Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusUbuntu Security Notice (C) 2012-2019 Canonical, Inc. / NASL script (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.UBUNTU_USN-1517-1.NASL
HistoryJul 26, 2012 - 12:00 a.m.

Ubuntu 10.04 LTS / 11.04 / 11.10 / 12.04 LTS : mono vulnerabilities (USN-1517-1)

2012-07-2600:00:00
Ubuntu Security Notice (C) 2012-2019 Canonical, Inc. / NASL script (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
15
JSON

It was discovered that the Mono System.Web library incorrectly filtered certain error messages related to forbidden files. If a user were tricked into opening a specially crafted URL, an attacker could possibly exploit this to conduct cross-site scripting (XSS) attacks.
(CVE-2012-3382)

It was discovered that the Mono System.Web library incorrectly handled the EnableViewStateMac property. If a user were tricked into opening a specially crafted URL, an attacker could possibly exploit this to conduct cross-site scripting (XSS) attacks. This issue only affected Ubuntu 10.04 LTS. (CVE-2010-4159).

Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Ubuntu Security Notice USN-1517-1. The text 
# itself is copyright (C) Canonical, Inc. See 
# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered 
# trademark of Canonical, Inc.
#

include("compat.inc");

if (description)
{
  script_id(60126);
  script_version("1.8");
  script_cvs_date("Date: 2019/09/19 12:54:28");

  script_cve_id("CVE-2010-1459", "CVE-2010-4159", "CVE-2012-3382");
  script_bugtraq_id(40351, 54344);
  script_xref(name:"USN", value:"1517-1");

  script_name(english:"Ubuntu 10.04 LTS / 11.04 / 11.10 / 12.04 LTS : mono vulnerabilities (USN-1517-1)");
  script_summary(english:"Checks dpkg output for updated packages.");

  script_set_attribute(
    attribute:"synopsis", 
    value:
"The remote Ubuntu host is missing one or more security-related
patches."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"It was discovered that the Mono System.Web library incorrectly
filtered certain error messages related to forbidden files. If a user
were tricked into opening a specially crafted URL, an attacker could
possibly exploit this to conduct cross-site scripting (XSS) attacks.
(CVE-2012-3382)

It was discovered that the Mono System.Web library incorrectly handled
the EnableViewStateMac property. If a user were tricked into opening a
specially crafted URL, an attacker could possibly exploit this to
conduct cross-site scripting (XSS) attacks. This issue only affected
Ubuntu 10.04 LTS. (CVE-2010-4159).

Note that Tenable Network Security has extracted the preceding
description block directly from the Ubuntu security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://usn.ubuntu.com/1517-1/"
  );
  script_set_attribute(
    attribute:"solution", 
    value:
"Update the affected libmono-system-web1.0-cil,
libmono-system-web2.0-cil and / or libmono-system-web4.0-cil packages."
  );
  script_set_cvss_base_vector("CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libmono-system-web1.0-cil");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libmono-system-web2.0-cil");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libmono-system-web4.0-cil");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:10.04:-:lts");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:11.04");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:11.10");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:12.04:-:lts");

  script_set_attribute(attribute:"vuln_publication_date", value:"2010/05/27");
  script_set_attribute(attribute:"patch_publication_date", value:"2012/07/25");
  script_set_attribute(attribute:"plugin_publication_date", value:"2012/07/26");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"Ubuntu Security Notice (C) 2012-2019 Canonical, Inc. / NASL script (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Ubuntu Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");

  exit(0);
}


include("audit.inc");
include("ubuntu.inc");
include("misc_func.inc");

if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/Ubuntu/release");
if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu");
release = chomp(release);
if (! preg(pattern:"^(10\.04|11\.04|11\.10|12\.04)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 10.04 / 11.04 / 11.10 / 12.04", "Ubuntu " + release);
if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu);

flag = 0;

if (ubuntu_check(osver:"10.04", pkgname:"libmono-system-web1.0-cil", pkgver:"2.4.4~svn151842-1ubuntu4.1")) flag++;
if (ubuntu_check(osver:"10.04", pkgname:"libmono-system-web2.0-cil", pkgver:"2.4.4~svn151842-1ubuntu4.1")) flag++;
if (ubuntu_check(osver:"11.04", pkgname:"libmono-system-web1.0-cil", pkgver:"2.6.7-5ubuntu3.1")) flag++;
if (ubuntu_check(osver:"11.04", pkgname:"libmono-system-web2.0-cil", pkgver:"2.6.7-5ubuntu3.1")) flag++;
if (ubuntu_check(osver:"11.10", pkgname:"libmono-system-web2.0-cil", pkgver:"2.10.5-1ubuntu0.1")) flag++;
if (ubuntu_check(osver:"11.10", pkgname:"libmono-system-web4.0-cil", pkgver:"2.10.5-1ubuntu0.1")) flag++;
if (ubuntu_check(osver:"12.04", pkgname:"libmono-system-web2.0-cil", pkgver:"2.10.8.1-1ubuntu2.2")) flag++;
if (ubuntu_check(osver:"12.04", pkgname:"libmono-system-web4.0-cil", pkgver:"2.10.8.1-1ubuntu2.2")) flag++;

if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_WARNING,
    extra      : ubuntu_report_get()
  );
  exit(0);
}
else
{
  tested = ubuntu_pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libmono-system-web1.0-cil / libmono-system-web2.0-cil / etc");
}
VendorProductVersionCPE
canonicalubuntu_linuxlibmono-system-web1.0-cilp-cpe:/a:canonical:ubuntu_linux:libmono-system-web1.0-cil
canonicalubuntu_linuxlibmono-system-web2.0-cilp-cpe:/a:canonical:ubuntu_linux:libmono-system-web2.0-cil
canonicalubuntu_linuxlibmono-system-web4.0-cilp-cpe:/a:canonical:ubuntu_linux:libmono-system-web4.0-cil
canonicalubuntu_linux10.04cpe:/o:canonical:ubuntu_linux:10.04:-:lts
canonicalubuntu_linux11.04cpe:/o:canonical:ubuntu_linux:11.04
canonicalubuntu_linux11.10cpe:/o:canonical:ubuntu_linux:11.10
canonicalubuntu_linux12.04cpe:/o:canonical:ubuntu_linux:12.04:-:lts

Related

openvas 32
ubuntu 1
cve 3
nessus 17
securityvulns 6
ubuntucve 3
github 1
fedora 11
prion 3
debiancve 3
osv 2
debian 1
gentoo 1
openvas
openvas
Ubuntu Update for mono USN-1517-1
2012-07-26 00:00:00
Ubuntu Update for mono USN-1517-1
2012-07-26 00:00:00
Mandriva Update for mono MDVSA-2010:240 (mono)
2010-12-02 00:00:00
ubuntu
ubuntu
Mono vulnerabilities
2012-07-25 00:00:00
cve
cve
CVE-2010-4159
2010-11-17 16:00:00
CVE-2010-1459
2010-05-27 19:00:00
CVE-2012-3382
2012-07-12 21:55:00
nessus
nessus
SuSE 10 Security Update : Mono (ZYPP Patch Number 7445)
2011-04-22 00:00:00
Mandriva Linux Security Advisory : mono (MDVSA-2010:240)
2010-11-28 00:00:00
SuSE 11 / 11.1 Security Update : mono-core / Mono (SAT Patch Numbers 2326 / 2474)
2010-12-02 00:00:00
securityvulns
securityvulns
[ MDVSA-2010:240 ] mono
2010-11-28 00:00:00
Mono code execution
2010-11-28 00:00:00
[SECURITY] [DSA 2512-1] mono security update
2012-07-16 00:00:00
ubuntucve
ubuntucve
CVE-2010-4159
2010-11-17 00:00:00
CVE-2010-1459
2010-05-27 00:00:00
CVE-2012-3382
2012-07-12 00:00:00
github
github
Mono ASP.NET View State Cross-Site Scripting (XSS) vulnerability
2022-05-02 06:22:59
fedora
fedora
[SECURITY] Fedora 13 Update: mono-tools-2.6.2-1.fc13
2010-07-13 07:47:49
[SECURITY] Fedora 13 Update: gtksourceview-sharp-2.0.12-11.fc13
2010-07-13 07:47:49
[SECURITY] Fedora 13 Update: xsp-2.6.4-1.fc13
2010-07-13 07:47:49
prion
prion
Cross site scripting
2010-05-27 19:00:00
Design/Logic Flaw
2010-11-17 16:00:00
Cross site scripting
2012-07-12 21:55:00
debiancve
debiancve
CVE-2010-1459
2010-05-27 19:00:00
CVE-2010-4159
2010-11-17 16:00:00
CVE-2012-3382
2012-07-12 21:55:00
osv
osv
Mono ASP.NET View State Cross-Site Scripting (XSS) vulnerability
2022-05-02 06:22:59
mono - missing input sanitising
2012-07-12 00:00:00
debian
debian
[SECURITY] [DSA 2512-1] mono security update
2012-07-12 19:27:33
gentoo
gentoo
Mono: Multiple vulnerabilities
2012-06-21 00:00:00
JSON
Related for UBUNTU_USN-1517-1.NASL
openvas32ubuntu1cve3nessus17securityvulns6ubuntucve3github1fedora11prion3debiancve3osv2debian1gentoo1