FreeBSD Ports: zh-emacs, emacs

2008-09-0400:00:00

plugins.openvas.org

6.5 Medium

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.007 Low

EPSS

Percentile

80.4%

JSON

The remote host is missing an update to the system
as announced in the referenced advisory.

# SPDX-FileCopyrightText: 2008 E-Soft Inc.
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only

if(description)
{
  script_oid("1.3.6.1.4.1.25623.1.0.52188");
  script_version("2023-07-26T05:05:09+0000");
  script_tag(name:"last_modification", value:"2023-07-26 05:05:09 +0000 (Wed, 26 Jul 2023)");
  script_tag(name:"creation_date", value:"2008-09-04 20:41:11 +0200 (Thu, 04 Sep 2008)");
  script_cve_id("CVE-2005-0100");
  script_xref(name:"URL", value:"http://www.securityfocus.com/bid/12462");
  script_tag(name:"cvss_base", value:"7.5");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_name("FreeBSD Ports: zh-emacs, emacs");
  script_category(ACT_GATHER_INFO);
  script_copyright("Copyright (C) 2008 E-Soft Inc.");
  script_family("FreeBSD Local Security Checks");
  script_dependencies("gather-package-list.nasl");
  script_mandatory_keys("ssh/login/freebsd", "ssh/login/freebsdrel");

  script_xref(name:"URL", value:"https://www.vuxml.org/freebsd/3e3c860d-7dae-11d9-a9e7-0001020eed82.html");
  script_tag(name:"insight", value:"The following packages are affected:

  zh-emacs
   emacs
   xemacs
   xemacs-mule
   zh-xemacs
   zh-xemacs-mule
   xemacs-devel
   xemacs-devel-21.5
   xemacs-devel-mule
   mule-common
   hanemacs

CVE-2005-0100
Format string vulnerability in the movemail utility in (1) Emacs 20.x,
21.3, and possibly other versions, and (2) XEmacs 21.4 and earlier,
allows remote malicious POP3 servers to execute arbitrary code via
crafted packets.");

  script_tag(name:"solution", value:"Update your system with the appropriate patches or
  software upgrades.");

  script_tag(name:"summary", value:"The remote host is missing an update to the system
  as announced in the referenced advisory.");

  script_tag(name:"qod_type", value:"package");
  script_tag(name:"solution_type", value:"VendorFix");

  exit(0);
}

include("revisions-lib.inc");
include("pkg-lib-bsd.inc");

vuln = FALSE;
txt = "";

bver = portver(pkg:"zh-emacs");
if(!isnull(bver) && revcomp(a:bver, b:"20.7_4")<0) {
  txt += 'Package zh-emacs version ' + bver + ' is installed which is known to be vulnerable.\n';
  vuln = TRUE;
}
if(!isnull(bver) && revcomp(a:bver, b:"21")>0 && revcomp(a:bver, b:"21.3_4")<0) {
  txt += 'Package zh-emacs version ' + bver + ' is installed which is known to be vulnerable.\n';
  vuln = TRUE;
}
bver = portver(pkg:"emacs");
if(!isnull(bver) && revcomp(a:bver, b:"20.7_4")<0) {
  txt += 'Package emacs version ' + bver + ' is installed which is known to be vulnerable.\n';
  vuln = TRUE;
}
if(!isnull(bver) && revcomp(a:bver, b:"21")>0 && revcomp(a:bver, b:"21.3_4")<0) {
  txt += 'Package emacs version ' + bver + ' is installed which is known to be vulnerable.\n';
  vuln = TRUE;
}
bver = portver(pkg:"xemacs");
if(!isnull(bver) && revcomp(a:bver, b:"21.4.17")<0) {
  txt += 'Package xemacs version ' + bver + ' is installed which is known to be vulnerable.\n';
  vuln = TRUE;
}
bver = portver(pkg:"xemacs-mule");
if(!isnull(bver) && revcomp(a:bver, b:"21.4.17")<0) {
  txt += 'Package xemacs-mule version ' + bver + ' is installed which is known to be vulnerable.\n';
  vuln = TRUE;
}
bver = portver(pkg:"zh-xemacs");
if(!isnull(bver) && revcomp(a:bver, b:"21.4.17")<0) {
  txt += 'Package zh-xemacs version ' + bver + ' is installed which is known to be vulnerable.\n';
  vuln = TRUE;
}
bver = portver(pkg:"zh-xemacs-mule");
if(!isnull(bver) && revcomp(a:bver, b:"21.4.17")<0) {
  txt += 'Package zh-xemacs-mule version ' + bver + ' is installed which is known to be vulnerable.\n';
  vuln = TRUE;
}
bver = portver(pkg:"xemacs-devel");
if(!isnull(bver) && revcomp(a:bver, b:"21.5.b19,1")<0) {
  txt += 'Package xemacs-devel version ' + bver + ' is installed which is known to be vulnerable.\n';
  vuln = TRUE;
}
bver = portver(pkg:"xemacs-devel-21.5");
if(!isnull(bver) && revcomp(a:bver, b:"b11")==0) {
  txt += 'Package xemacs-devel-21.5 version ' + bver + ' is installed which is known to be vulnerable.\n';
  vuln = TRUE;
}
bver = portver(pkg:"xemacs-devel-mule");
if(!isnull(bver) && revcomp(a:bver, b:"21.5.b19")<0) {
  txt += 'Package xemacs-devel-mule version ' + bver + ' is installed which is known to be vulnerable.\n';
  vuln = TRUE;
}
bver = portver(pkg:"mule-common");
if(!isnull(bver) && revcomp(a:bver, b:"0")>0) {
  txt += 'Package mule-common version ' + bver + ' is installed which is known to be vulnerable.\n';
  vuln = TRUE;
}
bver = portver(pkg:"hanemacs");
if(!isnull(bver) && revcomp(a:bver, b:"0")>0) {
  txt += 'Package hanemacs version ' + bver + ' is installed which is known to be vulnerable.\n';
  vuln = TRUE;
}

if(vuln) {
  security_message(data:txt);
} else if (__pkg_match) {
  exit(99);
}