ID OPENVAS:1361412562310121086 Type openvas Reporter Eero Volotinen Modified 2018-10-26T00:00:00
Description
Gentoo Linux Local Security Checks GLSA 201312-05
###############################################################################
# OpenVAS Vulnerability Test
# $Id: glsa-201312-05.nasl 12128 2018-10-26 13:35:25Z cfischer $
#
# Gentoo Linux security check
#
# Authors:
# Eero Volotinen <eero.volotinen@solinor.com>
#
# Copyright:
# Copyright (c) 2015 Eero Volotinen, http://solinor.com
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2
# (or any later version), as published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.0.121086");
script_version("$Revision: 12128 $");
script_tag(name:"creation_date", value:"2015-09-29 11:26:25 +0300 (Tue, 29 Sep 2015)");
script_tag(name:"last_modification", value:"$Date: 2018-10-26 15:35:25 +0200 (Fri, 26 Oct 2018) $");
script_name("Gentoo Security Advisory GLSA 201312-05");
script_tag(name:"insight", value:"Multiple vulnerabilities have been discovered in SWI-Prolog: * An error in the canoniseFileName() function could cause a stack-based buffer overflow (CVE-2012-6089). * An error in the expand() function could cause a stack-based buffer overflow (CVE-2012-6090).");
script_tag(name:"solution", value:"Update the affected packages to the latest available version.");
script_tag(name:"solution_type", value:"VendorFix");
script_xref(name:"URL", value:"https://security.gentoo.org/glsa/201312-05");
script_cve_id("CVE-2012-6089", "CVE-2012-6090");
script_tag(name:"cvss_base", value:"7.5");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:P/I:P/A:P");
script_tag(name:"qod_type", value:"package");
script_dependencies("gather-package-list.nasl");
script_mandatory_keys("ssh/login/gentoo", "ssh/login/pkg");
script_category(ACT_GATHER_INFO);
script_tag(name:"summary", value:"Gentoo Linux Local Security Checks GLSA 201312-05");
script_copyright("Eero Volotinen");
script_family("Gentoo Local Security Checks");
exit(0);
}
include("revisions-lib.inc");
include("pkg-lib-gentoo.inc");
res = "";
report = "";
if((res=ispkgvuln(pkg:"dev-lang/swi-prolog", unaffected: make_list("ge 6.2.5"), vulnerable: make_list("lt 6.2.5"))) != NULL) {
report += res;
}
if(report != "") {
security_message(data:report);
} else if (__pkg_match) {
exit(99);
}
{"id": "OPENVAS:1361412562310121086", "type": "openvas", "bulletinFamily": "scanner", "title": "Gentoo Security Advisory GLSA 201312-05", "description": "Gentoo Linux Local Security Checks GLSA 201312-05", "published": "2015-09-29T00:00:00", "modified": "2018-10-26T00:00:00", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310121086", "reporter": "Eero Volotinen", "references": ["https://security.gentoo.org/glsa/201312-05"], "cvelist": ["CVE-2012-6089", "CVE-2012-6090"], "lastseen": "2019-05-29T18:36:18", "viewCount": 0, "enchantments": {"dependencies": {}, "score": {"value": 6.0, "vector": "NONE"}, "backreferences": {"references": [{"type": "cve", "idList": ["CVE-2012-6089", "CVE-2012-6090"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2012-6089", "DEBIANCVE:CVE-2012-6090"]}, {"type": "fedora", "idList": ["FEDORA:E202220BF2"]}, {"type": "gentoo", "idList": ["GLSA-201312-05"]}, {"type": "nessus", "idList": ["FEDORA_2013-0178.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:864993"]}]}, "exploitation": null, "vulnersScore": 6.0}, "pluginID": "1361412562310121086", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: glsa-201312-05.nasl 12128 2018-10-26 13:35:25Z cfischer $\n#\n# Gentoo Linux security check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.121086\");\n script_version(\"$Revision: 12128 $\");\n script_tag(name:\"creation_date\", value:\"2015-09-29 11:26:25 +0300 (Tue, 29 Sep 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-26 15:35:25 +0200 (Fri, 26 Oct 2018) $\");\n script_name(\"Gentoo Security Advisory GLSA 201312-05\");\n script_tag(name:\"insight\", value:\"Multiple vulnerabilities have been discovered in SWI-Prolog: * An error in the canoniseFileName() function could cause a stack-based buffer overflow (CVE-2012-6089). * An error in the expand() function could cause a stack-based buffer overflow (CVE-2012-6090).\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://security.gentoo.org/glsa/201312-05\");\n script_cve_id(\"CVE-2012-6089\", \"CVE-2012-6090\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"summary\", value:\"Gentoo Linux Local Security Checks GLSA 201312-05\");\n script_copyright(\"Eero Volotinen\");\n script_family(\"Gentoo Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-gentoo.inc\");\n\nres = \"\";\nreport = \"\";\n\nif((res=ispkgvuln(pkg:\"dev-lang/swi-prolog\", unaffected: make_list(\"ge 6.2.5\"), vulnerable: make_list(\"lt 6.2.5\"))) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}\n", "naslFamily": "Gentoo Local Security Checks", "immutableFields": [], "cvss2": {}, "cvss3": {}, "_state": {"dependencies": 1645368067}}
{"nessus": [{"lastseen": "2021-08-19T12:56:29", "description": "Fix two buffer overflows when expanding file name glob (CVE-2012-6090) and when canonizing path (CVE-2012-6089).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": null, "vector": null}, "published": "2013-01-15T00:00:00", "type": "nessus", "title": "Fedora 16 : pl-5.10.2-9.fc16 (2013-0225)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-6089", "CVE-2012-6090"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:pl", "cpe:/o:fedoraproject:fedora:16"], "id": "FEDORA_2013-0225.NASL", "href": "https://www.tenable.com/plugins/nessus/63529", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2013-0225.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(63529);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2012-6089\", \"CVE-2012-6090\");\n script_xref(name:\"FEDORA\", value:\"2013-0225\");\n\n script_name(english:\"Fedora 16 : pl-5.10.2-9.fc16 (2013-0225)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Fix two buffer overflows when expanding file name glob (CVE-2012-6090)\nand when canonizing path (CVE-2012-6089).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=891577\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2013-January/096792.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?e0601e8a\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected pl package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:pl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:16\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/01/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/01/15\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^16([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 16.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC16\", reference:\"pl-5.10.2-9.fc16\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"pl\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:56:32", "description": "Fix two buffer overflows when expanding file name glob (CVE-2012-6090) and when canonizing path (CVE-2012-6089).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": null, "vector": null}, "published": "2013-01-15T00:00:00", "type": "nessus", "title": "Fedora 18 : pl-6.0.2-5.fc18 (2013-0178)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-6089", "CVE-2012-6090"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:pl", "cpe:/o:fedoraproject:fedora:18"], "id": "FEDORA_2013-0178.NASL", "href": "https://www.tenable.com/plugins/nessus/63525", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2013-0178.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(63525);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2012-6089\", \"CVE-2012-6090\");\n script_xref(name:\"FEDORA\", value:\"2013-0178\");\n\n script_name(english:\"Fedora 18 : pl-6.0.2-5.fc18 (2013-0178)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Fix two buffer overflows when expanding file name glob (CVE-2012-6090)\nand when canonizing path (CVE-2012-6089).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=891577\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2013-January/096835.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?30fd49c0\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected pl package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:pl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:18\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/01/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/01/15\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^18([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 18.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC18\", reference:\"pl-6.0.2-5.fc18\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"pl\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:52:06", "description": "The remote host is affected by the vulnerability described in GLSA-201312-05 (SWI-Prolog : Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in SWI-Prolog:\n * An error in the canoniseFileName() function could cause a stack-based buffer overflow (CVE-2012-6089).\n * An error in the expand() function could cause a stack-based buffer overflow (CVE-2012-6090).\n Impact :\n\n A context-dependent attack can create files with specially crafted names, causing arbitrary code execution or a denial of service condition.\n Workaround :\n\n There is no known workaround at this time.", "cvss3": {"score": null, "vector": null}, "published": "2013-12-06T00:00:00", "type": "nessus", "title": "GLSA-201312-05 : SWI-Prolog : Multiple vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-6089", "CVE-2012-6090"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:gentoo:linux:swi-prolog", "cpe:/o:gentoo:linux"], "id": "GENTOO_GLSA-201312-05.NASL", "href": "https://www.tenable.com/plugins/nessus/71240", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 201312-05.\n#\n# The advisory text is Copyright (C) 2001-2015 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(71240);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2012-6089\", \"CVE-2012-6090\");\n script_xref(name:\"GLSA\", value:\"201312-05\");\n\n script_name(english:\"GLSA-201312-05 : SWI-Prolog : Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-201312-05\n(SWI-Prolog : Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in SWI-Prolog:\n * An error in the canoniseFileName() function could cause a stack-based\n buffer overflow (CVE-2012-6089).\n * An error in the expand() function could cause a stack-based buffer\n overflow (CVE-2012-6090).\n \nImpact :\n\n A context-dependent attack can create files with specially crafted\n names, causing arbitrary code execution or a denial of service condition.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/201312-05\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All SWI-Prolog users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=dev-lang/swi-prolog-6.2.5'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:swi-prolog\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/12/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/12/06\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"dev-lang/swi-prolog\", unaffected:make_list(\"ge 6.2.5\"), vulnerable:make_list(\"lt 6.2.5\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"SWI-Prolog \");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:17:47", "description": "Fix two buffer overflows when expanding file name glob (CVE-2012-6090) and when canonizing path (CVE-2012-6089).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": null, "vector": null}, "published": "2013-01-15T00:00:00", "type": "nessus", "title": "Fedora 17 : pl-6.0.2-4.fc17 (2013-0211)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-6089", "CVE-2012-6090"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:pl", "cpe:/o:fedoraproject:fedora:17"], "id": "FEDORA_2013-0211.NASL", "href": "https://www.tenable.com/plugins/nessus/63528", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2013-0211.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(63528);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2012-6089\", \"CVE-2012-6090\");\n script_xref(name:\"FEDORA\", value:\"2013-0211\");\n\n script_name(english:\"Fedora 17 : pl-6.0.2-4.fc17 (2013-0211)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Fix two buffer overflows when expanding file name glob (CVE-2012-6090)\nand when canonizing path (CVE-2012-6089).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=891577\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2013-January/096830.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?40f748bc\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected pl package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:pl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:17\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/01/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/01/15\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^17([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 17.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC17\", reference:\"pl-6.0.2-4.fc17\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"pl\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "fedora": [{"lastseen": "2020-12-21T08:17:51", "description": "ISO/Edinburgh-style Prolog compiler including modules, auto-load, libraries, Garbage-collector, stack-expandor, C/C++-interface, GNU-readline interface, very fast compiler. Including packages clib (Unix process control and sockets), cpp (C++ interface), sgml (reading XML/SGML), sgml/RDF (reading RDF into triples) and XPCE (Graphics UI toolkit, integrated editor (Emacs-clone) and source-level debugger). ", "edition": 2, "cvss3": {}, "published": "2013-01-15T02:36:12", "type": "fedora", "title": "[SECURITY] Fedora 17 Update: pl-6.0.2-4.fc17", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-6089", "CVE-2012-6090"], "modified": "2013-01-15T02:36:12", "id": "FEDORA:870A8208F9", "href": "", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:51", "description": "ISO/Edinburgh-style Prolog compiler including modules, auto-load, libraries, Garbage-collector, stack-expandor, C/C++-interface, GNU-readline interface, very fast compiler. Including packages clib (Unix process control and sockets), cpp (C++ interface), sgml (reading XML/SGML), sgml/RDF (reading RDF into triples) and XPCE (Graphics UI toolkit, integrated editor (Emacs-clone) and source-level debugger). ", "edition": 2, "cvss3": {}, "published": "2013-01-15T02:24:05", "type": "fedora", "title": "[SECURITY] Fedora 16 Update: pl-5.10.2-9.fc16", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-6089", "CVE-2012-6090"], "modified": "2013-01-15T02:24:05", "id": "FEDORA:E202220BF2", "href": "", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:51", "description": "ISO/Edinburgh-style Prolog compiler including modules, auto-load, libraries, Garbage-collector, stack-expandor, C/C++-interface, GNU-readline interface, very fast compiler. Including packages clib (Unix process control and sockets), cpp (C++ interface), sgml (reading XML/SGML), sgml/RDF (reading RDF into triples) and XPCE (Graphics UI toolkit, integrated editor (Emacs-clone) and source-level debugger). ", "edition": 2, "cvss3": {}, "published": "2013-01-15T02:37:44", "type": "fedora", "title": "[SECURITY] Fedora 18 Update: pl-6.0.2-5.fc18", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-6089", "CVE-2012-6090"], "modified": "2013-01-15T02:37:44", "id": "FEDORA:5F49821266", "href": "", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "openvas": [{"lastseen": "2019-05-29T18:38:28", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2013-01-15T00:00:00", "type": "openvas", "title": "Fedora Update for pl FEDORA-2013-0211", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-6089", "CVE-2012-6090"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310864989", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310864989", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for pl FEDORA-2013-0211\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.fedoraproject.org/pipermail/package-announce/2013-January/096830.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.864989\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2013-01-15 18:05:47 +0530 (Tue, 15 Jan 2013)\");\n script_cve_id(\"CVE-2012-6090\", \"CVE-2012-6089\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name:\"FEDORA\", value:\"2013-0211\");\n script_name(\"Fedora Update for pl FEDORA-2013-0211\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'pl'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC17\");\n script_tag(name:\"affected\", value:\"pl on Fedora 17\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC17\")\n{\n\n if ((res = isrpmvuln(pkg:\"pl\", rpm:\"pl~6.0.2~4.fc17\", rls:\"FC17\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:37:59", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2013-01-21T00:00:00", "type": "openvas", "title": "Fedora Update for pl FEDORA-2013-0178", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-6089", "CVE-2012-6090"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310865115", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310865115", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for pl FEDORA-2013-0178\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.fedoraproject.org/pipermail/package-announce/2013-January/096835.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.865115\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2013-01-21 09:29:42 +0530 (Mon, 21 Jan 2013)\");\n script_cve_id(\"CVE-2012-6090\", \"CVE-2012-6089\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name:\"FEDORA\", value:\"2013-0178\");\n script_name(\"Fedora Update for pl FEDORA-2013-0178\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'pl'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC18\");\n script_tag(name:\"affected\", value:\"pl on Fedora 18\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC18\")\n{\n\n if ((res = isrpmvuln(pkg:\"pl\", rpm:\"pl~6.0.2~5.fc18\", rls:\"FC18\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2018-01-18T11:09:09", "description": "Check for the Version of pl", "cvss3": {}, "published": "2013-01-15T00:00:00", "type": "openvas", "title": "Fedora Update for pl FEDORA-2013-0211", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-6089", "CVE-2012-6090"], "modified": "2018-01-17T00:00:00", "id": "OPENVAS:864989", "href": "http://plugins.openvas.org/nasl.php?oid=864989", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for pl FEDORA-2013-0211\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\ntag_affected = \"pl on Fedora 17\";\ntag_insight = \"ISO/Edinburgh-style Prolog compiler including modules, auto-load,\n libraries, Garbage-collector, stack-expandor, C/C++-interface,\n GNU-readline interface, very fast compiler. Including packages clib\n (Unix process control and sockets), cpp (C++ interface), sgml (reading\n XML/SGML), sgml/RDF (reading RDF into triples) and XPCE (Graphics UI\n toolkit, integrated editor (Emacs-clone) and source-level debugger).\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2013-January/096830.html\");\n script_id(864989);\n script_version(\"$Revision: 8448 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-17 17:18:06 +0100 (Wed, 17 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2013-01-15 18:05:47 +0530 (Tue, 15 Jan 2013)\");\n script_cve_id(\"CVE-2012-6090\", \"CVE-2012-6089\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"FEDORA\", value: \"2013-0211\");\n script_name(\"Fedora Update for pl FEDORA-2013-0211\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of pl\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC17\")\n{\n\n if ((res = isrpmvuln(pkg:\"pl\", rpm:\"pl~6.0.2~4.fc17\", rls:\"FC17\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-02-05T11:10:23", "description": "Check for the Version of pl", "cvss3": {}, "published": "2013-01-15T00:00:00", "type": "openvas", "title": "Fedora Update for pl FEDORA-2013-0225", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-6089", "CVE-2012-6090"], "modified": "2018-02-03T00:00:00", "id": "OPENVAS:864993", "href": "http://plugins.openvas.org/nasl.php?oid=864993", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for pl FEDORA-2013-0225\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\ntag_affected = \"pl on Fedora 16\";\ntag_insight = \"ISO/Edinburgh-style Prolog compiler including modules, auto-load,\n libraries, Garbage-collector, stack-expandor, C/C++-interface,\n GNU-readline interface, very fast compiler. Including packages clib\n (Unix process control and sockets), cpp (C++ interface), sgml (reading\n XML/SGML), sgml/RDF (reading RDF into triples) and XPCE (Graphics UI\n toolkit, integrated editor (Emacs-clone) and source-level debugger).\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2013-January/096792.html\");\n script_id(864993);\n script_version(\"$Revision: 8650 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-02-03 13:16:59 +0100 (Sat, 03 Feb 2018) $\");\n script_tag(name:\"creation_date\", value:\"2013-01-15 18:06:01 +0530 (Tue, 15 Jan 2013)\");\n script_cve_id(\"CVE-2012-6090\", \"CVE-2012-6089\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"FEDORA\", value: \"2013-0225\");\n script_name(\"Fedora Update for pl FEDORA-2013-0225\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of pl\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC16\")\n{\n\n if ((res = isrpmvuln(pkg:\"pl\", rpm:\"pl~5.10.2~9.fc16\", rls:\"FC16\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:38:04", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2013-01-15T00:00:00", "type": "openvas", "title": "Fedora Update for pl FEDORA-2013-0225", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-6089", "CVE-2012-6090"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310864993", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310864993", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for pl FEDORA-2013-0225\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.fedoraproject.org/pipermail/package-announce/2013-January/096792.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.864993\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2013-01-15 18:06:01 +0530 (Tue, 15 Jan 2013)\");\n script_cve_id(\"CVE-2012-6090\", \"CVE-2012-6089\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name:\"FEDORA\", value:\"2013-0225\");\n script_name(\"Fedora Update for pl FEDORA-2013-0225\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'pl'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC16\");\n script_tag(name:\"affected\", value:\"pl on Fedora 16\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC16\")\n{\n\n if ((res = isrpmvuln(pkg:\"pl\", rpm:\"pl~5.10.2~9.fc16\", rls:\"FC16\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2017-07-25T10:51:55", "description": "Check for the Version of pl", "cvss3": {}, "published": "2013-01-21T00:00:00", "type": "openvas", "title": "Fedora Update for pl FEDORA-2013-0178", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-6089", "CVE-2012-6090"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:865115", "href": "http://plugins.openvas.org/nasl.php?oid=865115", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for pl FEDORA-2013-0178\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\ntag_affected = \"pl on Fedora 18\";\ntag_insight = \"ISO/Edinburgh-style Prolog compiler including modules, auto-load,\n libraries, Garbage-collector, stack-expandor, C/C++-interface,\n GNU-readline interface, very fast compiler. Including packages clib\n (Unix process control and sockets), cpp (C++ interface), sgml (reading\n XML/SGML), sgml/RDF (reading RDF into triples) and XPCE (Graphics UI\n toolkit, integrated editor (Emacs-clone) and source-level debugger).\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2013-January/096835.html\");\n script_id(865115);\n script_version(\"$Revision: 6628 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:32:47 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2013-01-21 09:29:42 +0530 (Mon, 21 Jan 2013)\");\n script_cve_id(\"CVE-2012-6090\", \"CVE-2012-6089\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"FEDORA\", value: \"2013-0178\");\n script_name(\"Fedora Update for pl FEDORA-2013-0178\");\n\n script_summary(\"Check for the Version of pl\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC18\")\n{\n\n if ((res = isrpmvuln(pkg:\"pl\", rpm:\"pl~6.0.2~5.fc18\", rls:\"FC18\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "gentoo": [{"lastseen": "2022-01-17T19:09:42", "description": "### Background\n\nSWI-Prolog is a free, small, and standard compliant Prolog compiler.\n\n### Description\n\nMultiple vulnerabilities have been discovered in SWI-Prolog: * An error in the canoniseFileName() function could cause a stack-based buffer overflow (CVE-2012-6089). * An error in the expand() function could cause a stack-based buffer overflow (CVE-2012-6090). \n\n### Impact\n\nA context-dependent attack can create files with specially crafted names, causing arbitrary code execution or a denial of service condition. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll SWI-Prolog users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev-lang/swi-prolog-6.2.5\"", "cvss3": {}, "published": "2013-12-06T00:00:00", "type": "gentoo", "title": "SWI-Prolog : Multiple vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-6089", "CVE-2012-6090"], "modified": "2013-12-06T00:00:00", "id": "GLSA-201312-05", "href": "https://security.gentoo.org/glsa/201312-05", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "ubuntucve": [{"lastseen": "2021-11-22T21:54:19", "description": "Multiple stack-based buffer overflows in the expand function in\nos/pl-glob.c in SWI-Prolog before 6.2.5 and 6.3.x before 6.3.7 allow remote\nattackers to cause a denial of service (application crash) or possibly\nexecute arbitrary code via a crafted filename.", "cvss3": {}, "published": "2013-01-04T00:00:00", "type": "ubuntucve", "title": "CVE-2012-6090", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-6090"], "modified": "2013-01-04T00:00:00", "id": "UB:CVE-2012-6090", "href": "https://ubuntu.com/security/CVE-2012-6090", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-11-22T21:54:19", "description": "Multiple stack-based buffer overflows in the canoniseFileName function in\nos/pl-os.c in SWI-Prolog before 6.2.5 and 6.3.x before 6.3.7 allow remote\nattackers to cause a denial of service (application crash) or possibly\nexecute arbitrary code via a crafted filename.", "cvss3": {}, "published": "2013-01-04T00:00:00", "type": "ubuntucve", "title": "CVE-2012-6089", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-6089"], "modified": "2013-01-04T00:00:00", "id": "UB:CVE-2012-6089", "href": "https://ubuntu.com/security/CVE-2012-6089", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "cve": [{"lastseen": "2022-03-23T13:35:12", "description": "Multiple stack-based buffer overflows in the expand function in os/pl-glob.c in SWI-Prolog before 6.2.5 and 6.3.x before 6.3.7 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted filename.", "cvss3": {}, "published": "2013-01-04T11:52:00", "type": "cve", "title": "CVE-2012-6090", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-6090"], "modified": "2013-01-04T15:09:00", "cpe": ["cpe:/a:swi-prolog:swi-prolog:5.10.2", "cpe:/a:swi-prolog:swi-prolog:5.6.54", "cpe:/a:swi-prolog:swi-prolog:5.6.51", "cpe:/a:swi-prolog:swi-prolog:5.6.53", "cpe:/a:swi-prolog:swi-prolog:6.2.3", "cpe:/a:swi-prolog:swi-prolog:5.10.0", "cpe:/a:swi-prolog:swi-prolog:5.6.59", "cpe:/a:swi-prolog:swi-prolog:5.6.56", "cpe:/a:swi-prolog:swi-prolog:5.8.3", "cpe:/a:swi-prolog:swi-prolog:6.3.4", "cpe:/a:swi-prolog:swi-prolog:5.8.0", "cpe:/a:swi-prolog:swi-prolog:6.2.2", "cpe:/a:swi-prolog:swi-prolog:6.3.2", "cpe:/a:swi-prolog:swi-prolog:5.6.52", "cpe:/a:swi-prolog:swi-prolog:5.10.4", "cpe:/a:swi-prolog:swi-prolog:6.3.0", "cpe:/a:swi-prolog:swi-prolog:5.8.2", "cpe:/a:swi-prolog:swi-prolog:5.8.1", "cpe:/a:swi-prolog:swi-prolog:6.2.1", "cpe:/a:swi-prolog:swi-prolog:5.6.55", "cpe:/a:swi-prolog:swi-prolog:6.3.1", "cpe:/a:swi-prolog:swi-prolog:6.3.6", "cpe:/a:swi-prolog:swi-prolog:6.3.5", "cpe:/a:swi-prolog:swi-prolog:6.3.3", "cpe:/a:swi-prolog:swi-prolog:6.2.0", "cpe:/a:swi-prolog:swi-prolog:5.6.61", "cpe:/a:swi-prolog:swi-prolog:6.2.4", "cpe:/a:swi-prolog:swi-prolog:5.6.62", "cpe:/a:swi-prolog:swi-prolog:5.10.5", "cpe:/a:swi-prolog:swi-prolog:5.6.57", "cpe:/a:swi-prolog:swi-prolog:5.6.50", "cpe:/a:swi-prolog:swi-prolog:5.6.58", "cpe:/a:swi-prolog:swi-prolog:5.6.64", "cpe:/a:swi-prolog:swi-prolog:6.0.1", "cpe:/a:swi-prolog:swi-prolog:5.10.1", "cpe:/a:swi-prolog:swi-prolog:5.10.3", "cpe:/a:swi-prolog:swi-prolog:6.0.0", "cpe:/a:swi-prolog:swi-prolog:6.0.2", "cpe:/a:swi-prolog:swi-prolog:5.6.63"], "id": "CVE-2012-6090", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-6090", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:swi-prolog:swi-prolog:5.8.3:*:*:*:*:*:*:*", "cpe:2.3:a:swi-prolog:swi-prolog:6.2.2:*:*:*:*:*:*:*", "cpe:2.3:a:swi-prolog:swi-prolog:6.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:swi-prolog:swi-prolog:6.3.0:*:*:*:*:*:*:*", "cpe:2.3:a:swi-prolog:swi-prolog:5.6.54:*:*:*:*:*:*:*", "cpe:2.3:a:swi-prolog:swi-prolog:5.6.61:*:*:*:*:*:*:*", "cpe:2.3:a:swi-prolog:swi-prolog:5.8.2:*:*:*:*:*:*:*", "cpe:2.3:a:swi-prolog:swi-prolog:5.10.5:*:*:*:*:*:*:*", "cpe:2.3:a:swi-prolog:swi-prolog:6.3.3:*:*:*:*:*:*:*", "cpe:2.3:a:swi-prolog:swi-prolog:5.6.63:*:*:*:*:*:*:*", "cpe:2.3:a:swi-prolog:swi-prolog:6.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:swi-prolog:swi-prolog:5.8.1:*:*:*:*:*:*:*", "cpe:2.3:a:swi-prolog:swi-prolog:5.6.55:*:*:*:*:*:*:*", "cpe:2.3:a:swi-prolog:swi-prolog:6.2.4:*:*:*:*:*:*:*", "cpe:2.3:a:swi-prolog:swi-prolog:5.8.0:*:*:*:*:*:*:*", "cpe:2.3:a:swi-prolog:swi-prolog:6.3.4:*:*:*:*:*:*:*", "cpe:2.3:a:swi-prolog:swi-prolog:5.6.51:*:*:*:*:*:*:*", "cpe:2.3:a:swi-prolog:swi-prolog:6.3.6:*:*:*:*:*:*:*", "cpe:2.3:a:swi-prolog:swi-prolog:5.6.64:*:*:*:*:*:*:*", "cpe:2.3:a:swi-prolog:swi-prolog:6.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:swi-prolog:swi-prolog:5.6.53:*:*:*:*:*:*:*", "cpe:2.3:a:swi-prolog:swi-prolog:5.10.2:*:*:*:*:*:*:*", "cpe:2.3:a:swi-prolog:swi-prolog:5.6.59:*:*:*:*:*:*:*", "cpe:2.3:a:swi-prolog:swi-prolog:6.3.5:*:*:*:*:*:*:*", "cpe:2.3:a:swi-prolog:swi-prolog:6.3.2:*:*:*:*:*:*:*", "cpe:2.3:a:swi-prolog:swi-prolog:6.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:swi-prolog:swi-prolog:5.6.57:*:*:*:*:*:*:*", "cpe:2.3:a:swi-prolog:swi-prolog:6.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:swi-prolog:swi-prolog:6.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:swi-prolog:swi-prolog:5.10.4:*:*:*:*:*:*:*", "cpe:2.3:a:swi-prolog:swi-prolog:5.6.62:*:*:*:*:*:*:*", "cpe:2.3:a:swi-prolog:swi-prolog:6.2.3:*:*:*:*:*:*:*", "cpe:2.3:a:swi-prolog:swi-prolog:5.6.58:*:*:*:*:*:*:*", "cpe:2.3:a:swi-prolog:swi-prolog:5.6.56:*:*:*:*:*:*:*", "cpe:2.3:a:swi-prolog:swi-prolog:5.10.1:*:*:*:*:*:*:*", "cpe:2.3:a:swi-prolog:swi-prolog:5.6.52:*:*:*:*:*:*:*", "cpe:2.3:a:swi-prolog:swi-prolog:5.10.3:*:*:*:*:*:*:*", "cpe:2.3:a:swi-prolog:swi-prolog:5.10.0:*:*:*:*:*:*:*", "cpe:2.3:a:swi-prolog:swi-prolog:5.6.50:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T13:35:05", "description": "Multiple stack-based buffer overflows in the canoniseFileName function in os/pl-os.c in SWI-Prolog before 6.2.5 and 6.3.x before 6.3.7 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted filename.", "cvss3": {}, "published": "2013-01-04T11:52:00", "type": "cve", "title": "CVE-2012-6089", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-6089"], "modified": "2013-01-04T11:52:00", "cpe": ["cpe:/a:swi-prolog:swi-prolog:5.10.2", "cpe:/a:swi-prolog:swi-prolog:5.6.54", "cpe:/a:swi-prolog:swi-prolog:5.6.51", "cpe:/a:swi-prolog:swi-prolog:5.6.53", "cpe:/a:swi-prolog:swi-prolog:6.2.3", "cpe:/a:swi-prolog:swi-prolog:5.10.0", "cpe:/a:swi-prolog:swi-prolog:5.6.59", "cpe:/a:swi-prolog:swi-prolog:5.6.56", "cpe:/a:swi-prolog:swi-prolog:5.8.3", "cpe:/a:swi-prolog:swi-prolog:6.3.4", "cpe:/a:swi-prolog:swi-prolog:5.8.0", "cpe:/a:swi-prolog:swi-prolog:6.2.2", "cpe:/a:swi-prolog:swi-prolog:6.3.2", "cpe:/a:swi-prolog:swi-prolog:5.6.52", "cpe:/a:swi-prolog:swi-prolog:5.10.4", "cpe:/a:swi-prolog:swi-prolog:6.3.0", "cpe:/a:swi-prolog:swi-prolog:5.8.2", "cpe:/a:swi-prolog:swi-prolog:5.8.1", "cpe:/a:swi-prolog:swi-prolog:6.2.1", "cpe:/a:swi-prolog:swi-prolog:5.6.55", "cpe:/a:swi-prolog:swi-prolog:6.3.6", "cpe:/a:swi-prolog:swi-prolog:6.3.1", "cpe:/a:swi-prolog:swi-prolog:6.3.5", "cpe:/a:swi-prolog:swi-prolog:6.3.3", "cpe:/a:swi-prolog:swi-prolog:6.2.0", "cpe:/a:swi-prolog:swi-prolog:5.6.61", "cpe:/a:swi-prolog:swi-prolog:6.2.4", "cpe:/a:swi-prolog:swi-prolog:5.6.62", "cpe:/a:swi-prolog:swi-prolog:5.10.5", "cpe:/a:swi-prolog:swi-prolog:5.6.57", "cpe:/a:swi-prolog:swi-prolog:5.6.50", "cpe:/a:swi-prolog:swi-prolog:5.6.58", "cpe:/a:swi-prolog:swi-prolog:5.6.64", "cpe:/a:swi-prolog:swi-prolog:6.0.1", "cpe:/a:swi-prolog:swi-prolog:5.10.1", "cpe:/a:swi-prolog:swi-prolog:5.10.3", "cpe:/a:swi-prolog:swi-prolog:6.0.0", "cpe:/a:swi-prolog:swi-prolog:6.0.2", "cpe:/a:swi-prolog:swi-prolog:5.6.63"], "id": "CVE-2012-6089", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-6089", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:swi-prolog:swi-prolog:5.8.3:*:*:*:*:*:*:*", "cpe:2.3:a:swi-prolog:swi-prolog:6.2.2:*:*:*:*:*:*:*", "cpe:2.3:a:swi-prolog:swi-prolog:6.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:swi-prolog:swi-prolog:6.3.0:*:*:*:*:*:*:*", "cpe:2.3:a:swi-prolog:swi-prolog:5.6.54:*:*:*:*:*:*:*", "cpe:2.3:a:swi-prolog:swi-prolog:5.6.61:*:*:*:*:*:*:*", "cpe:2.3:a:swi-prolog:swi-prolog:5.8.2:*:*:*:*:*:*:*", "cpe:2.3:a:swi-prolog:swi-prolog:5.10.5:*:*:*:*:*:*:*", "cpe:2.3:a:swi-prolog:swi-prolog:6.3.3:*:*:*:*:*:*:*", "cpe:2.3:a:swi-prolog:swi-prolog:5.6.63:*:*:*:*:*:*:*", "cpe:2.3:a:swi-prolog:swi-prolog:6.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:swi-prolog:swi-prolog:5.8.1:*:*:*:*:*:*:*", "cpe:2.3:a:swi-prolog:swi-prolog:5.6.55:*:*:*:*:*:*:*", "cpe:2.3:a:swi-prolog:swi-prolog:6.2.4:*:*:*:*:*:*:*", "cpe:2.3:a:swi-prolog:swi-prolog:5.8.0:*:*:*:*:*:*:*", "cpe:2.3:a:swi-prolog:swi-prolog:6.3.4:*:*:*:*:*:*:*", "cpe:2.3:a:swi-prolog:swi-prolog:5.6.51:*:*:*:*:*:*:*", "cpe:2.3:a:swi-prolog:swi-prolog:6.3.6:*:*:*:*:*:*:*", "cpe:2.3:a:swi-prolog:swi-prolog:5.6.64:*:*:*:*:*:*:*", "cpe:2.3:a:swi-prolog:swi-prolog:6.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:swi-prolog:swi-prolog:5.6.53:*:*:*:*:*:*:*", "cpe:2.3:a:swi-prolog:swi-prolog:5.10.2:*:*:*:*:*:*:*", "cpe:2.3:a:swi-prolog:swi-prolog:5.6.59:*:*:*:*:*:*:*", "cpe:2.3:a:swi-prolog:swi-prolog:6.3.5:*:*:*:*:*:*:*", "cpe:2.3:a:swi-prolog:swi-prolog:6.3.2:*:*:*:*:*:*:*", "cpe:2.3:a:swi-prolog:swi-prolog:6.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:swi-prolog:swi-prolog:5.6.57:*:*:*:*:*:*:*", "cpe:2.3:a:swi-prolog:swi-prolog:6.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:swi-prolog:swi-prolog:6.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:swi-prolog:swi-prolog:5.10.4:*:*:*:*:*:*:*", "cpe:2.3:a:swi-prolog:swi-prolog:5.6.62:*:*:*:*:*:*:*", "cpe:2.3:a:swi-prolog:swi-prolog:6.2.3:*:*:*:*:*:*:*", "cpe:2.3:a:swi-prolog:swi-prolog:5.6.58:*:*:*:*:*:*:*", "cpe:2.3:a:swi-prolog:swi-prolog:5.6.56:*:*:*:*:*:*:*", "cpe:2.3:a:swi-prolog:swi-prolog:5.10.1:*:*:*:*:*:*:*", "cpe:2.3:a:swi-prolog:swi-prolog:5.6.52:*:*:*:*:*:*:*", "cpe:2.3:a:swi-prolog:swi-prolog:5.10.3:*:*:*:*:*:*:*", "cpe:2.3:a:swi-prolog:swi-prolog:5.10.0:*:*:*:*:*:*:*", "cpe:2.3:a:swi-prolog:swi-prolog:5.6.50:*:*:*:*:*:*:*"]}], "debiancve": [{"lastseen": "2022-03-27T07:42:41", "description": "Multiple stack-based buffer overflows in the expand function in os/pl-glob.c in SWI-Prolog before 6.2.5 and 6.3.x before 6.3.7 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted filename.", "cvss3": {}, "published": "2013-01-04T11:52:00", "type": "debiancve", "title": "CVE-2012-6090", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-6090"], "modified": "2013-01-04T11:52:00", "id": "DEBIANCVE:CVE-2012-6090", "href": "https://security-tracker.debian.org/tracker/CVE-2012-6090", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-03-27T07:42:41", "description": "Multiple stack-based buffer overflows in the canoniseFileName function in os/pl-os.c in SWI-Prolog before 6.2.5 and 6.3.x before 6.3.7 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted filename.", "cvss3": {}, "published": "2013-01-04T11:52:00", "type": "debiancve", "title": "CVE-2012-6089", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-6089"], "modified": "2013-01-04T11:52:00", "id": "DEBIANCVE:CVE-2012-6089", "href": "https://security-tracker.debian.org/tracker/CVE-2012-6089", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}]}
