Search...

openSUSE Security Update : gnome-terminal (openSUSE-SU-2012:0933-1)

2014-06-13T00:00:00

ID OPENSUSE-2012-472.NASL
Type nessus
Reporter Tenable
Modified 2014-06-13T00:00:00

Description

Add vte-CVE-2012-2738.patch: fix potential DoS through malicious escape sequences. Fix bnc#772761, CVE-2012-2738.

                                        
                                            #
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from openSUSE Security Update openSUSE-2012-472.
#
# The text description of this plugin is (C) SUSE LLC.
#

include("compat.inc");

if (description)
{
  script_id(74697);
  script_version("$Revision: 1.1 $");
  script_cvs_date("$Date: 2014/06/13 20:53:55 $");

  script_cve_id("CVE-2012-2738");

  script_name(english:"openSUSE Security Update : gnome-terminal (openSUSE-SU-2012:0933-1)");
  script_summary(english:"Check for the openSUSE-2012-472 patch");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote openSUSE host is missing a security update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Add vte-CVE-2012-2738.patch: fix potential DoS through malicious
escape sequences. Fix bnc#772761, CVE-2012-2738."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://lists.opensuse.org/opensuse-updates/2012-08/msg00003.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=772761"
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Update the affected gnome-terminal packages."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:P");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:glade3-catalog-vte");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libvte9");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libvte9-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:python-vte");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:python-vte-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:vte2-debugsource");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:vte2-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:vte2-lang");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:vte2-tools");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:vte2-tools-debuginfo");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:12.1");

  script_set_attribute(attribute:"patch_publication_date", value:"2012/07/27");
  script_set_attribute(attribute:"plugin_publication_date", value:"2014/06/13");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2014 Tenable Network Security, Inc.");
  script_family(english:"SuSE Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
if (release !~ "^(SUSE12\.1)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "12.1", release);
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

ourarch = get_kb_item("Host/cpu");
if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);

flag = 0;

if ( rpm_check(release:"SUSE12.1", reference:"glade3-catalog-vte-0.28.2-4.4.1") ) flag++;
if ( rpm_check(release:"SUSE12.1", reference:"libvte9-0.28.2-4.4.1") ) flag++;
if ( rpm_check(release:"SUSE12.1", reference:"libvte9-debuginfo-0.28.2-4.4.1") ) flag++;
if ( rpm_check(release:"SUSE12.1", reference:"python-vte-0.28.2-4.4.1") ) flag++;
if ( rpm_check(release:"SUSE12.1", reference:"python-vte-debuginfo-0.28.2-4.4.1") ) flag++;
if ( rpm_check(release:"SUSE12.1", reference:"vte2-debugsource-0.28.2-4.4.1") ) flag++;
if ( rpm_check(release:"SUSE12.1", reference:"vte2-devel-0.28.2-4.4.1") ) flag++;
if ( rpm_check(release:"SUSE12.1", reference:"vte2-lang-0.28.2-4.4.1") ) flag++;
if ( rpm_check(release:"SUSE12.1", reference:"vte2-tools-0.28.2-4.4.1") ) flag++;
if ( rpm_check(release:"SUSE12.1", reference:"vte2-tools-debuginfo-0.28.2-4.4.1") ) flag++;

if (flag)
{
  if (report_verbosity &gt; 0) security_warning(port:0, extra:rpm_report_get());
  else security_warning(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "gnome-terminal");
}

JSON Vulners Source

Initial Source

{"published": "2014-06-13T00:00:00", "id": "OPENSUSE-2012-472.NASL", "cvss": {"score": 4.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:NONE/I:NONE/A:PARTIAL/"}, "history": [{"differentElements": ["cpe"], "edition": 1, "lastseen": "2016-09-26T17:23:41", "bulletin": {"enchantments": {}, "published": "2014-06-13T00:00:00", "id": "OPENSUSE-2012-472.NASL", "cvss": {"score": 4.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:NONE/I:NONE/A:PARTIAL/"}, "history": [], "cpe": [], "hash": "744c69688a1cc614e3fe5107a66b1e18a8da03e555b27ee40f019bee7c540ec0", "description": "Add vte-CVE-2012-2738.patch: fix potential DoS through malicious escape sequences. Fix bnc#772761, CVE-2012-2738.", "type": "nessus", "pluginID": "74697", "lastseen": "2016-09-26T17:23:41", "edition": 1, "title": "openSUSE Security Update : gnome-terminal (openSUSE-SU-2012:0933-1)", "href": "https://www.tenable.com/plugins/index.php?view=single&id=74697", "modified": "2014-06-13T00:00:00", "bulletinFamily": "scanner", "viewCount": 0, "cvelist": ["CVE-2012-2738"], "references": ["http://lists.opensuse.org/opensuse-updates/2012-08/msg00003.html", "https://bugzilla.novell.com/show_bug.cgi?id=772761"], "naslFamily": "SuSE Local Security Checks", "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2012-472.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(74697);\n script_version(\"$Revision: 1.1 $\");\n script_cvs_date(\"$Date: 2014/06/13 20:53:55 $\");\n\n script_cve_id(\"CVE-2012-2738\");\n\n script_name(english:\"openSUSE Security Update : gnome-terminal (openSUSE-SU-2012:0933-1)\");\n script_summary(english:\"Check for the openSUSE-2012-472 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Add vte-CVE-2012-2738.patch: fix potential DoS through malicious\nescape sequences. Fix bnc#772761, CVE-2012-2738.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://lists.opensuse.org/opensuse-updates/2012-08/msg00003.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=772761\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected gnome-terminal packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:glade3-catalog-vte\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libvte9\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libvte9-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python-vte\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python-vte-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:vte2-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:vte2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:vte2-lang\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:vte2-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:vte2-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:12.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/07/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE12\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"12.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE12.1\", reference:\"glade3-catalog-vte-0.28.2-4.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libvte9-0.28.2-4.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libvte9-debuginfo-0.28.2-4.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"python-vte-0.28.2-4.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"python-vte-debuginfo-0.28.2-4.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"vte2-debugsource-0.28.2-4.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"vte2-devel-0.28.2-4.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"vte2-lang-0.28.2-4.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"vte2-tools-0.28.2-4.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"vte2-tools-debuginfo-0.28.2-4.4.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"gnome-terminal\");\n}\n", "hashmap": [{"hash": "1a7faccf9af0f3d00e3e029689bb7e0e", "key": "href"}, {"hash": "b8bf1a32b6eb39805a1cb05390584af1", "key": "cvelist"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "3f9bf8454abaa2e0e3f28554b591a8df", "key": "description"}, {"hash": "b87eaba112da2deea0be15ab2dcbeffd", "key": "pluginID"}, {"hash": "a06422cae0636adcab4550e3cb147fcd", "key": "references"}, {"hash": "02fcc0c238d215158fbaabb854c5b3df", "key": "modified"}, {"hash": "02fcc0c238d215158fbaabb854c5b3df", "key": "published"}, {"hash": "8733e153774217b21fb6f011df1f9cd5", "key": "title"}, {"hash": "3acd5c52298d52c7e188feeb289548b8", "key": "cvss"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "341422958122acbc86987e1203db67ff", "key": "sourceData"}, {"hash": "71a40666da62ba38d22539c8277870c7", "key": "naslFamily"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe"}], "objectVersion": "1.2"}}], "description": "Add vte-CVE-2012-2738.patch: fix potential DoS through malicious escape sequences. Fix bnc#772761, CVE-2012-2738.", "hash": "44833de2a5f12f8c538d7fd5b2d489a28146be18c20a2652893c3b95d3e432d4", "enchantments": {"vulnersScore": 2.1}, "type": "nessus", "pluginID": "74697", "lastseen": "2017-10-29T13:35:06", "edition": 2, "cpe": ["p-cpe:/a:novell:opensuse:vte2-tools", "cpe:/o:novell:opensuse:12.1", "p-cpe:/a:novell:opensuse:vte2-lang", "p-cpe:/a:novell:opensuse:libvte9", "p-cpe:/a:novell:opensuse:python-vte-debuginfo", "p-cpe:/a:novell:opensuse:libvte9-debuginfo", "p-cpe:/a:novell:opensuse:vte2-debugsource", "p-cpe:/a:novell:opensuse:glade3-catalog-vte", "p-cpe:/a:novell:opensuse:vte2-devel", "p-cpe:/a:novell:opensuse:python-vte", "p-cpe:/a:novell:opensuse:vte2-tools-debuginfo"], "title": "openSUSE Security Update : gnome-terminal (openSUSE-SU-2012:0933-1)", "href": "https://www.tenable.com/plugins/index.php?view=single&id=74697", "modified": "2014-06-13T00:00:00", "bulletinFamily": "scanner", "viewCount": 0, "cvelist": ["CVE-2012-2738"], "references": ["http://lists.opensuse.org/opensuse-updates/2012-08/msg00003.html", "https://bugzilla.novell.com/show_bug.cgi?id=772761"], "naslFamily": "SuSE Local Security Checks", "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2012-472.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(74697);\n script_version(\"$Revision: 1.1 $\");\n script_cvs_date(\"$Date: 2014/06/13 20:53:55 $\");\n\n script_cve_id(\"CVE-2012-2738\");\n\n script_name(english:\"openSUSE Security Update : gnome-terminal (openSUSE-SU-2012:0933-1)\");\n script_summary(english:\"Check for the openSUSE-2012-472 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Add vte-CVE-2012-2738.patch: fix potential DoS through malicious\nescape sequences. Fix bnc#772761, CVE-2012-2738.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://lists.opensuse.org/opensuse-updates/2012-08/msg00003.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=772761\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected gnome-terminal packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:glade3-catalog-vte\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libvte9\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libvte9-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python-vte\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python-vte-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:vte2-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:vte2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:vte2-lang\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:vte2-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:vte2-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:12.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/07/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE12\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"12.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE12.1\", reference:\"glade3-catalog-vte-0.28.2-4.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libvte9-0.28.2-4.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libvte9-debuginfo-0.28.2-4.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"python-vte-0.28.2-4.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"python-vte-debuginfo-0.28.2-4.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"vte2-debugsource-0.28.2-4.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"vte2-devel-0.28.2-4.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"vte2-lang-0.28.2-4.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"vte2-tools-0.28.2-4.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"vte2-tools-debuginfo-0.28.2-4.4.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"gnome-terminal\");\n}\n", "hashmap": [{"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "a407285d8592aa3eb7435e31db52eb68", "key": "cpe"}, {"hash": "b8bf1a32b6eb39805a1cb05390584af1", "key": "cvelist"}, {"hash": "3acd5c52298d52c7e188feeb289548b8", "key": "cvss"}, {"hash": "3f9bf8454abaa2e0e3f28554b591a8df", "key": "description"}, {"hash": "1a7faccf9af0f3d00e3e029689bb7e0e", "key": "href"}, {"hash": "02fcc0c238d215158fbaabb854c5b3df", "key": "modified"}, {"hash": "71a40666da62ba38d22539c8277870c7", "key": "naslFamily"}, {"hash": "b87eaba112da2deea0be15ab2dcbeffd", "key": "pluginID"}, {"hash": "02fcc0c238d215158fbaabb854c5b3df", "key": "published"}, {"hash": "a06422cae0636adcab4550e3cb147fcd", "key": "references"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "341422958122acbc86987e1203db67ff", "key": "sourceData"}, {"hash": "8733e153774217b21fb6f011df1f9cd5", "key": "title"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}], "objectVersion": "1.3"}

{"result": {"cve": [{"id": "CVE-2012-2738", "type": "cve", "title": "CVE-2012-2738", "description": "The VteTerminal in gnome-terminal (vte) before 0.32.2 allows remote authenticated users to cause a denial of service (long loop and CPU consumption) via an escape sequence with a large repeat count value.", "published": "2012-07-22T12:55:25", "cvss": {"score": 4.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-2738", "cvelist": ["CVE-2012-2738"], "lastseen": "2017-04-18T15:53:24"}], "nessus": [{"id": "FEDORA_2012-9575.NASL", "type": "nessus", "title": "Fedora 17 : vte-0.28.2-6.fc17 (2012-9575)", "description": "Fix for python bindings issues, and fix for CVE-2012-2738\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "published": "2012-07-05T00:00:00", "cvss": {"score": 4.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=59842", "cvelist": ["CVE-2012-2738"], "lastseen": "2017-10-29T13:34:57"}, {"id": "MANDRIVA_MDVSA-2013-135.NASL", "type": "nessus", "title": "Mandriva Linux Security Advisory : vte (MDVSA-2013:135)", "description": "Updated vte packages fix security vulnerability :\n\nA denial of service flaw was found in the way VTE, a terminal emulator widget, processed certain escape sequences with large repeat counts. A remote attacker could provide a specially crafted file, which once opened in a terminal using the VTE terminal emulator could lead to excessive CPU consumption (CVE-2012-2738).", "published": "2013-04-20T00:00:00", "cvss": {"score": 4.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=66147", "cvelist": ["CVE-2012-2738"], "lastseen": "2017-10-29T13:43:12"}, {"id": "FEDORA_2012-9546.NASL", "type": "nessus", "title": "Fedora 16 : vte-0.28.2-6.fc16 (2012-9546)", "description": "Fix to python bindings and a fix for CVE-2012-2738\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "published": "2012-07-05T00:00:00", "cvss": {"score": 4.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=59841", "cvelist": ["CVE-2012-2738"], "lastseen": "2017-10-29T13:33:33"}, {"id": "OPENSUSE-2012-471.NASL", "type": "nessus", "title": "openSUSE Security Update : vte/gnome-terminal (openSUSE-SU-2012:0931-1)", "description": "- Add vte-CVE-2011-2198.patch: fix memory exhaustion through malicious escape sequences. Fix bnc#699214, CVE-2011-2198 (openSUSE 11.4 only).\n\n - Add vte-CVE-2012-2738.patch: fix potential DoS through malicious escape sequences. Fix bnc#772761, CVE-2012-2738.", "published": "2014-06-13T00:00:00", "cvss": {"score": 4.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=74696", "cvelist": ["CVE-2011-2198", "CVE-2012-2738"], "lastseen": "2017-10-29T13:34:41"}, {"id": "GENTOO_GLSA-201412-10.NASL", "type": "nessus", "title": "GLSA-201412-10 : Multiple packages, Multiple vulnerabilities fixed in 2012", "description": "The remote host is affected by the vulnerability described in GLSA-201412-10 (Multiple packages, Multiple vulnerabilities fixed in 2012)\n\n Vulnerabilities have been discovered in the packages listed below.\n Please review the CVE identifiers in the Reference section for details.\n EGroupware VTE Layer Four Traceroute (LFT) Suhosin Slock Ganglia Jabber to GaduGadu Gateway Impact :\n\n A context-dependent attacker may be able to gain escalated privileges, execute arbitrary code, cause Denial of Service, obtain sensitive information, or otherwise bypass security restrictions.\n Workaround :\n\n There is no known workaround at this time.", "published": "2014-12-15T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=79963", "cvelist": ["CVE-2011-2198", "CVE-2010-3314", "CVE-2012-2738", "CVE-2010-2713", "CVE-2012-1620", "CVE-2012-3448", "CVE-2008-4776", "CVE-2012-0808", "CVE-2010-3313", "CVE-2012-0807", "CVE-2011-0765"], "lastseen": "2017-10-29T13:45:19"}], "openvas": [{"id": "OPENVAS:864530", "type": "openvas", "title": "Fedora Update for vte FEDORA-2012-9546", "description": "Check for the Version of vte", "published": "2012-07-06T00:00:00", "cvss": {"score": 4.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=864530", "cvelist": ["CVE-2012-2738"], "lastseen": "2018-01-02T10:56:52"}, {"id": "OPENVAS:1361412562310864529", "type": "openvas", "title": "Fedora Update for vte FEDORA-2012-9575", "description": "Check for the Version of vte", "published": "2012-08-30T00:00:00", "cvss": {"score": 4.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310864529", "cvelist": ["CVE-2012-2738"], "lastseen": "2018-04-06T11:16:22"}, {"id": "OPENVAS:864529", "type": "openvas", "title": "Fedora Update for vte FEDORA-2012-9575", "description": "Check for the Version of vte", "published": "2012-08-30T00:00:00", "cvss": {"score": 4.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=864529", "cvelist": ["CVE-2012-2738"], "lastseen": "2018-01-02T10:56:20"}, {"id": "OPENVAS:1361412562310864530", "type": "openvas", "title": "Fedora Update for vte FEDORA-2012-9546", "description": "Check for the Version of vte", "published": "2012-07-06T00:00:00", "cvss": {"score": 4.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310864530", "cvelist": ["CVE-2012-2738"], "lastseen": "2018-02-06T13:08:02"}, {"id": "OPENVAS:1361412562310121296", "type": "openvas", "title": "Gentoo Linux Local Check: https://security.gentoo.org/glsa/201412-10", "description": "Gentoo Linux Local Security Checks https://security.gentoo.org/glsa/201412-10", "published": "2015-09-29T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310121296", "cvelist": ["CVE-2011-2198", "CVE-2010-3314", "CVE-2012-2738", "CVE-2010-2713", "CVE-2012-1620", "CVE-2012-3448", "CVE-2008-4776", "CVE-2012-0808", "CVE-2010-3313", "CVE-2012-0807", "CVE-2011-0765"], "lastseen": "2018-04-09T11:27:17"}], "exploitdb": [{"id": "EDB-ID:37477", "type": "exploitdb", "title": "gnome-terminal vte VteTerminal Escape Sequence Parsing Remote DoS", "description": "gnome-terminal (vte) VteTerminal Escape Sequence Parsing Remote DoS. CVE-2012-2738. Dos exploit for linux platform", "published": "2012-07-03T00:00:00", "cvss": {"score": 4.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://www.exploit-db.com/exploits/37477/", "cvelist": ["CVE-2012-2738"], "lastseen": "2016-02-04T05:55:20"}], "gentoo": [{"id": "GLSA-201412-10", "type": "gentoo", "title": "Multiple packages, Multiple vulnerabilities fixed in 2012", "description": "### Background\n\nFor more information on the packages listed in this GLSA, please see their homepage referenced in the ebuild. \n\n### Description\n\nVulnerabilities have been discovered in the packages listed below. Please review the CVE identifiers in the Reference section for details. \n\n * EGroupware\n * VTE\n * Layer Four Traceroute (LFT)\n * Suhosin\n * Slock\n * Ganglia\n * Jabber to GaduGadu Gateway\n\n### Impact\n\nA context-dependent attacker may be able to gain escalated privileges, execute arbitrary code, cause Denial of Service, obtain sensitive information, or otherwise bypass security restrictions. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll EGroupware users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose\n \">=www-apps/egroupware-1.8.004.20120613\"\n \n\nAll VTE 0.32 users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=x11-libs/vte-0.32.2\"\n \n\nAll VTE 0.28 users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=x11-libs/vte-0.28.2-r204\"\n \n\nAll Layer Four Traceroute users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=net-analyzer/lft-3.33\"\n \n\nAll Suhosin users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev-php/suhosin-0.9.33\"\n \n\nAll Slock users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=x11-misc/slock-1.0\"\n \n\nAll Ganglia users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=sys-cluster/ganglia-3.3.7\"\n \n\nAll Jabber to GaduGadu Gateway users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=net-im/gg-transport-2.2.4\"\n \n\nNOTE: This is a legacy GLSA. Updates for all affected architectures have been available since 2013. It is likely that your system is already no longer affected by these issues.", "published": "2014-12-11T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://security.gentoo.org/glsa/201412-10", "cvelist": ["CVE-2011-2198", "CVE-2010-3314", "CVE-2012-2738", "CVE-2010-2713", "CVE-2012-1620", "CVE-2012-3448", "CVE-2008-4776", "CVE-2012-0808", "CVE-2010-3313", "CVE-2012-0807", "CVE-2011-0765"], "lastseen": "2016-09-06T19:47:02"}]}}