ID OPENVAS:136141256231063504 Type openvas Reporter Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com Modified 2018-04-06T00:00:00
Description
The remote host is missing updates announced in
advisory GLSA 200903-04.
#
# OpenVAS Vulnerability Test
# $
# Description: Auto generated from Gentoo's XML based advisory
#
# Authors:
# Thomas Reinke <reinke@securityspace.com>
#
# Copyright:
# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com
# Text descriptions are largely excerpted from the referenced
# advisories, and are Copyright (c) the respective author(s)
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2,
# or at your option, GNU General Public License version 3,
# as published by the Free Software Foundation
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
#
include("revisions-lib.inc");
tag_insight = "Multiple boundary errors in DevIL may allow for the execution of arbitrary
code.";
tag_solution = "All DevIL users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose '>=media-libs/devil-1.7.7'
http://www.securityspace.com/smysecure/catid.html?in=GLSA%20200903-04
http://bugs.gentoo.org/show_bug.cgi?id=255217";
tag_summary = "The remote host is missing updates announced in
advisory GLSA 200903-04.";
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.0.63504");
script_version("$Revision: 9350 $");
script_tag(name:"last_modification", value:"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $");
script_tag(name:"creation_date", value:"2009-03-07 21:47:03 +0100 (Sat, 07 Mar 2009)");
script_cve_id("CVE-2008-5262");
script_tag(name:"cvss_base", value:"7.5");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:P/I:P/A:P");
script_name("Gentoo Security Advisory GLSA 200903-04 (devil)");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com");
script_family("Gentoo Local Security Checks");
script_dependencies("gather-package-list.nasl");
script_mandatory_keys("ssh/login/gentoo", "ssh/login/pkg");
script_tag(name : "insight" , value : tag_insight);
script_tag(name : "solution" , value : tag_solution);
script_tag(name : "summary" , value : tag_summary);
script_tag(name:"qod_type", value:"package");
script_tag(name:"solution_type", value:"VendorFix");
exit(0);
}
#
# The script code starts here
#
include("pkg-lib-gentoo.inc");
res = "";
report = "";
if ((res = ispkgvuln(pkg:"media-libs/devil", unaffected: make_list("ge 1.7.7"), vulnerable: make_list("lt 1.7.7"))) != NULL) {
report += res;
}
if (report != "") {
security_message(data:report);
} else if (__pkg_match) {
exit(99); # Not vulnerable.
}
{"id": "OPENVAS:136141256231063504", "type": "openvas", "bulletinFamily": "scanner", "title": "Gentoo Security Advisory GLSA 200903-04 (devil)", "description": "The remote host is missing updates announced in\nadvisory GLSA 200903-04.", "published": "2009-03-07T00:00:00", "modified": "2018-04-06T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=136141256231063504", "reporter": "Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com", "references": [], "cvelist": ["CVE-2008-5262"], "lastseen": "2018-04-06T11:40:15", "viewCount": 0, "enchantments": {"score": {"value": 7.8, "vector": "NONE", "modified": "2018-04-06T11:40:15", "rev": 2}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2008-5262"]}, {"type": "openvas", "idList": ["OPENVAS:136141256231063333", "OPENVAS:136141256231063265", "OPENVAS:136141256231063263", "OPENVAS:63504", "OPENVAS:64165", "OPENVAS:63333", "OPENVAS:63263", "OPENVAS:63265"]}, {"type": "nessus", "idList": ["DEBIAN_DSA-1717.NASL", "FEDORA_2009-0856.NASL", "GENTOO_GLSA-200903-04.NASL", "FEDORA_2009-0867.NASL"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:9578", "SECURITYVULNS:DOC:21139"]}, {"type": "debian", "idList": ["DEBIAN:DSA-1717-1:8B967"]}, {"type": "seebug", "idList": ["SSV:4660"]}, {"type": "gentoo", "idList": ["GLSA-200903-04"]}], "modified": "2018-04-06T11:40:15", "rev": 2}, "vulnersScore": 7.8}, "pluginID": "136141256231063504", "sourceData": "#\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from Gentoo's XML based advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Multiple boundary errors in DevIL may allow for the execution of arbitrary\ncode.\";\ntag_solution = \"All DevIL users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=media-libs/devil-1.7.7'\n\nhttp://www.securityspace.com/smysecure/catid.html?in=GLSA%20200903-04\nhttp://bugs.gentoo.org/show_bug.cgi?id=255217\";\ntag_summary = \"The remote host is missing updates announced in\nadvisory GLSA 200903-04.\";\n\n \n \n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.63504\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-03-07 21:47:03 +0100 (Sat, 07 Mar 2009)\");\n script_cve_id(\"CVE-2008-5262\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Gentoo Security Advisory GLSA 200903-04 (devil)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Gentoo Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-gentoo.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = ispkgvuln(pkg:\"media-libs/devil\", unaffected: make_list(\"ge 1.7.7\"), vulnerable: make_list(\"lt 1.7.7\"))) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "naslFamily": "Gentoo Local Security Checks", "immutableFields": []}
{"cve": [{"lastseen": "2021-02-02T05:35:18", "description": "Multiple stack-based buffer overflows in the iGetHdrHeader function in src-IL/src/il_hdr.c in DevIL 1.7.4 allow context-dependent attackers to execute arbitrary code via a crafted Radiance RGBE file.", "edition": 4, "cvss3": {}, "published": "2009-01-13T17:00:00", "title": "CVE-2008-5262", "type": "cve", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": true, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2008-5262"], "modified": "2009-03-06T06:46:00", "cpe": ["cpe:/a:devil:developers_image_library:1.7.4"], "id": "CVE-2008-5262", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5262", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:devil:developers_image_library:1.7.4:*:*:*:*:*:*:*"]}], "openvas": [{"lastseen": "2017-07-24T12:57:06", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-5262"], "description": "The remote host is missing updates announced in\nadvisory GLSA 200903-04.", "modified": "2017-07-07T00:00:00", "published": "2009-03-07T00:00:00", "id": "OPENVAS:63504", "href": "http://plugins.openvas.org/nasl.php?oid=63504", "type": "openvas", "title": "Gentoo Security Advisory GLSA 200903-04 (devil)", "sourceData": "#\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from Gentoo's XML based advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Multiple boundary errors in DevIL may allow for the execution of arbitrary\ncode.\";\ntag_solution = \"All DevIL users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=media-libs/devil-1.7.7'\n\nhttp://www.securityspace.com/smysecure/catid.html?in=GLSA%20200903-04\nhttp://bugs.gentoo.org/show_bug.cgi?id=255217\";\ntag_summary = \"The remote host is missing updates announced in\nadvisory GLSA 200903-04.\";\n\n \n \n\nif(description)\n{\n script_id(63504);\n script_version(\"$Revision: 6595 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 11:19:55 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-03-07 21:47:03 +0100 (Sat, 07 Mar 2009)\");\n script_cve_id(\"CVE-2008-5262\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Gentoo Security Advisory GLSA 200903-04 (devil)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Gentoo Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-gentoo.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = ispkgvuln(pkg:\"media-libs/devil\", unaffected: make_list(\"ge 1.7.7\"), vulnerable: make_list(\"lt 1.7.7\"))) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-25T10:55:59", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-5262"], "description": "The remote host is missing an update to DevIL\nannounced via advisory FEDORA-2009-0867.", "modified": "2017-07-10T00:00:00", "published": "2009-01-26T00:00:00", "id": "OPENVAS:63265", "href": "http://plugins.openvas.org/nasl.php?oid=63265", "type": "openvas", "title": "Fedora Core 10 FEDORA-2009-0867 (DevIL)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: fcore_2009_0867.nasl 6624 2017-07-10 06:11:55Z cfischer $\n# Description: Auto-generated from advisory FEDORA-2009-0867 (DevIL)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Update Information:\n\n- Fix missing symbols (rh 480269) - Fix off by one error in CVE-2008-5262 check\n(rh 479864)\";\ntag_solution = \"Apply the appropriate updates.\n\nThis update can be installed with the yum update program. Use \nsu -c 'yum update DevIL' at the command line.\nFor more information, refer to Managing Software with yum,\navailable at http://docs.fedoraproject.org/yum/.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2009-0867\";\ntag_summary = \"The remote host is missing an update to DevIL\nannounced via advisory FEDORA-2009-0867.\";\n\n\n\nif(description)\n{\n script_id(63265);\n script_version(\"$Revision: 6624 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:11:55 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-01-26 18:18:20 +0100 (Mon, 26 Jan 2009)\");\n script_cve_id(\"CVE-2008-5262\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Fedora Core 10 FEDORA-2009-0867 (DevIL)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=479864\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"DevIL\", rpm:\"DevIL~1.7.5~2.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"DevIL-ILUT\", rpm:\"DevIL-ILUT~1.7.5~2.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"DevIL-ILUT-devel\", rpm:\"DevIL-ILUT-devel~1.7.5~2.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"DevIL-devel\", rpm:\"DevIL-devel~1.7.5~2.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"DevIL-debuginfo\", rpm:\"DevIL-debuginfo~1.7.5~2.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-04-06T11:39:29", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-5262"], "description": "The remote host is missing an update to DevIL\nannounced via advisory FEDORA-2009-0856.", "modified": "2018-04-06T00:00:00", "published": "2009-01-26T00:00:00", "id": "OPENVAS:136141256231063263", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231063263", "type": "openvas", "title": "Fedora Core 9 FEDORA-2009-0856 (DevIL)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: fcore_2009_0856.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory FEDORA-2009-0856 (DevIL)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Update Information:\n\n- Fix missing symbols (rh 480269) - Fix off by one error in CVE-2008-5262 check\n(rh 479864)\n\nChangeLog:\n\n* Mon Jan 19 2009 Hans de Goede 1.7.5-2\n- Fix missing symbols (rh 480269)\n- Fix off by one error in CVE-2008-5262 check (rh 479864)\n* Tue Jan 13 2009 Hans de Goede 1.7.5-1\n- Update to latest upstream: 1.7.5\n- Add patch to fix CVE-2008-5262\";\ntag_solution = \"Apply the appropriate updates.\n\nThis update can be installed with the yum update program. Use \nsu -c 'yum update DevIL' at the command line.\nFor more information, refer to Managing Software with yum,\navailable at http://docs.fedoraproject.org/yum/.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2009-0856\";\ntag_summary = \"The remote host is missing an update to DevIL\nannounced via advisory FEDORA-2009-0856.\";\n\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.63263\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-01-26 18:18:20 +0100 (Mon, 26 Jan 2009)\");\n script_cve_id(\"CVE-2008-5262\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Fedora Core 9 FEDORA-2009-0856 (DevIL)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=479864\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"DevIL\", rpm:\"DevIL~1.7.5~2.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"DevIL-ILUT\", rpm:\"DevIL-ILUT~1.7.5~2.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"DevIL-ILUT-devel\", rpm:\"DevIL-ILUT-devel~1.7.5~2.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"DevIL-devel\", rpm:\"DevIL-devel~1.7.5~2.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"DevIL-debuginfo\", rpm:\"DevIL-debuginfo~1.7.5~2.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-04-06T11:38:53", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-5262"], "description": "The remote host is missing an update to devil\nannounced via advisory DSA 1717-1.", "modified": "2018-04-06T00:00:00", "published": "2009-02-10T00:00:00", "id": "OPENVAS:136141256231063333", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231063333", "type": "openvas", "title": "Debian Security Advisory DSA 1717-1 (devil)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_1717_1.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory DSA 1717-1 (devil)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Stefan Cornelius discovered a buffer overflow in devil, a cross-platform\nimage loading and manipulation toolkit, which could be triggered via a\ncrafted Radiance RGBE file. This could potentially lead to the execution\nof arbitrary code.\n\nFor the stable distribution (etch), this problem has been fixed in\nversion 1.6.7-5+etch1.\n\nFor the testing distribution (lenny), this problem has been fixed in\nversion 1.6.8-rc2-3+lenny1.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 1.7.5-4.\n\nWe recommend that you upgrade your devil package.\";\ntag_summary = \"The remote host is missing an update to devil\nannounced via advisory DSA 1717-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201717-1\";\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.63333\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-10 15:52:40 +0100 (Tue, 10 Feb 2009)\");\n script_cve_id(\"CVE-2008-5262\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Debian Security Advisory DSA 1717-1 (devil)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"libdevil1c2\", ver:\"1.6.7-5+etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libdevil-dev\", ver:\"1.6.7-5+etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-04-06T11:37:10", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-5262"], "description": "The remote host is missing an update to DevIL\nannounced via advisory FEDORA-2009-0867.", "modified": "2018-04-06T00:00:00", "published": "2009-01-26T00:00:00", "id": "OPENVAS:136141256231063265", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231063265", "type": "openvas", "title": "Fedora Core 10 FEDORA-2009-0867 (DevIL)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: fcore_2009_0867.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory FEDORA-2009-0867 (DevIL)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Update Information:\n\n- Fix missing symbols (rh 480269) - Fix off by one error in CVE-2008-5262 check\n(rh 479864)\";\ntag_solution = \"Apply the appropriate updates.\n\nThis update can be installed with the yum update program. Use \nsu -c 'yum update DevIL' at the command line.\nFor more information, refer to Managing Software with yum,\navailable at http://docs.fedoraproject.org/yum/.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2009-0867\";\ntag_summary = \"The remote host is missing an update to DevIL\nannounced via advisory FEDORA-2009-0867.\";\n\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.63265\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-01-26 18:18:20 +0100 (Mon, 26 Jan 2009)\");\n script_cve_id(\"CVE-2008-5262\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Fedora Core 10 FEDORA-2009-0867 (DevIL)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=479864\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"DevIL\", rpm:\"DevIL~1.7.5~2.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"DevIL-ILUT\", rpm:\"DevIL-ILUT~1.7.5~2.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"DevIL-ILUT-devel\", rpm:\"DevIL-ILUT-devel~1.7.5~2.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"DevIL-devel\", rpm:\"DevIL-devel~1.7.5~2.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"DevIL-debuginfo\", rpm:\"DevIL-debuginfo~1.7.5~2.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-24T12:56:39", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-5262"], "description": "The remote host is missing an update to devil\nannounced via advisory DSA 1717-1.", "modified": "2017-07-07T00:00:00", "published": "2009-02-10T00:00:00", "id": "OPENVAS:63333", "href": "http://plugins.openvas.org/nasl.php?oid=63333", "type": "openvas", "title": "Debian Security Advisory DSA 1717-1 (devil)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_1717_1.nasl 6615 2017-07-07 12:09:52Z cfischer $\n# Description: Auto-generated from advisory DSA 1717-1 (devil)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Stefan Cornelius discovered a buffer overflow in devil, a cross-platform\nimage loading and manipulation toolkit, which could be triggered via a\ncrafted Radiance RGBE file. This could potentially lead to the execution\nof arbitrary code.\n\nFor the stable distribution (etch), this problem has been fixed in\nversion 1.6.7-5+etch1.\n\nFor the testing distribution (lenny), this problem has been fixed in\nversion 1.6.8-rc2-3+lenny1.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 1.7.5-4.\n\nWe recommend that you upgrade your devil package.\";\ntag_summary = \"The remote host is missing an update to devil\nannounced via advisory DSA 1717-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201717-1\";\n\n\nif(description)\n{\n script_id(63333);\n script_version(\"$Revision: 6615 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:09:52 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-10 15:52:40 +0100 (Tue, 10 Feb 2009)\");\n script_cve_id(\"CVE-2008-5262\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Debian Security Advisory DSA 1717-1 (devil)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"libdevil1c2\", ver:\"1.6.7-5+etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libdevil-dev\", ver:\"1.6.7-5+etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-25T10:56:49", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-5262"], "description": "The remote host is missing an update to DevIL\nannounced via advisory FEDORA-2009-0856.", "modified": "2017-07-10T00:00:00", "published": "2009-01-26T00:00:00", "id": "OPENVAS:63263", "href": "http://plugins.openvas.org/nasl.php?oid=63263", "type": "openvas", "title": "Fedora Core 9 FEDORA-2009-0856 (DevIL)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: fcore_2009_0856.nasl 6624 2017-07-10 06:11:55Z cfischer $\n# Description: Auto-generated from advisory FEDORA-2009-0856 (DevIL)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Update Information:\n\n- Fix missing symbols (rh 480269) - Fix off by one error in CVE-2008-5262 check\n(rh 479864)\n\nChangeLog:\n\n* Mon Jan 19 2009 Hans de Goede 1.7.5-2\n- Fix missing symbols (rh 480269)\n- Fix off by one error in CVE-2008-5262 check (rh 479864)\n* Tue Jan 13 2009 Hans de Goede 1.7.5-1\n- Update to latest upstream: 1.7.5\n- Add patch to fix CVE-2008-5262\";\ntag_solution = \"Apply the appropriate updates.\n\nThis update can be installed with the yum update program. Use \nsu -c 'yum update DevIL' at the command line.\nFor more information, refer to Managing Software with yum,\navailable at http://docs.fedoraproject.org/yum/.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2009-0856\";\ntag_summary = \"The remote host is missing an update to DevIL\nannounced via advisory FEDORA-2009-0856.\";\n\n\n\nif(description)\n{\n script_id(63263);\n script_version(\"$Revision: 6624 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:11:55 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-01-26 18:18:20 +0100 (Mon, 26 Jan 2009)\");\n script_cve_id(\"CVE-2008-5262\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Fedora Core 9 FEDORA-2009-0856 (DevIL)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=479864\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"DevIL\", rpm:\"DevIL~1.7.5~2.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"DevIL-ILUT\", rpm:\"DevIL-ILUT~1.7.5~2.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"DevIL-ILUT-devel\", rpm:\"DevIL-ILUT-devel~1.7.5~2.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"DevIL-devel\", rpm:\"DevIL-devel~1.7.5~2.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"DevIL-debuginfo\", rpm:\"DevIL-debuginfo~1.7.5~2.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-12-04T11:28:01", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-4444", "CVE-2008-5516", "CVE-2008-2383", "CVE-2007-4349", "CVE-2008-3818", "CVE-2007-4476", "CVE-2009-0053", "CVE-2008-5377", "CVE-2008-3825", "CVE-2008-2238", "CVE-2009-0021", "CVE-2008-5500", "CVE-2008-3997", "CVE-2008-5449", "CVE-2009-0054", "CVE-2008-4006", "CVE-2008-5077", "CVE-2008-5183", "CVE-2008-5718", "CVE-2008-5262", "CVE-2009-0050", "CVE-2008-5512", "CVE-2008-5286", "CVE-2008-2237", "CVE-2009-0055", "CVE-2008-5503", "CVE-2009-0056", "CVE-2008-3979", "CVE-2008-4314", "CVE-2008-5714", "CVE-2008-5511", "CVE-2008-5517", "CVE-2008-5508", "CVE-2008-2382", "CVE-2008-5184", "CVE-2008-5448", "CVE-2008-3821", "CVE-2008-5507", "CVE-2009-0025", "CVE-2008-5506", "CVE-2008-5256"], "description": "The remote host is missing an update to cupsys\nannounced via advisory USN-707-1.", "modified": "2017-12-01T00:00:00", "published": "2009-06-05T00:00:00", "id": "OPENVAS:64165", "href": "http://plugins.openvas.org/nasl.php?oid=64165", "type": "openvas", "title": "Ubuntu USN-707-1 (cupsys)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: ubuntu_707_1.nasl 7969 2017-12-01 09:23:16Z santu $\n# $Id: ubuntu_707_1.nasl 7969 2017-12-01 09:23:16Z santu $\n# Description: Auto-generated from advisory USN-707-1 (cupsys)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_solution = \"The problem can be corrected by upgrading your system to the\n following package versions:\n\nUbuntu 6.06 LTS:\n cupsys 1.2.2-0ubuntu0.6.06.12\n\nUbuntu 7.10:\n cupsys 1.3.2-1ubuntu7.9\n\nUbuntu 8.04 LTS:\n cupsys 1.3.7-1ubuntu3.3\n\nUbuntu 8.10:\n cups 1.3.9-2ubuntu6.1\n\nIn general, a standard system upgrade is sufficient to effect the\nnecessary changes.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=USN-707-1\";\n\ntag_insight = \"It was discovered that CUPS didn't properly handle adding a large number of RSS\nsubscriptions. A local user could exploit this and cause CUPS to crash, leading\nto a denial of service. This issue only applied to Ubuntu 7.10, 8.04 LTS and\n8.10. (CVE-2008-5183)\n\nIt was discovered that CUPS did not authenticate users when adding and\ncancelling RSS subscriptions. An unprivileged local user could bypass intended\nrestrictions and add a large number of RSS subscriptions. This issue only\napplied to Ubuntu 7.10 and 8.04 LTS. (CVE-2008-5184)\n\nIt was discovered that the PNG filter in CUPS did not properly handle certain\nmalformed images. If a user or automated system were tricked into opening a\ncrafted PNG image file, a remote attacker could cause a denial of service or\nexecute arbitrary code with user privileges. In Ubuntu 7.10, 8.04 LTS, and 8.10,\nattackers would be isolated by the AppArmor CUPS profile. (CVE-2008-5286)\n\nIt was discovered that the example pstopdf CUPS filter created log files in an\ninsecure way. Local users could exploit a race condition to create or overwrite\nfiles with the privileges of the user invoking the program. This issue only\napplied to Ubuntu 6.06 LTS, 7.10, and 8.04 LTS. (CVE-2008-5377)\";\ntag_summary = \"The remote host is missing an update to cupsys\nannounced via advisory USN-707-1.\";\n\n \n\n\nif(description)\n{\n script_id(64165);\n script_version(\"$Revision: 7969 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-01 10:23:16 +0100 (Fri, 01 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-06-05 18:04:08 +0200 (Fri, 05 Jun 2009)\");\n script_cve_id(\"CVE-2008-5183\", \"CVE-2008-5184\", \"CVE-2008-5286\", \"CVE-2008-5377\", \"CVE-2009-0050\", \"CVE-2008-2383\", \"CVE-2007-4349\", \"CVE-2008-5077\", \"CVE-2009-0021\", \"CVE-2009-0025\", \"CVE-2008-5262\", \"CVE-2008-2237\", \"CVE-2008-2238\", \"CVE-2008-4314\", \"CVE-2008-5517\", \"CVE-2008-5516\", \"CVE-2008-3825\", \"CVE-2008-3997\", \"CVE-2008-4444\", \"CVE-2008-4006\", \"CVE-2008-5449\", \"CVE-2008-3979\", \"CVE-2008-3821\", \"CVE-2008-2382\", \"CVE-2008-5714\", \"CVE-2008-3818\", \"CVE-2009-0053\", \"CVE-2009-0054\", \"CVE-2009-0055\", \"CVE-2009-0056\", \"CVE-2008-5500\", \"CVE-2008-5503\", \"CVE-2008-5506\", \"CVE-2008-5507\", \"CVE-2008-5508\", \"CVE-2008-5511\", \"CVE-2008-5512\", \"CVE-2008-5256\", \"CVE-2008-5448\", \"CVE-2008-5718\", \"CVE-2007-4476\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Ubuntu USN-707-1 (cupsys)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-707-1/\");\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"libcupsys2-gnutls10\", ver:\"1.2.2-0ubuntu0.6.06.12\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"cupsys-bsd\", ver:\"1.2.2-0ubuntu0.6.06.12\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"cupsys-client\", ver:\"1.2.2-0ubuntu0.6.06.12\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"cupsys\", ver:\"1.2.2-0ubuntu0.6.06.12\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libcupsimage2-dev\", ver:\"1.2.2-0ubuntu0.6.06.12\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libcupsimage2\", ver:\"1.2.2-0ubuntu0.6.06.12\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libcupsys2-dev\", ver:\"1.2.2-0ubuntu0.6.06.12\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libcupsys2\", ver:\"1.2.2-0ubuntu0.6.06.12\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"cupsys-common\", ver:\"1.3.2-1ubuntu7.9\", rls:\"UBUNTU7.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"cupsys-bsd\", ver:\"1.3.2-1ubuntu7.9\", rls:\"UBUNTU7.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"cupsys-client\", ver:\"1.3.2-1ubuntu7.9\", rls:\"UBUNTU7.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"cupsys\", ver:\"1.3.2-1ubuntu7.9\", rls:\"UBUNTU7.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libcupsimage2-dev\", ver:\"1.3.2-1ubuntu7.9\", rls:\"UBUNTU7.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libcupsimage2\", ver:\"1.3.2-1ubuntu7.9\", rls:\"UBUNTU7.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libcupsys2-dev\", ver:\"1.3.2-1ubuntu7.9\", rls:\"UBUNTU7.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libcupsys2\", ver:\"1.3.2-1ubuntu7.9\", rls:\"UBUNTU7.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"cupsys-common\", ver:\"1.3.7-1ubuntu3.3\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"cupsys-bsd\", ver:\"1.3.7-1ubuntu3.3\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"cupsys-client\", ver:\"1.3.7-1ubuntu3.3\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"cupsys\", ver:\"1.3.7-1ubuntu3.3\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libcupsimage2-dev\", ver:\"1.3.7-1ubuntu3.3\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libcupsimage2\", ver:\"1.3.7-1ubuntu3.3\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libcupsys2-dev\", ver:\"1.3.7-1ubuntu3.3\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libcupsys2\", ver:\"1.3.7-1ubuntu3.3\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"cups-common\", ver:\"1.3.9-2ubuntu6.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"cupsys-bsd\", ver:\"1.3.9-2ubuntu6.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"cupsys-client\", ver:\"1.3.9-2ubuntu6.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"cupsys-dbg\", ver:\"1.3.9-2ubuntu6.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"cupsys\", ver:\"1.3.9-2ubuntu6.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libcupsys2-dev\", ver:\"1.3.9-2ubuntu6.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"cupsys-common\", ver:\"1.3.9-2ubuntu6.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libcupsys2\", ver:\"1.3.9-2ubuntu6.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"cups-bsd\", ver:\"1.3.9-2ubuntu6.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"cups-client\", ver:\"1.3.9-2ubuntu6.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"cups-dbg\", ver:\"1.3.9-2ubuntu6.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"cups\", ver:\"1.3.9-2ubuntu6.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libcups2-dev\", ver:\"1.3.9-2ubuntu6.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libcups2\", ver:\"1.3.9-2ubuntu6.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libcupsimage2-dev\", ver:\"1.3.9-2ubuntu6.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libcupsimage2\", ver:\"1.3.9-2ubuntu6.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"python-lasso\", ver:\"0.6.5-3+etch1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"liblasso-java\", ver:\"0.6.5-3+etch1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"liblasso3-dev\", ver:\"0.6.5-3+etch1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php4-lasso\", ver:\"0.6.5-3+etch1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"liblasso3\", ver:\"0.6.5-3+etch1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libssl-dev\", ver:\"0.9.8c-4etch4\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libssl0.9.7-dbg\", ver:\"0.9.7k-3.1etch2\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libssl0.9.7\", ver:\"0.9.7k-3.1etch2\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libssl0.9.8-dbg\", ver:\"0.9.8c-4etch4\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"openssl\", ver:\"0.9.8c-4etch4\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libssl0.9.8\", ver:\"0.9.8c-4etch4\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"ntp-doc\", ver:\"4.2.2.p4+dfsg-2etch1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"ntp-simple\", ver:\"4.2.2.p4+dfsg-2etch1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"ntp-refclock\", ver:\"4.2.2.p4+dfsg-2etch1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"ntpdate\", ver:\"4.2.2.p4+dfsg-2etch1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"ntp\", ver:\"4.2.2.p4+dfsg-2etch1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"bind9-doc\", ver:\"9.3.4-2etch4\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"lwresd\", ver:\"9.3.4-2etch4\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libbind9-0\", ver:\"9.3.4-2etch4\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libisccfg1\", ver:\"9.3.4-2etch4\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libisccc0\", ver:\"9.3.4-2etch4\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libisc11\", ver:\"9.3.4-2etch4\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"bind9\", ver:\"9.3.4-2etch4\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"liblwres9\", ver:\"9.3.4-2etch4\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libdns22\", ver:\"9.3.4-2etch4\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"bind9-host\", ver:\"9.3.4-2etch4\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libbind-dev\", ver:\"9.3.4-2etch4\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"dnsutils\", ver:\"9.3.4-2etch4\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"hplip-data\", ver:\"2.7.7.dfsg.1-0ubuntu5.3\", rls:\"UBUNTU7.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"hplip-doc\", ver:\"2.7.7.dfsg.1-0ubuntu5.3\", rls:\"UBUNTU7.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"hplip-gui\", ver:\"2.7.7.dfsg.1-0ubuntu5.3\", rls:\"UBUNTU7.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"hpijs-ppds\", ver:\"2.7.7+2.7.7.dfsg.1-0ubuntu5.3\", rls:\"UBUNTU7.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"hpijs\", ver:\"2.7.7+2.7.7.dfsg.1-0ubuntu5.3\", rls:\"UBUNTU7.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"hplip-dbg\", ver:\"2.7.7.dfsg.1-0ubuntu5.3\", rls:\"UBUNTU7.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"hplip\", ver:\"2.7.7.dfsg.1-0ubuntu5.3\", rls:\"UBUNTU7.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libnss3-dev\", ver:\"1.8.0.15~pre080614i-0etch1\", rls:\"UBUNTU7.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxul-common\", ver:\"1.8.0.15~pre080614i-0etch1\", rls:\"UBUNTU7.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmozjs-dev\", ver:\"1.8.0.15~pre080614i-0etch1\", rls:\"UBUNTU7.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxul-dev\", ver:\"1.8.0.15~pre080614i-0etch1\", rls:\"UBUNTU7.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libsmjs1\", ver:\"1.8.0.15~pre080614i-0etch1\", rls:\"UBUNTU7.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmozillainterfaces-java\", ver:\"1.8.0.15~pre080614i-0etch1\", rls:\"UBUNTU7.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libnspr4-dev\", ver:\"1.8.0.15~pre080614i-0etch1\", rls:\"UBUNTU7.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libsmjs-dev\", ver:\"1.8.0.15~pre080614i-0etch1\", rls:\"UBUNTU7.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxul0d-dbg\", ver:\"1.8.0.15~pre080614i-0etch1\", rls:\"UBUNTU7.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libnss3-0d\", ver:\"1.8.0.15~pre080614i-0etch1\", rls:\"UBUNTU7.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"spidermonkey-bin\", ver:\"1.8.0.15~pre080614i-0etch1\", rls:\"UBUNTU7.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libnss3-tools\", ver:\"1.8.0.15~pre080614i-0etch1\", rls:\"UBUNTU7.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libnspr4-0d-dbg\", ver:\"1.8.0.15~pre080614i-0etch1\", rls:\"UBUNTU7.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"xulrunner\", ver:\"1.8.0.15~pre080614i-0etch1\", rls:\"UBUNTU7.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"xulrunner-gnome-support\", ver:\"1.8.0.15~pre080614i-0etch1\", rls:\"UBUNTU7.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"python-xpcom\", ver:\"1.8.0.15~pre080614i-0etch1\", rls:\"UBUNTU7.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxul0d\", ver:\"1.8.0.15~pre080614i-0etch1\", rls:\"UBUNTU7.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libnspr4-0d\", ver:\"1.8.0.15~pre080614i-0etch1\", rls:\"UBUNTU7.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmozjs0d\", ver:\"1.8.0.15~pre080614i-0etch1\", rls:\"UBUNTU7.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libnss3-0d-dbg\", ver:\"1.8.0.15~pre080614i-0etch1\", rls:\"UBUNTU7.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmozjs0d-dbg\", ver:\"1.8.0.15~pre080614i-0etch1\", rls:\"UBUNTU7.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"netatalk\", ver:\"2.0.3-4+etch1\", rls:\"UBUNTU7.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"tar\", ver:\"1.15.1-2ubuntu2.3\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"tar\", ver:\"1.18-2ubuntu1.1\", rls:\"UBUNTU7.10\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "gentoo": [{"lastseen": "2016-09-06T19:46:53", "bulletinFamily": "unix", "cvelist": ["CVE-2008-5262"], "description": "### Background\n\nDeveloper's Image Library (DevIL) is a cross-platform image library. \n\n### Description\n\nStefan Cornelius (Secunia Research) discovered two boundary errors within the iGetHdrHeader() function in src-IL/src/il_hdr.c. \n\n### Impact\n\nA remote attacker could entice a user to open a specially crafted Radiance RGBE file, possibly resulting in the execution of arbitrary code. \n\n### Workaround\n\nThere is no known workaround at this time. \n\n### Resolution\n\nAll DevIL users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=media-libs/devil-1.7.7\"", "edition": 1, "modified": "2009-03-06T00:00:00", "published": "2009-03-06T00:00:00", "id": "GLSA-200903-04", "href": "https://security.gentoo.org/glsa/200903-04", "type": "gentoo", "title": "DevIL: User-assisted execution of arbitrary code", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "securityvulns": [{"lastseen": "2018-08-31T11:09:31", "bulletinFamily": "software", "cvelist": ["CVE-2008-5262"], "description": "Buffer overflow in iGetHdrHeader() function on Radiance RGBE files processing.", "edition": 1, "modified": "2009-01-13T00:00:00", "published": "2009-01-13T00:00:00", "id": "SECURITYVULNS:VULN:9578", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:9578", "title": "DevIL library buffer overflow", "type": "securityvulns", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:10:29", "bulletinFamily": "software", "cvelist": ["CVE-2008-5262"], "description": "====================================================================== \r\n\r\n Secunia Research 13/01/2009\r\n\r\n DevIL "iGetHdrHeader()" Buffer Overflow Vulnerabilities\r\n\r\n====================================================================== \r\nTable of Contents\r\n\r\nAffected Software....................................................1\r\nSeverity.............................................................2\r\nVendor's Description of Software.....................................3\r\nDescription of Vulnerability.........................................4\r\nSolution.............................................................5\r\nTime Table...........................................................6\r\nCredits..............................................................7\r\nReferences...........................................................8\r\nAbout Secunia........................................................9\r\nVerification........................................................10\r\n\r\n====================================================================== \r\n1) Affected Software \r\n\r\n* DevIL 1.7.4.\r\n\r\nNOTE: Other versions may also be affected.\r\n\r\n====================================================================== \r\n2) Severity \r\n\r\nRating: Moderately critical\r\nImpact: System access\r\nWhere: Remote\r\n\r\n====================================================================== \r\n3) Vendor's Description of Software \r\n\r\n"Developer's Image Library (DevIL) is a programmer's library to\r\ndevelop applications with very powerful image loading capabilities,\r\nyet is easy for a developer to learn and use.".\r\n\r\nProduct Link:\r\nhttp://openil.sourceforge.net/\r\n\r\n====================================================================== \r\n4) Description of Vulnerability\r\n\r\nSecunia Research has discovered two vulnerabilities in DevIL, which\r\ncan be exploited by malicious people to compromise an application\r\nusing the library.\r\n\r\nThe vulnerabilities are caused due to boundary errors within the\r\n"iGetHdrHeader()" function in src-IL/src/il_hdr.c. These can be \r\nexploited to cause a stack-based buffer overflow when processing\r\nspecially crafted Radiance RGBE files.\r\n\r\nSuccessful exploitation allows execution of arbitrary code.\r\n\r\n====================================================================== \r\n5) Solution \r\n\r\nFixed in the SVN repository.\r\n\r\n====================================================================== \r\n6) Time Table \r\n\r\n09/01/2009 - Vendor notified.\r\n10/01/2009 - Vendor response.\r\n13/01/2009 - Public disclosure.\r\n\r\n====================================================================== \r\n7) Credits \r\n\r\nDiscovered by Stefan Cornelius, Secunia Research.\r\n\r\n====================================================================== \r\n8) References\r\n\r\nThe Common Vulnerabilities and Exposures (CVE) project has assigned \r\nCVE-2008-5262 for the vulnerabilities.\r\n\r\n====================================================================== \r\n9) About Secunia\r\n\r\nSecunia offers vulnerability management solutions to corporate\r\ncustomers with verified and reliable vulnerability intelligence\r\nrelevant to their specific system configuration:\r\n\r\nhttp://secunia.com/advisories/business_solutions/\r\n\r\nSecunia also provides a publicly accessible and comprehensive advisory\r\ndatabase as a service to the security community and private \r\nindividuals, who are interested in or concerned about IT-security.\r\n\r\nhttp://secunia.com/advisories/\r\n\r\nSecunia believes that it is important to support the community and to\r\ndo active vulnerability research in order to aid improving the \r\nsecurity and reliability of software in general:\r\n\r\nhttp://secunia.com/secunia_research/\r\n\r\nSecunia regularly hires new skilled team members. Check the URL below\r\nto see currently vacant positions:\r\n\r\nhttp://secunia.com/corporate/jobs/\r\n\r\nSecunia offers a FREE mailing list called Secunia Security Advisories:\r\n\r\nhttp://secunia.com/advisories/mailing_lists/\r\n\r\n====================================================================== \r\n10) Verification \r\n\r\nPlease verify this advisory by visiting the Secunia website:\r\nhttp://secunia.com/secunia_research/2008-59/\r\n\r\nComplete list of vulnerability reports published by Secunia Research:\r\nhttp://secunia.com/secunia_research/\r\n\r\n======================================================================", "edition": 1, "modified": "2009-01-13T00:00:00", "published": "2009-01-13T00:00:00", "id": "SECURITYVULNS:DOC:21139", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:21139", "title": "Secunia Research: DevIL "iGetHdrHeader()" Buffer Overflow Vulnerabilities", "type": "securityvulns", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "debian": [{"lastseen": "2020-11-11T13:29:31", "bulletinFamily": "unix", "cvelist": ["CVE-2008-5262"], "description": "- ------------------------------------------------------------------------\nDebian Security Advisory DSA-1717 security@debian.org\nhttp://www.debian.org/security/ Steffen Joeris\nFebruary 05, 2009 http://www.debian.org/security/faq\n- ------------------------------------------------------------------------\n\nPackage : devil\nVulnerability : buffer overflow\nProblem type : local (remote)\nDebian-specific: no\nCVE Id : CVE-2008-5262\nDebian Bugs : 511844 512122\n\nStefan Cornelius discovered a buffer overflow in devil, a cross-platform\nimage loading and manipulation toolkit, which could be triggered via a\ncrafted Radiance RGBE file. This could potentially lead to the execution\nof arbitrary code.\n\nFor the stable distribution (etch), this problem has been fixed in\nversion 1.6.7-5+etch1.\n\nFor the testing distribution (lenny), this problem has been fixed in\nversion 1.6.8-rc2-3+lenny1.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 1.7.5-4.\n\nWe recommend that you upgrade your devil package.\n\nUpgrade instructions\n- --------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file.\n\nIf you are using the apt-get package manager, use the line for\nsources.list as given below:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration.\n\n\nDebian GNU/Linux 4.0 alias etch\n- -------------------------------\n\nDebian (stable)\n- ---------------\n\nStable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.\n\nSource archives:\n\n http://security.debian.org/pool/updates/main/d/devil/devil_1.6.7-5+etch1.dsc\n Size/MD5 checksum: 784 00a9a200619160d990ed2a2deeb4238d\n http://security.debian.org/pool/updates/main/d/devil/devil_1.6.7-5+etch1.diff.gz\n Size/MD5 checksum: 8379 414a516d9fef38921dbd538d78adcac0\n http://security.debian.org/pool/updates/main/d/devil/devil_1.6.7.orig.tar.gz\n Size/MD5 checksum: 3013312 0d0c3842196d85c4e24bedabcd84f626\n\nalpha architecture (DEC Alpha)\n\n http://security.debian.org/pool/updates/main/d/devil/libdevil1c2_1.6.7-5+etch1_alpha.deb\n Size/MD5 checksum: 372974 ee2e6a0b9c8df07f1824762d551e042a\n http://security.debian.org/pool/updates/main/d/devil/libdevil-dev_1.6.7-5+etch1_alpha.deb\n Size/MD5 checksum: 477468 51486ac6ff1b4cd5e7240f310873a7b4\n\namd64 architecture (AMD x86_64 (AMD64))\n\n http://security.debian.org/pool/updates/main/d/devil/libdevil-dev_1.6.7-5+etch1_amd64.deb\n Size/MD5 checksum: 320946 7a851f7411b600951c6f933008b514c9\n http://security.debian.org/pool/updates/main/d/devil/libdevil1c2_1.6.7-5+etch1_amd64.deb\n Size/MD5 checksum: 271718 0a202d4d921a1a00a82b3f6f9976e1b6\n\narm architecture (ARM)\n\n http://security.debian.org/pool/updates/main/d/devil/libdevil-dev_1.6.7-5+etch1_arm.deb\n Size/MD5 checksum: 297386 fb284b115a2d299e59facbfa903130aa\n http://security.debian.org/pool/updates/main/d/devil/libdevil1c2_1.6.7-5+etch1_arm.deb\n Size/MD5 checksum: 264932 39a535af14195508964c9ca1775c3132\n\nhppa architecture (HP PA RISC)\n\n http://security.debian.org/pool/updates/main/d/devil/libdevil-dev_1.6.7-5+etch1_hppa.deb\n Size/MD5 checksum: 410562 e34d8590f7c2e05d6cf02a118c211655\n http://security.debian.org/pool/updates/main/d/devil/libdevil1c2_1.6.7-5+etch1_hppa.deb\n Size/MD5 checksum: 347448 d21505b2fde524a40ee31f0efa12970a\n\ni386 architecture (Intel ia32)\n\n http://security.debian.org/pool/updates/main/d/devil/libdevil1c2_1.6.7-5+etch1_i386.deb\n Size/MD5 checksum: 252798 aca0fc8776489aba07f6a6a103fb52f9\n http://security.debian.org/pool/updates/main/d/devil/libdevil-dev_1.6.7-5+etch1_i386.deb\n Size/MD5 checksum: 286098 1f1bfc9efdd189ea5b430a50ca281cca\n\nia64 architecture (Intel ia64)\n\n http://security.debian.org/pool/updates/main/d/devil/libdevil1c2_1.6.7-5+etch1_ia64.deb\n Size/MD5 checksum: 481276 ad48301776addd355e4ffa46374c84d7\n http://security.debian.org/pool/updates/main/d/devil/libdevil-dev_1.6.7-5+etch1_ia64.deb\n Size/MD5 checksum: 552778 bd8f6164f68262a7cce113ca541660ef\n\nmips architecture (MIPS (Big Endian))\n\n http://security.debian.org/pool/updates/main/d/devil/libdevil-dev_1.6.7-5+etch1_mips.deb\n Size/MD5 checksum: 377338 0ce969cf88ed85d64c03211eb2268794\n http://security.debian.org/pool/updates/main/d/devil/libdevil1c2_1.6.7-5+etch1_mips.deb\n Size/MD5 checksum: 301428 8c80a1520fe67db9f79ebcb12570bebc\n\nmipsel architecture (MIPS (Little Endian))\n\n http://security.debian.org/pool/updates/main/d/devil/libdevil-dev_1.6.7-5+etch1_mipsel.deb\n Size/MD5 checksum: 376332 4c9b8f756eabdd857d9a17d6a74f9b1c\n http://security.debian.org/pool/updates/main/d/devil/libdevil1c2_1.6.7-5+etch1_mipsel.deb\n Size/MD5 checksum: 302362 ae2dd9e16b1ef239ce1779e16bb89d3e\n\npowerpc architecture (PowerPC)\n\n http://security.debian.org/pool/updates/main/d/devil/libdevil-dev_1.6.7-5+etch1_powerpc.deb\n Size/MD5 checksum: 368536 e3b1f038afadaffb44ac17a78cb57f15\n http://security.debian.org/pool/updates/main/d/devil/libdevil1c2_1.6.7-5+etch1_powerpc.deb\n Size/MD5 checksum: 294498 129bc064f6920f5847a539b42e262e2f\n\ns390 architecture (IBM S/390)\n\n http://security.debian.org/pool/updates/main/d/devil/libdevil-dev_1.6.7-5+etch1_s390.deb\n Size/MD5 checksum: 310166 a4e8bfb5603d45fe62e678ac8b2affb8\n http://security.debian.org/pool/updates/main/d/devil/libdevil1c2_1.6.7-5+etch1_s390.deb\n Size/MD5 checksum: 290248 fc76306188733c38b307662e3105cc70\n\nsparc architecture (Sun SPARC/UltraSPARC)\n\n http://security.debian.org/pool/updates/main/d/devil/libdevil1c2_1.6.7-5+etch1_sparc.deb\n Size/MD5 checksum: 276480 1387371202c1c4d72288ba07db4dc20b\n http://security.debian.org/pool/updates/main/d/devil/libdevil-dev_1.6.7-5+etch1_sparc.deb\n Size/MD5 checksum: 329950 50da6f88bfeec78c9a98173a5e254730\n\n\n These files will probably be moved into the stable distribution on\n its next update.\n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>\n", "edition": 11, "modified": "2009-02-05T06:30:36", "published": "2009-02-05T06:30:36", "id": "DEBIAN:DSA-1717-1:8B967", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2009/msg00026.html", "title": "[SECURITY] [DSA 1717-1] New devil packages fix buffer overflow", "type": "debian", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "seebug": [{"lastseen": "2017-11-19T19:01:37", "description": "BUGTRAQ ID: 33231\r\nCVE(CAN) ID: CVE-2008-5262\r\n\r\nDevIL\u662fDeveloper's Image Library\u662f\u7f29\u5199\uff0c\u662f\u7528\u4e8e\u5f00\u53d1\u5177\u6709\u56fe\u5f62\u52a0\u8f7d\u529f\u80fd\u5e94\u7528\u7a0b\u5e8f\u7684\u7a0b\u5e8f\u5458\u7528\u51fd\u6570\u5e93\u3002\r\n\r\nDevIL\u5e93\u7684src-IL/src/il_hdr.c\u6587\u4ef6\u4e2d\u7684iGetHdrHeader()\u51fd\u6570\u5b58\u5728\u6808\u6ea2\u51fa\u6f0f\u6d1e\u3002\u5982\u679c\u7528\u6237\u53d7\u9a97\u52a0\u8f7d\u4e86\u7279\u5236\u7684Radiance RGBE\u6587\u4ef6\uff0c\u5c31\u53ef\u4ee5\u89e6\u53d1\u8fd9\u4e2a\u6ea2\u51fa\uff0c\u5bfc\u81f4\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002\n\nDevIL 1.7.4\n DevIL\r\n-----\r\n\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u8fd9\u4e2a\u5b89\u5168\u95ee\u9898\uff0c\u8bf7\u5230\u5382\u5546\u7684\u4e3b\u9875\u4e0b\u8f7d\uff1a\r\n\r\n<a href=http://openil.sourceforge.net/ target=_blank rel=external nofollow>http://openil.sourceforge.net/</a>", "published": "2009-01-15T00:00:00", "type": "seebug", "title": "DevIL RGBE\u6587\u4ef6\u89e3\u6790\u6808\u6ea2\u51fa\u6f0f\u6d1e", "bulletinFamily": "exploit", "cvelist": ["CVE-2008-5262"], "modified": "2009-01-15T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-4660", "id": "SSV:4660", "sourceData": "", "sourceHref": "", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "fedora": [{"lastseen": "2020-12-21T08:17:49", "bulletinFamily": "unix", "cvelist": ["CVE-2008-5262"], "description": "Developer's Image Library (DevIL) is a programmer's library to develop applications with very powerful image loading capabilities, yet is easy for a developer to learn and use. Ultimate control of images is left to the developer, so unnecessary conversions, etc. are not performed. DevIL utiliz es a simple, yet powerful, syntax. DevIL can load, save, convert, manipulate, filter and display a wide variety of image formats. ", "modified": "2009-01-21T21:39:47", "published": "2009-01-21T21:39:47", "id": "FEDORA:33CCD208E2F", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 10 Update: DevIL-1.7.5-2.fc10", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:49", "bulletinFamily": "unix", "cvelist": ["CVE-2008-5262"], "description": "Developer's Image Library (DevIL) is a programmer's library to develop applications with very powerful image loading capabilities, yet is easy for a developer to learn and use. Ultimate control of images is left to the developer, so unnecessary conversions, etc. are not performed. DevIL utiliz es a simple, yet powerful, syntax. DevIL can load, save, convert, manipulate, filter and display a wide variety of image formats. ", "modified": "2009-01-21T21:39:04", "published": "2009-01-21T21:39:04", "id": "FEDORA:981A3208DE4", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 9 Update: DevIL-1.7.5-2.fc9", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "nessus": [{"lastseen": "2021-01-07T10:52:28", "description": "The remote host is affected by the vulnerability described in GLSA-200903-04\n(DevIL: User-assisted execution of arbitrary code)\n\n Stefan Cornelius (Secunia Research) discovered two boundary errors\n within the iGetHdrHeader() function in src-IL/src/il_hdr.c.\n \nImpact :\n\n A remote attacker could entice a user to open a specially crafted\n Radiance RGBE file, possibly resulting in the execution of arbitrary\n code.\n \nWorkaround :\n\n There is no known workaround at this time.", "edition": 24, "published": "2009-03-08T00:00:00", "title": "GLSA-200903-04 : DevIL: User-assisted execution of arbitrary code", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-5262"], "modified": "2009-03-08T00:00:00", "cpe": ["cpe:/o:gentoo:linux", "p-cpe:/a:gentoo:linux:devil"], "id": "GENTOO_GLSA-200903-04.NASL", "href": "https://www.tenable.com/plugins/nessus/35794", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 200903-04.\n#\n# The advisory text is Copyright (C) 2001-2016 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(35794);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2008-5262\");\n script_xref(name:\"GLSA\", value:\"200903-04\");\n\n script_name(english:\"GLSA-200903-04 : DevIL: User-assisted execution of arbitrary code\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-200903-04\n(DevIL: User-assisted execution of arbitrary code)\n\n Stefan Cornelius (Secunia Research) discovered two boundary errors\n within the iGetHdrHeader() function in src-IL/src/il_hdr.c.\n \nImpact :\n\n A remote attacker could entice a user to open a specially crafted\n Radiance RGBE file, possibly resulting in the execution of arbitrary\n code.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/200903-04\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All DevIL users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=media-libs/devil-1.7.7'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(119);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:devil\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/03/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/03/08\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"media-libs/devil\", unaffected:make_list(\"ge 1.7.7\"), vulnerable:make_list(\"lt 1.7.7\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"DevIL\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-12T10:06:51", "description": " - Fix missing symbols (rh 480269) - Fix off by one error\n in CVE-2008-5262 check (rh 479864)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 23, "published": "2009-04-23T00:00:00", "title": "Fedora 10 : DevIL-1.7.5-2.fc10 (2009-0867)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-5262"], "modified": "2009-04-23T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:10", "p-cpe:/a:fedoraproject:fedora:DevIL"], "id": "FEDORA_2009-0867.NASL", "href": "https://www.tenable.com/plugins/nessus/37947", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2009-0867.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(37947);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2008-5262\");\n script_xref(name:\"FEDORA\", value:\"2009-0867\");\n\n script_name(english:\"Fedora 10 : DevIL-1.7.5-2.fc10 (2009-0867)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - Fix missing symbols (rh 480269) - Fix off by one error\n in CVE-2008-5262 check (rh 479864)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=479864\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2009-January/019295.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?e85987e4\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected DevIL package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_cwe_id(119);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:DevIL\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:10\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/01/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/04/23\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^10([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 10.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC10\", reference:\"DevIL-1.7.5-2.fc10\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"DevIL\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-12T10:06:51", "description": " - Fix missing symbols (rh 480269) - Fix off by one error\n in CVE-2008-5262 check (rh 479864)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 23, "published": "2009-01-22T00:00:00", "title": "Fedora 9 : DevIL-1.7.5-2.fc9 (2009-0856)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-5262"], "modified": "2009-01-22T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:9", "p-cpe:/a:fedoraproject:fedora:DevIL"], "id": "FEDORA_2009-0856.NASL", "href": "https://www.tenable.com/plugins/nessus/35441", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2009-0856.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(35441);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2008-5262\");\n script_xref(name:\"FEDORA\", value:\"2009-0856\");\n\n script_name(english:\"Fedora 9 : DevIL-1.7.5-2.fc9 (2009-0856)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - Fix missing symbols (rh 480269) - Fix off by one error\n in CVE-2008-5262 check (rh 479864)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=479864\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2009-January/019286.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?3b54294c\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected DevIL package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_cwe_id(119);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:DevIL\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:9\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/01/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/01/22\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^9([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 9.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC9\", reference:\"DevIL-1.7.5-2.fc9\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"DevIL\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-06T09:45:17", "description": "Stefan Cornelius discovered a buffer overflow in devil, a\ncross-platform image loading and manipulation toolkit, which could be\ntriggered via a crafted Radiance RGBE file. This could potentially\nlead to the execution of arbitrary code.", "edition": 25, "published": "2009-02-09T00:00:00", "title": "Debian DSA-1717-1 : devil - buffer overflow", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-5262"], "modified": "2009-02-09T00:00:00", "cpe": ["cpe:/o:debian:debian_linux:4.0", "p-cpe:/a:debian:debian_linux:devil"], "id": "DEBIAN_DSA-1717.NASL", "href": "https://www.tenable.com/plugins/nessus/35612", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-1717. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(35612);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2008-5262\");\n script_xref(name:\"DSA\", value:\"1717\");\n\n script_name(english:\"Debian DSA-1717-1 : devil - buffer overflow\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Stefan Cornelius discovered a buffer overflow in devil, a\ncross-platform image loading and manipulation toolkit, which could be\ntriggered via a crafted Radiance RGBE file. This could potentially\nlead to the execution of arbitrary code.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=511844\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=512122\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2009/dsa-1717\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the devil package.\n\nFor the stable distribution (etch), this problem has been fixed in\nversion 1.6.7-5+etch1.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_cwe_id(119);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:devil\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:4.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/02/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/02/09\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"4.0\", prefix:\"libdevil-dev\", reference:\"1.6.7-5+etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"libdevil1c2\", reference:\"1.6.7-5+etch1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}]}
