Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusUbuntu Security Notice (C) 2007-2019 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.UBUNTU_USN-382-1.NASL
HistoryNov 10, 2007 - 12:00 a.m.

Ubuntu 5.10 / 6.06 LTS / 6.10 : mozilla-thunderbird vulnerabilities (USN-382-1)

2007-11-1000:00:00
Ubuntu Security Notice (C) 2007-2019 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
13
JSON

USN-352-1 fixed a flaw in the verification of PKCS certificate signatures. Ulrich Kuehn discovered a variant of the original attack which the original fix did not cover. (CVE-2006-5462)

Various flaws have been reported that allow an attacker to execute arbitrary code with user privileges by tricking the user into opening a malicious email containing JavaScript. Please note that JavaScript is disabled by default for emails, and it is not recommended to enable it. (CVE-2006-5463, CVE-2006-5464, CVE-2006-5747, CVE-2006-5748).

Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Ubuntu Security Notice USN-382-1. The text 
# itself is copyright (C) Canonical, Inc. See 
# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered 
# trademark of Canonical, Inc.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(27965);
  script_version("1.16");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/19");

  script_cve_id("CVE-2006-4340", "CVE-2006-5462", "CVE-2006-5463", "CVE-2006-5464", "CVE-2006-5747", "CVE-2006-5748");
  script_bugtraq_id(19849);
  script_xref(name:"USN", value:"382-1");

  script_name(english:"Ubuntu 5.10 / 6.06 LTS / 6.10 : mozilla-thunderbird vulnerabilities (USN-382-1)");
  script_summary(english:"Checks dpkg output for updated packages.");

  script_set_attribute(
    attribute:"synopsis", 
    value:
"The remote Ubuntu host is missing one or more security-related
patches."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"USN-352-1 fixed a flaw in the verification of PKCS certificate
signatures. Ulrich Kuehn discovered a variant of the original attack
which the original fix did not cover. (CVE-2006-5462)

Various flaws have been reported that allow an attacker to execute
arbitrary code with user privileges by tricking the user into opening
a malicious email containing JavaScript. Please note that JavaScript
is disabled by default for emails, and it is not recommended to enable
it. (CVE-2006-5463, CVE-2006-5464, CVE-2006-5747, CVE-2006-5748).

Note that Tenable Network Security has extracted the preceding
description block directly from the Ubuntu security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://usn.ubuntu.com/382-1/"
  );
  script_set_attribute(attribute:"solution", value:"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");
  script_cwe_id(20);

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:mozilla-thunderbird");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:mozilla-thunderbird-dev");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:mozilla-thunderbird-inspector");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:mozilla-thunderbird-typeaheadfind");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:5.10");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:6.06:-:lts");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:6.10");

  script_set_attribute(attribute:"patch_publication_date", value:"2006/11/21");
  script_set_attribute(attribute:"plugin_publication_date", value:"2007/11/10");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"Ubuntu Security Notice (C) 2007-2019 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Ubuntu Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");

  exit(0);
}


include("audit.inc");
include("ubuntu.inc");
include("misc_func.inc");

if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/Ubuntu/release");
if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu");
release = chomp(release);
if (! ereg(pattern:"^(5\.10|6\.06|6\.10)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 5.10 / 6.06 / 6.10", "Ubuntu " + release);
if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu);

flag = 0;

if (ubuntu_check(osver:"5.10", pkgname:"mozilla-thunderbird", pkgver:"1.5.0.8-0ubuntu0.5.10")) flag++;
if (ubuntu_check(osver:"5.10", pkgname:"mozilla-thunderbird-dev", pkgver:"1.5.0.8-0ubuntu0.5.10")) flag++;
if (ubuntu_check(osver:"5.10", pkgname:"mozilla-thunderbird-inspector", pkgver:"1.5.0.8-0ubuntu0.5.10")) flag++;
if (ubuntu_check(osver:"5.10", pkgname:"mozilla-thunderbird-typeaheadfind", pkgver:"1.5.0.8-0ubuntu0.5.10")) flag++;
if (ubuntu_check(osver:"6.06", pkgname:"mozilla-thunderbird", pkgver:"1.5.0.8-0ubuntu0.6.06")) flag++;
if (ubuntu_check(osver:"6.06", pkgname:"mozilla-thunderbird-dev", pkgver:"1.5.0.8-0ubuntu0.6.06")) flag++;
if (ubuntu_check(osver:"6.06", pkgname:"mozilla-thunderbird-inspector", pkgver:"1.5.0.8-0ubuntu0.6.06")) flag++;
if (ubuntu_check(osver:"6.06", pkgname:"mozilla-thunderbird-typeaheadfind", pkgver:"1.5.0.8-0ubuntu0.6.06")) flag++;
if (ubuntu_check(osver:"6.10", pkgname:"mozilla-thunderbird", pkgver:"1.5.0.8-0ubuntu0.6.10")) flag++;
if (ubuntu_check(osver:"6.10", pkgname:"mozilla-thunderbird-dev", pkgver:"1.5.0.8-0ubuntu0.6.10")) flag++;
if (ubuntu_check(osver:"6.10", pkgname:"mozilla-thunderbird-inspector", pkgver:"1.5.0.8-0ubuntu0.6.10")) flag++;
if (ubuntu_check(osver:"6.10", pkgname:"mozilla-thunderbird-typeaheadfind", pkgver:"1.5.0.8-0ubuntu0.6.10")) flag++;

if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_HOLE,
    extra      : ubuntu_report_get()
  );
  exit(0);
}
else
{
  tested = ubuntu_pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "mozilla-thunderbird / mozilla-thunderbird-dev / etc");
}
VendorProductVersionCPE
canonicalubuntu_linuxmozilla-thunderbirdp-cpe:/a:canonical:ubuntu_linux:mozilla-thunderbird
canonicalubuntu_linuxmozilla-thunderbird-devp-cpe:/a:canonical:ubuntu_linux:mozilla-thunderbird-dev
canonicalubuntu_linuxmozilla-thunderbird-inspectorp-cpe:/a:canonical:ubuntu_linux:mozilla-thunderbird-inspector
canonicalubuntu_linuxmozilla-thunderbird-typeaheadfindp-cpe:/a:canonical:ubuntu_linux:mozilla-thunderbird-typeaheadfind
canonicalubuntu_linux5.10cpe:/o:canonical:ubuntu_linux:5.10
canonicalubuntu_linux6.06cpe:/o:canonical:ubuntu_linux:6.06:-:lts
canonicalubuntu_linux6.10cpe:/o:canonical:ubuntu_linux:6.10

Related

nessus 66
oraclelinux 6
openvas 38
gentoo 6
centos 8
redhat 6
ubuntu 6
suse 3
osv 7
debian 7
mozilla 4
ubuntucve 6
debiancve 7
cve 8
cert 7
veracode 6
prion 1
cvelist 1
freebsd 1
nessus
nessus
Mandrake Linux Security Advisory : mozilla-firefox (MDKSA-2006:205)
2007-02-18 00:00:00
Mandrake Linux Security Advisory : mozilla-thunderbird (MDKSA-2006:206)
2007-02-18 00:00:00
Ubuntu 5.10 / 6.06 LTS : firefox vulnerabilities (USN-381-1)
2007-11-10 00:00:00
oraclelinux
oraclelinux
Critical firefox security update
2006-12-07 00:00:00
Critical thunderbird security update
2006-12-07 00:00:00
Critical seamonkey security update
2006-12-07 00:00:00
openvas
openvas
Gentoo Security Advisory GLSA 200612-08 (seamonkey)
2008-09-24 00:00:00
Gentoo Security Advisory GLSA 200612-08 (seamonkey)
2008-09-24 00:00:00
Ubuntu: Security Advisory (USN-382-1)
2022-08-26 00:00:00
gentoo
gentoo
SeaMonkey: Multiple vulnerabilities
2006-12-10 00:00:00
Mozilla Thunderbird: Multiple vulnerabilities
2006-12-10 00:00:00
Mozilla Firefox: Multiple vulnerabilities
2006-12-10 00:00:00
centos
centos
devhelp, seamonkey security update
2006-11-09 02:25:34
thunderbird security update
2006-11-09 21:51:03
firefox security update
2006-11-09 21:11:25
redhat
redhat
(RHSA-2006:0733) Critical: firefox security update
2006-11-07 00:00:00
(RHSA-2006:0735) Critical: thunderbird security update
2006-11-08 00:00:00
(RHSA-2006:0734) Critical: seamonkey security update
2006-11-08 00:00:00
ubuntu
ubuntu
Firefox vulnerabilities
2006-11-21 00:00:00
Thunderbird vulnerabilities
2006-11-21 00:00:00
Thunderbird vulnerabilities
2006-09-25 00:00:00
suse
suse
remote denial of service in MozillaFirefox,MozillaThunderbird,seamonkey
2006-11-16 19:09:31
RSA signature evasion in openssl,mozilla-nss
2006-09-22 15:25:59
remote code execution in MozillaFirefox,MozillaThunderbird,seamonkey
2006-09-22 13:02:47
osv
osv
mozilla
2006-12-03 00:00:00
mozilla-firefox
2006-12-03 00:00:00
mozilla-thunderbird
2006-12-04 00:00:00
debian
debian
[SECURITY] [DSA 1225-1] New Mozilla Firefox packages fix several vulnerabilities
2006-12-03 00:00:00
[SECURITY] [DSA 1227-1] New Mozilla Thunderbird packages fix several vulnerabilities
2006-12-04 00:00:00
[SECURITY] [DSA 1225-2] New Mozilla Firefox packages fix several vulnerabilities
2006-12-03 00:00:00
mozilla
mozilla
Crashes with evidence of memory corruption (rv:1.8.0.8) — Mozilla
2006-11-07 00:00:00
Running Script can be recompiled — Mozilla
2006-11-07 00:00:00
RSA Signature Forgery (variant) — Mozilla
2006-11-07 00:00:00
ubuntucve
ubuntucve
CVE-2006-5462
2006-11-08 00:00:00
CVE-2006-4340
2006-09-15 00:00:00
CVE-2006-5463
2006-11-08 00:00:00
debiancve
debiancve
CVE-2006-5462
2006-11-08 21:07:00
CVE-2006-4340
2006-09-15 18:07:00
CVE-2006-5463
2006-11-08 22:07:00
cve
cve
CVE-2006-5462
2006-11-08 21:07:00
CVE-2006-4340
2006-09-15 18:07:00
CVE-2006-5463
2006-11-08 22:07:00
cert
cert
Mozilla products allow execution of arbitrary JavaScript
2006-11-08 00:00:00
Mozilla products vulnerable to memory corruption
2006-11-08 00:00:00
Mozilla XML.prototype.hasOwnProperty() method memory corruption vulnerability
2006-11-08 00:00:00
veracode
veracode
Remote Code Execution (RCE)
2020-04-10 00:12:15
Spoofable SSL Certificate
2020-04-10 00:13:11
Denial Of Service (DoS)
2020-04-10 00:12:16
prion
prion
Code injection
2018-11-07 20:29:00
cvelist
cvelist
CVE-2018-16150
2018-11-07 20:00:00
freebsd
freebsd
mozilla -- multiple vulnerabilities
2006-09-14 00:00:00
JSON
Related for UBUNTU_USN-382-1.NASL
nessus66oraclelinux6openvas38gentoo6centos8redhat6ubuntu6suse3osv7debian7mozilla4ubuntucve6debiancve7cve8cert7veracode6prion1cvelist1freebsd1