n\nSUSE Container as a Service Platform ALL:zypper in -t patch\nSUSE-CAASP-ALL-2017-2097=1\n\nOpenStack Cloud Magnum Orchestration 7:zypper in -t patch\nSUSE-OpenStack-Cloud-Magnum-Orchestration-7-2017-2097=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libopenssl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libopenssl1_0_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libopenssl1_0_0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libopenssl1_0_0-hmac\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:openssl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:openssl-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/12/06\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/12/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/12/18\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED12|SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED12 / SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(2|3)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP2/3\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED12\" && (! preg(pattern:\"^(2|3)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED12 SP2/3\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libopenssl-devel-1.0.2j-60.20.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libopenssl1_0_0-1.0.2j-60.20.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libopenssl1_0_0-debuginfo-1.0.2j-60.20.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libopenssl1_0_0-hmac-1.0.2j-60.20.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"openssl-1.0.2j-60.20.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"openssl-debuginfo-1.0.2j-60.20.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"openssl-debugsource-1.0.2j-60.20.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libopenssl1_0_0-32bit-1.0.2j-60.20.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libopenssl1_0_0-debuginfo-32bit-1.0.2j-60.20.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libopenssl1_0_0-hmac-32bit-1.0.2j-60.20.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libopenssl-devel-1.0.2j-60.20.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libopenssl1_0_0-1.0.2j-60.20.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libopenssl1_0_0-debuginfo-1.0.2j-60.20.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libopenssl1_0_0-hmac-1.0.2j-60.20.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"openssl-1.0.2j-60.20.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"openssl-debuginfo-1.0.2j-60.20.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"openssl-debugsource-1.0.2j-60.20.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libopenssl1_0_0-32bit-1.0.2j-60.20.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libopenssl1_0_0-debuginfo-32bit-1.0.2j-60.20.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libopenssl1_0_0-hmac-32bit-1.0.2j-60.20.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libopenssl-devel-1.0.2j-60.20.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libopenssl1_0_0-1.0.2j-60.20.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libopenssl1_0_0-32bit-1.0.2j-60.20.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libopenssl1_0_0-debuginfo-1.0.2j-60.20.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\&