Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.SL_20090107_GNOME_VFS2_ON_SL3_X.NASL
HistoryAug 01, 2012 - 12:00 a.m.

Scientific Linux Security Update : gnome-vfs2 on SL3.x, SL4.x i386/x86_64

2012-08-0100:00:00
This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
10

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.016 Low

EPSS

Percentile

87.5%

JSON

A buffer overflow flaw was discovered in the GNOME virtual file system when handling data returned by CDDB servers. If a user connected to a malicious CDDB server, an attacker could use this flaw to execute arbitrary code on the victim’s machine. (CVE-2005-0706)

All running GNOME sessions must be restarted for the update to take effect.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text is (C) Scientific Linux.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(60511);
  script_version("1.5");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/14");

  script_cve_id("CVE-2005-0706");

  script_name(english:"Scientific Linux Security Update : gnome-vfs2 on SL3.x, SL4.x i386/x86_64");
  script_summary(english:"Checks rpm output for the updated packages");

  script_set_attribute(
    attribute:"synopsis", 
    value:
"The remote Scientific Linux host is missing one or more security
updates."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"A buffer overflow flaw was discovered in the GNOME virtual file system
when handling data returned by CDDB servers. If a user connected to a
malicious CDDB server, an attacker could use this flaw to execute
arbitrary code on the victim's machine. (CVE-2005-0706)

All running GNOME sessions must be restarted for the update to take
effect."
  );
  # https://listserv.fnal.gov/scripts/wa.exe?A2=ind0901&L=scientific-linux-errata&T=0&P=203
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?6ecab314"
  );
  script_set_attribute(
    attribute:"solution", 
    value:
"Update the affected gnome-vfs2, gnome-vfs2-devel and / or
gnome-vfs2-smb packages."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"x-cpe:/o:fermilab:scientific_linux");

  script_set_attribute(attribute:"patch_publication_date", value:"2009/01/07");
  script_set_attribute(attribute:"plugin_publication_date", value:"2012/08/01");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Scientific Linux Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/RedHat/release", "Host/RedHat/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Scientific Linux " >!< release) audit(AUDIT_HOST_NOT, "running Scientific Linux");
if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Scientific Linux", cpu);


flag = 0;
if (rpm_check(release:"SL3", reference:"gnome-vfs2-2.2.5-2E.3.3")) flag++;
if (rpm_check(release:"SL3", reference:"gnome-vfs2-devel-2.2.5-2E.3.3")) flag++;

if (rpm_check(release:"SL4", reference:"gnome-vfs2-2.8.2-8.7.el4_7.2")) flag++;
if (rpm_check(release:"SL4", reference:"gnome-vfs2-devel-2.8.2-8.7.el4_7.2")) flag++;
if (rpm_check(release:"SL4", reference:"gnome-vfs2-smb-2.8.2-8.7.el4_7.2")) flag++;


if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
  else security_hole(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");
VendorProductVersionCPE
fermilabscientific_linuxx-cpe:/o:fermilab:scientific_linux

Related

cve 2
freebsd 2
nessus 19
openvas 38
fedora 5
cvelist 1
redhat 2
nvd 2
centos 2
gentoo 2
ubuntucve 1
securityvulns 1
oraclelinux 1
debiancve 1
cve
cve
CVE-2005-0706
2005-05-02 04:00:00
CVE-2005-0840
2005-05-02 04:00:00
freebsd
freebsd
grip -- CDDB response multiple matches buffer overflow vulnerability
2003-11-02 00:00:00
libcdaudio -- remote buffer overflow and code execution
2008-11-05 00:00:00
nessus
nessus
Fedora 9 : libcdaudio-0.99.12p2-11.fc9 (2008-11956)
2009-02-05 00:00:00
Fedora 10 : libcdaudio-0.99.12p2-11.fc10 (2008-11848)
2009-04-23 00:00:00
RHEL 2.1 / 3 / 4 : gnome-vfs, gnome-vfs2 (RHSA-2009:0005)
2009-01-07 00:00:00
openvas
openvas
Gentoo Security Advisory GLSA 200504-07 (GnomeVFS)
2008-09-24 00:00:00
CentOS Security Advisory CESA-2009:0005-01 (gnome-vfs)
2009-02-10 00:00:00
CentOS Security Advisory CESA-2009:0005-01 (gnome-vfs)
2009-02-10 00:00:00
fedora
fedora
[SECURITY] Fedora 9 Update: libcdaudio-0.99.12p2-11.fc9
2009-02-05 02:22:51
[SECURITY] Fedora 10 Update: grip-3.2.0-24.fc10
2008-12-03 01:31:18
[SECURITY] Fedora 10 Update: libcdaudio-0.99.12p2-11.fc10
2009-02-05 02:14:34
cvelist
cvelist
CVE-2005-0706
2005-03-09 05:00:00
redhat
redhat
(RHSA-2009:0005) Moderate: gnome-vfs, gnome-vfs2 security update
2009-01-07 00:00:00
(RHSA-2005:304) grip security update
2005-03-28 00:00:00
nvd
nvd
CVE-2005-0706
2005-05-02 04:00:00
CVE-2005-0840
2005-05-02 04:00:00
centos
centos
gnome security update
2009-01-07 22:22:23
gnome security update
2009-02-02 23:27:51
gentoo
gentoo
Grip: CDDB response overflow
2005-03-17 00:00:00
GnomeVFS, libcdaudio: CDDB response overflow
2005-04-08 00:00:00
ubuntucve
ubuntucve
CVE-2005-0706
2005-05-02 00:00:00
securityvulns
securityvulns
[Full-disclosure] [ GLSA 200504-07 ] GnomeVFS, libcdaudio: CDDB response overflow
2005-04-09 00:00:00
oraclelinux
oraclelinux
gnome-vfs, gnome-vfs2 security update
2009-01-07 00:00:00
debiancve
debiancve
CVE-2005-0706
2005-05-02 04:00:00

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.016 Low

EPSS

Percentile

87.5%

JSON
Related for SL_20090107_GNOME_VFS2_ON_SL3_X.NASL
cve2freebsd2nessus19openvas38fedora5cvelist1redhat2nvd2centos2gentoo2ubuntucve1securityvulns1oraclelinux1debiancve1