7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
7.1 High
AI Score
Confidence
Low
0.492 Medium
EPSS
Percentile
97.5%
The remote host is missing updates announced in
advisory GLSA 200603-10.
# SPDX-FileCopyrightText: 2008 E-Soft Inc.
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.0.56418");
script_version("2023-07-14T16:09:26+0000");
script_tag(name:"last_modification", value:"2023-07-14 16:09:26 +0000 (Fri, 14 Jul 2023)");
script_tag(name:"creation_date", value:"2008-09-24 21:14:03 +0200 (Wed, 24 Sep 2008)");
script_cve_id("CVE-2006-1100", "CVE-2006-1101", "CVE-2006-1102");
script_tag(name:"cvss_base", value:"7.5");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:P/I:P/A:P");
script_name("Gentoo Security Advisory GLSA 200603-10 (cube)");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2008 E-Soft Inc.");
script_family("Gentoo Local Security Checks");
script_dependencies("gather-package-list.nasl");
script_mandatory_keys("ssh/login/gentoo", "ssh/login/pkg");
script_tag(name:"insight", value:"Cube is vulnerable to a buffer overflow, invalid memory access and remote
client crashes, possibly leading to a Denial of Service or remote code
execution.");
script_tag(name:"solution", value:"Upstream stated that there will be no fixed version of Cube, thus the
Gentoo Security Team decided to hardmask Cube for security reasons. All
Cube users are encouraged to uninstall Cube:
# emerge --ask --unmerge games-fps/cube");
script_xref(name:"URL", value:"http://www.securityspace.com/smysecure/catid.html?in=GLSA%20200603-10");
script_xref(name:"URL", value:"http://bugs.gentoo.org/show_bug.cgi?id=125289");
script_tag(name:"summary", value:"The remote host is missing updates announced in
advisory GLSA 200603-10.");
script_tag(name:"qod_type", value:"package");
script_tag(name:"solution_type", value:"VendorFix");
exit(0);
}
include("pkg-lib-gentoo.inc");
include("revisions-lib.inc");
res = "";
report = "";
report = "";
if ((res = ispkgvuln(pkg:"games-fps/cube", unaffected: make_list(), vulnerable: make_list("le 20050829"))) != NULL) {
report += res;
}
if (report != "") {
security_message(data:report);
} else if (__pkg_match) {
exit(99);
}