Search...

openSUSE Security Update : libltdl-3 (libltdl-3-1638)

2010-01-05T00:00:00

ID SUSE_11_0_LIBLTDL-3-091201.NASL
Type nessus
Reporter This script is Copyright (C) 2010-2021 Tenable Network Security, Inc.
Modified 2010-01-05T00:00:00

Description

libtool: libltdl may load modules from the current working directory. CVE-2009-3736 has been assigned to this issue.

                                        
                                            #%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from openSUSE Security Update libltdl-3-1638.
#
# The text description of this plugin is (C) SUSE LLC.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(43629);
  script_version("1.8");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/14");

  script_cve_id("CVE-2009-3736");

  script_name(english:"openSUSE Security Update : libltdl-3 (libltdl-3-1638)");
  script_summary(english:"Check for the libltdl-3-1638 patch");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote openSUSE host is missing a security update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"libtool: libltdl may load modules from the current working directory.
CVE-2009-3736 has been assigned to this issue."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=556122"
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Update the affected libltdl-3 packages."
  );
  script_set_cvss_base_vector("CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libltdl-3");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libltdl-3-32bit");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libtool");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libtool-32bit");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:11.0");

  script_set_attribute(attribute:"patch_publication_date", value:"2009/12/01");
  script_set_attribute(attribute:"plugin_publication_date", value:"2010/01/05");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2010-2021 Tenable Network Security, Inc.");
  script_family(english:"SuSE Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
if (release !~ "^(SUSE11\.0)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "11.0", release);
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

ourarch = get_kb_item("Host/cpu");
if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);

flag = 0;

if ( rpm_check(release:"SUSE11.0", reference:"libltdl-3-1.5.26-23.2") ) flag++;
if ( rpm_check(release:"SUSE11.0", reference:"libtool-1.5.26-23.2") ) flag++;
if ( rpm_check(release:"SUSE11.0", cpu:"x86_64", reference:"libltdl-3-32bit-1.5.26-23.2") ) flag++;
if ( rpm_check(release:"SUSE11.0", cpu:"x86_64", reference:"libtool-32bit-1.5.26-23.2") ) flag++;

if (flag)
{
  if (report_verbosity &gt; 0) security_warning(port:0, extra:rpm_report_get());
  else security_warning(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libltdl-3 / libltdl-3-32bit / libtool / libtool-32bit");
}

JSON Vulners Source

Initial Source

{"id": "SUSE_11_0_LIBLTDL-3-091201.NASL", "bulletinFamily": "scanner", "title": "openSUSE Security Update : libltdl-3 (libltdl-3-1638)", "description": "libtool: libltdl may load modules from the current working directory.\nCVE-2009-3736 has been assigned to this issue.", "published": "2010-01-05T00:00:00", "modified": "2010-01-05T00:00:00", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}, "href": "https://www.tenable.com/plugins/nessus/43629", "reporter": "This script is Copyright (C) 2010-2021 Tenable Network Security, Inc.", "references": ["https://bugzilla.novell.com/show_bug.cgi?id=556122"], "cvelist": ["CVE-2009-3736"], "type": "nessus", "lastseen": "2021-01-17T14:03:29", "edition": 21, "viewCount": 1, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2009-3736"]}, {"type": "nessus", "idList": ["FEDORA_2010-4352.NASL", "FEDORA_2010-8756.NASL", "FEDORA_2011-1990.NASL", "DEBIAN_DSA-1958.NASL", "FREEBSD_PKG_77C14729DC5E11DE92AE02E0184B8D35.NASL", "FEDORA_2010-1872.NASL", "FEDORA_2010-2341.NASL", "FEDORA_2011-1967.NASL", "FEDORA_2009-12562.NASL", "FEDORA_2010-3216.NASL"]}, {"type": "fedora", "idList": ["FEDORA:17DDB1114C9", "FEDORA:9D8D511101D", "FEDORA:102A7110A72", "FEDORA:12EED10F9CB", "FEDORA:9FE8D10F878", "FEDORA:7900910F8A5", "FEDORA:C1D5D1108AB", "FEDORA:988AD1100BA", "FEDORA:6239928072", "FEDORA:B982610FA73"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310830904", "OPENVAS:136141256231066599", "OPENVAS:1361412562310861790", "OPENVAS:861633", "OPENVAS:136141256231066528", "OPENVAS:880596", "OPENVAS:861787", "OPENVAS:66572", "OPENVAS:830983", "OPENVAS:1361412562310880753"]}, {"type": "debian", "idList": ["DEBIAN:DSA-1958-1:EC006"]}, {"type": "oraclelinux", "idList": ["ELSA-2010-0039", "ELSA-2009-1646"]}, {"type": "freebsd", "idList": ["77C14729-DC5E-11DE-92AE-02E0184B8D35"]}, {"type": "seebug", "idList": ["SSV:15008"]}, {"type": "centos", "idList": ["CESA-2009:1646"]}, {"type": "redhat", "idList": ["RHSA-2009:1646", "RHSA-2010:0039"]}], "modified": "2021-01-17T14:03:29", "rev": 2}, "score": {"value": 6.3, "vector": "NONE", "modified": "2021-01-17T14:03:29", "rev": 2}, "vulnersScore": 6.3}, "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update libltdl-3-1638.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(43629);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2009-3736\");\n\n script_name(english:\"openSUSE Security Update : libltdl-3 (libltdl-3-1638)\");\n script_summary(english:\"Check for the libltdl-3-1638 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"libtool: libltdl may load modules from the current working directory.\nCVE-2009-3736 has been assigned to this issue.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=556122\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libltdl-3 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libltdl-3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libltdl-3-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libtool\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libtool-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/12/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/01/05\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.0)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.0\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.0\", reference:\"libltdl-3-1.5.26-23.2\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"libtool-1.5.26-23.2\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", cpu:\"x86_64\", reference:\"libltdl-3-32bit-1.5.26-23.2\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", cpu:\"x86_64\", reference:\"libtool-32bit-1.5.26-23.2\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libltdl-3 / libltdl-3-32bit / libtool / libtool-32bit\");\n}\n", "naslFamily": "SuSE Local Security Checks", "pluginID": "43629", "cpe": ["cpe:/o:novell:opensuse:11.0", "p-cpe:/a:novell:opensuse:libtool-32bit", "p-cpe:/a:novell:opensuse:libltdl-3-32bit", "p-cpe:/a:novell:opensuse:libtool", "p-cpe:/a:novell:opensuse:libltdl-3"], "scheme": null}

{"cve": [{"lastseen": "2020-10-03T11:54:18", "description": "ltdl.c in libltdl in GNU Libtool 1.5.x, and 2.2.6 before 2.2.6b, as used in Ham Radio Control Libraries, Q, and possibly other products, attempts to open a .la file in the current working directory, which allows local users to gain privileges via a Trojan horse file.", "edition": 3, "cvss3": {}, "published": "2009-11-29T13:07:00", "title": "CVE-2009-3736", "type": "cve", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 6.9, "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2009-3736"], "modified": "2017-09-19T01:29:00", "cpe": ["cpe:/a:gnu:libtool:1.5.20", "cpe:/a:gnu:libtool:2.2.6a", "cpe:/a:gnu:libtool:1.5.18", "cpe:/a:gnu:libtool:1.5.10", "cpe:/a:gnu:libtool:1.5.14", "cpe:/a:gnu:libtool:1.5.22", "cpe:/a:gnu:libtool:1.5.26", "cpe:/a:gnu:libtool:1.5.4", "cpe:/a:gnu:libtool:1.5", "cpe:/a:gnu:libtool:1.5.6", "cpe:/a:gnu:libtool:1.5.16", "cpe:/a:gnu:libtool:1.5.8", "cpe:/a:gnu:libtool:1.5.12", "cpe:/a:gnu:libtool:1.5.2", "cpe:/a:gnu:libtool:1.5.24"], "id": "CVE-2009-3736", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3736", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:gnu:libtool:1.5.4:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:libtool:1.5.14:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:libtool:1.5.20:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:libtool:1.5:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:libtool:1.5.8:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:libtool:2.2.6a:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:libtool:1.5.24:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:libtool:1.5.22:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:libtool:1.5.12:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:libtool:1.5.26:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:libtool:1.5.10:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:libtool:1.5.2:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:libtool:1.5.18:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:libtool:1.5.6:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:libtool:1.5.16:*:*:*:*:*:*:*"]}], "openvas": [{"lastseen": "2019-05-29T18:39:50", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-3736"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2011-08-09T00:00:00", "id": "OPENVAS:1361412562310880704", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310880704", "type": "openvas", "title": "CentOS Update for libtool CESA-2009:1646 centos3 i386", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for libtool CESA-2009:1646 centos3 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2009-December/016354.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.880704\");\n script_version(\"$Revision: 14222 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 13:50:48 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-08-09 08:20:34 +0200 (Tue, 09 Aug 2011)\");\n script_tag(name:\"cvss_base\", value:\"6.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name:\"CESA\", value:\"2009:1646\");\n script_cve_id(\"CVE-2009-3736\");\n script_name(\"CentOS Update for libtool CESA-2009:1646 centos3 i386\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'libtool'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS3\");\n script_tag(name:\"affected\", value:\"libtool on CentOS 3\");\n script_tag(name:\"insight\", value:\"GNU Libtool is a set of shell scripts which automatically configure UNIX,\n Linux, and similar operating systems to generically build shared libraries.\n\n A flaw was found in the way GNU Libtool's libltdl library looked for\n modules to load. It was possible for libltdl to load and run modules from\n an arbitrary library in the current working directory. If a local attacker\n could trick a local user into running an application (which uses libltdl)\n from an attacker-controlled directory containing a malicious Libtool\n control file (.la), the attacker could possibly execute arbitrary code with\n the privileges of the user running the application. (CVE-2009-3736)\n\n All libtool users should upgrade to these updated packages, which contain\n a backported patch to correct this issue. After installing the updated\n packages, applications using the libltdl library must be restarted for the\n update to take effect.\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS3\")\n{\n\n if ((res = isrpmvuln(pkg:\"libtool\", rpm:\"libtool~1.4.3~7\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libtool-libs\", rpm:\"libtool-libs~1.4.3~7\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2017-12-15T11:58:02", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-3736"], "description": "Check for the Version of gnash", "modified": "2017-12-15T00:00:00", "published": "2010-03-02T00:00:00", "id": "OPENVAS:861704", "href": "http://plugins.openvas.org/nasl.php?oid=861704", "type": "openvas", "title": "Fedora Update for gnash FEDORA-2010-1820", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for gnash FEDORA-2010-1820\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"gnash on Fedora 12\";\ntag_insight = \"Gnash is capable of reading up to SWF v9 files and opcodes, but primarily\n supports SWF v7, with better SWF v8 and v9 support under heavy development.\n Gnash includes initial parser support for SWF v8 and v9. Not all\n ActionScript 2 classes are implemented yet, but all of the most heavily\n used ones are. Many ActionScript 2 classes are partially implemented;\n there is support for all of the commonly used methods of each\n class.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035080.html\");\n script_id(861704);\n script_version(\"$Revision: 8130 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-15 07:31:09 +0100 (Fri, 15 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-03-02 08:38:02 +0100 (Tue, 02 Mar 2010)\");\n script_tag(name:\"cvss_base\", value:\"6.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"FEDORA\", value: \"2010-1820\");\n script_cve_id(\"CVE-2009-3736\");\n script_name(\"Fedora Update for gnash FEDORA-2010-1820\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of gnash\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC12\")\n{\n\n if ((res = isrpmvuln(pkg:\"gnash\", rpm:\"gnash~0.8.6~13.fc12\", rls:\"FC12\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:39:27", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-3736"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2011-03-07T00:00:00", "id": "OPENVAS:1361412562310862870", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310862870", "type": "openvas", "title": "Fedora Update for q FEDORA-2011-1958", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for q FEDORA-2011-1958\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.fedoraproject.org/pipermail/package-announce/2011-March/054915.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.862870\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-03-07 06:45:55 +0100 (Mon, 07 Mar 2011)\");\n script_tag(name:\"cvss_base\", value:\"6.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name:\"FEDORA\", value:\"2011-1958\");\n script_cve_id(\"CVE-2009-3736\");\n script_name(\"Fedora Update for q FEDORA-2011-1958\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'q'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC13\");\n script_tag(name:\"affected\", value:\"q on Fedora 13\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC13\")\n{\n\n if ((res = isrpmvuln(pkg:\"q\", rpm:\"q~7.11~8.fc13\", rls:\"FC13\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2017-07-24T12:56:54", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-3736"], "description": "The remote host is missing an update to libtool\nannounced via advisory DSA 1958-1.", "modified": "2017-07-07T00:00:00", "published": "2009-12-30T00:00:00", "id": "OPENVAS:66599", "href": "http://plugins.openvas.org/nasl.php?oid=66599", "type": "openvas", "title": "Debian Security Advisory DSA 1958-1 (libtool)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_1958_1.nasl 6615 2017-07-07 12:09:52Z cfischer $\n# Description: Auto-generated from advisory DSA 1958-1 (libtool)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"It was discovered that ltdl, a system-independent dlopen wrapper for\nGNU libtool, can be tricked to load and run modules from an arbitrary\ndirectory, which might be used to execute arbitrary code with the\nprivileges of the user running an application that uses libltdl.\n\n\nFor the stable distribution (lenny), this problem has been fixed in\nversion 1.5.26-4+lenny1.\n\nFor the oldstable distribution (etch), this problem has been fixed in\nversion 1.5.22-4+etch1.\n\nFor the testing distribution (squeeze) and unstable distribution (sid),\nthis problem has been fixed in 2.2.6b-1.\n\n\nWe recommend that you upgrade your libtool packages.\";\ntag_summary = \"The remote host is missing an update to libtool\nannounced via advisory DSA 1958-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201958-1\";\n\n\nif(description)\n{\n script_id(66599);\n script_version(\"$Revision: 6615 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:09:52 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-12-30 21:58:43 +0100 (Wed, 30 Dec 2009)\");\n script_cve_id(\"CVE-2009-3736\");\n script_tag(name:\"cvss_base\", value:\"6.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"Debian Security Advisory DSA 1958-1 (libtool)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"libtool-doc\", ver:\"1.5.22-4+etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libtool\", ver:\"1.5.22-4+etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libltdl3\", ver:\"1.5.22-4+etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libltdl3-dev\", ver:\"1.5.22-4+etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libtool-doc\", ver:\"1.5.26-4+lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libtool\", ver:\"1.5.26-4+lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libltdl3\", ver:\"1.5.26-4+lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libltdl3-dev\", ver:\"1.5.26-4+lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-01-11T11:04:29", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-3736"], "description": "Check for the Version of gambas", "modified": "2018-01-10T00:00:00", "published": "2010-03-02T00:00:00", "id": "OPENVAS:1361412562310861733", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310861733", "type": "openvas", "title": "Fedora Update for gambas FEDORA-2010-1924", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for gambas FEDORA-2010-1924\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"gambas on Fedora 11\";\ntag_insight = \"Gambas is a free development environment based on a Basic interpreter\n with object extensions, like Visual Basic (but it is NOT a clone !).\n With Gambas, you can quickly design your program GUI, access MySQL or\n PostgreSQL databases, pilot KDE applications with DCOP, translate your\n program into many languages, create network applications easily, and so\n on...\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035168.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.861733\");\n script_version(\"$Revision: 8356 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-10 09:00:39 +0100 (Wed, 10 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2010-03-02 08:38:02 +0100 (Tue, 02 Mar 2010)\");\n script_tag(name:\"cvss_base\", value:\"6.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"FEDORA\", value: \"2010-1924\");\n script_cve_id(\"CVE-2009-3736\");\n script_name(\"Fedora Update for gambas FEDORA-2010-1924\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of gambas\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC11\")\n{\n\n if ((res = isrpmvuln(pkg:\"gambas\", rpm:\"gambas~1.0.19~12.fc11\", rls:\"FC11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-12-21T11:32:23", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-3736"], "description": "Check for the Version of hamlib", "modified": "2017-12-20T00:00:00", "published": "2010-04-06T00:00:00", "id": "OPENVAS:1361412562310861857", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310861857", "type": "openvas", "title": "Fedora Update for hamlib FEDORA-2010-4407", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for hamlib FEDORA-2010-4407\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Hamlib provides a standardised programming interface that applications\n can use to send the appropriate commands to a radio.\n\n Also included in the package is a simple radio control program 'rigctl',\n which lets one control a radio transceiver or receiver, either from\n command line interface or in a text-oriented interactive interface.\";\n\ntag_affected = \"hamlib on Fedora 12\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2010-April/038467.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.861857\");\n script_version(\"$Revision: 8187 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-20 08:30:09 +0100 (Wed, 20 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-04-06 08:56:44 +0200 (Tue, 06 Apr 2010)\");\n script_tag(name:\"cvss_base\", value:\"6.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"FEDORA\", value: \"2010-4407\");\n script_cve_id(\"CVE-2009-3736\");\n script_name(\"Fedora Update for hamlib FEDORA-2010-4407\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of hamlib\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC12\")\n{\n\n if ((res = isrpmvuln(pkg:\"hamlib\", rpm:\"hamlib~1.2.10~2.fc12\", rls:\"FC12\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-12-20T13:18:06", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-3736"], "description": "Check for the Version of mingw32-libltdl", "modified": "2017-12-19T00:00:00", "published": "2010-03-02T00:00:00", "id": "OPENVAS:861670", "href": "http://plugins.openvas.org/nasl.php?oid=861670", "type": "openvas", "title": "Fedora Update for mingw32-libltdl FEDORA-2010-2943", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for mingw32-libltdl FEDORA-2010-2943\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The mingw32-libltdl package contains the GNU Libtool Dynamic Module Loader, a\n library that provides a consistent, portable interface which simplifies the\n process of using dynamic modules, for the mingw32 cross compilation\n environment.\n\n These runtime libraries are needed by programs that link directly to the\n system-installed ltdl libraries; they are not needed by software built using\n the rest of the GNU Autotools (including GNU Autoconf and GNU Automake).\";\n\ntag_affected = \"mingw32-libltdl on Fedora 11\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035851.html\");\n script_id(861670);\n script_version(\"$Revision: 8164 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-19 07:30:41 +0100 (Tue, 19 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-03-02 08:38:02 +0100 (Tue, 02 Mar 2010)\");\n script_tag(name:\"cvss_base\", value:\"6.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"FEDORA\", value: \"2010-2943\");\n script_cve_id(\"CVE-2009-3736\");\n script_name(\"Fedora Update for mingw32-libltdl FEDORA-2010-2943\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of mingw32-libltdl\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC11\")\n{\n\n if ((res = isrpmvuln(pkg:\"mingw32-libltdl\", rpm:\"mingw32-libltdl~1.5.26~17.fc11\", rls:\"FC11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-06T11:40:00", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-3736"], "description": "The remote host is missing an update to libtool\nannounced via advisory FEDORA-2009-12562.", "modified": "2018-04-06T00:00:00", "published": "2009-12-30T00:00:00", "id": "OPENVAS:136141256231066589", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231066589", "type": "openvas", "title": "Fedora Core 12 FEDORA-2009-12562 (libtool)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: fcore_2009_12562.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory FEDORA-2009-12562 (libtool)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Update Information:\n\nlibltdl may load and execute code from a library in the current directory.\n\nChangeLog:\n\n* Wed Dec 2 2009 Karsten Hopp 2.2.6-17\n- fix directory name used in libtool tarball\n* Wed Dec 2 2009 Karsten Hopp 2.2.6-16\n- update to 2.2.6b, fixes CVE-2009-3736:\nlibltdl may load and execute code from a library in the current directory\";\ntag_solution = \"Apply the appropriate updates.\n\nThis update can be installed with the yum update program. Use \nsu -c 'yum update libtool' at the command line.\nFor more information, refer to Managing Software with yum,\navailable at http://docs.fedoraproject.org/yum/.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2009-12562\";\ntag_summary = \"The remote host is missing an update to libtool\nannounced via advisory FEDORA-2009-12562.\";\n\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.66589\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-12-30 21:58:43 +0100 (Wed, 30 Dec 2009)\");\n script_cve_id(\"CVE-2009-3736\");\n script_tag(name:\"cvss_base\", value:\"6.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"Fedora Core 12 FEDORA-2009-12562 (libtool)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=537941\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"libtool\", rpm:\"libtool~2.2.6~17.fc12\", rls:\"FC12\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libtool-ltdl\", rpm:\"libtool-ltdl~2.2.6~17.fc12\", rls:\"FC12\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libtool-ltdl-devel\", rpm:\"libtool-ltdl-devel~2.2.6~17.fc12\", rls:\"FC12\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libtool-debuginfo\", rpm:\"libtool-debuginfo~2.2.6~17.fc12\", rls:\"FC12\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-01-19T15:04:56", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-3736"], "description": "Check for the Version of hamlib", "modified": "2018-01-18T00:00:00", "published": "2010-04-06T00:00:00", "id": "OPENVAS:1361412562310861854", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310861854", "type": "openvas", "title": "Fedora Update for hamlib FEDORA-2010-4352", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for hamlib FEDORA-2010-4352\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Hamlib provides a standardised programming interface that applications\n can use to send the appropriate commands to a radio.\n\n Also included in the package is a simple radio control program 'rigctl',\n which lets one control a radio transceiver or receiver, either from\n command line interface or in a text-oriented interactive interface.\";\n\ntag_affected = \"hamlib on Fedora 11\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2010-April/038472.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.861854\");\n script_version(\"$Revision: 8457 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-18 08:58:32 +0100 (Thu, 18 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2010-04-06 08:56:44 +0200 (Tue, 06 Apr 2010)\");\n script_tag(name:\"cvss_base\", value:\"6.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"FEDORA\", value: \"2010-4352\");\n script_cve_id(\"CVE-2009-3736\");\n script_name(\"Fedora Update for hamlib FEDORA-2010-4352\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of hamlib\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC11\")\n{\n\n if ((res = isrpmvuln(pkg:\"hamlib\", rpm:\"hamlib~1.2.8~4.fc11\", rls:\"FC11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-01-08T12:53:44", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-3736"], "description": "Check for the Version of esorex", "modified": "2018-01-08T00:00:00", "published": "2010-03-22T00:00:00", "id": "OPENVAS:1361412562310861788", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310861788", "type": "openvas", "title": "Fedora Update for esorex FEDORA-2010-3216", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for esorex FEDORA-2010-3216\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"esorex on Fedora 12\";\ntag_insight = \"EsoRex is the ESO Recipe Execution Tool. It can list, configure and\n execute CPL-based recipes from the command line.\n One of the features provided by the CPL is the ability to create\n data-reduction algorithms that run as plugins (dynamic libraries). These\n are called recipes and are one of the main aspects of the\n CPL data-reduction development environment.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2010-March/037570.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.861788\");\n script_version(\"$Revision: 8314 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-08 09:01:01 +0100 (Mon, 08 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2010-03-22 11:34:53 +0100 (Mon, 22 Mar 2010)\");\n script_tag(name:\"cvss_base\", value:\"6.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"FEDORA\", value: \"2010-3216\");\n script_cve_id(\"CVE-2009-3736\");\n script_name(\"Fedora Update for esorex FEDORA-2010-3216\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of esorex\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC12\")\n{\n\n if ((res = isrpmvuln(pkg:\"esorex\", rpm:\"esorex~3.7.2~5.fc12\", rls:\"FC12\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "nessus": [{"lastseen": "2021-01-12T10:07:02", "description": " - Tue Dec 22 2009 Jakub Jelinek <jakub at redhat.com>\n 4.4.2-20\n\n - fix MEM_SIZE of reload created stack slots (#548825,\n PR rtl-optimization/42429)\n\n - fix addition of one character long filenames in fastjar\n (#549493)\n\n - Thu Dec 17 2009 Jakub Jelinek <jakub at redhat.com>\n 4.4.2-18\n\n - update from gcc-4_4-branch\n\n - PRs c++/42387\n\n - another C++ virtual dtors fix (PR c++/42386)\n\n - VTA mode and COND_EXEC fixes (PR debug/41679)\n\n - fix ICE in chrec_convert_1 (#547775)\n\n - fix debuginfo for optimized out TLS vars\n\n - use DW_AT_location with DW_OP_addr + DW_OP_stack_value\n instead of DW_AT_const_value with address in it, use\n DW_OP_addr + DW_OP_stack_value instead of\n DW_OP_implicit_value with address (#546017)\n\n - Mon Dec 14 2009 Jakub Jelinek <jakub at redhat.com>\n 4.4.2-17\n\n - propagate TREE_NOTHROW/TREE_READONLY/DECL_PURE_P from\n ipa-pure-const and EH opt to all same body aliases\n (#547286)\n\n - don't emit DWARF location list entries with no location\n or DW_AT_location with empty blocks (PR debug/41473)\n\n - fix up AMD LWP support\n\n - don't crash when mangling C++ decls inside of\n middle-end generated functions (PR c++/41183)\n\n - Fri Dec 11 2009 Jakub Jelinek <jakub at redhat.com>\n 4.4.2-16\n\n - update from gcc-4_4-branch\n\n - PRs c++/27425, c++/34274, c++/42301, fortran/42268,\n java/41991, libstdc++/42273, rtl-optimization/41574,\n target/41196, target/41939 target/42263\n\n - Wed Dec 9 2009 Jakub Jelinek <jakub at redhat.com>\n 4.4.2-15\n\n - VTA backports\n\n - PRs debug/42166, debug/42234, debug/42244, debug/42299\n\n - fix handling of C++ COMDAT virtual destructors\n\n - some x86/x86_64 FMA4, XOP, ABM and LWP fixes\n\n - fix a decltype handling bug in templates (PR\n c++/42277)\n\n - Fri Dec 4 2009 Jakub Jelinek <jakub at redhat.com>\n 4.4.2-14\n\n - update from gcc-4_4-branch\n\n - PRs libstdc++/42261, middle-end/42049\n\n - backport C++0x ICE fix from trunk (PR c++/42266)\n\n - fortran !$omp workshare improvements (PR\n fortran/35423)\n\n - FMA4 and XOP fixes\n\n - Wed Dec 2 2009 Jakub Jelinek <jakub at redhat.com>\n 4.4.2-13\n\n - fix security issues in libltdl bundled within libgcj\n (CVE-2009-3736)\n\n - Wed Dec 2 2009 Jakub Jelinek <jakub at redhat.com>\n 4.4.2-12\n\n - update from gcc-4_4-branch\n\n - PRs c++/42234, fortran/41278, fortran/41807,\n fortran/42162, target/42113, target/42165\n\n - don't ICE on -O256 (#539923)\n\n - fix -mregnames on ppc/ppc64\n\n - optimize even COMDAT constructors and destructors\n without virtual bases (PR c++/3187)\n\n - Mon Nov 23 2009 Jakub Jelinek <jakub at redhat.com>\n 4.4.2-11\n\n[plus 32 lines in the Changelog]\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 25, "published": "2009-12-30T00:00:00", "title": "Fedora 12 : gcc-4.4.2-20.fc12 (2009-12813)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-3736"], "modified": "2009-12-30T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:12", "p-cpe:/a:fedoraproject:fedora:gcc"], "id": "FEDORA_2009-12813.NASL", "href": "https://www.tenable.com/plugins/nessus/43612", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2009-12813.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(43612);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2009-3736\");\n script_bugtraq_id(37128);\n script_xref(name:\"FEDORA\", value:\"2009-12813\");\n\n script_name(english:\"Fedora 12 : gcc-4.4.2-20.fc12 (2009-12813)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - Tue Dec 22 2009 Jakub Jelinek <jakub at redhat.com>\n 4.4.2-20\n\n - fix MEM_SIZE of reload created stack slots (#548825,\n PR rtl-optimization/42429)\n\n - fix addition of one character long filenames in fastjar\n (#549493)\n\n - Thu Dec 17 2009 Jakub Jelinek <jakub at redhat.com>\n 4.4.2-18\n\n - update from gcc-4_4-branch\n\n - PRs c++/42387\n\n - another C++ virtual dtors fix (PR c++/42386)\n\n - VTA mode and COND_EXEC fixes (PR debug/41679)\n\n - fix ICE in chrec_convert_1 (#547775)\n\n - fix debuginfo for optimized out TLS vars\n\n - use DW_AT_location with DW_OP_addr + DW_OP_stack_value\n instead of DW_AT_const_value with address in it, use\n DW_OP_addr + DW_OP_stack_value instead of\n DW_OP_implicit_value with address (#546017)\n\n - Mon Dec 14 2009 Jakub Jelinek <jakub at redhat.com>\n 4.4.2-17\n\n - propagate TREE_NOTHROW/TREE_READONLY/DECL_PURE_P from\n ipa-pure-const and EH opt to all same body aliases\n (#547286)\n\n - don't emit DWARF location list entries with no location\n or DW_AT_location with empty blocks (PR debug/41473)\n\n - fix up AMD LWP support\n\n - don't crash when mangling C++ decls inside of\n middle-end generated functions (PR c++/41183)\n\n - Fri Dec 11 2009 Jakub Jelinek <jakub at redhat.com>\n 4.4.2-16\n\n - update from gcc-4_4-branch\n\n - PRs c++/27425, c++/34274, c++/42301, fortran/42268,\n java/41991, libstdc++/42273, rtl-optimization/41574,\n target/41196, target/41939 target/42263\n\n - Wed Dec 9 2009 Jakub Jelinek <jakub at redhat.com>\n 4.4.2-15\n\n - VTA backports\n\n - PRs debug/42166, debug/42234, debug/42244, debug/42299\n\n - fix handling of C++ COMDAT virtual destructors\n\n - some x86/x86_64 FMA4, XOP, ABM and LWP fixes\n\n - fix a decltype handling bug in templates (PR\n c++/42277)\n\n - Fri Dec 4 2009 Jakub Jelinek <jakub at redhat.com>\n 4.4.2-14\n\n - update from gcc-4_4-branch\n\n - PRs libstdc++/42261, middle-end/42049\n\n - backport C++0x ICE fix from trunk (PR c++/42266)\n\n - fortran !$omp workshare improvements (PR\n fortran/35423)\n\n - FMA4 and XOP fixes\n\n - Wed Dec 2 2009 Jakub Jelinek <jakub at redhat.com>\n 4.4.2-13\n\n - fix security issues in libltdl bundled within libgcj\n (CVE-2009-3736)\n\n - Wed Dec 2 2009 Jakub Jelinek <jakub at redhat.com>\n 4.4.2-12\n\n - update from gcc-4_4-branch\n\n - PRs c++/42234, fortran/41278, fortran/41807,\n fortran/42162, target/42113, target/42165\n\n - don't ICE on -O256 (#539923)\n\n - fix -mregnames on ppc/ppc64\n\n - optimize even COMDAT constructors and destructors\n without virtual bases (PR c++/3187)\n\n - Mon Nov 23 2009 Jakub Jelinek <jakub at redhat.com>\n 4.4.2-11\n\n[plus 32 lines in the Changelog]\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=537941\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2009-December/033321.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?aa4ac9dc\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected gcc package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:gcc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2009/11/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/12/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/12/30\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^12([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 12.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC12\", reference:\"gcc-4.4.2-20.fc12\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"gcc\");\n}\n", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-17T14:46:31", "description": "libtool: libltdl may load modules from the current working directory.\nCVE-2009-3736 has been assigned to this issue.", "edition": 21, "published": "2010-01-05T00:00:00", "title": "SuSE 10 Security Update : libtool (ZYPP Patch Number 6678)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-3736"], "modified": "2010-01-05T00:00:00", "cpe": ["cpe:/o:suse:suse_linux"], "id": "SUSE_LIBTOOL-6678.NASL", "href": "https://www.tenable.com/plugins/nessus/43634", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(43634);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2009-3736\");\n\n script_name(english:\"SuSE 10 Security Update : libtool (ZYPP Patch Number 6678)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 10 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"libtool: libltdl may load modules from the current working directory.\nCVE-2009-3736 has been assigned to this issue.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-3736.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply ZYPP patch number 6678.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/12/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/01/05\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 10 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED10\", sp:2, reference:\"libtool-1.5.22-13.16.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:2, cpu:\"x86_64\", reference:\"libtool-32bit-1.5.22-13.16.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, reference:\"libtool-1.5.22-13.16.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, cpu:\"x86_64\", reference:\"libtool-32bit-1.5.22-13.16.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-12T10:07:01", "description": " - Thu Dec 3 2009 Karsten Hopp <karsten at redhat.com>\n 2.2.6-11.3\n\n - require gcc-4.4.1 from F-11-updates\n\n - Wed Dec 2 2009 Karsten Hopp <karsten at redhat.com>\n 2.2.6-11.2\n\n - update to 2.2.6b, fixes CVE-2009-3736: libltdl may\n load and execute code from a library in the current\n directory\n\n - Thu Jul 30 2009 Jakub Jelinek <jakub at redhat.com>\n 2.2.6-11.fc11.1\n\n - rebuilt against gcc-4.4.1\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 24, "published": "2009-12-22T00:00:00", "title": "Fedora 11 : libtool-2.2.6-11.fc11.3 (2009-12725)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-3736"], "modified": "2009-12-22T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:libtool", "cpe:/o:fedoraproject:fedora:11"], "id": "FEDORA_2009-12725.NASL", "href": "https://www.tenable.com/plugins/nessus/43372", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2009-12725.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(43372);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2009-3736\");\n script_bugtraq_id(37128);\n script_xref(name:\"FEDORA\", value:\"2009-12725\");\n\n script_name(english:\"Fedora 11 : libtool-2.2.6-11.fc11.3 (2009-12725)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - Thu Dec 3 2009 Karsten Hopp <karsten at redhat.com>\n 2.2.6-11.3\n\n - require gcc-4.4.1 from F-11-updates\n\n - Wed Dec 2 2009 Karsten Hopp <karsten at redhat.com>\n 2.2.6-11.2\n\n - update to 2.2.6b, fixes CVE-2009-3736: libltdl may\n load and execute code from a library in the current\n directory\n\n - Thu Jul 30 2009 Jakub Jelinek <jakub at redhat.com>\n 2.2.6-11.fc11.1\n\n - rebuilt against gcc-4.4.1\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=537941\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2009-December/032899.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?698d80b8\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libtool package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:libtool\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/12/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/12/22\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^11([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 11.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC11\", reference:\"libtool-2.2.6-11.fc11.3\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libtool\");\n}\n", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-12T10:08:37", "description": "Fix package so that it uses the system copy of libtool-ltdl, and get\nrid of the ancient embedded copy, which suffers from the vulnerability\nin CVE-2009-3736.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 25, "published": "2010-07-01T00:00:00", "title": "Fedora 11 : gambas-1.0.19-12.fc11 (2010-1924)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-3736"], "modified": "2010-07-01T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:gambas", "cpe:/o:fedoraproject:fedora:11"], "id": "FEDORA_2010-1924.NASL", "href": "https://www.tenable.com/plugins/nessus/47283", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2010-1924.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(47283);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2009-3736\");\n script_bugtraq_id(37128);\n script_xref(name:\"FEDORA\", value:\"2010-1924\");\n\n script_name(english:\"Fedora 11 : gambas-1.0.19-12.fc11 (2010-1924)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Fix package so that it uses the system copy of libtool-ltdl, and get\nrid of the ancient embedded copy, which suffers from the vulnerability\nin CVE-2009-3736.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=563971\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2010-February/035168.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?d3e66b83\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected gambas package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:gambas\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/02/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/07/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^11([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 11.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC11\", reference:\"gambas-1.0.19-12.fc11\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"gambas\");\n}\n", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-12T10:09:25", "description": "Rebuilt against system libltdl.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 24, "published": "2011-03-04T00:00:00", "title": "Fedora 14 : q-7.11-8.fc14 (2011-1967)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-3736"], "modified": "2011-03-04T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:14", "p-cpe:/a:fedoraproject:fedora:q"], "id": "FEDORA_2011-1967.NASL", "href": "https://www.tenable.com/plugins/nessus/52539", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2011-1967.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(52539);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2009-3736\");\n script_xref(name:\"FEDORA\", value:\"2011-1967\");\n\n script_name(english:\"Fedora 14 : q-7.11-8.fc14 (2011-1967)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Rebuilt against system libltdl.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=537941\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2011-March/054921.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?0ddade8c\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected q package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:q\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:14\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/02/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/03/04\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^14([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 14.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC14\", reference:\"q-7.11-8.fc14\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"q\");\n}\n", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-07T11:52:24", "description": "A vulnerability was discovered and corrected in libtool :\n\nAll versions of libtool prior to 2.2.6b suffers from a local privilege\nescalation vulnerability that could be exploited under certain\nconditions to load arbitrary code (CVE-2009-3736).\n\nThis advisory fixes this issue. Additionally, all applications\nembedding the libtool code were patched in order to avoid possible\nfuture exploitations of this issue.\n\nUpdate :\n\nPackages for 2008.0 are provided for Corporate Desktop 2008.0\ncustomers", "edition": 25, "published": "2009-12-01T00:00:00", "title": "Mandriva Linux Security Advisory : libtool (MDVSA-2009:307-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-3736"], "modified": "2009-12-01T00:00:00", "cpe": ["p-cpe:/a:mandriva:linux:proftpd-mod_quotatab_sql", "p-cpe:/a:mandriva:linux:python-prelude", "p-cpe:/a:mandriva:linux:lib64heartbeat-stonith1", "p-cpe:/a:mandriva:linux:lib64ltdl3", "p-cpe:/a:mandriva:linux:libtunepimp-devel", "p-cpe:/a:mandriva:linux:proftpd-mod_load", "p-cpe:/a:mandriva:linux:proftpd-mod_ctrls_admin", "p-cpe:/a:mandriva:linux:libstdc++-static-devel", "p-cpe:/a:mandriva:linux:gcj-tools", "p-cpe:/a:mandriva:linux:lib64prelude-static-devel", "p-cpe:/a:mandriva:linux:lib64heartbeat-apphb0", "p-cpe:/a:mandriva:linux:gcc-cpp", "p-cpe:/a:mandriva:linux:perl-Image-Magick", "p-cpe:/a:mandriva:linux:lib64heartbeat1", "p-cpe:/a:mandriva:linux:proftpd-mod_site_misc", "p-cpe:/a:mandriva:linux:heartbeat-pils", "p-cpe:/a:mandriva:linux:lib64heartbeat-pils1", "p-cpe:/a:mandriva:linux:lib64tunepimp5", "p-cpe:/a:mandriva:linux:proftpd-mod_shaper", "p-cpe:/a:mandriva:linux:proftpd-mod_ifsession", "p-cpe:/a:mandriva:linux:arts", "p-cpe:/a:mandriva:linux:libgcj8", "p-cpe:/a:mandriva:linux:libmudflap-devel", "p-cpe:/a:mandriva:linux:proftpd-mod_autohost", "p-cpe:/a:mandriva:linux:lib64prelude2", "p-cpe:/a:mandriva:linux:libprelude-devel", "p-cpe:/a:mandriva:linux:libgomp1", "p-cpe:/a:mandriva:linux:libheartbeat-pils1", "p-cpe:/a:mandriva:linux:lib64heartbeat-stonith1-devel", "p-cpe:/a:mandriva:linux:libtunepimp5", "p-cpe:/a:mandriva:linux:libtool-base", "p-cpe:/a:mandriva:linux:heartbeat", "p-cpe:/a:mandriva:linux:libgfortran2", "p-cpe:/a:mandriva:linux:proftpd-mod_ratio", "p-cpe:/a:mandriva:linux:lib64gcj-devel", "p-cpe:/a:mandriva:linux:proftpd-mod_tls", "p-cpe:/a:mandriva:linux:lib64gcj-static-devel", "p-cpe:/a:mandriva:linux:lib64ltdl3-devel", "p-cpe:/a:mandriva:linux:lib64heartbeat-pils1-devel", "p-cpe:/a:mandriva:linux:lib64gcj8", "p-cpe:/a:mandriva:linux:gcc-objc", "p-cpe:/a:mandriva:linux:proftpd-mod_quotatab", "p-cpe:/a:mandriva:linux:libtool", "cpe:/o:mandriva:linux:2008.0", "p-cpe:/a:mandriva:linux:proftpd-mod_case", "p-cpe:/a:mandriva:linux:lib64prelude-devel", "p-cpe:/a:mandriva:linux:libarts1", "p-cpe:/a:mandriva:linux:proftpd-mod_wrap_sql", "p-cpe:/a:mandriva:linux:libheartbeat-stonith1", "p-cpe:/a:mandriva:linux:libgcj8-base", "p-cpe:/a:mandriva:linux:lib64tunepimp-devel", "p-cpe:/a:mandriva:linux:libltdl3", "p-cpe:/a:mandriva:linux:python-tunepimp", "p-cpe:/a:mandriva:linux:gcc-doc", "p-cpe:/a:mandriva:linux:proftpd-mod_ban", "p-cpe:/a:mandriva:linux:proftpd", "p-cpe:/a:mandriva:linux:libheartbeat-stonith1-devel", "p-cpe:/a:mandriva:linux:gcc-c++", "p-cpe:/a:mandriva:linux:proftpd-mod_wrap_file", "p-cpe:/a:mandriva:linux:libheartbeat1", "p-cpe:/a:mandriva:linux:imagemagick-doc", "p-cpe:/a:mandriva:linux:heartbeat-stonith", "p-cpe:/a:mandriva:linux:proftpd-mod_ldap", "p-cpe:/a:mandriva:linux:libstdc++-devel", "p-cpe:/a:mandriva:linux:gcc-java", "p-cpe:/a:mandriva:linux:proftpd-devel", "p-cpe:/a:mandriva:linux:libltdl3-devel", "p-cpe:/a:mandriva:linux:libprelude-static-devel", "p-cpe:/a:mandriva:linux:proftpd-mod_quotatab_radius", "p-cpe:/a:mandriva:linux:smalltalk", "p-cpe:/a:mandriva:linux:gcc-objc++", "p-cpe:/a:mandriva:linux:libffi4", "p-cpe:/a:mandriva:linux:prelude-tools", "p-cpe:/a:mandriva:linux:libheartbeat1-devel", "p-cpe:/a:mandriva:linux:proftpd-mod_wrap", "p-cpe:/a:mandriva:linux:lib64magick10.7.0", "p-cpe:/a:mandriva:linux:gcc-gfortran", "p-cpe:/a:mandriva:linux:proftpd-mod_sql_postgres", "p-cpe:/a:mandriva:linux:libmagick10.7.0-devel", "p-cpe:/a:mandriva:linux:proftpd-mod_quotatab_ldap", "p-cpe:/a:mandriva:linux:proftpd-mod_rewrite", "p-cpe:/a:mandriva:linux:imagemagick-desktop", "p-cpe:/a:mandriva:linux:libprelude2", "p-cpe:/a:mandriva:linux:proftpd-mod_sql", "p-cpe:/a:mandriva:linux:gcc", "p-cpe:/a:mandriva:linux:lib64arts1", "p-cpe:/a:mandriva:linux:heartbeat-ldirectord", "p-cpe:/a:mandriva:linux:proftpd-mod_gss", "p-cpe:/a:mandriva:linux:proftpd-mod_sql_mysql", "p-cpe:/a:mandriva:linux:libarts1-devel", "p-cpe:/a:mandriva:linux:lib64arts1-devel", "p-cpe:/a:mandriva:linux:libffi-devel", "p-cpe:/a:mandriva:linux:libgomp-devel", "p-cpe:/a:mandriva:linux:proftpd-mod_radius", "p-cpe:/a:mandriva:linux:lib64magick10.7.0-devel", "p-cpe:/a:mandriva:linux:imagemagick", "p-cpe:/a:mandriva:linux:libgcc1", "p-cpe:/a:mandriva:linux:tunepimp-utils", "p-cpe:/a:mandriva:linux:perl-prelude", "p-cpe:/a:mandriva:linux:libstdc++6", "p-cpe:/a:mandriva:linux:gcc-doc-pdf", "p-cpe:/a:mandriva:linux:libmudflap0", "p-cpe:/a:mandriva:linux:libgnat1", "p-cpe:/a:mandriva:linux:gcc-gnat", "p-cpe:/a:mandriva:linux:libgcj8-src", "p-cpe:/a:mandriva:linux:proftpd-mod_quotatab_file", "p-cpe:/a:mandriva:linux:libmagick10.7.0", "p-cpe:/a:mandriva:linux:libgcj-static-devel", "p-cpe:/a:mandriva:linux:libheartbeat-pils1-devel", "p-cpe:/a:mandriva:linux:lib64heartbeat1-devel", "p-cpe:/a:mandriva:linux:libgcj-devel", "p-cpe:/a:mandriva:linux:tunepimp-plugins", "p-cpe:/a:mandriva:linux:libheartbeat-apphb0", "p-cpe:/a:mandriva:linux:libobjc2", "p-cpe:/a:mandriva:linux:proftpd-mod_time"], "id": "MANDRIVA_MDVSA-2009-307.NASL", "href": "https://www.tenable.com/plugins/nessus/42943", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2009:307. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(42943);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2009-3736\");\n script_bugtraq_id(37128);\n script_xref(name:\"MDVSA\", value:\"2009:307-1\");\n\n script_name(english:\"Mandriva Linux Security Advisory : libtool (MDVSA-2009:307-1)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A vulnerability was discovered and corrected in libtool :\n\nAll versions of libtool prior to 2.2.6b suffers from a local privilege\nescalation vulnerability that could be exploited under certain\nconditions to load arbitrary code (CVE-2009-3736).\n\nThis advisory fixes this issue. Additionally, all applications\nembedding the libtool code were patched in order to avoid possible\nfuture exploitations of this issue.\n\nUpdate :\n\nPackages for 2008.0 are provided for Corporate Desktop 2008.0\ncustomers\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:arts\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:gcc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:gcc-c++\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:gcc-cpp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:gcc-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:gcc-doc-pdf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:gcc-gfortran\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:gcc-gnat\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:gcc-java\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:gcc-objc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:gcc-objc++\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:gcj-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:heartbeat\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:heartbeat-ldirectord\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:heartbeat-pils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:heartbeat-stonith\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:imagemagick\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:imagemagick-desktop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:imagemagick-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64arts1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64arts1-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64gcj-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64gcj-static-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64gcj8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64heartbeat-apphb0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64heartbeat-pils1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64heartbeat-pils1-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64heartbeat-stonith1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64heartbeat-stonith1-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64heartbeat1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64heartbeat1-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64ltdl3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64ltdl3-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64magick10.7.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64magick10.7.0-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64prelude-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64prelude-static-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64prelude2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64tunepimp-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64tunepimp5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libarts1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libarts1-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libffi-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libffi4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libgcc1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libgcj-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libgcj-static-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libgcj8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libgcj8-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libgcj8-src\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libgfortran2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libgnat1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libgomp-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libgomp1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libheartbeat-apphb0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libheartbeat-pils1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libheartbeat-pils1-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libheartbeat-stonith1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libheartbeat-stonith1-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libheartbeat1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libheartbeat1-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libltdl3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libltdl3-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libmagick10.7.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libmagick10.7.0-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libmudflap-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libmudflap0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libobjc2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libprelude-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libprelude-static-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libprelude2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libstdc++-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libstdc++-static-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libstdc++6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libtool\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libtool-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libtunepimp-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libtunepimp5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:perl-Image-Magick\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:perl-prelude\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:prelude-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:proftpd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:proftpd-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:proftpd-mod_autohost\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:proftpd-mod_ban\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:proftpd-mod_case\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:proftpd-mod_ctrls_admin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:proftpd-mod_gss\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:proftpd-mod_ifsession\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:proftpd-mod_ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:proftpd-mod_load\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:proftpd-mod_quotatab\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:proftpd-mod_quotatab_file\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:proftpd-mod_quotatab_ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:proftpd-mod_quotatab_radius\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:proftpd-mod_quotatab_sql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:proftpd-mod_radius\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:proftpd-mod_ratio\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:proftpd-mod_rewrite\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:proftpd-mod_shaper\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:proftpd-mod_site_misc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:proftpd-mod_sql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:proftpd-mod_sql_mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:proftpd-mod_sql_postgres\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:proftpd-mod_time\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:proftpd-mod_tls\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:proftpd-mod_wrap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:proftpd-mod_wrap_file\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:proftpd-mod_wrap_sql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:python-prelude\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:python-tunepimp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:smalltalk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:tunepimp-plugins\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:tunepimp-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2008.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/12/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/12/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK2008.0\", reference:\"arts-1.5.7-2.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"gcc-4.2.2-3.2mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"gcc-c++-4.2.2-3.2mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"gcc-cpp-4.2.2-3.2mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"gcc-doc-4.2.2-3.2mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"gcc-doc-pdf-4.2.2-3.2mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"gcc-gfortran-4.2.2-3.2mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"gcc-gnat-4.2.2-3.2mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"gcc-java-4.2.2-3.2mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"gcc-objc-4.2.2-3.2mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"gcc-objc++-4.2.2-3.2mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"gcj-tools-4.2.2-3.2mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"heartbeat-2.0.8-4.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"heartbeat-ldirectord-2.0.8-4.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"heartbeat-pils-2.0.8-4.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"heartbeat-stonith-2.0.8-4.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"imagemagick-6.3.2.9-10.5mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"imagemagick-desktop-6.3.2.9-10.5mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"imagemagick-doc-6.3.2.9-10.5mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"x86_64\", reference:\"lib64arts1-1.5.7-2.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"x86_64\", reference:\"lib64arts1-devel-1.5.7-2.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"x86_64\", reference:\"lib64gcj-devel-4.2.2-3.2mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"x86_64\", reference:\"lib64gcj-static-devel-4.2.2-3.2mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"x86_64\", reference:\"lib64gcj8-4.2.2-3.2mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"x86_64\", reference:\"lib64heartbeat-apphb0-2.0.8-4.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"x86_64\", reference:\"lib64heartbeat-pils1-2.0.8-4.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"x86_64\", reference:\"lib64heartbeat-pils1-devel-2.0.8-4.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"x86_64\", reference:\"lib64heartbeat-stonith1-2.0.8-4.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"x86_64\", reference:\"lib64heartbeat-stonith1-devel-2.0.8-4.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"x86_64\", reference:\"lib64heartbeat1-2.0.8-4.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"x86_64\", reference:\"lib64heartbeat1-devel-2.0.8-4.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"x86_64\", reference:\"lib64ltdl3-1.5.22-3.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"x86_64\", reference:\"lib64ltdl3-devel-1.5.22-3.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"x86_64\", reference:\"lib64magick10.7.0-6.3.2.9-10.5mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"x86_64\", reference:\"lib64magick10.7.0-devel-6.3.2.9-10.5mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"x86_64\", reference:\"lib64prelude-devel-0.9.15.2-1.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"x86_64\", reference:\"lib64prelude-static-devel-0.9.15.2-1.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"x86_64\", reference:\"lib64prelude2-0.9.15.2-1.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"x86_64\", reference:\"lib64tunepimp-devel-0.5.3-5.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"x86_64\", reference:\"lib64tunepimp5-0.5.3-5.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"i386\", reference:\"libarts1-1.5.7-2.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"i386\", reference:\"libarts1-devel-1.5.7-2.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"libffi-devel-4.2.2-3.2mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"libffi4-4.2.2-3.2mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"libgcc1-4.2.2-3.2mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"i386\", reference:\"libgcj-devel-4.2.2-3.2mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"i386\", reference:\"libgcj-static-devel-4.2.2-3.2mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"i386\", reference:\"libgcj8-4.2.2-3.2mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"libgcj8-base-4.2.2-3.2mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"libgcj8-src-4.2.2-3.2mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"libgfortran2-4.2.2-3.2mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"libgnat1-4.2.2-3.2mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"libgomp-devel-4.2.2-3.2mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"libgomp1-4.2.2-3.2mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"i386\", reference:\"libheartbeat-apphb0-2.0.8-4.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"i386\", reference:\"libheartbeat-pils1-2.0.8-4.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"i386\", reference:\"libheartbeat-pils1-devel-2.0.8-4.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"i386\", reference:\"libheartbeat-stonith1-2.0.8-4.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"i386\", reference:\"libheartbeat-stonith1-devel-2.0.8-4.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"i386\", reference:\"libheartbeat1-2.0.8-4.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"i386\", reference:\"libheartbeat1-devel-2.0.8-4.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"i386\", reference:\"libltdl3-1.5.22-3.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"i386\", reference:\"libltdl3-devel-1.5.22-3.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"i386\", reference:\"libmagick10.7.0-6.3.2.9-10.5mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"i386\", reference:\"libmagick10.7.0-devel-6.3.2.9-10.5mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"libmudflap-devel-4.2.2-3.2mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"libmudflap0-4.2.2-3.2mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"libobjc2-4.2.2-3.2mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"i386\", reference:\"libprelude-devel-0.9.15.2-1.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"i386\", reference:\"libprelude-static-devel-0.9.15.2-1.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"i386\", reference:\"libprelude2-0.9.15.2-1.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"libstdc++-devel-4.2.2-3.2mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"libstdc++-static-devel-4.2.2-3.2mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"libstdc++6-4.2.2-3.2mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"libtool-1.5.22-3.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"libtool-base-1.5.22-3.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"i386\", reference:\"libtunepimp-devel-0.5.3-5.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"i386\", reference:\"libtunepimp5-0.5.3-5.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"perl-Image-Magick-6.3.2.9-10.5mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"perl-prelude-0.9.15.2-1.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"prelude-tools-0.9.15.2-1.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"proftpd-1.3.2-0.2mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"proftpd-devel-1.3.2-0.2mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"proftpd-mod_autohost-1.3.2-0.2mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"proftpd-mod_ban-1.3.2-0.2mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"proftpd-mod_case-1.3.2-0.2mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"proftpd-mod_ctrls_admin-1.3.2-0.2mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"proftpd-mod_gss-1.3.2-0.2mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"proftpd-mod_ifsession-1.3.2-0.2mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"proftpd-mod_ldap-1.3.2-0.2mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"proftpd-mod_load-1.3.2-0.2mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"proftpd-mod_quotatab-1.3.2-0.2mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"proftpd-mod_quotatab_file-1.3.2-0.2mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"proftpd-mod_quotatab_ldap-1.3.2-0.2mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"proftpd-mod_quotatab_radius-1.3.2-0.2mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"proftpd-mod_quotatab_sql-1.3.2-0.2mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"proftpd-mod_radius-1.3.2-0.2mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"proftpd-mod_ratio-1.3.2-0.2mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"proftpd-mod_rewrite-1.3.2-0.2mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"proftpd-mod_shaper-1.3.2-0.2mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"proftpd-mod_site_misc-1.3.2-0.2mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"proftpd-mod_sql-1.3.2-0.2mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"proftpd-mod_sql_mysql-1.3.2-0.2mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"proftpd-mod_sql_postgres-1.3.2-0.2mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"proftpd-mod_time-1.3.2-0.2mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"proftpd-mod_tls-1.3.2-0.2mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"proftpd-mod_wrap-1.3.2-0.2mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"proftpd-mod_wrap_file-1.3.2-0.2mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"proftpd-mod_wrap_sql-1.3.2-0.2mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"python-prelude-0.9.15.2-1.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"python-tunepimp-0.5.3-5.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"smalltalk-2.3.3-3.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"tunepimp-plugins-0.5.3-5.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"tunepimp-utils-0.5.3-5.1mdv2008.0\", yank:\"mdv\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-12T10:08:25", "description": "This update makes Gnash use the system version of the libltdl library\ninstead of the bundled copy which was vulnerable to CVE-2009-3736. An\nupdate to the system libltdl fixing CVE-2009-3736 was issued on\nDecember 21, 2009.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 25, "published": "2010-07-01T00:00:00", "title": "Fedora 11 : gnash-0.8.6-13.fc11 (2010-1833)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-3736"], "modified": "2010-07-01T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:gnash", "cpe:/o:fedoraproject:fedora:11"], "id": "FEDORA_2010-1833.NASL", "href": "https://www.tenable.com/plugins/nessus/47274", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2010-1833.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(47274);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2009-3736\");\n script_bugtraq_id(37128);\n script_xref(name:\"FEDORA\", value:\"2010-1833\");\n\n script_name(english:\"Fedora 11 : gnash-0.8.6-13.fc11 (2010-1833)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update makes Gnash use the system version of the libltdl library\ninstead of the bundled copy which was vulnerable to CVE-2009-3736. An\nupdate to the system libltdl fixing CVE-2009-3736 was issued on\nDecember 21, 2009.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=537941\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2010-February/035093.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?59666b88\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected gnash package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:gnash\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/02/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/07/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^11([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 11.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC11\", reference:\"gnash-0.8.6-13.fc11\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"gnash\");\n}\n", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-12T10:08:38", "description": "Not sure whether mingw32-libltdl (due to its special nature in being\nfor cross- compilation development for an entirely different system)\nis actually affected by CVE-2009-3736, but this should make sure\neverything is fixed.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 23, "published": "2010-07-01T00:00:00", "title": "Fedora 12 : mingw32-libltdl-1.5.26-20.fc12 (2010-2341)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-3736"], "modified": "2010-07-01T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:12", "p-cpe:/a:fedoraproject:fedora:mingw32-libltdl"], "id": "FEDORA_2010-2341.NASL", "href": "https://www.tenable.com/plugins/nessus/47290", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2010-2341.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(47290);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2009-3736\");\n script_xref(name:\"FEDORA\", value:\"2010-2341\");\n\n script_name(english:\"Fedora 12 : mingw32-libltdl-1.5.26-20.fc12 (2010-2341)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Not sure whether mingw32-libltdl (due to its special nature in being\nfor cross- compilation development for an entirely different system)\nis actually affected by CVE-2009-3736, but this should make sure\neverything is fixed.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=537941\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2010-February/035850.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?503fc40b\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected mingw32-libltdl package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:mingw32-libltdl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:12\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/02/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/07/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^12([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 12.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC12\", reference:\"mingw32-libltdl-1.5.26-20.fc12\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"mingw32-libltdl\");\n}\n", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-12T10:08:38", "description": "This update patches the bundled copy of libltdl library which was\nvulnerable to CVE-2009-3736.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 24, "published": "2010-07-01T00:00:00", "title": "Fedora 11 : esorex-3.7.2-3.fc11 (2010-3314)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-3736"], "modified": "2010-07-01T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:esorex", "cpe:/o:fedoraproject:fedora:11"], "id": "FEDORA_2010-3314.NASL", "href": "https://www.tenable.com/plugins/nessus/47307", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2010-3314.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(47307);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2009-3736\");\n script_xref(name:\"FEDORA\", value:\"2010-3314\");\n\n script_name(english:\"Fedora 11 : esorex-3.7.2-3.fc11 (2010-3314)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update patches the bundled copy of libltdl library which was\nvulnerable to CVE-2009-3736.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=537941\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2010-March/037659.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?43de3fca\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected esorex package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:esorex\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/03/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/07/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^11([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 11.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC11\", reference:\"esorex-3.7.2-3.fc11\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"esorex\");\n}\n", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-12T10:08:28", "description": "Fix package so that it uses the system copy of libtool-ltdl, and get\nrid of the ancient embedded copy, which suffers from the vulnerability\nin CVE-2009-3736.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 25, "published": "2010-07-01T00:00:00", "title": "Fedora 12 : gambas-1.0.19-12.fc12 (2010-1872)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-3736"], "modified": "2010-07-01T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:12", "p-cpe:/a:fedoraproject:fedora:gambas"], "id": "FEDORA_2010-1872.NASL", "href": "https://www.tenable.com/plugins/nessus/47280", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2010-1872.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(47280);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2009-3736\");\n script_bugtraq_id(37128);\n script_xref(name:\"FEDORA\", value:\"2010-1872\");\n\n script_name(english:\"Fedora 12 : gambas-1.0.19-12.fc12 (2010-1872)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Fix package so that it uses the system copy of libtool-ltdl, and get\nrid of the ancient embedded copy, which suffers from the vulnerability\nin CVE-2009-3736.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=563971\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2010-February/035133.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?7ea907aa\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected gambas package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:gambas\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:12\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/02/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/07/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^12([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 12.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC12\", reference:\"gambas-1.0.19-12.fc12\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"gambas\");\n}\n", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}], "fedora": [{"lastseen": "2020-12-21T08:17:49", "bulletinFamily": "unix", "cvelist": ["CVE-2009-3736"], "description": "EsoRex is the ESO Recipe Execution Tool. It can list, configure and execute CPL-based recipes from the command line. One of the features provided by the CPL is the ability to create data-reduction algorithms that run as plugins (dynamic libraries). These are called recipes and are one of the main aspects of the CPL data-reduction development environment. ", "modified": "2010-03-20T03:29:17", "published": "2010-03-20T03:29:17", "id": "FEDORA:ADCEB10FF11", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 12 Update: esorex-3.7.2-5.fc12", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:49", "bulletinFamily": "unix", "cvelist": ["CVE-2009-3736"], "description": "Gnash is capable of reading up to SWF v9 files and opcodes, but primarily supports SWF v7, with better SWF v8 and v9 support under heavy development. Gnash includes initial parser support for SWF v8 and v9. Not all ActionScript 2 classes are implemented yet, but all of the most heavily used ones are. Many ActionScript 2 classes are partially implemented; there is support for all of the commonly used methods of each class. ", "modified": "2010-02-13T00:36:38", "published": "2010-02-13T00:36:38", "id": "FEDORA:E47E810F95B", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 12 Update: gnash-0.8.6-13.fc12", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:49", "bulletinFamily": "unix", "cvelist": ["CVE-2009-3736"], "description": "EsoRex is the ESO Recipe Execution Tool. It can list, configure and execute CPL-based recipes from the command line. One of the features provided by the CPL is the ability to create data-reduction algorithms that run as plugins (dynamic libraries). These are called recipes and are one of the main aspects of the CPL data-reduction development environment. ", "modified": "2010-03-10T06:54:45", "published": "2010-03-10T06:54:45", "id": "FEDORA:9D8D511101D", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 13 Update: esorex-3.7.2-6.fc13", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:49", "bulletinFamily": "unix", "cvelist": ["CVE-2009-3736"], "description": "GNU Libtool is a set of shell scripts which automatically configure UNIX and UNIX-like systems to generically build shared libraries. Libtool provides a consistent, portable interface which simplifies the process of using shared libraries. If you are developing programs which will use shared libraries, but do not use the rest of the GNU Autotools (such as GNU Autoconf and GNU Automake), you should install the libtool package. The libtool package also includes all files needed to integrate the GNU Portable Library Tool (libtool) and the GNU Libtool Dynamic Module Loader (ltdl) into a package built using the GNU Autotools (including GNU Autoconf and GNU Automake). ", "modified": "2009-12-29T18:59:08", "published": "2009-12-29T18:59:08", "id": "FEDORA:930BD10F878", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 12 Update: libtool-2.2.6-17.fc12", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:49", "bulletinFamily": "unix", "cvelist": ["CVE-2009-3736"], "description": "Gnash is capable of reading up to SWF v9 files and opcodes, but primarily supports SWF v7, with better SWF v8 and v9 support under heavy development. Gnash includes initial parser support for SWF v8 and v9. Not all ActionScript 2 classes are implemented yet, but all of the most heavily used ones are. Many ActionScript 2 classes are partially implemented; there is support for all of the commonly used methods of each class. ", "modified": "2010-02-13T00:39:09", "published": "2010-02-13T00:39:09", "id": "FEDORA:ED4B510FE1E", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 11 Update: gnash-0.8.6-13.fc11", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:50", "bulletinFamily": "unix", "cvelist": ["CVE-2009-3736"], "description": "Q is a powerful and extensible functional programming language based on the term rewriting calculus. You specify an arbitrary system of equations which the interpreter uses as rewrite rules to reduce expressions to normal form. Q is useful for scientific programming and other advanced applications, and also as a sophisticated kind of desktop calculator. The distribution includes the Q programming tools, a standard library, add-on modules for interfacing to Curl, GNU dbm, ODBC, GNU Octave, ImageMagick, Tcl/Tk, XML/XSLT and an Emacs mode. ", "modified": "2011-03-03T08:39:55", "published": "2011-03-03T08:39:55", "id": "FEDORA:12EED10F9CB", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 14 Update: q-7.11-8.fc14", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:50", "bulletinFamily": "unix", "cvelist": ["CVE-2009-3736"], "description": "Hamlib provides a standardised programming interface that applications can use to send the appropriate commands to a radio. Also included in the package is a simple radio control program 'rigctl', which lets one control a radio transceiver or receiver, either from command line interface or in a text-oriented interactive interface. ", "modified": "2010-04-03T04:48:25", "published": "2010-04-03T04:48:25", "id": "FEDORA:C1D5D1108AB", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 11 Update: hamlib-1.2.8-4.fc11", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:49", "bulletinFamily": "unix", "cvelist": ["CVE-2009-3736"], "description": "The mingw32-libltdl package contains the GNU Libtool Dynamic Module Loader, a library that provides a consistent, portable interface which simplifies the process of using dynamic modules, for the mingw32 cross compilation environment. These runtime libraries are needed by programs that link directly to the system-installed ltdl libraries; they are not needed by software built using the rest of the GNU Autotools (including GNU Autoconf and GNU Automake). ", "modified": "2010-02-26T03:40:29", "published": "2010-02-26T03:40:29", "id": "FEDORA:7900910F8A5", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 11 Update: mingw32-libltdl-1.5.26-17.fc11", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:50", "bulletinFamily": "unix", "cvelist": ["CVE-2009-3736"], "description": "Libprelude is a library that guarantees secure connections between all sensors and the Prelude Manager. Libprelude provides an Application Programming Interface (API) for the communication with Prelude sub-systems, it supplies the necessary functionality for generating and emitting IDMEF events with Prelude and automates the saving and re-transmission of data in times of temporary interruption of one of the components of the system. ", "modified": "2010-05-26T21:44:12", "published": "2010-05-26T21:44:12", "id": "FEDORA:17DDB1114C9", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 12 Update: libprelude-0.9.24.1-2.fc12", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:50", "bulletinFamily": "unix", "cvelist": ["CVE-2009-3736"], "description": "Hamlib provides a standardised programming interface that applications can use to send the appropriate commands to a radio. Also included in the package is a simple radio control program 'rigctl', which lets one control a radio transceiver or receiver, either from command line interface or in a text-oriented interactive interface. ", "modified": "2010-04-03T04:47:10", "published": "2010-04-03T04:47:10", "id": "FEDORA:B982610FA73", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 12 Update: hamlib-1.2.10-2.fc12", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}], "oraclelinux": [{"lastseen": "2019-05-29T18:39:17", "bulletinFamily": "unix", "cvelist": ["CVE-2009-3736"], "description": "[4.1.2-46.el5_4.2]\n- fix libjava to avoid opening *.la/dlopening *.so files from current\n working directory or subdirectories thereof (#545672, CVE-2009-3736)", "edition": 4, "modified": "2010-01-13T00:00:00", "published": "2010-01-13T00:00:00", "id": "ELSA-2010-0039", "href": "http://linux.oracle.com/errata/ELSA-2010-0039.html", "title": "gcc and gcc4 security update", "type": "oraclelinux", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:38:26", "bulletinFamily": "unix", "cvelist": ["CVE-2009-3736"], "description": "[1.5.22-7]\n- add fix for CVE-2009-3736,\n libltdl may load and execute code from a library in the current directory", "edition": 4, "modified": "2009-12-08T00:00:00", "published": "2009-12-08T00:00:00", "id": "ELSA-2009-1646", "href": "http://linux.oracle.com/errata/ELSA-2009-1646.html", "title": "libtool security update", "type": "oraclelinux", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}], "centos": [{"lastseen": "2020-07-17T03:28:21", "bulletinFamily": "unix", "cvelist": ["CVE-2009-3736"], "description": "**CentOS Errata and Security Advisory** CESA-2009:1646\n\n\nGNU Libtool is a set of shell scripts which automatically configure UNIX,\nLinux, and similar operating systems to generically build shared libraries.\n\nA flaw was found in the way GNU Libtool's libltdl library looked for\nmodules to load. It was possible for libltdl to load and run modules from\nan arbitrary library in the current working directory. If a local attacker\ncould trick a local user into running an application (which uses libltdl)\nfrom an attacker-controlled directory containing a malicious Libtool\ncontrol file (.la), the attacker could possibly execute arbitrary code with\nthe privileges of the user running the application. (CVE-2009-3736)\n\nAll libtool users should upgrade to these updated packages, which contain\na backported patch to correct this issue. After installing the updated\npackages, applications using the libltdl library must be restarted for the\nupdate to take effect.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2009-December/028392.html\nhttp://lists.centos.org/pipermail/centos-announce/2009-December/028393.html\nhttp://lists.centos.org/pipermail/centos-announce/2009-December/028396.html\nhttp://lists.centos.org/pipermail/centos-announce/2009-December/028397.html\nhttp://lists.centos.org/pipermail/centos-announce/2009-December/028420.html\nhttp://lists.centos.org/pipermail/centos-announce/2009-December/028421.html\n\n**Affected packages:**\nlibtool\nlibtool-libs\nlibtool-ltdl\nlibtool-ltdl-devel\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2009-1646.html", "edition": 6, "modified": "2009-12-18T01:40:41", "published": "2009-12-08T22:18:58", "href": "http://lists.centos.org/pipermail/centos-announce/2009-December/028392.html", "id": "CESA-2009:1646", "title": "libtool security update", "type": "centos", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}], "seebug": [{"lastseen": "2017-11-19T18:27:53", "description": "BUGTRAQ ID: 37128\r\nCVE ID: CVE-2009-3736\r\n\r\nGNU libtool\u662f\u4e00\u4e2a\u901a\u7528\u5e93\u652f\u6301\u811a\u672c\uff0c\u5c06\u4f7f\u7528\u52a8\u6001\u5e93\u7684\u590d\u6742\u6027\u9690\u85cf\u5728\u7edf\u4e00\u3001\u53ef\u79fb\u690d\u7684\u63a5\u53e3\u4e2d\u3002\r\n\r\nGNU Libtool\u7684libltdl\u5e93\u4e2d\u7684ltdl.c\u6587\u4ef6\u5c06\u5f53\u524d\u5de5\u4f5c\u76ee\u5f55\u7528\u4f5c\u4e86\u5e93\u7684\u641c\u7d22\u8def\u5f84\uff0c\u5982\u679c\u653b\u51fb\u8005\u521b\u5efa\u4e86\u6076\u610f\u7684\u5171\u4eab\u5bf9\u8c61\u6216.la\u6587\u4ef6\u5e76\u8bf1\u9a97\u7528\u6237\u4f7f\u7528\u540c\u4e00\u76ee\u5f55\u4e2d\u7684libtool\u5e93\u6267\u884c\u5e94\u7528\u7a0b\u5e8f\uff0c\u5c31\u4f1a\u5bfc\u81f4\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002\n\nGNU libtool 2.2.6\r\nGNU libtool 1.5.x\n\u5382\u5546\u8865\u4e01\uff1a\r\n\r\nGNU\r\n---\r\n\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u8fd9\u4e2a\u5b89\u5168\u95ee\u9898\uff0c\u8bf7\u5230\u5382\u5546\u7684\u4e3b\u9875\u4e0b\u8f7d\uff1a\r\n\r\nhttp://lists.gnu.org/archive/html/libtool/2009-11/msg00059.html", "published": "2009-12-02T00:00:00", "type": "seebug", "title": "GNU Libtool libltdl\u5e93\u641c\u7d22\u8def\u5f84\u672c\u5730\u6743\u9650\u63d0\u5347\u6f0f\u6d1e", "bulletinFamily": "exploit", "cvelist": ["CVE-2009-3736"], "modified": "2009-12-02T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-15008", "id": "SSV:15008", "sourceData": "\n https://bugzilla.redhat.com/attachment.cgi?id=372311\n ", "sourceHref": "https://www.seebug.org/vuldb/ssvid-15008", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "debian": [{"lastseen": "2020-11-11T13:24:24", "bulletinFamily": "unix", "cvelist": ["CVE-2009-3736"], "description": "- ------------------------------------------------------------------------\nDebian Security Advisory DSA-1958-1 security@debian.org\nhttp://www.debian.org/security/ Raphael Geissert\nDecember 29, 2009 http://www.debian.org/security/faq\n- ------------------------------------------------------------------------\n\nPackage : libtool\nVulnerability : privilege escalation\nProblem type : local\nDebian-specific: no\nCVE Id(s) : CVE-2009-3736\n\nIt was discovered that ltdl, a system-independent dlopen wrapper for\nGNU libtool, can be tricked to load and run modules from an arbitrary\ndirectory, which might be used to execute arbitrary code with the\nprivileges of the user running an application that uses libltdl.\n\n\nFor the stable distribution (lenny), this problem has been fixed in\nversion 1.5.26-4+lenny1.\n\nFor the oldstable distribution (etch), this problem has been fixed in\nversion 1.5.22-4+etch1.\n\nFor the testing distribution (squeeze) and unstable distribution (sid),\nthis problem has been fixed in 2.2.6b-1.\n\n\nWe recommend that you upgrade your libtool packages.\n\n\nUpgrade instructions\n- --------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file.\n\nIf you are using the apt-get package manager, use the line for\nsources.list as given below:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration.\n\n\nDebian GNU/Linux 4.0 alias etch\n- -------------------------------\n\nDebian (oldstable)\n- ------------------\n\nOldstable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.\n\nSource archives:\n\n http://security.debian.org/pool/updates/main/libt/libtool/libtool_1.5.22-4+etch1.diff.gz\n Size/MD5 checksum: 15804 5479bf2874720d1a57bc051938939c0a\n http://security.debian.org/pool/updates/main/libt/libtool/libtool_1.5.22.orig.tar.gz\n Size/MD5 checksum: 2921483 8e0ac9797b62ba4dcc8a2fb7936412b0\n http://security.debian.org/pool/updates/main/libt/libtool/libtool_1.5.22-4+etch1.dsc\n Size/MD5 checksum: 791 928acd111c5fef379758412cc69d6955\n\nArchitecture independent packages:\n\n http://security.debian.org/pool/updates/main/libt/libtool/libtool-doc_1.5.22-4+etch1_all.deb\n Size/MD5 checksum: 340218 48ef3b50f8af4b55f95ab0537dedeae9\n\nalpha architecture (DEC Alpha)\n\n http://security.debian.org/pool/updates/main/libt/libtool/libtool_1.5.22-4+etch1_alpha.deb\n Size/MD5 checksum: 328232 c46de180b19450c2842198a034c5b8ba\n http://security.debian.org/pool/updates/main/libt/libtool/libltdl3_1.5.22-4+etch1_alpha.deb\n Size/MD5 checksum: 170758 f1ac388e3c8f479fa2e7acca4e05f484\n http://security.debian.org/pool/updates/main/libt/libtool/libltdl3-dev_1.5.22-4+etch1_alpha.deb\n Size/MD5 checksum: 366952 787b6b0712ad3729077a94177c854c50\n\namd64 architecture (AMD x86_64 (AMD64))\n\n http://security.debian.org/pool/updates/main/libt/libtool/libtool_1.5.22-4+etch1_amd64.deb\n Size/MD5 checksum: 327578 64e861399087ac313e9112633e320db0\n http://security.debian.org/pool/updates/main/libt/libtool/libltdl3-dev_1.5.22-4+etch1_amd64.deb\n Size/MD5 checksum: 362486 0cd43dfdfac787ae4f03c99d316ee21c\n http://security.debian.org/pool/updates/main/libt/libtool/libltdl3_1.5.22-4+etch1_amd64.deb\n Size/MD5 checksum: 169952 2383913d7e69ab07a030ed0402e32683\n\narm architecture (ARM)\n\n http://security.debian.org/pool/updates/main/libt/libtool/libtool_1.5.22-4+etch1_arm.deb\n Size/MD5 checksum: 329532 1e77e291f168cd28edbe30017ea7b822\n http://security.debian.org/pool/updates/main/libt/libtool/libltdl3-dev_1.5.22-4+etch1_arm.deb\n Size/MD5 checksum: 362006 aeeccab2b130622286ff22a62bbb67f6\n http://security.debian.org/pool/updates/main/libt/libtool/libltdl3_1.5.22-4+etch1_arm.deb\n Size/MD5 checksum: 168932 227df6a702975694b4824277e39397f7\n\nhppa architecture (HP PA RISC)\n\n http://security.debian.org/pool/updates/main/libt/libtool/libltdl3_1.5.22-4+etch1_hppa.deb\n Size/MD5 checksum: 171194 547d0ef8dcad18bf6bcf879bee76618e\n http://security.debian.org/pool/updates/main/libt/libtool/libltdl3-dev_1.5.22-4+etch1_hppa.deb\n Size/MD5 checksum: 365948 720bb673659bca908c80a87115ced3b3\n http://security.debian.org/pool/updates/main/libt/libtool/libtool_1.5.22-4+etch1_hppa.deb\n Size/MD5 checksum: 329352 f6201f75e7a6c6571c60f8ea54da9513\n\ni386 architecture (Intel ia32)\n\n http://security.debian.org/pool/updates/main/libt/libtool/libltdl3_1.5.22-4+etch1_i386.deb\n Size/MD5 checksum: 168334 5f0f5afefa54c57ff00a1688b79daaae\n http://security.debian.org/pool/updates/main/libt/libtool/libtool_1.5.22-4+etch1_i386.deb\n Size/MD5 checksum: 327562 2f3cf778e937d324b2082286ac531915\n http://security.debian.org/pool/updates/main/libt/libtool/libltdl3-dev_1.5.22-4+etch1_i386.deb\n Size/MD5 checksum: 361676 ff14fcaece7267e5af27ebf077caf5ea\n\nia64 architecture (Intel ia64)\n\n http://security.debian.org/pool/updates/main/libt/libtool/libltdl3_1.5.22-4+etch1_ia64.deb\n Size/MD5 checksum: 175104 112a54f534e23a3880131c458e957306\n http://security.debian.org/pool/updates/main/libt/libtool/libltdl3-dev_1.5.22-4+etch1_ia64.deb\n Size/MD5 checksum: 369056 b6f2318d1cd51e9faec4c8802cc0de71\n http://security.debian.org/pool/updates/main/libt/libtool/libtool_1.5.22-4+etch1_ia64.deb\n Size/MD5 checksum: 328294 abcb9fe2b00b48274f4e9de0fd27ed50\n\nmips architecture (MIPS (Big Endian))\n\n http://security.debian.org/pool/updates/main/libt/libtool/libltdl3-dev_1.5.22-4+etch1_mips.deb\n Size/MD5 checksum: 364572 ae6c61c8422bf908dc9b5f18fff01e67\n http://security.debian.org/pool/updates/main/libt/libtool/libltdl3_1.5.22-4+etch1_mips.deb\n Size/MD5 checksum: 169100 5243a37ce072d6187ea1e34cbf7e6fbf\n http://security.debian.org/pool/updates/main/libt/libtool/libtool_1.5.22-4+etch1_mips.deb\n Size/MD5 checksum: 328044 378a35600bd73d5e426e5c832f207ac2\n\nmipsel architecture (MIPS (Little Endian))\n\n http://security.debian.org/pool/updates/main/libt/libtool/libltdl3-dev_1.5.22-4+etch1_mipsel.deb\n Size/MD5 checksum: 364580 79b7a9f63df6e20bfd7746e3ae793ea8\n http://security.debian.org/pool/updates/main/libt/libtool/libltdl3_1.5.22-4+etch1_mipsel.deb\n Size/MD5 checksum: 169202 fa3945f2bab5771aeffbef127cc45611\n http://security.debian.org/pool/updates/main/libt/libtool/libtool_1.5.22-4+etch1_mipsel.deb\n Size/MD5 checksum: 328066 a0057c854f9eb9c446e562a3e5709c4b\n\npowerpc architecture (PowerPC)\n\n http://security.debian.org/pool/updates/main/libt/libtool/libltdl3_1.5.22-4+etch1_powerpc.deb\n Size/MD5 checksum: 171152 f13fa1eac3ff685260e23ff0c2420233\n http://security.debian.org/pool/updates/main/libt/libtool/libltdl3-dev_1.5.22-4+etch1_powerpc.deb\n Size/MD5 checksum: 365566 6c159f990d8dc9accbe19467d051dde8\n http://security.debian.org/pool/updates/main/libt/libtool/libtool_1.5.22-4+etch1_powerpc.deb\n Size/MD5 checksum: 330962 f9f24a31ad1f58bf59ec28c9575935c0\n\ns390 architecture (IBM S/390)\n\n http://security.debian.org/pool/updates/main/libt/libtool/libtool_1.5.22-4+etch1_s390.deb\n Size/MD5 checksum: 328270 c4b08dee489f328b19ad516dee216962\n http://security.debian.org/pool/updates/main/libt/libtool/libltdl3-dev_1.5.22-4+etch1_s390.deb\n Size/MD5 checksum: 362352 8ee935bdbbb1f4c95f57825ee86f616c\n http://security.debian.org/pool/updates/main/libt/libtool/libltdl3_1.5.22-4+etch1_s390.deb\n Size/MD5 checksum: 170398 590304f4913f49222d11fabe32332555\n\nsparc architecture (Sun SPARC/UltraSPARC)\n\n http://security.debian.org/pool/updates/main/libt/libtool/libltdl3-dev_1.5.22-4+etch1_sparc.deb\n Size/MD5 checksum: 363224 aeb1e4d3251979e6a55177c3366850ad\n http://security.debian.org/pool/updates/main/libt/libtool/libltdl3_1.5.22-4+etch1_sparc.deb\n Size/MD5 checksum: 168816 8fe6d60b06d6de10f7960aca438df40a\n http://security.debian.org/pool/updates/main/libt/libtool/libtool_1.5.22-4+etch1_sparc.deb\n Size/MD5 checksum: 329702 074ff3128d67b1717b3a1ccd0d70a970\n\n\nDebian GNU/Linux 5.0 alias lenny\n- --------------------------------\n\nDebian (stable)\n- ---------------\n\nStable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.\n\nSource archives:\n\n http://security.debian.org/pool/updates/main/libt/libtool/libtool_1.5.26-4+lenny1.diff.gz\n Size/MD5 checksum: 15298 7895536891fe733289193346f1211b1f\n http://security.debian.org/pool/updates/main/libt/libtool/libtool_1.5.26-4+lenny1.dsc\n Size/MD5 checksum: 1158 2c0110d02430920cefe418c00b08e5a3\n http://security.debian.org/pool/updates/main/libt/libtool/libtool_1.5.26.orig.tar.gz\n Size/MD5 checksum: 2961939 aa9c5107f3ec9ef4200eb6556f3b3c29\n\nArchitecture independent packages:\n\n http://security.debian.org/pool/updates/main/libt/libtool/libtool-doc_1.5.26-4+lenny1_all.deb\n Size/MD5 checksum: 353398 00fdb1c5aacbe2bfd76e974072cecd92\n\nalpha architecture (DEC Alpha)\n\n http://security.debian.org/pool/updates/main/libt/libtool/libtool_1.5.26-4+lenny1_alpha.deb\n Size/MD5 checksum: 340108 3d99e043fd16ae4af9acd16efc1fff26\n http://security.debian.org/pool/updates/main/libt/libtool/libltdl3_1.5.26-4+lenny1_alpha.deb\n Size/MD5 checksum: 180254 2030953d25d5b7fa12f536c76d4546e5\n http://security.debian.org/pool/updates/main/libt/libtool/libltdl3-dev_1.5.26-4+lenny1_alpha.deb\n Size/MD5 checksum: 377734 ded6b77079273f704065f9f6475da4c7\n\namd64 architecture (AMD x86_64 (AMD64))\n\n http://security.debian.org/pool/updates/main/libt/libtool/libtool_1.5.26-4+lenny1_amd64.deb\n Size/MD5 checksum: 342324 024dd362d4fc2f38f3b81494164bd4c0\n http://security.debian.org/pool/updates/main/libt/libtool/libltdl3_1.5.26-4+lenny1_amd64.deb\n Size/MD5 checksum: 179612 11d74a42ceb86748828417ecb82ca661\n http://security.debian.org/pool/updates/main/libt/libtool/libltdl3-dev_1.5.26-4+lenny1_amd64.deb\n Size/MD5 checksum: 368974 740e2aba77ce0401161317cecea761b4\n\narm architecture (ARM)\n\n http://security.debian.org/pool/updates/main/libt/libtool/libtool_1.5.26-4+lenny1_arm.deb\n Size/MD5 checksum: 341736 e5fe5c3ffa5d5de1b073bb91eac8a8b0\n http://security.debian.org/pool/updates/main/libt/libtool/libltdl3_1.5.26-4+lenny1_arm.deb\n Size/MD5 checksum: 178324 327d37b6946885a0aa06b7d36d2366ce\n http://security.debian.org/pool/updates/main/libt/libtool/libltdl3-dev_1.5.26-4+lenny1_arm.deb\n Size/MD5 checksum: 371700 afd48c2330e97b428a66bff30df8dcb8\n\narmel architecture (ARM EABI)\n\n http://security.debian.org/pool/updates/main/libt/libtool/libtool_1.5.26-4+lenny1_armel.deb\n Size/MD5 checksum: 341552 f33f24ea711ad50d8272905b008fa07b\n http://security.debian.org/pool/updates/main/libt/libtool/libltdl3_1.5.26-4+lenny1_armel.deb\n Size/MD5 checksum: 178428 037eaffb7d97ac009f3e4f47f4084c8e\n http://security.debian.org/pool/updates/main/libt/libtool/libltdl3-dev_1.5.26-4+lenny1_armel.deb\n Size/MD5 checksum: 372294 e4ebc8b9b39d3408ee7b013f6110a534\n\nhppa architecture (HP PA RISC)\n\n http://security.debian.org/pool/updates/main/libt/libtool/libtool_1.5.26-4+lenny1_hppa.deb\n Size/MD5 checksum: 342994 78b16e97b4f6d5ee535f5a9849d060b2\n http://security.debian.org/pool/updates/main/libt/libtool/libltdl3_1.5.26-4+lenny1_hppa.deb\n Size/MD5 checksum: 180100 f2118a5317c1523f2edf902492f11c38\n http://security.debian.org/pool/updates/main/libt/libtool/libltdl3-dev_1.5.26-4+lenny1_hppa.deb\n Size/MD5 checksum: 376492 37816a937fed1aa3e5c8a9d1bda2da26\n\ni386 architecture (Intel ia32)\n\n http://security.debian.org/pool/updates/main/libt/libtool/libltdl3-dev_1.5.26-4+lenny1_i386.deb\n Size/MD5 checksum: 371688 296a45a98910fbf8210ebdddd7a32d3d\n http://security.debian.org/pool/updates/main/libt/libtool/libltdl3_1.5.26-4+lenny1_i386.deb\n Size/MD5 checksum: 177256 d719aec237df6bc5b8d750dec91cbef2\n http://security.debian.org/pool/updates/main/libt/libtool/libtool_1.5.26-4+lenny1_i386.deb\n Size/MD5 checksum: 340266 56f624655ef5e058047a9f371260b70d\n\nia64 architecture (Intel ia64)\n\n http://security.debian.org/pool/updates/main/libt/libtool/libtool_1.5.26-4+lenny1_ia64.deb\n Size/MD5 checksum: 340338 c824369bbc99fd250112c9b19166e3b8\n http://security.debian.org/pool/updates/main/libt/libtool/libltdl3-dev_1.5.26-4+lenny1_ia64.deb\n Size/MD5 checksum: 379582 69b5eee78005d15b7b401d27c5f1d1f0\n http://security.debian.org/pool/updates/main/libt/libtool/libltdl3_1.5.26-4+lenny1_ia64.deb\n Size/MD5 checksum: 184492 97c04d77404888003be057d64318a4b4\n\nmips architecture (MIPS (Big Endian))\n\n http://security.debian.org/pool/updates/main/libt/libtool/libtool_1.5.26-4+lenny1_mips.deb\n Size/MD5 checksum: 340324 13cec80a9732f7ebe1a4b9b1c3437676\n http://security.debian.org/pool/updates/main/libt/libtool/libltdl3_1.5.26-4+lenny1_mips.deb\n Size/MD5 checksum: 178136 8c14238558d3712f1ba13ccdf832b6e7\n http://security.debian.org/pool/updates/main/libt/libtool/libltdl3-dev_1.5.26-4+lenny1_mips.deb\n Size/MD5 checksum: 374582 e34e1dce0adbe82708cf1414b18b9ee8\n\nmipsel architecture (MIPS (Little Endian))\n\n http://security.debian.org/pool/updates/main/libt/libtool/libltdl3-dev_1.5.26-4+lenny1_mipsel.deb\n Size/MD5 checksum: 374506 0433b8b68f5cf7eaf4011bd27afc200a\n http://security.debian.org/pool/updates/main/libt/libtool/libtool_1.5.26-4+lenny1_mipsel.deb\n Size/MD5 checksum: 340308 b80fa5af20cb7d42cae3387bc2637bfa\n http://security.debian.org/pool/updates/main/libt/libtool/libltdl3_1.5.26-4+lenny1_mipsel.deb\n Size/MD5 checksum: 178204 e3936e2dbe0eb3634b0ea82032b38711\n\npowerpc architecture (PowerPC)\n\n http://security.debian.org/pool/updates/main/libt/libtool/libltdl3-dev_1.5.26-4+lenny1_powerpc.deb\n Size/MD5 checksum: 375240 e62c37f7f3a4768d50273f048f38f4fc\n http://security.debian.org/pool/updates/main/libt/libtool/libltdl3_1.5.26-4+lenny1_powerpc.deb\n Size/MD5 checksum: 180654 d3cd620555224ae9ad381f01f097556f\n http://security.debian.org/pool/updates/main/libt/libtool/libtool_1.5.26-4+lenny1_powerpc.deb\n Size/MD5 checksum: 343366 2b09e0d1c5ede965df7cccafb58bb8b8\n\ns390 architecture (IBM S/390)\n\n http://security.debian.org/pool/updates/main/libt/libtool/libltdl3_1.5.26-4+lenny1_s390.deb\n Size/MD5 checksum: 179634 7e19a9d6985c0f3d7769a6b29ea948ac\n http://security.debian.org/pool/updates/main/libt/libtool/libtool_1.5.26-4+lenny1_s390.deb\n Size/MD5 checksum: 340302 5b26c4c3cf96ef1f129cdf28af8f6c46\n http://security.debian.org/pool/updates/main/libt/libtool/libltdl3-dev_1.5.26-4+lenny1_s390.deb\n Size/MD5 checksum: 372154 797787dcf36fb7a820f8d70da82a5e56\n\nsparc architecture (Sun SPARC/UltraSPARC)\n\n http://security.debian.org/pool/updates/main/libt/libtool/libltdl3_1.5.26-4+lenny1_sparc.deb\n Size/MD5 checksum: 177310 0d3bb2aebb71f94eb90b2e098efa3dfc\n http://security.debian.org/pool/updates/main/libt/libtool/libltdl3-dev_1.5.26-4+lenny1_sparc.deb\n Size/MD5 checksum: 373190 e87271026a1b94f47e1e9bda5a74a6d7\n http://security.debian.org/pool/updates/main/libt/libtool/libtool_1.5.26-4+lenny1_sparc.deb\n Size/MD5 checksum: 341944 9ae772fd5ac03c0552221c744ad3a969\n\n\n These files will probably be moved into the stable distribution on\n its next update.\n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>\n", "edition": 3, "modified": "2009-12-29T17:27:23", "published": "2009-12-29T17:27:23", "id": "DEBIAN:DSA-1958-1:EC006", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2009/msg00287.html", "title": "[SECURITY] [DSA 1958-1] New libtool packages fix privilege escalation", "type": "debian", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}], "redhat": [{"lastseen": "2019-08-13T18:45:56", "bulletinFamily": "unix", "cvelist": ["CVE-2009-3736"], "description": "The gcc and gcc4 packages include, among others, C, C++, and Java GNU\ncompilers and related support libraries. libgcj contains a copy of GNU\nLibtool's libltdl library.\n\nA flaw was found in the way GNU Libtool's libltdl library looked for\nlibraries to load. It was possible for libltdl to load a malicious library\nfrom the current working directory. In certain configurations, if a local\nattacker is able to trick a local user into running a Java application\n(which uses a function to load native libraries, such as\nSystem.loadLibrary) from within an attacker-controlled directory containing\na malicious library or module, the attacker could possibly execute\narbitrary code with the privileges of the user running the Java\napplication. (CVE-2009-3736)\n\nAll gcc and gcc4 users should upgrade to these updated packages, which\ncontain a backported patch to correct this issue. All running Java\napplications using libgcj must be restarted for this update to take effect.", "modified": "2018-05-26T04:26:17", "published": "2010-01-13T05:00:00", "id": "RHSA-2010:0039", "href": "https://access.redhat.com/errata/RHSA-2010:0039", "type": "redhat", "title": "(RHSA-2010:0039) Moderate: gcc and gcc4 security update", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}]}