Search...

openSUSE Security Update : gnome-terminal (openSUSE-SU-2012:0933-1)

2014-06-13T00:00:00

ID OPENSUSE-2012-472.NASL
Type nessus
Reporter Tenable
Modified 2018-11-10T00:00:00

Description

Add vte-CVE-2012-2738.patch: fix potential DoS through malicious escape sequences. Fix bnc#772761, CVE-2012-2738.

                                        
                                            #
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from openSUSE Security Update openSUSE-2012-472.
#
# The text description of this plugin is (C) SUSE LLC.
#

include("compat.inc");

if (description)
{
  script_id(74697);
  script_version("1.2");
  script_cvs_date("Date: 2018/11/10 11:50:00");

  script_cve_id("CVE-2012-2738");

  script_name(english:"openSUSE Security Update : gnome-terminal (openSUSE-SU-2012:0933-1)");
  script_summary(english:"Check for the openSUSE-2012-472 patch");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote openSUSE host is missing a security update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Add vte-CVE-2012-2738.patch: fix potential DoS through malicious
escape sequences. Fix bnc#772761, CVE-2012-2738."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=772761"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://lists.opensuse.org/opensuse-updates/2012-08/msg00003.html"
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Update the affected gnome-terminal packages."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:P");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:glade3-catalog-vte");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libvte9");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libvte9-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:python-vte");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:python-vte-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:vte2-debugsource");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:vte2-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:vte2-lang");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:vte2-tools");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:vte2-tools-debuginfo");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:12.1");

  script_set_attribute(attribute:"patch_publication_date", value:"2012/07/27");
  script_set_attribute(attribute:"plugin_publication_date", value:"2014/06/13");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2014-2018 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"SuSE Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
if (release !~ "^(SUSE12\.1)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "12.1", release);
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

ourarch = get_kb_item("Host/cpu");
if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);

flag = 0;

if ( rpm_check(release:"SUSE12.1", reference:"glade3-catalog-vte-0.28.2-4.4.1") ) flag++;
if ( rpm_check(release:"SUSE12.1", reference:"libvte9-0.28.2-4.4.1") ) flag++;
if ( rpm_check(release:"SUSE12.1", reference:"libvte9-debuginfo-0.28.2-4.4.1") ) flag++;
if ( rpm_check(release:"SUSE12.1", reference:"python-vte-0.28.2-4.4.1") ) flag++;
if ( rpm_check(release:"SUSE12.1", reference:"python-vte-debuginfo-0.28.2-4.4.1") ) flag++;
if ( rpm_check(release:"SUSE12.1", reference:"vte2-debugsource-0.28.2-4.4.1") ) flag++;
if ( rpm_check(release:"SUSE12.1", reference:"vte2-devel-0.28.2-4.4.1") ) flag++;
if ( rpm_check(release:"SUSE12.1", reference:"vte2-lang-0.28.2-4.4.1") ) flag++;
if ( rpm_check(release:"SUSE12.1", reference:"vte2-tools-0.28.2-4.4.1") ) flag++;
if ( rpm_check(release:"SUSE12.1", reference:"vte2-tools-debuginfo-0.28.2-4.4.1") ) flag++;

if (flag)
{
  if (report_verbosity &gt; 0) security_warning(port:0, extra:rpm_report_get());
  else security_warning(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "gnome-terminal");
}

JSON Vulners Source

Initial Source

{"id": "OPENSUSE-2012-472.NASL", "bulletinFamily": "scanner", "title": "openSUSE Security Update : gnome-terminal (openSUSE-SU-2012:0933-1)", "description": "Add vte-CVE-2012-2738.patch: fix potential DoS through malicious escape sequences. Fix bnc#772761, CVE-2012-2738.", "published": "2014-06-13T00:00:00", "modified": "2018-11-10T00:00:00", "cvss": {"score": 4.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=74697", "reporter": "Tenable", "references": ["https://lists.opensuse.org/opensuse-updates/2012-08/msg00003.html", "https://bugzilla.novell.com/show_bug.cgi?id=772761"], "cvelist": ["CVE-2012-2738"], "type": "nessus", "lastseen": "2018-11-13T16:47:13", "history": [{"bulletin": {"bulletinFamily": "scanner", "cpe": [], "cvelist": ["CVE-2012-2738"], "cvss": {"score": 4.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:NONE/I:NONE/A:PARTIAL/"}, "description": "Add vte-CVE-2012-2738.patch: fix potential DoS through malicious escape sequences. Fix bnc#772761, CVE-2012-2738.", "edition": 1, "enchantments": {}, "hash": "744c69688a1cc614e3fe5107a66b1e18a8da03e555b27ee40f019bee7c540ec0", "hashmap": [{"hash": "1a7faccf9af0f3d00e3e029689bb7e0e", "key": "href"}, {"hash": "b8bf1a32b6eb39805a1cb05390584af1", "key": "cvelist"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "3f9bf8454abaa2e0e3f28554b591a8df", "key": "description"}, {"hash": "b87eaba112da2deea0be15ab2dcbeffd", "key": "pluginID"}, {"hash": "a06422cae0636adcab4550e3cb147fcd", "key": "references"}, {"hash": "02fcc0c238d215158fbaabb854c5b3df", "key": "modified"}, {"hash": "02fcc0c238d215158fbaabb854c5b3df", "key": "published"}, {"hash": "8733e153774217b21fb6f011df1f9cd5", "key": "title"}, {"hash": "3acd5c52298d52c7e188feeb289548b8", "key": "cvss"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "341422958122acbc86987e1203db67ff", "key": "sourceData"}, {"hash": "71a40666da62ba38d22539c8277870c7", "key": "naslFamily"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=74697", "id": "OPENSUSE-2012-472.NASL", "lastseen": "2016-09-26T17:23:41", "modified": "2014-06-13T00:00:00", "naslFamily": "SuSE Local Security Checks", "objectVersion": "1.2", "pluginID": "74697", "published": "2014-06-13T00:00:00", "references": ["http://lists.opensuse.org/opensuse-updates/2012-08/msg00003.html", "https://bugzilla.novell.com/show_bug.cgi?id=772761"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2012-472.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(74697);\n script_version(\"$Revision: 1.1 $\");\n script_cvs_date(\"$Date: 2014/06/13 20:53:55 $\");\n\n script_cve_id(\"CVE-2012-2738\");\n\n script_name(english:\"openSUSE Security Update : gnome-terminal (openSUSE-SU-2012:0933-1)\");\n script_summary(english:\"Check for the openSUSE-2012-472 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Add vte-CVE-2012-2738.patch: fix potential DoS through malicious\nescape sequences. Fix bnc#772761, CVE-2012-2738.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://lists.opensuse.org/opensuse-updates/2012-08/msg00003.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=772761\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected gnome-terminal packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:glade3-catalog-vte\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libvte9\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libvte9-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python-vte\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python-vte-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:vte2-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:vte2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:vte2-lang\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:vte2-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:vte2-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:12.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/07/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE12\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"12.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE12.1\", reference:\"glade3-catalog-vte-0.28.2-4.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libvte9-0.28.2-4.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libvte9-debuginfo-0.28.2-4.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"python-vte-0.28.2-4.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"python-vte-debuginfo-0.28.2-4.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"vte2-debugsource-0.28.2-4.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"vte2-devel-0.28.2-4.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"vte2-lang-0.28.2-4.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"vte2-tools-0.28.2-4.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"vte2-tools-debuginfo-0.28.2-4.4.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"gnome-terminal\");\n}\n", "title": "openSUSE Security Update : gnome-terminal (openSUSE-SU-2012:0933-1)", "type": "nessus", "viewCount": 0}, "differentElements": ["cpe"], "edition": 1, "lastseen": "2016-09-26T17:23:41"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["p-cpe:/a:novell:opensuse:vte2-tools", "cpe:/o:novell:opensuse:12.1", "p-cpe:/a:novell:opensuse:vte2-lang", "p-cpe:/a:novell:opensuse:libvte9", "p-cpe:/a:novell:opensuse:python-vte-debuginfo", "p-cpe:/a:novell:opensuse:libvte9-debuginfo", "p-cpe:/a:novell:opensuse:vte2-debugsource", "p-cpe:/a:novell:opensuse:glade3-catalog-vte", "p-cpe:/a:novell:opensuse:vte2-devel", "p-cpe:/a:novell:opensuse:python-vte", "p-cpe:/a:novell:opensuse:vte2-tools-debuginfo"], "cvelist": ["CVE-2012-2738"], "cvss": {"score": 4.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:NONE/I:NONE/A:PARTIAL/"}, "description": "Add vte-CVE-2012-2738.patch: fix potential DoS through malicious escape sequences. Fix bnc#772761, CVE-2012-2738.", "edition": 4, "enchantments": {"score": {"value": 2.1, "vector": "NONE"}}, "hash": "44833de2a5f12f8c538d7fd5b2d489a28146be18c20a2652893c3b95d3e432d4", "hashmap": [{"hash": "1a7faccf9af0f3d00e3e029689bb7e0e", "key": "href"}, {"hash": "b8bf1a32b6eb39805a1cb05390584af1", "key": "cvelist"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "3f9bf8454abaa2e0e3f28554b591a8df", "key": "description"}, {"hash": "b87eaba112da2deea0be15ab2dcbeffd", "key": "pluginID"}, {"hash": "a06422cae0636adcab4550e3cb147fcd", "key": "references"}, {"hash": "02fcc0c238d215158fbaabb854c5b3df", "key": "modified"}, {"hash": "a407285d8592aa3eb7435e31db52eb68", "key": "cpe"}, {"hash": "02fcc0c238d215158fbaabb854c5b3df", "key": "published"}, {"hash": "8733e153774217b21fb6f011df1f9cd5", "key": "title"}, {"hash": "3acd5c52298d52c7e188feeb289548b8", "key": "cvss"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "341422958122acbc86987e1203db67ff", "key": "sourceData"}, {"hash": "71a40666da62ba38d22539c8277870c7", "key": "naslFamily"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=74697", "id": "OPENSUSE-2012-472.NASL", "lastseen": "2018-09-01T23:36:58", "modified": "2014-06-13T00:00:00", "naslFamily": "SuSE Local Security Checks", "objectVersion": "1.3", "pluginID": "74697", "published": "2014-06-13T00:00:00", "references": ["http://lists.opensuse.org/opensuse-updates/2012-08/msg00003.html", "https://bugzilla.novell.com/show_bug.cgi?id=772761"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2012-472.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(74697);\n script_version(\"$Revision: 1.1 $\");\n script_cvs_date(\"$Date: 2014/06/13 20:53:55 $\");\n\n script_cve_id(\"CVE-2012-2738\");\n\n script_name(english:\"openSUSE Security Update : gnome-terminal (openSUSE-SU-2012:0933-1)\");\n script_summary(english:\"Check for the openSUSE-2012-472 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Add vte-CVE-2012-2738.patch: fix potential DoS through malicious\nescape sequences. Fix bnc#772761, CVE-2012-2738.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://lists.opensuse.org/opensuse-updates/2012-08/msg00003.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=772761\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected gnome-terminal packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:glade3-catalog-vte\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libvte9\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libvte9-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python-vte\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python-vte-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:vte2-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:vte2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:vte2-lang\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:vte2-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:vte2-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:12.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/07/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE12\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"12.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE12.1\", reference:\"glade3-catalog-vte-0.28.2-4.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libvte9-0.28.2-4.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libvte9-debuginfo-0.28.2-4.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"python-vte-0.28.2-4.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"python-vte-debuginfo-0.28.2-4.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"vte2-debugsource-0.28.2-4.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"vte2-devel-0.28.2-4.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"vte2-lang-0.28.2-4.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"vte2-tools-0.28.2-4.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"vte2-tools-debuginfo-0.28.2-4.4.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"gnome-terminal\");\n}\n", "title": "openSUSE Security Update : gnome-terminal (openSUSE-SU-2012:0933-1)", "type": "nessus", "viewCount": 0}, "differentElements": ["references", "modified", "sourceData"], "edition": 4, "lastseen": "2018-09-01T23:36:58"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["p-cpe:/a:novell:opensuse:vte2-tools", "cpe:/o:novell:opensuse:12.1", "p-cpe:/a:novell:opensuse:vte2-lang", "p-cpe:/a:novell:opensuse:libvte9", "p-cpe:/a:novell:opensuse:python-vte-debuginfo", "p-cpe:/a:novell:opensuse:libvte9-debuginfo", "p-cpe:/a:novell:opensuse:vte2-debugsource", "p-cpe:/a:novell:opensuse:glade3-catalog-vte", "p-cpe:/a:novell:opensuse:vte2-devel", "p-cpe:/a:novell:opensuse:python-vte", "p-cpe:/a:novell:opensuse:vte2-tools-debuginfo"], "cvelist": ["CVE-2012-2738"], "cvss": {"score": 0.0, "vector": "NONE"}, "description": "Add vte-CVE-2012-2738.patch: fix potential DoS through malicious escape sequences. Fix bnc#772761, CVE-2012-2738.", "edition": 3, "enchantments": {"score": {"value": 2.1, "vector": "NONE"}}, "hash": "6be2fc9443cc500ce8439fc81283fbc1c1fb6887d26a9a89d04929a981be1989", "hashmap": [{"hash": "1a7faccf9af0f3d00e3e029689bb7e0e", "key": "href"}, {"hash": "b8bf1a32b6eb39805a1cb05390584af1", "key": "cvelist"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "3f9bf8454abaa2e0e3f28554b591a8df", "key": "description"}, {"hash": "b87eaba112da2deea0be15ab2dcbeffd", "key": "pluginID"}, {"hash": "a06422cae0636adcab4550e3cb147fcd", "key": "references"}, {"hash": "02fcc0c238d215158fbaabb854c5b3df", "key": "modified"}, {"hash": "a407285d8592aa3eb7435e31db52eb68", "key": "cpe"}, {"hash": "02fcc0c238d215158fbaabb854c5b3df", "key": "published"}, {"hash": "8733e153774217b21fb6f011df1f9cd5", "key": "title"}, {"hash": "8cd4821cb504d25572038ed182587d85", "key": "cvss"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "341422958122acbc86987e1203db67ff", "key": "sourceData"}, {"hash": "71a40666da62ba38d22539c8277870c7", "key": "naslFamily"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=74697", "id": "OPENSUSE-2012-472.NASL", "lastseen": "2018-08-30T19:33:49", "modified": "2014-06-13T00:00:00", "naslFamily": "SuSE Local Security Checks", "objectVersion": "1.3", "pluginID": "74697", "published": "2014-06-13T00:00:00", "references": ["http://lists.opensuse.org/opensuse-updates/2012-08/msg00003.html", "https://bugzilla.novell.com/show_bug.cgi?id=772761"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2012-472.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(74697);\n script_version(\"$Revision: 1.1 $\");\n script_cvs_date(\"$Date: 2014/06/13 20:53:55 $\");\n\n script_cve_id(\"CVE-2012-2738\");\n\n script_name(english:\"openSUSE Security Update : gnome-terminal (openSUSE-SU-2012:0933-1)\");\n script_summary(english:\"Check for the openSUSE-2012-472 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Add vte-CVE-2012-2738.patch: fix potential DoS through malicious\nescape sequences. Fix bnc#772761, CVE-2012-2738.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://lists.opensuse.org/opensuse-updates/2012-08/msg00003.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=772761\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected gnome-terminal packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:glade3-catalog-vte\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libvte9\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libvte9-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python-vte\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python-vte-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:vte2-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:vte2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:vte2-lang\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:vte2-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:vte2-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:12.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/07/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE12\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"12.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE12.1\", reference:\"glade3-catalog-vte-0.28.2-4.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libvte9-0.28.2-4.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libvte9-debuginfo-0.28.2-4.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"python-vte-0.28.2-4.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"python-vte-debuginfo-0.28.2-4.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"vte2-debugsource-0.28.2-4.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"vte2-devel-0.28.2-4.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"vte2-lang-0.28.2-4.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"vte2-tools-0.28.2-4.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"vte2-tools-debuginfo-0.28.2-4.4.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"gnome-terminal\");\n}\n", "title": "openSUSE Security Update : gnome-terminal (openSUSE-SU-2012:0933-1)", "type": "nessus", "viewCount": 0}, "differentElements": ["cvss"], "edition": 3, "lastseen": "2018-08-30T19:33:49"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["p-cpe:/a:novell:opensuse:vte2-tools", "cpe:/o:novell:opensuse:12.1", "p-cpe:/a:novell:opensuse:vte2-lang", "p-cpe:/a:novell:opensuse:libvte9", "p-cpe:/a:novell:opensuse:python-vte-debuginfo", "p-cpe:/a:novell:opensuse:libvte9-debuginfo", "p-cpe:/a:novell:opensuse:vte2-debugsource", "p-cpe:/a:novell:opensuse:glade3-catalog-vte", "p-cpe:/a:novell:opensuse:vte2-devel", "p-cpe:/a:novell:opensuse:python-vte", "p-cpe:/a:novell:opensuse:vte2-tools-debuginfo"], "cvelist": ["CVE-2012-2738"], "cvss": {"score": 4.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:NONE/I:NONE/A:PARTIAL/"}, "description": "Add vte-CVE-2012-2738.patch: fix potential DoS through malicious escape sequences. Fix bnc#772761, CVE-2012-2738.", "edition": 2, "enchantments": {"score": {"value": 2.1, "vector": "NONE"}}, "hash": "44833de2a5f12f8c538d7fd5b2d489a28146be18c20a2652893c3b95d3e432d4", "hashmap": [{"hash": "1a7faccf9af0f3d00e3e029689bb7e0e", "key": "href"}, {"hash": "b8bf1a32b6eb39805a1cb05390584af1", "key": "cvelist"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "3f9bf8454abaa2e0e3f28554b591a8df", "key": "description"}, {"hash": "b87eaba112da2deea0be15ab2dcbeffd", "key": "pluginID"}, {"hash": "a06422cae0636adcab4550e3cb147fcd", "key": "references"}, {"hash": "02fcc0c238d215158fbaabb854c5b3df", "key": "modified"}, {"hash": "a407285d8592aa3eb7435e31db52eb68", "key": "cpe"}, {"hash": "02fcc0c238d215158fbaabb854c5b3df", "key": "published"}, {"hash": "8733e153774217b21fb6f011df1f9cd5", "key": "title"}, {"hash": "3acd5c52298d52c7e188feeb289548b8", "key": "cvss"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "341422958122acbc86987e1203db67ff", "key": "sourceData"}, {"hash": "71a40666da62ba38d22539c8277870c7", "key": "naslFamily"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=74697", "id": "OPENSUSE-2012-472.NASL", "lastseen": "2017-10-29T13:35:06", "modified": "2014-06-13T00:00:00", "naslFamily": "SuSE Local Security Checks", "objectVersion": "1.3", "pluginID": "74697", "published": "2014-06-13T00:00:00", "references": ["http://lists.opensuse.org/opensuse-updates/2012-08/msg00003.html", "https://bugzilla.novell.com/show_bug.cgi?id=772761"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2012-472.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(74697);\n script_version(\"$Revision: 1.1 $\");\n script_cvs_date(\"$Date: 2014/06/13 20:53:55 $\");\n\n script_cve_id(\"CVE-2012-2738\");\n\n script_name(english:\"openSUSE Security Update : gnome-terminal (openSUSE-SU-2012:0933-1)\");\n script_summary(english:\"Check for the openSUSE-2012-472 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Add vte-CVE-2012-2738.patch: fix potential DoS through malicious\nescape sequences. Fix bnc#772761, CVE-2012-2738.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://lists.opensuse.org/opensuse-updates/2012-08/msg00003.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=772761\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected gnome-terminal packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:glade3-catalog-vte\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libvte9\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libvte9-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python-vte\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python-vte-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:vte2-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:vte2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:vte2-lang\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:vte2-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:vte2-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:12.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/07/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE12\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"12.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE12.1\", reference:\"glade3-catalog-vte-0.28.2-4.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libvte9-0.28.2-4.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libvte9-debuginfo-0.28.2-4.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"python-vte-0.28.2-4.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"python-vte-debuginfo-0.28.2-4.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"vte2-debugsource-0.28.2-4.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"vte2-devel-0.28.2-4.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"vte2-lang-0.28.2-4.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"vte2-tools-0.28.2-4.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"vte2-tools-debuginfo-0.28.2-4.4.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"gnome-terminal\");\n}\n", "title": "openSUSE Security Update : gnome-terminal (openSUSE-SU-2012:0933-1)", "type": "nessus", "viewCount": 0}, "differentElements": ["cvss"], "edition": 2, "lastseen": "2017-10-29T13:35:06"}], "edition": 5, "hashmap": [{"key": "bulletinFamily", "hash": "bbdaea376f500d25f6b0c1050311dd07"}, {"key": "cpe", "hash": "a407285d8592aa3eb7435e31db52eb68"}, {"key": "cvelist", "hash": "b8bf1a32b6eb39805a1cb05390584af1"}, {"key": "cvss", "hash": "3acd5c52298d52c7e188feeb289548b8"}, {"key": "description", "hash": "3f9bf8454abaa2e0e3f28554b591a8df"}, {"key": "href", "hash": "1a7faccf9af0f3d00e3e029689bb7e0e"}, {"key": "modified", "hash": "3c764d4cf584f9ded7aa4dcca57c78ff"}, {"key": "naslFamily", "hash": "71a40666da62ba38d22539c8277870c7"}, {"key": "pluginID", "hash": "b87eaba112da2deea0be15ab2dcbeffd"}, {"key": "published", "hash": "02fcc0c238d215158fbaabb854c5b3df"}, {"key": "references", "hash": "4786d6c3ae94e25f05bd0ec5554d6b21"}, {"key": "reporter", "hash": "9cf00d658b687f030ebe173a0528c567"}, {"key": "sourceData", "hash": "061bfb50dece5cb2aa0e9d29a887918f"}, {"key": "title", "hash": "8733e153774217b21fb6f011df1f9cd5"}, {"key": "type", "hash": "5e0bd03bec244039678f2b955a2595aa"}], "hash": "d0f1e165543ee2389675382930ef7a664f1a6cdcb5f0b62978437d2356f6fe4d", "viewCount": 0, "enchantments": {"score": {"value": 2.1, "vector": "NONE"}, "vulnersScore": 2.1}, "objectVersion": "1.3", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2012-472.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(74697);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2018/11/10 11:50:00\");\n\n script_cve_id(\"CVE-2012-2738\");\n\n script_name(english:\"openSUSE Security Update : gnome-terminal (openSUSE-SU-2012:0933-1)\");\n script_summary(english:\"Check for the openSUSE-2012-472 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Add vte-CVE-2012-2738.patch: fix potential DoS through malicious\nescape sequences. Fix bnc#772761, CVE-2012-2738.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=772761\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2012-08/msg00003.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected gnome-terminal packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:glade3-catalog-vte\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libvte9\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libvte9-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python-vte\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python-vte-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:vte2-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:vte2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:vte2-lang\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:vte2-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:vte2-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:12.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/07/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE12\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"12.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE12.1\", reference:\"glade3-catalog-vte-0.28.2-4.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libvte9-0.28.2-4.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libvte9-debuginfo-0.28.2-4.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"python-vte-0.28.2-4.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"python-vte-debuginfo-0.28.2-4.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"vte2-debugsource-0.28.2-4.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"vte2-devel-0.28.2-4.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"vte2-lang-0.28.2-4.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"vte2-tools-0.28.2-4.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"vte2-tools-debuginfo-0.28.2-4.4.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"gnome-terminal\");\n}\n", "naslFamily": "SuSE Local Security Checks", "pluginID": "74697", "cpe": ["p-cpe:/a:novell:opensuse:vte2-tools", "cpe:/o:novell:opensuse:12.1", "p-cpe:/a:novell:opensuse:vte2-lang", "p-cpe:/a:novell:opensuse:libvte9", "p-cpe:/a:novell:opensuse:python-vte-debuginfo", "p-cpe:/a:novell:opensuse:libvte9-debuginfo", "p-cpe:/a:novell:opensuse:vte2-debugsource", "p-cpe:/a:novell:opensuse:glade3-catalog-vte", "p-cpe:/a:novell:opensuse:vte2-devel", "p-cpe:/a:novell:opensuse:python-vte", "p-cpe:/a:novell:opensuse:vte2-tools-debuginfo"]}

{"cve": [{"lastseen": "2017-04-18T15:53:24", "references": ["http://www.openwall.com/lists/oss-security/2012/05/23/6", "http://lists.fedoraproject.org/pipermail/package-announce/2012-July/083403.html", "http://www.openwall.com/lists/oss-security/2012/06/15/11", "http://www.securityfocus.com/bid/54281", "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html", "http://lists.opensuse.org/opensuse-updates/2012-08/msg00001.html", "http://ftp.gnome.org/pub/GNOME/sources/vte/0.32/vte-0.32.2.news", "http://lists.fedoraproject.org/pipermail/package-announce/2012-July/083398.html", "http://ftp.gnome.org/pub/GNOME/sources/vte/0.32/vte-0.32.2.changes", "https://bugzilla.gnome.org/show_bug.cgi?id=676090"], "edition": 2, "description": "The VteTerminal in gnome-terminal (vte) before 0.32.2 allows remote authenticated users to cause a denial of service (long loop and CPU consumption) via an escape sequence with a large repeat count value.", "reporter": "NVD", "published": "2012-07-22T12:55:25", "title": "CVE-2012-2738", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "type": "cve", "assessment": {"system": "", "name": "", "href": ""}, "bulletinFamily": "NVD", "cvelist": ["CVE-2012-2738"], "scanner": [], "modified": "2016-10-25T21:59:10", "cpe": ["cpe:/a:nalin_dahyabhai:vte:0.20.0", "cpe:/a:nalin_dahyabhai:vte:0.10.27", "cpe:/a:nalin_dahyabhai:vte:0.10.19", "cpe:/a:nalin_dahyabhai:vte:0.16.14", "cpe:/a:nalin_dahyabhai:vte:0.10.1", "cpe:/a:nalin_dahyabhai:vte:0.29.0", "cpe:/a:nalin_dahyabhai:vte:0.30.1", "cpe:/a:nalin_dahyabhai:vte:0.10.7", "cpe:/a:nalin_dahyabhai:vte:0.20.5", "cpe:/a:nalin_dahyabhai:vte:0.19.4", "cpe:/a:nalin_dahyabhai:vte:0.10.17", "cpe:/a:nalin_dahyabhai:vte:0.13.0", "cpe:/a:nalin_dahyabhai:vte:0.21.2", "cpe:/a:nalin_dahyabhai:vte:0.22.5", "cpe:/a:nalin_dahyabhai:vte:0.10", "cpe:/a:nalin_dahyabhai:vte:0.11.2", "cpe:/a:nalin_dahyabhai:vte:0.10.20", "cpe:/a:nalin_dahyabhai:vte:0.16.6", "cpe:/a:nalin_dahyabhai:vte:0.29.1", "cpe:/a:nalin_dahyabhai:vte:0.11.1", "cpe:/a:nalin_dahyabhai:vte:0.22.4", "cpe:/a:nalin_dahyabhai:vte:0.13.4", "cpe:/a:nalin_dahyabhai:vte:0.14.2", "cpe:/a:nalin_dahyabhai:vte:0.10.13", "cpe:/a:nalin_dahyabhai:vte:0.10.11", "cpe:/a:nalin_dahyabhai:vte:0.16.8", "cpe:/a:nalin_dahyabhai:vte:0.10.16", "cpe:/a:nalin_dahyabhai:vte:0.15.6", "cpe:/a:nalin_dahyabhai:vte:0.19.1", "cpe:/a:nalin_dahyabhai:vte:0.12.1", "cpe:/a:nalin_dahyabhai:vte:0.10.6", "cpe:/a:nalin_dahyabhai:vte:0.16.12", "cpe:/a:nalin_dahyabhai:vte:0.23.2", "cpe:/a:nalin_dahyabhai:vte:0.21.7", "cpe:/a:nalin_dahyabhai:vte:0.11.12", "cpe:/a:nalin_dahyabhai:vte:0.27.5", "cpe:/a:nalin_dahyabhai:vte:0.23.3", "cpe:/a:nalin_dahyabhai:vte:0.15.1", "cpe:/a:nalin_dahyabhai:vte:0.12.2", "cpe:/a:nalin_dahyabhai:vte:0.26.1", "cpe:/a:nalin_dahyabhai:vte:0.11.6", "cpe:/a:nalin_dahyabhai:vte:0.24.2", "cpe:/a:nalin_dahyabhai:vte:0.10.5", "cpe:/a:nalin_dahyabhai:vte:0.23.4", "cpe:/a:nalin_dahyabhai:vte:0.10.26", "cpe:/a:nalin_dahyabhai:vte:0.16.9", "cpe:/a:nalin_dahyabhai:vte:0.11.21", "cpe:/a:nalin_dahyabhai:vte:0.10.15", "cpe:/a:nalin_dahyabhai:vte:0.15.0", "cpe:/a:nalin_dahyabhai:vte:0.23.5", "cpe:/a:nalin_dahyabhai:vte:0.27.1", "cpe:/a:nalin_dahyabhai:vte:0.16.0", "cpe:/a:nalin_dahyabhai:vte:0.17.2", "cpe:/a:nalin_dahyabhai:vte:0.10.21", "cpe:/a:nalin_dahyabhai:vte:0.10.28", "cpe:/a:nalin_dahyabhai:vte:0.22.0", "cpe:/a:nalin_dahyabhai:vte:0.16.11", "cpe:/a:nalin_dahyabhai:vte:0.11.7", "cpe:/a:nalin_dahyabhai:vte:0.12.0", "cpe:/a:nalin_dahyabhai:vte:0.11.4", "cpe:/a:nalin_dahyabhai:vte:0.17.4", "cpe:/a:nalin_dahyabhai:vte:0.10.25", "cpe:/a:nalin_dahyabhai:vte:0.10.8", "cpe:/a:nalin_dahyabhai:vte:0.11.3", "cpe:/a:nalin_dahyabhai:vte:0.13.3", "cpe:/a:nalin_dahyabhai:vte:0.15.4", "cpe:/a:nalin_dahyabhai:vte:0.26.2", "cpe:/a:nalin_dahyabhai:vte:0.15.2", "cpe:/a:nalin_dahyabhai:vte:0.22.3", "cpe:/a:nalin_dahyabhai:vte:0.16.13", "cpe:/a:nalin_dahyabhai:vte:0.16.1", "cpe:/a:nalin_dahyabhai:vte:0.10.12", "cpe:/a:nalin_dahyabhai:vte:0.11.15", "cpe:/a:nalin_dahyabhai:vte:0.22.1", "cpe:/a:nalin_dahyabhai:vte:0.19.2", "cpe:/a:nalin_dahyabhai:vte:0.15.5", "cpe:/a:nalin_dahyabhai:vte:0.13.5", "cpe:/a:nalin_dahyabhai:vte:0.11.16", "cpe:/a:nalin_dahyabhai:vte:0.14.0", "cpe:/a:nalin_dahyabhai:vte:0.9.2", "cpe:/a:nalin_dahyabhai:vte:0.10.23", "cpe:/a:nalin_dahyabhai:vte:0.15.3", "cpe:/a:nalin_dahyabhai:vte:0.16.2", "cpe:/a:nalin_dahyabhai:vte:0.21.6", "cpe:/a:nalin_dahyabhai:vte:0.16.7", "cpe:/a:nalin_dahyabhai:vte:0.11.11", "cpe:/a:nalin_dahyabhai:vte:0.25.1", "cpe:/a:nalin_dahyabhai:vte:0.10.14", "cpe:/a:nalin_dahyabhai:vte:0.24.3", "cpe:/a:nalin_dahyabhai:vte:0.30.0", "cpe:/a:nalin_dahyabhai:vte:0.27.0", "cpe:/a:nalin_dahyabhai:vte:0.11.19", "cpe:/a:nalin_dahyabhai:vte:0.17.1", "cpe:/a:nalin_dahyabhai:vte:0.20.3", "cpe:/a:nalin_dahyabhai:vte:0.20.4", "cpe:/a:nalin_dahyabhai:vte:0.11.17", "cpe:/a:nalin_dahyabhai:vte:0.13.7", "cpe:/a:nalin_dahyabhai:vte:0.20.2", "cpe:/a:nalin_dahyabhai:vte:0.24.0", "cpe:/a:nalin_dahyabhai:vte:0.10.22", "cpe:/a:nalin_dahyabhai:vte:0.11.13", "cpe:/a:nalin_dahyabhai:vte:0.10.10", "cpe:/a:nalin_dahyabhai:vte:0.16.10", "cpe:/a:nalin_dahyabhai:vte:0.16.3", "cpe:/a:nalin_dahyabhai:vte:0.11.8", "cpe:/a:nalin_dahyabhai:vte:0.20.1", "cpe:/a:nalin_dahyabhai:vte:0.10.9", "cpe:/a:nalin_dahyabhai:vte:0.17.3", "cpe:/a:nalin_dahyabhai:vte:0.32.0", "cpe:/a:nalin_dahyabhai:vte:0.27.3", "cpe:/a:nalin_dahyabhai:vte:0.11.14", "cpe:/a:nalin_dahyabhai:vte:0.27.2", "cpe:/a:nalin_dahyabhai:vte:0.13.1", "cpe:/a:nalin_dahyabhai:vte:0.24.1", "cpe:/a:nalin_dahyabhai:vte:0.25.90", "cpe:/a:nalin_dahyabhai:vte:0.11.9", "cpe:/a:nalin_dahyabhai:vte:0.28.0", "cpe:/a:nalin_dahyabhai:vte:0.13.6", "cpe:/a:nalin_dahyabhai:vte:0.16.5", "cpe:/a:nalin_dahyabhai:vte:0.31.0", "cpe:/a:nalin_dahyabhai:vte:0.21.5", "cpe:/a:nalin_dahyabhai:vte:0.11.20", "cpe:/a:nalin_dahyabhai:vte:0.28.1", "cpe:/a:nalin_dahyabhai:vte:0.11.0", "cpe:/a:nalin_dahyabhai:vte:0.14.1", "cpe:/a:nalin_dahyabhai:vte:0.10.2", "cpe:/a:nalin_dahyabhai:vte:0.21.3", "cpe:/a:nalin_dahyabhai:vte:0.10.3", "cpe:/a:nalin_dahyabhai:vte:0.23.1", "cpe:/a:nalin_dahyabhai:vte:0.16.4", "cpe:/a:nalin_dahyabhai:vte:0.9.0", "cpe:/a:nalin_dahyabhai:vte:0.11.5", "cpe:/a:nalin_dahyabhai:vte:0.27.90", "cpe:/a:nalin_dahyabhai:vte:0.10.4", "cpe:/a:nalin_dahyabhai:vte:0.27.4", "cpe:/a:nalin_dahyabhai:vte:0.26.0", "cpe:/a:nalin_dahyabhai:vte:0.28.2", "cpe:/a:nalin_dahyabhai:vte:0.32.1", "cpe:/a:nalin_dahyabhai:vte:0.21.1", "cpe:/a:nalin_dahyabhai:vte:0.13.2", "cpe:/a:nalin_dahyabhai:vte:0.19.3", "cpe:/a:nalin_dahyabhai:vte:0.11.10", "cpe:/a:nalin_dahyabhai:vte:0.11.18", "cpe:/a:nalin_dahyabhai:vte:0.10.29", "cpe:/a:nalin_dahyabhai:vte:0.25.91", "cpe:/a:nalin_dahyabhai:vte:0.22.2", "cpe:/a:nalin_dahyabhai:vte:0.21.4"], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-2738", "id": "CVE-2012-2738", "cvss": {"score": 4.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:NONE/I:NONE/A:PARTIAL/"}}], "openvas": [{"lastseen": "2018-01-02T10:56:52", "references": ["http://lists.fedoraproject.org/pipermail/package-announce/2012-July/083398.html", "2012-9546"], "pluginID": "864530", "description": "Check for the Version of vte", "edition": 3, "reporter": "Copyright (c) 2012 Greenbone Networks GmbH", "published": "2012-07-06T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "title": "Fedora Update for vte FEDORA-2012-9546", "type": "openvas", "naslFamily": "Fedora Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-2738"], "modified": "2017-12-27T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=864530", "id": "OPENVAS:864530", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for vte FEDORA-2012-9546\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"vte on Fedora 16\";\ntag_insight = \"VTE is a terminal emulator widget for use with GTK+ 2.0.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2012-July/083398.html\");\n script_id(864530);\n script_version(\"$Revision: 8249 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-27 07:29:56 +0100 (Wed, 27 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-07-06 09:58:30 +0530 (Fri, 06 Jul 2012)\");\n script_cve_id(\"CVE-2012-2738\");\n script_tag(name:\"cvss_base\", value:\"4.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:N/I:N/A:P\");\n script_xref(name: \"FEDORA\", value: \"2012-9546\");\n script_name(\"Fedora Update for vte FEDORA-2012-9546\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of vte\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC16\")\n{\n\n if ((res = isrpmvuln(pkg:\"vte\", rpm:\"vte~0.28.2~6.fc16\", rls:\"FC16\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 4.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-09-02T00:01:52", "references": ["2012-9575", "http://lists.fedoraproject.org/pipermail/package-announce/2012-July/083403.html"], "pluginID": "1361412562310864529", "description": "Check for the Version of vte", "edition": 3, "reporter": "Copyright (c) 2012 Greenbone Networks GmbH", "published": "2012-08-30T00:00:00", "title": "Fedora Update for vte FEDORA-2012-9575", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Fedora Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-2738"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:1361412562310864529", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310864529", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for vte FEDORA-2012-9575\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"vte on Fedora 17\";\ntag_insight = \"VTE is a terminal emulator widget for use with GTK+ 2.0.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2012-July/083403.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.864529\");\n script_version(\"$Revision: 9352 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:13:02 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-08-30 09:58:29 +0530 (Thu, 30 Aug 2012)\");\n script_cve_id(\"CVE-2012-2738\");\n script_tag(name:\"cvss_base\", value:\"4.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:N/I:N/A:P\");\n script_xref(name: \"FEDORA\", value: \"2012-9575\");\n script_name(\"Fedora Update for vte FEDORA-2012-9575\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of vte\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC17\")\n{\n\n if ((res = isrpmvuln(pkg:\"vte\", rpm:\"vte~0.28.2~6.fc17\", rls:\"FC17\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 4.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-01-02T10:56:20", "references": ["2012-9575", "http://lists.fedoraproject.org/pipermail/package-announce/2012-July/083403.html"], "pluginID": "864529", "description": "Check for the Version of vte", "edition": 3, "reporter": "Copyright (c) 2012 Greenbone Networks GmbH", "published": "2012-08-30T00:00:00", "title": "Fedora Update for vte FEDORA-2012-9575", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Fedora Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-2738"], "modified": "2017-12-28T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=864529", "id": "OPENVAS:864529", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for vte FEDORA-2012-9575\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"vte on Fedora 17\";\ntag_insight = \"VTE is a terminal emulator widget for use with GTK+ 2.0.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2012-July/083403.html\");\n script_id(864529);\n script_version(\"$Revision: 8253 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-28 07:29:51 +0100 (Thu, 28 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-08-30 09:58:29 +0530 (Thu, 30 Aug 2012)\");\n script_cve_id(\"CVE-2012-2738\");\n script_tag(name:\"cvss_base\", value:\"4.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:N/I:N/A:P\");\n script_xref(name: \"FEDORA\", value: \"2012-9575\");\n script_name(\"Fedora Update for vte FEDORA-2012-9575\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of vte\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC17\")\n{\n\n if ((res = isrpmvuln(pkg:\"vte\", rpm:\"vte~0.28.2~6.fc17\", rls:\"FC17\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 4.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-09-02T00:02:11", "references": ["http://lists.fedoraproject.org/pipermail/package-announce/2012-July/083398.html", "2012-9546"], "pluginID": "1361412562310864530", "description": "Check for the Version of vte", "edition": 3, "reporter": "Copyright (c) 2012 Greenbone Networks GmbH", "published": "2012-07-06T00:00:00", "title": "Fedora Update for vte FEDORA-2012-9546", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Fedora Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-2738"], "modified": "2018-02-05T00:00:00", "id": "OPENVAS:1361412562310864530", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310864530", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for vte FEDORA-2012-9546\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"vte on Fedora 16\";\ntag_insight = \"VTE is a terminal emulator widget for use with GTK+ 2.0.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2012-July/083398.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.864530\");\n script_version(\"$Revision: 8671 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-02-05 17:38:48 +0100 (Mon, 05 Feb 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-07-06 09:58:30 +0530 (Fri, 06 Jul 2012)\");\n script_cve_id(\"CVE-2012-2738\");\n script_tag(name:\"cvss_base\", value:\"4.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:N/I:N/A:P\");\n script_xref(name: \"FEDORA\", value: \"2012-9546\");\n script_name(\"Fedora Update for vte FEDORA-2012-9546\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of vte\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC16\")\n{\n\n if ((res = isrpmvuln(pkg:\"vte\", rpm:\"vte~0.28.2~6.fc16\", rls:\"FC16\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 4.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-10-29T12:39:18", "references": ["https://security.gentoo.org/glsa/201412-10"], "pluginID": "1361412562310121296", "description": "Gentoo Linux Local Security Checks GLSA 201412-10", "edition": 7, "reporter": "Eero Volotinen", "published": "2015-09-29T00:00:00", "title": "Gentoo Security Advisory GLSA 201412-10", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "Gentoo Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-2198", "CVE-2010-3314", "CVE-2012-2738", "CVE-2010-2713", "CVE-2012-1620", "CVE-2012-3448", "CVE-2008-4776", "CVE-2012-0808", "CVE-2010-3313", "CVE-2012-0807", "CVE-2011-0765"], "modified": "2018-10-26T00:00:00", "id": "OPENVAS:1361412562310121296", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310121296", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: glsa-201412-10.nasl 12128 2018-10-26 13:35:25Z cfischer $\n#\n# Gentoo Linux security check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.121296\");\n script_version(\"$Revision: 12128 $\");\n script_tag(name:\"creation_date\", value:\"2015-09-29 11:28:08 +0300 (Tue, 29 Sep 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-26 15:35:25 +0200 (Fri, 26 Oct 2018) $\");\n script_name(\"Gentoo Security Advisory GLSA 201412-10\");\n script_tag(name:\"insight\", value:\"Vulnerabilities have been discovered in the packages listed below. Please review the CVE identifiers in the Reference section for details.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://security.gentoo.org/glsa/201412-10\");\n script_cve_id(\"CVE-2008-4776\", \"CVE-2010-2713\", \"CVE-2010-3313\", \"CVE-2010-3314\", \"CVE-2011-0765\", \"CVE-2011-2198\", \"CVE-2012-0807\", \"CVE-2012-0808\", \"CVE-2012-1620\", \"CVE-2012-2738\", \"CVE-2012-3448\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"summary\", value:\"Gentoo Linux Local Security Checks GLSA 201412-10\");\n script_copyright(\"Eero Volotinen\");\n script_family(\"Gentoo Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-gentoo.inc\");\n\nres = \"\";\nreport = \"\";\n\nif((res=ispkgvuln(pkg:\"www-apps/egroupware\", unaffected: make_list(\"ge 1.8.004.20120613\"), vulnerable: make_list(\"lt 1.8.004.20120613\"))) != NULL) {\n\n report += res;\n}\nif((res=ispkgvuln(pkg:\"x11-libs/vte\", unaffected: make_list(\"ge 0.32.2\"), vulnerable: make_list() )) != NULL) {\n\n report += res;\n}\nif((res=ispkgvuln(pkg:\"x11-libs/vte\", unaffected: make_list(\"ge 0.28.2-r204\"), vulnerable: make_list() )) != NULL) {\n\n report += res;\n}\nif((res=ispkgvuln(pkg:\"x11-libs/vte\", unaffected: make_list(\"ge 0.28.2-r206\"), vulnerable: make_list() )) != NULL) {\n\n report += res;\n}\nif((res=ispkgvuln(pkg:\"x11-libs/vte\", unaffected: make_list(), vulnerable: make_list(\"lt 0.32.2\"))) != NULL) {\n\n report += res;\n}\nif((res=ispkgvuln(pkg:\"net-analyzer/lft\", unaffected: make_list(\"ge 3.33\"), vulnerable: make_list(\"lt 3.33\"))) != NULL) {\n\n report += res;\n}\nif((res=ispkgvuln(pkg:\"dev-php/suhosin\", unaffected: make_list(\"ge 0.9.33\"), vulnerable: make_list(\"lt 0.9.33\"))) != NULL) {\n\n report += res;\n}\nif((res=ispkgvuln(pkg:\"x11-misc/slock\", unaffected: make_list(\"ge 1.0\"), vulnerable: make_list(\"lt 1.0\"))) != NULL) {\n\n report += res;\n}\nif((res=ispkgvuln(pkg:\"sys-cluster/ganglia\", unaffected: make_list(\"ge 3.3.7\"), vulnerable: make_list(\"lt 3.3.7\"))) != NULL) {\n\n report += res;\n}\nif((res=ispkgvuln(pkg:\"net-im/gg-transport\", unaffected: make_list(\"ge 2.2.4\"), vulnerable: make_list(\"lt 2.2.4\"))) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "nessus": [{"lastseen": "2018-09-02T00:02:32", "references": [], "pluginID": "66147", "description": "Updated vte packages fix security vulnerability :\n\nA denial of service flaw was found in the way VTE, a terminal emulator widget, processed certain escape sequences with large repeat counts. A remote attacker could provide a specially crafted file, which once opened in a terminal using the VTE terminal emulator could lead to excessive CPU consumption (CVE-2012-2738).", "edition": 5, "reporter": "Tenable", "published": "2013-04-20T00:00:00", "title": "Mandriva Linux Security Advisory : vte (MDVSA-2013:135)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "Mandriva Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-2738"], "modified": "2018-07-19T00:00:00", "cpe": ["p-cpe:/a:mandriva:linux:lib64vte9", "cpe:/o:mandriva:business_server:1", "p-cpe:/a:mandriva:linux:lib64vte-devel", "p-cpe:/a:mandriva:linux:lib64vte-gir0.0", "p-cpe:/a:mandriva:linux:vte", "p-cpe:/a:mandriva:linux:python-vte"], "id": "MANDRIVA_MDVSA-2013-135.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=66147", "sourceData": "#%NASL_MIN_LEVEL 70103\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2013:135. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(66147);\n script_version(\"1.6\");\n script_cvs_date(\"Date: 2018/07/19 20:59:18\");\n\n script_cve_id(\"CVE-2012-2738\");\n script_bugtraq_id(54281);\n script_xref(name:\"MDVSA\", value:\"2013:135\");\n script_xref(name:\"MGASA\", value:\"2012-0163\");\n\n script_name(english:\"Mandriva Linux Security Advisory : vte (MDVSA-2013:135)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated vte packages fix security vulnerability :\n\nA denial of service flaw was found in the way VTE, a terminal emulator\nwidget, processed certain escape sequences with large repeat counts. A\nremote attacker could provide a specially crafted file, which once\nopened in a terminal using the VTE terminal emulator could lead to\nexcessive CPU consumption (CVE-2012-2738).\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:ND\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64vte-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64vte-gir0.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64vte9\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:python-vte\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:vte\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:business_server:1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/04/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/04/20\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"lib64vte-devel-0.28.2-5.1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"lib64vte-gir0.0-0.28.2-5.1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"lib64vte9-0.28.2-5.1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"python-vte-0.28.2-5.1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"vte-0.28.2-5.1.mbs1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 4.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-09-01T23:36:31", "references": ["https://bugzilla.redhat.com/show_bug.cgi?id=832356", "http://www.nessus.org/u?763bd559"], "pluginID": "59842", "description": "Fix for python bindings issues, and fix for CVE-2012-2738\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "edition": 4, "reporter": "Tenable", "published": "2012-07-05T00:00:00", "title": "Fedora 17 : vte-0.28.2-6.fc17 (2012-9575)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 2.1}}, "naslFamily": "Fedora Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-2738"], "modified": "2015-10-20T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:17", "p-cpe:/a:fedoraproject:fedora:vte"], "id": "FEDORA_2012-9575.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=59842", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2012-9575.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(59842);\n script_version(\"$Revision: 1.7 $\");\n script_cvs_date(\"$Date: 2015/10/20 23:02:22 $\");\n\n script_cve_id(\"CVE-2012-2738\");\n script_xref(name:\"FEDORA\", value:\"2012-9575\");\n\n script_name(english:\"Fedora 17 : vte-0.28.2-6.fc17 (2012-9575)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Fix for python bindings issues, and fix for CVE-2012-2738\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=832356\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2012-July/083403.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?763bd559\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected vte package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:vte\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:17\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/06/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/07/05\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2015 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^17([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 17.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC17\", reference:\"vte-0.28.2-6.fc17\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"vte\");\n}\n", "cvss": {"score": 4.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-09-01T23:33:46", "references": ["http://www.nessus.org/u?6d512b0f", "https://bugzilla.redhat.com/show_bug.cgi?id=832356"], "pluginID": "59841", "description": "Fix to python bindings and a fix for CVE-2012-2738\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "edition": 4, "reporter": "Tenable", "published": "2012-07-05T00:00:00", "title": "Fedora 16 : vte-0.28.2-6.fc16 (2012-9546)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 2.1}}, "naslFamily": "Fedora Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-2738"], "modified": "2015-10-20T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:vte", "cpe:/o:fedoraproject:fedora:16"], "id": "FEDORA_2012-9546.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=59841", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2012-9546.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(59841);\n script_version(\"$Revision: 1.7 $\");\n script_cvs_date(\"$Date: 2015/10/20 23:02:22 $\");\n\n script_cve_id(\"CVE-2012-2738\");\n script_xref(name:\"FEDORA\", value:\"2012-9546\");\n\n script_name(english:\"Fedora 16 : vte-0.28.2-6.fc16 (2012-9546)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Fix to python bindings and a fix for CVE-2012-2738\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=832356\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2012-July/083398.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?6d512b0f\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected vte package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:vte\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:16\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/06/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/07/05\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2015 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^16([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 16.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC16\", reference:\"vte-0.28.2-6.fc16\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"vte\");\n}\n", "cvss": {"score": 4.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-11-13T16:46:23", "references": ["https://bugzilla.novell.com/show_bug.cgi?id=699214", "https://lists.opensuse.org/opensuse-updates/2012-08/msg00001.html", "https://bugzilla.novell.com/show_bug.cgi?id=772761"], "pluginID": "74696", "description": "- Add vte-CVE-2011-2198.patch: fix memory exhaustion through malicious escape sequences. Fix bnc#699214, CVE-2011-2198 (openSUSE 11.4 only).\n\n - Add vte-CVE-2012-2738.patch: fix potential DoS through malicious escape sequences. Fix bnc#772761, CVE-2012-2738.", "edition": 6, "reporter": "Tenable", "published": "2014-06-13T00:00:00", "title": "openSUSE Security Update : vte/gnome-terminal (openSUSE-SU-2012:0931-1)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "SuSE Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-2198", "CVE-2012-2738"], "modified": "2018-11-10T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:vte-tools", "p-cpe:/a:novell:opensuse:vte-lang", "cpe:/o:novell:opensuse:12.1", "p-cpe:/a:novell:opensuse:libvte2_90-9-debuginfo", "p-cpe:/a:novell:opensuse:libvte9", "p-cpe:/a:novell:opensuse:vte-tools-debuginfo", "cpe:/o:novell:opensuse:11.4", "p-cpe:/a:novell:opensuse:vte-devel", "p-cpe:/a:novell:opensuse:glade-catalog-vte", "p-cpe:/a:novell:opensuse:python-vte-debuginfo", "p-cpe:/a:novell:opensuse:libvte9-debuginfo", "p-cpe:/a:novell:opensuse:glade3-catalog-vte", "p-cpe:/a:novell:opensuse:python-vte", "p-cpe:/a:novell:opensuse:libvte2_90-9", "p-cpe:/a:novell:opensuse:vte-debugsource", "p-cpe:/a:novell:opensuse:gnome-pty-helper", "p-cpe:/a:novell:opensuse:gnome-pty-helper-debuginfo"], "id": "OPENSUSE-2012-471.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=74696", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2012-471.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(74696);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2018/11/10 11:50:00\");\n\n script_cve_id(\"CVE-2011-2198\", \"CVE-2012-2738\");\n\n script_name(english:\"openSUSE Security Update : vte/gnome-terminal (openSUSE-SU-2012:0931-1)\");\n script_summary(english:\"Check for the openSUSE-2012-471 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - Add vte-CVE-2011-2198.patch: fix memory exhaustion\n through malicious escape sequences. Fix bnc#699214,\n CVE-2011-2198 (openSUSE 11.4 only).\n\n - Add vte-CVE-2012-2738.patch: fix potential DoS through\n malicious escape sequences. Fix bnc#772761,\n CVE-2012-2738.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=699214\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=772761\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2012-08/msg00001.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected vte/gnome-terminal packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:glade-catalog-vte\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:glade3-catalog-vte\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:gnome-pty-helper\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:gnome-pty-helper-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libvte2_90-9\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libvte2_90-9-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libvte9\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libvte9-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python-vte\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python-vte-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:vte-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:vte-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:vte-lang\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:vte-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:vte-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:12.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/07/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.4|SUSE12\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.4 / 12.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.4\", reference:\"glade3-catalog-vte-0.26.2-5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"libvte9-0.26.2-5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"libvte9-debuginfo-0.26.2-5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"python-vte-0.26.2-5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"python-vte-debuginfo-0.26.2-5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"vte-debugsource-0.26.2-5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"vte-devel-0.26.2-5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"vte-lang-0.26.2-5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"vte-tools-0.26.2-5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"vte-tools-debuginfo-0.26.2-5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"glade-catalog-vte-0.30.1-2.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"gnome-pty-helper-0.30.1-2.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"gnome-pty-helper-debuginfo-0.30.1-2.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libvte2_90-9-0.30.1-2.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libvte2_90-9-debuginfo-0.30.1-2.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"vte-debugsource-0.30.1-2.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"vte-devel-0.30.1-2.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"vte-lang-0.30.1-2.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"vte-tools-0.30.1-2.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"vte-tools-debuginfo-0.30.1-2.4.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"glade3-catalog-vte / libvte9 / libvte9-debuginfo / python-vte / etc\");\n}\n", "cvss": {"score": 4.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-09-02T00:08:49", "references": ["https://security.gentoo.org/glsa/201412-10"], "pluginID": "79963", "description": "The remote host is affected by the vulnerability described in GLSA-201412-10 (Multiple packages, Multiple vulnerabilities fixed in 2012)\n\n Vulnerabilities have been discovered in the packages listed below.\n Please review the CVE identifiers in the Reference section for details.\n EGroupware VTE Layer Four Traceroute (LFT) Suhosin Slock Ganglia Jabber to GaduGadu Gateway Impact :\n\n A context-dependent attacker may be able to gain escalated privileges, execute arbitrary code, cause Denial of Service, obtain sensitive information, or otherwise bypass security restrictions.\n Workaround :\n\n There is no known workaround at this time.", "edition": 4, "reporter": "Tenable", "published": "2014-12-15T00:00:00", "title": "GLSA-201412-10 : Multiple packages, Multiple vulnerabilities fixed in 2012", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Gentoo Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-2198", "CVE-2010-3314", "CVE-2012-2738", "CVE-2010-2713", "CVE-2012-1620", "CVE-2012-3448", "CVE-2008-4776", "CVE-2012-0808", "CVE-2010-3313", "CVE-2012-0807", "CVE-2011-0765"], "modified": "2015-04-13T00:00:00", "cpe": ["p-cpe:/a:gentoo:linux:egroupware", "p-cpe:/a:gentoo:linux:ganglia", "p-cpe:/a:gentoo:linux:suhosin", "cpe:/o:gentoo:linux", "p-cpe:/a:gentoo:linux:slock", "p-cpe:/a:gentoo:linux:gg-transport", "p-cpe:/a:gentoo:linux:lft", "p-cpe:/a:gentoo:linux:vte"], "id": "GENTOO_GLSA-201412-10.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=79963", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 201412-10.\n#\n# The advisory text is Copyright (C) 2001-2015 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(79963);\n script_version(\"$Revision: 1.4 $\");\n script_cvs_date(\"$Date: 2015/04/13 14:33:56 $\");\n\n script_cve_id(\"CVE-2008-4776\", \"CVE-2010-2713\", \"CVE-2010-3313\", \"CVE-2010-3314\", \"CVE-2011-0765\", \"CVE-2011-2198\", \"CVE-2012-0807\", \"CVE-2012-0808\", \"CVE-2012-1620\", \"CVE-2012-2738\", \"CVE-2012-3448\");\n script_bugtraq_id(41716, 46477, 48645, 51574, 52642, 52922, 54281, 54699);\n script_xref(name:\"GLSA\", value:\"201412-10\");\n\n script_name(english:\"GLSA-201412-10 : Multiple packages, Multiple vulnerabilities fixed in 2012\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-201412-10\n(Multiple packages, Multiple vulnerabilities fixed in 2012)\n\n Vulnerabilities have been discovered in the packages listed below.\n Please review the CVE identifiers in the Reference section for details.\n EGroupware\n VTE\n Layer Four Traceroute (LFT)\n Suhosin\n Slock\n Ganglia\n Jabber to GaduGadu Gateway\n \nImpact :\n\n A context-dependent attacker may be able to gain escalated privileges,\n execute arbitrary code, cause Denial of Service, obtain sensitive\n information, or otherwise bypass security restrictions.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/201412-10\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All EGroupware users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose\n '>=www-apps/egroupware-1.8.004.20120613'\n All VTE 0.32 users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=x11-libs/vte-0.32.2'\n All VTE 0.28 users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=x11-libs/vte-0.28.2-r204'\n All Layer Four Traceroute users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=net-analyzer/lft-3.33'\n All Suhosin users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=dev-php/suhosin-0.9.33'\n All Slock users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=x11-misc/slock-1.0'\n All Ganglia users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=sys-cluster/ganglia-3.3.7'\n All Jabber to GaduGadu Gateway users should upgrade to the latest\n version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=net-im/gg-transport-2.2.4'\n NOTE: This is a legacy GLSA. Updates for all affected architectures have\n been available since 2013. It is likely that your system is already no\n longer affected by these issues.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(119);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:egroupware\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:ganglia\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:gg-transport\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:lft\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:slock\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:suhosin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:vte\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/12/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/12/15\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2015 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"dev-php/suhosin\", unaffected:make_list(\"ge 0.9.33\"), vulnerable:make_list(\"lt 0.9.33\"))) flag++;\nif (qpkg_check(package:\"net-im/gg-transport\", unaffected:make_list(\"ge 2.2.4\"), vulnerable:make_list(\"lt 2.2.4\"))) flag++;\nif (qpkg_check(package:\"sys-cluster/ganglia\", unaffected:make_list(\"ge 3.3.7\"), vulnerable:make_list(\"lt 3.3.7\"))) flag++;\nif (qpkg_check(package:\"x11-misc/slock\", unaffected:make_list(\"ge 1.0\"), vulnerable:make_list(\"lt 1.0\"))) flag++;\nif (qpkg_check(package:\"www-apps/egroupware\", unaffected:make_list(\"ge 1.8.004.20120613\"), vulnerable:make_list(\"lt 1.8.004.20120613\"))) flag++;\nif (qpkg_check(package:\"net-analyzer/lft\", unaffected:make_list(\"ge 3.33\"), vulnerable:make_list(\"lt 3.33\"))) flag++;\nif (qpkg_check(package:\"x11-libs/vte\", unaffected:make_list(\"ge 0.32.2\", \"rge 0.28.2-r204\", \"rge 0.28.2-r206\"), vulnerable:make_list(\"lt 0.32.2\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"dev-php/suhosin / net-im/gg-transport / sys-cluster/ganglia / etc\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "exploitdb": [{"lastseen": "2016-02-04T05:55:20", "osvdbidlist": ["84337"], "_object_types": ["robots.models.exploitdb.ExploitDbBulletin", "robots.models.base.Bulletin"], "references": [], "description": "gnome-terminal (vte) VteTerminal Escape Sequence Parsing Remote DoS. CVE-2012-2738. Dos exploit for linux platform", "reporter": "Kevin Fenzi", "published": "2012-07-03T00:00:00", "type": "exploitdb", "title": "gnome-terminal vte VteTerminal Escape Sequence Parsing Remote DoS", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "exploit", "cvelist": ["CVE-2012-2738"], "_object_type": "robots.models.exploitdb.ExploitDbBulletin", "modified": "2012-07-03T00:00:00", "id": "EDB-ID:37477", "href": "https://www.exploit-db.com/exploits/37477/", "sourceData": "source: http://www.securityfocus.com/bid/54281/info\r\n\r\nVTE is prone to a vulnerability that may allow attackers to cause an affected application to consume excessive amounts of memory and CPU time, resulting in a denial-of-service condition. \r\n\r\necho -en \"\\e[2147483647L\"\r\necho -en \"\\e[2147483647M\"\r\necho -en \"\\e[2147483647P\" ", "cvss": {"score": 4.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:NONE/I:NONE/A:PARTIAL/"}, "sourceHref": "https://www.exploit-db.com/download/37477/"}], "gentoo": [{"lastseen": "2016-09-06T19:47:02", "references": ["http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3314", "https://bugs.gentoo.org/show_bug.cgi?id=401645", "https://bugs.gentoo.org/show_bug.cgi?id=427802", "https://bugs.gentoo.org/show_bug.cgi?id=371320", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0765", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4776", "https://bugs.gentoo.org/show_bug.cgi?id=358787", "https://bugs.gentoo.org/show_bug.cgi?id=428776", "https://bugs.gentoo.org/show_bug.cgi?id=399427", "https://bugs.gentoo.org/show_bug.cgi?id=372905", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3313", "https://bugs.gentoo.org/show_bug.cgi?id=334475", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2738", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3448", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1620", "https://bugs.gentoo.org/show_bug.cgi?id=284536", "https://bugs.gentoo.org/show_bug.cgi?id=300903", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0808", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2198", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0807", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2713"], "affectedPackage": [{"OS": "Gentoo", "OSVersion": "any", "packageVersion": "0.9.33", "packageName": "dev-php/suhosin", "packageFilename": "UNKNOWN", "arch": "all", "operator": "lt"}, {"OS": "Gentoo", "OSVersion": "any", "packageVersion": "1.0", "packageName": "x11-misc/slock", "packageFilename": "UNKNOWN", "arch": "all", "operator": "lt"}, {"OS": "Gentoo", "OSVersion": "any", "packageVersion": "0.32.2", "packageName": "x11-libs/vte", "packageFilename": "UNKNOWN", "arch": "all", "operator": "lt"}, {"OS": "Gentoo", "OSVersion": "any", "packageVersion": "3.3.7", "packageName": "sys-cluster/ganglia", "packageFilename": "UNKNOWN", "arch": "all", "operator": "lt"}, {"OS": "Gentoo", "OSVersion": "any", "packageVersion": "1.8.004.20120613", "packageName": "www-apps/egroupware", "packageFilename": "UNKNOWN", "arch": "all", "operator": "lt"}, {"OS": "Gentoo", "OSVersion": "any", "packageVersion": "2.2.4", "packageName": "net-im/gg-transport", "packageFilename": "UNKNOWN", "arch": "all", "operator": "lt"}, {"OS": "Gentoo", "OSVersion": "any", "packageVersion": "3.33", "packageName": "net-analyzer/lft", "packageFilename": "UNKNOWN", "arch": "all", "operator": "lt"}], "description": "### Background\n\nFor more information on the packages listed in this GLSA, please see their homepage referenced in the ebuild. \n\n### Description\n\nVulnerabilities have been discovered in the packages listed below. Please review the CVE identifiers in the Reference section for details. \n\n * EGroupware\n * VTE\n * Layer Four Traceroute (LFT)\n * Suhosin\n * Slock\n * Ganglia\n * Jabber to GaduGadu Gateway\n\n### Impact\n\nA context-dependent attacker may be able to gain escalated privileges, execute arbitrary code, cause Denial of Service, obtain sensitive information, or otherwise bypass security restrictions. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll EGroupware users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose\n \">=www-apps/egroupware-1.8.004.20120613\"\n \n\nAll VTE 0.32 users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=x11-libs/vte-0.32.2\"\n \n\nAll VTE 0.28 users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=x11-libs/vte-0.28.2-r204\"\n \n\nAll Layer Four Traceroute users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=net-analyzer/lft-3.33\"\n \n\nAll Suhosin users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev-php/suhosin-0.9.33\"\n \n\nAll Slock users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=x11-misc/slock-1.0\"\n \n\nAll Ganglia users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=sys-cluster/ganglia-3.3.7\"\n \n\nAll Jabber to GaduGadu Gateway users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=net-im/gg-transport-2.2.4\"\n \n\nNOTE: This is a legacy GLSA. Updates for all affected architectures have been available since 2013. It is likely that your system is already no longer affected by these issues.", "edition": 1, "reporter": "Gentoo Foundation", "published": "2014-12-11T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "type": "gentoo", "title": "Multiple packages, Multiple vulnerabilities fixed in 2012", "bulletinFamily": "unix", "cvelist": ["CVE-2011-2198", "CVE-2010-3314", "CVE-2012-2738", "CVE-2010-2713", "CVE-2012-1620", "CVE-2012-3448", "CVE-2008-4776", "CVE-2012-0808", "CVE-2010-3313", "CVE-2012-0807", "CVE-2011-0765"], "modified": "2014-12-11T00:00:00", "id": "GLSA-201412-10", "href": "https://security.gentoo.org/glsa/201412-10", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}]}