SuSE 11.1 Security Update : GnuTLS (SAT Patch Number 6448)

2013-01-25T00:00:00

Description

This update of GnuTLS fixes multiple vulnerabilities : - remote attackers could cause a denial of service (heap memory corruption and application crash) via an issue in the asn1_get_length_der() function. (CVE-2012-1569) - crafted GenericBlockCipher structures allow remote attackers to cause a denial of service (heap memory corruption and application crash). (CVE-2012-1573) - A vulnerability in the DTLS implementation which could allow remote attackers to recover partial plaintext via a timing side-channel attack was fixed. (CVE-2012-0390) In addition, support for customizing the signing function was added.

{"id": "SUSE_11_GNUTLS-120615.NASL", "vendorId": null, "type": "nessus", "bulletinFamily": "scanner", "title": "SuSE 11.1 Security Update : GnuTLS (SAT Patch Number 6448)", "description": "This update of GnuTLS fixes multiple vulnerabilities :\n\n - remote attackers could cause a denial of service (heap memory corruption and application crash) via an issue in the asn1_get_length_der() function. (CVE-2012-1569)\n\n - crafted GenericBlockCipher structures allow remote attackers to cause a denial of service (heap memory corruption and application crash). (CVE-2012-1573)\n\n - A vulnerability in the DTLS implementation which could allow remote attackers to recover partial plaintext via a timing side-channel attack was fixed. (CVE-2012-0390)\n\nIn addition, support for customizing the signing function was added.", "published": "2013-01-25T00:00:00", "modified": "2021-01-19T00:00:00", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "cvss2": {"cvssV2": {"version": "2.0", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "NONE", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0}, "severity": "MEDIUM", "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}, "cvss3": {}, "href": "https://www.tenable.com/plugins/nessus/64152", "reporter": "This script is Copyright (C) 2013-2021 Tenable Network Security, Inc.", "references": ["https://bugzilla.novell.com/show_bug.cgi?id=753301", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1573", "http://support.novell.com/security/cve/CVE-2012-1573.html", "https://bugzilla.novell.com/show_bug.cgi?id=754953", "http://support.novell.com/security/cve/CVE-2012-0390.html", "https://bugzilla.novell.com/show_bug.cgi?id=739898", "https://bugzilla.novell.com/show_bug.cgi?id=754223", "http://support.novell.com/security/cve/CVE-2012-1569.html", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1569", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0390"], "cvelist": ["CVE-2012-0390", "CVE-2012-1569", "CVE-2012-1573"], "immutableFields": [], "lastseen": "2023-02-06T14:14:15", "viewCount": 7, "enchantments": {"dependencies": {"references": [{"type": "amazon", "idList": ["ALAS-2012-059", "ALAS-2012-060"]}, {"type": "centos", "idList": ["CESA-2012:0427", "CESA-2012:0428", "CESA-2012:0429"]}, {"type": "checkpoint_advisories", "idList": ["CPAI-2012-291", "CPAI-2012-292", "CPAI-2012-298"]}, {"type": "cve", "idList": ["CVE-2012-0390", "CVE-2012-1569", "CVE-2012-1573"]}, {"type": "debian", "idList": ["DEBIAN:DSA-2440-1:828AA", "DEBIAN:DSA-2441-1:79B66"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2012-0390", "DEBIANCVE:CVE-2012-1573"]}, {"type": "fedora", "idList": ["FEDORA:10BA3211D0", "FEDORA:274DA20BB0", "FEDORA:47DA822972", "FEDORA:5061E22977", "FEDORA:59B5221550", "FEDORA:67F9F215DA", "FEDORA:A46EC21865", "FEDORA:ABEC520592", "FEDORA:B3AF021136", "FEDORA:B6DC621A4C", "FEDORA:C04F321A4E", "FEDORA:D52E221615", "FEDORA:E6AB020DAB", "FEDORA:F248621418"]}, {"type": "freebsd", "idList": ["2E7E9072-73A0-11E1-A883-001CC0A36E12", "AECEE357-739E-11E1-A883-001CC0A36E12"]}, {"type": "gentoo", "idList": ["GLSA-201206-18", "GLSA-201209-12"]}, {"type": "ibm", "idList": ["24D0B655C5269024B70CAED7F2802E225FC2153CE17A2BEE05568BBD1AF30C6C"]}, {"type": "nessus", "idList": ["ALA_ALAS-2012-59.NASL", "ALA_ALAS-2012-60.NASL", "CENTOS_RHSA-2012-0427.NASL", "CENTOS_RHSA-2012-0428.NASL", "CENTOS_RHSA-2012-0429.NASL", "DEBIAN_DSA-2440.NASL", "DEBIAN_DSA-2441.NASL", "FEDORA_2012-4308.NASL", "FEDORA_2012-4342.NASL", "FEDORA_2012-4357.NASL", "FEDORA_2012-4409.NASL", "FEDORA_2012-4417.NASL", "FEDORA_2012-4451.NASL", "FEDORA_2012-4569.NASL", "FEDORA_2012-4578.NASL", "FREEBSD_PKG_2E7E907273A011E1A883001CC0A36E12.NASL", "FREEBSD_PKG_AECEE357739E11E1A883001CC0A36E12.NASL", "GENTOO_GLSA-201206-18.NASL", "GENTOO_GLSA-201209-12.NASL", "MANDRIVA_MDVSA-2012-039.NASL", "MANDRIVA_MDVSA-2012-040.NASL", "OPENSUSE-2012-121.NASL", "OPENSUSE-2012-277.NASL", "ORACLELINUX_ELSA-2012-0427.NASL", "ORACLELINUX_ELSA-2012-0428.NASL", "ORACLELINUX_ELSA-2012-0429.NASL", "REDHAT-RHSA-2012-0427.NASL", "REDHAT-RHSA-2012-0428.NASL", "REDHAT-RHSA-2012-0429.NASL", "REDHAT-RHSA-2012-0488.NASL", "REDHAT-RHSA-2012-0531.NASL", "SLACKWARE_SSA_2013-287-03.NASL", "SL_20120327_GNUTLS_ON_SL5_X.NASL", "SL_20120327_GNUTLS_ON_SL6_X.NASL", "SL_20120327_LIBTASN1_ON_SL6_X.NASL", "SOLARIS11_GNUTLS_20130619.NASL", "SUSE_11_4_GNUTLS-120217.NASL", "SUSE_GNUTLS-8066.NASL", "UBUNTU_USN-1418-1.NASL", "UBUNTU_USN-1436-1.NASL", "VMWARE_VMSA-2012-0013.NASL", "VMWARE_VMSA-2012-0013_REMOTE.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:103558", "OPENVAS:1361412562310103558", "OPENVAS:1361412562310120418", "OPENVAS:1361412562310120586", "OPENVAS:1361412562310123945", "OPENVAS:1361412562310123946", "OPENVAS:1361412562310123947", "OPENVAS:136141256231071243", "OPENVAS:136141256231071244", "OPENVAS:136141256231071293", "OPENVAS:136141256231071294", "OPENVAS:136141256231071585", "OPENVAS:136141256231072429", "OPENVAS:1361412562310831596", "OPENVAS:1361412562310831635", "OPENVAS:1361412562310840978", "OPENVAS:1361412562310840994", "OPENVAS:1361412562310864107", "OPENVAS:1361412562310864122", "OPENVAS:1361412562310864129", "OPENVAS:1361412562310864134", "OPENVAS:1361412562310864139", "OPENVAS:1361412562310864142", "OPENVAS:1361412562310864155", "OPENVAS:1361412562310864156", "OPENVAS:1361412562310864343", "OPENVAS:1361412562310864362", "OPENVAS:1361412562310864373", "OPENVAS:1361412562310864437", "OPENVAS:1361412562310870579", "OPENVAS:1361412562310870675", "OPENVAS:1361412562310870725", "OPENVAS:1361412562310881171", "OPENVAS:1361412562310881198", "OPENVAS:1361412562310881204", "OPENVAS:71243", "OPENVAS:71244", "OPENVAS:71293", "OPENVAS:71294", "OPENVAS:71585", "OPENVAS:72429", "OPENVAS:831596", "OPENVAS:831635", "OPENVAS:840978", "OPENVAS:840994", "OPENVAS:864107", "OPENVAS:864122", "OPENVAS:864129", "OPENVAS:864134", "OPENVAS:864139", "OPENVAS:864142", "OPENVAS:864155", "OPENVAS:864156", "OPENVAS:864343", "OPENVAS:864362", "OPENVAS:864373", "OPENVAS:864437", "OPENVAS:870579", "OPENVAS:870675", "OPENVAS:870725", "OPENVAS:881171", "OPENVAS:881198", "OPENVAS:881204"]}, {"type": "oraclelinux", "idList": ["ELSA-2012-0427", "ELSA-2012-0428", "ELSA-2012-0429", "ELSA-2014-0596"]}, {"type": "osv", "idList": ["OSV:DSA-2440-1", "OSV:DSA-2441-1"]}, {"type": "redhat", "idList": ["RHSA-2012:0427", "RHSA-2012:0428", "RHSA-2012:0429", "RHSA-2012:0488", "RHSA-2012:0531"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:28080", "SECURITYVULNS:VULN:12381"]}, {"type": "slackware", "idList": ["SSA-2013-287-03"]}, {"type": "suse", "idList": ["SUSE-SU-2014:0320-1"]}, {"type": "ubuntu", "idList": ["USN-1418-1", "USN-1436-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2012-0390", "UB:CVE-2012-1569", "UB:CVE-2012-1573"]}, {"type": "veracode", "idList": ["VERACODE:25007", "VERACODE:25008"]}, {"type": "vmware", "idList": ["VMSA-2012-0013", "VMSA-2012-0013.2"]}]}, "score": {"value": 0.0, "vector": "NONE"}, "backreferences": {"references": [{"type": "amazon", "idList": ["ALAS-2012-060"]}, {"type": "centos", "idList": ["CESA-2012:0427", "CESA-2012:0428", "CESA-2012:0429"]}, {"type": "checkpoint_advisories", "idList": ["CPAI-2012-291"]}, {"type": "cve", "idList": ["CVE-2012-0390", "CVE-2012-1569", "CVE-2012-1573"]}, {"type": "debian", "idList": ["DEBIAN:DSA-2441-1:79B66"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2012-1573"]}, {"type": "fedora", "idList": ["FEDORA:E6AB020DAB"]}, {"type": "freebsd", "idList": ["2E7E9072-73A0-11E1-A883-001CC0A36E12", "AECEE357-739E-11E1-A883-001CC0A36E12"]}, {"type": "gentoo", "idList": ["GLSA-201206-18"]}, {"type": "ibm", "idList": ["24D0B655C5269024B70CAED7F2802E225FC2153CE17A2BEE05568BBD1AF30C6C"]}, {"type": "nessus", "idList": ["OPENSUSE-2012-121.NASL", "SUSE_11_4_GNUTLS-120217.NASL", "VMWARE_VMSA-2012-0013.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310864373", "OPENVAS:831596", "OPENVAS:840994"]}, {"type": "oraclelinux", "idList": ["ELSA-2012-0428"]}, {"type": "redhat", "idList": ["RHSA-2012:0488"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:28080"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2012-1569"]}, {"type": "vmware", "idList": ["VMSA-2012-0013"]}]}, "exploitation": null, "epss": [{"cve": "CVE-2012-0390", "epss": "0.002270000", "percentile": "0.590920000", "modified": "2023-03-13"}, {"cve": "CVE-2012-1569", "epss": "0.948060000", "percentile": "0.987630000", "modified": "2023-03-13"}, {"cve": "CVE-2012-1573", "epss": "0.964880000", "percentile": "0.992670000", "modified": "2023-03-13"}], "vulnersScore": 0.0}, "_state": {"dependencies": 1675693780, "score": 1675693608, "epss": 1678789295}, "_internal": {"score_hash": "4e94c4b602513a0ba716e09bc5009eb8"}, "pluginID": "64152", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from SuSE 11 update information. The text itself is\n# copyright (C) Novell, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(64152);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2012-0390\", \"CVE-2012-1569\", \"CVE-2012-1573\");\n\n script_name(english:\"SuSE 11.1 Security Update : GnuTLS (SAT Patch Number 6448)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 11 host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update of GnuTLS fixes multiple vulnerabilities :\n\n - remote attackers could cause a denial of service (heap\n memory corruption and application crash) via an issue in\n the asn1_get_length_der() function. (CVE-2012-1569)\n\n - crafted GenericBlockCipher structures allow remote\n attackers to cause a denial of service (heap memory\n corruption and application crash). (CVE-2012-1573)\n\n - A vulnerability in the DTLS implementation which could\n allow remote attackers to recover partial plaintext via\n a timing side-channel attack was fixed. (CVE-2012-0390)\n\nIn addition, support for customizing the signing function was added.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=739898\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=753301\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=754223\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=754953\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-0390.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-1569.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-1573.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply SAT patch number 6448.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:gnutls\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:libgnutls-extra26\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:libgnutls26\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:libgnutls26-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/06/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/01/25\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)11\") audit(AUDIT_OS_NOT, \"SuSE 11\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SuSE 11\", cpu);\n\npl = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(pl) || int(pl) != 1) audit(AUDIT_OS_NOT, \"SuSE 11.1\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"gnutls-2.4.1-24.39.39.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"libgnutls26-2.4.1-24.39.39.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"gnutls-2.4.1-24.39.39.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"libgnutls26-2.4.1-24.39.39.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"libgnutls26-32bit-2.4.1-24.39.39.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"gnutls-2.4.1-24.39.39.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"libgnutls-extra26-2.4.1-24.39.39.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"libgnutls26-2.4.1-24.39.39.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"s390x\", reference:\"libgnutls26-32bit-2.4.1-24.39.39.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"x86_64\", reference:\"libgnutls26-32bit-2.4.1-24.39.39.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "naslFamily": "SuSE Local Security Checks", "cpe": ["p-cpe:/a:novell:suse_linux:11:gnutls", "p-cpe:/a:novell:suse_linux:11:libgnutls-extra26", "p-cpe:/a:novell:suse_linux:11:libgnutls26", "p-cpe:/a:novell:suse_linux:11:libgnutls26-32bit", "cpe:/o:novell:suse_linux:11"], "solution": "Apply SAT patch number 6448.", "nessusSeverity": "Medium", "cvssScoreSource": "", "vendor_cvss2": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "vendor_cvss3": {"score": null, "vector": null}, "vpr": {"risk factor": "Medium", "score": "4.4"}, "exploitAvailable": false, "exploitEase": "", "patchPublicationDate": "2012-06-15T00:00:00", "vulnerabilityPublicationDate": null, "exploitableWith": []}

{"nessus": [{"lastseen": "2023-02-06T14:20:03", "description": "This update of GnuTLS fixes multiple vulnerabilities :\n\n - remote attackers could cause a denial of service (heap memory corruption and application crash) via an issue in the asn1_get_length_der() function. (CVE-2012-1569)\n\n - crafted GenericBlockCipher structures allow remote attackers to cause a denial of service (heap memory corruption and application crash). (CVE-2012-1573)\n\n - A vulnerability in the DTLS implementation which could allow remote attackers to recover partial plaintext via a timing side-channel attack was fixed. (CVE-2012-0390)", "cvss3": {}, "published": "2012-07-03T00:00:00", "type": "nessus", "title": "SuSE 10 Security Update : GnuTLS (ZYPP Patch Number 8066)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-0390", "CVE-2012-1569", "CVE-2012-1573"], "modified": "2021-01-19T00:00:00", "cpe": ["cpe:/o:suse:suse_linux"], "id": "SUSE_GNUTLS-8066.NASL", "href": "https://www.tenable.com/plugins/nessus/59829", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(59829);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2012-0390\", \"CVE-2012-1569\", \"CVE-2012-1573\");\n\n script_name(english:\"SuSE 10 Security Update : GnuTLS (ZYPP Patch Number 8066)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 10 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update of GnuTLS fixes multiple vulnerabilities :\n\n - remote attackers could cause a denial of service (heap\n memory corruption and application crash) via an issue in\n the asn1_get_length_der() function. (CVE-2012-1569)\n\n - crafted GenericBlockCipher structures allow remote\n attackers to cause a denial of service (heap memory\n corruption and application crash). (CVE-2012-1573)\n\n - A vulnerability in the DTLS implementation which could\n allow remote attackers to recover partial plaintext via\n a timing side-channel attack was fixed. (CVE-2012-0390)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-0390.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-1569.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-1573.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply ZYPP patch number 8066.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/04/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/07/03\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 10 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED10\", sp:4, reference:\"gnutls-1.2.10-13.30.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:4, reference:\"gnutls-devel-1.2.10-13.30.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:4, cpu:\"x86_64\", reference:\"gnutls-32bit-1.2.10-13.30.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:4, cpu:\"x86_64\", reference:\"gnutls-devel-32bit-1.2.10-13.30.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"gnutls-1.2.10-13.30.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"gnutls-devel-1.2.10-13.30.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, cpu:\"x86_64\", reference:\"gnutls-32bit-1.2.10-13.30.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, cpu:\"x86_64\", reference:\"gnutls-devel-32bit-1.2.10-13.30.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-02-06T14:21:24", "description": "The GnuTLS library provides support for cryptographic algorithms and for protocols such as Transport Layer Security (TLS). GnuTLS includes libtasn1, a library developed for ASN.1 (Abstract Syntax Notation One) structures management that includes DER (Distinguished Encoding Rules) encoding and decoding.\n\nA flaw was found in the way GnuTLS decrypted malformed TLS records.\nThis could cause a TLS/SSL client or server to crash when processing a specially crafted TLS record from a remote TLS/SSL connection peer.\n(CVE-2012-1573)\n\nA flaw was found in the way libtasn1 decoded DER data. An attacker could create a carefully-crafted X.509 certificate that, when parsed by an application that uses GnuTLS, could cause the application to crash. (CVE-2012-1569)\n\nA boundary error was found in the gnutls_session_get_data() function.\nA malicious TLS/SSL server could use this flaw to crash a TLS/SSL client or, possibly, execute arbitrary code as the client, if the client passed a fixed-sized buffer to gnutls_session_get_data() before checking the real size of the session data provided by the server.\n(CVE-2011-4128)\n\nUsers of GnuTLS are advised to upgrade to these updated packages, which contain backported patches to correct these issues. For the update to take effect, all applications linked to the GnuTLS library must be restarted, or the system rebooted.", "cvss3": {}, "published": "2012-08-01T00:00:00", "type": "nessus", "title": "Scientific Linux Security Update : gnutls on SL5.x i386/x86_64 (20120327)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-4128", "CVE-2012-1569", "CVE-2012-1573"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:fermilab:scientific_linux:gnutls", "p-cpe:/a:fermilab:scientific_linux:gnutls-debuginfo", "p-cpe:/a:fermilab:scientific_linux:gnutls-devel", "p-cpe:/a:fermilab:scientific_linux:gnutls-utils", "x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20120327_GNUTLS_ON_SL5_X.NASL", "href": "https://www.tenable.com/plugins/nessus/61290", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(61290);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2011-4128\", \"CVE-2012-1569\", \"CVE-2012-1573\");\n\n script_name(english:\"Scientific Linux Security Update : gnutls on SL5.x i386/x86_64 (20120327)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The GnuTLS library provides support for cryptographic algorithms and\nfor protocols such as Transport Layer Security (TLS). GnuTLS includes\nlibtasn1, a library developed for ASN.1 (Abstract Syntax Notation One)\nstructures management that includes DER (Distinguished Encoding Rules)\nencoding and decoding.\n\nA flaw was found in the way GnuTLS decrypted malformed TLS records.\nThis could cause a TLS/SSL client or server to crash when processing a\nspecially crafted TLS record from a remote TLS/SSL connection peer.\n(CVE-2012-1573)\n\nA flaw was found in the way libtasn1 decoded DER data. An attacker\ncould create a carefully-crafted X.509 certificate that, when parsed\nby an application that uses GnuTLS, could cause the application to\ncrash. (CVE-2012-1569)\n\nA boundary error was found in the gnutls_session_get_data() function.\nA malicious TLS/SSL server could use this flaw to crash a TLS/SSL\nclient or, possibly, execute arbitrary code as the client, if the\nclient passed a fixed-sized buffer to gnutls_session_get_data() before\nchecking the real size of the session data provided by the server.\n(CVE-2011-4128)\n\nUsers of GnuTLS are advised to upgrade to these updated packages,\nwhich contain backported patches to correct these issues. For the\nupdate to take effect, all applications linked to the GnuTLS library\nmust be restarted, or the system rebooted.\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1203&L=scientific-linux-errata&T=0&P=5098\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?4816e1b7\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:gnutls\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:gnutls-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:gnutls-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:gnutls-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/12/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/03/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/08/01\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nos_ver = pregmatch(pattern: \"Scientific Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Scientific Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Scientific Linux 5.x\", \"Scientific Linux \" + os_ver);\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL5\", reference:\"gnutls-1.4.1-7.el5_8.2\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"gnutls-debuginfo-1.4.1-7.el5_8.2\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"gnutls-devel-1.4.1-7.el5_8.2\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"gnutls-utils-1.4.1-7.el5_8.2\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"gnutls / gnutls-debuginfo / gnutls-devel / gnutls-utils\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-02-06T14:16:05", "description": "Updated gnutls packages that fix three security issues are now available for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nThe GnuTLS library provides support for cryptographic algorithms and for protocols such as Transport Layer Security (TLS). GnuTLS includes libtasn1, a library developed for ASN.1 (Abstract Syntax Notation One) structures management that includes DER (Distinguished Encoding Rules) encoding and decoding.\n\nA flaw was found in the way GnuTLS decrypted malformed TLS records.\nThis could cause a TLS/SSL client or server to crash when processing a specially crafted TLS record from a remote TLS/SSL connection peer.\n(CVE-2012-1573)\n\nA flaw was found in the way libtasn1 decoded DER data. An attacker could create a carefully-crafted X.509 certificate that, when parsed by an application that uses GnuTLS, could cause the application to crash. (CVE-2012-1569)\n\nA boundary error was found in the gnutls_session_get_data() function.\nA malicious TLS/SSL server could use this flaw to crash a TLS/SSL client or, possibly, execute arbitrary code as the client, if the client passed a fixed-sized buffer to gnutls_session_get_data() before checking the real size of the session data provided by the server.\n(CVE-2011-4128)\n\nRed Hat would like to thank Matthew Hall of Mu Dynamics for reporting CVE-2012-1573 and CVE-2012-1569.\n\nUsers of GnuTLS are advised to upgrade to these updated packages, which contain backported patches to correct these issues. For the update to take effect, all applications linked to the GnuTLS library must be restarted, or the system rebooted.", "cvss3": {}, "published": "2012-03-28T00:00:00", "type": "nessus", "title": "RHEL 5 : gnutls (RHSA-2012:0428)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-4128", "CVE-2012-1569", "CVE-2012-1573"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:gnutls", "p-cpe:/a:redhat:enterprise_linux:gnutls-debuginfo", "p-cpe:/a:redhat:enterprise_linux:gnutls-devel", "p-cpe:/a:redhat:enterprise_linux:gnutls-utils", "cpe:/o:redhat:enterprise_linux:5"], "id": "REDHAT-RHSA-2012-0428.NASL", "href": "https://www.tenable.com/plugins/nessus/58509", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2012:0428. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(58509);\n script_version(\"1.22\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2011-4128\", \"CVE-2012-1569\", \"CVE-2012-1573\");\n script_bugtraq_id(50609, 52667, 52668);\n script_xref(name:\"RHSA\", value:\"2012:0428\");\n\n script_name(english:\"RHEL 5 : gnutls (RHSA-2012:0428)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated gnutls packages that fix three security issues are now\navailable for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThe GnuTLS library provides support for cryptographic algorithms and\nfor protocols such as Transport Layer Security (TLS). GnuTLS includes\nlibtasn1, a library developed for ASN.1 (Abstract Syntax Notation One)\nstructures management that includes DER (Distinguished Encoding Rules)\nencoding and decoding.\n\nA flaw was found in the way GnuTLS decrypted malformed TLS records.\nThis could cause a TLS/SSL client or server to crash when processing a\nspecially crafted TLS record from a remote TLS/SSL connection peer.\n(CVE-2012-1573)\n\nA flaw was found in the way libtasn1 decoded DER data. An attacker\ncould create a carefully-crafted X.509 certificate that, when parsed\nby an application that uses GnuTLS, could cause the application to\ncrash. (CVE-2012-1569)\n\nA boundary error was found in the gnutls_session_get_data() function.\nA malicious TLS/SSL server could use this flaw to crash a TLS/SSL\nclient or, possibly, execute arbitrary code as the client, if the\nclient passed a fixed-sized buffer to gnutls_session_get_data() before\nchecking the real size of the session data provided by the server.\n(CVE-2011-4128)\n\nRed Hat would like to thank Matthew Hall of Mu Dynamics for reporting\nCVE-2012-1573 and CVE-2012-1569.\n\nUsers of GnuTLS are advised to upgrade to these updated packages,\nwhich contain backported patches to correct these issues. For the\nupdate to take effect, all applications linked to the GnuTLS library\nmust be restarted, or the system rebooted.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2012:0428\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2012-1569\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-4128\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2012-1573\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:gnutls\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:gnutls-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:gnutls-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:gnutls-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/12/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/03/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/03/28\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 5.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2012:0428\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL5\", reference:\"gnutls-1.4.1-7.el5_8.2\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"gnutls-debuginfo-1.4.1-7.el5_8.2\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"gnutls-devel-1.4.1-7.el5_8.2\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"gnutls-utils-1.4.1-7.el5_8.2\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"gnutls-utils-1.4.1-7.el5_8.2\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"gnutls-utils-1.4.1-7.el5_8.2\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"gnutls / gnutls-debuginfo / gnutls-devel / gnutls-utils\");\n }\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-01-18T14:31:18", "description": "3 vulnerabilities were discovered for the gnutls packages in openSUSE version 12.1.", "cvss3": {}, "published": "2014-06-13T00:00:00", "type": "nessus", "title": "openSUSE Security Update : gnutls (openSUSE-SU-2012:0620-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-1569", "CVE-2012-1573", "CVE-2012-1663"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:gnutls", "p-cpe:/a:novell:opensuse:gnutls-debuginfo", "p-cpe:/a:novell:opensuse:gnutls-debugsource", "p-cpe:/a:novell:opensuse:libgnutls-devel", "p-cpe:/a:novell:opensuse:libgnutls-devel-32bit", "p-cpe:/a:novell:opensuse:libgnutls-extra-devel", "p-cpe:/a:novell:opensuse:libgnutls-extra28", "p-cpe:/a:novell:opensuse:libgnutls-extra28-debuginfo", "p-cpe:/a:novell:opensuse:libgnutls-openssl-devel", "p-cpe:/a:novell:opensuse:libgnutls-openssl27", "p-cpe:/a:novell:opensuse:libgnutls-openssl27-debuginfo", "p-cpe:/a:novell:opensuse:libgnutls28", "p-cpe:/a:novell:opensuse:libgnutls28-32bit", "p-cpe:/a:novell:opensuse:libgnutls28-debuginfo", "p-cpe:/a:novell:opensuse:libgnutls28-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libgnutlsxx-devel", "p-cpe:/a:novell:opensuse:libgnutlsxx28", "p-cpe:/a:novell:opensuse:libgnutlsxx28-debuginfo", "cpe:/o:novell:opensuse:12.1"], "id": "OPENSUSE-2012-277.NASL", "href": "https://www.tenable.com/plugins/nessus/74627", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2012-277.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(74627);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2012-1569\", \"CVE-2012-1573\", \"CVE-2012-1663\");\n\n script_name(english:\"openSUSE Security Update : gnutls (openSUSE-SU-2012:0620-1)\");\n script_summary(english:\"Check for the openSUSE-2012-277 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"3 vulnerabilities were discovered for the gnutls packages in openSUSE\nversion 12.1.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=752193\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=753301\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=754223\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2012-05/msg00021.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected gnutls packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:gnutls\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:gnutls-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:gnutls-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libgnutls-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libgnutls-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libgnutls-extra-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libgnutls-extra28\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libgnutls-extra28-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libgnutls-openssl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libgnutls-openssl27\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libgnutls-openssl27-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libgnutls28\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libgnutls28-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libgnutls28-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libgnutls28-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libgnutlsxx-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libgnutlsxx28\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libgnutlsxx28-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:12.1\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/03/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/05/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE12\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"12.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE12.1\", reference:\"gnutls-3.0.3-5.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"gnutls-debuginfo-3.0.3-5.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"gnutls-debugsource-3.0.3-5.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libgnutls-devel-3.0.3-5.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libgnutls-extra-devel-3.0.3-5.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libgnutls-extra28-3.0.3-5.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libgnutls-extra28-debuginfo-3.0.3-5.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libgnutls-openssl-devel-3.0.3-5.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libgnutls-openssl27-3.0.3-5.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libgnutls-openssl27-debuginfo-3.0.3-5.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libgnutls28-3.0.3-5.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libgnutls28-debuginfo-3.0.3-5.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libgnutlsxx-devel-3.0.3-5.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libgnutlsxx28-3.0.3-5.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libgnutlsxx28-debuginfo-3.0.3-5.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"libgnutls-devel-32bit-3.0.3-5.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"libgnutls28-32bit-3.0.3-5.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"libgnutls28-debuginfo-32bit-3.0.3-5.8.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"gnutls / gnutls-debuginfo / gnutls-debugsource / libgnutls-devel / etc\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-06T14:15:54", "description": "Updated gnutls packages that fix three security issues are now available for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nThe GnuTLS library provides support for cryptographic algorithms and for protocols such as Transport Layer Security (TLS). GnuTLS includes libtasn1, a library developed for ASN.1 (Abstract Syntax Notation One) structures management that includes DER (Distinguished Encoding Rules) encoding and decoding.\n\nA flaw was found in the way GnuTLS decrypted malformed TLS records.\nThis could cause a TLS/SSL client or server to crash when processing a specially crafted TLS record from a remote TLS/SSL connection peer.\n(CVE-2012-1573)\n\nA flaw was found in the way libtasn1 decoded DER data. An attacker could create a carefully-crafted X.509 certificate that, when parsed by an application that uses GnuTLS, could cause the application to crash. (CVE-2012-1569)\n\nA boundary error was found in the gnutls_session_get_data() function.\nA malicious TLS/SSL server could use this flaw to crash a TLS/SSL client or, possibly, execute arbitrary code as the client, if the client passed a fixed-sized buffer to gnutls_session_get_data() before checking the real size of the session data provided by the server.\n(CVE-2011-4128)\n\nRed Hat would like to thank Matthew Hall of Mu Dynamics for reporting CVE-2012-1573 and CVE-2012-1569.\n\nUsers of GnuTLS are advised to upgrade to these updated packages, which contain backported patches to correct these issues. For the update to take effect, all applications linked to the GnuTLS library must be restarted, or the system rebooted.", "cvss3": {}, "published": "2012-03-28T00:00:00", "type": "nessus", "title": "CentOS 5 : gnutls (CESA-2012:0428)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-4128", "CVE-2012-1569", "CVE-2012-1573"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:centos:centos:gnutls", "p-cpe:/a:centos:centos:gnutls-devel", "p-cpe:/a:centos:centos:gnutls-utils", "cpe:/o:centos:centos:5"], "id": "CENTOS_RHSA-2012-0428.NASL", "href": "https://www.tenable.com/plugins/nessus/58504", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2012:0428 and \n# CentOS Errata and Security Advisory 2012:0428 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(58504);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2011-4128\", \"CVE-2012-1569\", \"CVE-2012-1573\");\n script_bugtraq_id(50609, 52667, 52668);\n script_xref(name:\"RHSA\", value:\"2012:0428\");\n\n script_name(english:\"CentOS 5 : gnutls (CESA-2012:0428)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated gnutls packages that fix three security issues are now\navailable for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThe GnuTLS library provides support for cryptographic algorithms and\nfor protocols such as Transport Layer Security (TLS). GnuTLS includes\nlibtasn1, a library developed for ASN.1 (Abstract Syntax Notation One)\nstructures management that includes DER (Distinguished Encoding Rules)\nencoding and decoding.\n\nA flaw was found in the way GnuTLS decrypted malformed TLS records.\nThis could cause a TLS/SSL client or server to crash when processing a\nspecially crafted TLS record from a remote TLS/SSL connection peer.\n(CVE-2012-1573)\n\nA flaw was found in the way libtasn1 decoded DER data. An attacker\ncould create a carefully-crafted X.509 certificate that, when parsed\nby an application that uses GnuTLS, could cause the application to\ncrash. (CVE-2012-1569)\n\nA boundary error was found in the gnutls_session_get_data() function.\nA malicious TLS/SSL server could use this flaw to crash a TLS/SSL\nclient or, possibly, execute arbitrary code as the client, if the\nclient passed a fixed-sized buffer to gnutls_session_get_data() before\nchecking the real size of the session data provided by the server.\n(CVE-2011-4128)\n\nRed Hat would like to thank Matthew Hall of Mu Dynamics for reporting\nCVE-2012-1573 and CVE-2012-1569.\n\nUsers of GnuTLS are advised to upgrade to these updated packages,\nwhich contain backported patches to correct these issues. For the\nupdate to take effect, all applications linked to the GnuTLS library\nmust be restarted, or the system rebooted.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2012-March/018529.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?2c92bc6d\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected gnutls packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2012-1569\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:gnutls\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:gnutls-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:gnutls-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/12/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/03/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/03/28\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 5.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-5\", reference:\"gnutls-1.4.1-7.el5_8.2\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"gnutls-devel-1.4.1-7.el5_8.2\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"gnutls-utils-1.4.1-7.el5_8.2\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"gnutls / gnutls-devel / gnutls-utils\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-02-06T14:22:53", "description": "From Red Hat Security Advisory 2012:0428 :\n\nUpdated gnutls packages that fix three security issues are now available for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nThe GnuTLS library provides support for cryptographic algorithms and for protocols such as Transport Layer Security (TLS). GnuTLS includes libtasn1, a library developed for ASN.1 (Abstract Syntax Notation One) structures management that includes DER (Distinguished Encoding Rules) encoding and decoding.\n\nA flaw was found in the way GnuTLS decrypted malformed TLS records.\nThis could cause a TLS/SSL client or server to crash when processing a specially crafted TLS record from a remote TLS/SSL connection peer.\n(CVE-2012-1573)\n\nA flaw was found in the way libtasn1 decoded DER data. An attacker could create a carefully-crafted X.509 certificate that, when parsed by an application that uses GnuTLS, could cause the application to crash. (CVE-2012-1569)\n\nA boundary error was found in the gnutls_session_get_data() function.\nA malicious TLS/SSL server could use this flaw to crash a TLS/SSL client or, possibly, execute arbitrary code as the client, if the client passed a fixed-sized buffer to gnutls_session_get_data() before checking the real size of the session data provided by the server.\n(CVE-2011-4128)\n\nRed Hat would like to thank Matthew Hall of Mu Dynamics for reporting CVE-2012-1573 and CVE-2012-1569.\n\nUsers of GnuTLS are advised to upgrade to these updated packages, which contain backported patches to correct these issues. For the update to take effect, all applications linked to the GnuTLS library must be restarted, or the system rebooted.", "cvss3": {}, "published": "2013-07-12T00:00:00", "type": "nessus", "title": "Oracle Linux 5 : gnutls (ELSA-2012-0428)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-4128", "CVE-2012-1569", "CVE-2012-1573"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:gnutls", "p-cpe:/a:oracle:linux:gnutls-devel", "p-cpe:/a:oracle:linux:gnutls-utils", "cpe:/o:oracle:linux:5"], "id": "ORACLELINUX_ELSA-2012-0428.NASL", "href": "https://www.tenable.com/plugins/nessus/68503", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2012:0428 and \n# Oracle Linux Security Advisory ELSA-2012-0428 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(68503);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2011-4128\", \"CVE-2012-1569\", \"CVE-2012-1573\");\n script_bugtraq_id(50609, 52667, 52668);\n script_xref(name:\"RHSA\", value:\"2012:0428\");\n\n script_name(english:\"Oracle Linux 5 : gnutls (ELSA-2012-0428)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2012:0428 :\n\nUpdated gnutls packages that fix three security issues are now\navailable for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThe GnuTLS library provides support for cryptographic algorithms and\nfor protocols such as Transport Layer Security (TLS). GnuTLS includes\nlibtasn1, a library developed for ASN.1 (Abstract Syntax Notation One)\nstructures management that includes DER (Distinguished Encoding Rules)\nencoding and decoding.\n\nA flaw was found in the way GnuTLS decrypted malformed TLS records.\nThis could cause a TLS/SSL client or server to crash when processing a\nspecially crafted TLS record from a remote TLS/SSL connection peer.\n(CVE-2012-1573)\n\nA flaw was found in the way libtasn1 decoded DER data. An attacker\ncould create a carefully-crafted X.509 certificate that, when parsed\nby an application that uses GnuTLS, could cause the application to\ncrash. (CVE-2012-1569)\n\nA boundary error was found in the gnutls_session_get_data() function.\nA malicious TLS/SSL server could use this flaw to crash a TLS/SSL\nclient or, possibly, execute arbitrary code as the client, if the\nclient passed a fixed-sized buffer to gnutls_session_get_data() before\nchecking the real size of the session data provided by the server.\n(CVE-2011-4128)\n\nRed Hat would like to thank Matthew Hall of Mu Dynamics for reporting\nCVE-2012-1573 and CVE-2012-1569.\n\nUsers of GnuTLS are advised to upgrade to these updated packages,\nwhich contain backported patches to correct these issues. For the\nupdate to take effect, all applications linked to the GnuTLS library\nmust be restarted, or the system rebooted.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2012-March/002720.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected gnutls packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:gnutls\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:gnutls-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:gnutls-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/12/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/03/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 5\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL5\", reference:\"gnutls-1.4.1-7.el5_8.2\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"gnutls-devel-1.4.1-7.el5_8.2\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"gnutls-utils-1.4.1-7.el5_8.2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"gnutls / gnutls-devel / gnutls-utils\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-01-18T14:31:44", "description": "Fix GnuTLS DTLS plaintext recovery attack", "cvss3": {}, "published": "2014-06-13T00:00:00", "type": "nessus", "title": "openSUSE Security Update : gnutls (openSUSE-2012-121)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-0390"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:gnutls", "p-cpe:/a:novell:opensuse:gnutls-debuginfo", "p-cpe:/a:novell:opensuse:gnutls-debugsource", "p-cpe:/a:novell:opensuse:libgnutls-devel", "p-cpe:/a:novell:opensuse:libgnutls-devel-32bit", "p-cpe:/a:novell:opensuse:libgnutls-extra-devel", "p-cpe:/a:novell:opensuse:libgnutls-extra28", "p-cpe:/a:novell:opensuse:libgnutls-extra28-debuginfo", "p-cpe:/a:novell:opensuse:libgnutls-openssl-devel", "p-cpe:/a:novell:opensuse:libgnutls-openssl27", "p-cpe:/a:novell:opensuse:libgnutls-openssl27-debuginfo", "p-cpe:/a:novell:opensuse:libgnutls28", "p-cpe:/a:novell:opensuse:libgnutls28-32bit", "p-cpe:/a:novell:opensuse:libgnutls28-debuginfo", "p-cpe:/a:novell:opensuse:libgnutls28-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libgnutlsxx-devel", "p-cpe:/a:novell:opensuse:libgnutlsxx28", "p-cpe:/a:novell:opensuse:libgnutlsxx28-debuginfo", "cpe:/o:novell:opensuse:12.1"], "id": "OPENSUSE-2012-121.NASL", "href": "https://www.tenable.com/plugins/nessus/74550", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2012-121.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(74550);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2012-0390\");\n\n script_name(english:\"openSUSE Security Update : gnutls (openSUSE-2012-121)\");\n script_summary(english:\"Check for the openSUSE-2012-121 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\"Fix GnuTLS DTLS plaintext recovery attack\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=739898\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected gnutls packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:gnutls\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:gnutls-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:gnutls-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libgnutls-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libgnutls-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libgnutls-extra-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libgnutls-extra28\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libgnutls-extra28-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libgnutls-openssl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libgnutls-openssl27\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libgnutls-openssl27-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libgnutls28\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libgnutls28-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libgnutls28-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libgnutls28-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libgnutlsxx-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libgnutlsxx28\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libgnutlsxx28-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:12.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/02/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE12\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"12.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE12.1\", reference:\"gnutls-3.0.3-5.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"gnutls-debuginfo-3.0.3-5.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"gnutls-debugsource-3.0.3-5.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libgnutls-devel-3.0.3-5.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libgnutls-extra-devel-3.0.3-5.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libgnutls-extra28-3.0.3-5.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libgnutls-extra28-debuginfo-3.0.3-5.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libgnutls-openssl-devel-3.0.3-5.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libgnutls-openssl27-3.0.3-5.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libgnutls-openssl27-debuginfo-3.0.3-5.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libgnutls28-3.0.3-5.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libgnutls28-debuginfo-3.0.3-5.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libgnutlsxx-devel-3.0.3-5.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libgnutlsxx28-3.0.3-5.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libgnutlsxx28-debuginfo-3.0.3-5.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"libgnutls-devel-32bit-3.0.3-5.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"libgnutls28-32bit-3.0.3-5.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"libgnutls28-debuginfo-32bit-3.0.3-5.3.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"gnutls / gnutls-debuginfo / gnutls-debugsource / libgnutls-devel / etc\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-01-18T14:33:10", "description": "This update of GnuTLS fixes a vulnerability in the DTLS implementation which could allow remote attackers to recover partial plaintext via a timing side-channel attack. (CVE-2012-0390).", "cvss3": {}, "published": "2014-06-13T00:00:00", "type": "nessus", "title": "openSUSE Security Update : gnutls (openSUSE-SU-2012:0344-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-0390"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:gnutls", "p-cpe:/a:novell:opensuse:gnutls-debuginfo", "p-cpe:/a:novell:opensuse:gnutls-debugsource", "p-cpe:/a:novell:opensuse:libgnutls-devel", "p-cpe:/a:novell:opensuse:libgnutls-extra-devel", "p-cpe:/a:novell:opensuse:libgnutls-extra26", "p-cpe:/a:novell:opensuse:libgnutls-extra26-debuginfo", "p-cpe:/a:novell:opensuse:libgnutls26", "p-cpe:/a:novell:opensuse:libgnutls26-32bit", "p-cpe:/a:novell:opensuse:libgnutls26-debuginfo", "p-cpe:/a:novell:opensuse:libgnutls26-debuginfo-32bit", "cpe:/o:novell:opensuse:11.4"], "id": "SUSE_11_4_GNUTLS-120217.NASL", "href": "https://www.tenable.com/plugins/nessus/75856", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update gnutls-5827.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(75856);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2012-0390\");\n\n script_name(english:\"openSUSE Security Update : gnutls (openSUSE-SU-2012:0344-1)\");\n script_summary(english:\"Check for the gnutls-5827 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update of GnuTLS fixes a vulnerability in the DTLS implementation\nwhich could allow remote attackers to recover partial plaintext via a\ntiming side-channel attack. (CVE-2012-0390).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=739898\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2012-03/msg00010.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected gnutls packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:gnutls\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:gnutls-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:gnutls-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libgnutls-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libgnutls-extra-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libgnutls-extra26\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libgnutls-extra26-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libgnutls26\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libgnutls26-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libgnutls26-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libgnutls26-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.4\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/02/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.4)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.4\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.4\", reference:\"gnutls-2.8.6-5.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"gnutls-debuginfo-2.8.6-5.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"gnutls-debugsource-2.8.6-5.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"libgnutls-devel-2.8.6-5.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"libgnutls-extra-devel-2.8.6-5.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"libgnutls-extra26-2.8.6-5.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"libgnutls-extra26-debuginfo-2.8.6-5.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"libgnutls26-2.8.6-5.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"libgnutls26-debuginfo-2.8.6-5.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", cpu:\"x86_64\", reference:\"libgnutls26-32bit-2.8.6-5.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", cpu:\"x86_64\", reference:\"libgnutls26-debuginfo-32bit-2.8.6-5.8.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"gnutls\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-02-13T15:01:26", "description": "New gnutls packages are available for Slackware 12.1, 12.2, 13.0, 13.1, and 13.37 to fix security issues.", "cvss3": {}, "published": "2013-10-15T00:00:00", "type": "nessus", "title": "Slackware 12.1 / 12.2 / 13.0 / 13.1 / 13.37 : gnutls (SSA:2013-287-03)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-4128", "CVE-2012-1569", "CVE-2012-1573", "CVE-2013-1619", "CVE-2013-2116"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:slackware:slackware_linux:gnutls", "cpe:/o:slackware:slackware_linux:12.1", "cpe:/o:slackware:slackware_linux:12.2", "cpe:/o:slackware:slackware_linux:13.0", "cpe:/o:slackware:slackware_linux:13.1", "cpe:/o:slackware:slackware_linux:13.37"], "id": "SLACKWARE_SSA_2013-287-03.NASL", "href": "https://www.tenable.com/plugins/nessus/70439", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Slackware Security Advisory 2013-287-03. The text \n# itself is copyright (C) Slackware Linux, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(70439);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2011-4128\", \"CVE-2012-1569\", \"CVE-2012-1573\", \"CVE-2013-1619\", \"CVE-2013-2116\");\n script_bugtraq_id(50609, 52667, 52668, 57736, 60215);\n script_xref(name:\"SSA\", value:\"2013-287-03\");\n\n script_name(english:\"Slackware 12.1 / 12.2 / 13.0 / 13.1 / 13.37 : gnutls (SSA:2013-287-03)\");\n script_summary(english:\"Checks for updated package in /var/log/packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Slackware host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"New gnutls packages are available for Slackware 12.1, 12.2, 13.0,\n13.1, and 13.37 to fix security issues.\"\n );\n # http://www.slackware.com/security/viewer.php?l=slackware-security&y=2013&m=slackware-security.467196\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?bb55c642\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected gnutls package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:slackware:slackware_linux:gnutls\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:12.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:12.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:13.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:13.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:13.37\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/10/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/10/15\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Slackware Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Slackware/release\", \"Host/Slackware/packages\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"slackware.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Slackware/release\")) audit(AUDIT_OS_NOT, \"Slackware\");\nif (!get_kb_item(\"Host/Slackware/packages\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Slackware\", cpu);\n\n\nflag = 0;\nif (slackware_check(osver:\"12.1\", pkgname:\"gnutls\", pkgver:\"2.8.4\", pkgarch:\"i486\", pkgnum:\"2_slack12.1\")) flag++;\n\nif (slackware_check(osver:\"12.2\", pkgname:\"gnutls\", pkgver:\"2.8.4\", pkgarch:\"i486\", pkgnum:\"2_slack12.2\")) flag++;\n\nif (slackware_check(osver:\"13.0\", pkgname:\"gnutls\", pkgver:\"2.8.4\", pkgarch:\"i486\", pkgnum:\"2_slack13.0\")) flag++;\nif (slackware_check(osver:\"13.0\", arch:\"x86_64\", pkgname:\"gnutls\", pkgver:\"2.8.4\", pkgarch:\"x86_64\", pkgnum:\"2_slack13.0\")) flag++;\n\nif (slackware_check(osver:\"13.1\", pkgname:\"gnutls\", pkgver:\"2.8.6\", pkgarch:\"i486\", pkgnum:\"2_slack13.1\")) flag++;\nif (slackware_check(osver:\"13.1\", arch:\"x86_64\", pkgname:\"gnutls\", pkgver:\"2.8.6\", pkgarch:\"x86_64\", pkgnum:\"2_slack13.1\")) flag++;\n\nif (slackware_check(osver:\"13.37\", pkgname:\"gnutls\", pkgver:\"2.10.5\", pkgarch:\"i486\", pkgnum:\"2_slack13.37\")) flag++;\nif (slackware_check(osver:\"13.37\", arch:\"x86_64\", pkgname:\"gnutls\", pkgver:\"2.10.5\", pkgarch:\"x86_64\", pkgnum:\"2_slack13.37\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:slackware_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-02-06T14:15:41", "description": "A vulnerability has been found and corrected in GnuTLS :\n\ngnutls_cipher.c in libgnutls in GnuTLS before 2.12.17 and 3.x before 3.0.15 does not properly handle data encrypted with a block cipher, which allows remote attackers to cause a denial of service (heap memory corruption and application crash) via a crafted record, as demonstrated by a crafted GenericBlockCipher structure (CVE-2012-1573).\n\nThe updated packages have been patched to correct this issue.\n\nThe GnuTLS packages for Mandriva Linux 2011 has been upgraded to the 2.12.8 version due to problems with the test suite while building it, additionally a new dependency was added on p11-kit for the PKCS #11 support.", "cvss3": {}, "published": "2012-03-28T00:00:00", "type": "nessus", "title": "Mandriva Linux Security Advisory : gnutls (MDVSA-2012:040)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-1573"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:mandriva:linux:gnutls", "p-cpe:/a:mandriva:linux:lib64gnutls-devel", "p-cpe:/a:mandriva:linux:lib64gnutls-ssl27", "p-cpe:/a:mandriva:linux:lib64gnutls26", "p-cpe:/a:mandriva:linux:lib64p11-kit-devel", "p-cpe:/a:mandriva:linux:lib64p11-kit0", "p-cpe:/a:mandriva:linux:libgnutls-devel", "p-cpe:/a:mandriva:linux:libgnutls-ssl27", "p-cpe:/a:mandriva:linux:libgnutls26", "p-cpe:/a:mandriva:linux:libp11-kit-devel", "p-cpe:/a:mandriva:linux:libp11-kit0", "p-cpe:/a:mandriva:linux:p11-kit", "cpe:/o:mandriva:linux:2010.1", "cpe:/o:mandriva:linux:2011"], "id": "MANDRIVA_MDVSA-2012-040.NASL", "href": "https://www.tenable.com/plugins/nessus/58505", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2012:040. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(58505);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2012-1573\");\n script_bugtraq_id(52667);\n script_xref(name:\"MDVSA\", value:\"2012:040\");\n\n script_name(english:\"Mandriva Linux Security Advisory : gnutls (MDVSA-2012:040)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A vulnerability has been found and corrected in GnuTLS :\n\ngnutls_cipher.c in libgnutls in GnuTLS before 2.12.17 and 3.x before\n3.0.15 does not properly handle data encrypted with a block cipher,\nwhich allows remote attackers to cause a denial of service (heap\nmemory corruption and application crash) via a crafted record, as\ndemonstrated by a crafted GenericBlockCipher structure\n(CVE-2012-1573).\n\nThe updated packages have been patched to correct this issue.\n\nThe GnuTLS packages for Mandriva Linux 2011 has been upgraded to the\n2.12.8 version due to problems with the test suite while building it,\nadditionally a new dependency was added on p11-kit for the PKCS #11\nsupport.\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:gnutls\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64gnutls-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64gnutls-ssl27\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64gnutls26\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64p11-kit-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64p11-kit0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libgnutls-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libgnutls-ssl27\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libgnutls26\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libp11-kit-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libp11-kit0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:p11-kit\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2010.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2011\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/03/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/03/28\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK2010.1\", reference:\"gnutls-2.8.6-1.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"x86_64\", reference:\"lib64gnutls-devel-2.8.6-1.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"x86_64\", reference:\"lib64gnutls26-2.8.6-1.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"i386\", reference:\"libgnutls-devel-2.8.6-1.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"i386\", reference:\"libgnutls26-2.8.6-1.1mdv2010.2\", yank:\"mdv\")) flag++;\n\nif (rpm_check(release:\"MDK2011\", reference:\"gnutls-2.12.8-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", cpu:\"x86_64\", reference:\"lib64gnutls-devel-2.12.8-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", cpu:\"x86_64\", reference:\"lib64gnutls-ssl27-2.12.8-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", cpu:\"x86_64\", reference:\"lib64gnutls26-2.12.8-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", cpu:\"x86_64\", reference:\"lib64p11-kit-devel-0.12-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", cpu:\"x86_64\", reference:\"lib64p11-kit0-0.12-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", cpu:\"i386\", reference:\"libgnutls-devel-2.12.8-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", cpu:\"i386\", reference:\"libgnutls-ssl27-2.12.8-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", cpu:\"i386\", reference:\"libgnutls26-2.12.8-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", cpu:\"i386\", reference:\"libp11-kit-devel-0.12-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", cpu:\"i386\", reference:\"libp11-kit0-0.12-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"p11-kit-0.12-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-02-06T14:16:14", "description": "Matthew Hall discovered that GNUTLS does not properly handle truncated GenericBlockCipher structures nested inside TLS records, leading to crashes in applications using the GNUTLS library.", "cvss3": {}, "published": "2012-03-26T00:00:00", "type": "nessus", "title": "Debian DSA-2441-1 : gnutls26 - missing bounds check", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-1573"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:gnutls26", "cpe:/o:debian:debian_linux:6.0"], "id": "DEBIAN_DSA-2441.NASL", "href": "https://www.tenable.com/plugins/nessus/58460", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-2441. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(58460);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2012-1573\");\n script_bugtraq_id(52667);\n script_xref(name:\"DSA\", value:\"2441\");\n\n script_name(english:\"Debian DSA-2441-1 : gnutls26 - missing bounds check\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Matthew Hall discovered that GNUTLS does not properly handle truncated\nGenericBlockCipher structures nested inside TLS records, leading to\ncrashes in applications using the GNUTLS library.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/squeeze/gnutls26\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2012/dsa-2441\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the gnutls26 packages.\n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 2.8.6-1+squeeze2.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:gnutls26\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:6.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/03/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/03/26\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"6.0\", prefix:\"gnutls-bin\", reference:\"2.8.6-1+squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"gnutls-doc\", reference:\"2.8.6-1+squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"guile-gnutls\", reference:\"2.8.6-1+squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libgnutls-dev\", reference:\"2.8.6-1+squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libgnutls26\", reference:\"2.8.6-1+squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libgnutls26-dbg\", reference:\"2.8.6-1+squeeze2\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-02-06T14:16:03", "description": "Update fixing an important security issue and memory leak.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2012-03-26T00:00:00", "type": "nessus", "title": "Fedora 16 : gnutls-2.12.14-2.fc16 (2012-4578)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-1573"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:gnutls", "cpe:/o:fedoraproject:fedora:16"], "id": "FEDORA_2012-4578.NASL", "href": "https://www.tenable.com/plugins/nessus/58469", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2012-4578.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(58469);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2012-1573\");\n script_bugtraq_id(52667);\n script_xref(name:\"FEDORA\", value:\"2012-4578\");\n\n script_name(english:\"Fedora 16 : gnutls-2.12.14-2.fc16 (2012-4578)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Update fixing an important security issue and memory leak.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=796302\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=805440\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2012-March/076496.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?ab9af842\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2012-March/076540.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?9a53174f\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected gnutls package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:gnutls\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:16\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/03/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/03/26\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^16([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 16.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC16\", reference:\"gnutls-2.12.14-2.fc16\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"gnutls\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-02-06T14:16:12", "description": "Mu Dynamics, Inc. reports :\n\nThe block cipher decryption logic in GnuTLS assumed that a record containing any data which was a multiple of the block size was valid for further decryption processing, leading to a heap corruption vulnerability.", "cvss3": {}, "published": "2012-03-22T00:00:00", "type": "nessus", "title": "FreeBSD : gnutls -- possible overflow/Denial of service vulnerabilities (aecee357-739e-11e1-a883-001cc0a36e12)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-1573"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:gnutls", "p-cpe:/a:freebsd:freebsd:gnutls-devel", "cpe:/o:freebsd:freebsd"], "id": "FREEBSD_PKG_AECEE357739E11E1A883001CC0A36E12.NASL", "href": "https://www.tenable.com/plugins/nessus/58423", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(58423);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2012-1573\");\n\n script_name(english:\"FreeBSD : gnutls -- possible overflow/Denial of service vulnerabilities (aecee357-739e-11e1-a883-001cc0a36e12)\");\n script_summary(english:\"Checks for updated packages in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote FreeBSD host is missing one or more security-related\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Mu Dynamics, Inc. reports :\n\nThe block cipher decryption logic in GnuTLS assumed that a record\ncontaining any data which was a multiple of the block size was valid\nfor further decryption processing, leading to a heap corruption\nvulnerability.\"\n );\n # https://vuxml.freebsd.org/freebsd/aecee357-739e-11e1-a883-001cc0a36e12.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?4512c353\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:gnutls\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:gnutls-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/03/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/03/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/03/22\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"gnutls<2.12.18\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"gnutls-devel>2.99<3.0.15\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-02-06T14:58:22", "description": "The remote Solaris system is missing necessary patches to address security updates :\n\n - gnutls_cipher.c in libgnutls in GnuTLS before 2.12.17 and 3.x before 3.0.15 does not properly handle data encrypted with a block cipher, which allows remote attackers to cause a denial of service (heap memory corruption and application crash) via a crafted record, as demonstrated by a crafted GenericBlockCipher structure. (CVE-2012-1573)", "cvss3": {}, "published": "2015-01-19T00:00:00", "type": "nessus", "title": "Oracle Solaris Third-Party Patch Update : gnutls (cve_2012_1573_denial_of)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-1573"], "modified": "2021-01-14T00:00:00", "cpe": ["cpe:/o:oracle:solaris:11.1", "p-cpe:/a:oracle:solaris:gnutls"], "id": "SOLARIS11_GNUTLS_20130619.NASL", "href": "https://www.tenable.com/plugins/nessus/80629", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from the Oracle Third Party software advisories.\n#\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(80629);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2012-1573\");\n\n script_name(english:\"Oracle Solaris Third-Party Patch Update : gnutls (cve_2012_1573_denial_of)\");\n script_summary(english:\"Check for the 'entire' version.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Solaris system is missing a security patch for third-party\nsoftware.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote Solaris system is missing necessary patches to address\nsecurity updates :\n\n - gnutls_cipher.c in libgnutls in GnuTLS before 2.12.17\n and 3.x before 3.0.15 does not properly handle data\n encrypted with a block cipher, which allows remote\n attackers to cause a denial of service (heap memory\n corruption and application crash) via a crafted record,\n as demonstrated by a crafted GenericBlockCipher\n structure. (CVE-2012-1573)\"\n );\n # https://www.oracle.com/technetwork/topics/security/thirdparty-patch-map-1482893.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?4a913f44\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://blogs.oracle.com/sunsecurity/cve-2012-1573-denial-of-service-vulnerability-in-gnutls\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade to Solaris 11.1.8.4.0.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:solaris:11.1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:gnutls\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/06/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/01/19\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Solaris Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Solaris11/release\", \"Host/Solaris11/pkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"solaris.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Solaris11/release\");\nif (isnull(release)) audit(AUDIT_OS_NOT, \"Solaris11\");\npkg_list = solaris_pkg_list_leaves();\nif (isnull (pkg_list)) audit(AUDIT_PACKAGE_LIST_MISSING, \"Solaris pkg-list packages\");\n\nif (empty_or_null(egrep(string:pkg_list, pattern:\"^gnutls$\"))) audit(AUDIT_PACKAGE_NOT_INSTALLED, \"gnutls\");\n\nflag = 0;\n\nif (solaris_check_release(release:\"0.5.11-0.175.1.8.0.4.0\", sru:\"SRU 11.1.8.4.0\") > 0) flag++;\n\nif (flag)\n{\n error_extra = 'Affected package : gnutls\\n' + solaris_get_report2();\n error_extra = ereg_replace(pattern:\"version\", replace:\"OS version\", string:error_extra);\n if (report_verbosity > 0) security_warning(port:0, extra:error_extra);\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_PACKAGE_NOT_AFFECTED, \"gnutls\");\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-02-06T14:16:55", "description": "This update fixes a a DER decoding buffer overflow in the MinGW cross compiled libtasn1 and gnutls packages. The mingw-gnutls build also switches to using the system libtasn1 library instead of its bundled copy.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2012-04-02T00:00:00", "type": "nessus", "title": "Fedora 16 : mingw-libtasn1-2.12-1.fc16 / mingw32-gnutls-2.12.14-3.fc16 (2012-4409)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-1569"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:mingw-libtasn1", "p-cpe:/a:fedoraproject:fedora:mingw32-gnutls", "cpe:/o:fedoraproject:fedora:16"], "id": "FEDORA_2012-4409.NASL", "href": "https://www.tenable.com/plugins/nessus/58551", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2012-4409.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(58551);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2012-1569\");\n script_xref(name:\"FEDORA\", value:\"2012-4409\");\n\n script_name(english:\"Fedora 16 : mingw-libtasn1-2.12-1.fc16 / mingw32-gnutls-2.12.14-3.fc16 (2012-4409)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update fixes a a DER decoding buffer overflow in the MinGW cross\ncompiled libtasn1 and gnutls packages. The mingw-gnutls build also\nswitches to using the system libtasn1 library instead of its bundled\ncopy.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=804920\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2012-March/076698.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?71af81f8\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2012-March/076699.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?09c65976\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected mingw-libtasn1 and / or mingw32-gnutls packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:mingw-libtasn1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:mingw32-gnutls\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:16\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/03/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/04/02\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^16([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 16.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC16\", reference:\"mingw-libtasn1-2.12-1.fc16\")) flag++;\nif (rpm_check(release:\"FC16\", reference:\"mingw32-gnutls-2.12.14-3.fc16\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"mingw-libtasn1 / mingw32-gnutls\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-02-13T14:59:32", "description": "From Red Hat Security Advisory 2012:0427 :\n\nUpdated libtasn1 packages that fix one security issue are now available for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.\n\nlibtasn1 is a library developed for ASN.1 (Abstract Syntax Notation One) structures management that includes DER (Distinguished Encoding Rules) encoding and decoding.\n\nA flaw was found in the way libtasn1 decoded DER data. An attacker could create carefully-crafted DER encoded input (such as an X.509 certificate) that, when parsed by an application that uses libtasn1 (such as applications using GnuTLS), could cause the application to crash. (CVE-2012-1569)\n\nRed Hat would like to thank Matthew Hall of Mu Dynamics for reporting this issue.\n\nUsers of libtasn1 are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. For the update to take effect, all applications linked to the libtasn1 library must be restarted, or the system rebooted.", "cvss3": {}, "published": "2013-07-12T00:00:00", "type": "nessus", "title": "Oracle Linux 6 : libtasn1 (ELSA-2012-0427)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-1569"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:libtasn1", "p-cpe:/a:oracle:linux:libtasn1-devel", "p-cpe:/a:oracle:linux:libtasn1-tools", "cpe:/o:oracle:linux:6"], "id": "ORACLELINUX_ELSA-2012-0427.NASL", "href": "https://www.tenable.com/plugins/nessus/68502", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2012:0427 and \n# Oracle Linux Security Advisory ELSA-2012-0427 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(68502);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2012-1569\");\n script_bugtraq_id(52668);\n script_xref(name:\"RHSA\", value:\"2012:0427\");\n\n script_name(english:\"Oracle Linux 6 : libtasn1 (ELSA-2012-0427)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2012:0427 :\n\nUpdated libtasn1 packages that fix one security issue are now\navailable for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. A Common Vulnerability Scoring System\n(CVSS) base score, which gives a detailed severity rating, is\navailable from the CVE link in the References section.\n\nlibtasn1 is a library developed for ASN.1 (Abstract Syntax Notation\nOne) structures management that includes DER (Distinguished Encoding\nRules) encoding and decoding.\n\nA flaw was found in the way libtasn1 decoded DER data. An attacker\ncould create carefully-crafted DER encoded input (such as an X.509\ncertificate) that, when parsed by an application that uses libtasn1\n(such as applications using GnuTLS), could cause the application to\ncrash. (CVE-2012-1569)\n\nRed Hat would like to thank Matthew Hall of Mu Dynamics for reporting\nthis issue.\n\nUsers of libtasn1 are advised to upgrade to these updated packages,\nwhich contain a backported patch to correct this issue. For the update\nto take effect, all applications linked to the libtasn1 library must\nbe restarted, or the system rebooted.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2012-March/002718.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libtasn1 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libtasn1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libtasn1-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libtasn1-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/03/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/03/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 6\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL6\", reference:\"libtasn1-2.3-3.el6_2.1\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"libtasn1-devel-2.3-3.el6_2.1\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"libtasn1-tools-2.3-3.el6_2.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libtasn1 / libtasn1-devel / libtasn1-tools\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-02-07T14:17:25", "description": "libtasn1 is a library developed for ASN.1 (Abstract Syntax Notation One) structures management that includes DER (Distinguished Encoding Rules) encoding and decoding.\n\nA flaw was found in the way libtasn1 decoded DER data. An attacker could create carefully-crafted DER encoded input (such as an X.509 certificate) that, when parsed by an application that uses libtasn1 (such as applications using GnuTLS), could cause the application to crash. (CVE-2012-1569)\n\nUsers of libtasn1 are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. For the update to take effect, all applications linked to the libtasn1 library must be restarted, or the system rebooted.", "cvss3": {}, "published": "2012-08-01T00:00:00", "type": "nessus", "title": "Scientific Linux Security Update : libtasn1 on SL6.x i386/x86_64 (20120327)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-1569"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:fermilab:scientific_linux:libtasn1", "p-cpe:/a:fermilab:scientific_linux:libtasn1-debuginfo", "p-cpe:/a:fermilab:scientific_linux:libtasn1-devel", "p-cpe:/a:fermilab:scientific_linux:libtasn1-tools", "x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20120327_LIBTASN1_ON_SL6_X.NASL", "href": "https://www.tenable.com/plugins/nessus/61292", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(61292);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2012-1569\");\n\n script_name(english:\"Scientific Linux Security Update : libtasn1 on SL6.x i386/x86_64 (20120327)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"libtasn1 is a library developed for ASN.1 (Abstract Syntax Notation\nOne) structures management that includes DER (Distinguished Encoding\nRules) encoding and decoding.\n\nA flaw was found in the way libtasn1 decoded DER data. An attacker\ncould create carefully-crafted DER encoded input (such as an X.509\ncertificate) that, when parsed by an application that uses libtasn1\n(such as applications using GnuTLS), could cause the application to\ncrash. (CVE-2012-1569)\n\nUsers of libtasn1 are advised to upgrade to these updated packages,\nwhich contain a backported patch to correct this issue. For the update\nto take effect, all applications linked to the libtasn1 library must\nbe restarted, or the system rebooted.\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1203&L=scientific-linux-errata&T=0&P=4827\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?dfb4a240\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:libtasn1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:libtasn1-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:libtasn1-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:libtasn1-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/03/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/03/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/08/01\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nos_ver = pregmatch(pattern: \"Scientific Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Scientific Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Scientific Linux 6.x\", \"Scientific Linux \" + os_ver);\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL6\", reference:\"libtasn1-2.3-3.el6_2.1\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"libtasn1-debuginfo-2.3-3.el6_2.1\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"libtasn1-devel-2.3-3.el6_2.1\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"libtasn1-tools-2.3-3.el6_2.1\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libtasn1 / libtasn1-debuginfo / libtasn1-devel / libtasn1-tools\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-02-06T14:17:15", "description": "This update fixes a a DER decoding buffer overflow in the MinGW cross compiled libtasn1 and gnutls packages. The mingw-gnutls build also switches to using the system libtasn1 library instead of its bundled copy.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2012-04-12T00:00:00", "type": "nessus", "title": "Fedora 17 : mingw-gnutls-2.12.17-1.fc17 / mingw-libtasn1-2.12-1.fc17 / mingw-p11-kit-0.12-1.fc17 (2012-4451)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-1569"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:mingw-gnutls", "p-cpe:/a:fedoraproject:fedora:mingw-libtasn1", "p-cpe:/a:fedoraproject:fedora:mingw-p11-kit", "cpe:/o:fedoraproject:fedora:17"], "id": "FEDORA_2012-4451.NASL", "href": "https://www.tenable.com/plugins/nessus/58693", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2012-4451.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(58693);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2012-1569\");\n script_xref(name:\"FEDORA\", value:\"2012-4451\");\n\n script_name(english:\"Fedora 17 : mingw-gnutls-2.12.17-1.fc17 / mingw-libtasn1-2.12-1.fc17 / mingw-p11-kit-0.12-1.fc17 (2012-4451)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update fixes a a DER decoding buffer overflow in the MinGW cross\ncompiled libtasn1 and gnutls packages. The mingw-gnutls build also\nswitches to using the system libtasn1 library instead of its bundled\ncopy.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=804920\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2012-April/077284.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?ff3b25fb\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2012-April/077285.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?4bb52203\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2012-April/077286.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?8cbccc7e\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected mingw-gnutls, mingw-libtasn1 and / or\nmingw-p11-kit packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:mingw-gnutls\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:mingw-libtasn1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:mingw-p11-kit\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:17\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/03/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/04/12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^17([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 17.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC17\", reference:\"mingw-gnutls-2.12.17-1.fc17\")) flag++;\nif (rpm_check(release:\"FC17\", reference:\"mingw-libtasn1-2.12-1.fc17\")) flag++;\nif (rpm_check(release:\"FC17\", reference:\"mingw-p11-kit-0.12-1.fc17\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"mingw-gnutls / mingw-libtasn1 / mingw-p11-kit\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-02-06T14:17:47", "description": "Matthew Hall discovered that Libtasn incorrectly handled certain large values. An attacker could exploit this with a specially crafted ASN.1 structure and cause a denial of service, or possibly execute arbitrary code.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2012-05-03T00:00:00", "type": "nessus", "title": "Ubuntu 8.04 LTS / 10.04 LTS / 11.04 / 11.10 / 12.04 LTS : libtasn1-3 vulnerability (USN-1436-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-1569"], "modified": "2019-09-19T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:libtasn1-3", "cpe:/o:canonical:ubuntu_linux:10.04:-:lts", "cpe:/o:canonical:ubuntu_linux:11.04", "cpe:/o:canonical:ubuntu_linux:11.10", "cpe:/o:canonical:ubuntu_linux:12.04:-:lts", "cpe:/o:canonical:ubuntu_linux:8.04:-:lts"], "id": "UBUNTU_USN-1436-1.NASL", "href": "https://www.tenable.com/plugins/nessus/58974", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-1436-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(58974);\n script_version(\"1.8\");\n script_cvs_date(\"Date: 2019/09/19 12:54:28\");\n\n script_cve_id(\"CVE-2012-1569\");\n script_bugtraq_id(52668);\n script_xref(name:\"USN\", value:\"1436-1\");\n\n script_name(english:\"Ubuntu 8.04 LTS / 10.04 LTS / 11.04 / 11.10 / 12.04 LTS : libtasn1-3 vulnerability (USN-1436-1)\");\n script_summary(english:\"Checks dpkg output for updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Ubuntu host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Matthew Hall discovered that Libtasn incorrectly handled certain large\nvalues. An attacker could exploit this with a specially crafted ASN.1\nstructure and cause a denial of service, or possibly execute arbitrary\ncode.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/1436-1/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libtasn1-3 package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libtasn1-3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:10.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:11.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:11.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:12.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:8.04:-:lts\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/03/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/05/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/05/03\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2012-2019 Canonical, Inc. / NASL script (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(8\\.04|10\\.04|11\\.04|11\\.10|12\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 8.04 / 10.04 / 11.04 / 11.10 / 12.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"8.04\", pkgname:\"libtasn1-3\", pkgver:\"1.1-1ubuntu0.1\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"libtasn1-3\", pkgver:\"2.4-1ubuntu0.1\")) flag++;\nif (ubuntu_check(osver:\"11.04\", pkgname:\"libtasn1-3\", pkgver:\"2.7-1ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"11.10\", pkgname:\"libtasn1-3\", pkgver:\"2.9-4ubuntu0.1\")) flag++;\nif (ubuntu_check(osver:\"12.04\", pkgname:\"libtasn1-3\", pkgver:\"2.10-1ubuntu1.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libtasn1-3\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-02-06T14:16:56", "description": "This update fixes a a DER decoding buffer overflow in the MinGW cross compiled libtasn1 and gnutls packages. The mingw-gnutls build also switches to using the system libtasn1 library instead of its bundled copy.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2012-04-13T00:00:00", "type": "nessus", "title": "Fedora 15 : mingw-libtasn1-2.12-1.fc15 / mingw32-gnutls-2.10.5-2.fc15 (2012-4417)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-1569"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:mingw-libtasn1", "p-cpe:/a:fedoraproject:fedora:mingw32-gnutls", "cpe:/o:fedoraproject:fedora:15"], "id": "FEDORA_2012-4417.NASL", "href": "https://www.tenable.com/plugins/nessus/58730", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2012-4417.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(58730);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2012-1569\");\n script_xref(name:\"FEDORA\", value:\"2012-4417\");\n\n script_name(english:\"Fedora 15 : mingw-libtasn1-2.12-1.fc15 / mingw32-gnutls-2.10.5-2.fc15 (2012-4417)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update fixes a a DER decoding buffer overflow in the MinGW cross\ncompiled libtasn1 and gnutls packages. The mingw-gnutls build also\nswitches to using the system libtasn1 library instead of its bundled\ncopy.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=804920\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2012-April/078206.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?21b84722\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2012-April/078207.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?4d71f162\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected mingw-libtasn1 and / or mingw32-gnutls packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:mingw-libtasn1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:mingw32-gnutls\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:15\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/03/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/04/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^15([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 15.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC15\", reference:\"mingw-libtasn1-2.12-1.fc15\")) flag++;\nif (rpm_check(release:\"FC15\", reference:\"mingw32-gnutls-2.10.5-2.fc15\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"mingw-libtasn1 / mingw32-gnutls\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-02-06T14:15:40", "description": "Mu Dynamics, Inc. reports :\n\nVarious functions using the ASN.1 length decoding logic in Libtasn1 were incorrectly assuming that the return value from asn1_get_length_der is always less than the length of the enclosing ASN.1 structure, which is only true for valid structures and not for intentionally corrupt or otherwise buggy structures.", "cvss3": {}, "published": "2012-03-22T00:00:00", "type": "nessus", "title": "FreeBSD : libtasn1 -- ASN.1 length decoding vulnerability (2e7e9072-73a0-11e1-a883-001cc0a36e12)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-1569"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:gnutls", "p-cpe:/a:freebsd:freebsd:gnutls-devel", "p-cpe:/a:freebsd:freebsd:libtasn1", "cpe:/o:freebsd:freebsd"], "id": "FREEBSD_PKG_2E7E907273A011E1A883001CC0A36E12.NASL", "href": "https://www.tenable.com/plugins/nessus/58422", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(58422);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2012-1569\");\n\n script_name(english:\"FreeBSD : libtasn1 -- ASN.1 length decoding vulnerability (2e7e9072-73a0-11e1-a883-001cc0a36e12)\");\n script_summary(english:\"Checks for updated packages in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote FreeBSD host is missing one or more security-related\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Mu Dynamics, Inc. reports :\n\nVarious functions using the ASN.1 length decoding logic in Libtasn1\nwere incorrectly assuming that the return value from\nasn1_get_length_der is always less than the length of the enclosing\nASN.1 structure, which is only true for valid structures and not for\nintentionally corrupt or otherwise buggy structures.\"\n );\n # https://vuxml.freebsd.org/freebsd/2e7e9072-73a0-11e1-a883-001cc0a36e12.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?db72b6bd\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:gnutls\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:gnutls-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:libtasn1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/03/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/03/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/03/22\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"libtasn1<2.12\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"gnutls<2.12.18\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"gnutls-devel>2.99<3.0.16\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-02-07T14:12:51", "description": "A vulnerability has been found and corrected in libtasn1 :\n\nThe asn1_get_length_der function in decoding.c in GNU Libtasn1 before 2.12, as used in GnuTLS before 3.0.16 and other products, does not properly handle certain large length values, which allows remote attackers to cause a denial of service (heap memory corruption and application crash) or possibly have unspecified other impact via a crafted ASN.1 structure (CVE-2012-1569).\n\nThe updated packages have been patched to correct this issue.", "cvss3": {}, "published": "2012-03-27T00:00:00", "type": "nessus", "title": "Mandriva Linux Security Advisory : libtasn1 (MDVSA-2012:039)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-1569"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:mandriva:linux:lib64tasn1-devel", "p-cpe:/a:mandriva:linux:lib64tasn1_3", "p-cpe:/a:mandriva:linux:libtasn1-devel", "p-cpe:/a:mandriva:linux:libtasn1-tools", "p-cpe:/a:mandriva:linux:libtasn1_3", "cpe:/o:mandriva:linux:2010.1", "cpe:/o:mandriva:linux:2011"], "id": "MANDRIVA_MDVSA-2012-039.NASL", "href": "https://www.tenable.com/plugins/nessus/58491", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2012:039. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(58491);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2012-1569\");\n script_bugtraq_id(52668);\n script_xref(name:\"MDVSA\", value:\"2012:039\");\n\n script_name(english:\"Mandriva Linux Security Advisory : libtasn1 (MDVSA-2012:039)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A vulnerability has been found and corrected in libtasn1 :\n\nThe asn1_get_length_der function in decoding.c in GNU Libtasn1 before\n2.12, as used in GnuTLS before 3.0.16 and other products, does not\nproperly handle certain large length values, which allows remote\nattackers to cause a denial of service (heap memory corruption and\napplication crash) or possibly have unspecified other impact via a\ncrafted ASN.1 structure (CVE-2012-1569).\n\nThe updated packages have been patched to correct this issue.\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64tasn1-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64tasn1_3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libtasn1-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libtasn1-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libtasn1_3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2010.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2011\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/03/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/03/27\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"x86_64\", reference:\"lib64tasn1-devel-2.6-2.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"x86_64\", reference:\"lib64tasn1_3-2.6-2.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"i386\", reference:\"libtasn1-devel-2.6-2.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"libtasn1-tools-2.6-2.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"i386\", reference:\"libtasn1_3-2.6-2.1mdv2010.2\", yank:\"mdv\")) flag++;\n\nif (rpm_check(release:\"MDK2011\", cpu:\"x86_64\", reference:\"lib64tasn1-devel-2.9-2.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", cpu:\"x86_64\", reference:\"lib64tasn1_3-2.9-2.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", cpu:\"i386\", reference:\"libtasn1-devel-2.9-2.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"libtasn1-tools-2.9-2.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", cpu:\"i386\", reference:\"libtasn1_3-2.9-2.1-mdv2011.0\", yank:\"mdv\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-02-06T14:15:56", "description": "Updated libtasn1 packages that fix one security issue are now available for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.\n\nlibtasn1 is a library developed for ASN.1 (Abstract Syntax Notation One) structures management that includes DER (Distinguished Encoding Rules) encoding and decoding.\n\nA flaw was found in the way libtasn1 decoded DER data. An attacker could create carefully-crafted DER encoded input (such as an X.509 certificate) that, when parsed by an application that uses libtasn1 (such as applications using GnuTLS), could cause the application to crash. (CVE-2012-1569)\n\nRed Hat would like to thank Matthew Hall of Mu Dynamics for reporting this issue.\n\nUsers of libtasn1 are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. For the update to take effect, all applications linked to the libtasn1 library must be restarted, or the system rebooted.", "cvss3": {}, "published": "2012-03-28T00:00:00", "type": "nessus", "title": "CentOS 6 : libtasn1 (CESA-2012:0427)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-1569"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:centos:centos:libtasn1", "p-cpe:/a:centos:centos:libtasn1-devel", "p-cpe:/a:centos:centos:libtasn1-tools", "cpe:/o:centos:centos:6"], "id": "CENTOS_RHSA-2012-0427.NASL", "href": "https://www.tenable.com/plugins/nessus/58503", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2012:0427 and \n# CentOS Errata and Security Advisory 2012:0427 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(58503);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2012-1569\");\n script_bugtraq_id(52668);\n script_xref(name:\"RHSA\", value:\"2012:0427\");\n\n script_name(english:\"CentOS 6 : libtasn1 (CESA-2012:0427)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated libtasn1 packages that fix one security issue are now\navailable for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. A Common Vulnerability Scoring System\n(CVSS) base score, which gives a detailed severity rating, is\navailable from the CVE link in the References section.\n\nlibtasn1 is a library developed for ASN.1 (Abstract Syntax Notation\nOne) structures management that includes DER (Distinguished Encoding\nRules) encoding and decoding.\n\nA flaw was found in the way libtasn1 decoded DER data. An attacker\ncould create carefully-crafted DER encoded input (such as an X.509\ncertificate) that, when parsed by an application that uses libtasn1\n(such as applications using GnuTLS), could cause the application to\ncrash. (CVE-2012-1569)\n\nRed Hat would like to thank Matthew Hall of Mu Dynamics for reporting\nthis issue.\n\nUsers of libtasn1 are advised to upgrade to these updated packages,\nwhich contain a backported patch to correct this issue. For the update\nto take effect, all applications linked to the libtasn1 library must\nbe restarted, or the system rebooted.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2012-March/018531.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?96979130\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libtasn1 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2012-1569\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libtasn1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libtasn1-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libtasn1-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/03/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/03/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/03/28\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 6.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-6\", reference:\"libtasn1-2.3-3.el6_2.1\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"libtasn1-devel-2.3-3.el6_2.1\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"libtasn1-tools-2.3-3.el6_2.1\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libtasn1 / libtasn1-devel / libtasn1-tools\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-02-13T15:00:19", "description": "A flaw was found in the way libtasn1 decoded DER data. An attacker could create carefully-crafted DER encoded input (such as an X.509 certificate) that, when parsed by an application that uses libtasn1 (such as applications using GnuTLS), could cause the application to crash. (CVE-2012-1569)", "cvss3": {}, "published": "2013-09-04T00:00:00", "type": "nessus", "title": "Amazon Linux AMI : libtasn1 (ALAS-2012-60)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-1569"], "modified": "2018-04-18T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:libtasn1", "p-cpe:/a:amazon:linux:libtasn1-debuginfo", "p-cpe:/a:amazon:linux:libtasn1-devel", "p-cpe:/a:amazon:linux:libtasn1-tools", "cpe:/o:amazon:linux"], "id": "ALA_ALAS-2012-60.NASL", "href": "https://www.tenable.com/plugins/nessus/69667", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2012-60.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(69667);\n script_version(\"1.5\");\n script_cvs_date(\"Date: 2018/04/18 15:09:34\");\n\n script_cve_id(\"CVE-2012-1569\");\n script_xref(name:\"ALAS\", value:\"2012-60\");\n script_xref(name:\"RHSA\", value:\"2012:0427\");\n\n script_name(english:\"Amazon Linux AMI : libtasn1 (ALAS-2012-60)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux AMI host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A flaw was found in the way libtasn1 decoded DER data. An attacker\ncould create carefully-crafted DER encoded input (such as an X.509\ncertificate) that, when parsed by an application that uses libtasn1\n(such as applications using GnuTLS), could cause the application to\ncrash. (CVE-2012-1569)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/ALAS-2012-60.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Run 'yum update libtasn1' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:libtasn1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:libtasn1-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:libtasn1-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:libtasn1-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/04/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/09/04\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", reference:\"libtasn1-2.3-3.4.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"libtasn1-debuginfo-2.3-3.4.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"libtasn1-devel-2.3-3.4.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"libtasn1-tools-2.3-3.4.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libtasn1 / libtasn1-debuginfo / libtasn1-devel / libtasn1-tools\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-02-06T14:23:23", "description": "The remote host is affected by the vulnerability described in GLSA-201209-12 (Libtasn1: Denial of Service)\n\n Libtasn1 does not properly handle length fields when performing DER decoding.\n Impact :\n\n A remote attacker could entice a user to open a specially crafted DER-encoded object in an application linked against Libtasn1, possibly resulting in Denial of Service.\n Workaround :\n\n There is no known workaround at this time.", "cvss3": {}, "published": "2012-09-26T00:00:00", "type": "nessus", "title": "GLSA-201209-12 : Libtasn1: Denial of Service", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-1569"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:gentoo:linux:libtasn1", "cpe:/o:gentoo:linux"], "id": "GENTOO_GLSA-201209-12.NASL", "href": "https://www.tenable.com/plugins/nessus/62302", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 201209-12.\n#\n# The advisory text is Copyright (C) 2001-2017 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(62302);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2012-1569\");\n script_bugtraq_id(52668);\n script_xref(name:\"GLSA\", value:\"201209-12\");\n\n script_name(english:\"GLSA-201209-12 : Libtasn1: Denial of Service\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-201209-12\n(Libtasn1: Denial of Service)\n\n Libtasn1 does not properly handle length fields when performing DER\n decoding.\n \nImpact :\n\n A remote attacker could entice a user to open a specially crafted\n DER-encoded object in an application linked against Libtasn1, possibly\n resulting in Denial of Service.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/201209-12\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All Libtasn1 users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=dev-libs/libtasn1-2.12'\n Packages which depend on this library may need to be recompiled. Tools\n such as revdep-rebuild may assist in identifying some of these packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:libtasn1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/09/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/09/26\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"dev-libs/libtasn1\", unaffected:make_list(\"ge 2.12\"), vulnerable:make_list(\"lt 2.12\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:qpkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"Libtasn1\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-02-06T14:16:05", "description": "Updated libtasn1 packages that fix one security issue are now available for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.\n\nlibtasn1 is a library developed for ASN.1 (Abstract Syntax Notation One) structures management that includes DER (Distinguished Encoding Rules) encoding and decoding.\n\nA flaw was found in the way libtasn1 decoded DER data. An attacker could create carefully-crafted DER encoded input (such as an X.509 certificate) that, when parsed by an application that uses libtasn1 (such as applications using GnuTLS), could cause the application to crash. (CVE-2012-1569)\n\nRed Hat would like to thank Matthew Hall of Mu Dynamics for reporting this issue.\n\nUsers of libtasn1 are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. For the update to take effect, all applications linked to the libtasn1 library must be restarted, or the system rebooted.", "cvss3": {}, "published": "2012-03-28T00:00:00", "type": "nessus", "title": "RHEL 6 : libtasn1 (RHSA-2012:0427)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-1569"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:libtasn1", "p-cpe:/a:redhat:enterprise_linux:libtasn1-debuginfo", "p-cpe:/a:redhat:enterprise_linux:libtasn1-devel", "p-cpe:/a:redhat:enterprise_linux:libtasn1-tools", "cpe:/o:redhat:enterprise_linux:6", "cpe:/o:redhat:enterprise_linux:6.2"], "id": "REDHAT-RHSA-2012-0427.NASL", "href": "https://www.tenable.com/plugins/nessus/58508", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2012:0427. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(58508);\n script_version(\"1.19\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2012-1569\");\n script_bugtraq_id(52668);\n script_xref(name:\"RHSA\", value:\"2012:0427\");\n\n script_name(english:\"RHEL 6 : libtasn1 (RHSA-2012:0427)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated libtasn1 packages that fix one security issue are now\navailable for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. A Common Vulnerability Scoring System\n(CVSS) base score, which gives a detailed severity rating, is\navailable from the CVE link in the References section.\n\nlibtasn1 is a library developed for ASN.1 (Abstract Syntax Notation\nOne) structures management that includes DER (Distinguished Encoding\nRules) encoding and decoding.\n\nA flaw was found in the way libtasn1 decoded DER data. An attacker\ncould create carefully-crafted DER encoded input (such as an X.509\ncertificate) that, when parsed by an application that uses libtasn1\n(such as applications using GnuTLS), could cause the application to\ncrash. (CVE-2012-1569)\n\nRed Hat would like to thank Matthew Hall of Mu Dynamics for reporting\nthis issue.\n\nUsers of libtasn1 are advised to upgrade to these updated packages,\nwhich contain a backported patch to correct this issue. For the update\nto take effect, all applications linked to the libtasn1 library must\nbe restarted, or the system rebooted.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2012:0427\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2012-1569\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libtasn1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libtasn1-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libtasn1-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libtasn1-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6.2\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/03/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/03/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/03/28\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2012:0427\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL6\", reference:\"libtasn1-2.3-3.el6_2.1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"libtasn1-debuginfo-2.3-3.el6_2.1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"libtasn1-devel-2.3-3.el6_2.1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"libtasn1-tools-2.3-3.el6_2.1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"libtasn1-tools-2.3-3.el6_2.1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"libtasn1-tools-2.3-3.el6_2.1\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libtasn1 / libtasn1-debuginfo / libtasn1-devel / libtasn1-tools\");\n }\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-02-06T14:17:28", "description": "New upstream package with minor improvements and security fix.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2012-04-09T00:00:00", "type": "nessus", "title": "Fedora 16 : libtasn1-2.12-1.fc16 (2012-4342)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-1569"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:libtasn1", "cpe:/o:fedoraproject:fedora:16"], "id": "FEDORA_2012-4342.NASL", "href": "https://www.tenable.com/plugins/nessus/58627", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2012-4342.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(58627);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2012-1569\");\n script_bugtraq_id(52668);\n script_xref(name:\"FEDORA\", value:\"2012-4342\");\n\n script_name(english:\"Fedora 16 : libtasn1-2.12-1.fc16 (2012-4342)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"New upstream package with minor improvements and security fix.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=804920\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2012-April/076865.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?78979cde\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libtasn1 package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:libtasn1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:16\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/03/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/04/09\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^16([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 16.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC16\", reference:\"libtasn1-2.12-1.fc16\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libtasn1\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-02-07T14:13:07", "description": "Matthew Hall discovered that many callers of the asn1_get_length_der function did not check the result against the overall buffer length before processing it further. This could result in out-of-bounds memory accesses and application crashes. Applications using GNUTLS are exposed to this issue.", "cvss3": {}, "published": "2012-03-26T00:00:00", "type": "nessus", "title": "Debian DSA-2440-1 : libtasn1-3 - missing bounds check", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-1569"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:libtasn1-3", "cpe:/o:debian:debian_linux:6.0"], "id": "DEBIAN_DSA-2440.NASL", "href": "https://www.tenable.com/plugins/nessus/58459", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-2440. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(58459);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2012-1569\");\n script_bugtraq_id(52668);\n script_xref(name:\"DSA\", value:\"2440\");\n\n script_name(english:\"Debian DSA-2440-1 : libtasn1-3 - missing bounds check\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Matthew Hall discovered that many callers of the asn1_get_length_der\nfunction did not check the result against the overall buffer length\nbefore processing it further. This could result in out-of-bounds\nmemory accesses and application crashes. Applications using GNUTLS are\nexposed to this issue.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/squeeze/libtasn1-3\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2012/dsa-2440\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the libtasn1-3 packages.\n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 2.7-1+squeeze+1.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libtasn1-3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:6.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/03/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/03/26\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"6.0\", prefix:\"libtasn1-3\", reference:\"2.7-1+squeeze+1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libtasn1-3-bin\", reference:\"2.7-1+squeeze+1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libtasn1-3-dbg\", reference:\"2.7-1+squeeze+1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libtasn1-3-dev\", reference:\"2.7-1+squeeze+1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-02-06T14:17:26", "description": "New upstream package with minor improvements and security fix.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2012-04-09T00:00:00", "type": "nessus", "title": "Fedora 15 : libtasn1-2.12-1.fc15 (2012-4308)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-1569"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:libtasn1", "cpe:/o:fedoraproject:fedora:15"], "id": "FEDORA_2012-4308.NASL", "href": "https://www.tenable.com/plugins/nessus/58626", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2012-4308.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(58626);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2012-1569\");\n script_bugtraq_id(52668);\n script_xref(name:\"FEDORA\", value:\"2012-4308\");\n\n script_name(english:\"Fedora 15 : libtasn1-2.12-1.fc15 (2012-4308)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"New upstream package with minor improvements and security fix.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=804920\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2012-April/076856.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?f15a0eef\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libtasn1 package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:libtasn1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:15\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/03/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/04/09\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^15([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 15.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC15\", reference:\"libtasn1-2.12-1.fc15\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libtasn1\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-02-06T14:17:16", "description": "New upstream package with minor improvements and security fix.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2012-04-12T00:00:00", "type": "nessus", "title": "Fedora 17 : libtasn1-2.12-1.fc17 (2012-4357)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-1569"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:libtasn1", "cpe:/o:fedoraproject:fedora:17"], "id": "FEDORA_2012-4357.NASL", "href": "https://www.tenable.com/plugins/nessus/58692", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2012-4357.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(58692);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2012-1569\");\n script_xref(name:\"FEDORA\", value:\"2012-4357\");\n\n script_name(english:\"Fedora 17 : libtasn1-2.12-1.fc17 (2012-4357)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"New upstream package with minor improvements and security fix.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=804920\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2012-April/077339.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?91bca0d0\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libtasn1 package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:libtasn1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:17\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/03/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/04/12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^17([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 17.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC17\", reference:\"libtasn1-2.12-1.fc17\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libtasn1\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-02-06T14:15:40", "description": "Updated gnutls packages that fix two security issues are now available for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nThe GnuTLS library provides support for cryptographic algorithms and for protocols such as Transport Layer Security (TLS).\n\nA flaw was found in the way GnuTLS decrypted malformed TLS records.\nThis could cause a TLS/SSL client or server to crash when processing a specially crafted TLS record from a remote TLS/SSL connection peer.\n(CVE-2012-1573)\n\nA boundary error was found in the gnutls_session_get_data() function.\nA malicious TLS/SSL server could use this flaw to crash a TLS/SSL client or, possibly, execute arbitrary code as the client, if the client passed a fixed-sized buffer to gnutls_session_get_data() before checking the real size of the session data provided by the server.\n(CVE-2011-4128)\n\nRed Hat would like to thank Matthew Hall of Mu Dynamics for reporting CVE-2012-1573.\n\nUsers of GnuTLS are advised to upgrade to these updated packages, which contain backported patches to correct these issues. For the update to take effect, all applications linked to the GnuTLS library must be restarted, or the system rebooted.", "cvss3": {}, "published": "2012-03-29T00:00:00", "type": "nessus", "title": "CentOS 6 : gnutls (CESA-2012:0429)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-4128", "CVE-2012-1573"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:centos:centos:gnutls", "p-cpe:/a:centos:centos:gnutls-devel", "p-cpe:/a:centos:centos:gnutls-guile", "p-cpe:/a:centos:centos:gnutls-utils", "cpe:/o:centos:centos:6"], "id": "CENTOS_RHSA-2012-0429.NASL", "href": "https://www.tenable.com/plugins/nessus/58519", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2012:0429 and \n# CentOS Errata and Security Advisory 2012:0429 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(58519);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2011-4128\", \"CVE-2012-1573\");\n script_bugtraq_id(50609, 52667);\n script_xref(name:\"RHSA\", value:\"2012:0429\");\n\n script_name(english:\"CentOS 6 : gnutls (CESA-2012:0429)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated gnutls packages that fix two security issues are now available\nfor Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThe GnuTLS library provides support for cryptographic algorithms and\nfor protocols such as Transport Layer Security (TLS).\n\nA flaw was found in the way GnuTLS decrypted malformed TLS records.\nThis could cause a TLS/SSL client or server to crash when processing a\nspecially crafted TLS record from a remote TLS/SSL connection peer.\n(CVE-2012-1573)\n\nA boundary error was found in the gnutls_session_get_data() function.\nA malicious TLS/SSL server could use this flaw to crash a TLS/SSL\nclient or, possibly, execute arbitrary code as the client, if the\nclient passed a fixed-sized buffer to gnutls_session_get_data() before\nchecking the real size of the session data provided by the server.\n(CVE-2011-4128)\n\nRed Hat would like to thank Matthew Hall of Mu Dynamics for reporting\nCVE-2012-1573.\n\nUsers of GnuTLS are advised to upgrade to these updated packages,\nwhich contain backported patches to correct these issues. For the\nupdate to take effect, all applications linked to the GnuTLS library\nmust be restarted, or the system rebooted.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2012-March/018532.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?725f255b\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected gnutls packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2012-1573\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:gnutls\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:gnutls-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:gnutls-guile\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:gnutls-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/12/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/03/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/03/29\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 6.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-6\", reference:\"gnutls-2.8.5-4.el6_2.2\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"gnutls-devel-2.8.5-4.el6_2.2\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"gnutls-guile-2.8.5-4.el6_2.2\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"gnutls-utils-2.8.5-4.el6_2.2\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"gnutls / gnutls-devel / gnutls-guile / gnutls-utils\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-02-13T15:00:45", "description": "A flaw was found in the way GnuTLS decrypted malformed TLS records.\nThis could cause a TLS/SSL client or server to crash when processing a specially crafted TLS record from a remote TLS/SSL connection peer.\n(CVE-2012-1573)\n\nA boundary error was found in the gnutls_session_get_data() function.\nA malicious TLS/SSL server could use this flaw to crash a TLS/SSL client or, possibly, execute arbitrary code as the client, if the client passed a fixed-sized buffer to gnutls_session_get_data() before checking the real size of the session data provided by the server.\n(CVE-2011-4128)", "cvss3": {}, "published": "2013-09-04T00:00:00", "type": "nessus", "title": "Amazon Linux AMI : gnutls (ALAS-2012-59)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-4128", "CVE-2012-1573"], "modified": "2018-04-18T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:gnutls", "p-cpe:/a:amazon:linux:gnutls-debuginfo", "p-cpe:/a:amazon:linux:gnutls-devel", "p-cpe:/a:amazon:linux:gnutls-guile", "p-cpe:/a:amazon:linux:gnutls-utils", "cpe:/o:amazon:linux"], "id": "ALA_ALAS-2012-59.NASL", "href": "https://www.tenable.com/plugins/nessus/69666", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2012-59.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(69666);\n script_version(\"1.6\");\n script_cvs_date(\"Date: 2018/04/18 15:09:34\");\n\n script_cve_id(\"CVE-2011-4128\", \"CVE-2012-1573\");\n script_xref(name:\"ALAS\", value:\"2012-59\");\n script_xref(name:\"RHSA\", value:\"2012:0429\");\n\n script_name(english:\"Amazon Linux AMI : gnutls (ALAS-2012-59)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux AMI host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A flaw was found in the way GnuTLS decrypted malformed TLS records.\nThis could cause a TLS/SSL client or server to crash when processing a\nspecially crafted TLS record from a remote TLS/SSL connection peer.\n(CVE-2012-1573)\n\nA boundary error was found in the gnutls_session_get_data() function.\nA malicious TLS/SSL server could use this flaw to crash a TLS/SSL\nclient or, possibly, execute arbitrary code as the client, if the\nclient passed a fixed-sized buffer to gnutls_session_get_data() before\nchecking the real size of the session data provided by the server.\n(CVE-2011-4128)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/ALAS-2012-59.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Run 'yum update gnutls' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:gnutls\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:gnutls-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:gnutls-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:gnutls-guile\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:gnutls-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/04/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/09/04\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", reference:\"gnutls-2.8.5-4.6.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"gnutls-debuginfo-2.8.5-4.6.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"gnutls-devel-2.8.5-4.6.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"gnutls-guile-2.8.5-4.6.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"gnutls-utils-2.8.5-4.6.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"gnutls / gnutls-debuginfo / gnutls-devel / gnutls-guile / etc\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-02-06T14:21:07", "description": "The GnuTLS library provides support for cryptographic algorithms and for protocols such as Transport Layer Security (TLS).\n\nA flaw was found in the way GnuTLS decrypted malformed TLS records.\nThis could cause a TLS/SSL client or server to crash when processing a specially crafted TLS record from a remote TLS/SSL connection peer.\n(CVE-2012-1573)\n\nA boundary error was found in the gnutls_session_get_data() function.\nA malicious TLS/SSL server could use this flaw to crash a TLS/SSL client or, possibly, execute arbitrary code as the client, if the client passed a fixed-sized buffer to gnutls_session_get_data() before checking the real size of the session data provided by the server.\n(CVE-2011-4128)\n\nUsers of GnuTLS are advised to upgrade to these updated packages, which contain backported patches to correct these issues. For the update to take effect, all applications linked to the GnuTLS library must be restarted, or the system rebooted.", "cvss3": {}, "published": "2012-08-01T00:00:00", "type": "nessus", "title": "Scientific Linux Security Update : gnutls on SL6.x i386/x86_64 (20120327)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-4128", "CVE-2012-1573"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:fermilab:scientific_linux:gnutls", "p-cpe:/a:fermilab:scientific_linux:gnutls-debuginfo", "p-cpe:/a:fermilab:scientific_linux:gnutls-devel", "p-cpe:/a:fermilab:scientific_linux:gnutls-guile", "p-cpe:/a:fermilab:scientific_linux:gnutls-utils", "x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20120327_GNUTLS_ON_SL6_X.NASL", "href": "https://www.tenable.com/plugins/nessus/61291", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(61291);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2011-4128\", \"CVE-2012-1573\");\n\n script_name(english:\"Scientific Linux Security Update : gnutls on SL6.x i386/x86_64 (20120327)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The GnuTLS library provides support for cryptographic algorithms and\nfor protocols such as Transport Layer Security (TLS).\n\nA flaw was found in the way GnuTLS decrypted malformed TLS records.\nThis could cause a TLS/SSL client or server to crash when processing a\nspecially crafted TLS record from a remote TLS/SSL connection peer.\n(CVE-2012-1573)\n\nA boundary error was found in the gnutls_session_get_data() function.\nA malicious TLS/SSL server could use this flaw to crash a TLS/SSL\nclient or, possibly, execute arbitrary code as the client, if the\nclient passed a fixed-sized buffer to gnutls_session_get_data() before\nchecking the real size of the session data provided by the server.\n(CVE-2011-4128)\n\nUsers of GnuTLS are advised to upgrade to these updated packages,\nwhich contain backported patches to correct these issues. For the\nupdate to take effect, all applications linked to the GnuTLS library\nmust be restarted, or the system rebooted.\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1203&L=scientific-linux-errata&T=0&P=4696\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?1f1adf31\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:gnutls\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:gnutls-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:gnutls-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:gnutls-guile\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:gnutls-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/12/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/03/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/08/01\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nos_ver = pregmatch(pattern: \"Scientific Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Scientific Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Scientific Linux 6.x\", \"Scientific Linux \" + os_ver);\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL6\", reference:\"gnutls-2.8.5-4.el6_2.2\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"gnutls-debuginfo-2.8.5-4.el6_2.2\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"gnutls-devel-2.8.5-4.el6_2.2\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"gnutls-guile-2.8.5-4.el6_2.2\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"gnutls-utils-2.8.5-4.el6_2.2\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"gnutls / gnutls-debuginfo / gnutls-devel / gnutls-guile / etc\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-02-06T14:16:56", "description": "Alban Crequy discovered that the GnuTLS library incorrectly checked array bounds when copying TLS session data. A remote attacker could crash a client application, leading to a denial of service, as the client application prepared for TLS session resumption.\n(CVE-2011-4128)\n\nMatthew Hall discovered that the GnuTLS library incorrectly handled TLS records. A remote attacker could crash client and server applications, leading to a denial of service, by sending a crafted TLS record. (CVE-2012-1573).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2012-04-06T00:00:00", "type": "nessus", "title": "Ubuntu 8.04 LTS / 10.04 LTS / 10.10 / 11.04 / 11.10 : gnutls13, gnutls26 vulnerabilities (USN-1418-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-4128", "CVE-2012-1573"], "modified": "2019-09-19T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:libgnutls13", "p-cpe:/a:canonical:ubuntu_linux:libgnutls26", "cpe:/o:canonical:ubuntu_linux:10.04:-:lts", "cpe:/o:canonical:ubuntu_linux:10.10", "cpe:/o:canonical:ubuntu_linux:11.04", "cpe:/o:canonical:ubuntu_linux:11.10", "cpe:/o:canonical:ubuntu_linux:8.04:-:lts"], "id": "UBUNTU_USN-1418-1.NASL", "href": "https://www.tenable.com/plugins/nessus/58618", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-1418-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(58618);\n script_version(\"1.8\");\n script_cvs_date(\"Date: 2019/09/19 12:54:27\");\n\n script_cve_id(\"CVE-2011-4128\", \"CVE-2012-1573\");\n script_bugtraq_id(50609, 52667);\n script_xref(name:\"USN\", value:\"1418-1\");\n\n script_name(english:\"Ubuntu 8.04 LTS / 10.04 LTS / 10.10 / 11.04 / 11.10 : gnutls13, gnutls26 vulnerabilities (USN-1418-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Alban Crequy discovered that the GnuTLS library incorrectly checked\narray bounds when copying TLS session data. A remote attacker could\ncrash a client application, leading to a denial of service, as the\nclient application prepared for TLS session resumption.\n(CVE-2011-4128)\n\nMatthew Hall discovered that the GnuTLS library incorrectly handled\nTLS records. A remote attacker could crash client and server\napplications, leading to a denial of service, by sending a crafted TLS\nrecord. (CVE-2012-1573).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/1418-1/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libgnutls13 and / or libgnutls26 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libgnutls13\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libgnutls26\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:10.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:10.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:11.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:11.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:8.04:-:lts\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/12/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/04/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/04/06\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2012-2019 Canonical, Inc. / NASL script (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(8\\.04|10\\.04|10\\.10|11\\.04|11\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 8.04 / 10.04 / 10.10 / 11.04 / 11.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"8.04\", pkgname:\"libgnutls13\", pkgver:\"2.0.4-1ubuntu2.7\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"libgnutls26\", pkgver:\"2.8.5-2ubuntu0.1\")) flag++;\nif (ubuntu_check(osver:\"10.10\", pkgname:\"libgnutls26\", pkgver:\"2.8.6-1ubuntu0.1\")) flag++;\nif (ubuntu_check(osver:\"11.04\", pkgname:\"libgnutls26\", pkgver:\"2.8.6-1ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"11.10\", pkgname:\"libgnutls26\", pkgver:\"2.10.5-1ubuntu3.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libgnutls13 / libgnutls26\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-02-13T14:59:34", "description": "From Red Hat Security Advisory 2012:0429 :\n\nUpdated gnutls packages that fix two security issues are now available for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nThe GnuTLS library provides support for cryptographic algorithms and for protocols such as Transport Layer Security (TLS).\n\nA flaw was found in the way GnuTLS decrypted malformed TLS records.\nThis could cause a TLS/SSL client or server to crash when processing a specially crafted TLS record from a remote TLS/SSL connection peer.\n(CVE-2012-1573)\n\nA boundary error was found in the gnutls_session_get_data() function.\nA malicious TLS/SSL server could use this flaw to crash a TLS/SSL client or, possibly, execute arbitrary code as the client, if the client passed a fixed-sized buffer to gnutls_session_get_data() before checking the real size of the session data provided by the server.\n(CVE-2011-4128)\n\nRed Hat would like to thank Matthew Hall of Mu Dynamics for reporting CVE-2012-1573.\n\nUsers of GnuTLS are advised to upgrade to these updated packages, which contain backported patches to correct these issues. For the update to take effect, all applications linked to the GnuTLS library must be restarted, or the system rebooted.", "cvss3": {}, "published": "2013-07-12T00:00:00", "type": "nessus", "title": "Oracle Linux 6 : gnutls (ELSA-2012-0429)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-4128", "CVE-2012-1573"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:gnutls", "p-cpe:/a:oracle:linux:gnutls-devel", "p-cpe:/a:oracle:linux:gnutls-guile", "p-cpe:/a:oracle:linux:gnutls-utils", "cpe:/o:oracle:linux:6"], "id": "ORACLELINUX_ELSA-2012-0429.NASL", "href": "https://www.tenable.com/plugins/nessus/68504", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2012:0429 and \n# Oracle Linux Security Advisory ELSA-2012-0429 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(68504);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2011-4128\", \"CVE-2012-1573\");\n script_bugtraq_id(50609, 52667);\n script_xref(name:\"RHSA\", value:\"2012:0429\");\n\n script_name(english:\"Oracle Linux 6 : gnutls (ELSA-2012-0429)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2012:0429 :\n\nUpdated gnutls packages that fix two security issues are now available\nfor Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThe GnuTLS library provides support for cryptographic algorithms and\nfor protocols such as Transport Layer Security (TLS).\n\nA flaw was found in the way GnuTLS decrypted malformed TLS records.\nThis could cause a TLS/SSL client or server to crash when processing a\nspecially crafted TLS record from a remote TLS/SSL connection peer.\n(CVE-2012-1573)\n\nA boundary error was found in the gnutls_session_get_data() function.\nA malicious TLS/SSL server could use this flaw to crash a TLS/SSL\nclient or, possibly, execute arbitrary code as the client, if the\nclient passed a fixed-sized buffer to gnutls_session_get_data() before\nchecking the real size of the session data provided by the server.\n(CVE-2011-4128)\n\nRed Hat would like to thank Matthew Hall of Mu Dynamics for reporting\nCVE-2012-1573.\n\nUsers of GnuTLS are advised to upgrade to these updated packages,\nwhich contain backported patches to correct these issues. For the\nupdate to take effect, all applications linked to the GnuTLS library\nmust be restarted, or the system rebooted.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2012-March/002724.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected gnutls packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:gnutls\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:gnutls-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:gnutls-guile\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:gnutls-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/12/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/03/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 6\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL6\", reference:\"gnutls-2.8.5-4.el6_2.2\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"gnutls-devel-2.8.5-4.el6_2.2\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"gnutls-guile-2.8.5-4.el6_2.2\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"gnutls-utils-2.8.5-4.el6_2.2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"gnutls / gnutls-devel / gnutls-guile / gnutls-utils\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-02-06T14:17:26", "description": "Important security update fixing two security issues.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2012-04-11T00:00:00", "type": "nessus", "title": "Fedora 15 : gnutls-2.10.5-3.fc15 (2012-4569)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-4128", "CVE-2012-1573"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:gnutls", "cpe:/o:fedoraproject:fedora:15"], "id": "FEDORA_2012-4569.NASL", "href": "https://www.tenable.com/plugins/nessus/58668", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2012-4569.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(58668);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2011-4128\", \"CVE-2012-1573\");\n script_bugtraq_id(50609, 52667);\n script_xref(name:\"FEDORA\", value:\"2012-4569\");\n\n script_name(english:\"Fedora 15 : gnutls-2.10.5-3.fc15 (2012-4569)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Important security update fixing two security issues.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=752308\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=805432\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2012-April/077071.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?3bdcadc9\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2012-April/077196.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?8769c2bc\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected gnutls package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:gnutls\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:15\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/03/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/04/11\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^15([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 15.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC15\", reference:\"gnutls-2.10.5-3.fc15\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"gnutls\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-02-06T14:16:27", "description": "Updated gnutls packages that fix two security issues are now available for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nThe GnuTLS library provides support for cryptographic algorithms and for protocols such as Transport Layer Security (TLS).\n\nA flaw was found in the way GnuTLS decrypted malformed TLS records.\nThis could cause a TLS/SSL client or server to crash when processing a specially crafted TLS record from a remote TLS/SSL connection peer.\n(CVE-2012-1573)\n\nA boundary error was found in the gnutls_session_get_data() function.\nA malicious TLS/SSL server could use this flaw to crash a TLS/SSL client or, possibly, execute arbitrary code as the client, if the client passed a fixed-sized buffer to gnutls_session_get_data() before checking the real size of the session data provided by the server.\n(CVE-2011-4128)\n\nRed Hat would like to thank Matthew Hall of Mu Dynamics for reporting CVE-2012-1573.\n\nUsers of GnuTLS are advised to upgrade to these updated packages, which contain backported patches to correct these issues. For the update to take effect, all applications linked to the GnuTLS library must be restarted, or the system rebooted.", "cvss3": {}, "published": "2012-03-28T00:00:00", "type": "nessus", "title": "RHEL 6 : gnutls (RHSA-2012:0429)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-4128", "CVE-2012-1573"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:gnutls", "p-cpe:/a:redhat:enterprise_linux:gnutls-debuginfo", "p-cpe:/a:redhat:enterprise_linux:gnutls-devel", "p-cpe:/a:redhat:enterprise_linux:gnutls-guile", "p-cpe:/a:redhat:enterprise_linux:gnutls-utils", "cpe:/o:redhat:enterprise_linux:6", "cpe:/o:redhat:enterprise_linux:6.2"], "id": "REDHAT-RHSA-2012-0429.NASL", "href": "https://www.tenable.com/plugins/nessus/58510", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2012:0429. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(58510);\n script_version(\"1.20\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2011-4128\", \"CVE-2012-1573\");\n script_bugtraq_id(50609, 52667);\n script_xref(name:\"RHSA\", value:\"2012:0429\");\n\n script_name(english:\"RHEL 6 : gnutls (RHSA-2012:0429)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated gnutls packages that fix two security issues are now available\nfor Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThe GnuTLS library provides support for cryptographic algorithms and\nfor protocols such as Transport Layer Security (TLS).\n\nA flaw was found in the way GnuTLS decrypted malformed TLS records.\nThis could cause a TLS/SSL client or server to crash when processing a\nspecially crafted TLS record from a remote TLS/SSL connection peer.\n(CVE-2012-1573)\n\nA boundary error was found in the gnutls_session_get_data() function.\nA malicious TLS/SSL server could use this flaw to crash a TLS/SSL\nclient or, possibly, execute arbitrary code as the client, if the\nclient passed a fixed-sized buffer to gnutls_session_get_data() before\nchecking the real size of the session data provided by the server.\n(CVE-2011-4128)\n\nRed Hat would like to thank Matthew Hall of Mu Dynamics for reporting\nCVE-2012-1573.\n\nUsers of GnuTLS are advised to upgrade to these updated packages,\nwhich contain backported patches to correct these issues. For the\nupdate to take effect, all applications linked to the GnuTLS library\nmust be restarted, or the system rebooted.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2012:0429\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-4128\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2012-1573\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:gnutls\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:gnutls-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:gnutls-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:gnutls-guile\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:gnutls-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6.2\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/12/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/03/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/03/28\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2012:0429\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL6\", reference:\"gnutls-2.8.5-4.el6_2.2\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"gnutls-debuginfo-2.8.5-4.el6_2.2\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"gnutls-devel-2.8.5-4.el6_2.2\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"gnutls-guile-2.8.5-4.el6_2.2\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"gnutls-utils-2.8.5-4.el6_2.2\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"gnutls-utils-2.8.5-4.el6_2.2\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"gnutls-utils-2.8.5-4.el6_2.2\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"gnutls / gnutls-debuginfo / gnutls-devel / gnutls-guile / etc\");\n }\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-01-18T14:40:16", "description": "An updated rhev-hypervisor5 package that fixes three security issues and one bug is now available.\n\nThe Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nThe rhev-hypervisor5 package provides a Red Hat Enterprise Virtualization Hypervisor ISO disk image. The Red Hat Enterprise Virtualization Hypervisor is a dedicated Kernel-based Virtual Machine (KVM) hypervisor. It includes everything necessary to run and manage virtual machines: A subset of the Red Hat Enterprise Linux operating environment and the Red Hat Enterprise Virtualization Agent.\n\nNote: Red Hat Enterprise Virtualization Hypervisor is only available for the Intel 64 and AMD64 architectures with virtualization extensions.\n\nA flaw was found in the way libtasn1 decoded DER data. An attacker could create a carefully-crafted X.509 certificate that, when parsed by an application that uses GnuTLS, could cause the application to crash. (CVE-2012-1569)\n\nA flaw was found in the way GnuTLS decrypted malformed TLS records.\nThis could cause a TLS/SSL client or server to crash when processing a specially crafted TLS record from a remote TLS/SSL connection peer.\n(CVE-2012-1573)\n\nAn integer overflow flaw was found in the implementation of the printf functions family. This could allow an attacker to bypass FORTIFY_SOURCE protections and execute arbitrary code using a format string flaw in an application, even though these protections are expected to limit the impact of such flaws to an application abort.\n(CVE-2012-0864)\n\nRed Hat would like to thank Matthew Hall of Mu Dynamics for reporting CVE-2012-1569 and CVE-2012-1573.\n\nThis updated package provides updated components that include fixes for various security issues. These issues have no security impact on Red Hat Enterprise Virtualization Hypervisor itself, however. The security fixes included in this update address the following CVE numbers :\n\nCVE-2011-4128 (gnutls issue)\n\nCVE-2012-1583 (kernel issue)\n\nCVE-2011-3045 (libpng issue)\n\nCVE-2012-0884 and CVE-2012-1165 (openssl issues)\n\nFurther information on the changes made to the package is available on the relevant errata :\n\nhttps://rhn.redhat.com/errata/RHBA-2012-0398.html\n\nUsers of Red Hat Enterprise Virtualization Hypervisor are advised to upgrade to this updated package, which fixes these issues.", "cvss3": {}, "published": "2014-11-17T00:00:00", "type": "nessus", "title": "RHEL 5 : rhev-hypervisor5 (RHSA-2012:0488)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-3045", "CVE-2011-4128", "CVE-2012-0864", "CVE-2012-0884", "CVE-2012-1165", "CVE-2012-1569", "CVE-2012-1573", "CVE-2012-1583"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:rhev-hypervisor5", "p-cpe:/a:redhat:enterprise_linux:rhev-hypervisor5-tools", "cpe:/o:redhat:enterprise_linux:5"], "id": "REDHAT-RHSA-2012-0488.NASL", "href": "https://www.tenable.com/plugins/nessus/79286", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2012:0488. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(79286);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2011-3045\", \"CVE-2011-4128\", \"CVE-2012-0864\", \"CVE-2012-0884\", \"CVE-2012-1165\", \"CVE-2012-1569\", \"CVE-2012-1573\", \"CVE-2012-1583\");\n script_bugtraq_id(52201, 52667, 52668);\n script_xref(name:\"RHSA\", value:\"2012:0488\");\n\n script_name(english:\"RHEL 5 : rhev-hypervisor5 (RHSA-2012:0488)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An updated rhev-hypervisor5 package that fixes three security issues\nand one bug is now available.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThe rhev-hypervisor5 package provides a Red Hat Enterprise\nVirtualization Hypervisor ISO disk image. The Red Hat Enterprise\nVirtualization Hypervisor is a dedicated Kernel-based Virtual Machine\n(KVM) hypervisor. It includes everything necessary to run and manage\nvirtual machines: A subset of the Red Hat Enterprise Linux operating\nenvironment and the Red Hat Enterprise Virtualization Agent.\n\nNote: Red Hat Enterprise Virtualization Hypervisor is only available\nfor the Intel 64 and AMD64 architectures with virtualization\nextensions.\n\nA flaw was found in the way libtasn1 decoded DER data. An attacker\ncould create a carefully-crafted X.509 certificate that, when parsed\nby an application that uses GnuTLS, could cause the application to\ncrash. (CVE-2012-1569)\n\nA flaw was found in the way GnuTLS decrypted malformed TLS records.\nThis could cause a TLS/SSL client or server to crash when processing a\nspecially crafted TLS record from a remote TLS/SSL connection peer.\n(CVE-2012-1573)\n\nAn integer overflow flaw was found in the implementation of the printf\nfunctions family. This could allow an attacker to bypass\nFORTIFY_SOURCE protections and execute arbitrary code using a format\nstring flaw in an application, even though these protections are\nexpected to limit the impact of such flaws to an application abort.\n(CVE-2012-0864)\n\nRed Hat would like to thank Matthew Hall of Mu Dynamics for reporting\nCVE-2012-1569 and CVE-2012-1573.\n\nThis updated package provides updated components that include fixes\nfor various security issues. These issues have no security impact on\nRed Hat Enterprise Virtualization Hypervisor itself, however. The\nsecurity fixes included in this update address the following CVE\nnumbers :\n\nCVE-2011-4128 (gnutls issue)\n\nCVE-2012-1583 (kernel issue)\n\nCVE-2011-3045 (libpng issue)\n\nCVE-2012-0884 and CVE-2012-1165 (openssl issues)\n\nFurther information on the changes made to the package is available on\nthe relevant errata :\n\nhttps://rhn.redhat.com/errata/RHBA-2012-0398.html\n\nUsers of Red Hat Enterprise Virtualization Hypervisor are advised to\nupgrade to this updated package, which fixes these issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2012-0864\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2012-1569\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2012-1573\"\n );\n # https://rhn.redhat.com/errata/RHBA-2012-0398.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHBA-2012:0398\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2012:0488\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected rhev-hypervisor5 and / or rhev-hypervisor5-tools\npackages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rhev-hypervisor5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rhev-hypervisor5-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/12/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/04/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/11/17\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 5.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2012:0488\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL5\", reference:\"rhev-hypervisor5-5.8-20120403.0.el5_8\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"rhev-hypervisor5-tools-5.8-20120403.0.el5_8\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"rhev-hypervisor5 / rhev-hypervisor5-tools\");\n }\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T14:25:13", "description": "The remote host is affected by the vulnerability described in GLSA-201206-18 (GnuTLS: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been found in GnuTLS:\n An error in libgnutls does not properly sanitize '\\\\0' characters from certificate fields (CVE-2009-2730).\n An error in the TLS and SSL protocols mistreats renegotiation handshakes (CVE-2009-3555).\n A boundary error in the 'gnutls_session_get_data()' function in gnutls_session.c could cause a buffer overflow (CVE-2011-4128).\n An error in the '_gnutls_ciphertext2compressed()' function in gnutls_cipher.c could cause memory corruption (CVE-2012-1573).\n Impact :\n\n A remote attacker could perform man-in-the-middle attacks to spoof arbitrary SSL servers or cause a Denial of Service condition in applications linked against GnuTLS.\n Workaround :\n\n There is no known workaround at this time.", "cvss3": {}, "published": "2012-06-25T00:00:00", "type": "nessus", "title": "GLSA-201206-18 : GnuTLS: Multiple vulnerabilities", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": true, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2009-2730", "CVE-2009-3555", "CVE-2011-4128", "CVE-2012-1573"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:gentoo:linux:gnutls", "cpe:/o:gentoo:linux"], "id": "GENTOO_GLSA-201206-18.NASL", "href": "https://www.tenable.com/plugins/nessus/59671", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 201206-18.\n#\n# The advisory text is Copyright (C) 2001-2015 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(59671);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2009-2730\", \"CVE-2009-3555\", \"CVE-2011-4128\", \"CVE-2012-1573\");\n script_bugtraq_id(35952, 36935, 50609, 52667);\n script_xref(name:\"GLSA\", value:\"201206-18\");\n\n script_name(english:\"GLSA-201206-18 : GnuTLS: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-201206-18\n(GnuTLS: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been found in GnuTLS:\n An error in libgnutls does not properly sanitize '\\\\0' characters from\n certificate fields (CVE-2009-2730).\n An error in the TLS and SSL protocols mistreats renegotiation\n handshakes (CVE-2009-3555).\n A boundary error in the 'gnutls_session_get_data()' function in\n gnutls_session.c could cause a buffer overflow (CVE-2011-4128).\n An error in the '_gnutls_ciphertext2compressed()' function in\n gnutls_cipher.c could cause memory corruption (CVE-2012-1573).\n \nImpact :\n\n A remote attacker could perform man-in-the-middle attacks to spoof\n arbitrary SSL servers or cause a Denial of Service condition in\n applications linked against GnuTLS.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/201206-18\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All GnuTLS users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=net-libs/gnutls-2.12.18'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(310);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:gnutls\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/06/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/06/25\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"net-libs/gnutls\", unaffected:make_list(\"ge 2.12.18\"), vulnerable:make_list(\"lt 2.12.18\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"GnuTLS\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-18T14:41:09", "description": "An updated rhev-hypervisor6 package that fixes three security issues and one bug is now available.\n\nThe Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nThe rhev-hypervisor6 package provides a Red Hat Enterprise Virtualization Hypervisor ISO disk image. The Red Hat Enterprise Virtualization Hypervisor is a dedicated Kernel-based Virtual Machine (KVM) hypervisor. It includes everything necessary to run and manage virtual machines: A subset of the Red Hat Enterprise Linux operating environment and the Red Hat Enterprise Virtualization Agent.\n\nNote: Red Hat Enterprise Virtualization Hypervisor is only available for the Intel 64 and AMD64 architectures with virtualization extensions.\n\nA flaw was found in the way libtasn1 decoded DER data. An attacker could create carefully-crafted DER encoded input (such as an X.509 certificate) that, when parsed by an application that uses libtasn1 (such as applications using GnuTLS), could cause the application to crash. (CVE-2012-1569)\n\nA flaw was found in the way GnuTLS decrypted malformed TLS records.\nThis could cause a TLS/SSL client or server to crash when processing a specially crafted TLS record from a remote TLS/SSL connection peer.\n(CVE-2012-1573)\n\nAn integer overflow flaw was found in the implementation of the printf functions family. This could allow an attacker to bypass FORTIFY_SOURCE protections and execute arbitrary code using a format string flaw in an application, even though these protections are expected to limit the impact of such flaws to an application abort.\n(CVE-2012-0864)\n\nRed Hat would like to thank Matthew Hall of Mu Dynamics for reporting CVE-2012-1569 and CVE-2012-1573.\n\nThis updated package provides updated components that include fixes for various security issues. These issues have no security impact on Red Hat Enterprise Virtualization Hypervisor itself, however. The security fixes included in this update address the following CVE numbers :\n\nCVE-2011-4128 (gnutls issue)\n\nCVE-2012-0879, CVE-2012-1090, and CVE-2012-1097 (kernel issues)\n\nCVE-2012-0884 and CVE-2012-1165 (openssl issues)\n\nCVE-2012-0060, CVE-2012-0061, and CVE-2012-0815 (rpm issues)\n\nThis update also fixes the following bug :\n\n* The Hypervisor previously set the lro_disable option for the enic driver. The driver does not support this option, as a result the Hypervisor did not correctly detect and configure the network interfaces of a Cisco M81KR adaptor, when present. The Hypervisor has been updated and no longer sets the invalid option for this driver.\n(BZ#809463)\n\nUsers of Red Hat Enterprise Virtualization Hypervisor are advised to upgrade to this updated package, which fixes these issues.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2014-11-08T00:00:00", "type": "nessus", "title": "RHEL 6 : rhev-hypervisor6 (RHSA-2012:0531)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-4128", "CVE-2012-0060", "CVE-2012-0061", "CVE-2012-0815", "CVE-2012-0864", "CVE-2012-0879", "CVE-2012-0884", "CVE-2012-1090", "CVE-2012-1097", "CVE-2012-1165", "CVE-2012-1569", "CVE-2012-1573"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:rhev-hypervisor6", "p-cpe:/a:redhat:enterprise_linux:rhev-hypervisor6-tools", "cpe:/o:redhat:enterprise_linux:6"], "id": "REDHAT-RHSA-2012-0531.NASL", "href": "https://www.tenable.com/plugins/nessus/78922", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2012:0531. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(78922);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2011-4128\", \"CVE-2012-0060\", \"CVE-2012-0061\", \"CVE-2012-0815\", \"CVE-2012-0864\", \"CVE-2012-0879\", \"CVE-2012-0884\", \"CVE-2012-1090\", \"CVE-2012-1097\", \"CVE-2012-1165\", \"CVE-2012-1569\", \"CVE-2012-1573\");\n script_bugtraq_id(52201, 52667, 52668);\n script_xref(name:\"RHSA\", value:\"2012:0531\");\n\n script_name(english:\"RHEL 6 : rhev-hypervisor6 (RHSA-2012:0531)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"An updated rhev-hypervisor6 package that fixes three security issues\nand one bug is now available.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThe rhev-hypervisor6 package provides a Red Hat Enterprise\nVirtualization Hypervisor ISO disk image. The Red Hat Enterprise\nVirtualization Hypervisor is a dedicated Kernel-based Virtual Machine\n(KVM) hypervisor. It includes everything necessary to run and manage\nvirtual machines: A subset of the Red Hat Enterprise Linux operating\nenvironment and the Red Hat Enterprise Virtualization Agent.\n\nNote: Red Hat Enterprise Virtualization Hypervisor is only available\nfor the Intel 64 and AMD64 architectures with virtualization\nextensions.\n\nA flaw was found in the way libtasn1 decoded DER data. An attacker\ncould create carefully-crafted DER encoded input (such as an X.509\ncertificate) that, when parsed by an application that uses libtasn1\n(such as applications using GnuTLS), could cause the application to\ncrash. (CVE-2012-1569)\n\nA flaw was found in the way GnuTLS decrypted malformed TLS records.\nThis could cause a TLS/SSL client or server to crash when processing a\nspecially crafted TLS record from a remote TLS/SSL connection peer.\n(CVE-2012-1573)\n\nAn integer overflow flaw was found in the implementation of the printf\nfunctions family. This could allow an attacker to bypass\nFORTIFY_SOURCE protections and execute arbitrary code using a format\nstring flaw in an application, even though these protections are\nexpected to limit the impact of such flaws to an application abort.\n(CVE-2012-0864)\n\nRed Hat would like to thank Matthew Hall of Mu Dynamics for reporting\nCVE-2012-1569 and CVE-2012-1573.\n\nThis updated package provides updated components that include fixes\nfor various security issues. These issues have no security impact on\nRed Hat Enterprise Virtualization Hypervisor itself, however. The\nsecurity fixes included in this update address the following CVE\nnumbers :\n\nCVE-2011-4128 (gnutls issue)\n\nCVE-2012-0879, CVE-2012-1090, and CVE-2012-1097 (kernel issues)\n\nCVE-2012-0884 and CVE-2012-1165 (openssl issues)\n\nCVE-2012-0060, CVE-2012-0061, and CVE-2012-0815 (rpm issues)\n\nThis update also fixes the following bug :\n\n* The Hypervisor previously set the lro_disable option for the enic\ndriver. The driver does not support this option, as a result the\nHypervisor did not correctly detect and configure the network\ninterfaces of a Cisco M81KR adaptor, when present. The Hypervisor has\nbeen updated and no longer sets the invalid option for this driver.\n(BZ#809463)\n\nUsers of Red Hat Enterprise Virtualization Hypervisor are advised to\nupgrade to this updated package, which fixes these issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2012:0531\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2012-0864\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2012-1569\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2012-1573\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"Update the affected rhev-hypervisor6 and / or rhev-hypervisor6-tools\npackages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rhev-hypervisor6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rhev-hypervisor6-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/12/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/04/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/11/08\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2012:0531\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL6\", reference:\"rhev-hypervisor6-6.2-20120423.1.el6_2\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"rhev-hypervisor6-tools-6.2-20120423.1.el6_2\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"rhev-hypervisor6 / rhev-hypervisor6-tools\");\n }\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-06T14:20:13", "description": "The remote VMware ESX / ESXi host is missing a security-related patch.\nIt is, therefore, affected by multiple vulnerabilities, including remote code execution vulnerabilities, in several third-party libraries :\n\n - Apache Struts\n - glibc\n - GnuTLS\n - JRE\n - kernel\n - libxml2\n - OpenSSL\n - Perl\n - popt and rpm", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.1, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.2}, "published": "2016-02-29T00:00:00", "type": "nessus", "title": "VMware ESX / ESXi Third-Party Libraries Multiple Vulnerabilities (VMSA-2012-0013) (remote check)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2009-5029", "CVE-2009-5064", "CVE-2010-0830", "CVE-2010-2761", "CVE-2010-4180", "CVE-2010-4252", "CVE-2010-4410", "CVE-2011-0014", "CVE-2011-1020", "CVE-2011-1089", "CVE-2011-1833", "CVE-2011-2484", "CVE-2011-2496", "CVE-2011-2699", "CVE-2011-3188", "CVE-2011-3209", "CVE-2011-3363", "CVE-2011-3597", "CVE-2011-4108", "CVE-2011-4109", "CVE-2011-4110", "CVE-2011-4128", "CVE-2011-4132", "CVE-2011-4324", "CVE-2011-4325", "CVE-2011-4576", "CVE-2011-4577", "CVE-2011-4609", "CVE-2011-4619", "CVE-2012-0050", "CVE-2012-0060", "CVE-2012-0061", "CVE-2012-0207", "CVE-2012-0393", "CVE-2012-0815", "CVE-2012-0841", "CVE-2012-0864", "CVE-2012-1569", "CVE-2012-1573", "CVE-2012-1583", "CVE-2012-2110"], "modified": "2021-01-06T00:00:00", "cpe": ["cpe:/o:vmware:esx", "cpe:/o:vmware:esxi"], "id": "VMWARE_VMSA-2012-0013_REMOTE.NASL", "href": "https://www.tenable.com/plugins/nessus/89038", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(89038);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2009-5029\",\n \"CVE-2009-5064\",\n \"CVE-2010-0830\",\n \"CVE-2010-2761\",\n \"CVE-2010-4180\",\n \"CVE-2010-4252\",\n \"CVE-2010-4410\",\n \"CVE-2011-0014\",\n \"CVE-2011-1020\",\n \"CVE-2011-1089\",\n \"CVE-2011-1833\",\n \"CVE-2011-2484\",\n \"CVE-2011-2496\",\n \"CVE-2011-2699\",\n \"CVE-2011-3188\",\n \"CVE-2011-3209\",\n \"CVE-2011-3363\",\n \"CVE-2011-3597\",\n \"CVE-2011-4108\",\n \"CVE-2011-4109\",\n \"CVE-2011-4110\",\n \"CVE-2011-4128\",\n \"CVE-2011-4132\",\n \"CVE-2011-4324\",\n \"CVE-2011-4325\",\n \"CVE-2011-4576\",\n \"CVE-2011-4577\",\n \"CVE-2011-4609\",\n \"CVE-2011-4619\",\n \"CVE-2012-0050\",\n \"CVE-2012-0060\",\n \"CVE-2012-0061\",\n \"CVE-2012-0207\",\n \"CVE-2012-0393\",\n \"CVE-2012-0815\",\n \"CVE-2012-0841\",\n \"CVE-2012-0864\",\n \"CVE-2012-1569\",\n \"CVE-2012-1573\",\n \"CVE-2012-1583\",\n \"CVE-2012-2110\"\n );\n script_bugtraq_id(\n 40063,\n 44199,\n 45145,\n 45163,\n 45164,\n 46264,\n 46567,\n 46740,\n 47321,\n 48383,\n 48802,\n 49108,\n 49289,\n 49626,\n 49911,\n 50311,\n 50609,\n 50663,\n 50755,\n 50798,\n 50898,\n 51194,\n 51257,\n 51281,\n 51343,\n 51366,\n 51439,\n 51467,\n 51563,\n 52009,\n 52010,\n 52011,\n 52012,\n 52013,\n 52014,\n 52015,\n 52016,\n 52017,\n 52018,\n 52019,\n 52020,\n 52107,\n 52161,\n 52201,\n 52667,\n 52668,\n 52865,\n 53136,\n 53139,\n 53158,\n 53946,\n 53947,\n 53948,\n 53949,\n 53950,\n 53951,\n 53952,\n 53953,\n 53954,\n 53956,\n 53958,\n 53959,\n 53960\n );\n script_xref(name:\"VMSA\", value:\"2012-0013\");\n\n script_name(english:\"VMware ESX / ESXi Third-Party Libraries Multiple Vulnerabilities (VMSA-2012-0013) (remote check)\");\n script_summary(english:\"Checks the ESX / ESXi version and build number.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote VMware ESX / ESXi host is missing a security-related patch.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote VMware ESX / ESXi host is missing a security-related patch.\nIt is, therefore, affected by multiple vulnerabilities, including\nremote code execution vulnerabilities, in several third-party\nlibraries :\n\n - Apache Struts\n - glibc\n - GnuTLS\n - JRE\n - kernel\n - libxml2\n - OpenSSL\n - Perl\n - popt and rpm\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.vmware.com/security/advisories/VMSA-2012-0013.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply the appropriate patch according to the vendor advisory that\npertains to ESX version 3.5 / 4.0 / 4.1 or ESXi version 3.5 / 4.0 /\n4.1 / 5.0.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Java Applet Field Bytecode Verifier Cache Remote Code Execution');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:esx\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:esxi\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/08/30\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/08/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/02/29\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Misc.\");\n\n script_dependencies(\"vmware_vsphere_detect.nbin\");\n script_require_keys(\"Host/VMware/version\", \"Host/VMware/release\");\n script_require_ports(\"Host/VMware/vsphere\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\nversion = get_kb_item_or_exit(\"Host/VMware/version\");\nrelease = get_kb_item_or_exit(\"Host/VMware/release\");\nport = get_kb_item_or_exit(\"Host/VMware/vsphere\");\n\n# Version + build map\n# https://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=1014508\nfixes = make_array();\nfixes[\"ESX 4.0\"] = 787047;\nfixes[\"ESX 4.1\"] = 800380; # Full patch -- 811144 is security-fix only\nfixes[\"ESXi 4.1\"] = 800380; # Full patch -- 811144 is security-fix only\nfixes[\"ESXi 5.0\"] = 912577; # Security-only -- 914586 is full patch\n\n# Extra fixes to report\nextra_fixes = make_array();\nextra_fixes[\"ESX 4.1\"] = 811144;\nextra_fixes[\"ESXi 4.1\"] = 811144;\nextra_fixes[\"ESXi 5.0\"] = 914586;\n\nmatches = eregmatch(pattern:'^VMware (ESXi?).*build-([0-9]+)$', string:release);\nif (empty_or_null(matches))\n exit(1, 'Failed to extract the ESX / ESXi build number.');\n\ntype = matches[1];\nbuild = int(matches[2]);\n\nfixed_build = fixes[version];\n\nif (!isnull(fixed_build) && build < fixed_build)\n{\n if (!empty_or_null(extra_fixes[version])) fixed_build += \" / \" + extra_fixes[version];\n \n padding = crap(data:\" \", length:8 - strlen(type)); # Spacing alignment\n \n report = '\\n ' + type + ' version' + padding + ': ' + version +\n '\\n Installed build : ' + build +\n '\\n Fixed build : ' + fixed_build +\n '\\n';\n\n security_report_v4(extra:report, port:port, severity:SECURITY_HOLE);\n}\nelse\n audit(AUDIT_INST_VER_NOT_VULN, \"VMware \" + version + \" build \" + build);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-06T14:22:17", "description": "a. vCenter and ESX update to JRE 1.6.0 Update 31\n\n The Oracle (Sun) JRE is updated to version 1.6.0_31, which addresses multiple security issues. Oracle has documented the CVE identifiers that are addressed by this update in the Oracle Java SE Critical Patch Update Advisory of February 2012.\n\nb. vCenter Update Manager update to JRE 1.5.0 Update 36\n\n The Oracle (Sun) JRE is updated to 1.5.0_36 to address multiple security issues. Oracle has documented the CVE identifiers that are addressed in JRE 1.5.0_36 in the Oracle Java SE Critical Patch Update Advisory for June 2012.\n\nc. Update to ESX/ESXi userworld OpenSSL library\n\n The ESX/ESXi userworld OpenSSL library is updated from version 0.9.8p to version 0.9.8t to resolve multiple security issues.\n\n The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2010-4180, CVE-2010-4252, CVE-2011-0014, CVE-2011-4108, CVE-2011-4109, CVE-2011-4576, CVE-2011-4577, CVE-2011-4619, and CVE-2012-0050 to these issues.\n\nd. Update to ESX service console OpenSSL RPM\n\n The service console OpenSSL RPM is updated to version 0.9.8e-22.el5_8.3 to resolve a security issue.\n\n The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2012-2110 to this issue.\n\ne. Update to ESX service console kernel\n\n The ESX service console kernel is updated to resolve multiple security issues.\n\n The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2011-1833, CVE-2011-2484, CVE-2011-2496, CVE-2011-3188, CVE-2011-3209, CVE-2011-3363, CVE-2011-4110, CVE-2011-1020, CVE-2011-4132, CVE-2011-4324, CVE-2011-4325, CVE-2012-0207, CVE-2011-2699, and CVE-2012-1583 to these issues.\n\nf. Update to ESX service console Perl RPM\n\n The ESX service console Perl RPM is updated to perl-5.8.8.32.1.8999.vmw to resolve multiple security issues.\n\n The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2010-2761, CVE-2010-4410, and CVE-2011-3597 to these issues.\n\ng. Update to ESX service console libxml2 RPMs\n\n The ESX service console libmxl2 RPMs are updated to libxml2-2.6.26-2.1.15.el5_8.2 and libxml2-python-2.6.26-2.1.15.el5_8.2 to resolve a security issue.\n\n The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2012-0841 to this issue.\n\nh. Update to ESX service console glibc RPM\n\n The ESX service console glibc RPM is updated to version glibc-2.5-81.el5_8.1 to resolve multiple security issues.\n\n The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2009-5029, CVE-2009-5064, CVE-2010-0830, CVE-2011-1089, CVE-2011-4609, and CVE-2012-0864 to these issue.\n\ni. Update to ESX service console GnuTLS RPM\n\n The ESX service console GnuTLS RPM is updated to version 1.4.1-7.el5_8.2 to resolve multiple security issues.\n\n The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2011-4128, CVE-2012-1569, and CVE-2012-1573 to these issues.\n\nj. Update to ESX service console popt, rpm, rpm-libs, and rpm-python RPMS\n\n The ESX service console popt, rpm, rpm-libs, and rpm-python RPMS are updated to the following versions to resolve multiple security issues :\n - popt-1.10.2.3-28.el5_8\n - rpm-4.4.2.3-28.el5_8\n - rpm-libs-4.4.2.3-28.el5_8\n - rpm-python-4.4.2.3-28.el5_8\n\n The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2012-0060, CVE-2012-0061, and CVE-2012-0815 to these issues.\n\nk. Vulnerability in third-party Apache Struts component\n\n The version of Apache Struts in vCenter Operations has been updated to 2.3.4 which addresses an arbitrary file overwrite vulnerability. This vulnerability allows an attacker to create a denial of service by overwriting arbitrary files without authentication. The attacker would need to be on the same network as the system where vCOps is installed.\n\n The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2012-0393 to this issue.\n\n Note: Apache struts 2.3.4 addresses the following issues as well :\n CVE-2011-5057, CVE-2012-0391, CVE-2012-0392, CVE-2012-0394. It was found that these do not affect vCOps.\n\n VMware would like to thank Alexander Minozhenko from ERPScan for reporting this issue to us.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.1, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.2}, "published": "2012-08-31T00:00:00", "type": "nessus", "title": "VMSA-2012-0013 : VMware vSphere and vCOps updates to third-party libraries", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2009-5029", "CVE-2009-5064", "CVE-2010-0830", "CVE-2010-2761", "CVE-2010-4180", "CVE-2010-4252", "CVE-2010-4410", "CVE-2011-0014", "CVE-2011-1020", "CVE-2011-1089", "CVE-2011-1833", "CVE-2011-2484", "CVE-2011-2496", "CVE-2011-2699", "CVE-2011-3188", "CVE-2011-3209", "CVE-2011-3363", "CVE-2011-3597", "CVE-2011-4108", "CVE-2011-4109", "CVE-2011-4110", "CVE-2011-4128", "CVE-2011-4132", "CVE-2011-4324", "CVE-2011-4325", "CVE-2011-4576", "CVE-2011-4577", "CVE-2011-4609", "CVE-2011-4619", "CVE-2011-5057", "CVE-2012-0050", "CVE-2012-0060", "CVE-2012-0061", "CVE-2012-0207", "CVE-2012-0391", "CVE-2012-0392", "CVE-2012-0393", "CVE-2012-0394", "CVE-2012-0815", "CVE-2012-0841", "CVE-2012-0864", "CVE-2012-1569", "CVE-2012-1573", "CVE-2012-1583", "CVE-2012-2110"], "modified": "2021-01-06T00:00:00", "cpe": ["cpe:/o:vmware:esx:4.0", "cpe:/o:vmware:esx:4.1", "cpe:/o:vmware:esxi:4.1", "cpe:/o:vmware:esxi:5.0"], "id": "VMWARE_VMSA-2012-0013.NASL", "href": "https://www.tenable.com/plugins/nessus/61747", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from VMware Security Advisory 2012-0013. \n# The text itself is copyright (C) VMware Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(61747);\n script_version(\"1.57\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2009-5029\", \"CVE-2009-5064\", \"CVE-2010-0830\", \"CVE-2010-2761\", \"CVE-2010-4180\", \"CVE-2010-4252\", \"CVE-2010-4410\", \"CVE-2011-0014\", \"CVE-2011-1020\", \"CVE-2011-1089\", \"CVE-2011-1833\", \"CVE-2011-2484\", \"CVE-2011-2496\", \"CVE-2011-2699\", \"CVE-2011-3188\", \"CVE-2011-3209\", \"CVE-2011-3363\", \"CVE-2011-3597\", \"CVE-2011-4108\", \"CVE-2011-4109\", \"CVE-2011-4110\", \"CVE-2011-4128\", \"CVE-2011-4132\", \"CVE-2011-4324\", \"CVE-2011-4325\", \"CVE-2011-4576\", \"CVE-2011-4577\", \"CVE-2011-4609\", \"CVE-2011-4619\", \"CVE-2012-0050\", \"CVE-2012-0060\", \"CVE-2012-0061\", \"CVE-2012-0207\", \"CVE-2012-0393\", \"CVE-2012-0815\", \"CVE-2012-0841\", \"CVE-2012-0864\", \"CVE-2012-1569\", \"CVE-2012-1573\", \"CVE-2012-1583\", \"CVE-2012-2110\");\n script_bugtraq_id(40063, 44199, 45145, 45163, 45164, 46264, 46567, 46740, 47321, 48383, 48802, 49108, 49289, 49626, 49911, 50311, 50609, 50663, 50755, 50798, 50898, 51194, 51257, 51281, 51343, 51366, 51439, 51467, 51563, 52009, 52010, 52011, 52012, 52013, 52014, 52015, 52016, 52017, 52018, 52019, 52020, 52107, 52161, 52201, 52667, 52668, 52865, 53136, 53139, 53158, 53946, 53947, 53948, 53949, 53950, 53951, 53952, 53953, 53954, 53956, 53958, 53959, 53960);\n script_xref(name:\"VMSA\", value:\"2012-0013\");\n\n script_name(english:\"VMSA-2012-0013 : VMware vSphere and vCOps updates to third-party libraries\");\n script_summary(english:\"Checks esxupdate output for the patches\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote VMware ESXi / ESX host is missing one or more\nsecurity-related patches.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"a. vCenter and ESX update to JRE 1.6.0 Update 31\n\n The Oracle (Sun) JRE is updated to version 1.6.0_31, which\n addresses multiple security issues. Oracle has documented the\n CVE identifiers that are addressed by this update in the Oracle\n Java SE Critical Patch Update Advisory of February 2012.\n\nb. vCenter Update Manager update to JRE 1.5.0 Update 36\n\n The Oracle (Sun) JRE is updated to 1.5.0_36 to address multiple\n security issues. Oracle has documented the CVE identifiers that\n are addressed in JRE 1.5.0_36 in the Oracle Java SE Critical\n Patch Update Advisory for June 2012.\n\nc. Update to ESX/ESXi userworld OpenSSL library\n\n The ESX/ESXi userworld OpenSSL library is updated from version\n 0.9.8p to version 0.9.8t to resolve multiple security issues.\n\n The Common Vulnerabilities and Exposures project (cve.mitre.org)\n has assigned the names CVE-2010-4180, CVE-2010-4252,\n CVE-2011-0014, CVE-2011-4108, CVE-2011-4109, CVE-2011-4576,\n CVE-2011-4577, CVE-2011-4619, and CVE-2012-0050 to these issues.\n\nd. Update to ESX service console OpenSSL RPM\n\n The service console OpenSSL RPM is updated to version\n 0.9.8e-22.el5_8.3 to resolve a security issue.\n\n The Common Vulnerabilities and Exposures project (cve.mitre.org)\n has assigned the name CVE-2012-2110 to this issue.\n\ne. Update to ESX service console kernel\n\n The ESX service console kernel is updated to resolve multiple\n security issues.\n\n The Common Vulnerabilities and Exposures project (cve.mitre.org)\n has assigned the names CVE-2011-1833, CVE-2011-2484,\n CVE-2011-2496, CVE-2011-3188, CVE-2011-3209, CVE-2011-3363,\n CVE-2011-4110, CVE-2011-1020, CVE-2011-4132, CVE-2011-4324,\n CVE-2011-4325, CVE-2012-0207, CVE-2011-2699, and CVE-2012-1583\n to these issues.\n\nf. Update to ESX service console Perl RPM\n\n The ESX service console Perl RPM is updated to\n perl-5.8.8.32.1.8999.vmw to resolve multiple security issues.\n\n The Common Vulnerabilities and Exposures project (cve.mitre.org)\n has assigned the names CVE-2010-2761, CVE-2010-4410, and\n CVE-2011-3597 to these issues.\n\ng. Update to ESX service console libxml2 RPMs\n\n The ESX service console libmxl2 RPMs are updated to\n libxml2-2.6.26-2.1.15.el5_8.2 and\n libxml2-python-2.6.26-2.1.15.el5_8.2 to resolve a security\n issue.\n\n The Common Vulnerabilities and Exposures project (cve.mitre.org)\n has assigned the name CVE-2012-0841 to this issue.\n\nh. Update to ESX service console glibc RPM\n\n The ESX service console glibc RPM is updated to version\n glibc-2.5-81.el5_8.1 to resolve multiple security issues.\n\n The Common Vulnerabilities and Exposures project (cve.mitre.org)\n has assigned the names CVE-2009-5029, CVE-2009-5064,\n CVE-2010-0830, CVE-2011-1089, CVE-2011-4609, and CVE-2012-0864\n to these issue.\n\ni. Update to ESX service console GnuTLS RPM\n\n The ESX service console GnuTLS RPM is updated to version\n 1.4.1-7.el5_8.2 to resolve multiple security issues.\n\n The Common Vulnerabilities and Exposures project (cve.mitre.org)\n has assigned the names CVE-2011-4128, CVE-2012-1569, and\n CVE-2012-1573 to these issues.\n\nj. Update to ESX service console popt, rpm, rpm-libs,\n and rpm-python RPMS\n\n The ESX service console popt, rpm, rpm-libs, and rpm-python RPMS\n are updated to the following versions to resolve multiple\n security issues :\n - popt-1.10.2.3-28.el5_8\n - rpm-4.4.2.3-28.el5_8\n - rpm-libs-4.4.2.3-28.el5_8\n - rpm-python-4.4.2.3-28.el5_8\n\n The Common Vulnerabilities and Exposures project (cve.mitre.org)\n has assigned the name CVE-2012-0060, CVE-2012-0061, and\n CVE-2012-0815 to these issues.\n\nk. Vulnerability in third-party Apache Struts component\n\n The version of Apache Struts in vCenter Operations has been\n updated to 2.3.4 which addresses an arbitrary file overwrite\n vulnerability. This vulnerability allows an attacker to create\n a denial of service by overwriting arbitrary files without\n authentication. The attacker would need to be on the same network\n as the system where vCOps is installed.\n\n The Common Vulnerabilities and Exposures project (cve.mitre.org) has\n assigned the name CVE-2012-0393 to this issue.\n\n Note: Apache struts 2.3.4 addresses the following issues as well :\n CVE-2011-5057, CVE-2012-0391, CVE-2012-0392, CVE-2012-0394. It\n was found that these do not affect vCOps.\n\n VMware would like to thank Alexander Minozhenko from ERPScan for\n reporting this issue to us.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://lists.vmware.com/pipermail/security-announce/2012/000197.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply the missing patches.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Java Applet Field Bytecode Verifier Cache Remote Code Execution');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:esx:4.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:esx:4.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:esxi:4.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:esxi:5.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2010/06/01\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/08/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/08/31\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"VMware ESX Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/VMware/release\", \"Host/VMware/version\");\n script_require_ports(\"Host/VMware/esxupdate\", \"Host/VMware/esxcli_software_vibs\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"vmware_esx_packages.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/VMware/release\")) audit(AUDIT_OS_NOT, \"VMware ESX / ESXi\");\nif (\n !get_kb_item(\"Host/VMware/esxcli_software_vibs\") &&\n !get_kb_item(\"Host/VMware/esxupdate\")\n) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ninit_esx_check(date:\"2012-08-30\");\nflag = 0;\n\n\nif (\n esx_check(\n ver : \"ESX 4.0\",\n patch : \"ESX400-201209401-SG\",\n patch_updates : make_list(\"ESX400-201302401-SG\", \"ESX400-201305401-SG\", \"ESX400-201310401-SG\", \"ESX400-201404401-SG\")\n )\n) flag++;\nif (\n esx_check(\n ver : \"ESX 4.0\",\n patch : \"ESX400-201209402-SG\",\n patch_updates : make_list(\"ESX400-201305404-SG\", \"ESX400-201310402-SG\")\n )\n) flag++;\nif (esx_check(ver:\"ESX 4.0\", patch:\"ESX400-201209404-SG\")) flag++;\n\nif (\n esx_check(\n ver : \"ESX 4.1\",\n patch : \"ESX410-201208101-SG\",\n patch_updates : make_list(\"ESX410-201211401-SG\", \"ESX410-201301401-SG\", \"ESX410-201304401-SG\", \"ESX410-201307401-SG\", \"ESX410-201312401-SG\", \"ESX410-201404401-SG\", \"ESX410-Update03\")\n )\n) flag++;\nif (\n esx_check(\n ver : \"ESX 4.1\",\n patch : \"ESX410-201208102-SG\",\n patch_updates : make_list(\"ESX410-201301405-SG\", \"ESX410-201304402-SG\", \"ESX410-201307405-SG\", \"ESX410-Update03\")\n )\n) flag++;\nif (\n esx_check(\n ver : \"ESX 4.1\",\n patch : \"ESX410-201208103-SG\",\n patch_updates : make_list(\"ESX410-201307403-SG\", \"ESX410-Update03\")\n )\n) flag++;\nif (\n esx_check(\n ver : \"ESX 4.1\",\n patch : \"ESX410-201208104-SG\",\n patch_updates : make_list(\"ESX410-Update03\")\n )\n) flag++;\nif (\n esx_check(\n ver : \"ESX 4.1\",\n patch : \"ESX410-201208105-SG\",\n patch_updates : make_list(\"ESX410-Update03\")\n )\n) flag++;\nif (\n esx_check(\n ver : \"ESX 4.1\",\n patch : \"ESX410-201208106-SG\",\n patch_updates : make_list(\"ESX410-201307404-SG\", \"ESX410-Update03\")\n )\n) flag++;\nif (\n esx_check(\n ver : \"ESX 4.1\",\n patch : \"ESX410-201208107-SG\",\n patch_updates : make_list(\"ESX410-Update03\")\n )\n) flag++;\n\nif (\n esx_check(\n ver : \"ESXi 4.1\",\n patch : \"ESXi410-201208101-SG\",\n patch_updates : make_list(\"ESXi410-201211401-SG\", \"ESXi410-201301401-SG\", \"ESXi410-201304401-SG\", \"ESXi410-201307401-SG\", \"ESXi410-201312401-SG\", \"ESXi410-201404401-SG\", \"ESXi410-Update03\")\n )\n) flag++;\n\nif (esx_check(ver:\"ESXi 5.0\", vib:\"VMware:esx-base:5.0.0-1.25.912577\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:esx_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "centos": [{"lastseen": "2023-01-01T04:46:17", "description": "**CentOS Errata and Security Advisory** CESA-2012:0428\n\n\nThe GnuTLS library provides support for cryptographic algorithms and for\nprotocols such as Transport Layer Security (TLS). GnuTLS includes libtasn1,\na library developed for ASN.1 (Abstract Syntax Notation One) structures\nmanagement that includes DER (Distinguished Encoding Rules) encoding and\ndecoding.\n\nA flaw was found in the way GnuTLS decrypted malformed TLS records. This\ncould cause a TLS/SSL client or server to crash when processing a\nspecially-crafted TLS record from a remote TLS/SSL connection peer.\n(CVE-2012-1573)\n\nA flaw was found in the way libtasn1 decoded DER data. An attacker could\ncreate a carefully-crafted X.509 certificate that, when parsed by an\napplication that uses GnuTLS, could cause the application to crash.\n(CVE-2012-1569)\n\nA boundary error was found in the gnutls_session_get_data() function. A\nmalicious TLS/SSL server could use this flaw to crash a TLS/SSL client or,\npossibly, execute arbitrary code as the client, if the client passed a\nfixed-sized buffer to gnutls_session_get_data() before checking the real\nsize of the session data provided by the server. (CVE-2011-4128)\n\nRed Hat would like to thank Matthew Hall of Mu Dynamics for reporting\nCVE-2012-1573 and CVE-2012-1569.\n\nUsers of GnuTLS are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. For the update to take\neffect, all applications linked to the GnuTLS library must be restarted, or\nthe system rebooted.\n\n\n**Merged security bulletin from advisories:**\nhttps://lists.centos.org/pipermail/centos-announce/2012-March/068004.html\n\n**Affected packages:**\ngnutls\ngnutls-devel\ngnutls-utils\n\n**Upstream details at:**\nhttps://access.redhat.com/errata/RHSA-2012:0428", "cvss3": {}, "published": "2012-03-28T00:49:15", "type": "centos", "title": "gnutls security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-4128", "CVE-2012-1569", "CVE-2012-1573"], "modified": "2012-03-28T00:49:15", "id": "CESA-2012:0428", "href": "https://lists.centos.org/pipermail/centos-announce/2012-March/068004.html", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-01-01T04:46:17", "description": "**CentOS Errata and Security Advisory** CESA-2012:0427\n\n\nlibtasn1 is a library developed for ASN.1 (Abstract Syntax Notation One)\nstructures management that includes DER (Distinguished Encoding Rules)\nencoding and decoding.\n\nA flaw was found in the way libtasn1 decoded DER data. An attacker could\ncreate carefully-crafted DER encoded input (such as an X.509 certificate)\nthat, when parsed by an application that uses libtasn1 (such as\napplications using GnuTLS), could cause the application to crash.\n(CVE-2012-1569)\n\nRed Hat would like to thank Matthew Hall of Mu Dynamics for reporting this\nissue.\n\nUsers of libtasn1 are advised to upgrade to these updated packages, which\ncontain a backported patch to correct this issue. For the update to take\neffect, all applications linked to the libtasn1 library must be restarted,\nor the system rebooted.\n\n\n**Merged security bulletin from advisories:**\nhttps://lists.centos.org/pipermail/centos-announce/2012-March/068006.html\n\n**Affected packages:**\nlibtasn1\nlibtasn1-devel\nlibtasn1-tools\n\n**Upstream details at:**\nhttps://access.redhat.com/errata/RHSA-2012:0427", "cvss3": {}, "published": "2012-03-28T01:12:20", "type": "centos", "title": "libtasn1 security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-1569"], "modified": "2012-03-28T01:12:20", "id": "CESA-2012:0427", "href": "https://lists.centos.org/pipermail/centos-announce/2012-March/068006.html", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-01-01T04:46:17", "description": "**CentOS Errata and Security Advisory** CESA-2012:0429\n\n\nThe GnuTLS library provides support for cryptographic algorithms and for\nprotocols such as Transport Layer Security (TLS).\n\nA flaw was found in the way GnuTLS decrypted malformed TLS records. This\ncould cause a TLS/SSL client or server to crash when processing a\nspecially-crafted TLS record from a remote TLS/SSL connection peer.\n(CVE-2012-1573)\n\nA boundary error was found in the gnutls_session_get_data() function. A\nmalicious TLS/SSL server could use this flaw to crash a TLS/SSL client or,\npossibly, execute arbitrary code as the client, if the client passed a\nfixed-sized buffer to gnutls_session_get_data() before checking the real\nsize of the session data provided by the server. (CVE-2011-4128)\n\nRed Hat would like to thank Matthew Hall of Mu Dynamics for reporting\nCVE-2012-1573.\n\nUsers of GnuTLS are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. For the update to take\neffect, all applications linked to the GnuTLS library must be restarted, or\nthe system rebooted.\n\n\n**Merged security bulletin from advisories:**\nhttps://lists.centos.org/pipermail/centos-announce/2012-March/068007.html\n\n**Affected packages:**\ngnutls\ngnutls-devel\ngnutls-guile\ngnutls-utils\n\n**Upstream details at:**\nhttps://access.redhat.com/errata/RHSA-2012:0429", "cvss3": {}, "published": "2012-03-28T01:12:42", "type": "centos", "title": "gnutls security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-4128", "CVE-2012-1573"], "modified": "2012-03-28T01:12:42", "id": "CESA-2012:0429", "href": "https://lists.centos.org/pipermail/centos-announce/2012-March/068007.html", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "openvas": [{"lastseen": "2019-05-29T18:38:47", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2012-03-29T00:00:00", "type": "openvas", "title": "RedHat Update for gnutls RHSA-2012:0428-01", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-4128", "CVE-2012-1569", "CVE-2012-1573"], "modified": "2018-11-23T00:00:00", "id": "OPENVAS:1361412562310870579", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310870579", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for gnutls RHSA-2012:0428-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2012-March/msg00022.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.870579\");\n script_version(\"$Revision: 12497 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-23 09:28:21 +0100 (Fri, 23 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-03-29 10:04:35 +0530 (Thu, 29 Mar 2012)\");\n script_cve_id(\"CVE-2011-4128\", \"CVE-2012-1569\", \"CVE-2012-1573\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_xref(name:\"RHSA\", value:\"2012:0428-01\");\n script_name(\"RedHat Update for gnutls RHSA-2012:0428-01\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'gnutls'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_5\");\n script_tag(name:\"affected\", value:\"gnutls on Red Hat Enterprise Linux (v. 5 server)\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"insight\", value:\"The GnuTLS library provides support for cryptographic algorithms and for\n protocols such as Transport Layer Security (TLS). GnuTLS includes libtasn1,\n a library developed for ASN.1 (Abstract Syntax Notation One) structures\n management that includes DER (Distinguished Encoding Rules) encoding and\n decoding.\n\n A flaw was found in the way GnuTLS decrypted malformed TLS records. This\n could cause a TLS/SSL client or server to crash when processing a\n specially-crafted TLS record from a remote TLS/SSL connection peer.\n (CVE-2012-1573)\n\n A flaw was found in the way libtasn1 decoded DER data. An attacker could\n create a carefully-crafted X.509 certificate that, when parsed by an\n application that uses GnuTLS, could cause the application to crash.\n (CVE-2012-1569)\n\n A boundary error was found in the gnutls_session_get_data() function. A\n malicious TLS/SSL server could use this flaw to crash a TLS/SSL client or,\n possibly, execute arbitrary code as the client, if the client passed a\n fixed-sized buffer to gnutls_session_get_data() before checking the real\n size of the session data provided by the server. (CVE-2011-4128)\n\n Red Hat would like to thank Matthew Hall of Mu Dynamics for reporting\n CVE-2012-1573 and CVE-2012-1569.\n\n Users of GnuTLS are advised to upgrade to these updated packages, which\n contain backported patches to correct these issues. For the update to take\n effect, all applications linked to the GnuTLS library must be restarted, or\n the system rebooted.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_5\")\n{\n\n if ((res = isrpmvuln(pkg:\"gnutls\", rpm:\"gnutls~1.4.1~7.el5_8.2\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"gnutls-debuginfo\", rpm:\"gnutls-debuginfo~1.4.1~7.el5_8.2\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"gnutls-devel\", rpm:\"gnutls-devel~1.4.1~7.el5_8.2\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"gnutls-utils\", rpm:\"gnutls-utils~1.4.1~7.el5_8.2\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:39:07", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2012-07-30T00:00:00", "type": "openvas", "title": "CentOS Update for gnutls CESA-2012:0428 centos5", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-4128", "CVE-2012-1569", "CVE-2012-1573"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310881198", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310881198", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for gnutls CESA-2012:0428 centos5\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2012-March/018529.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.881198\");\n script_version(\"$Revision: 14222 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 13:50:48 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-07-30 16:40:51 +0530 (Mon, 30 Jul 2012)\");\n script_cve_id(\"CVE-2011-4128\", \"CVE-2012-1569\", \"CVE-2012-1573\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_xref(name:\"CESA\", value:\"2012:0428\");\n script_name(\"CentOS Update for gnutls CESA-2012:0428 centos5\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'gnutls'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS5\");\n script_tag(name:\"affected\", value:\"gnutls on CentOS 5\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_tag(name:\"insight\", value:\"The GnuTLS library provides support for cryptographic algorithms and for\n protocols such as Transport Layer Security (TLS). GnuTLS includes libtasn1,\n a library developed for ASN.1 (Abstract Syntax Notation One) structures\n management that includes DER (Distinguished Encoding Rules) encoding and\n decoding.\n\n A flaw was found in the way GnuTLS decrypted malformed TLS records. This\n could cause a TLS/SSL client or server to crash when processing a\n specially-crafted TLS record from a remote TLS/SSL connection peer.\n (CVE-2012-1573)\n\n A flaw was found in the way libtasn1 decoded DER data. An attacker could\n create a carefully-crafted X.509 certificate that, when parsed by an\n application that uses GnuTLS, could cause the application to crash.\n (CVE-2012-1569)\n\n A boundary error was found in the gnutls_session_get_data() function. A\n malicious TLS/SSL server could use this flaw to crash a TLS/SSL client or,\n possibly, execute arbitrary code as the client, if the client passed a\n fixed-sized buffer to gnutls_session_get_data() before checking the real\n size of the session data provided by the server. (CVE-2011-4128)\n\n Red Hat would like to thank Matthew Hall of Mu Dynamics for reporting\n CVE-2012-1573 and CVE-2012-1569.\n\n Users of GnuTLS are advised to upgrade to these updated packages, which\n contain backported patches to correct these issues. For the update to take\n effect, all applications linked to the GnuTLS library must be restarted, or\n the system rebooted.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"gnutls\", rpm:\"gnutls~1.4.1~7.el5_8.2\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"gnutls-devel\", rpm:\"gnutls-devel~1.4.1~7.el5_8.2\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"gnutls-utils\", rpm:\"gnutls-utils~1.4.1~7.el5_8.2\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:36:12", "description": "Oracle Linux Local Security Checks ELSA-2012-0428", "cvss3": {}, "published": "2015-10-06T00:00:00", "type": "openvas", "title": "Oracle Linux Local Check: ELSA-2012-0428", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-4128", "CVE-2012-1569", "CVE-2012-1573"], "modified": "2018-09-28T00:00:00", "id": "OPENVAS:1361412562310123946", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310123946", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2012-0428.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.123946\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-06 14:10:40 +0300 (Tue, 06 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2012-0428\");\n script_tag(name:\"insight\", value:\"ELSA-2012-0428 - gnutls security update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2012-0428\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2012-0428.html\");\n script_cve_id(\"CVE-2011-4128\", \"CVE-2012-1569\", \"CVE-2012-1573\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux5\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux5\")\n{\n if ((res = isrpmvuln(pkg:\"gnutls\", rpm:\"gnutls~1.4.1~7.el5_8.2\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"gnutls-devel\", rpm:\"gnutls-devel~1.4.1~7.el5_8.2\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"gnutls-utils\", rpm:\"gnutls-utils~1.4.1~7.el5_8.2\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2018-01-06T13:07:50", "description": "Check for the Version of gnutls", "cvss3": {}, "published": "2012-03-29T00:00:00", "type": "openvas", "title": "RedHat Update for gnutls RHSA-2012:0428-01", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-4128", "CVE-2012-1569", "CVE-2012-1573"], "modified": "2018-01-05T00:00:00", "id": "OPENVAS:870579", "href": "http://plugins.openvas.org/nasl.php?oid=870579", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for gnutls RHSA-2012:0428-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The GnuTLS library provides support for cryptographic algorithms and for\n protocols such as Transport Layer Security (TLS). GnuTLS includes libtasn1,\n a library developed for ASN.1 (Abstract Syntax Notation One) structures\n management that includes DER (Distinguished Encoding Rules) encoding and\n decoding.\n\n A flaw was found in the way GnuTLS decrypted malformed TLS records. This\n could cause a TLS/SSL client or server to crash when processing a\n specially-crafted TLS record from a remote TLS/SSL connection peer.\n (CVE-2012-1573)\n\n A flaw was found in the way libtasn1 decoded DER data. An attacker could\n create a carefully-crafted X.509 certificate that, when parsed by an\n application that uses GnuTLS, could cause the application to crash.\n (CVE-2012-1569)\n\n A boundary error was found in the gnutls_session_get_data() function. A\n malicious TLS/SSL server could use this flaw to crash a TLS/SSL client or,\n possibly, execute arbitrary code as the client, if the client passed a\n fixed-sized buffer to gnutls_session_get_data() before checking the real\n size of the session data provided by the server. (CVE-2011-4128)\n\n Red Hat would like to thank Matthew Hall of Mu Dynamics for reporting\n CVE-2012-1573 and CVE-2012-1569.\n\n Users of GnuTLS are advised to upgrade to these updated packages, which\n contain backported patches to correct these issues. For the update to take\n effect, all applications linked to the GnuTLS library must be restarted, or\n the system rebooted.\";\n\ntag_affected = \"gnutls on Red Hat Enterprise Linux (v. 5 server)\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/rhsa-announce/2012-March/msg00022.html\");\n script_id(870579);\n script_version(\"$Revision: 8295 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-05 07:29:18 +0100 (Fri, 05 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-03-29 10:04:35 +0530 (Thu, 29 Mar 2012)\");\n script_cve_id(\"CVE-2011-4128\", \"CVE-2012-1569\", \"CVE-2012-1573\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_xref(name: \"RHSA\", value: \"2012:0428-01\");\n script_name(\"RedHat Update for gnutls RHSA-2012:0428-01\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of gnutls\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"RHENT_5\")\n{\n\n if ((res = isrpmvuln(pkg:\"gnutls\", rpm:\"gnutls~1.4.1~7.el5_8.2\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"gnutls-debuginfo\", rpm:\"gnutls-debuginfo~1.4.1~7.el5_8.2\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"gnutls-devel\", rpm:\"gnutls-devel~1.4.1~7.el5_8.2\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"gnutls-utils\", rpm:\"gnutls-utils~1.4.1~7.el5_8.2\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-01-02T10:58:12", "description": "Check for the Version of gnutls", "cvss3": {}, "published": "2012-07-30T00:00:00", "type": "openvas", "title": "CentOS Update for gnutls CESA-2012:0428 centos5 ", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-4128", "CVE-2012-1569", "CVE-2012-1573"], "modified": "2018-01-01T00:00:00", "id": "OPENVAS:881198", "href": "http://plugins.openvas.org/nasl.php?oid=881198", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for gnutls CESA-2012:0428 centos5 \n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The GnuTLS library provides support for cryptographic algorithms and for\n protocols such as Transport Layer Security (TLS). GnuTLS includes libtasn1,\n a library developed for ASN.1 (Abstract Syntax Notation One) structures\n management that includes DER (Distinguished Encoding Rules) encoding and\n decoding.\n\n A flaw was found in the way GnuTLS decrypted malformed TLS records. This\n could cause a TLS/SSL client or server to crash when processing a\n specially-crafted TLS record from a remote TLS/SSL connection peer.\n (CVE-2012-1573)\n \n A flaw was found in the way libtasn1 decoded DER data. An attacker could\n create a carefully-crafted X.509 certificate that, when parsed by an\n application that uses GnuTLS, could cause the application to crash.\n (CVE-2012-1569)\n \n A boundary error was found in the gnutls_session_get_data() function. A\n malicious TLS/SSL server could use this flaw to crash a TLS/SSL client or,\n possibly, execute arbitrary code as the client, if the client passed a\n fixed-sized buffer to gnutls_session_get_data() before checking the real\n size of the session data provided by the server. (CVE-2011-4128)\n \n Red Hat would like to thank Matthew Hall of Mu Dynamics for reporting\n CVE-2012-1573 and CVE-2012-1569.\n \n Users of GnuTLS are advised to upgrade to these updated packages, which\n contain backported patches to correct these issues. For the update to take\n effect, all applications linked to the GnuTLS library must be restarted, or\n the system rebooted.\";\n\ntag_affected = \"gnutls on CentOS 5\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2012-March/018529.html\");\n script_id(881198);\n script_version(\"$Revision: 8265 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-01 07:29:23 +0100 (Mon, 01 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-07-30 16:40:51 +0530 (Mon, 30 Jul 2012)\");\n script_cve_id(\"CVE-2011-4128\", \"CVE-2012-1569\", \"CVE-2012-1573\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_xref(name: \"CESA\", value: \"2012:0428\");\n script_name(\"CentOS Update for gnutls CESA-2012:0428 centos5 \");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of gnutls\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"gnutls\", rpm:\"gnutls~1.4.1~7.el5_8.2\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"gnutls-devel\", rpm:\"gnutls-devel~1.4.1~7.el5_8.2\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"gnutls-utils\", rpm:\"gnutls-utils~1.4.1~7.el5_8.2\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:39:17", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2012-08-03T00:00:00", "type": "openvas", "title": "Mandriva Update for gnutls MDVSA-2012:040 (gnutls)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-1573"], "modified": "2018-11-16T00:00:00", "id": "OPENVAS:1361412562310831635", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310831635", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for gnutls MDVSA-2012:040 (gnutls)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://www.mandriva.com/en/support/security/advisories/?name=MDVSA-2012:040\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.831635\");\n script_version(\"$Revision: 12381 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-16 12:16:30 +0100 (Fri, 16 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-08-03 09:57:55 +0530 (Fri, 03 Aug 2012)\");\n script_cve_id(\"CVE-2012-1573\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_xref(name:\"MDVSA\", value:\"2012:040\");\n script_name(\"Mandriva Update for gnutls MDVSA-2012:040 (gnutls)\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'gnutls'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\", re:\"ssh/login/release=MNDK_(2011\\.0|mes5\\.2|2010\\.1)\");\n script_tag(name:\"affected\", value:\"gnutls on Mandriva Linux 2011.0,\n Mandriva Enterprise Server 5.2,\n Mandriva Linux 2010.1\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"insight\", value:\"A vulnerability has been found and corrected in GnuTLS:\n\n gnutls_cipher.c in libgnutls in GnuTLS before 2.12.17 and 3.x before\n 3.0.15 does not properly handle data encrypted with a block cipher,\n which allows remote attackers to cause a denial of service (heap\n memory corruption and application crash) via a crafted record, as\n demonstrated by a crafted GenericBlockCipher structure (CVE-2012-1573).\n\n The updated packages have been patched to correct this issue.\n\n The GnuTLS packages for Mandriva Linux 2011 has been upgraded to the\n 2.12.8 version due to problems with the test suite while building\n it, additionally a new dependency was added on p11-kit for the PKCS\n #11 support.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"MNDK_2011.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"gnutls\", rpm:\"gnutls~2.12.8~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libgnutls26\", rpm:\"libgnutls26~2.12.8~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libgnutls-devel\", rpm:\"libgnutls-devel~2.12.8~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libgnutls-ssl27\", rpm:\"libgnutls-ssl27~2.12.8~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libp11-kit0\", rpm:\"libp11-kit0~0.12~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libp11-kit-devel\", rpm:\"libp11-kit-devel~0.12~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"p11-kit\", rpm:\"p11-kit~0.12~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"p11-kit\", rpm:\"p11-kit~0.12~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64gnutls26\", rpm:\"lib64gnutls26~2.12.8~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64gnutls-devel\", rpm:\"lib64gnutls-devel~2.12.8~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64gnutls-ssl27\", rpm:\"lib64gnutls-ssl27~2.12.8~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64p11-kit0\", rpm:\"lib64p11-kit0~0.12~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64p11-kit-devel\", rpm:\"lib64p11-kit-devel~0.12~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"MNDK_mes5.2\")\n{\n\n if ((res = isrpmvuln(pkg:\"gnutls\", rpm:\"gnutls~2.4.1~2.6mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libgnutls26\", rpm:\"libgnutls26~2.4.1~2.6mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libgnutls-devel\", rpm:\"libgnutls-devel~2.4.1~2.6mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64gnutls26\", rpm:\"lib64gnutls26~2.4.1~2.6mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64gnutls-devel\", rpm:\"lib64gnutls-devel~2.4.1~2.6mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"MNDK_2010.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"gnutls\", rpm:\"gnutls~2.8.6~1.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libgnutls26\", rpm:\"libgnutls26~2.8.6~1.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libgnutls-devel\", rpm:\"libgnutls-devel~2.8.6~1.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64gnutls26\", rpm:\"lib64gnutls26~2.8.6~1.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64gnutls-devel\", rpm:\"lib64gnutls-devel~2.8.6~1.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:38:57", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2012-03-26T00:00:00", "type": "openvas", "title": "Fedora Update for gnutls FEDORA-2012-4578", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-1573"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310864107", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310864107", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for gnutls FEDORA-2012-4578\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.fedoraproject.org/pipermail/package-announce/2012-March/076496.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.864107\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-03-26 14:16:47 +0530 (Mon, 26 Mar 2012)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_cve_id(\"CVE-2012-1573\");\n script_xref(name:\"FEDORA\", value:\"2012-4578\");\n script_name(\"Fedora Update for gnutls FEDORA-2012-4578\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'gnutls'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC16\");\n script_tag(name:\"affected\", value:\"gnutls on Fedora 16\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC16\")\n{\n\n if ((res = isrpmvuln(pkg:\"gnutls\", rpm:\"gnutls~2.12.14~2.fc16\", rls:\"FC16\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:39:00", "description": "The remote host is missing an update to gnutls26\nannounced via advisory DSA 2441-1.", "cvss3": {}, "published": "2012-04-30T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 2441-1 (gnutls26)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-1573"], "modified": "2019-03-18T00:00:00", "id": "OPENVAS:136141256231071244", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231071244", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2441_1.nasl 14275 2019-03-18 14:39:45Z cfischer $\n# Description: Auto-generated from advisory DSA 2441-1 (gnutls26)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.71244\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_cve_id(\"CVE-2012-1573\");\n script_version(\"$Revision: 14275 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 15:39:45 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-04-30 07:55:11 -0400 (Mon, 30 Apr 2012)\");\n script_name(\"Debian Security Advisory DSA 2441-1 (gnutls26)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB6\");\n script_xref(name:\"URL\", value:\"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202441-1\");\n script_tag(name:\"insight\", value:\"Matthew Hall discovered that GNUTLS does not properly handle truncated\nGenericBlockCipher structures nested inside TLS records, leading to\ncrashes in applications using the GNUTLS library.\n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 2.8.6-1+squeeze2.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 2.12.18-1 of the gnutls26 package and version 3.0.17-2 of the\ngnutls28 package.\");\n\n script_tag(name:\"solution\", value:\"We recommend that you upgrade your gnutls26 packages.\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update to gnutls26\nannounced via advisory DSA 2441-1.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"gnutls-bin\", ver:\"2.8.6-1+squeeze2\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"gnutls-doc\", ver:\"2.8.6-1+squeeze2\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"guile-gnutls\", ver:\"2.8.6-1+squeeze2\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libgnutls-dev\", ver:\"2.8.6-1+squeeze2\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libgnutls26\", ver:\"2.8.6-1+squeeze2\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libgnutls26-dbg\", ver:\"2.8.6-1+squeeze2\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:38:56", "description": "The remote host is missing an update to the system\n as announced in the referenced advisory.", "cvss3": {}, "published": "2012-04-30T00:00:00", "type": "openvas", "title": "FreeBSD Ports: gnutls", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-1573"], "modified": "2018-10-05T00:00:00", "id": "OPENVAS:136141256231071294", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231071294", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: freebsd_gnutls7.nasl 11762 2018-10-05 10:54:12Z cfischer $\n#\n# Auto generated from VID aecee357-739e-11e1-a883-001cc0a36e12\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.71294\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_cve_id(\"CVE-2012-1573\");\n script_version(\"$Revision: 11762 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-05 12:54:12 +0200 (Fri, 05 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-04-30 07:59:26 -0400 (Mon, 30 Apr 2012)\");\n script_name(\"FreeBSD Ports: gnutls\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"FreeBSD Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/freebsd\", \"ssh/login/freebsdrel\");\n\n script_tag(name:\"insight\", value:\"The following packages are affected:\n\n gnutls\n gnutls-devel\n\nCVE-2012-1573\ngnutls_cipher.c in libgnutls in GnuTLS before 2.12.17 and 3.x before\n3.0.15 does not properly handle data encrypted with a block cipher,\nwhich allows remote attackers to cause a denial of service (heap\nmemory corruption and application crash) via a crafted record, as\ndemonstrated by a crafted GenericBlockCipher structure.\");\n\n script_tag(name:\"solution\", value:\"Update your system with the appropriate patches or\n software upgrades.\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update to the system\n as announced in the referenced advisory.\");\n\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-bsd.inc\");\n\nvuln = FALSE;\ntxt = \"\";\n\nbver = portver(pkg:\"gnutls\");\nif(!isnull(bver) && revcomp(a:bver, b:\"2.12.18\")<0) {\n txt += \"Package gnutls version \" + bver + \" is installed which is known to be vulnerable.\\n\";\n vuln = TRUE;\n}\nbver = portver(pkg:\"gnutls-devel\");\nif(!isnull(bver) && revcomp(a:bver, b:\"2.99\")>0 && revcomp(a:bver, b:\"3.0.15\")<0) {\n txt += \"Package gnutls-devel version \" + bver + \" is installed which is known to be vulnerable.\\n\";\n vuln = TRUE;\n}\n\nif(vuln) {\n security_message(data:txt);\n} else if (__pkg_match) {\n exit(99);\n}", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2017-07-02T21:10:49", "description": "The remote host is missing an update to the system\nas announced in the referenced advisory.", "cvss3": {}, "published": "2012-04-30T00:00:00", "type": "openvas", "title": "FreeBSD Ports: gnutls", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-1573"], "modified": "2017-04-17T00:00:00", "id": "OPENVAS:71294", "href": "http://plugins.openvas.org/nasl.php?oid=71294", "sourceData": "#\n#VID aecee357-739e-11e1-a883-001cc0a36e12\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from VID aecee357-739e-11e1-a883-001cc0a36e12\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The following packages are affected:\n gnutls\n gnutls-devel\n\nCVE-2012-1573\ngnutls_cipher.c in libgnutls in GnuTLS before 2.12.17 and 3.x before\n3.0.15 does not properly handle data encrypted with a block cipher,\nwhich allows remote attackers to cause a denial of service (heap\nmemory corruption and application crash) via a crafted record, as\ndemonstrated by a crafted GenericBlockCipher structure.\";\ntag_solution = \"Update your system with the appropriate patches or\nsoftware upgrades.\";\ntag_summary = \"The remote host is missing an update to the system\nas announced in the referenced advisory.\";\n\n\n\nif(description)\n{\n script_id(71294);\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_cve_id(\"CVE-2012-1573\");\n script_version(\"$Revision: 5958 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-04-17 11:02:19 +0200 (Mon, 17 Apr 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-04-30 07:59:26 -0400 (Mon, 30 Apr 2012)\");\n script_name(\"FreeBSD Ports: gnutls\");\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"FreeBSD Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/freebsdrel\", \"login/SSH/success\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-bsd.inc\");\nvuln = 0;\ntxt = \"\";\nbver = portver(pkg:\"gnutls\");\nif(!isnull(bver) && revcomp(a:bver, b:\"2.12.18\")<0) {\n txt += \"Package gnutls version \" + bver + \" is installed which is known to be vulnerable.\\n\";\n vuln = 1;\n}\nbver = portver(pkg:\"gnutls-devel\");\nif(!isnull(bver) && revcomp(a:bver, b:\"2.99\")>0 && revcomp(a:bver, b:\"3.0.15\")<0) {\n txt += \"Package gnutls-devel version \" + bver + \" is installed which is known to be vulnerable.\\n\";\n vuln = 1;\n}\n\nif(vuln) {\n security_message(data:string(txt ));\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-01-03T10:58:37", "description": "Check for the Version of gnutls", "cvss3": {}, "published": "2012-03-26T00:00:00", "type": "openvas", "title": "Fedora Update for gnutls FEDORA-2012-4578", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-1573"], "modified": "2018-01-03T00:00:00", "id": "OPENVAS:864107", "href": "http://plugins.openvas.org/nasl.php?oid=864107", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for gnutls FEDORA-2012-4578\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"gnutls on Fedora 16\";\ntag_insight = \"GnuTLS is a project that aims to develop a library which provides a secure\n layer, over a reliable transport layer. Currently the GnuTLS library implements\n the proposed standards by the IETF's TLS working group.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2012-March/076496.html\");\n script_id(864107);\n script_version(\"$Revision: 8273 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-03 07:29:19 +0100 (Wed, 03 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-03-26 14:16:47 +0530 (Mon, 26 Mar 2012)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_cve_id(\"CVE-2012-1573\");\n script_xref(name: \"FEDORA\", value: \"2012-4578\");\n script_name(\"Fedora Update for gnutls FEDORA-2012-4578\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of gnutls\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC16\")\n{\n\n if ((res = isrpmvuln(pkg:\"gnutls\", rpm:\"gnutls~2.12.14~2.fc16\", rls:\"FC16\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-01-02T10:57:35", "description": "Check for the Version of gnutls", "cvss3": {}, "published": "2012-08-03T00:00:00", "type": "openvas", "title": "Mandriva Update for gnutls MDVSA-2012:040 (gnutls)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-1573"], "modified": "2017-12-27T00:00:00", "id": "OPENVAS:831635", "href": "http://plugins.openvas.org/nasl.php?oid=831635", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for gnutls MDVSA-2012:040 (gnutls)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"A vulnerability has been found and corrected in GnuTLS:\n\n gnutls_cipher.c in libgnutls in GnuTLS before 2.12.17 and 3.x before\n 3.0.15 does not properly handle data encrypted with a block cipher,\n which allows remote attackers to cause a denial of service (heap\n memory corruption and application crash) via a crafted record, as\n demonstrated by a crafted GenericBlockCipher structure (CVE-2012-1573).\n\n The updated packages have been patched to correct this issue.\n\n The GnuTLS packages for Mandriva Linux 2011 has been upgraded to the\n 2.12.8 version due to problems with the test suite while building\n it, additionally a new dependency was added on p11-kit for the PKCS\n #11 support.\";\n\ntag_affected = \"gnutls on Mandriva Linux 2011.0,\n Mandriva Enterprise Server 5.2,\n Mandriva Linux 2010.1\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://www.mandriva.com/en/support/security/advisories/?name=MDVSA-2012:040\");\n script_id(831635);\n script_version(\"$Revision: 8249 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-27 07:29:56 +0100 (Wed, 27 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-08-03 09:57:55 +0530 (Fri, 03 Aug 2012)\");\n script_cve_id(\"CVE-2012-1573\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_xref(name: \"MDVSA\", value: \"2012:040\");\n script_name(\"Mandriva Update for gnutls MDVSA-2012:040 (gnutls)\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of gnutls\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"MNDK_2011.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"gnutls\", rpm:\"gnutls~2.12.8~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libgnutls26\", rpm:\"libgnutls26~2.12.8~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libgnutls-devel\", rpm:\"libgnutls-devel~2.12.8~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libgnutls-ssl27\", rpm:\"libgnutls-ssl27~2.12.8~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libp11-kit0\", rpm:\"libp11-kit0~0.12~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libp11-kit-devel\", rpm:\"libp11-kit-devel~0.12~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"p11-kit\", rpm:\"p11-kit~0.12~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"p11-kit\", rpm:\"p11-kit~0.12~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64gnutls26\", rpm:\"lib64gnutls26~2.12.8~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64gnutls-devel\", rpm:\"lib64gnutls-devel~2.12.8~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64gnutls-ssl27\", rpm:\"lib64gnutls-ssl27~2.12.8~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64p11-kit0\", rpm:\"lib64p11-kit0~0.12~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64p11-kit-devel\", rpm:\"lib64p11-kit-devel~0.12~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_mes5.2\")\n{\n\n if ((res = isrpmvuln(pkg:\"gnutls\", rpm:\"gnutls~2.4.1~2.6mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libgnutls26\", rpm:\"libgnutls26~2.4.1~2.6mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libgnutls-devel\", rpm:\"libgnutls-devel~2.4.1~2.6mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64gnutls26\", rpm:\"lib64gnutls26~2.4.1~2.6mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64gnutls-devel\", rpm:\"lib64gnutls-devel~2.4.1~2.6mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_2010.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"gnutls\", rpm:\"gnutls~2.8.6~1.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libgnutls26\", rpm:\"libgnutls26~2.8.6~1.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libgnutls-devel\", rpm:\"libgnutls-devel~2.8.6~1.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64gnutls26\", rpm:\"lib64gnutls26~2.8.6~1.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64gnutls-devel\", rpm:\"lib64gnutls-devel~2.8.6~1.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-07-24T12:50:52", "description": "The remote host is missing an update to gnutls26\nannounced via advisory DSA 2441-1.", "cvss3": {}, "published": "2012-04-30T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 2441-1 (gnutls26)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-1573"], "modified": "2017-07-07T00:00:00", "id": "OPENVAS:71244", "href": "http://plugins.openvas.org/nasl.php?oid=71244", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2441_1.nasl 6612 2017-07-07 12:08:03Z cfischer $\n# Description: Auto-generated from advisory DSA 2441-1 (gnutls26)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Matthew Hall discovered that GNUTLS does not properly handle truncated\nGenericBlockCipher structures nested inside TLS records, leading to\ncrashes in applications using the GNUTLS library.\n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 2.8.6-1+squeeze2.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 2.12.18-1 of the gnutls26 package and version 3.0.17-2 of the\ngnutls28 package.\n\nWe recommend that you upgrade your gnutls26 packages.\";\ntag_summary = \"The remote host is missing an update to gnutls26\nannounced via advisory DSA 2441-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202441-1\";\n\nif(description)\n{\n script_id(71244);\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_cve_id(\"CVE-2012-1573\");\n script_version(\"$Revision: 6612 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:08:03 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-04-30 07:55:11 -0400 (Mon, 30 Apr 2012)\");\n script_name(\"Debian Security Advisory DSA 2441-1 (gnutls26)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"gnutls-bin\", ver:\"2.8.6-1+squeeze2\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"gnutls-doc\", ver:\"2.8.6-1+squeeze2\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"guile-gnutls\", ver:\"2.8.6-1+squeeze2\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libgnutls-dev\", ver:\"2.8.6-1+squeeze2\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libgnutls26\", ver:\"2.8.6-1+squeeze2\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libgnutls26-dbg\", ver:\"2.8.6-1+squeeze2\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:39:23", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2012-04-11T00:00:00", "type": "openvas", "title": "Fedora Update for libtasn1 FEDORA-2012-4308", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-1569"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310864142", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310864142", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for libtasn1 FEDORA-2012-4308\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.fedoraproject.org/pipermail/package-announce/2012-April/076856.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.864142\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-04-11 10:47:56 +0530 (Wed, 11 Apr 2012)\");\n script_cve_id(\"CVE-2012-1569\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_xref(name:\"FEDORA\", value:\"2012-4308\");\n script_name(\"Fedora Update for libtasn1 FEDORA-2012-4308\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'libtasn1'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC15\");\n script_tag(name:\"affected\", value:\"libtasn1 on Fedora 15\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC15\")\n{\n\n if ((res = isrpmvuln(pkg:\"libtasn1\", rpm:\"libtasn1~2.12~1.fc15\", rls:\"FC15\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:39:23", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2012-08-30T00:00:00", "type": "openvas", "title": "Fedora Update for mingw-libtasn1 FEDORA-2012-4451", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-1569"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310864362", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310864362", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for mingw-libtasn1 FEDORA-2012-4451\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077284.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.864362\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-08-30 10:05:14 +0530 (Thu, 30 Aug 2012)\");\n script_cve_id(\"CVE-2012-1569\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_xref(name:\"FEDORA\", value:\"2012-4451\");\n script_name(\"Fedora Update for mingw-libtasn1 FEDORA-2012-4451\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'mingw-libtasn1'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC17\");\n script_tag(name:\"affected\", value:\"mingw-libtasn1 on Fedora 17\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC17\")\n{\n\n if ((res = isrpmvuln(pkg:\"mingw-libtasn1\", rpm:\"mingw-libtasn1~2.12~1.fc17\", rls:\"FC17\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:39:08", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2012-07-30T00:00:00", "type": "openvas", "title": "CentOS Update for libtasn1 CESA-2012:0427 centos6", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-1569"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310881171", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310881171", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for libtasn1 CESA-2012:0427 centos6\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2012-March/018531.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.881171\");\n script_version(\"$Revision: 14222 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 13:50:48 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-07-30 16:32:28 +0530 (Mon, 30 Jul 2012)\");\n script_cve_id(\"CVE-2012-1569\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_xref(name:\"CESA\", value:\"2012:0427\");\n script_name(\"CentOS Update for libtasn1 CESA-2012:0427 centos6\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'libtasn1'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS6\");\n script_tag(name:\"affected\", value:\"libtasn1 on CentOS 6\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_tag(name:\"insight\", value:\"libtasn1 is a library developed for ASN.1 (Abstract Syntax Notation One)\n structures management that includes DER (Distinguished Encoding Rules)\n encoding and decoding.\n\n A flaw was found in the way libtasn1 decoded DER data. An attacker could\n create carefully-crafted DER encoded input (such as an X.509 certificate)\n that, when parsed by an application that uses libtasn1 (such as\n applications using GnuTLS), could cause the application to crash.\n (CVE-2012-1569)\n\n Red Hat would like to thank Matthew Hall of Mu Dynamics for reporting this\n issue.\n\n Users of libtasn1 are advised to upgrade to these updated packages, which\n contain a backported patch to correct this issue. For the update to take\n effect, all applications linked to the libtasn1 library must be restarted,\n or the system rebooted.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS6\")\n{\n\n if ((res = isrpmvuln(pkg:\"libtasn1\", rpm:\"libtasn1~2.3~3.el6_2.1\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libtasn1-devel\", rpm:\"libtasn1-devel~2.3~3.el6_2.1\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libtasn1-tools\", rpm:\"libtasn1-tools~2.3~3.el6_2.1\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:38:50", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2012-04-11T00:00:00", "type": "openvas", "title": "Fedora Update for libtasn1 FEDORA-2012-4342", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-1569"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310864139", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310864139", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for libtasn1 FEDORA-2012-4342\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.fedoraproject.org/pipermail/package-announce/2012-April/076865.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.864139\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-04-11 10:47:32 +0530 (Wed, 11 Apr 2012)\");\n script_cve_id(\"CVE-2012-1569\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_xref(name:\"FEDORA\", value:\"2012-4342\");\n script_name(\"Fedora Update for libtasn1 FEDORA-2012-4342\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'libtasn1'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC16\");\n script_tag(name:\"affected\", value:\"libtasn1 on Fedora 16\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC16\")\n{\n\n if ((res = isrpmvuln(pkg:\"libtasn1\", rpm:\"libtasn1~2.12~1.fc16\", rls:\"FC16\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:39:08", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2012-04-02T00:00:00", "type": "openvas", "title": "Fedora Update for mingw-libtasn1 FEDORA-2012-4409", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-1569"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310864122", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310864122", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for mingw-libtasn1 FEDORA-2012-4409\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.fedoraproject.org/pipermail/package-announce/2012-March/076698.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.864122\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-04-02 10:33:11 +0530 (Mon, 02 Apr 2012)\");\n script_cve_id(\"CVE-2012-1569\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_xref(name:\"FEDORA\", value:\"2012-4409\");\n script_name(\"Fedora Update for mingw-libtasn1 FEDORA-2012-4409\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'mingw-libtasn1'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC16\");\n script_tag(name:\"affected\", value:\"mingw-libtasn1 on Fedora 16\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC16\")\n{\n\n if ((res = isrpmvuln(pkg:\"mingw-libtasn1\", rpm:\"mingw-libtasn1~2.12~1.fc16\", rls:\"FC16\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:39:02", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2012-08-30T00:00:00", "type": "openvas", "title": "Fedora Update for libtasn1 FEDORA-2012-4357", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-1569"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310864343", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310864343", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for libtasn1 FEDORA-2012-4357\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077339.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.864343\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-08-30 10:04:09 +0530 (Thu, 30 Aug 2012)\");\n script_cve_id(\"CVE-2012-1569\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_xref(name:\"FEDORA\", value:\"2012-4357\");\n script_name(\"Fedora Update for libtasn1 FEDORA-2012-4357\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'libtasn1'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC17\");\n script_tag(name:\"affected\", value:\"libtasn1 on Fedora 17\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC17\")\n{\n\n if ((res = isrpmvuln(pkg:\"libtasn1\", rpm:\"libtasn1~2.12~1.fc17\", rls:\"FC17\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:39:01", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2012-08-30T00:00:00", "type": "openvas", "title": "Fedora Update for mingw-p11-kit FEDORA-2012-4451", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-1569"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310864373", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310864373", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for mingw-p11-kit FEDORA-2012-4451\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077286.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.864373\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-08-30 10:05:40 +0530 (Thu, 30 Aug 2012)\");\n script_cve_id(\"CVE-2012-1569\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_xref(name:\"FEDORA\", value:\"2012-4451\");\n script_name(\"Fedora Update for mingw-p11-kit FEDORA-2012-4451\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'mingw-p11-kit'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC17\");\n script_tag(name:\"affected\", value:\"mingw-p11-kit on Fedora 17\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC17\")\n{\n\n if ((res = isrpmvuln(pkg:\"mingw-p11-kit\", rpm:\"mingw-p11-kit~0.12~1.fc17\", rls:\"FC17\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:38:44", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2012-04-13T00:00:00", "type": "openvas", "title": "Fedora Update for mingw32-gnutls FEDORA-2012-4417", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-1569"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310864156", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310864156", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for mingw32-gnutls FEDORA-2012-4417\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078206.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.864156\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-04-13 10:32:23 +0530 (Fri, 13 Apr 2012)\");\n script_cve_id(\"CVE-2012-1569\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_xref(name:\"FEDORA\", value:\"2012-4417\");\n script_name(\"Fedora Update for mingw32-gnutls FEDORA-2012-4417\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'mingw32-gnutls'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC15\");\n script_tag(name:\"affected\", value:\"mingw32-gnutls on Fedora 15\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC15\")\n{\n\n if ((res = isrpmvuln(pkg:\"mingw32-gnutls\", rpm:\"mingw32-gnutls~2.10.5~2.fc15\", rls:\"FC15\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:38:40", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1436-1", "cvss3": {}, "published": "2012-05-04T00:00:00", "type": "openvas", "title": "Ubuntu Update for libtasn1-3 USN-1436-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-1569"], "modified": "2019-03-13T00:00:00", "id": "OPENVAS:1361412562310840994", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310840994", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1436_1.nasl 14132 2019-03-13 09:25:59Z cfischer $\n#\n# Ubuntu Update for libtasn1-3 USN-1436-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-1436-1/\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.840994\");\n script_version(\"$Revision: 14132 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 10:25:59 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-05-04 10:47:46 +0530 (Fri, 04 May 2012)\");\n script_cve_id(\"CVE-2012-1569\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_xref(name:\"USN\", value:\"1436-1\");\n script_name(\"Ubuntu Update for libtasn1-3 USN-1436-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(10\\.04 LTS|12\\.04 LTS|11\\.10|11\\.04|8\\.04 LTS)\");\n script_tag(name:\"summary\", value:\"Ubuntu Update for Linux kernel vulnerabilities USN-1436-1\");\n script_tag(name:\"affected\", value:\"libtasn1-3 on Ubuntu 12.04 LTS,\n Ubuntu 11.10,\n Ubuntu 11.04,\n Ubuntu 10.04 LTS,\n Ubuntu 8.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"insight\", value:\"Matthew Hall discovered that Libtasn1 incorrectly handled certain large\n values. An attacker could exploit this with a specially crafted ASN.1\n structure and cause a denial of service, or possibly execute arbitrary\n code.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU10.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libtasn1-3\", ver:\"2.4-1ubuntu0.1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU12.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libtasn1-3\", ver:\"2.10-1ubuntu1.1\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU11.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libtasn1-3\", ver:\"2.9-4ubuntu0.1\", rls:\"UBUNTU11.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU11.04\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libtasn1-3\", ver:\"2.7-1ubuntu1.1\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU8.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libtasn1-3\", ver:\"1.1-1ubuntu0.1\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:39:01", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2012-04-02T00:00:00", "type": "openvas", "title": "Fedora Update for mingw32-gnutls FEDORA-2012-4409", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-1569"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310864129", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310864129", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for mingw32-gnutls FEDORA-2012-4409\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.fedoraproject.org/pipermail/package-announce/2012-March/076699.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.864129\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-04-02 10:34:29 +0530 (Mon, 02 Apr 2012)\");\n script_cve_id(\"CVE-2012-1569\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_xref(name:\"FEDORA\", value:\"2012-4409\");\n script_name(\"Fedora Update for mingw32-gnutls FEDORA-2012-4409\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'mingw32-gnutls'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC16\");\n script_tag(name:\"affected\", value:\"mingw32-gnutls on Fedora 16\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC16\")\n{\n\n if ((res = isrpmvuln(pkg:\"mingw32-gnutls\", rpm:\"mingw32-gnutls~2.12.14~3.fc16\", rls:\"FC16\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:38:34", "description": "The remote host is missing an update to the system\n as announced in the referenced advisory.", "cvss3": {}, "published": "2012-04-30T00:00:00", "type": "openvas", "title": "FreeBSD Ports: libtasn1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-1569"], "modified": "2018-10-05T00:00:00", "id": "OPENVAS:136141256231071293", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231071293", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: freebsd_libtasn1.nasl 11762 2018-10-05 10:54:12Z cfischer $\n#\n# Auto generated from VID 2e7e9072-73a0-11e1-a883-001cc0a36e12\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.71293\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_cve_id(\"CVE-2012-1569\");\n script_version(\"$Revision: 11762 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-05 12:54:12 +0200 (Fri, 05 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-04-30 07:59:26 -0400 (Mon, 30 Apr 2012)\");\n script_name(\"FreeBSD Ports: libtasn1\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"FreeBSD Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/freebsd\", \"ssh/login/freebsdrel\");\n\n script_tag(name:\"insight\", value:\"The following packages are affected:\n\n libtasn1\n gnutls\n gnutls-devel\n\nCVE-2012-1569\nThe asn1_get_length_der function in decoding.c in GNU Libtasn1 before\n2.12, as used in GnuTLS before 3.0.16 and other products, does not\nproperly handle certain large length values, which allows remote\nattackers to cause a denial of service (heap memory corruption and\napplication crash) or possibly have unspecified other impact via a\ncrafted ASN.1 structure.\");\n\n script_tag(name:\"solution\", value:\"Update your system with the appropriate patches or\n software upgrades.\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update to the system\n as announced in the referenced advisory.\");\n\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-bsd.inc\");\n\nvuln = FALSE;\ntxt = \"\";\n\nbver = portver(pkg:\"libtasn1\");\nif(!isnull(bver) && revcomp(a:bver, b:\"2.12\")<0) {\n txt += \"Package libtasn1 version \" + bver + \" is installed which is known to be vulnerable.\\n\";\n vuln = TRUE;\n}\nbver = portver(pkg:\"gnutls\");\nif(!isnull(bver) && revcomp(a:bver, b:\"2.12.18\")<0) {\n txt += \"Package gnutls version \" + bver + \" is installed which is known to be vulnerable.\\n\";\n vuln = TRUE;\n}\nbver = portver(pkg:\"gnutls-devel\");\nif(!isnull(bver) && revcomp(a:bver, b:\"2.99\")>0 && revcomp(a:bver, b:\"3.0.16\")<0) {\n txt += \"Package gnutls-devel version \" + bver + \" is installed which is known to be vulnerable.\\n\";\n vuln = TRUE;\n}\n\nif(vuln) {\n security_message(data:txt);\n} else if (__pkg_match) {\n exit(99);\n}", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:38:33", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2012-08-03T00:00:00", "type": "openvas", "title": "Mandriva Update for libtasn1 MDVSA-2012:039 (libtasn1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-1569"], "modified": "2018-11-16T00:00:00", "id": "OPENVAS:1361412562310831596", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310831596", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for libtasn1 MDVSA-2012:039 (libtasn1)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://www.mandriva.com/en/support/security/advisories/?name=MDVSA-2012:039\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.831596\");\n script_version(\"$Revision: 12381 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-16 12:16:30 +0100 (Fri, 16 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-08-03 09:52:39 +0530 (Fri, 03 Aug 2012)\");\n script_cve_id(\"CVE-2012-1569\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_xref(name:\"MDVSA\", value:\"2012:039\");\n script_name(\"Mandriva Update for libtasn1 MDVSA-2012:039 (libtasn1)\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'libtasn1'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\", re:\"ssh/login/release=MNDK_(2011\\.0|mes5\\.2|2010\\.1)\");\n script_tag(name:\"affected\", value:\"libtasn1 on Mandriva Linux 2011.0,\n Mandriva Enterprise Server 5.2,\n Mandriva Linux 2010.1\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"insight\", value:\"A vulnerability has been found and corrected in libtasn1:\n\n The asn1_get_length_der function in decoding.c in GNU Libtasn1 before\n 2.12, as used in GnuTLS before 3.0.16 and other products, does not\n properly handle certain large length values, which allows remote\n attackers to cause a denial of service (heap memory corruption and\n application crash) or possibly have unspecified other impact via a\n crafted ASN.1 structure (CVE-2012-1569).\n\n The updated packages have been patched to correct this issue.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"MNDK_2011.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"libtasn1_3\", rpm:\"libtasn1_3~2.9~2.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libtasn1-devel\", rpm:\"libtasn1-devel~2.9~2.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libtasn1-tools\", rpm:\"libtasn1-tools~2.9~2.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64tasn1_3\", rpm:\"lib64tasn1_3~2.9~2.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64tasn1-devel\", rpm:\"lib64tasn1-devel~2.9~2.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"MNDK_mes5.2\")\n{\n\n if ((res = isrpmvuln(pkg:\"libtasn1_3\", rpm:\"libtasn1_3~1.5~2.1mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libtasn1-devel\", rpm:\"libtasn1-devel~1.5~2.1mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libtasn1-tools\", rpm:\"libtasn1-tools~1.5~2.1mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64tasn1_3\", rpm:\"lib64tasn1_3~1.5~2.1mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64tasn1-devel\", rpm:\"lib64tasn1-devel~1.5~2.1mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"MNDK_2010.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"libtasn1_3\", rpm:\"libtasn1_3~2.6~2.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libtasn1-devel\", rpm:\"libtasn1-devel~2.6~2.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libtasn1-tools\", rpm:\"libtasn1-tools~2.6~2.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64tasn1_3\", rpm:\"lib64tasn1_3~2.6~2.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64tasn1-devel\", rpm:\"lib64tasn1-devel~2.6~2.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:38:43", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2012-08-30T00:00:00", "type": "openvas", "title": "Fedora Update for mingw-gnutls FEDORA-2012-4451", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-1569"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310864437", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310864437", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for mingw-gnutls FEDORA-2012-4451\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077285.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.864437\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-08-30 10:09:44 +0530 (Thu, 30 Aug 2012)\");\n script_cve_id(\"CVE-2012-1569\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_xref(name:\"FEDORA\", value:\"2012-4451\");\n script_name(\"Fedora Update for mingw-gnutls FEDORA-2012-4451\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'mingw-gnutls'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC17\");\n script_tag(name:\"affected\", value:\"mingw-gnutls on Fedora 17\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC17\")\n{\n\n if ((res = isrpmvuln(pkg:\"mingw-gnutls\", rpm:\"mingw-gnutls~2.12.17~1.fc17\", rls:\"FC17\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:38:59", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2012-04-13T00:00:00", "type": "openvas", "title": "Fedora Update for mingw-libtasn1 FEDORA-2012-4417", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-1569"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310864155", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310864155", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for mingw-libtasn1 FEDORA-2012-4417\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078207.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.864155\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-04-13 10:32:20 +0530 (Fri, 13 Apr 2012)\");\n script_cve_id(\"CVE-2012-1569\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_xref(name:\"FEDORA\", value:\"2012-4417\");\n script_name(\"Fedora Update for mingw-libtasn1 FEDORA-2012-4417\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'mingw-libtasn1'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC15\");\n script_tag(name:\"affected\", value:\"mingw-libtasn1 on Fedora 15\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC15\")\n{\n\n if ((res = isrpmvuln(pkg:\"mingw-libtasn1\", rpm:\"mingw-libtasn1~2.12~1.fc15\", rls:\"FC15\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:38:32", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2012-07-09T00:00:00", "type": "openvas", "title": "RedHat Update for libtasn1 RHSA-2012:0427-01", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-1569"], "modified": "2018-11-23T00:00:00", "id": "OPENVAS:1361412562310870725", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310870725", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for libtasn1 RHSA-2012:0427-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2012-March/msg00021.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.870725\");\n script_version(\"$Revision: 12497 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-23 09:28:21 +0100 (Fri, 23 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-07-09 10:53:35 +0530 (Mon, 09 Jul 2012)\");\n script_cve_id(\"CVE-2012-1569\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_xref(name:\"RHSA\", value:\"2012:0427-01\");\n script_name(\"RedHat Update for libtasn1 RHSA-2012:0427-01\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'libtasn1'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_6\");\n script_tag(name:\"affected\", value:\"libtasn1 on Red Hat Enterprise Linux Desktop (v. 6),\n Red Hat Enterprise Linux Server (v. 6),\n Red Hat Enterprise Linux Workstation (v. 6)\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"insight\", value:\"libtasn1 is a library developed for ASN.1 (Abstract Syntax Notation One)\n structures management that includes DER (Distinguished Encoding Rules)\n encoding and decoding.\n\n A flaw was found in the way libtasn1 decoded DER data. An attacker could\n create carefully-crafted DER encoded input (such as an X.509 certificate)\n that, when parsed by an application that uses libtasn1 (such as\n applications using GnuTLS), could cause the application to crash.\n (CVE-2012-1569)\n\n Red Hat would like to thank Matthew Hall of Mu Dynamics for reporting this\n issue.\n\n Users of libtasn1 are advised to upgrade to these updated packages, which\n contain a backported patch to correct this issue. For the update to take\n effect, all applications linked to the libtasn1 library must be restarted,\n or the system rebooted.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_6\")\n{\n\n if ((res = isrpmvuln(pkg:\"libtasn1\", rpm:\"libtasn1~2.3~3.el6_2.1\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libtasn1-debuginfo\", rpm:\"libtasn1-debuginfo~2.3~3.el6_2.1\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libtasn1-devel\", rpm:\"libtasn1-devel~2.3~3.el6_2.1\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:38:54", "description": "The remote host is missing updates announced in\nadvisory GLSA 201209-12.", "cvss3": {}, "published": "2012-09-26T00:00:00", "type": "openvas", "title": "Gentoo Security Advisory GLSA 201209-12 (libtasn1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-1569"], "modified": "2018-10-12T00:00:00", "id": "OPENVAS:136141256231072429", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231072429", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: glsa_201209_12.nasl 11859 2018-10-12 08:53:01Z cfischer $\n#\n# Auto generated from Gentoo's XML based advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.72429\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_cve_id(\"CVE-2012-1569\");\n script_version(\"$Revision: 11859 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-12 10:53:01 +0200 (Fri, 12 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-09-26 11:20:50 -0400 (Wed, 26 Sep 2012)\");\n script_name(\"Gentoo Security Advisory GLSA 201209-12 (libtasn1)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Gentoo Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_tag(name:\"insight\", value:\"A vulnerability in Libtasn1 might cause a Denial of Service condition.\");\n script_tag(name:\"solution\", value:\"All Libtasn1 users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=dev-libs/libtasn1-2.12'\n\n\nPackages which depend on this library may need to be recompiled. Tools\nsuch as revdep-rebuild may assist in identifying some of these packages.\");\n\n script_xref(name:\"URL\", value:\"http://www.securityspace.com/smysecure/catid.html?in=GLSA%20201209-12\");\n script_xref(name:\"URL\", value:\"http://bugs.gentoo.org/show_bug.cgi?id=409031\");\n script_tag(name:\"summary\", value:\"The remote host is missing updates announced in\nadvisory GLSA 201209-12.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"pkg-lib-gentoo.inc\");\ninclude(\"revisions-lib.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = ispkgvuln(pkg:\"dev-libs/libtasn1\", unaffected: make_list(\"ge 2.12\"), vulnerable: make_list(\"lt 2.12\"))) != NULL ) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2018-01-02T10:56:21", "description": "Check for the Version of libtasn1", "cvss3": {}, "published": "2012-07-30T00:00:00", "type": "openvas", "title": "CentOS Update for libtasn1 CESA-2012:0427 centos6 ", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-1569"], "modified": "2017-12-29T00:00:00", "id": "OPENVAS:881171", "href": "http://plugins.openvas.org/nasl.php?oid=881171", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for libtasn1 CESA-2012:0427 centos6 \n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"libtasn1 is a library developed for ASN.1 (Abstract Syntax Notation One)\n structures management that includes DER (Distinguished Encoding Rules)\n encoding and decoding.\n\n A flaw was found in the way libtasn1 decoded DER data. An attacker could\n create carefully-crafted DER encoded input (such as an X.509 certificate)\n that, when parsed by an application that uses libtasn1 (such as\n applications using GnuTLS), could cause the application to crash.\n (CVE-2012-1569)\n \n Red Hat would like to thank Matthew Hall of Mu Dynamics for reporting this\n issue.\n \n Users of libtasn1 are advised to upgrade to these updated packages, which\n contain a backported patch to correct this issue. For the update to take\n effect, all applications linked to the libtasn1 library must be restarted,\n or the system rebooted.\";\n\ntag_affected = \"libtasn1 on CentOS 6\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2012-March/018531.html\");\n script_id(881171);\n script_version(\"$Revision: 8257 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-29 07:29:46 +0100 (Fri, 29 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-07-30 16:32:28 +0530 (Mon, 30 Jul 2012)\");\n script_cve_id(\"CVE-2012-1569\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_xref(name: \"CESA\", value: \"2012:0427\");\n script_name(\"CentOS Update for libtasn1 CESA-2012:0427 centos6 \");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of libtasn1\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS6\")\n{\n\n if ((res = isrpmvuln(pkg:\"libtasn1\", rpm:\"libtasn1~2.3~3.el6_2.1\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libtasn1-devel\", rpm:\"libtasn1-devel~2.3~3.el6_2.1\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libtasn1-tools\", rpm:\"libtasn1-tools~2.3~3.el6_2.1\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:37:04", "description": "Oracle Linux Local Security Checks ELSA-2012-0427", "cvss3": {}, "published": "2015-10-06T00:00:00", "type": "openvas", "title": "Oracle Linux Local Check: ELSA-2012-0427", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-1569"], "modified": "2018-09-28T00:00:00", "id": "OPENVAS:1361412562310123947", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310123947", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2012-0427.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.123947\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-06 14:10:41 +0300 (Tue, 06 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2012-0427\");\n script_tag(name:\"insight\", value:\"ELSA-2012-0427 - libtasn1 security update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2012-0427\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2012-0427.html\");\n script_cve_id(\"CVE-2012-1569\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux6\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux6\")\n{\n if ((res = isrpmvuln(pkg:\"libtasn1\", rpm:\"libtasn1~2.3~3.el6_2.1\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"libtasn1-devel\", rpm:\"libtasn1-devel~2.3~3.el6_2.1\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"libtasn1-tools\", rpm:\"libtasn1-tools~2.3~3.el6_2.1\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2017-12-04T11:19:46", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1436-1", "cvss3": {}, "published": "2012-05-04T00:00:00", "type": "openvas", "title": "Ubuntu Update for libtasn1-3 USN-1436-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-1569"], "modified": "2017-12-01T00:00:00", "id": "OPENVAS:840994", "href": "http://plugins.openvas.org/nasl.php?oid=840994", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1436_1.nasl 7960 2017-12-01 06:58:16Z santu $\n#\n# Ubuntu Update for libtasn1-3 USN-1436-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Matthew Hall discovered that Libtasn1 incorrectly handled certain large\n values. An attacker could exploit this with a specially crafted ASN.1\n structure and cause a denial of service, or possibly execute arbitrary\n code.\";\n\ntag_summary = \"Ubuntu Update for Linux kernel vulnerabilities USN-1436-1\";\ntag_affected = \"libtasn1-3 on Ubuntu 12.04 LTS ,\n Ubuntu 11.10 ,\n Ubuntu 11.04 ,\n Ubuntu 10.04 LTS ,\n Ubuntu 8.04 LTS\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-1436-1/\");\n script_id(840994);\n script_version(\"$Revision: 7960 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-01 07:58:16 +0100 (Fri, 01 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-05-04 10:47:46 +0530 (Fri, 04 May 2012)\");\n script_cve_id(\"CVE-2012-1569\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_xref(name: \"USN\", value: \"1436-1\");\n script_name(\"Ubuntu Update for libtasn1-3 USN-1436-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU10.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libtasn1-3\", ver:\"2.4-1ubuntu0.1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU12.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libtasn1-3\", ver:\"2.10-1ubuntu1.1\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU11.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libtasn1-3\", ver:\"2.9-4ubuntu0.1\", rls:\"UBUNTU11.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU11.04\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libtasn1-3\", ver:\"2.7-1ubuntu1.1\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU8.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libtasn1-3\", ver:\"1.1-1ubuntu0.1\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-01-02T10:56:38", "description": "Check for the Version of libtasn1", "cvss3": {}, "published": "2012-04-11T00:00:00", "type": "openvas", "title": "Fedora Update for libtasn1 FEDORA-2012-4308", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-1569"], "modified": "2017-12-26T00:00:00", "id": "OPENVAS:864142", "href": "http://plugins.openvas.org/nasl.php?oid=864142", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for libtasn1 FEDORA-2012-4308\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"libtasn1 on Fedora 15\";\ntag_insight = \"This is the ASN.1 library used in GNUTLS. More up to date information can\n be found at <A HREF= &qt http://www.gnu.org/software/gnutls &qt >http://www.gnu.org/software/gnutls</A> and <A HREF= &qt http://www.gnutls.org &qt >http://www.gnutls.org</A>\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2012-April/076856.html\");\n script_id(864142);\n script_version(\"$Revision: 8245 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-26 07:29:59 +0100 (Tue, 26 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-04-11 10:47:56 +0530 (Wed, 11 Apr 2012)\");\n script_cve_id(\"CVE-2012-1569\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_xref(name: \"FEDORA\", value: \"2012-4308\");\n script_name(\"Fedora Update for libtasn1 FEDORA-2012-4308\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of libtasn1\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC15\")\n{\n\n if ((res = isrpmvuln(pkg:\"libtasn1\", rpm:\"libtasn1~2.12~1.fc15\", rls:\"FC15\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-01-08T12:58:40", "description": "Check for the Version of mingw32-gnutls", "cvss3": {}, "published": "2012-04-13T00:00:00", "type": "openvas", "title": "Fedora Update for mingw32-gnutls FEDORA-2012-4417", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-1569"], "modified": "2018-01-08T00:00:00", "id": "OPENVAS:864156", "href": "http://plugins.openvas.org/nasl.php?oid=864156", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for mingw32-gnutls FEDORA-2012-4417\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"mingw32-gnutls on Fedora 15\";\ntag_insight = \"GnuTLS TLS/SSL encryption library. This library is cross-compiled\n for MinGW.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078206.html\");\n script_id(864156);\n script_version(\"$Revision: 8313 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-08 08:02:11 +0100 (Mon, 08 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-04-13 10:32:23 +0530 (Fri, 13 Apr 2012)\");\n script_cve_id(\"CVE-2012-1569\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_xref(name: \"FEDORA\", value: \"2012-4417\");\n script_name(\"Fedora Update for mingw32-gnutls FEDORA-2012-4417\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of mingw32-gnutls\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC15\")\n{\n\n if ((res = isrpmvuln(pkg:\"mingw32-gnutls\", rpm:\"mingw32-gnutls~2.10.5~2.fc15\", rls:\"FC15\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-01-02T10:58:22", "description": "Check for the Version of mingw-p11-kit", "cvss3": {}, "published": "2012-08-30T00:00:00", "type": "openvas", "title": "Fedora Update for mingw-p11-kit FEDORA-2012-4451", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-1569"], "modified": "2018-01-02T00:00:00", "id": "OPENVAS:864373", "href": "http://plugins.openvas.org/nasl.php?oid=864373", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for mingw-p11-kit FEDORA-2012-4451\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"mingw-p11-kit on Fedora 17\";\ntag_insight = \"p11-kit provides a way to load and enumerate PKCS#11 modules, as well as\n a standard configuration setup for installing PKCS#11 modules in such a\n way that they're discoverable. This library is cross-compiled for MinGW.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077286.html\");\n script_id(864373);\n script_version(\"$Revision: 8267 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-02 07:29:17 +0100 (Tue, 02 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-08-30 10:05:40 +0530 (Thu, 30 Aug 2012)\");\n script_cve_id(\"CVE-2012-1569\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_xref(name: \"FEDORA\", value: \"2012-4451\");\n script_name(\"Fedora Update for mingw-p11-kit FEDORA-2012-4451\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of mingw-p11-kit\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC17\")\n{\n\n if ((res = isrpmvuln(pkg:\"mingw-p11-kit\", rpm:\"mingw-p11-kit~0.12~1.fc17\", rls:\"FC17\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-01-02T10:57:09", "description": "Check for the Version of libtasn1", "cvss3": {}, "published": "2012-08-30T00:00:00", "type": "openvas", "title": "Fedora Update for libtasn1 FEDORA-2012-4357", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-1569"], "modified": "2018-01-02T00:00:00", "id": "OPENVAS:864343", "href": "http://plugins.openvas.org/nasl.php?oid=864343", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for libtasn1 FEDORA-2012-4357\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"libtasn1 on Fedora 17\";\ntag_insight = \"This is the ASN.1 library used in GNUTLS. More up to date information can\n be found at <A HREF= &qt http://www.gnu.org/software/gnutls &qt >http://www.gnu.org/software/gnutls</A> and <A HREF= &qt http://www.gnutls.org &qt >http://www.gnutls.org</A>\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077339.html\");\n script_id(864343);\n script_version(\"$Revision: 8267 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-02 07:29:17 +0100 (Tue, 02 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-08-30 10:04:09 +0530 (Thu, 30 Aug 2012)\");\n script_cve_id(\"CVE-2012-1569\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_xref(name: \"FEDORA\", value: \"2012-4357\");\n script_name(\"Fedora Update for libtasn1 FEDORA-2012-4357\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of libtasn1\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC17\")\n{\n\n if ((res = isrpmvuln(pkg:\"libtasn1\", rpm:\"libtasn1~2.12~1.fc17\", rls:\"FC17\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2020-03-17T23:03:40", "description": "The remote host is missing an update announced via the referenced Security Advisory.", "cvss3": {}, "published": "2015-09-08T00:00:00", "type": "openvas", "title": "Amazon Linux: Security Advisory (ALAS-2012-60)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-1569"], "modified": "2020-03-13T00:00:00", "id": "OPENVAS:1361412562310120586", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310120586", "sourceData": "# Copyright (C) 2015 Eero Volotinen\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.120586\");\n script_version(\"2020-03-13T13:19:50+0000\");\n script_tag(name:\"creation_date\", value:\"2015-09-08 13:30:09 +0200 (Tue, 08 Sep 2015)\");\n script_tag(name:\"last_modification\", value:\"2020-03-13 13:19:50 +0000 (Fri, 13 Mar 2020)\");\n script_name(\"Amazon Linux: Security Advisory (ALAS-2012-60)\");\n script_tag(name:\"insight\", value:\"A flaw was found in the way libtasn1 decoded DER data. An attacker could create carefully-crafted DER encoded input (such as an X.509 certificate) that, when parsed by an application that uses libtasn1 (such as applications using GnuTLS), could cause the application to crash. (CVE-2012-1569 )\");\n script_tag(name:\"solution\", value:\"Run yum update libtasn1 to update your system.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://alas.aws.amazon.com/ALAS-2012-60.html\");\n script_cve_id(\"CVE-2012-1569\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/amazon_linux\", \"ssh/login/release\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"summary\", value:\"The remote host is missing an update announced via the referenced Security Advisory.\");\n script_copyright(\"Copyright (C) 2015 Eero Volotinen\");\n script_family(\"Amazon Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"AMAZON\") {\n if(!isnull(res = isrpmvuln(pkg:\"libtasn1-tools\", rpm:\"libtasn1-tools~2.3~3.4.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libtasn1-debuginfo\", rpm:\"libtasn1-debuginfo~2.3~3.4.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libtasn1\", rpm:\"libtasn1~2.3~3.4.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libtasn1-devel\", rpm:\"libtasn1-devel~2.3~3.4.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2018-01-02T10:57:47", "description": "Check for the Version of mingw-libtasn1", "cvss3": {}, "published": "2012-04-13T00:00:00", "type": "openvas", "title": "Fedora Update for mingw-libtasn1 FEDORA-2012-4417", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-1569"], "modified": "2018-01-02T00:00:00", "id": "OPENVAS:864155", "href": "http://plugins.openvas.org/nasl.php?oid=864155", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for mingw-libtasn1 FEDORA-2012-4417\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"libtasn1 is the ASN.1 library used in GNUTLS.\n\n This package contains the MinGW Windows cross compiled libtasn1 library.\";\n\ntag_affected = \"mingw-libtasn1 on Fedora 15\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078207.html\");\n script_id(864155);\n script_version(\"$Revision: 8267 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-02 07:29:17 +0100 (Tue, 02 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-04-13 10:32:20 +0530 (Fri, 13 Apr 2012)\");\n script_cve_id(\"CVE-2012-1569\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_xref(name: \"FEDORA\", value: \"2012-4417\");\n script_name(\"Fedora Update for mingw-libtasn1 FEDORA-2012-4417\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of mingw-libtasn1\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC15\")\n{\n\n if ((res = isrpmvuln(pkg:\"mingw-libtasn1\", rpm:\"mingw-libtasn1~2.12~1.fc15\", rls:\"FC15\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-01-11T11:07:01", "description": "Check for the Version of libtasn1", "cvss3": {}, "published": "2012-08-03T00:00:00", "type": "openvas", "title": "Mandriva Update for libtasn1 MDVSA-2012:039 (libtasn1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-1569"], "modified": "2018-01-10T00:00:00", "id": "OPENVAS:831596", "href": "http://plugins.openvas.org/nasl.php?oid=831596", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for libtasn1 MDVSA-2012:039 (libtasn1)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"A vulnerability has been found and corrected in libtasn1:\n\n The asn1_get_length_der function in decoding.c in GNU Libtasn1 before\n 2.12, as used in GnuTLS before 3.0.16 and other products, does not\n properly handle certain large length values, which allows remote\n attackers to cause a denial of service (heap memory corruption and\n application crash) or possibly have unspecified other impact via a\n crafted ASN.1 structure (CVE-2012-1569).\n\n The updated packages have been patched to correct this issue.\";\n\ntag_affected = \"libtasn1 on Mandriva Linux 2011.0,\n Mandriva Enterprise Server 5.2,\n Mandriva Linux 2010.1\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://www.mandriva.com/en/support/security/advisories/?name=MDVSA-2012:039\");\n script_id(831596);\n script_version(\"$Revision: 8352 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-10 08:01:57 +0100 (Wed, 10 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-08-03 09:52:39 +0530 (Fri, 03 Aug 2012)\");\n script_cve_id(\"CVE-2012-1569\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_xref(name: \"MDVSA\", value: \"2012:039\");\n script_name(\"Mandriva Update for libtasn1 MDVSA-2012:039 (libtasn1)\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of libtasn1\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"MNDK_2011.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"libtasn1_3\", rpm:\"libtasn1_3~2.9~2.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libtasn1-devel\", rpm:\"libtasn1-devel~2.9~2.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libtasn1-tools\", rpm:\"libtasn1-tools~2.9~2.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64tasn1_3\", rpm:\"lib64tasn1_3~2.9~2.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64tasn1-devel\", rpm:\"lib64tasn1-devel~2.9~2.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_mes5.2\")\n{\n\n if ((res = isrpmvuln(pkg:\"libtasn1_3\", rpm:\"libtasn1_3~1.5~2.1mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libtasn1-devel\", rpm:\"libtasn1-devel~1.5~2.1mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libtasn1-tools\", rpm:\"libtasn1-tools~1.5~2.1mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64tasn1_3\", rpm:\"lib64tasn1_3~1.5~2.1mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64tasn1-devel\", rpm:\"lib64tasn1-devel~1.5~2.1mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_2010.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"libtasn1_3\", rpm:\"libtasn1_3~2.6~2.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libtasn1-devel\", rpm:\"libtasn1-devel~2.6~2.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libtasn1-tools\", rpm:\"libtasn1-tools~2.6~2.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64tasn1_3\", rpm:\"lib64tasn1_3~2.6~2.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64tasn1-devel\", rpm:\"lib64tasn1-devel~2.6~2.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-01-08T12:57:41", "description": "Check for the Version of mingw-gnutls", "cvss3": {}, "published": "2012-08-30T00:00:00", "type": "openvas", "title": "Fedora Update for mingw-gnutls FEDORA-2012-4451", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-1569"], "modified": "2018-01-08T00:00:00", "id": "OPENVAS:864437", "href": "http://plugins.openvas.org/nasl.php?oid=864437", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for mingw-gnutls FEDORA-2012-4451\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"mingw-gnutls on Fedora 17\";\ntag_insight = \"GnuTLS TLS/SSL encryption library. This library is cross-compiled\n for MinGW.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077285.html\");\n script_id(864437);\n script_version(\"$Revision: 8313 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-08 08:02:11 +0100 (Mon, 08 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-08-30 10:09:44 +0530 (Thu, 30 Aug 2012)\");\n script_cve_id(\"CVE-2012-1569\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_xref(name: \"FEDORA\", value: \"2012-4451\");\n script_name(\"Fedora Update for mingw-gnutls FEDORA-2012-4451\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of mingw-gnutls\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC17\")\n{\n\n if ((res = isrpmvuln(pkg:\"mingw-gnutls\", rpm:\"mingw-gnutls~2.12.17~1.fc17\", rls:\"FC17\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-01-06T13:07:17", "description": "Check for the Version of libtasn1", "cvss3": {}, "published": "2012-04-11T00:00:00", "type": "openvas", "title": "Fedora Update for libtasn1 FEDORA-2012-4342", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-1569"], "modified": "2018-01-04T00:00:00", "id": "OPENVAS:864139", "href": "http://plugins.openvas.org/nasl.php?oid=864139", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for libtasn1 FEDORA-2012-4342\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"libtasn1 on Fedora 16\";\ntag_insight = \"This is the ASN.1 library used in GNUTLS. More up to date information can\n be found at <A HREF= &qt http://www.gnu.org/software/gnutls &qt >http://www.gnu.org/software/gnutls</A> and <A HREF= &qt http://www.gnutls.org &qt >http://www.gnutls.org</A>\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2012-April/076865.html\");\n script_id(864139);\n script_version(\"$Revision: 8285 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-04 07:29:16 +0100 (Thu, 04 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-04-11 10:47:32 +0530 (Wed, 11 Apr 2012)\");\n script_cve_id(\"CVE-2012-1569\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_xref(name: \"FEDORA\", value: \"2012-4342\");\n script_name(\"Fedora Update for libtasn1 FEDORA-2012-4342\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of libtasn1\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC16\")\n{\n\n if ((res = isrpmvuln(pkg:\"libtasn1\", rpm:\"libtasn1~2.12~1.fc16\", rls:\"FC16\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-01-11T11:07:24", "description": "Check for the Version of libtasn1", "cvss3": {}, "published": "2012-07-09T00:00:00", "type": "openvas", "title": "RedHat Update for libtasn1 RHSA-2012:0427-01", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-1569"], "modified": "2018-01-10T00:00:00", "id": "OPENVAS:870725", "href": "http://plugins.openvas.org/nasl.php?oid=870725", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for libtasn1 RHSA-2012:0427-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"libtasn1 is a library developed for ASN.1 (Abstract Syntax Notation One)\n structures management that includes DER (Distinguished Encoding Rules)\n encoding and decoding.\n\n A flaw was found in the way libtasn1 decoded DER data. An attacker could\n create carefully-crafted DER encoded input (such as an X.509 certificate)\n that, when parsed by an application that uses libtasn1 (such as\n applications using GnuTLS), could cause the application to crash.\n (CVE-2012-1569)\n\n Red Hat would like to thank Matthew Hall of Mu Dynamics for reporting this\n issue.\n\n Users of libtasn1 are advised to upgrade to these updated packages, which\n contain a backported patch to correct this issue. For the update to take\n effect, all applications linked to the libtasn1 library must be restarted,\n or the system rebooted.\";\n\ntag_affected = \"libtasn1 on Red Hat Enterprise Linux Desktop (v. 6),\n Red Hat Enterprise Linux Server (v. 6),\n Red Hat Enterprise Linux Workstation (v. 6)\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/rhsa-announce/2012-March/msg00021.html\");\n script_id(870725);\n script_version(\"$Revision: 8352 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-10 08:01:57 +0100 (Wed, 10 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-07-09 10:53:35 +0530 (Mon, 09 Jul 2012)\");\n script_cve_id(\"CVE-2012-1569\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_xref(name: \"RHSA\", value: \"2012:0427-01\");\n script_name(\"RedHat Update for libtasn1 RHSA-2012:0427-01\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of libtasn1\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"RHENT_6\")\n{\n\n if ((res = isrpmvuln(pkg:\"libtasn1\", rpm:\"libtasn1~2.3~3.el6_2.1\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libtasn1-debuginfo\", rpm:\"libtasn1-debuginfo~2.3~3.el6_2.1\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libtasn1-devel\", rpm:\"libtasn1-devel~2.3~3.el6_2.1\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-01-02T10:56:48", "description": "Check for the Version of mingw-libtasn1", "cvss3": {}, "published": "2012-08-30T00:00:00", "type": "openvas", "title": "Fedora Update for mingw-libtasn1 FEDORA-2012-4451", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-1569"], "modified": "2017-12-26T00:00:00", "id": "OPENVAS:864362", "href": "http://plugins.openvas.org/nasl.php?oid=864362", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for mingw-libtasn1 FEDORA-2012-4451\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"libtasn1 is the ASN.1 library used in GNUTLS.\n\n This package contains the MinGW Windows cross compiled libtasn1 library.\";\n\ntag_affected = \"mingw-libtasn1 on Fedora 17\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077284.html\");\n script_id(864362);\n script_version(\"$Revision: 8245 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-26 07:29:59 +0100 (Tue, 26 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-08-30 10:05:14 +0530 (Thu, 30 Aug 2012)\");\n script_cve_id(\"CVE-2012-1569\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_xref(name: \"FEDORA\", value: \"2012-4451\");\n script_name(\"Fedora Update for mingw-libtasn1 FEDORA-2012-4451\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of mingw-libtasn1\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC17\")\n{\n\n if ((res = isrpmvuln(pkg:\"mingw-libtasn1\", rpm:\"mingw-libtasn1~2.12~1.fc17\", rls:\"FC17\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-07-24T12:50:37", "description": "The remote host is missing updates announced in\nadvisory GLSA 201209-12.", "cvss3": {}, "published": "2012-09-26T00:00:00", "type": "openvas", "title": "Gentoo Security Advisory GLSA 201209-12 (libtasn1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-1569"], "modified": "2017-07-07T00:00:00", "id": "OPENVAS:72429", "href": "http://plugins.openvas.org/nasl.php?oid=72429", "sourceData": "#\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from Gentoo's XML based advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"A vulnerability in Libtasn1 might cause a Denial of Service condition.\";\ntag_solution = \"All Libtasn1 users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=dev-libs/libtasn1-2.12'\n \n\nPackages which depend on this library may need to be recompiled. Tools\nsuch as revdep-rebuild may assist in identifying some of these packages.\n\nhttp://www.securityspace.com/smysecure/catid.html?in=GLSA%20201209-12\nhttp://bugs.gentoo.org/show_bug.cgi?id=409031\";\ntag_summary = \"The remote host is missing updates announced in\nadvisory GLSA 201209-12.\";\n\n \n \nif(description)\n{\n script_id(72429);\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_cve_id(\"CVE-2012-1569\");\n script_version(\"$Revision: 6593 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 11:18:14 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-09-26 11:20:50 -0400 (Wed, 26 Sep 2012)\");\n script_name(\"Gentoo Security Advisory GLSA 201209-12 (libtasn1)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Gentoo Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-gentoo.inc\");\nres = \"\";\nreport = \"\";\nif((res = ispkgvuln(pkg:\"dev-libs/libtasn1\", unaffected: make_list(\"ge 2.12\"), vulnerable: make_list(\"lt 2.12\"))) != NULL ) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-01-02T10:56:50", "description": "Check for the Version of mingw32-gnutls", "cvss3": {}, "published": "2012-04-02T00:00:00", "type": "openvas", "title": "Fedora Update for mingw32-gnutls FEDORA-2012-4409", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-1569"], "modified": "2018-01-02T00:00:00", "id": "OPENVAS:864129", "href": "http://plugins.openvas.org/nasl.php?oid=864129", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for mingw32-gnutls FEDORA-2012-4409\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"mingw32-gnutls on Fedora 16\";\ntag_insight = \"GnuTLS TLS/SSL encryption library. This library is cross-compiled\n for MinGW.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2012-March/076699.html\");\n script_id(864129);\n script_version(\"$Revision: 8267 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-02 07:29:17 +0100 (Tue, 02 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-04-02 10:34:29 +0530 (Mon, 02 Apr 2012)\");\n script_cve_id(\"CVE-2012-1569\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_xref(name: \"FEDORA\", value: \"2012-4409\");\n script_name(\"Fedora Update for mingw32-gnutls FEDORA-2012-4409\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of mingw32-gnutls\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC16\")\n{\n\n if ((res = isrpmvuln(pkg:\"mingw32-gnutls\", rpm:\"mingw32-gnutls~2.12.14~3.fc16\", rls:\"FC16\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-07-24T12:50:38", "description": "The remote host is missing an update to libtasn1-3\nannounced via advisory DSA 2440-1.", "cvss3": {}, "published": "2012-04-30T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 2440-1 (libtasn1-3)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-1569"], "modified": "2017-07-07T00:00:00", "id": "OPENVAS:71243", "href": "http://plugins.openvas.org/nasl.php?oid=71243", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2440_1.nasl 6612 2017-07-07 12:08:03Z cfischer $\n# Description: Auto-generated from advisory DSA 2440-1 (libtasn1-3)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Matthew Hall discovered that many callers of the asn1_get_length_der\nfunction did not check the result against the overall buffer length\nbefore processing it further. This could result in out-of-bounds\nmemory accesses and application crashes. Applications using GNUTLS\nare exposed to this issue.\n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 2.7-1+squeeze+1.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 2.12-1.\n\nWe recommend that you upgrade your libtasn1-3 packages.\";\ntag_summary = \"The remote host is missing an update to libtasn1-3\nannounced via advisory DSA 2440-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202440-1\";\n\nif(description)\n{\n script_id(71243);\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_cve_id(\"CVE-2012-1569\");\n script_version(\"$Revision: 6612 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:08:03 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-04-30 07:55:04 -0400 (Mon, 30 Apr 2012)\");\n script_name(\"Debian Security Advisory DSA 2440-1 (libtasn1-3)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"libtasn1-3\", ver:\"2.7-1+squeeze+1\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libtasn1-3-bin\", ver:\"2.7-1+squeeze+1\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libtasn1-3-dbg\", ver:\"2.7-1+squeeze+1\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libtasn1-3-dev\", ver:\"2.7-1+squeeze+1\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-07-02T21:10:36", "description": "The remote host is missing an update to the system\nas announced in the referenced advisory.", "cvss3": {}, "published": "2012-04-30T00:00:00", "type": "openvas", "title": "FreeBSD Ports: libtasn1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-1569"], "modified": "2017-04-25T00:00:00", "id": "OPENVAS:71293", "href": "http://plugins.openvas.org/nasl.php?oid=71293", "sourceData": "#\n#VID 2e7e9072-73a0-11e1-a883-001cc0a36e12\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from VID 2e7e9072-73a0-11e1-a883-001cc0a36e12\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The following packages are affected:\n libtasn1\n gnutls\n gnutls-devel\n\nCVE-2012-1569\nThe asn1_get_length_der function in decoding.c in GNU Libtasn1 before\n2.12, as used in GnuTLS before 3.0.16 and other products, does not\nproperly handle certain large length values, which allows remote\nattackers to cause a denial of service (heap memory corruption and\napplication crash) or possibly have unspecified other impact via a\ncrafted ASN.1 structure.\";\ntag_solution = \"Update your system with the appropriate patches or\nsoftware upgrades.\";\ntag_summary = \"The remote host is missing an update to the system\nas announced in the referenced advisory.\";\n\n\n\nif(description)\n{\n script_id(71293);\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_cve_id(\"CVE-2012-1569\");\n script_version(\"$Revision: 6022 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-04-25 14:51:04 +0200 (Tue, 25 Apr 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-04-30 07:59:26 -0400 (Mon, 30 Apr 2012)\");\n script_name(\"FreeBSD Ports: libtasn1\");\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"FreeBSD Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/freebsdrel\", \"login/SSH/success\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-bsd.inc\");\nvuln = 0;\ntxt = \"\";\nbver = portver(pkg:\"libtasn1\");\nif(!isnull(bver) && revcomp(a:bver, b:\"2.12\")<0) {\n txt += \"Package libtasn1 version \" + bver + \" is installed which is known to be vulnerable.\\n\";\n vuln = 1;\n}\nbver = portver(pkg:\"gnutls\");\nif(!isnull(bver) && revcomp(a:bver, b:\"2.12.18\")<0) {\n txt += \"Package gnutls version \" + bver + \" is installed which is known to be vulnerable.\\n\";\n vuln = 1;\n}\nbver = portver(pkg:\"gnutls-devel\");\nif(!isnull(bver) && revcomp(a:bver, b:\"2.99\")>0 && revcomp(a:bver, b:\"3.0.16\")<0) {\n txt += \"Package gnutls-devel version \" + bver + \" is installed which is known to be vulnerable.\\n\";\n vuln = 1;\n}\n\nif(vuln) {\n security_message(data:string(txt ));\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-01-02T10:57:43", "description": "Check for the Version of mingw-libtasn1", "cvss3": {}, "published": "2012-04-02T00:00:00", "type": "openvas", "title": "Fedora Update for mingw-libtasn1 FEDORA-2012-4409", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-1569"], "modified": "2018-01-01T00:00:00", "id": "OPENVAS:864122", "href": "http://plugins.openvas.org/nasl.php?oid=864122", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for mingw-libtasn1 FEDORA-2012-4409\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"libtasn1 is the ASN.1 library used in GNUTLS.\n\n This package contains the MinGW Windows cross compiled libtasn1 library.\";\n\ntag_affected = \"mingw-libtasn1 on Fedora 16\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2012-March/076698.html\");\n script_id(864122);\n script_version(\"$Revision: 8265 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-01 07:29:23 +0100 (Mon, 01 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-04-02 10:33:11 +0530 (Mon, 02 Apr 2012)\");\n script_cve_id(\"CVE-2012-1569\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_xref(name: \"FEDORA\", value: \"2012-4409\");\n script_name(\"Fedora Update for mingw-libtasn1 FEDORA-2012-4409\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of mingw-libtasn1\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC16\")\n{\n\n if ((res = isrpmvuln(pkg:\"mingw-libtasn1\", rpm:\"mingw-libtasn1~2.12~1.fc16\", rls:\"FC16\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:38:48", "description": "The remote host is missing an update to libtasn1-3\nannounced via advisory DSA 2440-1.", "cvss3": {}, "published": "2012-04-30T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 2440-1 (libtasn1-3)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-1569"], "modified": "2019-03-18T00:00:00", "id": "OPENVAS:136141256231071243", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231071243", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2440_1.nasl 14275 2019-03-18 14:39:45Z cfischer $\n# Description: Auto-generated from advisory DSA 2440-1 (libtasn1-3)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.71243\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_cve_id(\"CVE-2012-1569\");\n script_version(\"$Revision: 14275 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 15:39:45 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-04-30 07:55:04 -0400 (Mon, 30 Apr 2012)\");\n script_name(\"Debian Security Advisory DSA 2440-1 (libtasn1-3)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB6\");\n script_xref(name:\"URL\", value:\"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202440-1\");\n script_tag(name:\"insight\", value:\"Matthew Hall discovered that many callers of the asn1_get_length_der\nfunction did not check the result against the overall buffer length\nbefore processing it further. This could result in out-of-bounds\nmemory accesses and application crashes. Applications using GNUTLS\nare exposed to this issue.\n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 2.7-1+squeeze+1.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 2.12-1.\");\n\n script_tag(name:\"solution\", value:\"We recommend that you upgrade your libtasn1-3 packages.\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update to libtasn1-3\nannounced via advisory DSA 2440-1.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"libtasn1-3\", ver:\"2.7-1+squeeze+1\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libtasn1-3-bin\", ver:\"2.7-1+squeeze+1\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libtasn1-3-dbg\", ver:\"2.7-1+squeeze+1\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libtasn1-3-dev\", ver:\"2.7-1+squeeze+1\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:38:34", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2012-07-09T00:00:00", "type": "openvas", "title": "RedHat Update for gnutls RHSA-2012:0429-01", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-4128", "CVE-2012-1573"], "modified": "2018-11-23T00:00:00", "id": "OPENVAS:1361412562310870675", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310870675", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for gnutls RHSA-2012:0429-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2012-March/msg00023.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.870675\");\n script_version(\"$Revision: 12497 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-23 09:28:21 +0100 (Fri, 23 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-07-09 10:45:29 +0530 (Mon, 09 Jul 2012)\");\n script_cve_id(\"CVE-2011-4128\", \"CVE-2012-1573\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_xref(name:\"RHSA\", value:\"2012:0429-01\");\n script_name(\"RedHat Update for gnutls RHSA-2012:0429-01\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'gnutls'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_6\");\n script_tag(name:\"affected\", value:\"gnutls on Red Hat Enterprise Linux Desktop (v. 6),\n Red Hat Enterprise Linux Server (v. 6),\n Red Hat Enterprise Linux Workstation (v. 6)\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"insight\", value:\"The GnuTLS library provides support for cryptographic algorithms and for\n protocols such as Transport Layer Security (TLS).\n\n A flaw was found in the way GnuTLS decrypted malformed TLS records. This\n could cause a TLS/SSL client or server to crash when processing a\n specially-crafted TLS record from a remote TLS/SSL connection peer.\n (CVE-2012-1573)\n\n A boundary error was found in the gnutls_session_get_data() function. A\n malicious TLS/SSL server could use this flaw to crash a TLS/SSL client or,\n possibly, execute arbitrary code as the client, if the client passed a\n fixed-sized buffer to gnutls_session_get_data() before checking the real\n size of the session data provided by the server. (CVE-2011-4128)\n\n Red Hat would like to thank Matthew Hall of Mu Dynamics for reporting\n CVE-2012-1573.\n\n Users of GnuTLS are advised to upgrade to these updated packages, which\n contain backported patches to correct these issues. For the update to take\n effect, all applications linked to the GnuTLS library must be restarted, or\n the system rebooted.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_6\")\n{\n\n if ((res = isrpmvuln(pkg:\"gnutls\", rpm:\"gnutls~2.8.5~4.el6_2.2\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"gnutls-debuginfo\", rpm:\"gnutls-debuginfo~2.8.5~4.el6_2.2\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"gnutls-devel\", rpm:\"gnutls-devel~2.8.5~4.el6_2.2\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"gnutls-utils\", rpm:\"gnutls-utils~2.8.5~4.el6_2.2\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:38:50", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2012-07-30T00:00:00", "type": "openvas", "title": "CentOS Update for gnutls CESA-2012:0429 centos6", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-4128", "CVE-2012-1573"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310881204", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310881204", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for gnutls CESA-2012:0429 centos6\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2012-March/018532.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.881204\");\n script_version(\"$Revision: 14222 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 13:50:48 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-07-30 16:45:03 +0530 (Mon, 30 Jul 2012)\");\n script_cve_id(\"CVE-2011-4128\", \"CVE-2012-1573\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_xref(name:\"CESA\", value:\"2012:0429\");\n script_name(\"CentOS Update for gnutls CESA-2012:0429 centos6\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'gnutls'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS6\");\n script_tag(name:\"affected\", value:\"gnutls on CentOS 6\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_tag(name:\"insight\", value:\"The GnuTLS library provides support for cryptographic algorithms and for\n protocols such as Transport Layer Security (TLS).\n\n A flaw was found in the way GnuTLS decrypted malformed TLS records. This\n could cause a TLS/SSL client or server to crash when processing a\n specially-crafted TLS record from a remote TLS/SSL connection peer.\n (CVE-2012-1573)\n\n A boundary error was found in the gnutls_session_get_data() function. A\n malicious TLS/SSL server could use this flaw to crash a TLS/SSL client or,\n possibly, execute arbitrary code as the client, if the client passed a\n fixed-sized buffer to gnutls_session_get_data() before checking the real\n size of the session data provided by the server. (CVE-2011-4128)\n\n Red Hat would like to thank Matthew Hall of Mu Dynamics for reporting\n CVE-2012-1573.\n\n Users of GnuTLS are advised to upgrade to these updated packages, which\n contain backported patches to correct these issues. For the update to take\n effect, all applications linked to the GnuTLS library must be restarted, or\n the system rebooted.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS6\")\n{\n\n if ((res = isrpmvuln(pkg:\"gnutls\", rpm:\"gnutls~2.8.5~4.el6_2.2\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"gnutls-devel\", rpm:\"gnutls-devel~2.8.5~4.el6_2.2\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"gnutls-guile\", rpm:\"gnutls-guile~2.8.5~4.el6_2.2\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"gnutls-utils\", rpm:\"gnutls-utils~2.8.5~4.el6_2.2\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:39:08", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1418-1", "cvss3": {}, "published": "2012-04-11T00:00:00", "type": "openvas", "title": "Ubuntu Update for gnutls26 USN-1418-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-4128", "CVE-2012-1573"], "modified": "2019-03-13T00:00:00", "id": "OPENVAS:1361412562310840978", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310840978", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1418_1.nasl 14132 2019-03-13 09:25:59Z cfischer $\n#\n# Ubuntu Update for gnutls26 USN-1418-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-1418-1/\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.840978\");\n script_version(\"$Revision: 14132 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 10:25:59 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-04-11 11:00:27 +0530 (Wed, 11 Apr 2012)\");\n script_cve_id(\"CVE-2011-4128\", \"CVE-2012-1573\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_xref(name:\"USN\", value:\"1418-1\");\n script_name(\"Ubuntu Update for gnutls26 USN-1418-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(10\\.10|10\\.04 LTS|11\\.10|11\\.04|8\\.04 LTS)\");\n script_tag(name:\"summary\", value:\"Ubuntu Update for Linux kernel vulnerabilities USN-1418-1\");\n script_tag(name:\"affected\", value:\"gnutls26 on Ubuntu 11.10,\n Ubuntu 11.04,\n Ubuntu 10.10,\n Ubuntu 10.04 LTS,\n Ubuntu 8.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"insight\", value:\"Alban Crequy discovered that the GnuTLS library incorrectly checked array\n bounds when copying TLS session data. A remote attacker could crash a client\n application, leading to a denial of service, as the client application prepared\n for TLS session resumption. (CVE-2011-4128)\n\n Matthew Hall discovered that the GnuTLS library incorrectly handled TLS\n records. A remote attacker could crash client and server applications, leading\n to a denial of service, by sending a crafted TLS record. (CVE-2012-1573)\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU10.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libgnutls26\", ver:\"2.8.6-1ubuntu0.1\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU10.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libgnutls26\", ver:\"2.8.5-2ubuntu0.1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU11.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libgnutls26\", ver:\"2.10.5-1ubuntu3.1\", rls:\"UBUNTU11.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU11.04\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libgnutls26\", ver:\"2.8.6-1ubuntu2.1\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU8.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libgnutls13\", ver:\"2.0.4-1ubuntu2.7\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:39:11", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2012-04-11T00:00:00", "type": "openvas", "title": "Fedora Update for gnutls FEDORA-2012-4569", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-4128", "CVE-2012-1573"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310864134", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310864134", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for gnutls FEDORA-2012-4569\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077071.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.864134\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-04-11 10:42:54 +0530 (Wed, 11 Apr 2012)\");\n script_cve_id(\"CVE-2011-4128\", \"CVE-2012-1573\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_xref(name:\"FEDORA\", value:\"2012-4569\");\n script_name(\"Fedora Update for gnutls FEDORA-2012-4569\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'gnutls'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC15\");\n script_tag(name:\"affected\", value:\"gnutls on Fedora 15\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC15\")\n{\n\n if ((res = isrpmvuln(pkg:\"gnutls\", rpm:\"gnutls~2.10.5~3.fc15\", rls:\"FC15\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:36:25", "description": "Oracle Linux Local Security Checks ELSA-2012-0429", "cvss3": {}, "published": "2015-10-06T00:00:00", "type": "openvas", "title": "Oracle Linux Local Check: ELSA-2012-0429", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-4128", "CVE-2012-1573"], "modified": "2018-09-28T00:00:00", "id": "OPENVAS:1361412562310123945", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310123945", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2012-0429.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.123945\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-06 14:10:39 +0300 (Tue, 06 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2012-0429\");\n script_tag(name:\"insight\", value:\"ELSA-2012-0429 - gnutls security update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2012-0429\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2012-0429.html\");\n script_cve_id(\"CVE-2011-4128\", \"CVE-2012-1573\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux6\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux6\")\n{\n if ((res = isrpmvuln(pkg:\"gnutls\", rpm:\"gnutls~2.8.5~4.el6_2.2\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"gnutls-devel\", rpm:\"gnutls-devel~2.8.5~4.el6_2.2\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"gnutls-guile\", rpm:\"gnutls-guile~2.8.5~4.el6_2.2\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"gnutls-utils\", rpm:\"gnutls-utils~2.8.5~4.el6_2.2\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2017-12-04T11:19:47", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1418-1", "cvss3": {}, "published": "2012-04-11T00:00:00", "type": "openvas", "title": "Ubuntu Update for gnutls26 USN-1418-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-4128", "CVE-2012-1573"], "modified": "2017-12-01T00:00:00", "id": "OPENVAS:840978", "href": "http://plugins.openvas.org/nasl.php?oid=840978", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1418_1.nasl 7960 2017-12-01 06:58:16Z santu $\n#\n# Ubuntu Update for gnutls26 USN-1418-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Alban Crequy discovered that the GnuTLS library incorrectly checked array\n bounds when copying TLS session data. A remote attacker could crash a client\n application, leading to a denial of service, as the client application prepared\n for TLS session resumption. (CVE-2011-4128)\n\n Matthew Hall discovered that the GnuTLS library incorrectly handled TLS\n records. A remote attacker could crash client and server applications, leading\n to a denial of service, by sending a crafted TLS record. (CVE-2012-1573)\";\n\ntag_summary = \"Ubuntu Update for Linux kernel vulnerabilities USN-1418-1\";\ntag_affected = \"gnutls26 on Ubuntu 11.10 ,\n Ubuntu 11.04 ,\n Ubuntu 10.10 ,\n Ubuntu 10.04 LTS ,\n Ubuntu 8.04 LTS\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-1418-1/\");\n script_id(840978);\n script_version(\"$Revision: 7960 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-01 07:58:16 +0100 (Fri, 01 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-04-11 11:00:27 +0530 (Wed, 11 Apr 2012)\");\n script_cve_id(\"CVE-2011-4128\", \"CVE-2012-1573\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_xref(name: \"USN\", value: \"1418-1\");\n script_name(\"Ubuntu Update for gnutls26 USN-1418-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU10.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libgnutls26\", ver:\"2.8.6-1ubuntu0.1\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU10.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libgnutls26\", ver:\"2.8.5-2ubuntu0.1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU11.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libgnutls26\", ver:\"2.10.5-1ubuntu3.1\", rls:\"UBUNTU11.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU11.04\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libgnutls26\", ver:\"2.8.6-1ubuntu2.1\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU8.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libgnutls13\", ver:\"2.0.4-1ubuntu2.7\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-01-11T11:06:15", "description": "Check for the Version of gnutls", "cvss3": {}, "published": "2012-07-09T00:00:00", "type": "openvas", "title": "RedHat Update for gnutls RHSA-2012:0429-01", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-4128", "CVE-2012-1573"], "modified": "2018-01-10T00:00:00", "id": "OPENVAS:870675", "href": "http://plugins.openvas.org/nasl.php?oid=870675", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for gnutls RHSA-2012:0429-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The GnuTLS library provides support for cryptographic algorithms and for\n protocols such as Transport Layer Security (TLS).\n\n A flaw was found in the way GnuTLS decrypted malformed TLS records. This\n could cause a TLS/SSL client or server to crash when processing a\n specially-crafted TLS record from a remote TLS/SSL connection peer.\n (CVE-2012-1573)\n\n A boundary error was found in the gnutls_session_get_data() function. A\n malicious TLS/SSL server could use this flaw to crash a TLS/SSL client or,\n possibly, execute arbitrary code as the client, if the client passed a\n fixed-sized buffer to gnutls_session_get_data() before checking the real\n size of the session data provided by the server. (CVE-2011-4128)\n\n Red Hat would like to thank Matthew Hall of Mu Dynamics for reporting\n CVE-2012-1573.\n\n Users of GnuTLS are advised to upgrade to these updated packages, which\n contain backported patches to correct these issues. For the update to take\n effect, all applications linked to the GnuTLS library must be restarted, or\n the system rebooted.\";\n\ntag_affected = \"gnutls on Red Hat Enterprise Linux Desktop (v. 6),\n Red Hat Enterprise Linux Server (v. 6),\n Red Hat Enterprise Linux Workstation (v. 6)\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/rhsa-announce/2012-March/msg00023.html\");\n script_id(870675);\n script_version(\"$Revision: 8352 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-10 08:01:57 +0100 (Wed, 10 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-07-09 10:45:29 +0530 (Mon, 09 Jul 2012)\");\n script_cve_id(\"CVE-2011-4128\", \"CVE-2012-1573\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_xref(name: \"RHSA\", value: \"2012:0429-01\");\n script_name(\"RedHat Update for gnutls RHSA-2012:0429-01\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of gnutls\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"RHENT_6\")\n{\n\n if ((res = isrpmvuln(pkg:\"gnutls\", rpm:\"gnutls~2.8.5~4.el6_2.2\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"gnutls-debuginfo\", rpm:\"gnutls-debuginfo~2.8.5~4.el6_2.2\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"gnutls-devel\", rpm:\"gnutls-devel~2.8.5~4.el6_2.2\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"gnutls-utils\", rpm:\"gnutls-utils~2.8.5~4.el6_2.2\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-01-02T10:57:53", "description": "Check for the Version of gnutls", "cvss3": {}, "published": "2012-04-11T00:00:00", "type": "openvas", "title": "Fedora Update for gnutls FEDORA-2012-4569", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-4128", "CVE-2012-1573"], "modified": "2017-12-29T00:00:00", "id": "OPENVAS:864134", "href": "http://plugins.openvas.org/nasl.php?oid=864134", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for gnutls FEDORA-2012-4569\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"gnutls on Fedora 15\";\ntag_insight = \"GnuTLS is a project that aims to develop a library which provides a secure\n layer, over a reliable transport layer. Currently the GnuTLS library implements\n the proposed standards by the IETF's TLS working group.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077071.html\");\n script_id(864134);\n script_version(\"$Revision: 8257 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-29 07:29:46 +0100 (Fri, 29 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-04-11 10:42:54 +0530 (Wed, 11 Apr 2012)\");\n script_cve_id(\"CVE-2011-4128\", \"CVE-2012-1573\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_xref(name: \"FEDORA\", value: \"2012-4569\");\n script_name(\"Fedora Update for gnutls FEDORA-2012-4569\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of gnutls\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC15\")\n{\n\n if ((res = isrpmvuln(pkg:\"gnutls\", rpm:\"gnutls~2.10.5~3.fc15\", rls:\"FC15\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-01-06T13:07:02", "description": "Check for the Version of gnutls", "cvss3": {}, "published": "2012-07-30T00:00:00", "type": "openvas", "title": "CentOS Update for gnutls CESA-2012:0429 centos6 ", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-4128", "CVE-2012-1573"], "modified": "2018-01-04T00:00:00", "id": "OPENVAS:881204", "href": "http://plugins.openvas.org/nasl.php?oid=881204", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for gnutls CESA-2012:0429 centos6 \n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The GnuTLS library provides support for cryptographic algorithms and for\n protocols such as Transport Layer Security (TLS).\n\n A flaw was found in the way GnuTLS decrypted malformed TLS records. This\n could cause a TLS/SSL client or server to crash when processing a\n specially-crafted TLS record from a remote TLS/SSL connection peer.\n (CVE-2012-1573)\n \n A boundary error was found in the gnutls_session_get_data() function. A\n malicious TLS/SSL server could use this flaw to crash a TLS/SSL client or,\n possibly, execute arbitrary code as the client, if the client passed a\n fixed-sized buffer to gnutls_session_get_data() before checking the real\n size of the session data provided by the server. (CVE-2011-4128)\n \n Red Hat would like to thank Matthew Hall of Mu Dynamics for reporting\n CVE-2012-1573.\n \n Users of GnuTLS are advised to upgrade to these updated packages, which\n contain backported patches to correct these issues. For the update to take\n effect, all applications linked to the GnuTLS library must be restarted, or\n the system rebooted.\";\n\ntag_affected = \"gnutls on CentOS 6\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2012-March/018532.html\");\n script_id(881204);\n script_version(\"$Revision: 8285 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-04 07:29:16 +0100 (Thu, 04 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-07-30 16:45:03 +0530 (Mon, 30 Jul 2012)\");\n script_cve_id(\"CVE-2011-4128\", \"CVE-2012-1573\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_xref(name: \"CESA\", value: \"2012:0429\");\n script_name(\"CentOS Update for gnutls CESA-2012:0429 centos6 \");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of gnutls\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS6\")\n{\n\n if ((res = isrpmvuln(pkg:\"gnutls\", rpm:\"gnutls~2.8.5~4.el6_2.2\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"gnutls-devel\", rpm:\"gnutls-devel~2.8.5~4.el6_2.2\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"gnutls-guile\", rpm:\"gnutls-guile~2.8.5~4.el6_2.2\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"gnutls-utils\", rpm:\"gnutls-utils~2.8.5~4.el6_2.2\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2020-03-17T23:03:09", "description": "The remote host is missing an update announced via the referenced Security Advisory.", "cvss3": {}, "published": "2015-09-08T00:00:00", "type": "openvas", "title": "Amazon Linux: Security Advisory (ALAS-2012-59)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-4128", "CVE-2012-1573"], "modified": "2020-03-13T00:00:00", "id": "OPENVAS:1361412562310120418", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310120418", "sourceData": "# Copyright (C) 2015 Eero Volotinen\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.120418\");\n script_version(\"2020-03-13T13:19:50+0000\");\n script_tag(name:\"creation_date\", value:\"2015-09-08 13:25:55 +0200 (Tue, 08 Sep 2015)\");\n script_tag(name:\"last_modification\", value:\"2020-03-13 13:19:50 +0000 (Fri, 13 Mar 2020)\");\n script_name(\"Amazon Linux: Security Advisory (ALAS-2012-59)\");\n script_tag(name:\"insight\", value:\"A flaw was found in the way GnuTLS decrypted malformed TLS records. This could cause a TLS/SSL client or server to crash when processing a specially-crafted TLS record from a remote TLS/SSL connection peer. (CVE-2012-1573 )A boundary error was found in the gnutls_session_get_data() function. A malicious TLS/SSL server could use this flaw to crash a TLS/SSL client or, possibly, execute arbitrary code as the client, if the client passed a fixed-sized buffer to gnutls_session_get_data() before checking the real size of the session data provided by the server. (CVE-2011-4128 )\");\n script_tag(name:\"solution\", value:\"Run yum update gnutls to update your system.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://alas.aws.amazon.com/ALAS-2012-59.html\");\n script_cve_id(\"CVE-2011-4128\", \"CVE-2012-1573\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/amazon_linux\", \"ssh/login/release\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"summary\", value:\"The remote host is missing an update announced via the referenced Security Advisory.\");\n script_copyright(\"Copyright (C) 2015 Eero Volotinen\");\n script_family(\"Amazon Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"AMAZON\") {\n if(!isnull(res = isrpmvuln(pkg:\"gnutls-debuginfo\", rpm:\"gnutls-debuginfo~2.8.5~4.6.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"gnutls-guile\", rpm:\"gnutls-guile~2.8.5~4.6.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"gnutls-utils\", rpm:\"gnutls-utils~2.8.5~4.6.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"gnutls-devel\", rpm:\"gnutls-devel~2.8.5~4.6.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"gnutls\", rpm:\"gnutls~2.8.5~4.6.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:39:05", "description": "The remote host is missing updates announced in\nadvisory GLSA 201206-18.", "cvss3": {}, "published": "2012-08-10T00:00:00", "type": "openvas", "title": "Gentoo Security Advisory GLSA 201206-18 (GnuTLS)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-4128", "CVE-2009-2730", "CVE-2009-3555", "CVE-2012-1573"], "modified": "2018-10-12T00:00:00", "id": "OPENVAS:136141256231071585", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231071585", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: glsa_201206_18.nasl 11859 2018-10-12 08:53:01Z cfischer $\n#\n# Auto generated from Gentoo's XML based advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.71585\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_cve_id(\"CVE-2009-2730\", \"CVE-2009-3555\", \"CVE-2011-4128\", \"CVE-2012-1573\");\n script_version(\"$Revision: 11859 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-12 10:53:01 +0200 (Fri, 12 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-08-10 03:22:56 -0400 (Fri, 10 Aug 2012)\");\n script_name(\"Gentoo Security Advisory GLSA 201206-18 (GnuTLS)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Gentoo Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_tag(name:\"insight\", value:\"Multiple vulnerabilities have been found in GnuTLS, allowing a\nremote attacker to perform man-in-the-middle or Denial of Service\nattacks.\");\n script_tag(name:\"solution\", value:\"All GnuTLS users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=net-libs/gnutls-2.12.18'\");\n\n script_xref(name:\"URL\", value:\"http://www.securityspace.com/smysecure/catid.html?in=GLSA%20201206-18\");\n script_xref(name:\"URL\", value:\"http://bugs.gentoo.org/show_bug.cgi?id=281224\");\n script_xref(name:\"URL\", value:\"http://bugs.gentoo.org/show_bug.cgi?id=292025\");\n script_xref(name:\"URL\", value:\"http://bugs.gentoo.org/show_bug.cgi?id=389947\");\n script_xref(name:\"URL\", value:\"http://bugs.gentoo.org/show_bug.cgi?id=409287\");\n script_tag(name:\"summary\", value:\"The remote host is missing updates announced in\nadvisory GLSA 201206-18.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"pkg-lib-gentoo.inc\");\ninclude(\"revisions-lib.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = ispkgvuln(pkg:\"net-libs/gnutls\", unaffected: make_list(\"ge 2.12.18\"), vulnerable: make_list(\"lt 2.12.18\"))) != NULL ) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2017-07-24T12:50:45", "description": "The remote host is missing updates announced in\nadvisory GLSA 201206-18.", "cvss3": {}, "published": "2012-08-10T00:00:00", "type": "openvas", "title": "Gentoo Security Advisory GLSA 201206-18 (GnuTLS)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-4128", "CVE-2009-2730", "CVE-2009-3555", "CVE-2012-1573"], "modified": "2017-07-07T00:00:00", "id": "OPENVAS:71585", "href": "http://plugins.openvas.org/nasl.php?oid=71585", "sourceData": "#\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from Gentoo's XML based advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Multiple vulnerabilities have been found in GnuTLS, allowing a\nremote attacker to perform man-in-the-middle or Denial of Service\nattacks.\";\ntag_solution = \"All GnuTLS users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=net-libs/gnutls-2.12.18'\n \n\nhttp://www.securityspace.com/smysecure/catid.html?in=GLSA%20201206-18\nhttp://bugs.gentoo.org/show_bug.cgi?id=281224\nhttp://bugs.gentoo.org/show_bug.cgi?id=292025\nhttp://bugs.gentoo.org/show_bug.cgi?id=389947\nhttp://bugs.gentoo.org/show_bug.cgi?id=409287\";\ntag_summary = \"The remote host is missing updates announced in\nadvisory GLSA 201206-18.\";\n\n \n \nif(description)\n{\n script_id(71585);\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_cve_id(\"CVE-2009-2730\", \"CVE-2009-3555\", \"CVE-2011-4128\", \"CVE-2012-1573\");\n script_version(\"$Revision: 6589 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 10:27:50 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-08-10 03:22:56 -0400 (Fri, 10 Aug 2012)\");\n script_name(\"Gentoo Security Advisory GLSA 201206-18 (GnuTLS)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Gentoo Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-gentoo.inc\");\nres = \"\";\nreport = \"\";\nif((res = ispkgvuln(pkg:\"net-libs/gnutls\", unaffected: make_list(\"ge 2.12.18\"), vulnerable: make_list(\"lt 2.12.18\"))) != NULL ) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-12-19T16:09:24", "description": "The remote ESXi is missing one or more security related Updates from VMSA-2012-0013.", "cvss3": {}, "published": "2012-08-31T00:00:00", "type": "openvas", "title": "VMware ESXi/ESX updates to third party libraries (VMSA-2012-0013)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-0864", "CVE-2011-3188", "CVE-2011-4108", "CVE-2011-4609", "CVE-2011-4128", "CVE-2012-0815", "CVE-2011-3597", "CVE-2011-4324", "CVE-2011-4110", "CVE-2011-4576", "CVE-2011-4577", "CVE-2012-0507", "CVE-2010-4180", "CVE-2010-4410", "CVE-2011-2699", "CVE-2011-4619", "CVE-2010-2761", "CVE-2011-4132", "CVE-2011-0014", "CVE-2010-0830", "CVE-2011-2484", "CVE-2012-1583", "CVE-2012-0061", "CVE-2012-0393", "CVE-2011-3209", "CVE-2012-0050", "CVE-2011-3363", "CVE-2012-0060", "CVE-2011-1833", "CVE-2012-0207", "CVE-2011-1020", "CVE-2012-2110", "CVE-2012-1569", "CVE-2010-4252", "CVE-2012-0841", "CVE-2009-5029", "CVE-2011-4325", "CVE-2012-1573", "CVE-2011-4109", "CVE-2011-1089", "CVE-2009-5064", "CVE-2011-2496"], "modified": "2019-12-18T00:00:00", "id": "OPENVAS:1361412562310103558", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310103558", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# VMSA-2012-0013 VMware vSphere and vCOps updates to third party libraries\n#\n# Authors:\n# Michael Meyer <michael.meyer@greenbone.net>\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.103558\");\n script_cve_id(\"CVE-2010-4180\", \"CVE-2010-4252\", \"CVE-2011-0014\", \"CVE-2011-4108\", \"CVE-2011-4109\", \"CVE-2011-4576\", \"CVE-2011-4577\", \"CVE-2011-4619\", \"CVE-2012-0050\",\n \"CVE-2012-2110\", \"CVE-2011-1833\", \"CVE-2011-2484\", \"CVE-2011-2496\", \"CVE-2011-3188\", \"CVE-2011-3209\", \"CVE-2011-3363\", \"CVE-2011-4110\", \"CVE-2011-1020\",\n \"CVE-2011-4132\", \"CVE-2011-4324\", \"CVE-2011-4325\", \"CVE-2012-0207\", \"CVE-2011-2699\", \"CVE-2012-1583\", \"CVE-2010-2761\", \"CVE-2010-4410\", \"CVE-2011-3597\",\n \"CVE-2012-0841\", \"CVE-2009-5029\", \"CVE-2009-5064\", \"CVE-2010-0830\", \"CVE-2011-1089\", \"CVE-2011-4609\", \"CVE-2012-0864\", \"CVE-2011-4128\", \"CVE-2012-1569\",\n \"CVE-2012-1573\", \"CVE-2012-0060\", \"CVE-2012-0061\", \"CVE-2012-0815\", \"CVE-2012-0393\", \"CVE-2012-0507\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_version(\"2019-12-18T11:13:08+0000\");\n script_name(\"VMware ESXi/ESX updates to third party libraries (VMSA-2012-0013)\");\n script_tag(name:\"last_modification\", value:\"2019-12-18 11:13:08 +0000 (Wed, 18 Dec 2019)\");\n script_tag(name:\"creation_date\", value:\"2012-08-31 11:02:01 +0100 (Fri, 31 Aug 2012)\");\n script_category(ACT_GATHER_INFO);\n script_family(\"VMware Local Security Checks\");\n script_copyright(\"Copyright (C) 2012 Greenbone Networks GmbH\");\n script_dependencies(\"gb_vmware_esxi_init.nasl\");\n script_mandatory_keys(\"VMware/ESXi/LSC\", \"VMware/ESX/version\");\n\n script_xref(name:\"URL\", value:\"http://www.vmware.com/security/advisories/VMSA-2012-0013.html\");\n\n script_tag(name:\"solution\", value:\"Apply the missing patch(es).\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if the target host is missing one or more patch(es).\");\n\n script_tag(name:\"summary\", value:\"The remote ESXi is missing one or more security related Updates from VMSA-2012-0013.\");\n\n script_tag(name:\"affected\", value:\"VMware ESX without patches ESX410-201208101-SG, ESX410-201208102-SG, ESX410-201208103-SG, ESX410-201208104-SG, ESX410-201208105-SG, ESX410-201208106-SG, ESX410-201208107-SG\n\n VMware ESXi without patch ESXi410-201208101-SG\");\n\n script_tag(name:\"insight\", value:\"a. vCenter and ESX update to JRE 1.6.0 Update 31\n\n The Oracle (Sun) JRE is updated to version 1.6.0_31, which addresses multiple\n security issues. Oracle has documented the CVE identifiers that are addressed by\n this update in the Oracle Java SE Critical Patch Update Advisory of February 2012.\n\n b. vCenter Update Manager update to JRE 1.5.0 Update 36\n\n The Oracle (Sun) JRE is updated to 1.5.0_36 to address multiple security issues.\n Oracle has documented the CVE identifiers that are addressed in JRE 1.5.0_36 in\n the Oracle Java SE Critical Patch Update Advisory for June 2012.\n\n c. Update to ESX/ESXi userworld OpenSSL library\n\n The ESX/ESXi userworld OpenSSL library is updated from version 0.9.8p to version\n 0.9.8t to resolve multiple security issues.\n\n d. Update to ESX service console OpenSSL RPM\n\n The service console OpenSSL RPM is updated to version 0.9.8e-22.el5_8.3 to\n resolve a security issue.\n\n e. Update to ESX service console kernel\n\n The ESX service console kernel is updated to resolve multiple security issues.\n\n f. Update to ESX service console Perl RPM\n\n The ESX service console Perl RPM is updated to perl-5.8.8.32.1.8999.vmw to\n resolve multiple security issues.\n\n g. Update to ESX service console libxml2 RPM\n\n The ESX service console libmxl2 RPMs are updated to\n libxml2-2.6.26-2.1.15.el5_8.2 and libxml2-python-2.6.26-2.1.15.el5_8.2 to\n resolve a security issue.\n\n h. Update to ESX service console glibc RPM\n\n The ESX service console glibc RPM is updated to version glibc-2.5-81.el5_8.1 to\n resolve multiple security issues.\n\n i. Update to ESX service console GnuTLS RPM\n\n The ESX service console GnuTLS RPM is updated to version 1.4.1-7.el5_8.2 to\n resolve multiple security issues.\n\n j. Update to ESX service console popt, rpm, rpm-libs, and rpm-python RPMS\n\n The ESX service console popt, rpm, rpm-libs, and rpm-python RPMS are updated to\n the following versions to resolve multiple security issues:\n\n k. Vulnerability in third party Apache Struts component\n\n The version of Apache Struts in vCenter Operations has been updated to 2.3.4\n which addresses an arbitrary file overwrite vulnerability. This vulnerability\n allows an attacker to create a denial of service by overwriting arbitrary files\n without authentication. The attacker would need to be on the same network as the\n system where vCOps is installed.\");\n\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"vmware_esx.inc\");\ninclude(\"version_func.inc\");\n\nif(!get_kb_item(\"VMware/ESXi/LSC\"))\n exit(0);\n\nif(!esxVersion = get_kb_item(\"VMware/ESX/version\"))\n exit(0);\n\npatches = make_array(\"4.1.0\", \"ESXi410-Update03:2012-08-30\");\n\nif(!patches[esxVersion])\n exit(99);\n\nif(report = esxi_patch_missing(esxi_version:esxVersion, patch:patches[esxVersion])) {\n security_message(port:0, data:report);\n exit(0);\n}\n\nexit(99);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2017-07-02T21:10:58", "description": "The remote ESXi is missing one or more security related Updates from VMSA-2012-0013.\n\nSummary\nVMware has updated several third party libraries in vSphere and vcOps to address multiple security vulnerabilities.\n\nRelevant releases\nVMware vCenter 4.1 without Update 3\nVMware vCenter Update Manager 4.1 without Update 3\nVMware ESX without patches ESX410-201208101-SG, ESX410-201208102-SG,\n ESX410-201208103-SG, ESX410-201208104-SG, ESX410-201208105-SG,\n ESX410-201208106-SG, ESX410-201208107-SG\nVMware ESXi without patch ESXi410-201208101-SG\n \n\nProblem Description\na. vCenter and ESX update to JRE 1.6.0 Update 31\n\nThe Oracle (Sun) JRE is updated to version 1.6.0_31, which addresses multiple\nsecurity issues. Oracle has documented the CVE identifiers that are addressed by\nthis update in the Oracle Java SE Critical Patch Update Advisory of February\n2012.\n\nb. vCenter Update Manager update to JRE 1.5.0 Update 36\n\nThe Oracle (Sun) JRE is updated to 1.5.0_36 to address multiple security issues.\nOracle has documented the CVE identifiers that are addressed in JRE 1.5.0_36 in\nthe Oracle Java SE Critical Patch Update Advisory for June 2012.\n\nc. Update to ESX/ESXi userworld OpenSSL library\n\nThe ESX/ESXi userworld OpenSSL library is updated from version 0.9.8p to version\n0.9.8t to resolve multiple security issues.\n\nd. Update to ESX service console OpenSSL RPM\n\nThe service console OpenSSL RPM is updated to version 0.9.8e-22.el5_8.3 to\nresolve a security issue.\n\ne. Update to ESX service console kernel\n\nThe ESX service console kernel is updated to resolve multiple security issues.\n\nf. Update to ESX service console Perl RPM\n\nThe ESX service console Perl RPM is updated to perl-5.8.8.32.1.8999.vmw to\nresolve multiple security issues.\n\ng. Update to ESX service console libxml2 RPM\n\nThe ESX service console libmxl2 RPMs are updated to\nlibxml2-2.6.26-2.1.15.el5_8.2 and libxml2-python-2.6.26-2.1.15.el5_8.2 to\nresolve a security issue.\n\nh. Update to ESX service console glibc RPM\n\nThe ESX service console glibc RPM is updated to version glibc-2.5-81.el5_8.1 to\nresolve multiple security issues.\n\ni. Update to ESX service console GnuTLS RPM\n\nThe ESX service console GnuTLS RPM is updated to version 1.4.1-7.el5_8.2 to\nresolve multiple security issues.\n\nj. Update to ESX service console popt, rpm, rpm-libs, and rpm-python RPMS\n\nThe ESX service console popt, rpm, rpm-libs, and rpm-python RPMS are updated to\nthe following versions to resolve multiple security issues:\n\nk. Vulnerability in third party Apache Struts component\n\nThe version of Apache Struts in vCenter Operations has been updated to 2.3.4\nwhich addresses an arbitrary file overwrite vulnerability. This vulnerability\nallows an attacker to create a denial of service by overwriting arbitrary files\nwithout authentication. The attacker would need to be on the same network as the\nsystem where vCOps is installed.\n\nSolution\nApply the missing patch(es).", "cvss3": {}, "published": "2012-08-31T00:00:00", "type": "openvas", "title": "VMSA-2012-0013 VMware vSphere and vCOps updates to third party libraries.", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-0864", "CVE-2011-3188", "CVE-2011-4108", "CVE-2011-4609", "CVE-2011-4128", "CVE-2012-0815", "CVE-2011-3597", "CVE-2011-4324", "CVE-2011-4110", "CVE-2011-4576", "CVE-2011-4577", "CVE-2012-0507", "CVE-2010-4180", "CVE-2010-4410", "CVE-2011-2699", "CVE-2011-4619", "CVE-2010-2761", "CVE-2011-4132", "CVE-2011-0014", "CVE-2010-0830", "CVE-2011-2484", "CVE-2012-1583", "CVE-2012-0061", "CVE-2012-0393", "CVE-2011-3209", "CVE-2012-0050", "CVE-2011-3363", "CVE-2012-0060", "CVE-2011-1833", "CVE-2012-0207", "CVE-2011-1020", "CVE-2012-2110", "CVE-2012-1569", "CVE-2010-4252", "CVE-2012-0841", "CVE-2009-5029", "CVE-2011-4325", "CVE-2012-1573", "CVE-2011-4109", "CVE-2011-1089", "CVE-2009-5064", "CVE-2011-2496"], "modified": "2017-04-12T00:00:00", "id": "OPENVAS:103558", "href": "http://plugins.openvas.org/nasl.php?oid=103558", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_VMSA-2012-0013.nasl 5940 2017-04-12 09:02:05Z teissa $\n#\n# VMSA-2012-0013 VMware vSphere and vCOps updates to third party libraries\n#\n# Authors:\n# Michael Meyer <michael.meyer@greenbone.net>\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_summary = \"The remote ESXi is missing one or more security related Updates from VMSA-2012-0013.\n\nSummary\nVMware has updated several third party libraries in vSphere and vcOps to address multiple security vulnerabilities.\n\nRelevant releases\nVMware vCenter 4.1 without Update 3\nVMware vCenter Update Manager 4.1 without Update 3\nVMware ESX without patches ESX410-201208101-SG, ESX410-201208102-SG,\n ESX410-201208103-SG, ESX410-201208104-SG, ESX410-201208105-SG,\n ESX410-201208106-SG, ESX410-201208107-SG\nVMware ESXi without patch ESXi410-201208101-SG\n \n\nProblem Description\na. vCenter and ESX update to JRE 1.6.0 Update 31\n\nThe Oracle (Sun) JRE is updated to version 1.6.0_31, which addresses multiple\nsecurity issues. Oracle has documented the CVE identifiers that are addressed by\nthis update in the Oracle Java SE Critical Patch Update Advisory of February\n2012.\n\nb. vCenter Update Manager update to JRE 1.5.0 Update 36\n\nThe Oracle (Sun) JRE is updated to 1.5.0_36 to address multiple security issues.\nOracle has documented the CVE identifiers that are addressed in JRE 1.5.0_36 in\nthe Oracle Java SE Critical Patch Update Advisory for June 2012.\n\nc. Update to ESX/ESXi userworld OpenSSL library\n\nThe ESX/ESXi userworld OpenSSL library is updated from version 0.9.8p to version\n0.9.8t to resolve multiple security issues.\n\nd. Update to ESX service console OpenSSL RPM\n\nThe service console OpenSSL RPM is updated to version 0.9.8e-22.el5_8.3 to\nresolve a security issue.\n\ne. Update to ESX service console kernel\n\nThe ESX service console kernel is updated to resolve multiple security issues.\n\nf. Update to ESX service console Perl RPM\n\nThe ESX service console Perl RPM is updated to perl-5.8.8.32.1.8999.vmw to\nresolve multiple security issues.\n\ng. Update to ESX service console libxml2 RPM\n\nThe ESX service console libmxl2 RPMs are updated to\nlibxml2-2.6.26-2.1.15.el5_8.2 and libxml2-python-2.6.26-2.1.15.el5_8.2 to\nresolve a security issue.\n\nh. Update to ESX service console glibc RPM\n\nThe ESX service console glibc RPM is updated to version glibc-2.5-81.el5_8.1 to\nresolve multiple security issues.\n\ni. Update to ESX service console GnuTLS RPM\n\nThe ESX service console GnuTLS RPM is updated to version 1.4.1-7.el5_8.2 to\nresolve multiple security issues.\n\nj. Update to ESX service console popt, rpm, rpm-libs, and rpm-python RPMS\n\nThe ESX service console popt, rpm, rpm-libs, and rpm-python RPMS are updated to\nthe following versions to resolve multiple security issues:\n\nk. Vulnerability in third party Apache Struts component\n\nThe version of Apache Struts in vCenter Operations has been updated to 2.3.4\nwhich addresses an arbitrary file overwrite vulnerability. This vulnerability\nallows an attacker to create a denial of service by overwriting arbitrary files\nwithout authentication. The attacker would need to be on the same network as the\nsystem where vCOps is installed.\n\nSolution\nApply the missing patch(es).\";\n\n\nif (description)\n{\n script_id(103558);\n script_cve_id(\"CVE-2010-4180\",\"CVE-2010-4252\",\"CVE-2011-0014\",\"CVE-2011-4108\",\"CVE-2011-4109\",\"CVE-2011-4576\",\"CVE-2011-4577\",\"CVE-2011-4619\",\"CVE-2012-0050\",\n \"CVE-2012-2110\",\"CVE-2011-1833\",\"CVE-2011-2484\",\"CVE-2011-2496\",\"CVE-2011-3188\",\"CVE-2011-3209\",\"CVE-2011-3363\",\"CVE-2011-4110\",\"CVE-2011-1020\",\n \"CVE-2011-4132\",\"CVE-2011-4324\",\"CVE-2011-4325\",\"CVE-2012-0207\",\"CVE-2011-2699\",\"CVE-2012-1583\",\"CVE-2010-2761\",\"CVE-2010-4410\",\"CVE-2011-3597\",\n \"CVE-2012-0841\",\"CVE-2009-5029\",\"CVE-2009-5064\",\"CVE-2010-0830\",\"CVE-2011-1089\",\"CVE-2011-4609\",\"CVE-2012-0864\",\"CVE-2011-4128\",\"CVE-2012-1569\",\n \"CVE-2012-1573\",\"CVE-2012-0060\",\"CVE-2012-0061\",\"CVE-2012-0815\",\"CVE-2012-0393\",\"CVE-2012-0507\");\n\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_version (\"$Revision: 5940 $\");\n script_name(\"VMSA-2012-0013 VMware vSphere and vCOps updates to third party libraries.\");\n\n\n script_tag(name:\"last_modification\", value:\"$Date: 2017-04-12 11:02:05 +0200 (Wed, 12 Apr 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-08-31 11:02:01 +0100 (Fri, 31 Aug 2012)\");\n script_category(ACT_GATHER_INFO);\n script_family(\"VMware Local Security Checks\");\n script_copyright(\"This script is Copyright (C) 2012 Greenbone Networks GmbH\");\n script_dependencies(\"gb_vmware_esxi_init.nasl\");\n script_mandatory_keys(\"VMware/ESXi/LSC\",\"VMware/ESX/version\");\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"http://www.vmware.com/security/advisories/VMSA-2012-0013.html\");\n exit(0);\n}\n\ninclude(\"vmware_esx.inc\");\ninclude(\"version_func.inc\");\n\nif(!get_kb_item('VMware/ESXi/LSC'))exit(0);\nif(! esxVersion = get_kb_item(\"VMware/ESX/version\"))exit(0);\n\npatches = make_array(\"4.1.0\",\"ESXi410-Update03:2012-08-30\");\n\nif(!patches[esxVersion])exit(0);\n\nif(_esxi_patch_missing(esxi_version:esxVersion, patch:patches[esxVersion])) {\n\n security_message(port:0);\n exit(0);\n\n}\n\nexit(99);\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "oraclelinux": [{"lastseen": "2019-05-29T18:39:25", "description": "[1.4.1-7.2]\n- fix CVE-2011-4128 - buffer overflow in gnutls_session_get_data() (#752308)\n- fix CVE-2012-1569 - missing length check when decoding DER lengths (#804920)\n- fix CVE-2012-1573 - security issue in packet parsing (#805432)", "cvss3": {}, "published": "2012-03-27T00:00:00", "type": "oraclelinux", "title": "gnutls security update", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2011-4128", "CVE-2012-1569", "CVE-2012-1573"], "modified": "2012-03-27T00:00:00", "id": "ELSA-2012-0428", "href": "http://linux.oracle.com/errata/ELSA-2012-0428.html", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:39:27", "description": "[2.3-3.1]\n- fix CVE-2012-1569 - missing length check when decoding DER lengths (#804920)", "cvss3": {}, "published": "2012-03-27T00:00:00", "type": "oraclelinux", "title": "libtasn1 security update", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2012-1569"], "modified": "2012-03-27T00:00:00", "id": "ELSA-2012-0427", "href": "http://linux.oracle.com/errata/ELSA-2012-0427.html", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:36:04", "description": "[2.8.5-4.2]\n- fix CVE-2012-1573 - security issue in packet parsing (#805432)\n- fix CVE-2011-4128 - buffer overflow in gnutls_session_get_data() (#752308)", "cvss3": {}, "published": "2012-03-28T00:00:00", "type": "oraclelinux", "title": "gnutls security update", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2011-4128", "CVE-2012-1573"], "modified": "2012-03-28T00:00:00", "id": "ELSA-2012-0429", "href": "http://linux.oracle.com/errata/ELSA-2012-0429.html", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-11-17T15:28:56", "description": "[2.3-6]\n- added check for null pointer (#1102336)\n[2.3-5]\n- fix various DER decoding issues (#1102336)\n[2.3-4]\n- fix CVE-2012-1569 - missing length check when decoding DER lengths (#804920)", "cvss3": {}, "published": "2014-06-03T00:00:00", "type": "oraclelinux", "title": "libtasn1 security update", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2014-3468", "CVE-2012-1569", "CVE-2014-3469", "CVE-2014-3467"], "modified": "2014-06-03T00:00:00", "id": "ELSA-2014-0596", "href": "http://linux.oracle.com/errata/ELSA-2014-0596.html", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "redhat": [{"lastseen": "2021-10-21T04:42:33", "description": "The GnuTLS library provides support for cryptographic algorithms and for\nprotocols such as Transport Layer Security (TLS). GnuTLS includes libtasn1,\na library developed for ASN.1 (Abstract Syntax Notation One) structures\nmanagement that includes DER (Distinguished Encoding Rules) encoding and\ndecoding.\n\nA flaw was found in the way GnuTLS decrypted malformed TLS records. This\ncould cause a TLS/SSL client or server to crash when processing a\nspecially-crafted TLS record from a remote TLS/SSL connection peer.\n(CVE-2012-1573)\n\nA flaw was found in the way libtasn1 decoded DER data. An attacker could\ncreate a carefully-crafted X.509 certificate that, when parsed by an\napplication that uses GnuTLS, could cause the application to crash.\n(CVE-2012-1569)\n\nA boundary error was found in the gnutls_session_get_data() function. A\nmalicious TLS/SSL server could use this flaw to crash a TLS/SSL client or,\npossibly, execute arbitrary code as the client, if the client passed a\nfixed-sized buffer to gnutls_session_get_data() before checking the real\nsize of the session data provided by the server. (CVE-2011-4128)\n\nRed Hat would like to thank Matthew Hall of Mu Dynamics for reporting\nCVE-2012-1573 and CVE-2012-1569.\n\nUsers of GnuTLS are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. For the update to take\neffect, all applications linked to the GnuTLS library must be restarted, or\nthe system rebooted.\n", "cvss3": {}, "published": "2012-03-27T00:00:00", "type": "redhat", "title": "(RHSA-2012:0428) Important: gnutls security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-4128", "CVE-2012-1569", "CVE-2012-1573"], "modified": "2017-09-08T08:11:41", "id": "RHSA-2012:0428", "href": "https://access.redhat.com/errata/RHSA-2012:0428", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-10-19T18:41:43", "description": "libtasn1 is a library developed for ASN.1 (Abstract Syntax Notation One)\nstructures management that includes DER (Distinguished Encoding Rules)\nencoding and decoding.\n\nA flaw was found in the way libtasn1 decoded DER data. An attacker could\ncreate carefully-crafted DER encoded input (such as an X.509 certificate)\nthat, when parsed by an application that uses libtasn1 (such as\napplications using GnuTLS), could cause the application to crash.\n(CVE-2012-1569)\n\nRed Hat would like to thank Matthew Hall of Mu Dynamics for reporting this\nissue.\n\nUsers of libtasn1 are advised to upgrade to these updated packages, which\ncontain a backported patch to correct this issue. For the update to take\neffect, all applications linked to the libtasn1 library must be restarted,\nor the system rebooted.\n", "cvss3": {}, "published": "2012-03-27T00:00:00", "type": "redhat", "title": "(RHSA-2012:0427) Important: libtasn1 security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-1569"], "modified": "2018-06-06T16:24:12", "id": "RHSA-2012:0427", "href": "https://access.redhat.com/errata/RHSA-2012:0427", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-10-19T18:42:35", "description": "The GnuTLS library provides support for cryptographic algorithms and for\nprotocols such as Transport Layer Security (TLS).\n\nA flaw was found in the way GnuTLS decrypted malformed TLS records. This\ncould cause a TLS/SSL client or server to crash when processing a\nspecially-crafted TLS record from a remote TLS/SSL connection peer.\n(CVE-2012-1573)\n\nA boundary error was found in the gnutls_session_get_data() function. A\nmalicious TLS/SSL server could use this flaw to crash a TLS/SSL client or,\npossibly, execute arbitrary code as the client, if the client passed a\nfixed-sized buffer to gnutls_session_get_data() before checking the real\nsize of the session data provided by the server. (CVE-2011-4128)\n\nRed Hat would like to thank Matthew Hall of Mu Dynamics for reporting\nCVE-2012-1573.\n\nUsers of GnuTLS are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. For the update to take\neffect, all applications linked to the GnuTLS library must be restarted, or\nthe system rebooted.\n", "cvss3": {}, "published": "2012-03-27T00:00:00", "type": "redhat", "title": "(RHSA-2012:0429) Important: gnutls security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-4128", "CVE-2012-1573"], "modified": "2018-06-06T16:24:24", "id": "RHSA-2012:0429", "href": "https://access.redhat.com/errata/RHSA-2012:0429", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-10-19T20:38:59", "description": "The rhev-hypervisor5 package provides a Red Hat Enterprise Virtualization\nHypervisor ISO disk image. The Red Hat Enterprise Virtualization Hypervisor\nis a dedicated Kernel-based Virtual Machine (KVM) hypervisor. It includes\neverything necessary to run and manage virtual machines: A subset of the\nRed Hat Enterprise Linux operating environment and the Red Hat Enterprise\nVirtualization Agent.\n\nNote: Red Hat Enterprise Virtualization Hypervisor is only available for\nthe Intel 64 and AMD64 architectures with virtualization extensions.\n\nA flaw was found in the way libtasn1 decoded DER data. An attacker could\ncreate a carefully-crafted X.509 certificate that, when parsed by an\napplication that uses GnuTLS, could cause the application to crash.\n(CVE-2012-1569)\n\nA flaw was found in the way GnuTLS decrypted malformed TLS records. This\ncould cause a TLS/SSL client or server to crash when processing a\nspecially-crafted TLS record from a remote TLS/SSL connection peer.\n(CVE-2012-1573)\n\nAn integer overflow flaw was found in the implementation of the printf\nfunctions family. This could allow an attacker to bypass FORTIFY_SOURCE\nprotections and execute arbitrary code using a format string flaw in an\napplication, even though these protections are expected to limit the\nimpact of such flaws to an application abort. (CVE-2012-0864)\n\nRed Hat would like to thank Matthew Hall of Mu Dynamics for reporting\nCVE-2012-1569 and CVE-2012-1573.\n\nThis updated package provides updated components that include fixes for\nvarious security issues. These issues have no security impact on Red Hat\nEnterprise Virtualization Hypervisor itself, however. The security fixes\nincluded in this update address the following CVE numbers:\n\nCVE-2011-4128 (gnutls issue)\n\nCVE-2012-1583 (kernel issue)\n\nCVE-2011-3045 (libpng issue)\n\nCVE-2012-0884 and CVE-2012-1165 (openssl issues)\n\nFurther information on the changes made to the package is available on the\nrelevant errata:\n\nhttps://rhn.redhat.com/errata/RHBA-2012-0398.html\n\nUsers of Red Hat Enterprise Virtualization Hypervisor are advised to\nupgrade to this updated package, which fixes these issues.\n", "cvss3": {}, "published": "2012-04-17T00:00:00", "type": "redhat", "title": "(RHSA-2012:0488) Important: rhev-hypervisor5 security and bug fix update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-3045", "CVE-2011-4128", "CVE-2012-0864", "CVE-2012-0884", "CVE-2012-1165", "CVE-2012-1569", "CVE-2012-1573", "CVE-2012-1583"], "modified": "2019-03-22T19:44:58", "id": "RHSA-2012:0488", "href": "https://access.redhat.com/errata/RHSA-2012:0488", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-10-19T20:39:48", "description": "The rhev-hypervisor6 package provides a Red Hat Enterprise Virtualization\nHypervisor ISO disk image. The Red Hat Enterprise Virtualization Hypervisor\nis a dedicated Kernel-based Virtual Machine (KVM) hypervisor. It includes\neverything necessary to run and manage virtual machines: A subset of the\nRed Hat Enterprise Linux operating environment and the Red Hat Enterprise\nVirtualization Agent.\n\nNote: Red Hat Enterprise Virtualization Hypervisor is only available for\nthe Intel 64 and AMD64 architectures with virtualization extensions.\n\nA flaw was found in the way libtasn1 decoded DER data. An attacker could\ncreate carefully-crafted DER encoded input (such as an X.509 certificate)\nthat, when parsed by an application that uses libtasn1 (such as\napplications using GnuTLS), could cause the application to crash.\n(CVE-2012-1569)\n\nA flaw was found in the way GnuTLS decrypted malformed TLS records. This\ncould cause a TLS/SSL client or server to crash when processing a\nspecially-crafted TLS record from a remote TLS/SSL connection peer.\n(CVE-2012-1573)\n\nAn integer overflow flaw was found in the implementation of the printf\nfunctions family. This could allow an attacker to bypass FORTIFY_SOURCE\nprotections and execute arbitrary code using a format string flaw in an\napplication, even though these protections are expected to limit the\nimpact of such flaws to an application abort. (CVE-2012-0864)\n\nRed Hat would like to thank Matthew Hall of Mu Dynamics for reporting\nCVE-2012-1569 and CVE-2012-1573.\n\nThis updated package provides updated components that include fixes for\nvarious security issues. These issues have no security impact on Red Hat\nEnterprise Virtualization Hypervisor itself, however. The security fixes\nincluded in this update address the following CVE numbers:\n\nCVE-2011-4128 (gnutls issue)\n\nCVE-2012-0879, CVE-2012-1090, and CVE-2012-1097 (kernel issues)\n\nCVE-2012-0884 and CVE-2012-1165 (openssl issues)\n\nCVE-2012-0060, CVE-2012-0061, and CVE-2012-0815 (rpm issues)\n\nThis update also fixes the following bug:\n\n* The Hypervisor previously set the lro_disable option for the enic driver.\nThe driver does not support this option, as a result the Hypervisor did\nnot correctly detect and configure the network interfaces of a Cisco M81KR\nadaptor, when present. The Hypervisor has been updated and no longer sets\nthe invalid option for this driver. (BZ#809463)\n\nUsers of Red Hat Enterprise Virtualization Hypervisor are advised to\nupgrade to this updated package, which fixes these issues.\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2012-04-30T00:00:00", "type": "redhat", "title": "(RHSA-2012:0531) Important: rhev-hypervisor6 security and bug fix update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-4128", "CVE-2012-0060", "CVE-2012-0061", "CVE-2012-0815", "CVE-2012-0864", "CVE-2012-0879", "CVE-2012-0884", "CVE-2012-1090", "CVE-2012-1097", "CVE-2012-1165", "CVE-2012-1569", "CVE-2012-1573"], "modified": "2018-06-07T04:59:46", "id": "RHSA-2012:0531", "href": "https://access.redhat.com/errata/RHSA-2012:0531", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "suse": [{"lastseen": "2016-09-04T12:38:49", "description": "The GnuTLS library received a critical security fix and\n other updates:\n\n * CVE-2014-0092: The X.509 certificate verification had\n incorrect error handling, which could lead to broken\n certificates marked as being valid.\n * CVE-2009-5138: A verification problem in handling V1\n certificates could also lead to V1 certificates incorrectly\n being handled.\n * CVE-2013-2116: The _gnutls_ciphertext2compressed\n function in lib/gnutls_cipher.c in GnuTLS allowed remote\n attackers to cause a denial of service (buffer over-read\n and crash) via a crafted padding length.\n * CVE-2013-1619: The TLS implementation in GnuTLS did\n not properly consider timing side-channel attacks on a\n noncompliant MAC check operation during the processing of\n malformed CBC padding, which allows remote attackers to\n conduct distinguishing attacks and plaintext-recovery\n attacks via statistical analysis of timing data for crafted\n packets, a related issue to CVE-2013-0169. (Lucky13)\n * CVE-2012-1569: The asn1_get_length_der function in\n decoding.c in GNU Libtasn1 , as used in GnuTLS did not\n properly handle certain large length values, which allowed\n remote attackers to cause a denial of service (heap memory\n corruption and application crash) or possibly have\n unspecified other impact via a crafted ASN.1 structure.\n * CVE-2012-1573: gnutls_cipher.c in libgnutls in GnuTLS\n did not properly handle data encrypted with a block cipher,\n which allowed remote attackers to cause a denial of service\n (heap memory corruption and application crash) via a\n crafted record, as demonstrated by a crafted\n GenericBlockCipher structure.\n * CVE-2012-0390: The DTLS implementation in GnuTLS\n executed certain error-handling code only if there is a\n specific relationship between a padding length and the\n ciphertext size, which made it easier for remote attackers\n to recover partial plaintext via a timing side-channel\n attack, a related issue to CVE-2011-4108.\n\n Also some non security bugs have been fixed:\n\n * Did some more s390x size_t vs int fixes. (bnc#536809,\n bnc#659128)\n * re-enabled "legacy negotiation" (bnc#554084)\n * fix safe-renegotiation for sle10sp3 and sle10sp4 bug\n (bnc#554084)\n * fix bug bnc#536809, fix gnutls-cli to abort\n connection after detecting a bad certificate\n", "cvss3": {}, "published": "2014-03-04T01:04:52", "type": "suse", "title": "Security update for gnutls (critical)", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2011-4108", "CVE-2013-0169", "CVE-2013-1619", "CVE-2009-5138", "CVE-2014-0092", "CVE-2012-0390", "CVE-2012-1569", "CVE-2012-1573", "CVE-2013-2116"], "modified": "2014-03-04T01:04:52", "id": "SUSE-SU-2014:0320-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00001.html", "cvss": {"score": 5.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}}], "slackware": [{"lastseen": "2023-02-08T16:13:17", "description": "New gnutls packages are available for Slackware 12.1, 12.2, 13.0, 13.1,\nand 13.37 to fix security issues.\n\n\nHere are the details from the Slackware 13.37 ChangeLog:\n\npatches/packages/gnutls-2.10.5-i486-2_slack13.37.txz: Rebuilt.\n [Updated to the correct version to fix fetching the \"latest\" from gnu.org]\n This update prevents a side-channel attack which may allow remote attackers\n to conduct distinguishing attacks and plaintext recovery attacks using\n statistical analysis of timing data for crafted packets.\n Other minor security issues are patched as well.\n Thanks to mancha for backporting these patches.\n For more information, see:\n https://vulners.com/cve/CVE-2011-4128\n https://vulners.com/cve/CVE-2012-1569\n https://vulners.com/cve/CVE-2012-1573\n https://vulners.com/cve/CVE-2013-1619\n https://vulners.com/cve/CVE-2013-2116\n (* Security fix *)\n\nWhere to find the new packages:\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating FTP and rsync hosting\nto the Slackware project! :-)\n\nAlso see the \"Get Slack\" section on http://slackware.com for\nadditional mirror sites near you.\n\nUpdated package for Slackware 12.1:\nftp://ftp.slackware.com/pub/slackware/slackware-12.1/patches/packages/gnutls-2.8.4-i486-2_slack12.1.tgz\n\nUpdated package for Slackware 12.2:\nftp://ftp.slackware.com/pub/slackware/slackware-12.2/patches/packages/gnutls-2.8.4-i486-2_slack12.2.tgz\n\nUpdated package for Slackware 13.0:\nftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/gnutls-2.8.4-i486-2_slack13.0.txz\n\nUpdated package for Slackware x86_64 13.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/gnutls-2.8.4-x86_64-2_slack13.0.txz\n\nUpdated package for Slackware 13.1:\nftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/gnutls-2.8.6-i486-2_slack13.1.txz\n\nUpdated package for Slackware x86_64 13.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/gnutls-2.8.6-x86_64-2_slack13.1.txz\n\nUpdated package for Slackware 13.37:\nftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/gnutls-2.10.5-i486-2_slack13.37.txz\n\nUpdated package for Slackware x86_64 13.37:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/gnutls-2.10.5-x86_64-2_slack13.37.txz\n\n\nMD5 signatures:\n\nSlackware 12.1 package:\nb1befa86737a2451146dd108eb58b9a9 gnutls-2.8.4-i486-2_slack12.1.tgz\n\nSlackware 12.2 package:\n7ea0f267149d76ccdcca1206027e664f gnutls-2.8.4-i486-2_slack12.2.tgz\n\nSlackware 13.0 package:\n2c102969a15b8a66e79ec4d07821faf7 gnutls-2.8.4-i486-2_slack13.0.txz\n\nSlackware x86_64 13.0 package:\n501b5709da4ff494a3ecdfee74187281 gnutls-2.8.4-x86_64-2_slack13.0.txz\n\nSlackware 13.1 package:\na7d101cd7fc47cf9e4e0f15406ca29fd gnutls-2.8.6-i486-2_slack13.1.txz\n\nSlackware x86_64 13.1 package:\n65a234fe93b46c7ea29799ffc3e4f25e gnutls-2.8.6-x86_64-2_slack13.1.txz\n\nSlackware 13.37 package:\n9cf8770560e17d1d57267cb05bf3badd gnutls-2.10.5-i486-2_slack13.37.txz\n\nSlackware x86_64 13.37 package:\n349f7f77e29612b679522a4a199c03fa gnutls-2.10.5-x86_64-2_slack13.37.txz\n\n\nInstallation instructions:\n\nUpgrade the package as root:\n > upgradepkg gnutls-2.10.5-i486-2_slack13.37.txz", "cvss3": {}, "published": "2013-10-15T00:18:30", "type": "slackware", "title": "[slackware-security] gnutls", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-4128", "CVE-2012-1569", "CVE-2012-1573", "CVE-2013-1619", "CVE-2013-2116"], "modified": "2013-10-15T00:18:30", "id": "SSA-2013-287-03", "href": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2013&m=slackware-security.467196", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "ubuntucve": [{"lastseen": "2022-08-04T14:30:36", "description": "gnutls_cipher.c in libgnutls in GnuTLS before 2.12.17 and 3.x before 3.0.15\ndoes not properly handle data encrypted with a block cipher, which allows\nremote attackers to cause a denial of service (heap memory corruption and\napplication crash) via a crafted record, as demonstrated by a crafted\nGenericBlockCipher structure.\n\n#### Bugs\n\n * <https://bugzilla.redhat.com/show_bug.cgi?id=805432>\n * <https://bugs.launchpad.net/bugs/978661>\n", "cvss3": {}, "published": "2012-03-26T00:00:00", "type": "ubuntucve", "title": "CVE-2012-1573", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-1573"], "modified": "2012-03-26T00:00:00", "id": "UB:CVE-2012-1573", "href": "https://ubuntu.com/security/CVE-2012-1573", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-08-04T14:30:36", "description": "The asn1_get_length_der function in decoding.c in GNU Libtasn1 before 2.12,\nas used in GnuTLS before 3.0.16 and other products, does not properly\nhandle certain large length values, which allows remote attackers to cause\na denial of service (heap memory corruption and application crash) or\npossibly have unspecified other impact via a crafted ASN.1 structure.\n\n#### Bugs\n\n * <https://bugzilla.redhat.com/show_bug.cgi?id=804920>\n\n\n#### Notes\n\nAuthor| Note \n---|--- \n[jdstrand](<https://launchpad.net/~jdstrand>) | per Simon Josefsson (upstream), asn1_get_length_der() does not itself have the vulnerability, but that callers wouldn't check its return code which could cause a DoS. It was deemed easier for asn1_get_length_der() to throw an error rather than changing all callers. archive grep results for asn1_get_length_der(): https://chinstrap.canonical.com/~jamie/libtasn1.log \n[mdeslaur](<https://launchpad.net/~mdeslaur>) | gnutls test: http://git.savannah.gnu.org/gitweb/?p=gnutls.git;a=commit;h=88138dc44fc00f2887956d71e0febd2656e1fd9f libtasn test: http://git.savannah.gnu.org/cgit/libtasn1.git/plain/tests/Test_overflow.c\n", "cvss3": {}, "published": "2012-03-26T00:00:00", "type": "ubuntucve", "title": "CVE-2012-1569", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-1569"], "modified": "2012-03-26T00:00:00", "id": "UB:CVE-2012-1569", "href": "https://ubuntu.com/security/CVE-2012-1569", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-08-04T14:31:27", "description": "The DTLS implementation in GnuTLS 3.0.10 and earlier executes certain\nerror-handling code only if there is a specific relationship between a\npadding length and the ciphertext size, which makes it easier for remote\nattackers to recover partial plaintext via a timing side-channel attack, a\nrelated issue to CVE-2011-4108.\n\n#### Notes\n\nAuthor| Note \n---|--- \n[tyhicks](<https://launchpad.net/~tyhicks>) | DTLS support was not implemented until gnutls-2.99.0\n", "cvss3": {}, "published": "2012-01-06T00:00:00", "type": "ubuntucve", "title": "CVE-2012-0390", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-4108", "CVE-2012-0390"], "modified": "2012-01-06T00:00:00", "id": "UB:CVE-2012-0390", "href": "https://ubuntu.com/security/CVE-2012-0390", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}], "debiancve": [{"lastseen": "2023-02-28T06:07:49", "description": "gnutls_cipher.c in libgnutls in GnuTLS before 2.12.17 and 3.x before 3.0.15 does not properly handle data encrypted with a block cipher, which allows remote attackers to cause a denial of service (heap memory corruption and application crash) via a crafted record, as demonstrated by a crafted GenericBlockCipher structure.", "cvss3": {}, "published": "2012-03-26T19:55:00", "type": "debiancve", "title": "CVE-2012-1573", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-1573"], "modified": "2012-03-26T19:55:00", "id": "DEBIANCVE:CVE-2012-1573", "href": "https://security-tracker.debian.org/tracker/CVE-2012-1573", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-02-28T06:07:49", "description": "The DTLS implementation in GnuTLS 3.0.10 and earlier executes certain error-handling code only if there is a specific relationship between a padding length and the ciphertext size, which makes it easier for remote attackers to recover partial plaintext via a timing side-channel attack, a related issue to CVE-2011-4108.", "cvss3": {}, "published": "2012-01-06T01:55:00", "type": "debiancve", "title": "CVE-2012-0390", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-4108", "CVE-2012-0390"], "modified": "2012-01-06T01:55:00", "id": "DEBIANCVE:CVE-2012-0390", "href": "https://security-tracker.debian.org/tracker/CVE-2012-0390", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}], "fedora": [{"lastseen": "2020-12-21T08:17:50", "description": "GnuTLS is a project that aims to develop a library which provides a secure layer, over a reliable transport layer. Currently the GnuTLS library implem ents the proposed standards by the IETF's TLS working group. ", "cvss3": {}, "published": "2012-03-26T03:57:43", "type": "fedora", "title": "[SECURITY] Fedora 16 Update: gnutls-2.12.14-2.fc16", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-1573"], "modified": "2012-03-26T03:57:43", "id": "FEDORA:274DA20BB0", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/HBC3FR4GV53WYPGF4VQ5MIBYKFQM5IBI/", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-12-21T08:17:50", "description": "GnuTLS is a project that aims to develop a library which provides a secure layer, over a reliable transport layer. Currently the GnuTLS library implem ents the proposed standards by the IETF's TLS working group. ", "cvss3": {}, "published": "2012-03-26T17:54:06", "type": "fedora", "title": "[SECURITY] Fedora 16 Update: gnutls-2.12.14-2.fc16", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-1573"], "modified": "2012-03-26T17:54:06", "id": "FEDORA:10BA3211D0", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/HBC3FR4GV53WYPGF4VQ5MIBYKFQM5IBI/", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-12-21T08:17:50", "description": "libtasn1 is the ASN.1 library used in GNUTLS. This package contains the MinGW Windows cross compiled libtasn1 library. ", "cvss3": {}, "published": "2012-03-31T03:19:25", "type": "fedora", "title": "[SECURITY] Fedora 16 Update: mingw-libtasn1-2.12-1.fc16", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-1569"], "modified": "2012-03-31T03:19:25", "id": "FEDORA:67F9F215DA", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/BFWPMXHUKWSTO5JMRKPJA4G3HFSPTS5S/", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-12-21T08:17:50", "description": "GnuTLS TLS/SSL encryption library. This library is cross-compiled for MinGW. ", "cvss3": {}, "published": "2012-03-31T03:19:25", "type": "fedora", "title": "[SECURITY] Fedora 16 Update: mingw32-gnutls-2.12.14-3.fc16", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-1569"], "modified": "2012-03-31T03:19:25", "id": "FEDORA:59B5221550", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/Y3YYKOVAWM6WVT3TBY6KFM3IQLR7I3OD/", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-12-21T08:17:50", "description": "This is the ASN.1 library used in GNUTLS. More up to date information can be found at http://www.gnu.org/software/gnutls and http://www.gnutls.org ", "cvss3": {}, "published": "2012-04-06T21:28:08", "type": "fedora", "title": "[SECURITY] Fedora 15 Update: libtasn1-2.12-1.fc15", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-1569"], "modified": "2012-04-06T21:28:08", "id": "FEDORA:E6AB020DAB", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/O4YDOHNFXO2ZAOYBYW4VLU62KXQD754G/", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-12-21T08:17:50", "description": "This is the ASN.1 library used in GNUTLS. More up to date information can be found at http://www.gnu.org/software/gnutls and http://www.gnutls.org ", "cvss3": {}, "published": "2012-04-06T21:31:23", "type": "fedora", "title": "[SECURITY] Fedora 16 Update: libtasn1-2.12-1.fc16", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-1569"], "modified": "2012-04-06T21:31:23", "id": "FEDORA:F248621418", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/GHXVSYITXLA4AIRNRPH5FFNKULBIXS4P/", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-12-21T08:17:50", "description": "libtasn1 is the ASN.1 library used in GNUTLS. This package contains the MinGW Windows cross compiled libtasn1 library. ", "cvss3": {}, "published": "2012-04-12T01:58:31", "type": "fedora", "title": "[SECURITY] Fedora 17 Update: mingw-libtasn1-2.12-1.fc17", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-1569"], "modified": "2012-04-12T01:58:31", "id": "FEDORA:ABEC520592", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/BGWEI2CH3PEVS6QKYFL7GJDUHD4JVP4C/", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-12-21T08:17:50", "description": "GnuTLS TLS/SSL encryption library. This library is cross-compiled for MinGW. ", "cvss3": {}, "published": "2012-04-12T01:58:31", "type": "fedora", "title": "[SECURITY] Fedora 17 Update: mingw-gnutls-2.12.17-1.fc17", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-1569"], "modified": "2012-04-12T01:58:31", "id": "FEDORA:C04F321A4E", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/FOEEK7VLCQ6HQMBJ3ZQQ6JIADETDXXO3/", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-12-21T08:17:50", "description": "p11-kit provides a way to load and enumerate PKCS#11 modules, as well as a standard configuration setup for installing PKCS#11 modules in such a way that they're discoverable. This library is cross-compiled for MinGW. ", "cvss3": {}, "published": "2012-04-12T01:58:31", "type": "fedora", "title": "[SECURITY] Fedora 17 Update: mingw-p11-kit-0.12-1.fc17", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-1569"], "modified": "2012-04-12T01:58:31", "id": "FEDORA:B6DC621A4C", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/36GVFUX5LU35CD3AQLEH6BCKAZHDVSZP/", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-12-21T08:17:50", "description": "This is the ASN.1 library used in GNUTLS. More up to date information can be found at http://www.gnu.org/software/gnutls and http://www.gnutls.org ", "cvss3": {}, "published": "2012-04-12T02:05:57", "type": "fedora", "title": "[SECURITY] Fedora 17 Update: libtasn1-2.12-1.fc17", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-1569"], "modified": "2012-04-12T02:05:57", "id": "FEDORA:D52E221615", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/LY63AY5SSP2CLLWWTRYW6YW4ASSJXF2W/", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-12-21T08:17:50", "description": "GnuTLS TLS/SSL encryption library. This library is cross-compiled for MinGW. ", "cvss3": {}, "published": "2012-04-12T11:29:24", "type": "fedora", "title": "[SECURITY] Fedora 15 Update: mingw32-gnutls-2.10.5-2.fc15", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-1569"], "modified": "2012-04-12T11:29:24", "id": "FEDORA:47DA822972", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/HEKCVSBWC6S4H4SHCCMTVJ3EKHNXRA44/", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-12-21T08:17:50", "description": "libtasn1 is the ASN.1 library used in GNUTLS. This package contains the MinGW Windows cross compiled libtasn1 library. ", "cvss3": {}, "published": "2012-04-12T11:29:24", "type": "fedora", "title": "[SECURITY] Fedora 15 Update: mingw-libtasn1-2.12-1.fc15", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-1569"], "modified": "2012-04-12T11:29:24", "id": "FEDORA:5061E22977", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/VRV7JWAIBAW6UTGQN5CA3P7752XY3RJL/", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-12-21T08:17:50", "description": "GnuTLS is a project that aims to develop a library which provides a secure layer, over a reliable transport layer. Currently the GnuTLS library implem ents the proposed standards by the IETF's TLS working group. ", "cvss3": {}, "published": "2012-04-11T03:49:48", "type": "fedora", "title": "[SECURITY] Fedora 15 Update: gnutls-2.10.5-3.fc15", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-4128", "CVE-2012-1573"], "modified": "2012-04-11T03:49:48", "id": "FEDORA:B3AF021136", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/WMPG5QAIBQMXQYBWUGVUWIKDCTPS62WX/", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-12-21T08:17:50", "description": "GnuTLS is a project that aims to develop a library which provides a secure layer, over a reliable transport layer. Currently the GnuTLS library implem ents the proposed standards by the IETF's TLS working group. ", "cvss3": {}, "published": "2012-04-11T17:00:37", "type": "fedora", "title": "[SECURITY] Fedora 15 Update: gnutls-2.10.5-3.fc15", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-4128", "CVE-2012-1573"], "modified": "2012-04-11T17:00:37", "id": "FEDORA:A46EC21865", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/WMPG5QAIBQMXQYBWUGVUWIKDCTPS62WX/", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "checkpoint_advisories": [{"lastseen": "2021-12-17T12:23:52", "description": "An integer overflow vulnerability has been reported in GnuTLS. The vulnerability is due to improper handling of certain fields during the decryption process. A remote attacker can exploit this vulnerability by sending a specially crafted TLS Application Data packet to the server. Successful exploitation would allow an attacker to execute arbitrary code on the target server.", "cvss3": {}, "published": "2012-09-03T00:00:00", "type": "checkpoint_advisories", "title": "GnuTLS TLS Record Application GenericBlockCipher Parsing Integer Overflow (CVE-2012-1573)", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-1573"], "modified": "2014-12-21T00:00:00", "id": "CPAI-2012-298", "href": "", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-11-28T07:12:30", "description": "A buffer overflow vulnerability has been reported in libtasn1, a component of GnuTLS. The vulnerability is due to an error in the libtasn1 library while handling length fields within the ASN.1 fields. A remote attacker can exploit this vulnerability by sending specially crafted certificates to the target service. Successful exploitation would allow an attacker to execute arbitrary code in the security context of the affected service. An exploitation attempt may also cause the service to crash, resulting in a denial of service condition.", "cvss3": {}, "published": "2012-07-02T00:00:00", "type": "checkpoint_advisories", "title": "GnuTLS libtasn1 ASN1 Length Fields Buffer Overflow (CVE-2012-1569)", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-1569"], "modified": "2017-11-16T00:00:00", "id": "CPAI-2012-292", "href": "", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-11-28T07:10:09", "description": "A buffer overflow vulnerability has been reported in libtasn1, a component of GnuTLS.", "cvss3": {}, "published": "2012-07-02T00:00:00", "type": "checkpoint_advisories", "title": "GnuTLS libtasn1 ASN1 Length DER Decoding Buffer Overflow (CVE-2012-1569)", "bulletinFamily": "info", "cvss2": {}, "cvelist": ["CVE-2012-1569"], "modified": "2022-11-27T00:00:00", "id": "CPAI-2012-291", "href": "", "cvss": {"score": 0.0, "vector": "NONE"}}], "veracode": [{"lastseen": "2022-07-27T10:25:56", "description": "gnutls is vulnerable to denial of service. A flaw was found in the way GnuTLS decrypted malformed TLS records. This could cause a TLS/SSL client or server to crash when processing a specially-crafted TLS record from a remote TLS/SSL connection peer.\n", "cvss3": {}, "published": "2020-04-10T01:12:39", "type": "veracode", "title": "Denial Of Service (DoS)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-1573"], "modified": "2022-04-19T18:31:07", "id": "VERACODE:25008", "href": "https://sca.analysiscenter.veracode.com/vulnerability-database/security/1/1/sid-25008/summary", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-07-27T10:25:57", "description": "gnutls is vulnerable to denial of service. A flaw was found in the way libtasn1 decoded DER data. An attacker could create a carefully-crafted X.509 certificate that, when parsed by an application that uses GnuTLS, could cause the application to crash.\n", "cvss3": {}, "published": "2020-04-10T01:12:39", "type": "veracode", "title": "Denial Of Service (DoS)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-1569"], "modified": "2022-04-19T18:31:10", "id": "VERACODE:25007", "href": "https://sca.analysiscenter.veracode.com/vulnerability-database/security/1/1/sid-25007/summary", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "debian": [{"lastseen": "2021-10-21T23:59:58", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-2441-1 security@debian.org\nhttp://www.debian.org/security/ Florian Weimer\nMarch 25, 2012 http://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : gnutls26\nVulnerability : missing bounds check\nProblem type : remote\nDebian-specific: no\nCVE ID : CVE-2012-1573\n\nMatthew Hall discovered that GNUTLS does not properly handle truncated\nGenericBlockCipher structures nested inside TLS records, leading to\ncrashes in applications using the GNUTLS library.\n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 2.8.6-1+squeeze2.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 2.12.18-1 of the gnutls26 package and version 3.0.17-2 of the\ngnutls28 package.\n\nWe recommend that you upgrade your gnutls26 packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: http://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org", "cvss3": {}, "published": "2012-03-25T18:53:32", "type": "debian", "title": "[SECURITY] [DSA 2441-1] gnutls26 security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-1573"], "modified": "2012-03-25T18:53:32", "id": "DEBIAN:DSA-2441-1:79B66", "href": "https://lists.debian.org/debian-security-announce/2012/msg00069.html", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-10-22T00:00:02", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-2440-1 security@debian.org\nhttp://www.debian.org/security/ Florian Weimer\nMarch 24, 2012 http://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : libtasn1-3\nVulnerability : missing bounds check\nProblem type : remote\nDebian-specific: no\nCVE ID : CVE-2012-1569\n\nMatthew Hall discovered that many callers of the asn1_get_length_der\nfunction did not check the result against the overall buffer length\nbefore processing it further. This could result in out-of-bounds\nmemory accesses and application crashes. Applications using GNUTLS\nare exposed to this issue.\n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 2.7-1+squeeze+1.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 2.12-1.\n\nWe recommend that you upgrade your libtasn1-3 packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: http://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org", "cvss3": {}, "published": "2012-03-24T22:22:54", "type": "debian", "title": "[SECURITY] [DSA 2440-1] libtasn1-3 security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-1569"], "modified": "2012-03-24T22:22:54", "id": "DEBIAN:DSA-2440-1:828AA", "href": "https://lists.debian.org/debian-security-announce/2012/msg00068.html", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "cve": [{"lastseen": "2023-02-09T14:02:54", "description": "gnutls_cipher.c in libgnutls in GnuTLS before 2.12.17 and 3.x before 3.0.15 does not properly handle data encrypted with a block cipher, which allows remote attackers to cause a denial of service (heap memory corruption and application crash) via a crafted record, as demonstrated by a crafted GenericBlockCipher structure.", "cvss3": {}, "published": "2012-03-26T19:55:00", "type": "cve", "title": "CVE-2012-1573", "cwe": ["CWE-310"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-1573"], "modified": "2018-01-18T02:29:00", "cpe": ["cpe:/a:gnu:gnutls:2.12.3", "cpe:/a:gnu:gnutls:2.1.1", "cpe:/a:gnu:gnutls:2.12.9", "cpe:/a:gnu:gnutls:3.0.1", "cpe:/a:gnu:gnutls:2.0.0", "cpe:/a:gnu:gnutls:3.0.12", "cpe:/a:gnu:gnutls:2.1.4", "cpe:/a:gnu:gnutls:2.3.8", "cpe:/a:gnu:gnutls:3.0.9", "cpe:/a:gnu:gnutls:3.0.10", "cpe:/a:gnu:gnutls:2.10.5", "cpe:/a:gnu:gnutls:2.6.2", "cpe:/a:gnu:gnutls:2.12.11", "cpe:/a:gnu:gnutls:2.1.6", "cpe:/a:gnu:gnutls:2.12.6.1", "cpe:/a:gnu:gnutls:2.6.6", "cpe:/a:gnu:gnutls:2.7.4", "cpe:/a:gnu:gnutls:3.0.11", "cpe:/a:gnu:gnutls:2.12.6", "cpe:/a:gnu:gnutls:2.3.2", "cpe:/a:gnu:gnutls:2.6.4", "cpe:/a:gnu:gnutls:2.10.3", "cpe:/a:gnu:gnutls:2.2.4", "cpe:/a:gnu:gnutls:3.0.5", "cpe:/a:gnu:gnutls:2.12.16", "cpe:/a:gnu:gnutls:2.12.12", "cpe:/a:gnu:gnutls:3.0.3", "cpe:/a:gnu:gnutls:3.0.6", "cpe:/a:gnu:gnutls:2.10.4", "cpe:/a:gnu:gnutls:2.4.2", "cpe:/a:gnu:gnutls:2.8.0", "cpe:/a:gnu:gnutls:2.2.3", "cpe:/a:gnu:gnutls:2.4.3", "cpe:/a:gnu:gnutls:2.12.10", "cpe:/a:gnu:gnutls:2.5.0", "cpe:/a:gnu:gnutls:2.10.2", "cpe:/a:gnu:gnutls:2.0.2", "cpe:/a:gnu:gnutls:2.12.13", "cpe:/a:gnu:gnutls:2.6.3", "cpe:/a:gnu:gnutls:3.0.13", "cpe:/a:gnu:gnutls:2.12.1", "cpe:/a:gnu:gnutls:2.4.0", "cpe:/a:gnu:gnutls:2.8.3", "cpe:/a:gnu:gnutls:2.3.5", "cpe:/a:gnu:gnutls:2.6.0", "cpe:/a:gnu:gnutls:2.0.4", "cpe:/a:gnu:gnutls:2.10.1", "cpe:/a:gnu:gnutls:2.8.1", "cpe:/a:gnu:gnutls:2.2.0", "cpe:/a:gnu:gnutls:2.1.8", "cpe:/a:gnu:gnutls:2.2.1", "cpe:/a:gnu:gnutls:2.8.2", "cpe:/a:gnu:gnutls:2.0.3", "cpe:/a:gnu:gnutls:2.1.0", "cpe:/a:gnu:gnutls:3.0.0", "cpe:/a:gnu:gnutls:2.3.11", "cpe:/a:gnu:gnutls:2.0.1", "cpe:/a:gnu:gnutls:2.8.4", "cpe:/a:gnu:gnutls:2.2.5", "cpe:/a:gnu:gnutls:2.3.6", "cpe:/a:gnu:gnutls:2.12.8", "cpe:/a:gnu:gnutls:2.3.1", "cpe:/a:gnu:gnutls:3.0.14", "cpe:/a:gnu:gnutls:2.12.7", "cpe:/a:gnu:gnutls:2.12.4", "cpe:/a:gnu:gnutls:2.3.9", "cpe:/a:gnu:gnutls:3.0.4", "cpe:/a:gnu:gnutls:2.6.1", "cpe:/a:gnu:gnutls:2.8.5", "cpe:/a:gnu:gnutls:3.0", "cpe:/a:gnu:gnutls:2.3.10", "cpe:/a:gnu:gnutls:3.0.7", "cpe:/a:gnu:gnutls:3.0.2", "cpe:/a:gnu:gnutls:2.12.5", "cpe:/a:gnu:gnutls:2.8.6", "cpe:/a:gnu:gnutls:2.4.1", "cpe:/a:gnu:gnutls:2.12.14", "cpe:/a:gnu:gnutls:2.12.15", "cpe:/a:gnu:gnutls:2.3.7", "cpe:/a:gnu:gnutls:2.10.0", "cpe:/a:gnu:gnutls:2.1.3", "cpe:/a:gnu:gnutls:2.12.2", "cpe:/a:gnu:gnutls:2.3.3", "cpe:/a:gnu:gnutls:2.6.5", "cpe:/a:gnu:gnutls:3.0.8", "cpe:/a:gnu:gnutls:2.2.2", "cpe:/a:gnu:gnutls:2.3.4", "cpe:/a:gnu:gnutls:2.1.7", "cpe:/a:gnu:gnutls:2.1.5", "cpe:/a:gnu:gnutls:2.12.0", "cpe:/a:gnu:gnutls:2.3.0", "cpe:/a:gnu:gnutls:2.1.2"], "id": "CVE-2012-1573", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-1573", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:gnu:gnutls:2.12.15:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:2.1.8:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:2.8.1:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:2.10.1:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:2.12.7:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:2.12.4:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:2.8.0:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:2.2.2:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:2.3.7:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:2.3.6:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:2.4.3:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:2.6.1:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:2.12.5:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:2.3.3:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:2.10.3:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:3.0.10:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:3.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:2.1.5:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:2.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:2.4.1:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:3.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:2.3.0:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:2.2.3:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:2.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:3.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:2.12.1:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:2.1.3:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:2.6.5:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:2.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:2.3.10:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:3.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:2.2.4:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:2.1.6:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:3.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:2.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:2.3.5:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:2.6.6:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:3.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:2.3.9:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:2.12.11:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:2.12.9:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:3.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:2.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:2.6.3:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:2.12.6:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:2.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:2.6.0:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:2.3.11:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:2.4.0:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:2.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:2.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:3.0.13:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:3.0.14:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:2.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:2.12.2:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:2.1.7:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:2.8.5:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:2.12.14:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:2.6.2:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:3.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:3.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:2.8.2:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:3.0.12:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:2.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:2.6.4:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:2.12.12:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:2.10.5:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:2.12.8:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:2.10.4:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:2.12.13:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:2.3.8:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:2.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:2.3.4:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:2.3.2:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:2.7.4:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:2.12.0:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:2.12.3:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:2.8.6:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:3.0:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:2.12.16:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:3.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:2.8.4:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:2.5.0:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:3.0.11:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:2.12.10:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:2.1.4:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:2.10.0:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:2.2.5:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:2.10.2:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:2.8.3:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:2.4.2:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:2.12.6.1:*:*:*:*:*:*:*"]}, {"lastseen": "2023-02-09T14:02:53", "description": "The asn1_get_length_der function in decoding.c in GNU Libtasn1 before 2.12, as used in GnuTLS before 3.0.16 and other products, does not properly handle certain large length values, which allows remote attackers to cause a denial of service (heap memory corruption and application crash) or possibly have unspecified other impact via a crafted ASN.1 structure.", "cvss3": {}, "published": "2012-03-26T19:55:00", "type": "cve", "title": "CVE-2012-1569", "cwe": ["CWE-189"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-1569"], "modified": "2018-01-18T02:29:00", "cpe": ["cpe:/a:gnu:gnutls:1.7.4", "cpe:/a:gnu:gnutls:2.12.3", "cpe:/a:gnu:libtasn1:0.3.2", "cpe:/a:gnu:gnutls:2.1.1", "cpe:/a:gnu:gnutls:1.7.5", "cpe:/a:gnu:gnutls:1.0.24", "cpe:/a:gnu:libtasn1:0.1.0", "cpe:/a:gnu:gnutls:1.7.0", "cpe:/a:gnu:gnutls:1.2.9", "cpe:/a:gnu:gnutls:1.5.4", "cpe:/a:gnu:gnutls:2.12.9", "cpe:/a:gnu:gnutls:1.6.3", "cpe:/a:gnu:gnutls:1.2.6", "cpe:/a:gnu:libtasn1:0.2.13", "cpe:/a:gnu:gnutls:1.3.3", "cpe:/a:gnu:gnutls:3.0.1", "cpe:/a:gnu:libtasn1:0.1.2", "cpe:/a:gnu:gnutls:2.0.0", "cpe:/a:gnu:gnutls:3.0.12", "cpe:/a:gnu:gnutls:1.1.20", "cpe:/a:gnu:gnutls:1.1.14", "cpe:/a:gnu:gnutls:1.3.1", "cpe:/a:gnu:libtasn1:0.2.8", "cpe:/a:gnu:gnutls:1.5.3", "cpe:/a:gnu:gnutls:2.1.4", "cpe:/a:gnu:gnutls:1.2.4", "cpe:/a:gnu:gnutls:2.3.8", "cpe:/a:gnu:gnutls:3.0.9", "cpe:/a:gnu:gnutls:1.5.2", "cpe:/a:gnu:gnutls:3.0.10", "cpe:/a:gnu:gnutls:1.7.17", "cpe:/a:gnu:gnutls:2.10.5", "cpe:/a:gnu:gnutls:1.1.18", "cpe:/a:gnu:libtasn1:0.3.3", "cpe:/a:gnu:libtasn1:0.2.0", "cpe:/a:gnu:libtasn1:2.9", "cpe:/a:gnu:gnutls:1.5.0", "cpe:/a:gnu:gnutls:2.6.2", "cpe:/a:gnu:gnutls:2.12.11", "cpe:/a:gnu:gnutls:2.1.6", "cpe:/a:gnu:libtasn1:0.2.4", "cpe:/a:gnu:gnutls:2.1.2", "cpe:/a:gnu:libtasn1:0.2.11", "cpe:/a:gnu:gnutls:2.12.6.1", "cpe:/a:gnu:libtasn1:2.11", "cpe:/a:gnu:gnutls:2.6.6", "cpe:/a:gnu:libtasn1:0.1.1", "cpe:/a:gnu:gnutls:2.7.4", "cpe:/a:gnu:gnutls:3.0.15", "cpe:/a:gnu:gnutls:1.7.3", "cpe:/a:gnu:gnutls:3.0.11", "cpe:/a:gnu:gnutls:2.12.6", "cpe:/a:gnu:libtasn1:0.3.4", "cpe:/a:gnu:libtasn1:1.5", "cpe:/a:gnu:gnutls:2.3.2", "cpe:/a:gnu:gnutls:1.2.2", "cpe:/a:gnu:libtasn1:0.2.2", "cpe:/a:gnu:gnutls:1.7.7", "cpe:/a:gnu:gnutls:2.6.4", "cpe:/a:gnu:libtasn1:2.8", "cpe:/a:gnu:gnutls:2.10.3", "cpe:/a:gnu:gnutls:1.7.8", "cpe:/a:gnu:gnutls:2.2.4", "cpe:/a:gnu:gnutls:3.0.5", "cpe:/a:gnu:gnutls:1.1.21", "cpe:/a:gnu:libtasn1:0.2.12", "cpe:/a:gnu:libtasn1:0.3.9", "cpe:/a:gnu:gnutls:2.12.12", "cpe:/a:gnu:libtasn1:0.2.15", "cpe:/a:gnu:gnutls:3.0.3", "cpe:/a:gnu:gnutls:3.0.6", "cpe:/a:gnu:gnutls:2.10.4", "cpe:/a:gnu:libtasn1:0.2.16", "cpe:/a:gnu:gnutls:1.2.1", "cpe:/a:gnu:gnutls:1.0.25", "cpe:/a:gnu:gnutls:2.4.2", "cpe:/a:gnu:gnutls:1.6.1", "cpe:/a:gnu:gnutls:2.8.0", "cpe:/a:gnu:gnutls:2.2.3", "cpe:/a:gnu:gnutls:2.4.3", "cpe:/a:gnu:libtasn1:0.3.10", "cpe:/a:gnu:libtasn1:2.4", "cpe:/a:gnu:libtasn1:1.7", "cpe:/a:gnu:libtasn1:0.3.0", "cpe:/a:gnu:gnutls:1.7.11", "cpe:/a:gnu:gnutls:1.7.9", "cpe:/a:gnu:libtasn1:0.3.8", "cpe:/a:gnu:gnutls:2.12.10", "cpe:/a:gnu:libtasn1:0.2.3", "cpe:/a:gnu:gnutls:2.10.2", "cpe:/a:gnu:gnutls:2.5.0", "cpe:/a:gnu:gnutls:2.0.2", "cpe:/a:gnu:gnutls:1.2.8.1a1", "cpe:/a:gnu:libtasn1:2.5", "cpe:/a:gnu:libtasn1:0.2.5", "cpe:/a:gnu:gnutls:2.12.13", "cpe:/a:gnu:gnutls:1.7.18", "cpe:/a:gnu:libtasn1:0.2.7", "cpe:/a:gnu:gnutls:1.3.5", "cpe:/a:gnu:gnutls:2.6.3", "cpe:/a:gnu:gnutls:1.2.0", "cpe:/a:gnu:gnutls:1.1.16", "cpe:/a:gnu:gnutls:1.3.4", "cpe:/a:gnu:gnutls:3.0.13", "cpe:/a:gnu:gnutls:2.12.1", "cpe:/a:gnu:libtasn1:1.6", "cpe:/a:gnu:gnutls:1.1.23", "cpe:/a:gnu:gnutls:1.0.22", "cpe:/a:gnu:gnutls:1.7.15", "cpe:/a:gnu:gnutls:2.4.0", "cpe:/a:gnu:gnutls:2.8.3", "cpe:/a:gnu:libtasn1:1.0", "cpe:/a:gnu:gnutls:1.4.4", "cpe:/a:gnu:libtasn1:2.1", "cpe:/a:gnu:gnutls:2.3.5", "cpe:/a:gnu:gnutls:2.6.0", "cpe:/a:gnu:gnutls:2.0.4", "cpe:/a:gnu:gnutls:2.10.1", "cpe:/a:gnu:gnutls:1.2.11", "cpe:/a:gnu:gnutls:2.8.1", "cpe:/a:gnu:gnutls:2.2.0", "cpe:/a:gnu:gnutls:2.1.8", "cpe:/a:gnu:gnutls:1.1.17", "cpe:/a:gnu:gnutls:2.2.1", "cpe:/a:gnu:gnutls:2.8.2", "cpe:/a:gnu:gnutls:1.2.10", "cpe:/a:gnu:libtasn1:2.6", "cpe:/a:gnu:gnutls:2.0.3", "cpe:/a:gnu:libtasn1:1.4", "cpe:/a:gnu:gnutls:2.1.0", "cpe:/a:gnu:gnutls:3.0.0", "cpe:/a:gnu:gnutls:1.7.19", "cpe:/a:gnu:gnutls:1.4.5", "cpe:/a:gnu:gnutls:2.3.11", "cpe:/a:gnu:gnutls:1.0.17", "cpe:/a:gnu:gnutls:1.0.18", "cpe:/a:gnu:libtasn1:1.2", "cpe:/a:gnu:gnutls:1.2.8", "cpe:/a:gnu:gnutls:1.7.13", "cpe:/a:gnu:gnutls:2.0.1", "cpe:/a:gnu:gnutls:2.8.4", "cpe:/a:gnu:gnutls:2.2.5", "cpe:/a:gnu:libtasn1:0.3.5", "cpe:/a:gnu:gnutls:2.3.6", "cpe:/a:gnu:libtasn1:0.2.10", "cpe:/a:gnu:gnutls:2.12.8", "cpe:/a:gnu:gnutls:2.3.1", "cpe:/a:gnu:gnutls:1.1.22", "cpe:/a:gnu:libtasn1:2.3", "cpe:/a:gnu:gnutls:3.0.14", "cpe:/a:gnu:gnutls:1.0.21", "cpe:/a:gnu:libtasn1:1.3", "cpe:/a:gnu:gnutls:1.7.6", "cpe:/a:gnu:gnutls:1.3.0", "cpe:/a:gnu:gnutls:2.12.7", "cpe:/a:gnu:gnutls:2.12.4", "cpe:/a:gnu:gnutls:2.3.9", "cpe:/a:gnu:libtasn1:0.3.1", "cpe:/a:gnu:libtasn1:0.3.6", "cpe:/a:gnu:gnutls:1.0.20", "cpe:/a:gnu:libtasn1:2.2", "cpe:/a:gnu:gnutls:1.0.19", "cpe:/a:gnu:gnutls:1.1.13", "cpe:/a:gnu:gnutls:1.7.12", "cpe:/a:gnu:gnutls:3.0.4", "cpe:/a:gnu:gnutls:2.6.1", "cpe:/a:gnu:gnutls:2.8.5", "cpe:/a:gnu:gnutls:3.0", "cpe:/a:gnu:gnutls:1.1.19", "cpe:/a:gnu:gnutls:1.7.16", "cpe:/a:gnu:gnutls:1.5.5", "cpe:/a:gnu:gnutls:2.3.10", "cpe:/a:gnu:libtasn1:2.0", "cpe:/a:gnu:gnutls:1.4.2", "cpe:/a:gnu:gnutls:3.0.7", "cpe:/a:gnu:gnutls:1.3.2", "cpe:/a:gnu:gnutls:1.2.5", "cpe:/a:gnu:gnutls:3.0.2", "cpe:/a:gnu:libtasn1:0.2.9", "cpe:/a:gnu:gnutls:2.12.5", "cpe:/a:gnu:gnutls:1.7.2", "cpe:/a:gnu:gnutls:2.8.6", "cpe:/a:gnu:gnutls:2.12.14", "cpe:/a:gnu:gnutls:2.4.1", "cpe:/a:gnu:libtasn1:0.2.18", "cpe:/a:gnu:gnutls:1.4.0", "cpe:/a:gnu:gnutls:1.7.14", "cpe:/a:gnu:libtasn1:0.2.1", "cpe:/a:gnu:gnutls:1.0.23", "cpe:/a:gnu:gnutls:1.6.2", "cpe:/a:gnu:libtasn1:1.1", "cpe:/a:gnu:libtasn1:2.7", "cpe:/a:gnu:gnutls:2.3.7", "cpe:/a:gnu:libtasn1:0.2.6", "cpe:/a:gnu:gnutls:2.10.0", "cpe:/a:gnu:gnutls:2.1.3", "cpe:/a:gnu:gnutls:2.12.2", "cpe:/a:gnu:gnutls:2.3.3", "cpe:/a:gnu:gnutls:3.0.8", "cpe:/a:gnu:gnutls:2.6.5", "cpe:/a:gnu:gnutls:2.2.2", "cpe:/a:gnu:libtasn1:0.2.17", "cpe:/a:gnu:gnutls:2.3.4", "cpe:/a:gnu:gnutls:2.1.7", "cpe:/a:gnu:gnutls:1.4.1", "cpe:/a:gnu:gnutls:1.1.15", "cpe:/a:gnu:gnutls:1.2.3", "cpe:/a:gnu:libtasn1:0.3.7", "cpe:/a:gnu:gnutls:2.1.5", "cpe:/a:gnu:gnutls:2.12.0", "cpe:/a:gnu:gnutls:1.6.0", "cpe:/a:gnu:gnutls:1.5.1", "cpe:/a:gnu:gnutls:1.4.3", "cpe:/a:gnu:gnutls:1.7.1", "cpe:/a:gnu:libtasn1:0.2.14", "cpe:/a:gnu:libtasn1:2.10", "cpe:/a:gnu:gnutls:2.3.0", "cpe:/a:gnu:gnutls:1.2.7", "cpe:/a:gnu:gnutls:1.7.10", "cpe:/a:gnu:libtasn1:1.8", "cpe:/a:gnu:gnutls:1.0.16"], "id": "CVE-2012-1569", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-1569", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:gnu:gnutls:1.1.13:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:3.0.15:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:2.1.8:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:2.8.1:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:2.10.1:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:1.7.6:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:2.12.7:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:2.12.4:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:1.0.24:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:2.8.0:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:2.2.2:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:1.2.10:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:2.3.7:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:1.4.1:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:2.3.6:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:2.4.3:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:libtasn1:0.2.6:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:1.4.3:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:1.7.15:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:2.6.1:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:libtasn1:2.3:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:1.4.4:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:2.12.5:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:libtasn1:2.7:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:2.3.3:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:libtasn1:2.6:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:1.0.16:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:2.10.3:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:1.5.5:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:libtasn1:2.9:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:3.0.10:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:3.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:2.1.5:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:libtasn1:1.3:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:2.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:1.1.17:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:1.0.17:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:1.1.19:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:2.4.1:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:libtasn1:0.2.5:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:3.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:1.1.15:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:1.2.8:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:1.3.3:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:1.1.22:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:1.3.2:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:2.3.0:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:libtasn1:0.2.12:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:1.7.7:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:1.7.4:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:libtasn1:1.8:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:libtasn1:0.3.2:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:libtasn1:2.1:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:2.2.3:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:3.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:1.7.2:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:2.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:2.12.1:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:2.1.3:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:1.7.3:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:2.6.5:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:1.7.0:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:libtasn1:0.3.7:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:2.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:1.7.8:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:1.5.3:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:libtasn1:0.3.10:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:1.7.16:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:1.4.5:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:2.3.10:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:1.6.2:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:1.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:libtasn1:0.2.11:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:3.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:2.2.4:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:2.1.6:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:libtasn1:0.2.15:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:libtasn1:2.8:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:3.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:libtasn1:0.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:2.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:2.3.5:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:1.0.25:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:2.6.6:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:3.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:2.3.9:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:2.12.11:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:2.12.9:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:1.6.3:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:3.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:1.6.1:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:1.7.19:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:libtasn1:0.2.10:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:libtasn1:1.0:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:libtasn1:0.3.8:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:libtasn1:0.2.16:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:libtasn1:0.2.2:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:2.6.3:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:2.12.6:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:libtasn1:2.5:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:2.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:2.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:libtasn1:0.3.3:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:2.6.0:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:2.3.11:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:1.7.10:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:1.2.7:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:2.4.0:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:libtasn1:1.6:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:2.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:1.2.5:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:2.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:1.1.14:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:1.4.2:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:1.2.8.1a1:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:libtasn1:0.2.13:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:libtasn1:0.2.18:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:3.0.13:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:libtasn1:0.2.4:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:1.7.18:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:1.7.14:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:libtasn1:1.5:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:3.0.14:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:1.0.18:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:libtasn1:0.3.9:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:1.0.19:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:2.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:libtasn1:0.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:2.12.2:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:libtasn1:0.2.14:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:1.2.4:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:1.7.12:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:libtasn1:0.3.5:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:2.1.7:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:2.8.5:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:1.7.11:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:2.12.14:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:2.6.2:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:1.1.18:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:3.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:1.0.22:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:libtasn1:0.2.17:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:libtasn1:0.2.7:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:1.2.6:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:3.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:1.7.9:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:2.8.2:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:libtasn1:0.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:libtasn1:1.4:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:libtasn1:0.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:3.0.12:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:2.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:1.0.21:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:1.7.17:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:1.0.20:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:libtasn1:2.11:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:2.6.4:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:2.12.12:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:2.10.5:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:1.3.0:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:libtasn1:0.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:2.12.8:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:libtasn1:0.2.8:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:1.4.0:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:1.7.5:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:libtasn1:0.3.0:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:1.2.9:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:libtasn1:1.7:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:1.5.2:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:2.10.4:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:1.2.11:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:libtasn1:1.1:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:2.12.13:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:1.1.16:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:1.5.1:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:libtasn1:0.2.3:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:libtasn1:2.2:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:libtasn1:0.2.9:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:libtasn1:0.3.4:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:1.5.0:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:libtasn1:0.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:1.3.5:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:2.3.8:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:libtasn1:2.0:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:1.7.1:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:2.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:1.1.23:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:2.3.4:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:1.3.4:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:2.3.2:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:1.0.23:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:2.7.4:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:libtasn1:2.10:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:1.1.20:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:2.12.0:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:2.12.3:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:2.8.6:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:3.0:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:1.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:1.2.3:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:3.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:1.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:2.8.4:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:libtasn1:1.2:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:1.1.21:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:2.5.0:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:3.0.11:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:libtasn1:2.4:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:2.12.10:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:2.1.4:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:1.2.2:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:2.10.0:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:libtasn1:0.3.6:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:2.2.5:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:2.10.2:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:1.6.0:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:2.8.3:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:2.4.2:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:1.5.4:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:2.12.6.1:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:1.7.13:*:*:*:*:*:*:*"]}, {"lastseen": "2023-02-09T14:00:25", "description": "The DTLS implementation in GnuTLS 3.0.10 and earlier executes certain error-handling code only if there is a specific relationship between a padding length and the ciphertext size, which makes it easier for remote attackers to recover partial plaintext via a timing side-channel attack, a related issue to CVE-2011-4108.", "cvss3": {}, "published": "2012-01-06T01:55:00", "type": "cve", "title": "CVE-2012-0390", "cwe": ["CWE-310"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-4108", "CVE-2012-0390"], "modified": "2014-03-26T04:28:00", "cpe": ["cpe:/a:gnu:gnutls:2.12.3", "cpe:/a:gnu:gnutls:2.6.6", "cpe:/a:gnu:gnutls:2.6.3", "cpe:/a:gnu:gnutls:3.0.4", "cpe:/a:gnu:gnutls:2.12.1", "cpe:/a:gnu:gnutls:2.12.6", "cpe:/a:gnu:gnutls:2.4.0", "cpe:/a:gnu:gnutls:2.6.1", "cpe:/a:gnu:gnutls:2.8.5", "cpe:/a:gnu:gnutls:2.12.9", "cpe:/a:gnu:gnutls:2.8.3", "cpe:/a:gnu:gnutls:3.0.7", "cpe:/a:gnu:gnutls:2.6.0", "cpe:/a:gnu:gnutls:2.10.5-x86", "cpe:/a:gnu:gnutls:2.10.1", "cpe:/a:gnu:gnutls:2.6.4", "cpe:/a:gnu:gnutls:2.10.3", "cpe:/a:gnu:gnutls:3.0.2", "cpe:/a:gnu:gnutls:2.8.1", "cpe:/a:gnu:gnutls:3.0.1", "cpe:/a:gnu:gnutls:2.2.4", "cpe:/a:gnu:gnutls:3.0.5", "cpe:/a:gnu:gnutls:2.12.5", "cpe:/a:gnu:gnutls:2.8.6", "cpe:/a:gnu:gnutls:2.4.1", "cpe:/a:gnu:gnutls:2.12.14", "cpe:/a:gnu:gnutls:2.10.2-x86", "cpe:/a:gnu:gnutls:2.8.2", "cpe:/a:gnu:gnutls:2.12.12", "cpe:/a:gnu:gnutls:3.0.0", "cpe:/a:gnu:gnutls:3.0.3", "cpe:/a:gnu:gnutls:3.0.6", "cpe:/a:gnu:gnutls:2.10.4", "cpe:/a:gnu:gnutls:3.0.9", "cpe:/a:gnu:gnutls:2.4.2", "cpe:/a:gnu:gnutls:3.0.10", "cpe:/a:gnu:gnutls:2.10.0", "cpe:/a:gnu:gnutls:2.8.0", "cpe:/a:gnu:gnutls:2.10.5", "cpe:/a:gnu:gnutls:2.4.3", "cpe:/a:gnu:gnutls:2.12.2", "cpe:/a:gnu:gnutls:3.0.8", "cpe:/a:gnu:gnutls:2.6.5", "cpe:/a:gnu:gnutls:2.2.5", "cpe:/a:gnu:gnutls:2.8.4", "cpe:/a:gnu:gnutls:2.12.0", "cpe:/a:gnu:gnutls:2.12.4", "cpe:/a:gnu:gnutls:2.12.8", "cpe:/a:gnu:gnutls:2.12.10", "cpe:/a:gnu:gnutls:2.10.2", "cpe:/a:gnu:gnutls:2.6.2", "cpe:/a:gnu:gnutls:2.12.11", "cpe:/a:gnu:gnutls:2.12.7", "cpe:/a:gnu:gnutls:2.12.13", "cpe:/a:gnu:gnutls:2.10.1-x86", "cpe:/a:gnu:gnutls:2.12.6.1"], "id": "CVE-2012-0390", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-0390", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:a:gnu:gnutls:2.12.1:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:2.6.5:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:2.8.1:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:2.10.1:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:2.12.7:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:2.12.2:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:2.12.4:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:2.10.1-x86:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:2.8.0:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:3.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:3.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:2.4.3:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:2.2.4:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:2.10.2-x86:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:2.8.5:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:2.6.1:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:3.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:2.12.0:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:2.12.13:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:2.12.14:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:2.6.2:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:3.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:2.12.5:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:2.8.6:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:2.12.3:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:2.6.6:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:3.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:2.12.11:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:2.12.9:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:3.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:3.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:2.10.3:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:2.8.2:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:3.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:3.0.10:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:2.6.3:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:2.12.6:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:2.8.4:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:3.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:2.6.0:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:2.4.0:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:2.4.1:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:2.10.5:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:2.6.4:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:2.12.10:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:2.12.12:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:3.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:2.12.8:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:2.10.0:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:2.2.5:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:2.10.2:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:2.8.3:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:2.10.4:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:2.4.2:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:2.12.6.1:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:2.10.5-x86:*:*:*:*:*:*:*"]}], "osv": [{"lastseen": "2022-08-10T07:06:00", "description": "\nMatthew Hall discovered that GNUTLS does not properly handle truncated\nGenericBlockCipher structures nested inside TLS records, leading to\ncrashes in applications using the GNUTLS library.\n\n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 2.8.6-1+squeeze2.\n\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 2.12.18-1 of the gnutls26 package and version 3.0.17-2 of the\ngnutls28 package.\n\n\nWe recommend that you upgrade your gnutls26 packages.\n\n\n", "cvss3": {}, "published": "2012-03-25T00:00:00", "type": "osv", "title": "gnutls26 - missing bounds check", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-1573"], "modified": "2022-08-10T07:05:57", "id": "OSV:DSA-2441-1", "href": "https://osv.dev/vulnerability/DSA-2441-1", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-07-21T08:30:53", "description": "\nMatthew Hall discovered that many callers of the asn1\\_get\\_length\\_der\nfunction did not check the result against the overall buffer length\nbefore processing it further. This could result in out-of-bounds\nmemory accesses and application crashes. Applications using GNUTLS\nare exposed to this issue.\n\n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 2.7-1+squeeze+1.\n\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 2.12-1.\n\n\nWe recommend that you upgrade your libtasn1-3 packages.\n\n\n", "cvss3": {}, "published": "2012-03-24T00:00:00", "type": "osv", "title": "libtasn1-3 - integer overflow", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-1569"], "modified": "2022-07-21T05:47:40", "id": "OSV:DSA-2440-1", "href": "https://osv.dev/vulnerability/DSA-2440-1", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "freebsd": [{"lastseen": "2022-01-19T16:03:49", "description": "\n\nMu Dynamics, Inc. reports:\n\nThe block cipher decryption logic in GnuTLS assumed that a\n\t record containing any data which was a multiple of the block\n\t size was valid for further decryption processing, leading to\n\t a heap corruption vulnerability.\n\n\n", "cvss3": {}, "published": "2012-03-20T00:00:00", "type": "freebsd", "title": "gnutls -- possible overflow/Denial of service vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-1573"], "modified": "2012-03-24T00:00:00", "id": "AECEE357-739E-11E1-A883-001CC0A36E12", "href": "https://vuxml.freebsd.org/freebsd/aecee357-739e-11e1-a883-001cc0a36e12.html", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-01-19T16:03:49", "description": "\n\nMu Dynamics, Inc. reports:\n\nVarious functions using the ASN.1 length decoding logic in\n\t Libtasn1 were incorrectly assuming that the return value from\n\t asn1_get_length_der is always less than the length of the\n\t enclosing ASN.1 structure, which is only true for valid\n\t structures and not for intentionally corrupt or otherwise\n\t buggy structures.\n\n\n", "cvss3": {}, "published": "2012-03-20T00:00:00", "type": "freebsd", "title": "libtasn1 -- ASN.1 length decoding vulnerability", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-1569"], "modified": "2012-03-24T00:00:00", "id": "2E7E9072-73A0-11E1-A883-001CC0A36E12", "href": "https://vuxml.freebsd.org/freebsd/2e7e9072-73a0-11e1-a883-001cc0a36e12.html", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "gentoo": [{"lastseen": "2022-01-17T19:12:09", "description": "### Background\n\nLibtasn1 is a library used to parse ASN.1 (Abstract Syntax Notation One) objects, and perform DER (Distinguished Encoding Rules) decoding. \n\n### Description\n\nLibtasn1 does not properly handle length fields when performing DER decoding. \n\n### Impact\n\nA remote attacker could entice a user to open a specially crafted DER-encoded object in an application linked against Libtasn1, possibly resulting in Denial of Service. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll Libtasn1 users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev-libs/libtasn1-2.12\"\n \n\nPackages which depend on this library may need to be recompiled. Tools such as revdep-rebuild may assist in identifying some of these packages.", "cvss3": {}, "published": "2012-09-25T00:00:00", "type": "gentoo", "title": "Libtasn1: Denial of service", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-1569"], "modified": "2012-09-25T00:00:00", "id": "GLSA-201209-12", "href": "https://security.gentoo.org/glsa/201209-12", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-01-17T19:12:46", "description": "### Background\n\nGnuTLS is an Open Source implementation of the TLS 1.2 and SSL 3.0 protocols. \n\n### Description\n\nMultiple vulnerabilities have been found in GnuTLS:\n\n * An error in libgnutls does not properly sanitize \"\\0\" characters from certificate fields (CVE-2009-2730). \n * An error in the TLS and SSL protocols mistreats renegotiation handshakes (CVE-2009-3555). \n * A boundary error in the \"gnutls_session_get_data()\" function in gnutls_session.c could cause a buffer overflow (CVE-2011-4128). \n * An error in the \"_gnutls_ciphertext2compressed()\" function in gnutls_cipher.c could cause memory corruption (CVE-2012-1573). \n\n### Impact\n\nA remote attacker could perform man-in-the-middle attacks to spoof arbitrary SSL servers or cause a Denial of Service condition in applications linked against GnuTLS. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll GnuTLS users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=net-libs/gnutls-2.12.18\"", "cvss3": {}, "published": "2012-06-23T00:00:00", "type": "gentoo", "title": "GnuTLS: Multiple vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": true, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2009-2730", "CVE-2009-3555", "CVE-2011-4128", "CVE-2012-1573"], "modified": "2012-06-23T00:00:00", "id": "GLSA-201206-18", "href": "https://security.gentoo.org/glsa/201206-18", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:44", "description": "==========================================================================\r\nUbuntu Security Notice USN-1436-1\r\nMay 02, 2012\r\n\r\nlibtasn1-3 vulnerability\r\n==========================================================================\r\n\r\nA security issue affects these releases of Ubuntu and its derivatives:\r\n\r\n- Ubuntu 12.04 LTS\r\n- Ubuntu 11.10\r\n- Ubuntu 11.04\r\n- Ubuntu 10.04 LTS\r\n- Ubuntu 8.04 LTS\r\n\r\nSummary:\r\n\r\nLibtasn1 could be made to crash or run programs as your login if it\r\nreceived specially crafted input.\r\n\r\nSoftware Description:\r\n- libtasn1-3: Library to manage ASN.1 structures\r\n\r\nDetails:\r\n\r\nMatthew Hall discovered that Libtasn1 incorrectly handled certain large\r\nvalues. An attacker could exploit this with a specially crafted ASN.1\r\nstructure and cause a denial of service, or possibly execute arbitrary\r\ncode.\r\n\r\nUpdate instructions:\r\n\r\nThe problem can be corrected by updating your system to the following\r\npackage versions:\r\n\r\nUbuntu 12.04 LTS:\r\n libtasn1-3 2.10-1ubuntu1.1\r\n\r\nUbuntu 11.10:\r\n libtasn1-3 2.9-4ubuntu0.1\r\n\r\nUbuntu 11.04:\r\n libtasn1-3 2.7-1ubuntu1.1\r\n\r\nUbuntu 10.04 LTS:\r\n libtasn1-3 2.4-1ubuntu0.1\r\n\r\nUbuntu 8.04 LTS:\r\n libtasn1-3 1.1-1ubuntu0.1\r\n\r\nIn general, a standard system update will make all the necessary changes.\r\n\r\nReferences:\r\n http://www.ubuntu.com/usn/usn-1436-1\r\n CVE-2012-1569\r\n\r\nPackage Information:\r\n https://launchpad.net/ubuntu/+source/libtasn1-3/2.10-1ubuntu1.1\r\n https://launchpad.net/ubuntu/+source/libtasn1-3/2.9-4ubuntu0.1\r\n https://launchpad.net/ubuntu/+source/libtasn1-3/2.7-1ubuntu1.1\r\n https://launchpad.net/ubuntu/+source/libtasn1-3/2.4-1ubuntu0.1\r\n https://launchpad.net/ubuntu/+source/libtasn1-3/1.1-1ubuntu0.1\r\n", "cvss3": {}, "published": "2012-05-14T00:00:00", "type": "securityvulns", "title": "[USN-1436-1] Libtasn1 vulnerability", "bulletinFamily": "software", "hackapp": {}, "cvss2": {}, "cvelist": ["CVE-2012-1569"], "modified": "2012-05-14T00:00:00", "id": "SECURITYVULNS:DOC:28080", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:28080", "sourceData": "", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:09:47", "description": "Memory corruption on some malformed values.", "cvss3": {}, "published": "2012-05-14T00:00:00", "type": "securityvulns", "title": "libtasn1 / GnuTLS memory corruption", "bulletinFamily": "software", "hackapp": {}, "cvss2": {}, "cvelist": ["CVE-2012-1569"], "modified": "2012-05-14T00:00:00", "id": "SECURITYVULNS:VULN:12381", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:12381", "sourceData": "", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "ubuntu": [{"lastseen": "2023-01-26T13:37:08", "description": "## Releases\n\n * Ubuntu 12.04 \n * Ubuntu 11.10 \n * Ubuntu 11.04 \n * Ubuntu 10.04 \n * Ubuntu 8.04 \n\n## Packages\n\n * libtasn1-3 \\- Library to manage ASN.1 structures\n\nMatthew Hall discovered that Libtasn1 incorrectly handled certain large \nvalues. An attacker could exploit this with a specially crafted ASN.1 \nstructure and cause a denial of service, or possibly execute arbitrary \ncode.\n", "cvss3": {}, "published": "2012-05-02T00:00:00", "type": "ubuntu", "title": "Libtasn1 vulnerability", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-1569"], "modified": "2012-05-02T00:00:00", "id": "USN-1436-1", "href": "https://ubuntu.com/security/notices/USN-1436-1", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-01-26T13:37:16", "description": "## Releases\n\n * Ubuntu 11.10 \n * Ubuntu 11.04 \n * Ubuntu 10.10 \n * Ubuntu 10.04 \n * Ubuntu 8.04 \n\n## Packages\n\n * gnutls13 \\- the GNU TLS library - commandline utilities\n * gnutls26 \\- the GNU TLS library - commandline utilities\n\nAlban Crequy discovered that the GnuTLS library incorrectly checked array \nbounds when copying TLS session data. A remote attacker could crash a client \napplication, leading to a denial of service, as the client application prepared \nfor TLS session resumption. (CVE-2011-4128)\n\nMatthew Hall discovered that the GnuTLS library incorrectly handled TLS \nrecords. A remote attacker could crash client and server applications, leading \nto a denial of service, by sending a crafted TLS record. (CVE-2012-1573)\n", "cvss3": {}, "published": "2012-04-05T00:00:00", "type": "ubuntu", "title": "GnuTLS vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-4128", "CVE-2012-1573"], "modified": "2012-04-05T00:00:00", "id": "USN-1418-1", "href": "https://ubuntu.com/security/notices/USN-1418-1", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "altlinux": [{"lastseen": "2023-03-31T19:19:19", "description": "March 23, 2012 Dmitry V. Levin 2.12-alt1\n \n \n - Updated to 2.12 (fixes CVE-2012-1569).\n", "cvss3": {}, "published": "2012-03-23T00:00:00", "type": "altlinux", "title": "Security fix for the ALT Linux 6 package libtasn1 version 2.12-alt1", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-1569"], "modified": "2012-03-23T00:00:00", "id": "9711FE60F84DDEA9FEE139282F7FE831", "href": "https://packages.altlinux.org/en/p6/srpms/libtasn1/", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "amazon": [{"lastseen": "2023-02-08T17:27:04", "description": "**Issue Overview:**\n\nA flaw was found in the way libtasn1 decoded DER data. An attacker could create carefully-crafted DER encoded input (such as an X.509 certificate) that, when parsed by an application that uses libtasn1 (such as applications using GnuTLS), could cause the application to crash. (CVE-2012-1569)\n\n \n**Affected Packages:** \n\n\nlibtasn1\n\n \n**Issue Correction:** \nRun _yum update libtasn1_ to update your system.\n\n \n\n\n**New Packages:**\n \n \n i686: \n \u00a0\u00a0\u00a0 libtasn1-tools-2.3-3.4.amzn1.i686 \n \u00a0\u00a0\u00a0 libtasn1-debuginfo-2.3-3.4.amzn1.i686 \n \u00a0\u00a0\u00a0 libtasn1-2.3-3.4.amzn1.i686 \n \u00a0\u00a0\u00a0 libtasn1-devel-2.3-3.4.amzn1.i686 \n \n src: \n \u00a0\u00a0\u00a0 libtasn1-2.3-3.4.amzn1.src \n \n x86_64: \n \u00a0\u00a0\u00a0 libtasn1-debuginfo-2.3-3.4.amzn1.x86_64 \n \u00a0\u00a0\u00a0 libtasn1-tools-2.3-3.4.amzn1.x86_64 \n \u00a0\u00a0\u00a0 libtasn1-2.3-3.4.amzn1.x86_64 \n \u00a0\u00a0\u00a0 libtasn1-devel-2.3-3.4.amzn1.x86_64 \n \n \n\n### Additional References\n\nRed Hat: [CVE-2012-1569](<https://access.redhat.com/security/cve/CVE-2012-1569>)\n\nMitre: [CVE-2012-1569](<https://vulners.com/cve/CVE-2012-1569>)\n", "cvss3": {}, "published": "2012-04-05T12:48:00", "type": "amazon", "title": "Important: libtasn1", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-1569"], "modified": "2014-09-14T15:45:00", "id": "ALAS-2012-060", "href": "https://alas.aws.amazon.com/ALAS-2012-60.html", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-02-08T17:27:05", "description": "**Issue Overview:**\n\nA flaw was found in the way GnuTLS decrypted malformed TLS records. This could cause a TLS/SSL client or server to crash when processing a specially-crafted TLS record from a remote TLS/SSL connection peer. (CVE-2012-1573)\n\nA boundary error was found in the gnutls_session_get_data() function. A malicious TLS/SSL server could use this flaw to crash a TLS/SSL client or, possibly, execute arbitrary code as the client, if the client passed a fixed-sized buffer to gnutls_session_get_data() before checking the real size of the session data provided by the server. (CVE-2011-4128)\n\n \n**Affected Packages:** \n\n\ngnutls\n\n \n**Issue Correction:** \nRun _yum update gnutls_ to update your system.\n\n \n\n\n**New Packages:**\n \n \n i686: \n \u00a0\u00a0\u00a0 gnutls-debuginfo-2.8.5-4.6.amzn1.i686 \n \u00a0\u00a0\u00a0 gnutls-guile-2.8.5-4.6.amzn1.i686 \n \u00a0\u00a0\u00a0 gnutls-utils-2.8.5-4.6.amzn1.i686 \n \u00a0\u00a0\u00a0 gnutls-devel-2.8.5-4.6.amzn1.i686 \n \u00a0\u00a0\u00a0 gnutls-2.8.5-4.6.amzn1.i686 \n \n src: \n \u00a0\u00a0\u00a0 gnutls-2.8.5-4.6.amzn1.src \n \n x86_64: \n \u00a0\u00a0\u00a0 gnutls-2.8.5-4.6.amzn1.x86_64 \n \u00a0\u00a0\u00a0 gnutls-guile-2.8.5-4.6.amzn1.x86_64 \n \u00a0\u00a0\u00a0 gnutls-devel-2.8.5-4.6.amzn1.x86_64 \n \u00a0\u00a0\u00a0 gnutls-utils-2.8.5-4.6.amzn1.x86_64 \n \u00a0\u00a0\u00a0 gnutls-debuginfo-2.8.5-4.6.amzn1.x86_64 \n \n \n\n### Additional References\n\nRed Hat: [CVE-2011-4128](<https://access.redhat.com/security/cve/CVE-2011-4128>), [CVE-2012-1573](<https://access.redhat.com/security/cve/CVE-2012-1573>)\n\nMitre: [CVE-2011-4128](<https://vulners.com/cve/CVE-2011-4128>), [CVE-2012-1573](<https://vulners.com/cve/CVE-2012-1573>)\n", "cvss3": {}, "published": "2012-04-05T12:47:00", "type": "amazon", "title": "Important: gnutls", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-4128", "CVE-2012-1573"], "modified": "2014-09-14T15:44:00", "id": "ALAS-2012-059", "href": "https://alas.aws.amazon.com/ALAS-2012-59.html", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "vmware": [{"lastseen": "2021-06-08T18:38:43", "description": "a. vCenter and ESX update to JRE 1.6.0 Update 31 \nThe Oracle (Sun) JRE is updated to version 1.6.0_31, which addresses multiple security issues. Oracle has documented the CVE identifiers that are addressed by this update in the Oracle Java SE Critical Patch Update Advisory of February 2012. \nColumn 4 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available. \n\n", "cvss3": {}, "published": "2012-08-30T00:00:00", "type": "vmware", "title": "VMware vSphere and vCOps updates to third party libraries", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2012-0864", "CVE-2011-3188", "CVE-2011-4108", "CVE-2011-4609", "CVE-2011-4128", "CVE-2012-0815", "CVE-2011-3597", "CVE-2011-4324", "CVE-2011-4110", "CVE-2011-4576", "CVE-2011-4577", "CVE-2010-4180", "CVE-2010-4410", "CVE-2011-2699", "CVE-2011-4619", "CVE-2010-2761", "CVE-2011-4132", "CVE-2011-0014", "CVE-2010-0830", "CVE-2011-2484", "CVE-2012-1583", "CVE-2012-0061", "CVE-2012-0393", "CVE-2011-3209", "CVE-2012-0050", "CVE-2011-3363", "CVE-2012-0060", "CVE-2011-1833", "CVE-2012-0207", "CVE-2011-1020", "CVE-2012-2110", "CVE-2012-1569", "CVE-2010-4252", "CVE-2012-0841", "CVE-2009-5029", "CVE-2011-4325", "CVE-2012-1573", "CVE-2011-4109", "CVE-2011-1089", "CVE-2009-5064", "CVE-2011-2496"], "modified": "2012-12-20T00:00:00", "id": "VMSA-2012-0013", "href": "https://www.vmware.com/security/advisories/VMSA-2012-0013.html", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-06-19T20:02:41", "description": "a. vCenter and ESX update to JRE 1.6.0 Update 31The Oracle (Sun) JRE is updated to version 1.6.0_31, which addresses multiple security issues. Oracle has documented the CVE identifiers that are addressed by this update in the Oracle Java SE Critical Patch Update Advisory of February 2012.Column 4 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.1, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.2}, "published": "2012-08-30T00:00:00", "type": "vmware", "title": "VMware vSphere and vCOps updates to third party libraries", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2009-5029", "CVE-2009-5064", "CVE-2010-0830", "CVE-2010-2761", "CVE-2010-4180", "CVE-2010-4252", "CVE-2010-4410", "CVE-2011-0014", "CVE-2011-1020", "CVE-2011-1089", "

SuSE 11.1 Security Update : GnuTLS (SAT Patch Number 6448)

Description

Related