{"id": "OPENSUSE-2014-87.NASL", "bulletinFamily": "scanner", "title": "openSUSE Security Update : ack (openSUSE-SU-2014:0142-1)", "description": "- update to ack 2.12: fixes potential remote code\n execution via per-project .ackrc files [bnc#855340]\n [CVE-2013-7069]\n\n - prevents the --pager, --regex and --output options from\n being used from project-level ackrc files, preventing\n possible code execution when using ack through malicious\n files\n\n - --pager, --regex and --output options may still be used\n from the global /etc/ackrc, your own private ~/.ackrc,\n the ACK_OPTIONS environment variable, and of course from\n the command line.\n\n - Now ignores Eclipse .metadata directory.\n\n - includes changes form 2.11_02 :\n\n - upstream source mispackaging fix\n\n - includes changes from 2.11_01\n\n - Fixed a race condition in t/file-permission.t that was\n causing failures if tests were run in parallel.\n\n - includes changes from 2.10 :\n\n - Add --perltest for *.t files\n\n - Added Matlab support\n\n - More compatibility fixes for Perl 5.8.8.\n\n - includes changes from 2.08\n\n - ack now ignores CMake's build/cache directories by\n default\n\n - Add shebang matching for --lua files\n\n - Add documentation for --ackrc\n\n - Add Elixir filetype\n\n - Add --cathy option\n\n - Add some helpful debugging tips when an invalid option\n is found\n\n - Ignore PDF files by default, because Perl will detect\n them as text\n\n - Ignore .gif, .jpg, .jpeg and .png files. They won't\n normally be selected, but this is an optimization so\n that ack doesn't have to open them to know\n\n - Ack's colorizing of output would get confused with\n multiple sets of parentheses\n\n - Ack would get confused when trying to colorize the\n output in DOS-format files\n\n - includes changes from 2.05_01\n\n - We now ignore the node_modules directories created by\n npm\n\n - --pager without an argument implies --pager=$PAGER\n\n - --perl now recognizes Plack-style .psgi files\n\n - Added filetypes for Coffescript, JSON, LESS, and Sass.\n\n - Command-line options now override options set in ackrc\n files\n\n - ACK_PAGER and ACK_PAGER_COLOR now work as advertised.\n\n - Fix a bug resulting in uninitialized variable warnings\n when more than one capture group was specified in the\n search pattern\n\n - Make sure ack is happy to build and test under cron and\n other console-less environments.\n\n - packaging changes :\n\n - run more rests with IO::Pty\n\n - refresh ack-ignore-osc.patch for upstream changes\n\n - update project URL\n\n - port changes from devel:languages:perl ack by\n daxim@cpan.org :\n\n - correct metadata: licence, CPAN download, homepage\n\n - unset forced prefix - let Perl configuration and\n toolchain determine the prefix/install_base which will\n DTRT\n\n - bash completion is gone, remove dead code\n\n - modified patches :\n\n - ack-ignore-osc.patch adjust for upstream source changes", "published": "2014-06-13T00:00:00", "modified": "2018-11-10T00:00:00", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=75410", "reporter": "Tenable", "references": ["https://lists.opensuse.org/opensuse-updates/2014-01/msg00094.html", "https://bugzilla.novell.com/show_bug.cgi?id=855340"], "cvelist": ["CVE-2013-7069"], "type": "nessus", "lastseen": "2019-01-16T20:18:55", "history": [{"bulletin": {"bulletinFamily": "scanner", "cpe": [], "cvelist": ["CVE-2013-7069"], "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "description": "- update to ack 2.12: fixes potential remote code execution via per-project .ackrc files [bnc#855340] [CVE-2013-7069]\n\n - prevents the --pager, --regex and --output options from being used from project-level ackrc files, preventing possible code execution when using ack through malicious files\n\n - --pager, --regex and --output options may still be used from the global /etc/ackrc, your own private ~/.ackrc, the ACK_OPTIONS environment variable, and of course from the command line.\n\n - Now ignores Eclipse .metadata directory.\n\n - includes changes form 2.11_02 :\n\n - upstream source mispackaging fix\n\n - includes changes from 2.11_01\n\n - Fixed a race condition in t/file-permission.t that was causing failures if tests were run in parallel.\n\n - includes changes from 2.10 :\n\n - Add --perltest for *.t files\n\n - Added Matlab support\n\n - More compatibility fixes for Perl 5.8.8.\n\n - includes changes from 2.08\n\n - ack now ignores CMake's build/cache directories by default\n\n - Add shebang matching for --lua files\n\n - Add documentation for --ackrc\n\n - Add Elixir filetype\n\n - Add --cathy option\n\n - Add some helpful debugging tips when an invalid option is found\n\n - Ignore PDF files by default, because Perl will detect them as text\n\n - Ignore .gif, .jpg, .jpeg and .png files. They won't normally be selected, but this is an optimization so that ack doesn't have to open them to know\n\n - Ack's colorizing of output would get confused with multiple sets of parentheses\n\n - Ack would get confused when trying to colorize the output in DOS-format files\n\n - includes changes from 2.05_01\n\n - We now ignore the node_modules directories created by npm\n\n - --pager without an argument implies --pager=$PAGER\n\n - --perl now recognizes Plack-style .psgi files\n\n - Added filetypes for Coffescript, JSON, LESS, and Sass.\n\n - Command-line options now override options set in ackrc files\n\n - ACK_PAGER and ACK_PAGER_COLOR now work as advertised.\n\n - Fix a bug resulting in uninitialized variable warnings when more than one capture group was specified in the search pattern\n\n - Make sure ack is happy to build and test under cron and other console-less environments.\n\n - packaging changes :\n\n - run more rests with IO::Pty\n\n - refresh ack-ignore-osc.patch for upstream changes\n\n - update project URL\n\n - port changes from devel:languages:perl ack by daxim@cpan.org :\n\n - correct metadata: licence, CPAN download, homepage\n\n - unset forced prefix - let Perl configuration and toolchain determine the prefix/install_base which will DTRT\n\n - bash completion is gone, remove dead code\n\n - modified patches :\n\n - ack-ignore-osc.patch adjust for upstream source changes", "edition": 1, "enchantments": {}, "hash": "c25f32d34b9159d8a1b7448976466da872c9daa59e16cf3a71ee0d6786cf50e4", "hashmap": [{"hash": "a8c722af9842e386b84310e8b943349f", "key": "title"}, {"hash": "de4ff91b0f9f7ef703f46e53304d859f", "key": "references"}, {"hash": "e42060c8470058db2a9ecac8f4cc8c2c", "key": "description"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "8e6c627de8eca0a8ce41b9fc2f5e2648", "key": "pluginID"}, {"hash": "02fcc0c238d215158fbaabb854c5b3df", "key": "modified"}, {"hash": "1482d34aa1c675f23744704ed1e31a63", "key": "cvelist"}, {"hash": "02fcc0c238d215158fbaabb854c5b3df", "key": "published"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "71a40666da62ba38d22539c8277870c7", "key": "naslFamily"}, {"hash": "7bc23f4ba258ea6361856b97a79a7b9d", "key": "href"}, {"hash": "5019ce92304225ef1f47ccf4e559279e", "key": "sourceData"}, {"hash": "737e2591b537c46d1ca7ce6f0cea5cb9", "key": "cvss"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=75410", "id": "OPENSUSE-2014-87.NASL", "lastseen": "2016-09-26T17:24:51", "modified": "2014-06-13T00:00:00", "naslFamily": "SuSE Local Security Checks", "objectVersion": "1.2", "pluginID": "75410", "published": "2014-06-13T00:00:00", "references": ["https://bugzilla.novell.com/show_bug.cgi?id=855340", "http://lists.opensuse.org/opensuse-updates/2014-01/msg00094.html"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2014-87.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(75410);\n script_version(\"$Revision: 1.1 $\");\n script_cvs_date(\"$Date: 2014/06/13 21:39:49 $\");\n\n script_cve_id(\"CVE-2013-7069\");\n\n script_name(english:\"openSUSE Security Update : ack (openSUSE-SU-2014:0142-1)\");\n script_summary(english:\"Check for the openSUSE-2014-87 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - update to ack 2.12: fixes potential remote code\n execution via per-project .ackrc files [bnc#855340]\n [CVE-2013-7069]\n\n - prevents the --pager, --regex and --output options from\n being used from project-level ackrc files, preventing\n possible code execution when using ack through malicious\n files\n\n - --pager, --regex and --output options may still be used\n from the global /etc/ackrc, your own private ~/.ackrc,\n the ACK_OPTIONS environment variable, and of course from\n the command line.\n\n - Now ignores Eclipse .metadata directory.\n\n - includes changes form 2.11_02 :\n\n - upstream source mispackaging fix\n\n - includes changes from 2.11_01\n\n - Fixed a race condition in t/file-permission.t that was\n causing failures if tests were run in parallel.\n\n - includes changes from 2.10 :\n\n - Add --perltest for *.t files\n\n - Added Matlab support\n\n - More compatibility fixes for Perl 5.8.8.\n\n - includes changes from 2.08\n\n - ack now ignores CMake's build/cache directories by\n default\n\n - Add shebang matching for --lua files\n\n - Add documentation for --ackrc\n\n - Add Elixir filetype\n\n - Add --cathy option\n\n - Add some helpful debugging tips when an invalid option\n is found\n\n - Ignore PDF files by default, because Perl will detect\n them as text\n\n - Ignore .gif, .jpg, .jpeg and .png files. They won't\n normally be selected, but this is an optimization so\n that ack doesn't have to open them to know\n\n - Ack's colorizing of output would get confused with\n multiple sets of parentheses\n\n - Ack would get confused when trying to colorize the\n output in DOS-format files\n\n - includes changes from 2.05_01\n\n - We now ignore the node_modules directories created by\n npm\n\n - --pager without an argument implies --pager=$PAGER\n\n - --perl now recognizes Plack-style .psgi files\n\n - Added filetypes for Coffescript, JSON, LESS, and Sass.\n\n - Command-line options now override options set in ackrc\n files\n\n - ACK_PAGER and ACK_PAGER_COLOR now work as advertised.\n\n - Fix a bug resulting in uninitialized variable warnings\n when more than one capture group was specified in the\n search pattern\n\n - Make sure ack is happy to build and test under cron and\n other console-less environments.\n\n - packaging changes :\n\n - run more rests with IO::Pty\n\n - refresh ack-ignore-osc.patch for upstream changes\n\n - update project URL\n\n - port changes from devel:languages:perl ack by\n daxim@cpan.org :\n\n - correct metadata: licence, CPAN download, homepage\n\n - unset forced prefix - let Perl configuration and\n toolchain determine the prefix/install_base which will\n DTRT\n\n - bash completion is gone, remove dead code\n\n - modified patches :\n\n - ack-ignore-osc.patch adjust for upstream source changes\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://lists.opensuse.org/opensuse-updates/2014-01/msg00094.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=855340\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected ack packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ack\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:perl-App-Ack\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:13.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/01/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE13\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"13.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE13.1\", reference:\"ack-2.12-3.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"perl-App-Ack-2.12-3.4.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ack / perl-App-Ack\");\n}\n", "title": "openSUSE Security Update : ack (openSUSE-SU-2014:0142-1)", "type": "nessus", "viewCount": 0}, "differentElements": ["cpe"], "edition": 1, "lastseen": "2016-09-26T17:24:51"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["p-cpe:/a:novell:opensuse:perl-App-Ack", "p-cpe:/a:novell:opensuse:ack", "cpe:/o:novell:opensuse:13.1"], "cvelist": ["CVE-2013-7069"], "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "description": "- update to ack 2.12: fixes potential remote code execution via per-project .ackrc files [bnc#855340] [CVE-2013-7069]\n\n - prevents the --pager, --regex and --output options from being used from project-level ackrc files, preventing possible code execution when using ack through malicious files\n\n - --pager, --regex and --output options may still be used from the global /etc/ackrc, your own private ~/.ackrc, the ACK_OPTIONS environment variable, and of course from the command line.\n\n - Now ignores Eclipse .metadata directory.\n\n - includes changes form 2.11_02 :\n\n - upstream source mispackaging fix\n\n - includes changes from 2.11_01\n\n - Fixed a race condition in t/file-permission.t that was causing failures if tests were run in parallel.\n\n - includes changes from 2.10 :\n\n - Add --perltest for *.t files\n\n - Added Matlab support\n\n - More compatibility fixes for Perl 5.8.8.\n\n - includes changes from 2.08\n\n - ack now ignores CMake's build/cache directories by default\n\n - Add shebang matching for --lua files\n\n - Add documentation for --ackrc\n\n - Add Elixir filetype\n\n - Add --cathy option\n\n - Add some helpful debugging tips when an invalid option is found\n\n - Ignore PDF files by default, because Perl will detect them as text\n\n - Ignore .gif, .jpg, .jpeg and .png files. They won't normally be selected, but this is an optimization so that ack doesn't have to open them to know\n\n - Ack's colorizing of output would get confused with multiple sets of parentheses\n\n - Ack would get confused when trying to colorize the output in DOS-format files\n\n - includes changes from 2.05_01\n\n - We now ignore the node_modules directories created by npm\n\n - --pager without an argument implies --pager=$PAGER\n\n - --perl now recognizes Plack-style .psgi files\n\n - Added filetypes for Coffescript, JSON, LESS, and Sass.\n\n - Command-line options now override options set in ackrc files\n\n - ACK_PAGER and ACK_PAGER_COLOR now work as advertised.\n\n - Fix a bug resulting in uninitialized variable warnings when more than one capture group was specified in the search pattern\n\n - Make sure ack is happy to build and test under cron and other console-less environments.\n\n - packaging changes :\n\n - run more rests with IO::Pty\n\n - refresh ack-ignore-osc.patch for upstream changes\n\n - update project URL\n\n - port changes from devel:languages:perl ack by daxim@cpan.org :\n\n - correct metadata: licence, CPAN download, homepage\n\n - unset forced prefix - let Perl configuration and toolchain determine the prefix/install_base which will DTRT\n\n - bash completion is gone, remove dead code\n\n - modified patches :\n\n - ack-ignore-osc.patch adjust for upstream source changes", "edition": 2, "enchantments": {"score": {"value": 7.5, "vector": "NONE"}}, "hash": "c25363ee1ab00c8eb8b454705b63106c13f4d43858c16efe2fa915eb1be3a9b6", "hashmap": [{"hash": "a8c722af9842e386b84310e8b943349f", "key": "title"}, {"hash": "de4ff91b0f9f7ef703f46e53304d859f", "key": "references"}, {"hash": "e42060c8470058db2a9ecac8f4cc8c2c", "key": "description"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "8e6c627de8eca0a8ce41b9fc2f5e2648", "key": "pluginID"}, {"hash": "02fcc0c238d215158fbaabb854c5b3df", "key": "modified"}, {"hash": "1482d34aa1c675f23744704ed1e31a63", "key": "cvelist"}, {"hash": "02fcc0c238d215158fbaabb854c5b3df", "key": "published"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "71a40666da62ba38d22539c8277870c7", "key": "naslFamily"}, {"hash": "1c6874eb113531fcf877705c87477a42", "key": "cpe"}, {"hash": "7bc23f4ba258ea6361856b97a79a7b9d", "key": "href"}, {"hash": "5019ce92304225ef1f47ccf4e559279e", "key": "sourceData"}, {"hash": "737e2591b537c46d1ca7ce6f0cea5cb9", "key": "cvss"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=75410", "id": "OPENSUSE-2014-87.NASL", "lastseen": "2017-10-29T13:38:59", "modified": "2014-06-13T00:00:00", "naslFamily": "SuSE Local Security Checks", "objectVersion": "1.3", "pluginID": "75410", "published": "2014-06-13T00:00:00", "references": ["https://bugzilla.novell.com/show_bug.cgi?id=855340", "http://lists.opensuse.org/opensuse-updates/2014-01/msg00094.html"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2014-87.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(75410);\n script_version(\"$Revision: 1.1 $\");\n script_cvs_date(\"$Date: 2014/06/13 21:39:49 $\");\n\n script_cve_id(\"CVE-2013-7069\");\n\n script_name(english:\"openSUSE Security Update : ack (openSUSE-SU-2014:0142-1)\");\n script_summary(english:\"Check for the openSUSE-2014-87 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - update to ack 2.12: fixes potential remote code\n execution via per-project .ackrc files [bnc#855340]\n [CVE-2013-7069]\n\n - prevents the --pager, --regex and --output options from\n being used from project-level ackrc files, preventing\n possible code execution when using ack through malicious\n files\n\n - --pager, --regex and --output options may still be used\n from the global /etc/ackrc, your own private ~/.ackrc,\n the ACK_OPTIONS environment variable, and of course from\n the command line.\n\n - Now ignores Eclipse .metadata directory.\n\n - includes changes form 2.11_02 :\n\n - upstream source mispackaging fix\n\n - includes changes from 2.11_01\n\n - Fixed a race condition in t/file-permission.t that was\n causing failures if tests were run in parallel.\n\n - includes changes from 2.10 :\n\n - Add --perltest for *.t files\n\n - Added Matlab support\n\n - More compatibility fixes for Perl 5.8.8.\n\n - includes changes from 2.08\n\n - ack now ignores CMake's build/cache directories by\n default\n\n - Add shebang matching for --lua files\n\n - Add documentation for --ackrc\n\n - Add Elixir filetype\n\n - Add --cathy option\n\n - Add some helpful debugging tips when an invalid option\n is found\n\n - Ignore PDF files by default, because Perl will detect\n them as text\n\n - Ignore .gif, .jpg, .jpeg and .png files. They won't\n normally be selected, but this is an optimization so\n that ack doesn't have to open them to know\n\n - Ack's colorizing of output would get confused with\n multiple sets of parentheses\n\n - Ack would get confused when trying to colorize the\n output in DOS-format files\n\n - includes changes from 2.05_01\n\n - We now ignore the node_modules directories created by\n npm\n\n - --pager without an argument implies --pager=$PAGER\n\n - --perl now recognizes Plack-style .psgi files\n\n - Added filetypes for Coffescript, JSON, LESS, and Sass.\n\n - Command-line options now override options set in ackrc\n files\n\n - ACK_PAGER and ACK_PAGER_COLOR now work as advertised.\n\n - Fix a bug resulting in uninitialized variable warnings\n when more than one capture group was specified in the\n search pattern\n\n - Make sure ack is happy to build and test under cron and\n other console-less environments.\n\n - packaging changes :\n\n - run more rests with IO::Pty\n\n - refresh ack-ignore-osc.patch for upstream changes\n\n - update project URL\n\n - port changes from devel:languages:perl ack by\n daxim@cpan.org :\n\n - correct metadata: licence, CPAN download, homepage\n\n - unset forced prefix - let Perl configuration and\n toolchain determine the prefix/install_base which will\n DTRT\n\n - bash completion is gone, remove dead code\n\n - modified patches :\n\n - ack-ignore-osc.patch adjust for upstream source changes\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://lists.opensuse.org/opensuse-updates/2014-01/msg00094.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=855340\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected ack packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ack\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:perl-App-Ack\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:13.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/01/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE13\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"13.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE13.1\", reference:\"ack-2.12-3.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"perl-App-Ack-2.12-3.4.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ack / perl-App-Ack\");\n}\n", "title": "openSUSE Security Update : ack (openSUSE-SU-2014:0142-1)", "type": "nessus", "viewCount": 0}, "differentElements": ["cvss"], "edition": 2, "lastseen": "2017-10-29T13:38:59"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["p-cpe:/a:novell:opensuse:perl-App-Ack", "p-cpe:/a:novell:opensuse:ack", "cpe:/o:novell:opensuse:13.1"], "cvelist": ["CVE-2013-7069"], "cvss": {"score": 0.0, "vector": "NONE"}, "description": "- update to ack 2.12: fixes potential remote code execution via per-project .ackrc files [bnc#855340] [CVE-2013-7069]\n\n - prevents the --pager, --regex and --output options from being used from project-level ackrc files, preventing possible code execution when using ack through malicious files\n\n - --pager, --regex and --output options may still be used from the global /etc/ackrc, your own private ~/.ackrc, the ACK_OPTIONS environment variable, and of course from the command line.\n\n - Now ignores Eclipse .metadata directory.\n\n - includes changes form 2.11_02 :\n\n - upstream source mispackaging fix\n\n - includes changes from 2.11_01\n\n - Fixed a race condition in t/file-permission.t that was causing failures if tests were run in parallel.\n\n - includes changes from 2.10 :\n\n - Add --perltest for *.t files\n\n - Added Matlab support\n\n - More compatibility fixes for Perl 5.8.8.\n\n - includes changes from 2.08\n\n - ack now ignores CMake's build/cache directories by default\n\n - Add shebang matching for --lua files\n\n - Add documentation for --ackrc\n\n - Add Elixir filetype\n\n - Add --cathy option\n\n - Add some helpful debugging tips when an invalid option is found\n\n - Ignore PDF files by default, because Perl will detect them as text\n\n - Ignore .gif, .jpg, .jpeg and .png files. They won't normally be selected, but this is an optimization so that ack doesn't have to open them to know\n\n - Ack's colorizing of output would get confused with multiple sets of parentheses\n\n - Ack would get confused when trying to colorize the output in DOS-format files\n\n - includes changes from 2.05_01\n\n - We now ignore the node_modules directories created by npm\n\n - --pager without an argument implies --pager=$PAGER\n\n - --perl now recognizes Plack-style .psgi files\n\n - Added filetypes for Coffescript, JSON, LESS, and Sass.\n\n - Command-line options now override options set in ackrc files\n\n - ACK_PAGER and ACK_PAGER_COLOR now work as advertised.\n\n - Fix a bug resulting in uninitialized variable warnings when more than one capture group was specified in the search pattern\n\n - Make sure ack is happy to build and test under cron and other console-less environments.\n\n - packaging changes :\n\n - run more rests with IO::Pty\n\n - refresh ack-ignore-osc.patch for upstream changes\n\n - update project URL\n\n - port changes from devel:languages:perl ack by daxim@cpan.org :\n\n - correct metadata: licence, CPAN download, homepage\n\n - unset forced prefix - let Perl configuration and toolchain determine the prefix/install_base which will DTRT\n\n - bash completion is gone, remove dead code\n\n - modified patches :\n\n - ack-ignore-osc.patch adjust for upstream source changes", "edition": 3, "enchantments": {"score": {"value": 7.5, "vector": "NONE"}}, "hash": "eec02c2bac06ecc277ca554ebb2238ca55d31e121c0e7b5edf67ad529086542f", "hashmap": [{"hash": "a8c722af9842e386b84310e8b943349f", "key": "title"}, {"hash": "de4ff91b0f9f7ef703f46e53304d859f", "key": "references"}, {"hash": "e42060c8470058db2a9ecac8f4cc8c2c", "key": "description"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "8e6c627de8eca0a8ce41b9fc2f5e2648", "key": "pluginID"}, {"hash": "02fcc0c238d215158fbaabb854c5b3df", "key": "modified"}, {"hash": "1482d34aa1c675f23744704ed1e31a63", "key": "cvelist"}, {"hash": "02fcc0c238d215158fbaabb854c5b3df", "key": "published"}, {"hash": "8cd4821cb504d25572038ed182587d85", "key": "cvss"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "71a40666da62ba38d22539c8277870c7", "key": "naslFamily"}, {"hash": "1c6874eb113531fcf877705c87477a42", "key": "cpe"}, {"hash": "7bc23f4ba258ea6361856b97a79a7b9d", "key": "href"}, {"hash": "5019ce92304225ef1f47ccf4e559279e", "key": "sourceData"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=75410", "id": "OPENSUSE-2014-87.NASL", "lastseen": "2018-08-30T19:43:14", "modified": "2014-06-13T00:00:00", "naslFamily": "SuSE Local Security Checks", "objectVersion": "1.3", "pluginID": "75410", "published": "2014-06-13T00:00:00", "references": ["https://bugzilla.novell.com/show_bug.cgi?id=855340", "http://lists.opensuse.org/opensuse-updates/2014-01/msg00094.html"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2014-87.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(75410);\n script_version(\"$Revision: 1.1 $\");\n script_cvs_date(\"$Date: 2014/06/13 21:39:49 $\");\n\n script_cve_id(\"CVE-2013-7069\");\n\n script_name(english:\"openSUSE Security Update : ack (openSUSE-SU-2014:0142-1)\");\n script_summary(english:\"Check for the openSUSE-2014-87 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - update to ack 2.12: fixes potential remote code\n execution via per-project .ackrc files [bnc#855340]\n [CVE-2013-7069]\n\n - prevents the --pager, --regex and --output options from\n being used from project-level ackrc files, preventing\n possible code execution when using ack through malicious\n files\n\n - --pager, --regex and --output options may still be used\n from the global /etc/ackrc, your own private ~/.ackrc,\n the ACK_OPTIONS environment variable, and of course from\n the command line.\n\n - Now ignores Eclipse .metadata directory.\n\n - includes changes form 2.11_02 :\n\n - upstream source mispackaging fix\n\n - includes changes from 2.11_01\n\n - Fixed a race condition in t/file-permission.t that was\n causing failures if tests were run in parallel.\n\n - includes changes from 2.10 :\n\n - Add --perltest for *.t files\n\n - Added Matlab support\n\n - More compatibility fixes for Perl 5.8.8.\n\n - includes changes from 2.08\n\n - ack now ignores CMake's build/cache directories by\n default\n\n - Add shebang matching for --lua files\n\n - Add documentation for --ackrc\n\n - Add Elixir filetype\n\n - Add --cathy option\n\n - Add some helpful debugging tips when an invalid option\n is found\n\n - Ignore PDF files by default, because Perl will detect\n them as text\n\n - Ignore .gif, .jpg, .jpeg and .png files. They won't\n normally be selected, but this is an optimization so\n that ack doesn't have to open them to know\n\n - Ack's colorizing of output would get confused with\n multiple sets of parentheses\n\n - Ack would get confused when trying to colorize the\n output in DOS-format files\n\n - includes changes from 2.05_01\n\n - We now ignore the node_modules directories created by\n npm\n\n - --pager without an argument implies --pager=$PAGER\n\n - --perl now recognizes Plack-style .psgi files\n\n - Added filetypes for Coffescript, JSON, LESS, and Sass.\n\n - Command-line options now override options set in ackrc\n files\n\n - ACK_PAGER and ACK_PAGER_COLOR now work as advertised.\n\n - Fix a bug resulting in uninitialized variable warnings\n when more than one capture group was specified in the\n search pattern\n\n - Make sure ack is happy to build and test under cron and\n other console-less environments.\n\n - packaging changes :\n\n - run more rests with IO::Pty\n\n - refresh ack-ignore-osc.patch for upstream changes\n\n - update project URL\n\n - port changes from devel:languages:perl ack by\n daxim@cpan.org :\n\n - correct metadata: licence, CPAN download, homepage\n\n - unset forced prefix - let Perl configuration and\n toolchain determine the prefix/install_base which will\n DTRT\n\n - bash completion is gone, remove dead code\n\n - modified patches :\n\n - ack-ignore-osc.patch adjust for upstream source changes\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://lists.opensuse.org/opensuse-updates/2014-01/msg00094.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=855340\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected ack packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ack\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:perl-App-Ack\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:13.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/01/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE13\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"13.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE13.1\", reference:\"ack-2.12-3.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"perl-App-Ack-2.12-3.4.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ack / perl-App-Ack\");\n}\n", "title": "openSUSE Security Update : ack (openSUSE-SU-2014:0142-1)", "type": "nessus", "viewCount": 0}, "differentElements": ["cvss"], "edition": 3, "lastseen": "2018-08-30T19:43:14"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["p-cpe:/a:novell:opensuse:perl-App-Ack", "p-cpe:/a:novell:opensuse:ack", "cpe:/o:novell:opensuse:13.1"], "cvelist": ["CVE-2013-7069"], "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "description": "- update to ack 2.12: fixes potential remote code execution via per-project .ackrc files [bnc#855340] [CVE-2013-7069]\n\n - prevents the --pager, --regex and --output options from being used from project-level ackrc files, preventing possible code execution when using ack through malicious files\n\n - --pager, --regex and --output options may still be used from the global /etc/ackrc, your own private ~/.ackrc, the ACK_OPTIONS environment variable, and of course from the command line.\n\n - Now ignores Eclipse .metadata directory.\n\n - includes changes form 2.11_02 :\n\n - upstream source mispackaging fix\n\n - includes changes from 2.11_01\n\n - Fixed a race condition in t/file-permission.t that was causing failures if tests were run in parallel.\n\n - includes changes from 2.10 :\n\n - Add --perltest for *.t files\n\n - Added Matlab support\n\n - More compatibility fixes for Perl 5.8.8.\n\n - includes changes from 2.08\n\n - ack now ignores CMake's build/cache directories by default\n\n - Add shebang matching for --lua files\n\n - Add documentation for --ackrc\n\n - Add Elixir filetype\n\n - Add --cathy option\n\n - Add some helpful debugging tips when an invalid option is found\n\n - Ignore PDF files by default, because Perl will detect them as text\n\n - Ignore .gif, .jpg, .jpeg and .png files. They won't normally be selected, but this is an optimization so that ack doesn't have to open them to know\n\n - Ack's colorizing of output would get confused with multiple sets of parentheses\n\n - Ack would get confused when trying to colorize the output in DOS-format files\n\n - includes changes from 2.05_01\n\n - We now ignore the node_modules directories created by npm\n\n - --pager without an argument implies --pager=$PAGER\n\n - --perl now recognizes Plack-style .psgi files\n\n - Added filetypes for Coffescript, JSON, LESS, and Sass.\n\n - Command-line options now override options set in ackrc files\n\n - ACK_PAGER and ACK_PAGER_COLOR now work as advertised.\n\n - Fix a bug resulting in uninitialized variable warnings when more than one capture group was specified in the search pattern\n\n - Make sure ack is happy to build and test under cron and other console-less environments.\n\n - packaging changes :\n\n - run more rests with IO::Pty\n\n - refresh ack-ignore-osc.patch for upstream changes\n\n - update project URL\n\n - port changes from devel:languages:perl ack by daxim@cpan.org :\n\n - correct metadata: licence, CPAN download, homepage\n\n - unset forced prefix - let Perl configuration and toolchain determine the prefix/install_base which will DTRT\n\n - bash completion is gone, remove dead code\n\n - modified patches :\n\n - ack-ignore-osc.patch adjust for upstream source changes", "edition": 5, "enchantments": {"score": {"value": 7.5, "vector": "NONE"}}, "hash": "8caa077b22ac03eadc07db572e4ca2ca049aac94181efd37e5955953d5958534", "hashmap": [{"hash": "a8c722af9842e386b84310e8b943349f", "key": "title"}, {"hash": "e42060c8470058db2a9ecac8f4cc8c2c", "key": "description"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "8e6c627de8eca0a8ce41b9fc2f5e2648", "key": "pluginID"}, {"hash": "1482d34aa1c675f23744704ed1e31a63", "key": "cvelist"}, {"hash": "02fcc0c238d215158fbaabb854c5b3df", "key": "published"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "3c764d4cf584f9ded7aa4dcca57c78ff", "key": "modified"}, {"hash": "0f1bad969962cca07ffe2dc29885d997", "key": "references"}, {"hash": "71a40666da62ba38d22539c8277870c7", "key": "naslFamily"}, {"hash": "1c6874eb113531fcf877705c87477a42", "key": "cpe"}, {"hash": "7bc23f4ba258ea6361856b97a79a7b9d", "key": "href"}, {"hash": "737e2591b537c46d1ca7ce6f0cea5cb9", "key": "cvss"}, {"hash": "c58bb8a0017600311139a6f902d6f33a", "key": "sourceData"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=75410", "id": "OPENSUSE-2014-87.NASL", "lastseen": "2018-11-13T16:55:30", "modified": "2018-11-10T00:00:00", "naslFamily": "SuSE Local Security Checks", "objectVersion": "1.3", "pluginID": "75410", "published": "2014-06-13T00:00:00", "references": ["https://lists.opensuse.org/opensuse-updates/2014-01/msg00094.html", "https://bugzilla.novell.com/show_bug.cgi?id=855340"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2014-87.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(75410);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2018/11/10 11:50:02\");\n\n script_cve_id(\"CVE-2013-7069\");\n\n script_name(english:\"openSUSE Security Update : ack (openSUSE-SU-2014:0142-1)\");\n script_summary(english:\"Check for the openSUSE-2014-87 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - update to ack 2.12: fixes potential remote code\n execution via per-project .ackrc files [bnc#855340]\n [CVE-2013-7069]\n\n - prevents the --pager, --regex and --output options from\n being used from project-level ackrc files, preventing\n possible code execution when using ack through malicious\n files\n\n - --pager, --regex and --output options may still be used\n from the global /etc/ackrc, your own private ~/.ackrc,\n the ACK_OPTIONS environment variable, and of course from\n the command line.\n\n - Now ignores Eclipse .metadata directory.\n\n - includes changes form 2.11_02 :\n\n - upstream source mispackaging fix\n\n - includes changes from 2.11_01\n\n - Fixed a race condition in t/file-permission.t that was\n causing failures if tests were run in parallel.\n\n - includes changes from 2.10 :\n\n - Add --perltest for *.t files\n\n - Added Matlab support\n\n - More compatibility fixes for Perl 5.8.8.\n\n - includes changes from 2.08\n\n - ack now ignores CMake's build/cache directories by\n default\n\n - Add shebang matching for --lua files\n\n - Add documentation for --ackrc\n\n - Add Elixir filetype\n\n - Add --cathy option\n\n - Add some helpful debugging tips when an invalid option\n is found\n\n - Ignore PDF files by default, because Perl will detect\n them as text\n\n - Ignore .gif, .jpg, .jpeg and .png files. They won't\n normally be selected, but this is an optimization so\n that ack doesn't have to open them to know\n\n - Ack's colorizing of output would get confused with\n multiple sets of parentheses\n\n - Ack would get confused when trying to colorize the\n output in DOS-format files\n\n - includes changes from 2.05_01\n\n - We now ignore the node_modules directories created by\n npm\n\n - --pager without an argument implies --pager=$PAGER\n\n - --perl now recognizes Plack-style .psgi files\n\n - Added filetypes for Coffescript, JSON, LESS, and Sass.\n\n - Command-line options now override options set in ackrc\n files\n\n - ACK_PAGER and ACK_PAGER_COLOR now work as advertised.\n\n - Fix a bug resulting in uninitialized variable warnings\n when more than one capture group was specified in the\n search pattern\n\n - Make sure ack is happy to build and test under cron and\n other console-less environments.\n\n - packaging changes :\n\n - run more rests with IO::Pty\n\n - refresh ack-ignore-osc.patch for upstream changes\n\n - update project URL\n\n - port changes from devel:languages:perl ack by\n daxim@cpan.org :\n\n - correct metadata: licence, CPAN download, homepage\n\n - unset forced prefix - let Perl configuration and\n toolchain determine the prefix/install_base which will\n DTRT\n\n - bash completion is gone, remove dead code\n\n - modified patches :\n\n - ack-ignore-osc.patch adjust for upstream source changes\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=855340\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2014-01/msg00094.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected ack packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ack\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:perl-App-Ack\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:13.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/01/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE13\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"13.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE13.1\", reference:\"ack-2.12-3.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"perl-App-Ack-2.12-3.4.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ack / perl-App-Ack\");\n}\n", "title": "openSUSE Security Update : ack (openSUSE-SU-2014:0142-1)", "type": "nessus", "viewCount": 0}, "differentElements": ["description"], "edition": 5, "lastseen": "2018-11-13T16:55:30"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["p-cpe:/a:novell:opensuse:perl-App-Ack", "p-cpe:/a:novell:opensuse:ack", "cpe:/o:novell:opensuse:13.1"], "cvelist": ["CVE-2013-7069"], "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "description": "- update to ack 2.12: fixes potential remote code execution via per-project .ackrc files [bnc#855340] [CVE-2013-7069]\n\n - prevents the --pager, --regex and --output options from being used from project-level ackrc files, preventing possible code execution when using ack through malicious files\n\n - --pager, --regex and --output options may still be used from the global /etc/ackrc, your own private ~/.ackrc, the ACK_OPTIONS environment variable, and of course from the command line.\n\n - Now ignores Eclipse .metadata directory.\n\n - includes changes form 2.11_02 :\n\n - upstream source mispackaging fix\n\n - includes changes from 2.11_01\n\n - Fixed a race condition in t/file-permission.t that was causing failures if tests were run in parallel.\n\n - includes changes from 2.10 :\n\n - Add --perltest for *.t files\n\n - Added Matlab support\n\n - More compatibility fixes for Perl 5.8.8.\n\n - includes changes from 2.08\n\n - ack now ignores CMake's build/cache directories by default\n\n - Add shebang matching for --lua files\n\n - Add documentation for --ackrc\n\n - Add Elixir filetype\n\n - Add --cathy option\n\n - Add some helpful debugging tips when an invalid option is found\n\n - Ignore PDF files by default, because Perl will detect them as text\n\n - Ignore .gif, .jpg, .jpeg and .png files. They won't normally be selected, but this is an optimization so that ack doesn't have to open them to know\n\n - Ack's colorizing of output would get confused with multiple sets of parentheses\n\n - Ack would get confused when trying to colorize the output in DOS-format files\n\n - includes changes from 2.05_01\n\n - We now ignore the node_modules directories created by npm\n\n - --pager without an argument implies --pager=$PAGER\n\n - --perl now recognizes Plack-style .psgi files\n\n - Added filetypes for Coffescript, JSON, LESS, and Sass.\n\n - Command-line options now override options set in ackrc files\n\n - ACK_PAGER and ACK_PAGER_COLOR now work as advertised.\n\n - Fix a bug resulting in uninitialized variable warnings when more than one capture group was specified in the search pattern\n\n - Make sure ack is happy to build and test under cron and other console-less environments.\n\n - packaging changes :\n\n - run more rests with IO::Pty\n\n - refresh ack-ignore-osc.patch for upstream changes\n\n - update project URL\n\n - port changes from devel:languages:perl ack by daxim@cpan.org :\n\n - correct metadata: licence, CPAN download, homepage\n\n - unset forced prefix - let Perl configuration and toolchain determine the prefix/install_base which will DTRT\n\n - bash completion is gone, remove dead code\n\n - modified patches :\n\n - ack-ignore-osc.patch adjust for upstream source changes", "edition": 4, "enchantments": {"score": {"value": 7.5, "vector": "NONE"}}, "hash": "c25363ee1ab00c8eb8b454705b63106c13f4d43858c16efe2fa915eb1be3a9b6", "hashmap": [{"hash": "a8c722af9842e386b84310e8b943349f", "key": "title"}, {"hash": "de4ff91b0f9f7ef703f46e53304d859f", "key": "references"}, {"hash": "e42060c8470058db2a9ecac8f4cc8c2c", "key": "description"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "8e6c627de8eca0a8ce41b9fc2f5e2648", "key": "pluginID"}, {"hash": "02fcc0c238d215158fbaabb854c5b3df", "key": "modified"}, {"hash": "1482d34aa1c675f23744704ed1e31a63", "key": "cvelist"}, {"hash": "02fcc0c238d215158fbaabb854c5b3df", "key": "published"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "71a40666da62ba38d22539c8277870c7", "key": "naslFamily"}, {"hash": "1c6874eb113531fcf877705c87477a42", "key": "cpe"}, {"hash": "7bc23f4ba258ea6361856b97a79a7b9d", "key": "href"}, {"hash": "5019ce92304225ef1f47ccf4e559279e", "key": "sourceData"}, {"hash": "737e2591b537c46d1ca7ce6f0cea5cb9", "key": "cvss"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=75410", "id": "OPENSUSE-2014-87.NASL", "lastseen": "2018-09-01T23:49:20", "modified": "2014-06-13T00:00:00", "naslFamily": "SuSE Local Security Checks", "objectVersion": "1.3", "pluginID": "75410", "published": "2014-06-13T00:00:00", "references": ["https://bugzilla.novell.com/show_bug.cgi?id=855340", "http://lists.opensuse.org/opensuse-updates/2014-01/msg00094.html"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2014-87.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(75410);\n script_version(\"$Revision: 1.1 $\");\n script_cvs_date(\"$Date: 2014/06/13 21:39:49 $\");\n\n script_cve_id(\"CVE-2013-7069\");\n\n script_name(english:\"openSUSE Security Update : ack (openSUSE-SU-2014:0142-1)\");\n script_summary(english:\"Check for the openSUSE-2014-87 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - update to ack 2.12: fixes potential remote code\n execution via per-project .ackrc files [bnc#855340]\n [CVE-2013-7069]\n\n - prevents the --pager, --regex and --output options from\n being used from project-level ackrc files, preventing\n possible code execution when using ack through malicious\n files\n\n - --pager, --regex and --output options may still be used\n from the global /etc/ackrc, your own private ~/.ackrc,\n the ACK_OPTIONS environment variable, and of course from\n the command line.\n\n - Now ignores Eclipse .metadata directory.\n\n - includes changes form 2.11_02 :\n\n - upstream source mispackaging fix\n\n - includes changes from 2.11_01\n\n - Fixed a race condition in t/file-permission.t that was\n causing failures if tests were run in parallel.\n\n - includes changes from 2.10 :\n\n - Add --perltest for *.t files\n\n - Added Matlab support\n\n - More compatibility fixes for Perl 5.8.8.\n\n - includes changes from 2.08\n\n - ack now ignores CMake's build/cache directories by\n default\n\n - Add shebang matching for --lua files\n\n - Add documentation for --ackrc\n\n - Add Elixir filetype\n\n - Add --cathy option\n\n - Add some helpful debugging tips when an invalid option\n is found\n\n - Ignore PDF files by default, because Perl will detect\n them as text\n\n - Ignore .gif, .jpg, .jpeg and .png files. They won't\n normally be selected, but this is an optimization so\n that ack doesn't have to open them to know\n\n - Ack's colorizing of output would get confused with\n multiple sets of parentheses\n\n - Ack would get confused when trying to colorize the\n output in DOS-format files\n\n - includes changes from 2.05_01\n\n - We now ignore the node_modules directories created by\n npm\n\n - --pager without an argument implies --pager=$PAGER\n\n - --perl now recognizes Plack-style .psgi files\n\n - Added filetypes for Coffescript, JSON, LESS, and Sass.\n\n - Command-line options now override options set in ackrc\n files\n\n - ACK_PAGER and ACK_PAGER_COLOR now work as advertised.\n\n - Fix a bug resulting in uninitialized variable warnings\n when more than one capture group was specified in the\n search pattern\n\n - Make sure ack is happy to build and test under cron and\n other console-less environments.\n\n - packaging changes :\n\n - run more rests with IO::Pty\n\n - refresh ack-ignore-osc.patch for upstream changes\n\n - update project URL\n\n - port changes from devel:languages:perl ack by\n daxim@cpan.org :\n\n - correct metadata: licence, CPAN download, homepage\n\n - unset forced prefix - let Perl configuration and\n toolchain determine the prefix/install_base which will\n DTRT\n\n - bash completion is gone, remove dead code\n\n - modified patches :\n\n - ack-ignore-osc.patch adjust for upstream source changes\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://lists.opensuse.org/opensuse-updates/2014-01/msg00094.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=855340\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected ack packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ack\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:perl-App-Ack\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:13.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/01/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE13\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"13.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE13.1\", reference:\"ack-2.12-3.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"perl-App-Ack-2.12-3.4.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ack / perl-App-Ack\");\n}\n", "title": "openSUSE Security Update : ack (openSUSE-SU-2014:0142-1)", "type": "nessus", "viewCount": 0}, "differentElements": ["references", "modified", "sourceData"], "edition": 4, "lastseen": "2018-09-01T23:49:20"}], "edition": 6, "hashmap": [{"key": "bulletinFamily", "hash": "bbdaea376f500d25f6b0c1050311dd07"}, {"key": "cpe", "hash": "1c6874eb113531fcf877705c87477a42"}, {"key": "cvelist", "hash": "1482d34aa1c675f23744704ed1e31a63"}, {"key": "cvss", "hash": "737e2591b537c46d1ca7ce6f0cea5cb9"}, {"key": "description", "hash": "d2302c2e34dd43cf6baf1e61077b2ec7"}, {"key": "href", "hash": "7bc23f4ba258ea6361856b97a79a7b9d"}, {"key": "modified", "hash": "3c764d4cf584f9ded7aa4dcca57c78ff"}, {"key": "naslFamily", "hash": "71a40666da62ba38d22539c8277870c7"}, {"key": "pluginID", "hash": "8e6c627de8eca0a8ce41b9fc2f5e2648"}, {"key": "published", "hash": "02fcc0c238d215158fbaabb854c5b3df"}, {"key": "references", "hash": "0f1bad969962cca07ffe2dc29885d997"}, {"key": "reporter", "hash": "9cf00d658b687f030ebe173a0528c567"}, {"key": "sourceData", "hash": "c58bb8a0017600311139a6f902d6f33a"}, {"key": "title", "hash": "a8c722af9842e386b84310e8b943349f"}, {"key": "type", "hash": "5e0bd03bec244039678f2b955a2595aa"}], "hash": "deba16bd426e8c43daf21cdbbdb296037225ee5902c52458fe647b9196638800", "viewCount": 0, "enchantments": {"score": {"value": 7.5, "vector": "NONE"}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2013-7069"]}, {"type": "openvas", "idList": ["OPENVAS:867189", "OPENVAS:1361412562310867189"]}, {"type": "nessus", "idList": ["FEDORA_2013-23206.NASL", "FEDORA_2013-23197.NASL"]}], "modified": "2019-01-16T20:18:55"}, "vulnersScore": 7.5}, "objectVersion": "1.3", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2014-87.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(75410);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2018/11/10 11:50:02\");\n\n script_cve_id(\"CVE-2013-7069\");\n\n script_name(english:\"openSUSE Security Update : ack (openSUSE-SU-2014:0142-1)\");\n script_summary(english:\"Check for the openSUSE-2014-87 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - update to ack 2.12: fixes potential remote code\n execution via per-project .ackrc files [bnc#855340]\n [CVE-2013-7069]\n\n - prevents the --pager, --regex and --output options from\n being used from project-level ackrc files, preventing\n possible code execution when using ack through malicious\n files\n\n - --pager, --regex and --output options may still be used\n from the global /etc/ackrc, your own private ~/.ackrc,\n the ACK_OPTIONS environment variable, and of course from\n the command line.\n\n - Now ignores Eclipse .metadata directory.\n\n - includes changes form 2.11_02 :\n\n - upstream source mispackaging fix\n\n - includes changes from 2.11_01\n\n - Fixed a race condition in t/file-permission.t that was\n causing failures if tests were run in parallel.\n\n - includes changes from 2.10 :\n\n - Add --perltest for *.t files\n\n - Added Matlab support\n\n - More compatibility fixes for Perl 5.8.8.\n\n - includes changes from 2.08\n\n - ack now ignores CMake's build/cache directories by\n default\n\n - Add shebang matching for --lua files\n\n - Add documentation for --ackrc\n\n - Add Elixir filetype\n\n - Add --cathy option\n\n - Add some helpful debugging tips when an invalid option\n is found\n\n - Ignore PDF files by default, because Perl will detect\n them as text\n\n - Ignore .gif, .jpg, .jpeg and .png files. They won't\n normally be selected, but this is an optimization so\n that ack doesn't have to open them to know\n\n - Ack's colorizing of output would get confused with\n multiple sets of parentheses\n\n - Ack would get confused when trying to colorize the\n output in DOS-format files\n\n - includes changes from 2.05_01\n\n - We now ignore the node_modules directories created by\n npm\n\n - --pager without an argument implies --pager=$PAGER\n\n - --perl now recognizes Plack-style .psgi files\n\n - Added filetypes for Coffescript, JSON, LESS, and Sass.\n\n - Command-line options now override options set in ackrc\n files\n\n - ACK_PAGER and ACK_PAGER_COLOR now work as advertised.\n\n - Fix a bug resulting in uninitialized variable warnings\n when more than one capture group was specified in the\n search pattern\n\n - Make sure ack is happy to build and test under cron and\n other console-less environments.\n\n - packaging changes :\n\n - run more rests with IO::Pty\n\n - refresh ack-ignore-osc.patch for upstream changes\n\n - update project URL\n\n - port changes from devel:languages:perl ack by\n daxim@cpan.org :\n\n - correct metadata: licence, CPAN download, homepage\n\n - unset forced prefix - let Perl configuration and\n toolchain determine the prefix/install_base which will\n DTRT\n\n - bash completion is gone, remove dead code\n\n - modified patches :\n\n - ack-ignore-osc.patch adjust for upstream source changes\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=855340\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2014-01/msg00094.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected ack packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ack\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:perl-App-Ack\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:13.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/01/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE13\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"13.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE13.1\", reference:\"ack-2.12-3.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"perl-App-Ack-2.12-3.4.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ack / perl-App-Ack\");\n}\n", "naslFamily": "SuSE Local Security Checks", "pluginID": "75410", "cpe": ["p-cpe:/a:novell:opensuse:perl-App-Ack", "p-cpe:/a:novell:opensuse:ack", "cpe:/o:novell:opensuse:13.1"]}

{"cve": [{"lastseen": "2016-09-03T19:17:22", "bulletinFamily": "NVD", "description": "ack 2.00 through 2.11_02 allows remote attackers to execute arbitrary code via a (1) --pager, (2) --regex, or (3) --output option in a .ackrc file in a directory to be searched.", "modified": "2014-03-05T23:50:03", "published": "2013-12-14T12:21:47", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-7069", "id": "CVE-2013-7069", "title": "CVE-2013-7069", "type": "cve", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "nessus": [{"lastseen": "2019-01-16T20:17:45", "bulletinFamily": "scanner", "description": "This version of ack prevents the --pager, --regex and --output options\nfrom being used from project-level ackrc files. It is possible to\nexecute malicious code with these options, and we want to prevent the\nsecurity risk of acking through a potentially malicious codebase, such\nas one downloaded from an Internet site or checked out from a code\nrepository.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "modified": "2015-10-19T00:00:00", "published": "2013-12-20T00:00:00", "id": "FEDORA_2013-23206.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=71551", "title": "Fedora 19 : ack-2.12-1.fc19 (2013-23206)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2013-23206.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(71551);\n script_version(\"$Revision: 1.4 $\");\n script_cvs_date(\"$Date: 2015/10/19 21:47:14 $\");\n\n script_cve_id(\"CVE-2013-7069\");\n script_bugtraq_id(64196);\n script_xref(name:\"FEDORA\", value:\"2013-23206\");\n\n script_name(english:\"Fedora 19 : ack-2.12-1.fc19 (2013-23206)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This version of ack prevents the --pager, --regex and --output options\nfrom being used from project-level ackrc files. It is possible to\nexecute malicious code with these options, and we want to prevent the\nsecurity risk of acking through a potentially malicious codebase, such\nas one downloaded from an Internet site or checked out from a code\nrepository.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1040228\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2013-December/124543.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?15b6210a\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected ack package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:ack\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:19\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/12/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/12/20\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2015 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^19([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 19.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC19\", reference:\"ack-2.12-1.fc19\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ack\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-01-16T20:17:45", "bulletinFamily": "scanner", "description": "This version of ack prevents the --pager, --regex and --output options\nfrom being used from project-level ackrc files. It is possible to\nexecute malicious code with these options, and we want to prevent the\nsecurity risk of acking through a potentially malicious codebase, such\nas one downloaded from an Internet site or checked out from a code\nrepository.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "modified": "2015-10-19T00:00:00", "published": "2013-12-20T00:00:00", "id": "FEDORA_2013-23197.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=71550", "title": "Fedora 20 : ack-2.12-1.fc20 (2013-23197)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2013-23197.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(71550);\n script_version(\"$Revision: 1.4 $\");\n script_cvs_date(\"$Date: 2015/10/19 21:47:14 $\");\n\n script_cve_id(\"CVE-2013-7069\");\n script_bugtraq_id(64196);\n script_xref(name:\"FEDORA\", value:\"2013-23197\");\n\n script_name(english:\"Fedora 20 : ack-2.12-1.fc20 (2013-23197)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This version of ack prevents the --pager, --regex and --output options\nfrom being used from project-level ackrc files. It is possible to\nexecute malicious code with these options, and we want to prevent the\nsecurity risk of acking through a potentially malicious codebase, such\nas one downloaded from an Internet site or checked out from a code\nrepository.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1040228\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2013-December/124539.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?dc4e5fc4\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected ack package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:ack\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:20\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/12/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/12/20\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2015 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^20([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 20.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC20\", reference:\"ack-2.12-1.fc20\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ack\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "openvas": [{"lastseen": "2017-07-25T10:52:05", "bulletinFamily": "scanner", "description": "Check for the Version of ack", "modified": "2017-07-10T00:00:00", "published": "2013-12-23T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=867189", "id": "OPENVAS:867189", "title": "Fedora Update for ack FEDORA-2013-23206", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for ack FEDORA-2013-23206\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\nif(description)\n{\n script_id(867189);\n script_version(\"$Revision: 6628 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:32:47 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2013-12-23 12:31:28 +0530 (Mon, 23 Dec 2013)\");\n script_cve_id(\"CVE-2013-7069\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_name(\"Fedora Update for ack FEDORA-2013-23206\");\n\n tag_insight = \"Ack is designed as a replacement for grep.\n\";\n\n tag_affected = \"ack on Fedora 19\";\n\n tag_solution = \"Please Install the Updated Packages.\";\n\n\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name: \"FEDORA\", value: \"2013-23206\");\n script_xref(name: \"URL\" , value: \"https://lists.fedoraproject.org/pipermail/package-announce/2013-December/124543.html\");\n script_summary(\"Check for the Version of ack\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2013 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC19\")\n{\n\n if ((res = isrpmvuln(pkg:\"ack\", rpm:\"ack~2.12~1.fc19\", rls:\"FC19\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-09-01T23:56:20", "bulletinFamily": "scanner", "description": "Check for the Version of ack", "modified": "2018-04-06T00:00:00", "published": "2013-12-23T00:00:00", "id": "OPENVAS:1361412562310867189", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310867189", "title": "Fedora Update for ack FEDORA-2013-23206", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for ack FEDORA-2013-23206\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.867189\");\n script_version(\"$Revision: 9372 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:56:37 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2013-12-23 12:31:28 +0530 (Mon, 23 Dec 2013)\");\n script_cve_id(\"CVE-2013-7069\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_name(\"Fedora Update for ack FEDORA-2013-23206\");\n\n tag_insight = \"Ack is designed as a replacement for grep.\n\";\n\n tag_affected = \"ack on Fedora 19\";\n\n tag_solution = \"Please Install the Updated Packages.\";\n\n\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name: \"FEDORA\", value: \"2013-23206\");\n script_xref(name: \"URL\" , value: \"https://lists.fedoraproject.org/pipermail/package-announce/2013-December/124543.html\");\n script_tag(name:\"summary\", value:\"Check for the Version of ack\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2013 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC19\")\n{\n\n if ((res = isrpmvuln(pkg:\"ack\", rpm:\"ack~2.12~1.fc19\", rls:\"FC19\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}]}