Lucene search
K

Unmaintained Gentoo packages

🗓️ 08 Oct 2008 00:00:00Reported by Copyright (C) 2008 Michel Arboi <[email protected]>Type 
openvas
 openvas
🔗 plugins.openvas.org👁 23 Views

The remote Gentoo system contains several packages or versions which have been marked as obsolet

Code
# SPDX-FileCopyrightText: 2008 Michel Arboi <[email protected]>
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only

if(description)
{
  script_oid("1.3.6.1.4.1.25623.1.0.24017");
  script_version("2026-04-28T06:28:05+0000");
  script_tag(name:"last_modification", value:"2026-04-28 06:28:05 +0000 (Tue, 28 Apr 2026)");
  script_tag(name:"creation_date", value:"2008-10-08 21:18:44 +0200 (Wed, 08 Oct 2008)");
  script_tag(name:"cvss_base", value:"6.0");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:M/Au:S/C:P/I:P/A:P");
  script_copyright("Copyright (C) 2008 Michel Arboi <[email protected]>");
  script_name("Unmaintained Gentoo packages");
  script_category(ACT_GATHER_INFO);
  script_tag(name:"qod_type", value:"package");
  script_family("Gentoo Local Security Checks");
  script_dependencies("gather-package-list.nasl");
  script_mandatory_keys("ssh/login/pkg", "ssh/login/gentoo_maintained");

  script_tag(name:"solution", value:"Remove or upgrade those packages.");

  script_tag(name:"summary", value:"The remote Gentoo system contains several packages or versions
  which have been marked as obsolete and have been removed from the portage tree.

  These versions are therefore unmaintained, which means that if any security flaw is found in them,
  no patch will be made available.

  In addition to this, these packages might break after a library upgrade and it will be impossible to recompile them.");

  script_tag(name:"solution_type", value:"VendorFix");

  exit(0);
}

include("global_settings.inc");

installed = get_kb_item("ssh/login/pkg");
maintained = get_kb_item("ssh/login/gentoo_maintained");

#
# Debug only
# function exec(cmd)
# {
#  return pread(cmd: "/bin/sh", argv: make_list("sh", "-c", cmd));
# }
#
# installed = exec(cmd: 'find /var/db/pkg/ -mindepth 2 -maxdepth 2 -printf "%P\\n"');
# maintained = exec(cmd: "find /usr/portage/ -wholename '/usr/portage/*-*/*.ebuild' | sed 's,/usr/portage/\([^/]*\)/.*/\([^/]*\)\.ebuild$,\1/\2,'");
#

if (isnull(installed) || isnull(maintained)) exit(0);

bad_l = ''; old_l = ''; obs_l = '';

maintained_v = sort(split(maintained, keep: 0));
maintained = NULL;      # Free memory

installed_v = sort(split(installed, keep: 0));
installed = NULL;

i1 = 0; i2 = 0; n1 = max_index(maintained_v); n2 = max_index(installed_v);
all = 0; bad = 0;

prev_m = maintained_v[0];       # So that it can be parsed

for (i2 = 0; i2 < n2; i2 ++)
{
 # There is no software in a "virtual" package
 # -MERGING-* & lockfiles are artefacts
 if (! match(string: installed_v[i2], pattern: 'virtual/*') &&
     ! match(string: installed_v[i2], pattern: '*/-MERGING-*') &&
     ! match(string: installed_v[i2], pattern: '*/*.portage_lockfile') )
 {
  while (i1 < n1 && maintained_v[i1] < installed_v[i2])
  {
   prev_m = maintained_v[i1];
   i1 ++;
  }

  if (maintained_v[i1] != installed_v[i2])
  {
   pat = '^([a-z0-9]+-[a-z0-9]+/[^0-9][a-z0-9+_-]+)-[0-9].*$';
   iv = eregmatch(string: installed_v[i2], pattern: pat, icase: 1);
   mv = eregmatch(string: maintained_v[i1], pattern: pat, icase: 1);
   pv = eregmatch(string: prev_m, pattern: pat, icase: 1);

   if (! isnull(iv)  && ! isnull(mv) && ! isnull(pv))
    if (iv[1] == mv[1] || iv[1] == pv[1])
     old_l += installed_v[i2] + '\n';
    else
     obs_l += installed_v[i2] + '\n';
   else
   {
    debug_print('Cannot parse ', installed_v[i2], ' or ', maintained_v[i1], ' or ', prev_m);
    bad_l += installed_v[i2] + '\n';
   }
   bad ++;
  }
  all ++;
 }
}

if (bad > 0)
{
 desc = '';
 if (strlen(obs_l) > 0)
  desc = strcat(desc, 'The following packages are not maintained any more:\n', obs_l, '\n');
 if (strlen(old_l) > 0)
  desc = strcat(desc, 'The following packages should be updated:\n', old_l, '\n');
 if (bad_l > 0)
  desc = strcat(desc, 'The following obsolete packages were found:\n', bad_l, '\n');
  security_message(port: 0, data: desc);
}
debug_print('Found ', bad, ' obsolete packages among ', all, ' packages\n');

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

28 Apr 2026 00:00Current
5.5Medium risk
Vulners AI Score5.5
23