Lucene search
Copyright (C) 2008 E-Soft Inc.OPENVAS:136141256231052173HistorySep 04, 2008 - 12:00 a.m.
FreeBSD Ports: sup
2008-09-0400:00:00
Copyright (C) 2008 E-Soft Inc.
plugins.openvas.org
1
10 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
6.7 Medium
AI Score
Confidence
Low
0.013 Low
EPSS
Percentile
86.1%
The remote host is missing an update to the system
as announced in the referenced advisory.
# SPDX-FileCopyrightText: 2008 E-Soft Inc.
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.0.52173");
script_version("2023-07-26T05:05:09+0000");
script_tag(name:"last_modification", value:"2023-07-26 05:05:09 +0000 (Wed, 26 Jul 2023)");
script_tag(name:"creation_date", value:"2008-09-04 20:41:11 +0200 (Thu, 04 Sep 2008)");
script_cve_id("CVE-2004-0451");
script_tag(name:"cvss_base", value:"10.0");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:C/I:C/A:C");
script_name("FreeBSD Ports: sup");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2008 E-Soft Inc.");
script_family("FreeBSD Local Security Checks");
script_dependencies("gather-package-list.nasl");
script_mandatory_keys("ssh/login/freebsd", "ssh/login/freebsdrel");
script_tag(name:"insight", value:"The following package is affected: sup
CVE-2004-0451
Multiple format string vulnerabilities in the (1) logquit, (2) logerr,
or (3) loginfo functions in Software Upgrade Protocol (SUP) allows
remote attackers to execute arbitrary code via format string
specifiers in messages that are logged by syslog.");
script_tag(name:"solution", value:"Update your system with the appropriate patches or
software upgrades.");
script_xref(name:"URL", value:"http://www.securityfocus.com/advisories/6874");
script_xref(name:"URL", value:"http://www.securityfocus.com/bid/10571");
script_xref(name:"URL", value:"http://www.vuxml.org/freebsd/2c5757f4-88bf-11d9-8720-0007e900f87b.html");
script_tag(name:"summary", value:"The remote host is missing an update to the system
as announced in the referenced advisory.");
script_tag(name:"qod_type", value:"package");
script_tag(name:"solution_type", value:"VendorFix");
exit(0);
}
include("revisions-lib.inc");
include("pkg-lib-bsd.inc");
vuln = FALSE;
txt = "";
bver = portver(pkg:"sup");
if(!isnull(bver) && revcomp(a:bver, b:"2.0.20050226")<0) {
txt += 'Package sup version ' + bver + ' is installed which is known to be vulnerable.\n';
vuln = TRUE;
}
if(vuln) {
security_message(data:txt);
} else if (__pkg_match) {
exit(99);
}Related
openvas
openvas
Debian Security Advisory DSA 521-1 (sup)
2008-01-17 00:00:00
FreeBSD Ports: sup
2008-09-04 00:00:00
Debian: Security Advisory (DSA-521)
2008-01-17 00:00:00
osv
osv
sup - format string vulnerability
2004-06-18 00:00:00
nvd
nvd
CVE-2004-0451
2004-12-06 05:00:00
cvelist
cvelist
CVE-2004-0451
2004-06-30 04:00:00
cve
cve
CVE-2004-0451
2004-12-06 05:00:00
debian
debian
[SECURITY] [DSA 521-1] New sup packages fix format string vulnerabilities
2004-06-19 03:48:57
nessus
nessus
FreeBSD : sup -- format string vulnerability (2c5757f4-88bf-11d9-8720-0007e900f87b)
2005-07-13 00:00:00
Debian DSA-521-1 : sup - format string vulnerability
2004-09-29 00:00:00
debiancve
debiancve
CVE-2004-0451
2004-12-06 05:00:00
freebsd
freebsd
sup -- format string vulnerability
2004-06-19 00:00:00
10 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
6.7 Medium
AI Score
Confidence
Low
0.013 Low
EPSS
Percentile
86.1%
Related for OPENVAS:136141256231052173