Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2005-2021 and is owned by Tenable, Inc. or an Affiliate thereof.REDHAT-RHSA-2005-277.NASL
HistoryMar 04, 2005 - 12:00 a.m.

RHEL 4 : mozilla (RHSA-2005:277)

2005-03-0400:00:00
This script is Copyright (C) 2005-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
15
JSON

Updated mozilla packages that fix a buffer overflow issue are now available.

This update has been rated as having critical security impact by the Red Hat Security Response Team.

Mozilla is an open source Web browser, advanced email and newsgroup client, IRC chat client, and HTML editor.

A bug was found in the Mozilla string handling functions. If a malicious website is able to exhaust a system’s memory, it becomes possible to execute arbitrary code. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-0255 to this issue.

Please note that other security issues have been found that affect Mozilla. These other issues have a lower severity, and are therefore planned to be released as additional security updates in the future.

Users of Mozilla should upgrade to these updated packages, which contain a backported patch and are not vulnerable to these issues.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Red Hat Security Advisory RHSA-2005:277. The text 
# itself is copyright (C) Red Hat, Inc.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(17270);
  script_version("1.24");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/14");

  script_cve_id("CVE-2005-0255");
  script_xref(name:"RHSA", value:"2005:277");

  script_name(english:"RHEL 4 : mozilla (RHSA-2005:277)");
  script_summary(english:"Checks the rpm output for the updated packages");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Red Hat host is missing one or more security updates."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Updated mozilla packages that fix a buffer overflow issue are now
available.

This update has been rated as having critical security impact by the
Red Hat Security Response Team.

Mozilla is an open source Web browser, advanced email and newsgroup
client, IRC chat client, and HTML editor.

A bug was found in the Mozilla string handling functions. If a
malicious website is able to exhaust a system's memory, it becomes
possible to execute arbitrary code. The Common Vulnerabilities and
Exposures project (cve.mitre.org) has assigned the name CVE-2005-0255
to this issue.

Please note that other security issues have been found that affect
Mozilla. These other issues have a lower severity, and are therefore
planned to be released as additional security updates in the future.

Users of Mozilla should upgrade to these updated packages, which
contain a backported patch and are not vulnerable to these issues."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/security/cve/cve-2005-0255"
  );
  # http://www.mozilla.org/security/announce/mfsa2005-18.html
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.mozilla.org/en-US/security/advisories/mfsa2005-18/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/errata/RHSA-2005:277"
  );
  script_set_attribute(attribute:"solution", value:"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:mozilla");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:mozilla-chat");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:mozilla-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:mozilla-dom-inspector");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:mozilla-js-debugger");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:mozilla-mail");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:mozilla-nspr");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:mozilla-nspr-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:mozilla-nss");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:mozilla-nss-devel");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:4");

  script_set_attribute(attribute:"vuln_publication_date", value:"2005/05/02");
  script_set_attribute(attribute:"patch_publication_date", value:"2005/03/04");
  script_set_attribute(attribute:"plugin_publication_date", value:"2005/03/04");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2005-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Red Hat Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat");
os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat");
os_ver = os_ver[1];
if (! preg(pattern:"^4([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 4.x", "Red Hat " + os_ver);

if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu);

yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo");
if (!empty_or_null(yum_updateinfo)) 
{
  rhsa = "RHSA-2005:277";
  yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);
  if (!empty_or_null(yum_report))
  {
    security_report_v4(
      port       : 0,
      severity   : SECURITY_WARNING,
      extra      : yum_report 
    );
    exit(0);
  }
  else
  {
    audit_message = "affected by Red Hat security advisory " + rhsa;
    audit(AUDIT_OS_NOT, audit_message);
  }
}
else
{
  flag = 0;
  if (rpm_check(release:"RHEL4", reference:"mozilla-1.7.3-19.EL4")) flag++;
  if (rpm_check(release:"RHEL4", reference:"mozilla-chat-1.7.3-19.EL4")) flag++;
  if (rpm_check(release:"RHEL4", reference:"mozilla-devel-1.7.3-19.EL4")) flag++;
  if (rpm_check(release:"RHEL4", reference:"mozilla-dom-inspector-1.7.3-19.EL4")) flag++;
  if (rpm_check(release:"RHEL4", reference:"mozilla-js-debugger-1.7.3-19.EL4")) flag++;
  if (rpm_check(release:"RHEL4", reference:"mozilla-mail-1.7.3-19.EL4")) flag++;
  if (rpm_check(release:"RHEL4", reference:"mozilla-nspr-1.7.3-19.EL4")) flag++;
  if (rpm_check(release:"RHEL4", reference:"mozilla-nspr-devel-1.7.3-19.EL4")) flag++;
  if (rpm_check(release:"RHEL4", reference:"mozilla-nss-1.7.3-19.EL4")) flag++;
  if (rpm_check(release:"RHEL4", reference:"mozilla-nss-devel-1.7.3-19.EL4")) flag++;

  if (flag)
  {
    security_report_v4(
      port       : 0,
      severity   : SECURITY_WARNING,
      extra      : rpm_report_get() + redhat_report_package_caveat()
    );
    exit(0);
  }
  else
  {
    tested = pkg_tests_get();
    if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
    else audit(AUDIT_PACKAGE_NOT_INSTALLED, "mozilla / mozilla-chat / mozilla-devel / mozilla-dom-inspector / etc");
  }
}
VendorProductVersionCPE
redhatenterprise_linuxmozillap-cpe:/a:redhat:enterprise_linux:mozilla
redhatenterprise_linuxmozilla-chatp-cpe:/a:redhat:enterprise_linux:mozilla-chat
redhatenterprise_linuxmozilla-develp-cpe:/a:redhat:enterprise_linux:mozilla-devel
redhatenterprise_linuxmozilla-dom-inspectorp-cpe:/a:redhat:enterprise_linux:mozilla-dom-inspector
redhatenterprise_linuxmozilla-js-debuggerp-cpe:/a:redhat:enterprise_linux:mozilla-js-debugger
redhatenterprise_linuxmozilla-mailp-cpe:/a:redhat:enterprise_linux:mozilla-mail
redhatenterprise_linuxmozilla-nsprp-cpe:/a:redhat:enterprise_linux:mozilla-nspr
redhatenterprise_linuxmozilla-nspr-develp-cpe:/a:redhat:enterprise_linux:mozilla-nspr-devel
redhatenterprise_linuxmozilla-nssp-cpe:/a:redhat:enterprise_linux:mozilla-nss
redhatenterprise_linuxmozilla-nss-develp-cpe:/a:redhat:enterprise_linux:mozilla-nss-devel
Rows per page:
1-10 of 111

Related

redhat 3
ubuntucve 1
securityvulns 1
cvelist 1
cve 1
nessus 10
openvas 7
suse 3
gentoo 3
ubuntu 1
redhat
redhat
(RHSA-2005:277) mozilla security update
2005-03-04 00:00:00
(RHSA-2005:337) thunderbird security update
2005-03-23 00:00:00
(RHSA-2005:176) firefox security update
2005-03-01 00:00:00
ubuntucve
ubuntucve
CVE-2005-0255
2005-05-02 00:00:00
securityvulns
securityvulns
iDEFENSE Security Advisory 02.28.05: Mozilla Firefox and Mozilla Browser Out Of Memory Heap Corruption Design Error
2005-02-28 00:00:00
cvelist
cvelist
CVE-2005-0255
2005-02-28 05:00:00
cve
cve
CVE-2005-0255
2005-05-02 04:00:00
nessus
nessus
Fedora Core 3 : thunderbird-1.0.2-1.3.1 (2005-247)
2005-09-12 00:00:00
RHEL 4 : thunderbird (RHSA-2005:337)
2005-03-25 00:00:00
GLSA-200503-32 : Mozilla Thunderbird: Multiple vulnerabilities
2005-03-25 00:00:00
openvas
openvas
Gentoo Security Advisory GLSA 200503-32 (Thunderbird)
2008-09-24 00:00:00
Gentoo Security Advisory GLSA 200503-32 (Thunderbird)
2008-09-24 00:00:00
Gentoo Security Advisory GLSA 200503-10 (Firefox)
2008-09-24 00:00:00
suse
suse
remote code execution in Mozilla Firefox
2005-03-16 14:07:55
remote code execution in MozillaThunderbird
2006-04-25 13:15:04
remote code execution in phpMyAdmin
2006-01-26 13:53:52
gentoo
gentoo
Mozilla Thunderbird: Multiple vulnerabilities
2005-03-25 00:00:00
Mozilla Firefox: Various vulnerabilities
2005-03-04 00:00:00
Mozilla Suite: Multiple vulnerabilities
2005-03-25 00:00:00
ubuntu
ubuntu
Ubuntu 4.10 update for Firefox vulnerabilities
2005-07-28 00:00:00
JSON
Related for REDHAT-RHSA-2005-277.NASL
redhat3ubuntucve1securityvulns1cvelist1cve1nessus10openvas7suse3gentoo3ubuntu1