Search...

SuSE 10 Security Update : gv (ZYPP Patch Number 2339)

2007-12-13T00:00:00

ID SUSE_GV-2339.NASL
Type nessus
Reporter This script is Copyright (C) 2007-2021 Tenable Network Security, Inc.
Modified 2007-12-13T00:00:00

Description

The previous 'gv' update to fix a stack overflow did not completely fix the problem spotted. An attacker could still cause the handling to use up all system memory, or open windows much wider than the X display and crash. Code execution however was not possible.

                                        
                                            #%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The text description of this plugin is (C) Novell, Inc.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(29455);
  script_version("1.12");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/14");

  script_name(english:"SuSE 10 Security Update : gv (ZYPP Patch Number 2339)");
  script_summary(english:"Checks rpm output for the updated package");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote SuSE 10 host is missing a security-related patch."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"The previous 'gv' update to fix a stack overflow did not completely
fix the problem spotted. An attacker could still cause the handling to
use up all system memory, or open windows much wider than the X
display and crash. Code execution however was not possible."
  );
  script_set_attribute(attribute:"solution", value:"Apply ZYPP patch number 2339.");
  script_set_attribute(attribute:"risk_factor", value:"High");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:suse:suse_linux");

  script_set_attribute(attribute:"patch_publication_date", value:"2006/11/30");
  script_set_attribute(attribute:"plugin_publication_date", value:"2007/12/13");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2007-2021 Tenable Network Security, Inc.");
  script_family(english:"SuSE Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");

  exit(0);
}


include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) exit(0, "Local checks are not enabled.");
if (!get_kb_item("Host/SuSE/release")) exit(0, "The host is not running SuSE.");
if (!get_kb_item("Host/SuSE/rpm-list")) exit(1, "Could not obtain the list of installed packages.");

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) exit(1, "Failed to determine the architecture type.");
if (cpu &gt;!&lt; "x86_64" && cpu !~ "^i[3-6]86$") exit(1, "Local checks for SuSE 10 on the '"+cpu+"' architecture have not been implemented.");


flag = 0;
if (rpm_check(release:"SLES10", sp:0, reference:"gv-3.5.8-1156.8")) flag++;


if (flag)
{
  if (report_verbosity &gt; 0) security_hole(port:0, extra:rpm_report_get());
  else security_hole(0);
  exit(0);
}
else exit(0, "The host is not affected.");

JSON Vulners Source

Initial Source

{"id": "SUSE_GV-2339.NASL", "bulletinFamily": "scanner", "title": "SuSE 10 Security Update : gv (ZYPP Patch Number 2339)", "description": "The previous 'gv' update to fix a stack overflow did not completely\nfix the problem spotted. An attacker could still cause the handling to\nuse up all system memory, or open windows much wider than the X\ndisplay and crash. Code execution however was not possible.", "published": "2007-12-13T00:00:00", "modified": "2007-12-13T00:00:00", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "https://www.tenable.com/plugins/nessus/29455", "reporter": "This script is Copyright (C) 2007-2021 Tenable Network Security, Inc.", "references": [], "cvelist": [], "type": "nessus", "lastseen": "2021-01-17T14:44:17", "edition": 22, "viewCount": 0, "enchantments": {"dependencies": {"references": [], "modified": "2021-01-17T14:44:17", "rev": 2}, "score": {"value": -0.2, "vector": "NONE", "modified": "2021-01-17T14:44:17", "rev": 2}, "vulnersScore": -0.2}, "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(29455);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_name(english:\"SuSE 10 Security Update : gv (ZYPP Patch Number 2339)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 10 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The previous 'gv' update to fix a stack overflow did not completely\nfix the problem spotted. An attacker could still cause the handling to\nuse up all system memory, or open windows much wider than the X\ndisplay and crash. Code execution however was not possible.\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply ZYPP patch number 2339.\");\n script_set_attribute(attribute:\"risk_factor\", value:\"High\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2006/11/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/12/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 10 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLES10\", sp:0, reference:\"gv-3.5.8-1156.8\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "naslFamily": "SuSE Local Security Checks", "pluginID": "29455", "cpe": ["cpe:/o:suse:suse_linux"], "scheme": null}