# SPDX-FileCopyrightText: 2008 Michel Arboi <[email protected]>
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.0.24017");
script_version("2026-04-28T06:28:05+0000");
script_tag(name:"last_modification", value:"2026-04-28 06:28:05 +0000 (Tue, 28 Apr 2026)");
script_tag(name:"creation_date", value:"2008-10-08 21:18:44 +0200 (Wed, 08 Oct 2008)");
script_tag(name:"cvss_base", value:"6.0");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:M/Au:S/C:P/I:P/A:P");
script_copyright("Copyright (C) 2008 Michel Arboi <[email protected]>");
script_name("Unmaintained Gentoo packages");
script_category(ACT_GATHER_INFO);
script_tag(name:"qod_type", value:"package");
script_family("Gentoo Local Security Checks");
script_dependencies("gather-package-list.nasl");
script_mandatory_keys("ssh/login/pkg", "ssh/login/gentoo_maintained");
script_tag(name:"solution", value:"Remove or upgrade those packages.");
script_tag(name:"summary", value:"The remote Gentoo system contains several packages or versions
which have been marked as obsolete and have been removed from the portage tree.
These versions are therefore unmaintained, which means that if any security flaw is found in them,
no patch will be made available.
In addition to this, these packages might break after a library upgrade and it will be impossible to recompile them.");
script_tag(name:"solution_type", value:"VendorFix");
exit(0);
}
include("global_settings.inc");
installed = get_kb_item("ssh/login/pkg");
maintained = get_kb_item("ssh/login/gentoo_maintained");
#
# Debug only
# function exec(cmd)
# {
# return pread(cmd: "/bin/sh", argv: make_list("sh", "-c", cmd));
# }
#
# installed = exec(cmd: 'find /var/db/pkg/ -mindepth 2 -maxdepth 2 -printf "%P\\n"');
# maintained = exec(cmd: "find /usr/portage/ -wholename '/usr/portage/*-*/*.ebuild' | sed 's,/usr/portage/\([^/]*\)/.*/\([^/]*\)\.ebuild$,\1/\2,'");
#
if (isnull(installed) || isnull(maintained)) exit(0);
bad_l = ''; old_l = ''; obs_l = '';
maintained_v = sort(split(maintained, keep: 0));
maintained = NULL; # Free memory
installed_v = sort(split(installed, keep: 0));
installed = NULL;
i1 = 0; i2 = 0; n1 = max_index(maintained_v); n2 = max_index(installed_v);
all = 0; bad = 0;
prev_m = maintained_v[0]; # So that it can be parsed
for (i2 = 0; i2 < n2; i2 ++)
{
# There is no software in a "virtual" package
# -MERGING-* & lockfiles are artefacts
if (! match(string: installed_v[i2], pattern: 'virtual/*') &&
! match(string: installed_v[i2], pattern: '*/-MERGING-*') &&
! match(string: installed_v[i2], pattern: '*/*.portage_lockfile') )
{
while (i1 < n1 && maintained_v[i1] < installed_v[i2])
{
prev_m = maintained_v[i1];
i1 ++;
}
if (maintained_v[i1] != installed_v[i2])
{
pat = '^([a-z0-9]+-[a-z0-9]+/[^0-9][a-z0-9+_-]+)-[0-9].*$';
iv = eregmatch(string: installed_v[i2], pattern: pat, icase: 1);
mv = eregmatch(string: maintained_v[i1], pattern: pat, icase: 1);
pv = eregmatch(string: prev_m, pattern: pat, icase: 1);
if (! isnull(iv) && ! isnull(mv) && ! isnull(pv))
if (iv[1] == mv[1] || iv[1] == pv[1])
old_l += installed_v[i2] + '\n';
else
obs_l += installed_v[i2] + '\n';
else
{
debug_print('Cannot parse ', installed_v[i2], ' or ', maintained_v[i1], ' or ', prev_m);
bad_l += installed_v[i2] + '\n';
}
bad ++;
}
all ++;
}
}
if (bad > 0)
{
desc = '';
if (strlen(obs_l) > 0)
desc = strcat(desc, 'The following packages are not maintained any more:\n', obs_l, '\n');
if (strlen(old_l) > 0)
desc = strcat(desc, 'The following packages should be updated:\n', old_l, '\n');
if (bad_l > 0)
desc = strcat(desc, 'The following obsolete packages were found:\n', bad_l, '\n');
security_message(port: 0, data: desc);
}
debug_print('Found ', bad, ' obsolete packages among ', all, ' packages\n');
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation