Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.SUSE_11_3_LIBWEBKIT-100723.NASL
HistoryJun 13, 2014 - 12:00 a.m.

openSUSE Security Update : libwebkit (openSUSE-SU-2010:0458-1)

2014-06-1300:00:00
This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
13
JSON

The libwebkit browser engine version 1.2.3 fixes several security relevant bugs

(CVE-2010-1386, CVE-2010-1392, CVE-2010-1405, CVE-2010-1407, CVE-2010-1416, CVE-2010-1417, CVE-2010-1665, CVE-2010-1418, CVE-2010-1421, CVE-2010-1422, CVE-2010-1501, CVE-2010-1767, CVE-2010-1664, CVE-2010-1758, CVE-2010-1759, CVE-2010-1760, CVE-2010-1761, CVE-2010-1762, CVE-2010-1770, CVE-2010-1771, CVE-2010-1772, CVE-2010-1773, CVE-2010-1774)

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from openSUSE Security Update libwebkit-2806.
#
# The text description of this plugin is (C) SUSE LLC.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(75627);
  script_version("1.9");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/14");

  script_cve_id("CVE-2010-1386", "CVE-2010-1392", "CVE-2010-1405", "CVE-2010-1407", "CVE-2010-1416", "CVE-2010-1417", "CVE-2010-1418", "CVE-2010-1421", "CVE-2010-1422", "CVE-2010-1664", "CVE-2010-1665", "CVE-2010-1758", "CVE-2010-1759", "CVE-2010-1760", "CVE-2010-1761", "CVE-2010-1762", "CVE-2010-1767", "CVE-2010-1770", "CVE-2010-1771", "CVE-2010-1772", "CVE-2010-1773", "CVE-2010-1774");

  script_name(english:"openSUSE Security Update : libwebkit (openSUSE-SU-2010:0458-1)");
  script_summary(english:"Check for the libwebkit-2806 patch");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote openSUSE host is missing a security update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"The libwebkit browser engine version 1.2.3 fixes several security
relevant bugs

(CVE-2010-1386, CVE-2010-1392, CVE-2010-1405, CVE-2010-1407,
CVE-2010-1416, CVE-2010-1417, CVE-2010-1665, CVE-2010-1418,
CVE-2010-1421, CVE-2010-1422, CVE-2010-1501, CVE-2010-1767,
CVE-2010-1664, CVE-2010-1758, CVE-2010-1759, CVE-2010-1760,
CVE-2010-1761, CVE-2010-1762, CVE-2010-1770, CVE-2010-1771,
CVE-2010-1772, CVE-2010-1773, CVE-2010-1774)"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://cve.mitre.org/cgi-bin/cvename.cgi?name="
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=622994"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://lists.opensuse.org/opensuse-updates/2010-08/msg00004.html"
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Update the affected libwebkit packages."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"exploited_by_malware", value:"true");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libwebkit-1_0-2");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libwebkit-1_0-2-32bit");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libwebkit-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libwebkit-lang");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:webkit-jsc");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:11.3");

  script_set_attribute(attribute:"vuln_publication_date", value:"2010/04/23");
  script_set_attribute(attribute:"patch_publication_date", value:"2010/07/23");
  script_set_attribute(attribute:"plugin_publication_date", value:"2014/06/13");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"SuSE Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
if (release !~ "^(SUSE11\.3)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "11.3", release);
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

ourarch = get_kb_item("Host/cpu");
if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);

flag = 0;

if ( rpm_check(release:"SUSE11.3", reference:"libwebkit-1_0-2-1.2.3-0.1.1") ) flag++;
if ( rpm_check(release:"SUSE11.3", reference:"libwebkit-devel-1.2.3-0.1.1") ) flag++;
if ( rpm_check(release:"SUSE11.3", reference:"libwebkit-lang-1.2.3-0.1.1") ) flag++;
if ( rpm_check(release:"SUSE11.3", reference:"webkit-jsc-1.2.3-0.1.1") ) flag++;
if ( rpm_check(release:"SUSE11.3", cpu:"x86_64", reference:"libwebkit-1_0-2-32bit-1.2.3-0.1.1") ) flag++;

if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
  else security_hole(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libwebkit-1_0-2 / libwebkit-1_0-2-32bit / libwebkit-devel / etc");
}
VendorProductVersionCPE
novellopensuselibwebkit-1_0-2p-cpe:/a:novell:opensuse:libwebkit-1_0-2
novellopensuselibwebkit-1_0-2-32bitp-cpe:/a:novell:opensuse:libwebkit-1_0-2-32bit
novellopensuselibwebkit-develp-cpe:/a:novell:opensuse:libwebkit-devel
novellopensuselibwebkit-langp-cpe:/a:novell:opensuse:libwebkit-lang
novellopensusewebkit-jscp-cpe:/a:novell:opensuse:webkit-jsc
novellopensuse11.3cpe:/o:novell:opensuse:11.3

References

Related

nessus 19
openvas 31
freebsd 1
fedora 8
cve 30
prion 30
securityvulns 5
ubuntucve 30
debiancve 27
packetstorm 1
exploitpack 1
seebug 2
checkpoint_advisories 2
zdi 2
threatpost 1
exploitdb 1
nessus
nessus
FreeBSD : webkit-gtk2 -- Multiple vulnerabilities (19419b3b-92bd-11df-b140-0015f2db7bde)
2010-07-19 00:00:00
Fedora 13 : webkitgtk-1.2.4-1.fc13 (2010-14409)
2010-09-16 00:00:00
Fedora 12 : webkitgtk-1.2.4-1.fc12 (2010-14419)
2010-09-21 00:00:00
openvas
openvas
FreeBSD Ports: webkit-gtk2
2010-07-22 00:00:00
FreeBSD Ports: webkit-gtk2
2010-07-22 00:00:00
Fedora Update for webkitgtk FEDORA-2010-14409
2010-09-22 00:00:00
freebsd
freebsd
webkit-gtk2 -- Multiple vulnerabilities
2010-07-16 00:00:00
fedora
fedora
[SECURITY] Fedora 12 Update: webkitgtk-1.2.4-1.fc12
2010-09-21 01:43:18
[SECURITY] Fedora 13 Update: webkitgtk-1.2.4-1.fc13
2010-09-15 05:40:48
[SECURITY] Fedora 13 Update: webkitgtk-1.2.5-1.fc13
2010-10-19 07:21:56
cve
cve
CVE-2010-1501
2010-04-23 14:30:00
CVE-2010-1758
2010-06-11 19:30:00
CVE-2010-1386
2010-08-19 22:00:00
prion
prion
Design/Logic Flaw
2010-04-23 14:30:00
Design/Logic Flaw
2010-06-11 19:30:00
Design/Logic Flaw
2010-08-19 22:00:00
securityvulns
securityvulns
Apple Webkit / Safari / Google Chrome multiple security vulnerabilities
2010-06-11 00:00:00
VUPEN Security Research - Apple Safari WebKit HTML Button Use-after-free Vulnerability (CVE-2010-1392)
2010-06-08 00:00:00
ZDI-10-093: Apple Webkit CSS Charset Text Transformation Remote Code Execution Vulnerability
2010-06-08 00:00:00
ubuntucve
ubuntucve
CVE-2010-1386
2010-08-19 00:00:00
CVE-2010-1422
2010-06-11 00:00:00
CVE-2010-1771
2010-06-11 00:00:00
debiancve
debiancve
CVE-2010-1407
2010-06-22 20:30:00
CVE-2010-1416
2010-06-11 18:00:00
CVE-2010-1422
2010-06-11 18:00:00
packetstorm
packetstorm
Android 2.2 Webkit Normalize
2012-02-02 00:00:00
exploitpack
exploitpack
Webkit Normalize Bug - Android 2.2
2012-02-01 00:00:00
seebug
seebug
Webkit Normalize Bug - Android 2.2
2014-07-01 00:00:00
Webkit normalize bug for android 2.2 (CVE-2010-1759)
2012-02-14 00:00:00
checkpoint_advisories
checkpoint_advisories
Apple Safari Webkit Button First-Letter Style Rendering Code Execution (CVE-2010-1392)
2010-09-20 00:00:00
Apple Safari Webkit CSS Charset Text Transformation Code Execution (CVE-2010-1770)
2010-08-04 00:00:00
zdi
zdi
Apple Webkit Button First-Letter Style Rendering Remote Code Execution Vulnerability
2010-08-11 00:00:00
Apple Webkit CSS Charset Text Transformation Remote Code Execution Vulnerability
2010-06-08 00:00:00
threatpost
threatpost
Apple Plugs 48 Security Holes in Safari Browser
2010-06-08 13:06:29
exploitdb
exploitdb
Webkit Normalize Bug - Android 2.2
2012-02-01 00:00:00
JSON
Related for SUSE_11_3_LIBWEBKIT-100723.NASL
nessus19openvas31freebsd1fedora8cve30prion30securityvulns5ubuntucve30debiancve27packetstorm1exploitpack1seebug2checkpoint_advisories2zdi2threatpost1exploitdb1