ID OPENSUSE-2012-472.NASL Type nessus Reporter This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof. Modified 2014-06-13T00:00:00
Description
Add vte-CVE-2012-2738.patch: fix potential DoS through malicious
escape sequences. Fix bnc#772761, CVE-2012-2738.
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from openSUSE Security Update openSUSE-2012-472.
#
# The text description of this plugin is (C) SUSE LLC.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(74697);
script_version("1.4");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/19");
script_cve_id("CVE-2012-2738");
script_name(english:"openSUSE Security Update : gnome-terminal (openSUSE-SU-2012:0933-1)");
script_summary(english:"Check for the openSUSE-2012-472 patch");
script_set_attribute(
attribute:"synopsis",
value:"The remote openSUSE host is missing a security update."
);
script_set_attribute(
attribute:"description",
value:
"Add vte-CVE-2012-2738.patch: fix potential DoS through malicious
escape sequences. Fix bnc#772761, CVE-2012-2738."
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.novell.com/show_bug.cgi?id=772761"
);
script_set_attribute(
attribute:"see_also",
value:"https://lists.opensuse.org/opensuse-updates/2012-08/msg00003.html"
);
script_set_attribute(
attribute:"solution",
value:"Update the affected gnome-terminal packages."
);
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:P");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:glade3-catalog-vte");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libvte9");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libvte9-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:python-vte");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:python-vte-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:vte2-debugsource");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:vte2-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:vte2-lang");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:vte2-tools");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:vte2-tools-debuginfo");
script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:12.1");
script_set_attribute(attribute:"patch_publication_date", value:"2012/07/27");
script_set_attribute(attribute:"plugin_publication_date", value:"2014/06/13");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_family(english:"SuSE Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
if (release !~ "^(SUSE12\.1)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "12.1", release);
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
ourarch = get_kb_item("Host/cpu");
if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);
flag = 0;
if ( rpm_check(release:"SUSE12.1", reference:"glade3-catalog-vte-0.28.2-4.4.1") ) flag++;
if ( rpm_check(release:"SUSE12.1", reference:"libvte9-0.28.2-4.4.1") ) flag++;
if ( rpm_check(release:"SUSE12.1", reference:"libvte9-debuginfo-0.28.2-4.4.1") ) flag++;
if ( rpm_check(release:"SUSE12.1", reference:"python-vte-0.28.2-4.4.1") ) flag++;
if ( rpm_check(release:"SUSE12.1", reference:"python-vte-debuginfo-0.28.2-4.4.1") ) flag++;
if ( rpm_check(release:"SUSE12.1", reference:"vte2-debugsource-0.28.2-4.4.1") ) flag++;
if ( rpm_check(release:"SUSE12.1", reference:"vte2-devel-0.28.2-4.4.1") ) flag++;
if ( rpm_check(release:"SUSE12.1", reference:"vte2-lang-0.28.2-4.4.1") ) flag++;
if ( rpm_check(release:"SUSE12.1", reference:"vte2-tools-0.28.2-4.4.1") ) flag++;
if ( rpm_check(release:"SUSE12.1", reference:"vte2-tools-debuginfo-0.28.2-4.4.1") ) flag++;
if (flag)
{
if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
else security_warning(0);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "gnome-terminal");
}
{"cve": [{"lastseen": "2021-02-02T05:59:49", "description": "The VteTerminal in gnome-terminal (vte) before 0.32.2 allows remote authenticated users to cause a denial of service (long loop and CPU consumption) via an escape sequence with a large repeat count value.", "edition": 6, "cvss3": {}, "published": "2012-07-22T16:55:00", "title": "CVE-2012-2738", "type": "cve", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.0, "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-2738"], "modified": "2016-10-26T01:59:00", "cpe": ["cpe:/a:nalin_dahyabhai:vte:0.20.0", "cpe:/a:nalin_dahyabhai:vte:0.10.27", "cpe:/a:nalin_dahyabhai:vte:0.10.19", "cpe:/a:nalin_dahyabhai:vte:0.16.14", "cpe:/a:nalin_dahyabhai:vte:0.10.1", "cpe:/a:nalin_dahyabhai:vte:0.29.0", "cpe:/a:nalin_dahyabhai:vte:0.30.1", "cpe:/a:nalin_dahyabhai:vte:0.10.7", "cpe:/a:nalin_dahyabhai:vte:0.20.5", "cpe:/a:nalin_dahyabhai:vte:0.19.4", "cpe:/a:nalin_dahyabhai:vte:0.10.17", "cpe:/a:nalin_dahyabhai:vte:0.13.0", "cpe:/a:nalin_dahyabhai:vte:0.21.2", "cpe:/a:nalin_dahyabhai:vte:0.22.5", "cpe:/a:nalin_dahyabhai:vte:0.10", "cpe:/a:nalin_dahyabhai:vte:0.11.2", "cpe:/a:nalin_dahyabhai:vte:0.10.20", "cpe:/a:nalin_dahyabhai:vte:0.16.6", "cpe:/a:nalin_dahyabhai:vte:0.29.1", "cpe:/a:nalin_dahyabhai:vte:0.11.1", "cpe:/a:nalin_dahyabhai:vte:0.22.4", "cpe:/a:nalin_dahyabhai:vte:0.13.4", "cpe:/a:nalin_dahyabhai:vte:0.14.2", "cpe:/a:nalin_dahyabhai:vte:0.10.13", "cpe:/a:nalin_dahyabhai:vte:0.10.11", "cpe:/a:nalin_dahyabhai:vte:0.16.8", "cpe:/a:nalin_dahyabhai:vte:0.10.16", "cpe:/a:nalin_dahyabhai:vte:0.15.6", "cpe:/a:nalin_dahyabhai:vte:0.19.1", "cpe:/a:nalin_dahyabhai:vte:0.12.1", "cpe:/a:nalin_dahyabhai:vte:0.10.6", "cpe:/a:nalin_dahyabhai:vte:0.16.12", "cpe:/a:nalin_dahyabhai:vte:0.23.2", "cpe:/a:nalin_dahyabhai:vte:0.21.7", "cpe:/a:nalin_dahyabhai:vte:0.11.12", "cpe:/a:nalin_dahyabhai:vte:0.27.5", "cpe:/a:nalin_dahyabhai:vte:0.23.3", "cpe:/a:nalin_dahyabhai:vte:0.15.1", "cpe:/a:nalin_dahyabhai:vte:0.12.2", "cpe:/a:nalin_dahyabhai:vte:0.26.1", "cpe:/a:nalin_dahyabhai:vte:0.11.6", "cpe:/a:nalin_dahyabhai:vte:0.24.2", "cpe:/a:nalin_dahyabhai:vte:0.10.5", "cpe:/a:nalin_dahyabhai:vte:0.23.4", "cpe:/a:nalin_dahyabhai:vte:0.10.26", "cpe:/a:nalin_dahyabhai:vte:0.16.9", "cpe:/a:nalin_dahyabhai:vte:0.11.21", "cpe:/a:nalin_dahyabhai:vte:0.10.15", "cpe:/a:nalin_dahyabhai:vte:0.15.0", "cpe:/a:nalin_dahyabhai:vte:0.23.5", "cpe:/a:nalin_dahyabhai:vte:0.27.1", "cpe:/a:nalin_dahyabhai:vte:0.16.0", "cpe:/a:nalin_dahyabhai:vte:0.17.2", "cpe:/a:nalin_dahyabhai:vte:0.10.21", "cpe:/a:nalin_dahyabhai:vte:0.10.28", "cpe:/a:nalin_dahyabhai:vte:0.22.0", "cpe:/a:nalin_dahyabhai:vte:0.16.11", "cpe:/a:nalin_dahyabhai:vte:0.11.7", "cpe:/a:nalin_dahyabhai:vte:0.12.0", "cpe:/a:nalin_dahyabhai:vte:0.11.4", "cpe:/a:nalin_dahyabhai:vte:0.17.4", "cpe:/a:nalin_dahyabhai:vte:0.10.25", "cpe:/a:nalin_dahyabhai:vte:0.10.8", "cpe:/a:nalin_dahyabhai:vte:0.11.3", "cpe:/a:nalin_dahyabhai:vte:0.13.3", "cpe:/a:nalin_dahyabhai:vte:0.15.4", "cpe:/a:nalin_dahyabhai:vte:0.26.2", "cpe:/a:nalin_dahyabhai:vte:0.15.2", "cpe:/a:nalin_dahyabhai:vte:0.22.3", "cpe:/a:nalin_dahyabhai:vte:0.16.13", "cpe:/a:nalin_dahyabhai:vte:0.16.1", "cpe:/a:nalin_dahyabhai:vte:0.10.12", "cpe:/a:nalin_dahyabhai:vte:0.11.15", "cpe:/a:nalin_dahyabhai:vte:0.22.1", "cpe:/a:nalin_dahyabhai:vte:0.19.2", "cpe:/a:nalin_dahyabhai:vte:0.15.5", "cpe:/a:nalin_dahyabhai:vte:0.13.5", "cpe:/a:nalin_dahyabhai:vte:0.11.16", "cpe:/a:nalin_dahyabhai:vte:0.14.0", "cpe:/a:nalin_dahyabhai:vte:0.9.2", "cpe:/a:nalin_dahyabhai:vte:0.10.23", "cpe:/a:nalin_dahyabhai:vte:0.15.3", "cpe:/a:nalin_dahyabhai:vte:0.16.2", "cpe:/a:nalin_dahyabhai:vte:0.21.6", "cpe:/a:nalin_dahyabhai:vte:0.16.7", "cpe:/a:nalin_dahyabhai:vte:0.11.11", "cpe:/a:nalin_dahyabhai:vte:0.25.1", "cpe:/a:nalin_dahyabhai:vte:0.10.14", "cpe:/a:nalin_dahyabhai:vte:0.24.3", "cpe:/a:nalin_dahyabhai:vte:0.30.0", "cpe:/a:nalin_dahyabhai:vte:0.27.0", "cpe:/a:nalin_dahyabhai:vte:0.11.19", "cpe:/a:nalin_dahyabhai:vte:0.17.1", "cpe:/a:nalin_dahyabhai:vte:0.20.3", "cpe:/a:nalin_dahyabhai:vte:0.20.4", "cpe:/a:nalin_dahyabhai:vte:0.11.17", "cpe:/a:nalin_dahyabhai:vte:0.13.7", "cpe:/a:nalin_dahyabhai:vte:0.20.2", "cpe:/a:nalin_dahyabhai:vte:0.24.0", "cpe:/a:nalin_dahyabhai:vte:0.10.22", "cpe:/a:nalin_dahyabhai:vte:0.11.13", "cpe:/a:nalin_dahyabhai:vte:0.10.10", "cpe:/a:nalin_dahyabhai:vte:0.16.10", "cpe:/a:nalin_dahyabhai:vte:0.16.3", "cpe:/a:nalin_dahyabhai:vte:0.11.8", "cpe:/a:nalin_dahyabhai:vte:0.20.1", "cpe:/a:nalin_dahyabhai:vte:0.10.9", "cpe:/a:nalin_dahyabhai:vte:0.17.3", "cpe:/a:nalin_dahyabhai:vte:0.32.0", "cpe:/a:nalin_dahyabhai:vte:0.27.3", "cpe:/a:nalin_dahyabhai:vte:0.11.14", "cpe:/a:nalin_dahyabhai:vte:0.27.2", "cpe:/a:nalin_dahyabhai:vte:0.13.1", "cpe:/a:nalin_dahyabhai:vte:0.24.1", "cpe:/a:nalin_dahyabhai:vte:0.25.90", "cpe:/a:nalin_dahyabhai:vte:0.11.9", "cpe:/a:nalin_dahyabhai:vte:0.28.0", "cpe:/a:nalin_dahyabhai:vte:0.13.6", "cpe:/a:nalin_dahyabhai:vte:0.16.5", "cpe:/a:nalin_dahyabhai:vte:0.31.0", "cpe:/a:nalin_dahyabhai:vte:0.21.5", "cpe:/a:nalin_dahyabhai:vte:0.11.20", "cpe:/a:nalin_dahyabhai:vte:0.28.1", "cpe:/a:nalin_dahyabhai:vte:0.11.0", "cpe:/a:nalin_dahyabhai:vte:0.14.1", "cpe:/a:nalin_dahyabhai:vte:0.10.2", "cpe:/a:nalin_dahyabhai:vte:0.21.3", "cpe:/a:nalin_dahyabhai:vte:0.10.3", "cpe:/a:nalin_dahyabhai:vte:0.23.1", "cpe:/a:nalin_dahyabhai:vte:0.16.4", "cpe:/a:nalin_dahyabhai:vte:0.9.0", "cpe:/a:nalin_dahyabhai:vte:0.11.5", "cpe:/a:nalin_dahyabhai:vte:0.27.90", "cpe:/a:nalin_dahyabhai:vte:0.10.4", "cpe:/a:nalin_dahyabhai:vte:0.27.4", "cpe:/a:nalin_dahyabhai:vte:0.26.0", "cpe:/a:nalin_dahyabhai:vte:0.28.2", "cpe:/a:nalin_dahyabhai:vte:0.32.1", "cpe:/a:nalin_dahyabhai:vte:0.21.1", "cpe:/a:nalin_dahyabhai:vte:0.13.2", "cpe:/a:nalin_dahyabhai:vte:0.19.3", "cpe:/a:nalin_dahyabhai:vte:0.11.10", "cpe:/a:nalin_dahyabhai:vte:0.11.18", "cpe:/a:nalin_dahyabhai:vte:0.10.29", "cpe:/a:nalin_dahyabhai:vte:0.25.91", "cpe:/a:nalin_dahyabhai:vte:0.22.2", "cpe:/a:nalin_dahyabhai:vte:0.21.4"], "id": "CVE-2012-2738", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-2738", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:nalin_dahyabhai:vte:0.10.17:*:*:*:*:*:*:*", "cpe:2.3:a:nalin_dahyabhai:vte:0.13.0:*:*:*:*:*:*:*", "cpe:2.3:a:nalin_dahyabhai:vte:0.16.0:*:*:*:*:*:*:*", "cpe:2.3:a:nalin_dahyabhai:vte:0.19.3:*:*:*:*:*:*:*", "cpe:2.3:a:nalin_dahyabhai:vte:0.12.2:*:*:*:*:*:*:*", "cpe:2.3:a:nalin_dahyabhai:vte:0.11.15:*:*:*:*:*:*:*", "cpe:2.3:a:nalin_dahyabhai:vte:0.12.1:*:*:*:*:*:*:*", "cpe:2.3:a:nalin_dahyabhai:vte:0.10.13:*:*:*:*:*:*:*", "cpe:2.3:a:nalin_dahyabhai:vte:0.17.1:*:*:*:*:*:*:*", "cpe:2.3:a:nalin_dahyabhai:vte:0.22.4:*:*:*:*:*:*:*", "cpe:2.3:a:nalin_dahyabhai:vte:0.10.19:*:*:*:*:*:*:*", "cpe:2.3:a:nalin_dahyabhai:vte:0.16.3:*:*:*:*:*:*:*", "cpe:2.3:a:nalin_dahyabhai:vte:0.16.6:*:*:*:*:*:*:*", "cpe:2.3:a:nalin_dahyabhai:vte:0.30.0:*:*:*:*:*:*:*", "cpe:2.3:a:nalin_dahyabhai:vte:0.24.2:*:*:*:*:*:*:*", "cpe:2.3:a:nalin_dahyabhai:vte:0.20.5:*:*:*:*:*:*:*", "cpe:2.3:a:nalin_dahyabhai:vte:0.10.6:*:*:*:*:*:*:*", "cpe:2.3:a:nalin_dahyabhai:vte:0.16.4:*:*:*:*:*:*:*", "cpe:2.3:a:nalin_dahyabhai:vte:0.26.2:*:*:*:*:*:*:*", "cpe:2.3:a:nalin_dahyabhai:vte:0.11.4:*:*:*:*:*:*:*", "cpe:2.3:a:nalin_dahyabhai:vte:0.16.8:*:*:*:*:*:*:*", "cpe:2.3:a:nalin_dahyabhai:vte:0.27.90:*:*:*:*:*:*:*", "cpe:2.3:a:nalin_dahyabhai:vte:0.10.3:*:*:*:*:*:*:*", "cpe:2.3:a:nalin_dahyabhai:vte:0.15.5:*:*:*:*:*:*:*", "cpe:2.3:a:nalin_dahyabhai:vte:0.13.5:*:*:*:*:*:*:*", "cpe:2.3:a:nalin_dahyabhai:vte:0.21.7:*:*:*:*:*:*:*", "cpe:2.3:a:nalin_dahyabhai:vte:0.29.0:*:*:*:*:*:*:*", "cpe:2.3:a:nalin_dahyabhai:vte:0.16.9:*:*:*:*:*:*:*", "cpe:2.3:a:nalin_dahyabhai:vte:0.10.29:*:*:*:*:*:*:*", "cpe:2.3:a:nalin_dahyabhai:vte:0.10.11:*:*:*:*:*:*:*", "cpe:2.3:a:nalin_dahyabhai:vte:0.31.0:*:*:*:*:*:*:*", "cpe:2.3:a:nalin_dahyabhai:vte:0.13.6:*:*:*:*:*:*:*", "cpe:2.3:a:nalin_dahyabhai:vte:0.15.2:*:*:*:*:*:*:*", "cpe:2.3:a:nalin_dahyabhai:vte:0.22.3:*:*:*:*:*:*:*", "cpe:2.3:a:nalin_dahyabhai:vte:0.15.0:*:*:*:*:*:*:*", "cpe:2.3:a:nalin_dahyabhai:vte:0.11.8:*:*:*:*:*:*:*", "cpe:2.3:a:nalin_dahyabhai:vte:0.16.14:*:*:*:*:*:*:*", "cpe:2.3:a:nalin_dahyabhai:vte:0.11.19:*:*:*:*:*:*:*", "cpe:2.3:a:nalin_dahyabhai:vte:0.23.4:*:*:*:*:*:*:*", "cpe:2.3:a:nalin_dahyabhai:vte:0.28.1:*:*:*:*:*:*:*", "cpe:2.3:a:nalin_dahyabhai:vte:0.27.2:*:*:*:*:*:*:*", "cpe:2.3:a:nalin_dahyabhai:vte:0.21.4:*:*:*:*:*:*:*", "cpe:2.3:a:nalin_dahyabhai:vte:0.10.25:*:*:*:*:*:*:*", "cpe:2.3:a:nalin_dahyabhai:vte:0.16.2:*:*:*:*:*:*:*", "cpe:2.3:a:nalin_dahyabhai:vte:0.10.9:*:*:*:*:*:*:*", "cpe:2.3:a:nalin_dahyabhai:vte:0.10.22:*:*:*:*:*:*:*", "cpe:2.3:a:nalin_dahyabhai:vte:0.23.1:*:*:*:*:*:*:*", "cpe:2.3:a:nalin_dahyabhai:vte:0.10.15:*:*:*:*:*:*:*", "cpe:2.3:a:nalin_dahyabhai:vte:0.10.7:*:*:*:*:*:*:*", "cpe:2.3:a:nalin_dahyabhai:vte:0.11.12:*:*:*:*:*:*:*", "cpe:2.3:a:nalin_dahyabhai:vte:0.27.3:*:*:*:*:*:*:*", "cpe:2.3:a:nalin_dahyabhai:vte:0.21.2:*:*:*:*:*:*:*", "cpe:2.3:a:nalin_dahyabhai:vte:0.21.3:*:*:*:*:*:*:*", "cpe:2.3:a:nalin_dahyabhai:vte:0.14.0:*:*:*:*:*:*:*", "cpe:2.3:a:nalin_dahyabhai:vte:0.15.4:*:*:*:*:*:*:*", "cpe:2.3:a:nalin_dahyabhai:vte:0.20.4:*:*:*:*:*:*:*", "cpe:2.3:a:nalin_dahyabhai:vte:0.11.11:*:*:*:*:*:*:*", "cpe:2.3:a:nalin_dahyabhai:vte:0.23.3:*:*:*:*:*:*:*", "cpe:2.3:a:nalin_dahyabhai:vte:0.10.21:*:*:*:*:*:*:*", "cpe:2.3:a:nalin_dahyabhai:vte:0.10.23:*:*:*:*:*:*:*", "cpe:2.3:a:nalin_dahyabhai:vte:0.22.1:*:*:*:*:*:*:*", "cpe:2.3:a:nalin_dahyabhai:vte:0.10.12:*:*:*:*:*:*:*", "cpe:2.3:a:nalin_dahyabhai:vte:0.11.6:*:*:*:*:*:*:*", "cpe:2.3:a:nalin_dahyabhai:vte:0.24.1:*:*:*:*:*:*:*", "cpe:2.3:a:nalin_dahyabhai:vte:0.15.1:*:*:*:*:*:*:*", "cpe:2.3:a:nalin_dahyabhai:vte:0.17.4:*:*:*:*:*:*:*", "cpe:2.3:a:nalin_dahyabhai:vte:0.23.2:*:*:*:*:*:*:*", "cpe:2.3:a:nalin_dahyabhai:vte:0.25.90:*:*:*:*:*:*:*", "cpe:2.3:a:nalin_dahyabhai:vte:0.11.5:*:*:*:*:*:*:*", "cpe:2.3:a:nalin_dahyabhai:vte:0.27.1:*:*:*:*:*:*:*", "cpe:2.3:a:nalin_dahyabhai:vte:0.10.27:*:*:*:*:*:*:*", "cpe:2.3:a:nalin_dahyabhai:vte:0.17.3:*:*:*:*:*:*:*", "cpe:2.3:a:nalin_dahyabhai:vte:0.17.2:*:*:*:*:*:*:*", "cpe:2.3:a:nalin_dahyabhai:vte:0.29.1:*:*:*:*:*:*:*", "cpe:2.3:a:nalin_dahyabhai:vte:0.26.1:*:*:*:*:*:*:*", "cpe:2.3:a:nalin_dahyabhai:vte:0.10.2:*:*:*:*:*:*:*", "cpe:2.3:a:nalin_dahyabhai:vte:0.16.13:*:*:*:*:*:*:*", "cpe:2.3:a:nalin_dahyabhai:vte:0.10.10:*:*:*:*:*:*:*", "cpe:2.3:a:nalin_dahyabhai:vte:0.24.3:*:*:*:*:*:*:*", "cpe:2.3:a:nalin_dahyabhai:vte:0.11.18:*:*:*:*:*:*:*", "cpe:2.3:a:nalin_dahyabhai:vte:0.11.7:*:*:*:*:*:*:*", "cpe:2.3:a:nalin_dahyabhai:vte:0.22.5:*:*:*:*:*:*:*", "cpe:2.3:a:nalin_dahyabhai:vte:0.11.2:*:*:*:*:*:*:*", "cpe:2.3:a:nalin_dahyabhai:vte:0.30.1:*:*:*:*:*:*:*", "cpe:2.3:a:nalin_dahyabhai:vte:0.28.0:*:*:*:*:*:*:*", "cpe:2.3:a:nalin_dahyabhai:vte:0.25.1:*:*:*:*:*:*:*", "cpe:2.3:a:nalin_dahyabhai:vte:0.26.0:*:*:*:*:*:*:*", "cpe:2.3:a:nalin_dahyabhai:vte:0.16.1:*:*:*:*:*:*:*", "cpe:2.3:a:nalin_dahyabhai:vte:0.13.7:*:*:*:*:*:*:*", "cpe:2.3:a:nalin_dahyabhai:vte:0.16.7:*:*:*:*:*:*:*", "cpe:2.3:a:nalin_dahyabhai:vte:0.25.91:*:*:*:*:*:*:*", "cpe:2.3:a:nalin_dahyabhai:vte:0.9.0:*:*:*:*:*:*:*", "cpe:2.3:a:nalin_dahyabhai:vte:0.24.0:*:*:*:*:*:*:*", "cpe:2.3:a:nalin_dahyabhai:vte:0.13.3:*:*:*:*:*:*:*", "cpe:2.3:a:nalin_dahyabhai:vte:0.10.8:*:*:*:*:*:*:*", "cpe:2.3:a:nalin_dahyabhai:vte:0.19.4:*:*:*:*:*:*:*", "cpe:2.3:a:nalin_dahyabhai:vte:0.9.2:*:*:*:*:*:*:*", "cpe:2.3:a:nalin_dahyabhai:vte:0.23.5:*:*:*:*:*:*:*", "cpe:2.3:a:nalin_dahyabhai:vte:0.10:*:*:*:*:*:*:*", "cpe:2.3:a:nalin_dahyabhai:vte:0.14.1:*:*:*:*:*:*:*", "cpe:2.3:a:nalin_dahyabhai:vte:0.16.10:*:*:*:*:*:*:*", "cpe:2.3:a:nalin_dahyabhai:vte:0.11.3:*:*:*:*:*:*:*", "cpe:2.3:a:nalin_dahyabhai:vte:0.11.20:*:*:*:*:*:*:*", "cpe:2.3:a:nalin_dahyabhai:vte:0.19.1:*:*:*:*:*:*:*", "cpe:2.3:a:nalin_dahyabhai:vte:0.10.20:*:*:*:*:*:*:*", "cpe:2.3:a:nalin_dahyabhai:vte:0.20.2:*:*:*:*:*:*:*", "cpe:2.3:a:nalin_dahyabhai:vte:0.27.5:*:*:*:*:*:*:*", "cpe:2.3:a:nalin_dahyabhai:vte:0.32.1:*:*:*:*:*:*:*", "cpe:2.3:a:nalin_dahyabhai:vte:0.21.5:*:*:*:*:*:*:*", "cpe:2.3:a:nalin_dahyabhai:vte:0.15.3:*:*:*:*:*:*:*", "cpe:2.3:a:nalin_dahyabhai:vte:0.10.1:*:*:*:*:*:*:*", "cpe:2.3:a:nalin_dahyabhai:vte:0.10.5:*:*:*:*:*:*:*", "cpe:2.3:a:nalin_dahyabhai:vte:0.13.1:*:*:*:*:*:*:*", "cpe:2.3:a:nalin_dahyabhai:vte:0.15.6:*:*:*:*:*:*:*", "cpe:2.3:a:nalin_dahyabhai:vte:0.27.4:*:*:*:*:*:*:*", "cpe:2.3:a:nalin_dahyabhai:vte:0.11.21:*:*:*:*:*:*:*", "cpe:2.3:a:nalin_dahyabhai:vte:0.22.0:*:*:*:*:*:*:*", "cpe:2.3:a:nalin_dahyabhai:vte:0.16.12:*:*:*:*:*:*:*", "cpe:2.3:a:nalin_dahyabhai:vte:0.10.26:*:*:*:*:*:*:*", "cpe:2.3:a:nalin_dahyabhai:vte:0.10.14:*:*:*:*:*:*:*", "cpe:2.3:a:nalin_dahyabhai:vte:0.11.1:*:*:*:*:*:*:*", "cpe:2.3:a:nalin_dahyabhai:vte:0.20.3:*:*:*:*:*:*:*", "cpe:2.3:a:nalin_dahyabhai:vte:0.11.9:*:*:*:*:*:*:*", "cpe:2.3:a:nalin_dahyabhai:vte:0.14.2:*:*:*:*:*:*:*", "cpe:2.3:a:nalin_dahyabhai:vte:0.21.1:*:*:*:*:*:*:*", "cpe:2.3:a:nalin_dahyabhai:vte:0.10.16:*:*:*:*:*:*:*", "cpe:2.3:a:nalin_dahyabhai:vte:0.22.2:*:*:*:*:*:*:*", "cpe:2.3:a:nalin_dahyabhai:vte:0.13.4:*:*:*:*:*:*:*", "cpe:2.3:a:nalin_dahyabhai:vte:0.11.17:*:*:*:*:*:*:*", "cpe:2.3:a:nalin_dahyabhai:vte:0.28.2:*:*:*:*:*:*:*", "cpe:2.3:a:nalin_dahyabhai:vte:0.11.0:*:*:*:*:*:*:*", "cpe:2.3:a:nalin_dahyabhai:vte:0.11.14:*:*:*:*:*:*:*", "cpe:2.3:a:nalin_dahyabhai:vte:0.27.0:*:*:*:*:*:*:*", "cpe:2.3:a:nalin_dahyabhai:vte:0.11.16:*:*:*:*:*:*:*", "cpe:2.3:a:nalin_dahyabhai:vte:0.10.4:*:*:*:*:*:*:*", "cpe:2.3:a:nalin_dahyabhai:vte:0.20.1:*:*:*:*:*:*:*", "cpe:2.3:a:nalin_dahyabhai:vte:0.12.0:*:*:*:*:*:*:*", "cpe:2.3:a:nalin_dahyabhai:vte:0.16.11:*:*:*:*:*:*:*", "cpe:2.3:a:nalin_dahyabhai:vte:0.32.0:*:*:*:*:*:*:*", "cpe:2.3:a:nalin_dahyabhai:vte:0.19.2:*:*:*:*:*:*:*", "cpe:2.3:a:nalin_dahyabhai:vte:0.11.10:*:*:*:*:*:*:*", "cpe:2.3:a:nalin_dahyabhai:vte:0.11.13:*:*:*:*:*:*:*", "cpe:2.3:a:nalin_dahyabhai:vte:0.20.0:*:*:*:*:*:*:*", "cpe:2.3:a:nalin_dahyabhai:vte:0.16.5:*:*:*:*:*:*:*", "cpe:2.3:a:nalin_dahyabhai:vte:0.21.6:*:*:*:*:*:*:*", "cpe:2.3:a:nalin_dahyabhai:vte:0.10.28:*:*:*:*:*:*:*", "cpe:2.3:a:nalin_dahyabhai:vte:0.13.2:*:*:*:*:*:*:*"]}], "openvas": [{"lastseen": "2019-05-29T18:39:20", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-2738"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2012-07-06T00:00:00", "id": "OPENVAS:1361412562310864530", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310864530", "type": "openvas", "title": "Fedora Update for vte FEDORA-2012-9546", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for vte FEDORA-2012-9546\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.fedoraproject.org/pipermail/package-announce/2012-July/083398.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.864530\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-07-06 09:58:30 +0530 (Fri, 06 Jul 2012)\");\n script_cve_id(\"CVE-2012-2738\");\n script_tag(name:\"cvss_base\", value:\"4.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:N/I:N/A:P\");\n script_xref(name:\"FEDORA\", value:\"2012-9546\");\n script_name(\"Fedora Update for vte FEDORA-2012-9546\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'vte'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC16\");\n script_tag(name:\"affected\", value:\"vte on Fedora 16\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC16\")\n{\n\n if ((res = isrpmvuln(pkg:\"vte\", rpm:\"vte~0.28.2~6.fc16\", rls:\"FC16\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P"}}, {"lastseen": "2018-01-02T10:56:20", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-2738"], "description": "Check for the Version of vte", "modified": "2017-12-28T00:00:00", "published": "2012-08-30T00:00:00", "id": "OPENVAS:864529", "href": "http://plugins.openvas.org/nasl.php?oid=864529", "type": "openvas", "title": "Fedora Update for vte FEDORA-2012-9575", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for vte FEDORA-2012-9575\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"vte on Fedora 17\";\ntag_insight = \"VTE is a terminal emulator widget for use with GTK+ 2.0.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2012-July/083403.html\");\n script_id(864529);\n script_version(\"$Revision: 8253 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-28 07:29:51 +0100 (Thu, 28 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-08-30 09:58:29 +0530 (Thu, 30 Aug 2012)\");\n script_cve_id(\"CVE-2012-2738\");\n script_tag(name:\"cvss_base\", value:\"4.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:N/I:N/A:P\");\n script_xref(name: \"FEDORA\", value: \"2012-9575\");\n script_name(\"Fedora Update for vte FEDORA-2012-9575\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of vte\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC17\")\n{\n\n if ((res = isrpmvuln(pkg:\"vte\", rpm:\"vte~0.28.2~6.fc17\", rls:\"FC17\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 4.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:39:16", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-2738"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2012-08-30T00:00:00", "id": "OPENVAS:1361412562310864529", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310864529", "type": "openvas", "title": "Fedora Update for vte FEDORA-2012-9575", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for vte FEDORA-2012-9575\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.fedoraproject.org/pipermail/package-announce/2012-July/083403.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.864529\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-08-30 09:58:29 +0530 (Thu, 30 Aug 2012)\");\n script_cve_id(\"CVE-2012-2738\");\n script_tag(name:\"cvss_base\", value:\"4.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:N/I:N/A:P\");\n script_xref(name:\"FEDORA\", value:\"2012-9575\");\n script_name(\"Fedora Update for vte FEDORA-2012-9575\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'vte'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC17\");\n script_tag(name:\"affected\", value:\"vte on Fedora 17\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC17\")\n{\n\n if ((res = isrpmvuln(pkg:\"vte\", rpm:\"vte~0.28.2~6.fc17\", rls:\"FC17\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P"}}, {"lastseen": "2018-01-02T10:56:52", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-2738"], "description": "Check for the Version of vte", "modified": "2017-12-27T00:00:00", "published": "2012-07-06T00:00:00", "id": "OPENVAS:864530", "href": "http://plugins.openvas.org/nasl.php?oid=864530", "type": "openvas", "title": "Fedora Update for vte FEDORA-2012-9546", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for vte FEDORA-2012-9546\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"vte on Fedora 16\";\ntag_insight = \"VTE is a terminal emulator widget for use with GTK+ 2.0.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2012-July/083398.html\");\n script_id(864530);\n script_version(\"$Revision: 8249 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-27 07:29:56 +0100 (Wed, 27 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-07-06 09:58:30 +0530 (Fri, 06 Jul 2012)\");\n script_cve_id(\"CVE-2012-2738\");\n script_tag(name:\"cvss_base\", value:\"4.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:N/I:N/A:P\");\n script_xref(name: \"FEDORA\", value: \"2012-9546\");\n script_name(\"Fedora Update for vte FEDORA-2012-9546\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of vte\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC16\")\n{\n\n if ((res = isrpmvuln(pkg:\"vte\", rpm:\"vte~0.28.2~6.fc16\", rls:\"FC16\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 4.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:36:20", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-2198", "CVE-2010-3314", "CVE-2012-2738", "CVE-2010-2713", "CVE-2012-1620", "CVE-2012-3448", "CVE-2008-4776", "CVE-2012-0808", "CVE-2010-3313", "CVE-2012-0807", "CVE-2011-0765"], "description": "Gentoo Linux Local Security Checks GLSA 201412-10", "modified": "2018-10-26T00:00:00", "published": "2015-09-29T00:00:00", "id": "OPENVAS:1361412562310121296", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310121296", "type": "openvas", "title": "Gentoo Security Advisory GLSA 201412-10", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: glsa-201412-10.nasl 12128 2018-10-26 13:35:25Z cfischer $\n#\n# Gentoo Linux security check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.121296\");\n script_version(\"$Revision: 12128 $\");\n script_tag(name:\"creation_date\", value:\"2015-09-29 11:28:08 +0300 (Tue, 29 Sep 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-26 15:35:25 +0200 (Fri, 26 Oct 2018) $\");\n script_name(\"Gentoo Security Advisory GLSA 201412-10\");\n script_tag(name:\"insight\", value:\"Vulnerabilities have been discovered in the packages listed below. Please review the CVE identifiers in the Reference section for details.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://security.gentoo.org/glsa/201412-10\");\n script_cve_id(\"CVE-2008-4776\", \"CVE-2010-2713\", \"CVE-2010-3313\", \"CVE-2010-3314\", \"CVE-2011-0765\", \"CVE-2011-2198\", \"CVE-2012-0807\", \"CVE-2012-0808\", \"CVE-2012-1620\", \"CVE-2012-2738\", \"CVE-2012-3448\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"summary\", value:\"Gentoo Linux Local Security Checks GLSA 201412-10\");\n script_copyright(\"Eero Volotinen\");\n script_family(\"Gentoo Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-gentoo.inc\");\n\nres = \"\";\nreport = \"\";\n\nif((res=ispkgvuln(pkg:\"www-apps/egroupware\", unaffected: make_list(\"ge 1.8.004.20120613\"), vulnerable: make_list(\"lt 1.8.004.20120613\"))) != NULL) {\n\n report += res;\n}\nif((res=ispkgvuln(pkg:\"x11-libs/vte\", unaffected: make_list(\"ge 0.32.2\"), vulnerable: make_list() )) != NULL) {\n\n report += res;\n}\nif((res=ispkgvuln(pkg:\"x11-libs/vte\", unaffected: make_list(\"ge 0.28.2-r204\"), vulnerable: make_list() )) != NULL) {\n\n report += res;\n}\nif((res=ispkgvuln(pkg:\"x11-libs/vte\", unaffected: make_list(\"ge 0.28.2-r206\"), vulnerable: make_list() )) != NULL) {\n\n report += res;\n}\nif((res=ispkgvuln(pkg:\"x11-libs/vte\", unaffected: make_list(), vulnerable: make_list(\"lt 0.32.2\"))) != NULL) {\n\n report += res;\n}\nif((res=ispkgvuln(pkg:\"net-analyzer/lft\", unaffected: make_list(\"ge 3.33\"), vulnerable: make_list(\"lt 3.33\"))) != NULL) {\n\n report += res;\n}\nif((res=ispkgvuln(pkg:\"dev-php/suhosin\", unaffected: make_list(\"ge 0.9.33\"), vulnerable: make_list(\"lt 0.9.33\"))) != NULL) {\n\n report += res;\n}\nif((res=ispkgvuln(pkg:\"x11-misc/slock\", unaffected: make_list(\"ge 1.0\"), vulnerable: make_list(\"lt 1.0\"))) != NULL) {\n\n report += res;\n}\nif((res=ispkgvuln(pkg:\"sys-cluster/ganglia\", unaffected: make_list(\"ge 3.3.7\"), vulnerable: make_list(\"lt 3.3.7\"))) != NULL) {\n\n report += res;\n}\nif((res=ispkgvuln(pkg:\"net-im/gg-transport\", unaffected: make_list(\"ge 2.2.4\"), vulnerable: make_list(\"lt 2.2.4\"))) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "exploitdb": [{"lastseen": "2016-02-04T05:55:20", "description": "gnome-terminal (vte) VteTerminal Escape Sequence Parsing Remote DoS. CVE-2012-2738. Dos exploit for linux platform", "published": "2012-07-03T00:00:00", "type": "exploitdb", "title": "gnome-terminal vte VteTerminal Escape Sequence Parsing Remote DoS", "bulletinFamily": "exploit", "cvelist": ["CVE-2012-2738"], "modified": "2012-07-03T00:00:00", "id": "EDB-ID:37477", "href": "https://www.exploit-db.com/exploits/37477/", "sourceData": "source: http://www.securityfocus.com/bid/54281/info\r\n\r\nVTE is prone to a vulnerability that may allow attackers to cause an affected application to consume excessive amounts of memory and CPU time, resulting in a denial-of-service condition. \r\n\r\necho -en \"\\e[2147483647L\"\r\necho -en \"\\e[2147483647M\"\r\necho -en \"\\e[2147483647P\" ", "cvss": {"score": 4.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:NONE/I:NONE/A:PARTIAL/"}, "sourceHref": "https://www.exploit-db.com/download/37477/"}], "nessus": [{"lastseen": "2021-01-07T11:54:09", "description": "Updated vte packages fix security vulnerability :\n\nA denial of service flaw was found in the way VTE, a terminal emulator\nwidget, processed certain escape sequences with large repeat counts. A\nremote attacker could provide a specially crafted file, which once\nopened in a terminal using the VTE terminal emulator could lead to\nexcessive CPU consumption (CVE-2012-2738).", "edition": 24, "published": "2013-04-20T00:00:00", "title": "Mandriva Linux Security Advisory : vte (MDVSA-2013:135)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-2738"], "modified": "2013-04-20T00:00:00", "cpe": ["p-cpe:/a:mandriva:linux:lib64vte9", "cpe:/o:mandriva:business_server:1", "p-cpe:/a:mandriva:linux:lib64vte-devel", "p-cpe:/a:mandriva:linux:lib64vte-gir0.0", "p-cpe:/a:mandriva:linux:vte", "p-cpe:/a:mandriva:linux:python-vte"], "id": "MANDRIVA_MDVSA-2013-135.NASL", "href": "https://www.tenable.com/plugins/nessus/66147", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2013:135. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(66147);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2012-2738\");\n script_bugtraq_id(54281);\n script_xref(name:\"MDVSA\", value:\"2013:135\");\n script_xref(name:\"MGASA\", value:\"2012-0163\");\n\n script_name(english:\"Mandriva Linux Security Advisory : vte (MDVSA-2013:135)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated vte packages fix security vulnerability :\n\nA denial of service flaw was found in the way VTE, a terminal emulator\nwidget, processed certain escape sequences with large repeat counts. A\nremote attacker could provide a specially crafted file, which once\nopened in a terminal using the VTE terminal emulator could lead to\nexcessive CPU consumption (CVE-2012-2738).\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:ND\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64vte-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64vte-gir0.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64vte9\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:python-vte\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:vte\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:business_server:1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/04/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/04/20\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"lib64vte-devel-0.28.2-5.1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"lib64vte-gir0.0-0.28.2-5.1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"lib64vte9-0.28.2-5.1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"python-vte-0.28.2-5.1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"vte-0.28.2-5.1.mbs1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P"}}, {"lastseen": "2021-01-12T10:10:44", "description": "Fix for python bindings issues, and fix for CVE-2012-2738\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 13, "published": "2012-07-05T00:00:00", "title": "Fedora 17 : vte-0.28.2-6.fc17 (2012-9575)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-2738"], "modified": "2012-07-05T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:17", "p-cpe:/a:fedoraproject:fedora:vte"], "id": "FEDORA_2012-9575.NASL", "href": "https://www.tenable.com/plugins/nessus/59842", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2012-9575.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(59842);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2012-2738\");\n script_xref(name:\"FEDORA\", value:\"2012-9575\");\n\n script_name(english:\"Fedora 17 : vte-0.28.2-6.fc17 (2012-9575)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Fix for python bindings issues, and fix for CVE-2012-2738\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=832356\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2012-July/083403.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?763bd559\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected vte package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:vte\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:17\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/06/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/07/05\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^17([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 17.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC17\", reference:\"vte-0.28.2-6.fc17\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"vte\");\n}\n", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P"}}, {"lastseen": "2021-01-12T10:10:44", "description": "Fix to python bindings and a fix for CVE-2012-2738\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 13, "published": "2012-07-05T00:00:00", "title": "Fedora 16 : vte-0.28.2-6.fc16 (2012-9546)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-2738"], "modified": "2012-07-05T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:vte", "cpe:/o:fedoraproject:fedora:16"], "id": "FEDORA_2012-9546.NASL", "href": "https://www.tenable.com/plugins/nessus/59841", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2012-9546.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(59841);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2012-2738\");\n script_xref(name:\"FEDORA\", value:\"2012-9546\");\n\n script_name(english:\"Fedora 16 : vte-0.28.2-6.fc16 (2012-9546)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Fix to python bindings and a fix for CVE-2012-2738\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=832356\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2012-July/083398.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?6d512b0f\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected vte package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:vte\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:16\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/06/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/07/05\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^16([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 16.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC16\", reference:\"vte-0.28.2-6.fc16\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"vte\");\n}\n", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P"}}, {"lastseen": "2021-01-20T12:25:21", "description": " - Add vte-CVE-2011-2198.patch: fix memory exhaustion\n through malicious escape sequences. Fix bnc#699214,\n CVE-2011-2198 (openSUSE 11.4 only).\n\n - Add vte-CVE-2012-2738.patch: fix potential DoS through\n malicious escape sequences. Fix bnc#772761,\n CVE-2012-2738.", "edition": 19, "published": "2014-06-13T00:00:00", "title": "openSUSE Security Update : vte/gnome-terminal (openSUSE-SU-2012:0931-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-2198", "CVE-2012-2738"], "modified": "2014-06-13T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:vte-tools", "p-cpe:/a:novell:opensuse:vte-lang", "cpe:/o:novell:opensuse:12.1", "p-cpe:/a:novell:opensuse:libvte2_90-9-debuginfo", "p-cpe:/a:novell:opensuse:vte-tools-debuginfo", "p-cpe:/a:novell:opensuse:vte-devel", "p-cpe:/a:novell:opensuse:glade-catalog-vte", "p-cpe:/a:novell:opensuse:libvte2_90-9", "p-cpe:/a:novell:opensuse:vte-debugsource", "p-cpe:/a:novell:opensuse:gnome-pty-helper", "p-cpe:/a:novell:opensuse:gnome-pty-helper-debuginfo"], "id": "OPENSUSE-2012-471.NASL", "href": "https://www.tenable.com/plugins/nessus/74696", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2012-471.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(74696);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2011-2198\", \"CVE-2012-2738\");\n\n script_name(english:\"openSUSE Security Update : vte/gnome-terminal (openSUSE-SU-2012:0931-1)\");\n script_summary(english:\"Check for the openSUSE-2012-471 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - Add vte-CVE-2011-2198.patch: fix memory exhaustion\n through malicious escape sequences. Fix bnc#699214,\n CVE-2011-2198 (openSUSE 11.4 only).\n\n - Add vte-CVE-2012-2738.patch: fix potential DoS through\n malicious escape sequences. Fix bnc#772761,\n CVE-2012-2738.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=699214\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=772761\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2012-08/msg00001.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected vte/gnome-terminal packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:glade-catalog-vte\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:gnome-pty-helper\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:gnome-pty-helper-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libvte2_90-9\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libvte2_90-9-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:vte-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:vte-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:vte-lang\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:vte-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:vte-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:12.1\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/07/22\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/07/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE12\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"12.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE12.1\", reference:\"glade-catalog-vte-0.30.1-2.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"gnome-pty-helper-0.30.1-2.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"gnome-pty-helper-debuginfo-0.30.1-2.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libvte2_90-9-0.30.1-2.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libvte2_90-9-debuginfo-0.30.1-2.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"vte-debugsource-0.30.1-2.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"vte-devel-0.30.1-2.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"vte-lang-0.30.1-2.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"vte-tools-0.30.1-2.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"vte-tools-debuginfo-0.30.1-2.4.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"glade-catalog-vte / gnome-pty-helper / gnome-pty-helper-debuginfo / etc\");\n}\n", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P"}}, {"lastseen": "2021-01-07T10:56:33", "description": "The remote host is affected by the vulnerability described in GLSA-201412-10\n(Multiple packages, Multiple vulnerabilities fixed in 2012)\n\n Vulnerabilities have been discovered in the packages listed below.\n Please review the CVE identifiers in the Reference section for details.\n EGroupware\n VTE\n Layer Four Traceroute (LFT)\n Suhosin\n Slock\n Ganglia\n Jabber to GaduGadu Gateway\n \nImpact :\n\n A context-dependent attacker may be able to gain escalated privileges,\n execute arbitrary code, cause Denial of Service, obtain sensitive\n information, or otherwise bypass security restrictions.\n \nWorkaround :\n\n There is no known workaround at this time.", "edition": 20, "published": "2014-12-15T00:00:00", "title": "GLSA-201412-10 : Multiple packages, Multiple vulnerabilities fixed in 2012", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-2198", "CVE-2010-3314", "CVE-2012-2738", "CVE-2010-2713", "CVE-2012-1620", "CVE-2012-3448", "CVE-2008-4776", "CVE-2012-0808", "CVE-2010-3313", "CVE-2012-0807", "CVE-2011-0765"], "modified": "2014-12-15T00:00:00", "cpe": ["p-cpe:/a:gentoo:linux:egroupware", "p-cpe:/a:gentoo:linux:ganglia", "p-cpe:/a:gentoo:linux:suhosin", "cpe:/o:gentoo:linux", "p-cpe:/a:gentoo:linux:slock", "p-cpe:/a:gentoo:linux:gg-transport", "p-cpe:/a:gentoo:linux:lft", "p-cpe:/a:gentoo:linux:vte"], "id": "GENTOO_GLSA-201412-10.NASL", "href": "https://www.tenable.com/plugins/nessus/79963", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 201412-10.\n#\n# The advisory text is Copyright (C) 2001-2019 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(79963);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2008-4776\", \"CVE-2010-2713\", \"CVE-2010-3313\", \"CVE-2010-3314\", \"CVE-2011-0765\", \"CVE-2011-2198\", \"CVE-2012-0807\", \"CVE-2012-0808\", \"CVE-2012-1620\", \"CVE-2012-2738\", \"CVE-2012-3448\");\n script_bugtraq_id(41716, 46477, 48645, 51574, 52642, 52922, 54281, 54699);\n script_xref(name:\"GLSA\", value:\"201412-10\");\n\n script_name(english:\"GLSA-201412-10 : Multiple packages, Multiple vulnerabilities fixed in 2012\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-201412-10\n(Multiple packages, Multiple vulnerabilities fixed in 2012)\n\n Vulnerabilities have been discovered in the packages listed below.\n Please review the CVE identifiers in the Reference section for details.\n EGroupware\n VTE\n Layer Four Traceroute (LFT)\n Suhosin\n Slock\n Ganglia\n Jabber to GaduGadu Gateway\n \nImpact :\n\n A context-dependent attacker may be able to gain escalated privileges,\n execute arbitrary code, cause Denial of Service, obtain sensitive\n information, or otherwise bypass security restrictions.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/201412-10\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All EGroupware users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose\n '>=www-apps/egroupware-1.8.004.20120613'\n All VTE 0.32 users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=x11-libs/vte-0.32.2'\n All VTE 0.28 users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=x11-libs/vte-0.28.2-r204'\n All Layer Four Traceroute users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=net-analyzer/lft-3.33'\n All Suhosin users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=dev-php/suhosin-0.9.33'\n All Slock users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=x11-misc/slock-1.0'\n All Ganglia users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=sys-cluster/ganglia-3.3.7'\n All Jabber to GaduGadu Gateway users should upgrade to the latest\n version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=net-im/gg-transport-2.2.4'\n NOTE: This is a legacy GLSA. Updates for all affected architectures have\n been available since 2013. It is likely that your system is already no\n longer affected by these issues.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(119);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:egroupware\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:ganglia\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:gg-transport\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:lft\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:slock\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:suhosin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:vte\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2008/10/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/12/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/12/15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"dev-php/suhosin\", unaffected:make_list(\"ge 0.9.33\"), vulnerable:make_list(\"lt 0.9.33\"))) flag++;\nif (qpkg_check(package:\"net-analyzer/lft\", unaffected:make_list(\"ge 3.33\"), vulnerable:make_list(\"lt 3.33\"))) flag++;\nif (qpkg_check(package:\"x11-libs/vte\", unaffected:make_list(\"ge 0.32.2\", \"rge 0.28.2-r204\", \"rge 0.28.2-r206\"), vulnerable:make_list(\"lt 0.32.2\"))) flag++;\nif (qpkg_check(package:\"net-im/gg-transport\", unaffected:make_list(\"ge 2.2.4\"), vulnerable:make_list(\"lt 2.2.4\"))) flag++;\nif (qpkg_check(package:\"sys-cluster/ganglia\", unaffected:make_list(\"ge 3.3.7\"), vulnerable:make_list(\"lt 3.3.7\"))) flag++;\nif (qpkg_check(package:\"x11-misc/slock\", unaffected:make_list(\"ge 1.0\"), vulnerable:make_list(\"lt 1.0\"))) flag++;\nif (qpkg_check(package:\"www-apps/egroupware\", unaffected:make_list(\"ge 1.8.004.20120613\"), vulnerable:make_list(\"lt 1.8.004.20120613\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"dev-php/suhosin / net-analyzer/lft / x11-libs/vte / etc\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "fedora": [{"lastseen": "2020-12-21T08:17:51", "bulletinFamily": "unix", "cvelist": ["CVE-2012-2738"], "description": "VTE is a terminal emulator widget for use with GTK+ 2.0. ", "modified": "2012-07-03T15:53:44", "published": "2012-07-03T15:53:44", "id": "FEDORA:6701E218F5", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 17 Update: vte-0.28.2-6.fc17", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P"}}, {"lastseen": "2020-12-21T08:17:51", "bulletinFamily": "unix", "cvelist": ["CVE-2012-2738"], "description": "VTE is a terminal emulator widget for use with GTK+ 2.0. ", "modified": "2012-07-03T15:51:53", "published": "2012-07-03T15:51:53", "id": "FEDORA:B75F321809", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 16 Update: vte-0.28.2-6.fc16", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P"}}], "gentoo": [{"lastseen": "2016-09-06T19:47:02", "bulletinFamily": "unix", "cvelist": ["CVE-2011-2198", "CVE-2010-3314", "CVE-2012-2738", "CVE-2010-2713", "CVE-2012-1620", "CVE-2012-3448", "CVE-2008-4776", "CVE-2012-0808", "CVE-2010-3313", "CVE-2012-0807", "CVE-2011-0765"], "description": "### Background\n\nFor more information on the packages listed in this GLSA, please see their homepage referenced in the ebuild. \n\n### Description\n\nVulnerabilities have been discovered in the packages listed below. Please review the CVE identifiers in the Reference section for details. \n\n * EGroupware\n * VTE\n * Layer Four Traceroute (LFT)\n * Suhosin\n * Slock\n * Ganglia\n * Jabber to GaduGadu Gateway\n\n### Impact\n\nA context-dependent attacker may be able to gain escalated privileges, execute arbitrary code, cause Denial of Service, obtain sensitive information, or otherwise bypass security restrictions. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll EGroupware users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose\n \">=www-apps/egroupware-1.8.004.20120613\"\n \n\nAll VTE 0.32 users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=x11-libs/vte-0.32.2\"\n \n\nAll VTE 0.28 users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=x11-libs/vte-0.28.2-r204\"\n \n\nAll Layer Four Traceroute users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=net-analyzer/lft-3.33\"\n \n\nAll Suhosin users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev-php/suhosin-0.9.33\"\n \n\nAll Slock users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=x11-misc/slock-1.0\"\n \n\nAll Ganglia users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=sys-cluster/ganglia-3.3.7\"\n \n\nAll Jabber to GaduGadu Gateway users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=net-im/gg-transport-2.2.4\"\n \n\nNOTE: This is a legacy GLSA. Updates for all affected architectures have been available since 2013. It is likely that your system is already no longer affected by these issues.", "edition": 1, "modified": "2014-12-11T00:00:00", "published": "2014-12-11T00:00:00", "id": "GLSA-201412-10", "href": "https://security.gentoo.org/glsa/201412-10", "type": "gentoo", "title": "Multiple packages, Multiple vulnerabilities fixed in 2012", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}]}