ID OPENVAS:136141256231070266 Type openvas Reporter Copyright (c) 2011 E-Soft Inc. http://www.securityspace.com Modified 2018-10-05T00:00:00
Description
The remote host is missing an update to the system
as announced in the referenced advisory.
###############################################################################
# OpenVAS Vulnerability Test
# $Id: freebsd_libXfont.nasl 11762 2018-10-05 10:54:12Z cfischer $
#
# Auto generated from VID 304409c3-c3ef-11e0-8aa5-485d60cb5385
#
# Authors:
# Thomas Reinke <reinke@securityspace.com>
#
# Copyright:
# Copyright (c) 2011 E-Soft Inc. http://www.securityspace.com
# Text descriptions are largely excerpted from the referenced
# advisories, and are Copyright (c) the respective author(s)
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2,
# as published by the Free Software Foundation
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.0.70266");
script_version("$Revision: 11762 $");
script_tag(name:"last_modification", value:"$Date: 2018-10-05 12:54:12 +0200 (Fri, 05 Oct 2018) $");
script_tag(name:"creation_date", value:"2011-09-21 05:47:11 +0200 (Wed, 21 Sep 2011)");
script_tag(name:"cvss_base", value:"9.3");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:M/Au:N/C:C/I:C/A:C");
script_cve_id("CVE-2011-2895");
script_name("FreeBSD Ports: libXfont");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (c) 2011 E-Soft Inc. http://www.securityspace.com");
script_family("FreeBSD Local Security Checks");
script_dependencies("gather-package-list.nasl");
script_mandatory_keys("ssh/login/freebsd", "ssh/login/freebsdrel");
script_tag(name:"insight", value:"The following package is affected: libXfont
CVE-2011-2895
The LZW decompressor in (1) the BufCompressedFill function in
fontfile/decompress.c in X.Org libXfont before 1.4.4 and (2)
compress/compress.c in 4.3BSD, as used in zopen.c in OpenBSD before
3.8, FreeBSD, NetBSD, FreeType 2.1.9, and other products, does not
properly handle code words that are absent from the decompression
table when encountered, which allows context-dependent attackers to
trigger an infinite loop or a heap-based buffer overflow, and possibly
execute arbitrary code, via a crafted compressed stream, a related
issue to CVE-2006-1168 and CVE-2011-2896.");
script_tag(name:"solution", value:"Update your system with the appropriate patches or
software upgrades.");
script_xref(name:"URL", value:"https://bugzilla.redhat.com/show_bug.cgi?id=725760");
script_xref(name:"URL", value:"http://www.vuxml.org/freebsd/304409c3-c3ef-11e0-8aa5-485d60cb5385.html");
script_tag(name:"summary", value:"The remote host is missing an update to the system
as announced in the referenced advisory.");
script_tag(name:"qod_type", value:"package");
script_tag(name:"solution_type", value:"VendorFix");
exit(0);
}
include("revisions-lib.inc");
include("pkg-lib-bsd.inc");
vuln = FALSE;
txt = "";
bver = portver(pkg:"libXfont");
if(!isnull(bver) && revcomp(a:bver, b:"1.4.4,1")<0) {
txt += 'Package libXfont version ' + bver + ' is installed which is known to be vulnerable.\n';
vuln = TRUE;
}
if(vuln) {
security_message(data:txt);
} else if (__pkg_match) {
exit(99);
}
{"id": "OPENVAS:136141256231070266", "type": "openvas", "bulletinFamily": "scanner", "title": "FreeBSD Ports: libXfont", "description": "The remote host is missing an update to the system\n as announced in the referenced advisory.", "published": "2011-09-21T00:00:00", "modified": "2018-10-05T00:00:00", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "href": "http://plugins.openvas.org/nasl.php?oid=136141256231070266", "reporter": "Copyright (c) 2011 E-Soft Inc. http://www.securityspace.com", "references": ["http://www.vuxml.org/freebsd/304409c3-c3ef-11e0-8aa5-485d60cb5385.html", "https://bugzilla.redhat.com/show_bug.cgi?id=725760"], "cvelist": ["CVE-2006-1168", "CVE-2011-2896", "CVE-2011-2895"], "lastseen": "2019-05-29T18:39:35", "viewCount": 0, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2006-1168", "CVE-2011-2895", "CVE-2011-2896"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310831487", "OPENVAS:831473", "OPENVAS:831487", "OPENVAS:831465", "OPENVAS:136141256231070743", "OPENVAS:70266", "OPENVAS:1361412562311220192357", "OPENVAS:1361412562310831473", "OPENVAS:70743", "OPENVAS:1361412562310831465"]}, {"type": "nessus", "idList": ["EULEROS_SA-2019-2357.NASL", "FEDORA_2011-11229.NASL", "MANDRIVA_MDVSA-2011-146.NASL", "FEDORA_2011-10788.NASL", "REDHAT-RHSA-2012-0302.NASL", "SL_20120221_CUPS_ON_SL5_X.NASL", "MANDRIVA_MDVSA-2011-153.NASL", "FEDORA_2011-10782.NASL", "FEDORA_2011-11305.NASL", "MANDRIVA_MDVSA-2011-167.NASL"]}, {"type": "oraclelinux", "idList": ["ELSA-2011-1635", "ELSA-2011-1155", "ELSA-2011-1161", "ELSA-2012-0302", "ELSA-2011-1154"]}, {"type": "redhat", "idList": ["RHSA-2011:1155", "RHSA-2011:1834", "RHSA-2011:1635", "RHSA-2012:0302", "RHSA-2011:1154"]}, {"type": "fedora", "idList": ["FEDORA:9785E10F898", "FEDORA:6016D11096A", "FEDORA:E2944E7205", "FEDORA:5B23387E73", "FEDORA:E09F7111297", "FEDORA:9E67387E73"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:11921", "SECURITYVULNS:DOC:27053"]}, {"type": "ubuntu", "idList": ["USN-1214-1"]}, {"type": "debian", "idList": ["DEBIAN:DSA-2293-1:771F2"]}, {"type": "freebsd", "idList": ["FEE94342-4638-11E1-9F47-00E0815B8DA8"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2011:1299-1"]}], "modified": "2019-05-29T18:39:35", "rev": 2}, "score": {"value": 7.2, "vector": "NONE", "modified": "2019-05-29T18:39:35", "rev": 2}, "vulnersScore": 7.2}, "pluginID": "136141256231070266", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: freebsd_libXfont.nasl 11762 2018-10-05 10:54:12Z cfischer $\n#\n# Auto generated from VID 304409c3-c3ef-11e0-8aa5-485d60cb5385\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2011 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.70266\");\n script_version(\"$Revision: 11762 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-05 12:54:12 +0200 (Fri, 05 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2011-09-21 05:47:11 +0200 (Wed, 21 Sep 2011)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_cve_id(\"CVE-2011-2895\");\n script_name(\"FreeBSD Ports: libXfont\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"FreeBSD Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/freebsd\", \"ssh/login/freebsdrel\");\n\n script_tag(name:\"insight\", value:\"The following package is affected: libXfont\n\nCVE-2011-2895\nThe LZW decompressor in (1) the BufCompressedFill function in\nfontfile/decompress.c in X.Org libXfont before 1.4.4 and (2)\ncompress/compress.c in 4.3BSD, as used in zopen.c in OpenBSD before\n3.8, FreeBSD, NetBSD, FreeType 2.1.9, and other products, does not\nproperly handle code words that are absent from the decompression\ntable when encountered, which allows context-dependent attackers to\ntrigger an infinite loop or a heap-based buffer overflow, and possibly\nexecute arbitrary code, via a crafted compressed stream, a related\nissue to CVE-2006-1168 and CVE-2011-2896.\");\n\n script_tag(name:\"solution\", value:\"Update your system with the appropriate patches or\n software upgrades.\");\n\n script_xref(name:\"URL\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=725760\");\n script_xref(name:\"URL\", value:\"http://www.vuxml.org/freebsd/304409c3-c3ef-11e0-8aa5-485d60cb5385.html\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update to the system\n as announced in the referenced advisory.\");\n\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-bsd.inc\");\n\nvuln = FALSE;\ntxt = \"\";\n\nbver = portver(pkg:\"libXfont\");\nif(!isnull(bver) && revcomp(a:bver, b:\"1.4.4,1\")<0) {\n txt += 'Package libXfont version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = TRUE;\n}\n\nif(vuln) {\n security_message(data:txt);\n} else if (__pkg_match) {\n exit(99);\n}", "naslFamily": "FreeBSD Local Security Checks"}
{"cve": [{"lastseen": "2020-12-09T19:39:09", "description": "The LZW decompressor in (1) the BufCompressedFill function in fontfile/decompress.c in X.Org libXfont before 1.4.4 and (2) compress/compress.c in 4.3BSD, as used in zopen.c in OpenBSD before 3.8, FreeBSD, NetBSD 4.0.x and 5.0.x before 5.0.3 and 5.1.x before 5.1.1, FreeType 2.1.9, and other products, does not properly handle code words that are absent from the decompression table when encountered, which allows context-dependent attackers to trigger an infinite loop or a heap-based buffer overflow, and possibly execute arbitrary code, via a crafted compressed stream, a related issue to CVE-2006-1168 and CVE-2011-2896.", "edition": 5, "cvss3": {}, "published": "2011-08-19T17:55:00", "title": "CVE-2011-2895", "type": "cve", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-2895"], "modified": "2017-08-29T01:29:00", "cpe": ["cpe:/o:openbsd:openbsd:2.4", "cpe:/o:openbsd:openbsd:3.1", "cpe:/a:x:libxfont:1.2.9", "cpe:/a:x:libxfont:1.3.4", "cpe:/o:openbsd:openbsd:2.9", "cpe:/a:x:libxfont:1.3.3", "cpe:/a:freetype:freetype:2.1.9", "cpe:/o:freebsd:freebsd:*", "cpe:/o:openbsd:openbsd:2.6", "cpe:/o:openbsd:openbsd:2.2", "cpe:/a:x:libxfont:1.4.3", "cpe:/o:openbsd:openbsd:2.8", "cpe:/o:openbsd:openbsd:3.6", "cpe:/o:openbsd:openbsd:3.3", "cpe:/a:x:libxfont:1.2.3", "cpe:/a:x:libxfont:1.3.0", "cpe:/o:openbsd:openbsd:3.0", "cpe:/a:x:libxfont:1.2.8", "cpe:/o:openbsd:openbsd:2.1", "cpe:/a:x:libxfont:1.2.1", "cpe:/a:x:libxfont:1.2.6", "cpe:/o:openbsd:openbsd:2.0", "cpe:/a:x:libxfont:1.2.4", "cpe:/o:openbsd:openbsd:3.5", "cpe:/a:x:libxfont:1.4.1", "cpe:/a:x:libxfont:1.2.5", "cpe:/a:x:libxfont:1.3.2", "cpe:/a:x:libxfont:1.3.1", "cpe:/o:openbsd:openbsd:2.3", "cpe:/a:x:libxfont:1.2.0", "cpe:/a:x:libxfont:1.4.0", "cpe:/o:openbsd:openbsd:2.7", "cpe:/o:openbsd:openbsd:3.7", "cpe:/o:openbsd:openbsd:2.5", "cpe:/o:openbsd:openbsd:3.4", "cpe:/a:x:libxfont:1.2.7", "cpe:/o:openbsd:openbsd:3.2", "cpe:/a:x:libxfont:1.2.2", "cpe:/a:x:libxfont:1.4.2", "cpe:/o:netbsd:netbsd:*"], "id": "CVE-2011-2895", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-2895", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:o:openbsd:openbsd:2.4:*:*:*:*:*:*:*", "cpe:2.3:a:x:libxfont:1.2.3:*:*:*:*:*:*:*", "cpe:2.3:o:openbsd:openbsd:2.1:*:*:*:*:*:*:*", "cpe:2.3:o:openbsd:openbsd:3.1:*:*:*:*:*:*:*", "cpe:2.3:o:openbsd:openbsd:2.0:*:*:*:*:*:*:*", "cpe:2.3:a:x:libxfont:1.4.1:*:*:*:*:*:*:*", "cpe:2.3:o:openbsd:openbsd:2.8:*:*:*:*:*:*:*", "cpe:2.3:a:x:libxfont:1.3.4:*:*:*:*:*:*:*", "cpe:2.3:a:x:libxfont:1.2.9:*:*:*:*:*:*:*", "cpe:2.3:o:netbsd:netbsd:*:*:*:*:*:*:*:*", "cpe:2.3:o:openbsd:openbsd:2.6:*:*:*:*:*:*:*", "cpe:2.3:a:x:libxfont:1.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:x:libxfont:1.4.0:*:*:*:*:*:*:*", "cpe:2.3:a:x:libxfont:1.3.3:*:*:*:*:*:*:*", "cpe:2.3:a:x:libxfont:1.2.8:*:*:*:*:*:*:*", "cpe:2.3:o:openbsd:openbsd:3.2:*:*:*:*:*:*:*", "cpe:2.3:a:freetype:freetype:2.1.9:*:*:*:*:*:*:*", "cpe:2.3:o:openbsd:openbsd:3.4:*:*:*:*:*:*:*", "cpe:2.3:o:openbsd:openbsd:2.2:*:*:*:*:*:*:*", "cpe:2.3:a:x:libxfont:1.3.2:*:*:*:*:*:*:*", "cpe:2.3:a:x:libxfont:1.2.2:*:*:*:*:*:*:*", "cpe:2.3:o:openbsd:openbsd:2.7:*:*:*:*:*:*:*", "cpe:2.3:a:x:libxfont:1.2.7:*:*:*:*:*:*:*", "cpe:2.3:a:x:libxfont:1.3.1:*:*:*:*:*:*:*", "cpe:2.3:o:openbsd:openbsd:3.5:*:*:*:*:*:*:*", "cpe:2.3:a:x:libxfont:1.3.0:*:*:*:*:*:*:*", "cpe:2.3:o:openbsd:openbsd:3.6:*:*:*:*:*:*:*", "cpe:2.3:o:openbsd:openbsd:2.5:*:*:*:*:*:*:*", "cpe:2.3:a:x:libxfont:1.2.4:*:*:*:*:*:*:*", "cpe:2.3:a:x:libxfont:1.4.2:*:*:*:*:*:*:*", "cpe:2.3:o:openbsd:openbsd:2.3:*:*:*:*:*:*:*", "cpe:2.3:a:x:libxfont:1.4.3:*:*:*:*:*:*:*", "cpe:2.3:a:x:libxfont:1.2.1:*:*:*:*:*:*:*", "cpe:2.3:o:openbsd:openbsd:3.7:*:*:*:*:*:*:*", "cpe:2.3:o:freebsd:freebsd:*:*:*:*:*:*:*:*", "cpe:2.3:o:openbsd:openbsd:3.3:*:*:*:*:*:*:*", "cpe:2.3:a:x:libxfont:1.2.5:*:*:*:*:*:*:*", "cpe:2.3:o:openbsd:openbsd:2.9:*:*:*:*:*:*:*", "cpe:2.3:a:x:libxfont:1.2.6:*:*:*:*:*:*:*", "cpe:2.3:o:openbsd:openbsd:3.0:*:*:*:*:*:*:*"]}, {"lastseen": "2020-10-03T11:48:13", "description": "The decompress function in compress42.c in (1) ncompress 4.2.4 and (2) liblzw allows remote attackers to cause a denial of service (crash), and possibly execute arbitrary code, via crafted data that leads to a buffer underflow.", "edition": 3, "cvss3": {}, "published": "2006-08-14T20:04:00", "title": "CVE-2006-1168", "type": "cve", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": true}, "cvelist": ["CVE-2006-1168"], "modified": "2017-10-11T01:30:00", "cpe": ["cpe:/a:ncompress:ncompress:4.2.4"], "id": "CVE-2006-1168", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-1168", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:ncompress:ncompress:4.2.4:*:*:*:*:*:*:*"]}, {"lastseen": "2020-12-09T19:39:09", "description": "The LZW decompressor in the LWZReadByte function in giftoppm.c in the David Koblas GIF decoder in PBMPLUS, as used in the gif_read_lzw function in filter/image-gif.c in CUPS before 1.4.7, the LZWReadByte function in plug-ins/common/file-gif-load.c in GIMP 2.6.11 and earlier, the LZWReadByte function in img/gifread.c in XPCE in SWI-Prolog 5.10.4 and earlier, and other products, does not properly handle code words that are absent from the decompression table when encountered, which allows remote attackers to trigger an infinite loop or a heap-based buffer overflow, and possibly execute arbitrary code, via a crafted compressed stream, a related issue to CVE-2006-1168 and CVE-2011-2895.", "edition": 5, "cvss3": {}, "published": "2011-08-19T17:55:00", "title": "CVE-2011-2896", "type": "cve", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.1, "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-2896"], "modified": "2018-10-30T16:26:00", "cpe": ["cpe:/a:apple:cups:1.2.7", "cpe:/a:apple:cups:1.2.5", "cpe:/a:apple:cups:1.2.8", "cpe:/a:apple:cups:1.3.5", "cpe:/a:gimp:gimp:2.6.11", "cpe:/a:gnu:gimp:2.2.12", "cpe:/a:gnu:gimp:2.2.15", "cpe:/a:swi-prolog:swi-prolog:3.1.2", "cpe:/a:swi-prolog:swi-prolog:3.3.10", "cpe:/a:apple:cups:1.1.6-3", "cpe:/a:gnu:gimp:2.6.3", "cpe:/a:swi-prolog:swi-prolog:5.8.3", "cpe:/a:swi-prolog:swi-prolog:5.6.64", "cpe:/a:apple:cups:1.1.16", "cpe:/a:gnu:gimp:2.0.1", "cpe:/a:apple:cups:1.1.12", "cpe:/a:swi-prolog:swi-prolog:2.7.15", "cpe:/a:swi-prolog:swi-prolog:5.6.62", "cpe:/a:apple:cups:1.4.4", "cpe:/a:apple:cups:1.2", "cpe:/a:gnu:gimp:2.4.4", "cpe:/a:apple:cups:1.1.5-2", "cpe:/a:apple:cups:1.3.8", "cpe:/a:swi-prolog:swi-prolog:2.7.19", "cpe:/a:swi-prolog:swi-prolog:3.4.5", "cpe:/a:apple:cups:1.1.11", "cpe:/a:swi-prolog:swi-prolog:5.10.2", "cpe:/a:apple:cups:1.1.21", "cpe:/a:apple:cups:1.1.6-1", "cpe:/a:gnu:gimp:2.2.14", "cpe:/a:gnu:gimp:2.0.4", "cpe:/a:swi-prolog:swi-prolog:5.6.61", "cpe:/a:swi-prolog:swi-prolog:5.6.58", "cpe:/a:swi-prolog:swi-prolog:2.7.14", "cpe:/a:swi-prolog:swi-prolog:5.6.52", "cpe:/a:apple:cups:1.4", "cpe:/a:apple:cups:1.3.1", "cpe:/a:gnu:gimp:2.2.13", "cpe:/a:apple:cups:1.1.3", "cpe:/a:gnu:gimp:2.6.4", "cpe:/a:apple:cups:1.1.2", "cpe:/a:apple:cups:1.1.1", "cpe:/a:swi-prolog:swi-prolog:5.6.63", "cpe:/a:gnu:gimp:2.2.17", "cpe:/a:apple:cups:1.3", "cpe:/a:gnu:gimp:2.2.6", "cpe:/a:gnu:gimp:2.6.1", "cpe:/a:apple:cups:1.1.5", "cpe:/a:gnu:gimp:2.2.11", "cpe:/a:swi-prolog:swi-prolog:2.9.7", "cpe:/a:apple:cups:1.1", "cpe:/a:swi-prolog:swi-prolog:5.10.4", "cpe:/a:swi-prolog:swi-prolog:5.6.50", "cpe:/a:apple:cups:1.2.2", "cpe:/a:swi-prolog:swi-prolog:5.6.53", "cpe:/a:gnu:gimp:2.0.0", "cpe:/a:gnu:gimp:2.4.0", "cpe:/a:apple:cups:1.2.1", "cpe:/a:apple:cups:1.4.5", "cpe:/a:apple:cups:1.2.12", "cpe:/a:apple:cups:1.1.10-1", "cpe:/a:apple:cups:1.2.9", "cpe:/a:apple:cups:1.1.17", "cpe:/a:swi-prolog:swi-prolog:5.6.51", "cpe:/a:gnu:gimp:2.6.7", "cpe:/a:swi-prolog:swi-prolog:2.9.9", "cpe:/a:swi-prolog:swi-prolog:4.0.11", "cpe:/a:gnu:gimp:2.6.0", "cpe:/a:apple:cups:1.1.9", "cpe:/a:gnu:gimp:2.6.6", "cpe:/a:gnu:gimp:2.2.7", "cpe:/a:apple:cups:1.4.6", "cpe:/a:swi-prolog:swi-prolog:5.6.54", "cpe:/a:swi-prolog:swi-prolog:5.0.10", "cpe:/a:swi-prolog:swi-prolog:5.6.56", "cpe:/a:apple:cups:1.2.6", "cpe:/a:swi-prolog:swi-prolog:5.4.7", "cpe:/a:gnu:gimp:2.4.6", "cpe:/a:apple:cups:1.1.6", "cpe:/a:gnu:gimp:2.2.3", "cpe:/a:apple:cups:1.4.0", "cpe:/a:swi-prolog:swi-prolog:5.8.0", "cpe:/a:gnu:gimp:2.4.7", "cpe:/a:apple:cups:1.1.19", "cpe:/a:apple:cups:1.1.9-1", "cpe:/a:swi-prolog:swi-prolog:2.8.2", "cpe:/a:gnu:gimp:2.2.4", "cpe:/a:swi-prolog:swi-prolog:5.2.13", "cpe:/a:apple:cups:1.1.20", "cpe:/a:apple:cups:1.3.3", "cpe:/a:apple:cups:1.1.23", "cpe:/a:gnu:gimp:2.0.3", "cpe:/a:swi-prolog:swi-prolog:5.10.1", "cpe:/a:apple:cups:1.2.10", "cpe:/a:gnu:gimp:2.4.2", "cpe:/a:swi-prolog:swi-prolog:2.9.11", "cpe:/a:apple:cups:1.3.2", "cpe:/a:swi-prolog:swi-prolog:5.8.1", "cpe:/a:apple:cups:1.3.4", "cpe:/a:gnu:gimp:2.2.0", "cpe:/a:apple:cups:1.3.10", "cpe:/a:gnu:gimp:1.0.4", "cpe:/a:apple:cups:1.1.8", "cpe:/a:gnu:gimp:2.2.9", "cpe:/a:gnu:gimp:2.4.3", "cpe:/a:gimp:gimp:2.6.8", "cpe:/a:swi-prolog:swi-prolog:5.10.3", "cpe:/a:apple:cups:1.3.7", "cpe:/a:apple:cups:1.1.18", "cpe:/a:swi-prolog:swi-prolog:5.10.0", "cpe:/a:gnu:gimp:2.2.10", "cpe:/a:apple:cups:1.3.11", "cpe:/a:apple:cups:1.1.6-2", "cpe:/a:gnu:gimp:2.2.16", "cpe:/a:gnu:gimp:1.2.5", "cpe:/a:apple:cups:1.2.3", "cpe:/a:gnu:gimp:2.2.5", "cpe:/a:gnu:gimp:2.0.5", "cpe:/a:apple:cups:1.3.0", "cpe:/a:apple:cups:1.1.15", "cpe:/a:apple:cups:1.1.13", "cpe:/a:apple:cups:1.1.5-1", "cpe:/a:apple:cups:1.1.22", "cpe:/a:swi-prolog:swi-prolog:5.6.57", "cpe:/a:gnu:gimp:2.0.2", "cpe:/a:apple:cups:1.2.4", "cpe:/a:gnu:gimp:2.6.9", "cpe:/a:gnu:gimp:2.2.2", "cpe:/a:apple:cups:1.1.10", "cpe:/a:gnu:gimp:2.6.2", "cpe:/a:gnu:gimp:2.4.5", "cpe:/a:gnu:gimp:2.4.1", "cpe:/a:gnu:gimp:2.0.6", "cpe:/a:apple:cups:1.2.11", "cpe:/a:gnu:gimp:2.6.10", "cpe:/a:apple:cups:1.2.0", "cpe:/a:swi-prolog:swi-prolog:3.2.8", "cpe:/a:apple:cups:1.4.3", "cpe:/a:apple:cups:1.4.1", "cpe:/a:apple:cups:1.3.9", "cpe:/a:swi-prolog:swi-prolog:5.8.2", "cpe:/a:gnu:gimp:2.6.5", "cpe:/a:swi-prolog:swi-prolog:5.6.55", "cpe:/a:gnu:gimp:2.2.8", "cpe:/a:apple:cups:1.3.6", "cpe:/a:apple:cups:1.1.7", "cpe:/a:apple:cups:1.4.2", "cpe:/a:gnu:gimp:2.2.1", "cpe:/a:apple:cups:1.1.4", "cpe:/a:swi-prolog:swi-prolog:5.6.59", "cpe:/a:apple:cups:1.1.14"], "id": "CVE-2011-2896", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-2896", "cvss": {"score": 5.1, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:apple:cups:1.1.10:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gimp:2.4.5:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.12:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gimp:2.2.2:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gimp:2.4.7:*:*:*:*:*:*:*", "cpe:2.3:a:swi-prolog:swi-prolog:5.10.0:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gimp:2.2.8:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.9-1:*:*:*:*:*:*:*", "cpe:2.3:a:swi-prolog:swi-prolog:5.6.58:*:*:*:*:*:*:*", "cpe:2.3:a:swi-prolog:swi-prolog:5.10.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.3.7:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.2.8:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gimp:2.6.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.19:rc3:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.3:b1:*:*:*:*:*:*", "cpe:2.3:a:gnu:gimp:2.4.2:*:*:*:*:*:*:*", "cpe:2.3:a:swi-prolog:swi-prolog:5.4.7:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gimp:2.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:swi-prolog:swi-prolog:5.6.64:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:swi-prolog:swi-prolog:5.6.55:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.19:rc2:*:*:*:*:*:*", "cpe:2.3:a:swi-prolog:swi-prolog:5.6.59:*:*:*:*:*:*:*", "cpe:2.3:a:swi-prolog:swi-prolog:5.6.50:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.8:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gimp:1.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.9:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.4:b1:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.19:rc4:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.3.4:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.20:rc2:*:*:*:*:*:*", "cpe:2.3:a:gimp:gimp:2.6.11:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.4:*:*:*:*:*:*:*", "cpe:2.3:a:swi-prolog:swi-prolog:5.6.52:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.2.6:*:*:*:*:*:*:*", "cpe:2.3:a:swi-prolog:swi-prolog:3.2.8:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.19:rc5:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.20:rc6:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.4.2:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gimp:2.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gimp:2.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.2.4:*:*:*:*:*:*:*", "cpe:2.3:a:swi-prolog:swi-prolog:2.7.19:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gimp:2.6.5:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gimp:2.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.3.5:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gimp:2.4.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.22:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gimp:2.2.15:*:*:*:*:*:*:*", "cpe:2.3:a:gimp:gimp:2.6.8:*:*:*:*:*:*:*", "cpe:2.3:a:swi-prolog:swi-prolog:3.4.5:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.6:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.3.6:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.2.12:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.3.10:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gimp:2.6.4:*:*:*:*:*:*:*", "cpe:2.3:a:swi-prolog:swi-prolog:5.8.3:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gimp:2.2.10:*:*:*:*:*:*:*", "cpe:2.3:a:swi-prolog:swi-prolog:5.6.63:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.20:rc3:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.6-2:*:*:*:*:*:*:*", "cpe:2.3:a:swi-prolog:swi-prolog:5.6.51:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.4.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.20:rc5:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.4.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.3:*:*:*:*:*:*:*", "cpe:2.3:a:swi-prolog:swi-prolog:2.7.14:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.15:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gimp:2.2.6:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gimp:2.2.11:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.3:rc1:*:*:*:*:*:*", "cpe:2.3:a:gnu:gimp:2.2.4:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.2.5:*:*:*:*:*:*:*", "cpe:2.3:a:swi-prolog:swi-prolog:5.6.62:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.5-2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.16:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.3.3:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.3.0:*:*:*:*:*:*:*", "cpe:2.3:a:swi-prolog:swi-prolog:5.6.53:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gimp:2.6.3:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gimp:2.2.3:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.6-1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.11:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.2:b2:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.2:rc2:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.3.2:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gimp:2.6.6:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gimp:2.4.4:*:*:*:*:*:*:*", "cpe:2.3:a:swi-prolog:swi-prolog:5.2.13:*:*:*:*:*:*:*", "cpe:2.3:a:swi-prolog:swi-prolog:2.9.11:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gimp:1.2.5:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.22:rc1:*:*:*:*:*:*", "cpe:2.3:a:gnu:gimp:2.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.3.9:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.6-3:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gimp:2.2.5:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.14:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.5:*:*:*:*:*:*:*", "cpe:2.3:a:swi-prolog:swi-prolog:5.10.4:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.21:rc1:*:*:*:*:*:*", "cpe:2.3:a:swi-prolog:swi-prolog:5.6.56:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gimp:2.2.13:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.19:rc1:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.20:rc1:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.13:*:*:*:*:*:*:*", "cpe:2.3:a:swi-prolog:swi-prolog:3.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:swi-prolog:swi-prolog:5.6.61:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.2.2:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gimp:2.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:swi-prolog:swi-prolog:2.8.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.22:rc2:*:*:*:*:*:*", "cpe:2.3:a:gnu:gimp:2.6.10:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.18:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.4:rc1:*:*:*:*:*:*", "cpe:2.3:a:gnu:gimp:2.2.16:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1:*:*:*:*:*:*:*", "cpe:2.3:a:swi-prolog:swi-prolog:5.6.57:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gimp:2.6.2:*:*:*:*:*:*:*", "cpe:2.3:a:swi-prolog:swi-prolog:2.9.9:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.2.3:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gimp:2.6.7:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.2:b1:*:*:*:*:*:*", "cpe:2.3:a:swi-prolog:swi-prolog:5.8.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.3.8:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.4.4:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.5-1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.3:rc2:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.23:rc1:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.21:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.2:rc3:*:*:*:*:*:*", "cpe:2.3:a:swi-prolog:swi-prolog:5.6.54:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gimp:2.4.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.20:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.20:rc4:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.4.5:*:*:*:*:*:*:*", "cpe:2.3:a:swi-prolog:swi-prolog:4.0.11:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.4.3:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.2:rc1:*:*:*:*:*:*", "cpe:2.3:a:gnu:gimp:2.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:swi-prolog:swi-prolog:5.10.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.7:*:*:*:*:*:*:*", "cpe:2.3:a:swi-prolog:swi-prolog:5.10.3:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.4.6:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gimp:2.2.12:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.2.7:*:*:*:*:*:*:*", "cpe:2.3:a:swi-prolog:swi-prolog:5.8.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.4:b3:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.17:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gimp:2.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:swi-prolog:swi-prolog:3.3.10:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gimp:2.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gimp:2.6.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.2.10:*:*:*:*:*:*:*", "cpe:2.3:a:swi-prolog:swi-prolog:2.9.7:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.19:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.3.11:*:*:*:*:*:*:*", "cpe:2.3:a:swi-prolog:swi-prolog:2.7.15:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.23:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gimp:2.2.9:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.10-1:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gimp:2.2.17:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gimp:2.4.6:*:*:*:*:*:*:*", "cpe:2.3:a:swi-prolog:swi-prolog:5.0.10:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gimp:2.2.7:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gimp:2.6.9:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.2.11:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.4:b2:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.2.9:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gimp:2.4.3:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.21:rc2:*:*:*:*:*:*", "cpe:2.3:a:gnu:gimp:2.2.14:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:swi-prolog:swi-prolog:5.8.0:*:*:*:*:*:*:*"]}], "openvas": [{"lastseen": "2017-07-24T12:55:20", "bulletinFamily": "scanner", "cvelist": ["CVE-2006-1168", "CVE-2011-2896", "CVE-2011-2895"], "description": "Check for the Version of libxfont", "modified": "2017-07-06T00:00:00", "published": "2011-10-21T00:00:00", "id": "OPENVAS:831473", "href": "http://plugins.openvas.org/nasl.php?oid=831473", "type": "openvas", "title": "Mandriva Update for libxfont MDVSA-2011:153 (libxfont)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for libxfont MDVSA-2011:153 (libxfont)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"A vulnerability has been discovered and corrected in libxfont:\n\n The LZW decompressor in (1) the BufCompressedFill function in\n fontfile/decompress.c in X.Org libXfont before 1.4.4 and (2)\n compress/compress.c in 4.3BSD, as used in zopen.c in OpenBSD before\n 3.8, FreeBSD, NetBSD, FreeType 2.1.9, and other products, does not\n properly handle code words that are absent from the decompression\n table when encountered, which allows context-dependent attackers\n to trigger an infinite loop or a heap-based buffer overflow, and\n possibly execute arbitrary code, via a crafted compressed stream,\n a related issue to CVE-2006-1168 and CVE-2011-2896 (CVE-2011-2895).\n \n The updated packages have been patched to correct this issue.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"libxfont on Mandriva Linux 2010.1,\n Mandriva Linux 2010.1/X86_64,\n Mandriva Enterprise Server 5,\n Mandriva Enterprise Server 5/X86_64\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.mandriva.com/security-announce/2011-10/msg00028.php\");\n script_id(831473);\n script_version(\"$Revision: 6570 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-06 15:06:35 +0200 (Thu, 06 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-10-21 16:31:29 +0200 (Fri, 21 Oct 2011)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"MDVSA\", value: \"2011:153\");\n script_cve_id(\"CVE-2006-1168\", \"CVE-2011-2896\", \"CVE-2011-2895\");\n script_name(\"Mandriva Update for libxfont MDVSA-2011:153 (libxfont)\");\n\n script_summary(\"Check for the Version of libxfont\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"MNDK_mes5\")\n{\n\n if ((res = isrpmvuln(pkg:\"libxfont1\", rpm:\"libxfont1~1.3.3~1.1mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libxfont1-devel\", rpm:\"libxfont1-devel~1.3.3~1.1mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libxfont1-static-devel\", rpm:\"libxfont1-static-devel~1.3.3~1.1mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libxfont\", rpm:\"libxfont~1.3.3~1.1mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64xfont1\", rpm:\"lib64xfont1~1.3.3~1.1mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64xfont1-devel\", rpm:\"lib64xfont1-devel~1.3.3~1.1mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64xfont1-static-devel\", rpm:\"lib64xfont1-static-devel~1.3.3~1.1mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_2010.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"libxfont1\", rpm:\"libxfont1~1.4.1~1.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libxfont1-devel\", rpm:\"libxfont1-devel~1.4.1~1.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libxfont1-static-devel\", rpm:\"libxfont1-static-devel~1.4.1~1.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libxfont\", rpm:\"libxfont~1.4.1~1.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64xfont1\", rpm:\"lib64xfont1~1.4.1~1.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64xfont1-devel\", rpm:\"lib64xfont1-devel~1.4.1~1.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64xfont1-static-devel\", rpm:\"lib64xfont1-static-devel~1.4.1~1.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:39:39", "bulletinFamily": "scanner", "cvelist": ["CVE-2006-1168", "CVE-2011-2896", "CVE-2011-2895"], "description": "The remote host is missing an update for the ", "modified": "2018-11-16T00:00:00", "published": "2011-11-08T00:00:00", "id": "OPENVAS:1361412562310831487", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310831487", "type": "openvas", "title": "Mandriva Update for gimp MDVSA-2011:167 (gimp)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for gimp MDVSA-2011:167 (gimp)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.mandriva.com/security-announce/2011-11/msg00005.php\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.831487\");\n script_version(\"$Revision: 12381 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-16 12:16:30 +0100 (Fri, 16 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2011-11-08 19:08:53 +0530 (Tue, 08 Nov 2011)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name:\"MDVSA\", value:\"2011:167\");\n script_cve_id(\"CVE-2006-1168\", \"CVE-2011-2895\", \"CVE-2011-2896\");\n script_name(\"Mandriva Update for gimp MDVSA-2011:167 (gimp)\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'gimp'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\", re:\"ssh/login/release=MNDK_(mes5|2010\\.1)\");\n script_tag(name:\"affected\", value:\"gimp on Mandriva Linux 2010.1,\n Mandriva Linux 2010.1/X86_64,\n Mandriva Enterprise Server 5,\n Mandriva Enterprise Server 5/X86_64\");\n script_tag(name:\"insight\", value:\"A vulnerability has been discovered and corrected in gimp:\n\n The LZW decompressor in the LWZReadByte function in giftoppm.c in\n the David Koblas GIF decoder in PBMPLUS, as used in the gif_read_lzw\n function in filter/image-gif.c in CUPS before 1.4.7, the LZWReadByte\n function in plug-ins/common/file-gif-load.c in GIMP 2.6.11 and earlier,\n the LZWReadByte function in img/gifread.c in XPCE in SWI-Prolog 5.10.4\n and earlier, and other products, does not properly handle code words\n that are absent from the decompression table when encountered, which\n allows remote attackers to trigger an infinite loop or a heap-based\n buffer overflow, and possibly execute arbitrary code, via a crafted\n compressed stream, a related issue to CVE-2006-1168 and CVE-2011-2895\n (CVE-2011-2896).\n\n The updated packages have been patched to correct these issues.\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"MNDK_mes5\")\n{\n\n if ((res = isrpmvuln(pkg:\"gimp\", rpm:\"gimp~2.4.7~1.4mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"gimp-python\", rpm:\"gimp-python~2.4.7~1.4mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libgimp2.0_0\", rpm:\"libgimp2.0_0~2.4.7~1.4mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libgimp2.0-devel\", rpm:\"libgimp2.0-devel~2.4.7~1.4mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64gimp2.0_0\", rpm:\"lib64gimp2.0_0~2.4.7~1.4mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64gimp2.0-devel\", rpm:\"lib64gimp2.0-devel~2.4.7~1.4mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"MNDK_2010.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"gimp\", rpm:\"gimp~2.6.8~3.2mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"gimp-python\", rpm:\"gimp-python~2.6.8~3.2mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libgimp2.0_0\", rpm:\"libgimp2.0_0~2.6.8~3.2mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libgimp2.0-devel\", rpm:\"libgimp2.0-devel~2.6.8~3.2mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64gimp2.0_0\", rpm:\"lib64gimp2.0_0~2.6.8~3.2mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64gimp2.0-devel\", rpm:\"lib64gimp2.0-devel~2.6.8~3.2mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2017-07-02T21:13:30", "bulletinFamily": "scanner", "cvelist": ["CVE-2006-1168", "CVE-2011-2896", "CVE-2011-2895"], "description": "The remote host is missing an update to the system\nas announced in the referenced advisory.", "modified": "2017-02-25T00:00:00", "published": "2011-09-21T00:00:00", "id": "OPENVAS:70266", "href": "http://plugins.openvas.org/nasl.php?oid=70266", "type": "openvas", "title": "FreeBSD Ports: libXfont", "sourceData": "#\n#VID 304409c3-c3ef-11e0-8aa5-485d60cb5385\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from VID 304409c3-c3ef-11e0-8aa5-485d60cb5385\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2011 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The following package is affected: libXfont\n\nCVE-2011-2895\nThe LZW decompressor in (1) the BufCompressedFill function in\nfontfile/decompress.c in X.Org libXfont before 1.4.4 and (2)\ncompress/compress.c in 4.3BSD, as used in zopen.c in OpenBSD before\n3.8, FreeBSD, NetBSD, FreeType 2.1.9, and other products, does not\nproperly handle code words that are absent from the decompression\ntable when encountered, which allows context-dependent attackers to\ntrigger an infinite loop or a heap-based buffer overflow, and possibly\nexecute arbitrary code, via a crafted compressed stream, a related\nissue to CVE-2006-1168 and CVE-2011-2896.\";\ntag_solution = \"Update your system with the appropriate patches or\nsoftware upgrades.\n\nhttps://bugzilla.redhat.com/show_bug.cgi?id=725760\nhttp://www.vuxml.org/freebsd/304409c3-c3ef-11e0-8aa5-485d60cb5385.html\";\ntag_summary = \"The remote host is missing an update to the system\nas announced in the referenced advisory.\";\n\n\n\nif(description)\n{\n script_id(70266);\n script_version(\"$Revision: 5424 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-02-25 17:52:36 +0100 (Sat, 25 Feb 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-09-21 05:47:11 +0200 (Wed, 21 Sep 2011)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_cve_id(\"CVE-2011-2895\");\n script_name(\"FreeBSD Ports: libXfont\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2011 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"FreeBSD Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/freebsdrel\", \"login/SSH/success\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-bsd.inc\");\n\ntxt = \"\";\nvuln = 0;\nbver = portver(pkg:\"libXfont\");\nif(!isnull(bver) && revcomp(a:bver, b:\"1.4.4,1\")<0) {\n txt += 'Package libXfont version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\n\nif(vuln) {\n security_message(data:string(txt));\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:39:38", "bulletinFamily": "scanner", "cvelist": ["CVE-2006-1168", "CVE-2011-2896", "CVE-2011-2895"], "description": "The remote host is missing an update for the ", "modified": "2018-11-16T00:00:00", "published": "2011-10-21T00:00:00", "id": "OPENVAS:1361412562310831473", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310831473", "type": "openvas", "title": "Mandriva Update for libxfont MDVSA-2011:153 (libxfont)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for libxfont MDVSA-2011:153 (libxfont)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.mandriva.com/security-announce/2011-10/msg00028.php\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.831473\");\n script_version(\"$Revision: 12381 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-16 12:16:30 +0100 (Fri, 16 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2011-10-21 16:31:29 +0200 (Fri, 21 Oct 2011)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name:\"MDVSA\", value:\"2011:153\");\n script_cve_id(\"CVE-2006-1168\", \"CVE-2011-2896\", \"CVE-2011-2895\");\n script_name(\"Mandriva Update for libxfont MDVSA-2011:153 (libxfont)\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'libxfont'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\", re:\"ssh/login/release=MNDK_(mes5|2010\\.1)\");\n script_tag(name:\"affected\", value:\"libxfont on Mandriva Linux 2010.1,\n Mandriva Linux 2010.1/X86_64,\n Mandriva Enterprise Server 5,\n Mandriva Enterprise Server 5/X86_64\");\n script_tag(name:\"insight\", value:\"A vulnerability has been discovered and corrected in libxfont:\n\n The LZW decompressor in (1) the BufCompressedFill function in\n fontfile/decompress.c in X.Org libXfont before 1.4.4 and (2)\n compress/compress.c in 4.3BSD, as used in zopen.c in OpenBSD before\n 3.8, FreeBSD, NetBSD, FreeType 2.1.9, and other products, does not\n properly handle code words that are absent from the decompression\n table when encountered, which allows context-dependent attackers\n to trigger an infinite loop or a heap-based buffer overflow, and\n possibly execute arbitrary code, via a crafted compressed stream,\n a related issue to CVE-2006-1168 and CVE-2011-2896 (CVE-2011-2895).\n\n The updated packages have been patched to correct this issue.\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"MNDK_mes5\")\n{\n\n if ((res = isrpmvuln(pkg:\"libxfont1\", rpm:\"libxfont1~1.3.3~1.1mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libxfont1-devel\", rpm:\"libxfont1-devel~1.3.3~1.1mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libxfont1-static-devel\", rpm:\"libxfont1-static-devel~1.3.3~1.1mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libxfont\", rpm:\"libxfont~1.3.3~1.1mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64xfont1\", rpm:\"lib64xfont1~1.3.3~1.1mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64xfont1-devel\", rpm:\"lib64xfont1-devel~1.3.3~1.1mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64xfont1-static-devel\", rpm:\"lib64xfont1-static-devel~1.3.3~1.1mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"MNDK_2010.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"libxfont1\", rpm:\"libxfont1~1.4.1~1.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libxfont1-devel\", rpm:\"libxfont1-devel~1.4.1~1.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libxfont1-static-devel\", rpm:\"libxfont1-static-devel~1.4.1~1.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libxfont\", rpm:\"libxfont~1.4.1~1.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64xfont1\", rpm:\"lib64xfont1~1.4.1~1.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64xfont1-devel\", rpm:\"lib64xfont1-devel~1.4.1~1.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64xfont1-static-devel\", rpm:\"lib64xfont1-static-devel~1.4.1~1.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:39:03", "bulletinFamily": "scanner", "cvelist": ["CVE-2006-1168", "CVE-2011-2896", "CVE-2011-2895"], "description": "The remote host is missing an update to the system\n as announced in the referenced advisory.", "modified": "2018-10-05T00:00:00", "published": "2012-02-12T00:00:00", "id": "OPENVAS:136141256231070743", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231070743", "type": "openvas", "title": "FreeBSD Ports: FreeBSD", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: freebsd_FreeBSD14.nasl 11762 2018-10-05 10:54:12Z cfischer $\n#\n# Auto generated from VID fee94342-4638-11e1-9f47-00e0815b8da8\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.70743\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_cve_id(\"CVE-2011-2895\");\n script_version(\"$Revision: 11762 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-05 12:54:12 +0200 (Fri, 05 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-02-12 07:27:20 -0500 (Sun, 12 Feb 2012)\");\n script_name(\"FreeBSD Ports: FreeBSD\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"FreeBSD Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/freebsd\", \"ssh/login/freebsdrel\");\n\n script_tag(name:\"insight\", value:\"The following package is affected: FreeBSD\n\nCVE-2011-2895\nThe LZW decompressor in (1) the BufCompressedFill function in\nfontfile/decompress.c in X.Org libXfont before 1.4.4 and (2)\ncompress/compress.c in 4.3BSD, as used in zopen.c in OpenBSD before\n3.8, FreeBSD, NetBSD 4.0.x and 5.0.x before 5.0.3 and 5.1.x before\n5.1.1, FreeType 2.1.9, and other products, does not properly handle\ncode words that are absent from the decompression table when\nencountered, which allows context-dependent attackers to trigger an\ninfinite loop or a heap-based buffer overflow, and possibly execute\narbitrary code, via a crafted compressed stream, a related issue to\nCVE-2006-1168 and CVE-2011-2896.\");\n\n script_tag(name:\"solution\", value:\"Update your system with the appropriate patches or\n software upgrades.\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update to the system\n as announced in the referenced advisory.\");\n\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-bsd.inc\");\n\nvuln = FALSE;\ntxt = \"\";\n\nbver = portver(pkg:\"FreeBSD\");\nif(!isnull(bver) && revcomp(a:bver, b:\"7.3\")>=0 && revcomp(a:bver, b:\"7.3_7\")<0) {\n txt += 'Package FreeBSD version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = TRUE;\n}\nif(!isnull(bver) && revcomp(a:bver, b:\"7.4\")>=0 && revcomp(a:bver, b:\"7.4_3\")<0) {\n txt += 'Package FreeBSD version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = TRUE;\n}\nif(!isnull(bver) && revcomp(a:bver, b:\"8.1\")>=0 && revcomp(a:bver, b:\"8.1_5\")<0) {\n txt += 'Package FreeBSD version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = TRUE;\n}\nif(!isnull(bver) && revcomp(a:bver, b:\"8.2\")>=0 && revcomp(a:bver, b:\"8.2_3\")<0) {\n txt += 'Package FreeBSD version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = TRUE;\n}\n\nif(vuln) {\n security_message(data:txt);\n} else if (__pkg_match) {\n exit(99);\n}", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2017-07-24T12:55:27", "bulletinFamily": "scanner", "cvelist": ["CVE-2006-1168", "CVE-2011-2896", "CVE-2011-2895"], "description": "Check for the Version of gimp", "modified": "2017-07-06T00:00:00", "published": "2011-11-08T00:00:00", "id": "OPENVAS:831487", "href": "http://plugins.openvas.org/nasl.php?oid=831487", "type": "openvas", "title": "Mandriva Update for gimp MDVSA-2011:167 (gimp)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for gimp MDVSA-2011:167 (gimp)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"A vulnerability has been discovered and corrected in gimp:\n\n The LZW decompressor in the LWZReadByte function in giftoppm.c in\n the David Koblas GIF decoder in PBMPLUS, as used in the gif_read_lzw\n function in filter/image-gif.c in CUPS before 1.4.7, the LZWReadByte\n function in plug-ins/common/file-gif-load.c in GIMP 2.6.11 and earlier,\n the LZWReadByte function in img/gifread.c in XPCE in SWI-Prolog 5.10.4\n and earlier, and other products, does not properly handle code words\n that are absent from the decompression table when encountered, which\n allows remote attackers to trigger an infinite loop or a heap-based\n buffer overflow, and possibly execute arbitrary code, via a crafted\n compressed stream, a related issue to CVE-2006-1168 and CVE-2011-2895\n (CVE-2011-2896).\n \n The updated packages have been patched to correct these issues.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"gimp on Mandriva Linux 2010.1,\n Mandriva Linux 2010.1/X86_64,\n Mandriva Enterprise Server 5,\n Mandriva Enterprise Server 5/X86_64\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.mandriva.com/security-announce/2011-11/msg00005.php\");\n script_id(831487);\n script_version(\"$Revision: 6570 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-06 15:06:35 +0200 (Thu, 06 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-11-08 19:08:53 +0530 (Tue, 08 Nov 2011)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"MDVSA\", value: \"2011:167\");\n script_cve_id(\"CVE-2006-1168\", \"CVE-2011-2895\", \"CVE-2011-2896\");\n script_name(\"Mandriva Update for gimp MDVSA-2011:167 (gimp)\");\n\n script_summary(\"Check for the Version of gimp\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"MNDK_mes5\")\n{\n\n if ((res = isrpmvuln(pkg:\"gimp\", rpm:\"gimp~2.4.7~1.4mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"gimp-python\", rpm:\"gimp-python~2.4.7~1.4mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libgimp2.0_0\", rpm:\"libgimp2.0_0~2.4.7~1.4mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libgimp2.0-devel\", rpm:\"libgimp2.0-devel~2.4.7~1.4mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64gimp2.0_0\", rpm:\"lib64gimp2.0_0~2.4.7~1.4mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64gimp2.0-devel\", rpm:\"lib64gimp2.0-devel~2.4.7~1.4mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_2010.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"gimp\", rpm:\"gimp~2.6.8~3.2mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"gimp-python\", rpm:\"gimp-python~2.6.8~3.2mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libgimp2.0_0\", rpm:\"libgimp2.0_0~2.6.8~3.2mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libgimp2.0-devel\", rpm:\"libgimp2.0-devel~2.6.8~3.2mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64gimp2.0_0\", rpm:\"lib64gimp2.0_0~2.6.8~3.2mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64gimp2.0-devel\", rpm:\"lib64gimp2.0-devel~2.6.8~3.2mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-02T21:10:35", "bulletinFamily": "scanner", "cvelist": ["CVE-2006-1168", "CVE-2011-2896", "CVE-2011-2895"], "description": "The remote host is missing an update to the system\nas announced in the referenced advisory.", "modified": "2017-04-14T00:00:00", "published": "2012-02-12T00:00:00", "id": "OPENVAS:70743", "href": "http://plugins.openvas.org/nasl.php?oid=70743", "type": "openvas", "title": "FreeBSD Ports: FreeBSD", "sourceData": "#\n#VID fee94342-4638-11e1-9f47-00e0815b8da8\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from VID fee94342-4638-11e1-9f47-00e0815b8da8\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The following package is affected: FreeBSD\n\nCVE-2011-2895\nThe LZW decompressor in (1) the BufCompressedFill function in\nfontfile/decompress.c in X.Org libXfont before 1.4.4 and (2)\ncompress/compress.c in 4.3BSD, as used in zopen.c in OpenBSD before\n3.8, FreeBSD, NetBSD 4.0.x and 5.0.x before 5.0.3 and 5.1.x before\n5.1.1, FreeType 2.1.9, and other products, does not properly handle\ncode words that are absent from the decompression table when\nencountered, which allows context-dependent attackers to trigger an\ninfinite loop or a heap-based buffer overflow, and possibly execute\narbitrary code, via a crafted compressed stream, a related issue to\nCVE-2006-1168 and CVE-2011-2896.\";\ntag_solution = \"Update your system with the appropriate patches or\nsoftware upgrades.\";\ntag_summary = \"The remote host is missing an update to the system\nas announced in the referenced advisory.\";\n\n\n\nif(description)\n{\n script_id(70743);\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_cve_id(\"CVE-2011-2895\");\n script_version(\"$Revision: 5956 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-04-14 11:02:12 +0200 (Fri, 14 Apr 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-02-12 07:27:20 -0500 (Sun, 12 Feb 2012)\");\n script_name(\"FreeBSD Ports: FreeBSD\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"FreeBSD Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/freebsdrel\", \"login/SSH/success\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-bsd.inc\");\n\ntxt = \"\";\nvuln = 0;\ntxt = \"\";\nbver = portver(pkg:\"FreeBSD\");\nif(!isnull(bver) && revcomp(a:bver, b:\"7.3\")>=0 && revcomp(a:bver, b:\"7.3_7\")<0) {\n txt += 'Package FreeBSD version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nif(!isnull(bver) && revcomp(a:bver, b:\"7.4\")>=0 && revcomp(a:bver, b:\"7.4_3\")<0) {\n txt += 'Package FreeBSD version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nif(!isnull(bver) && revcomp(a:bver, b:\"8.1\")>=0 && revcomp(a:bver, b:\"8.1_5\")<0) {\n txt += 'Package FreeBSD version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nif(!isnull(bver) && revcomp(a:bver, b:\"8.2\")>=0 && revcomp(a:bver, b:\"8.2_3\")<0) {\n txt += 'Package FreeBSD version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\n\nif(vuln) {\n security_message(data:string(txt));\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-24T12:55:41", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-3170", "CVE-2010-2432", "CVE-2006-1168", "CVE-2011-2896", "CVE-2011-2895"], "description": "Check for the Version of cups", "modified": "2017-07-06T00:00:00", "published": "2011-10-14T00:00:00", "id": "OPENVAS:831465", "href": "http://plugins.openvas.org/nasl.php?oid=831465", "type": "openvas", "title": "Mandriva Update for cups MDVSA-2011:146 (cups)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for cups MDVSA-2011:146 (cups)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Multiple vulnerabilities has been discovered and corrected in cups:\n\n The cupsDoAuthentication function in auth.c in the client in CUPS\n before 1.4.4, when HAVE_GSSAPI is omitted, does not properly handle a\n demand for authorization, which allows remote CUPS servers to cause\n a denial of service (infinite loop) via HTTP_UNAUTHORIZED responses\n (CVE-2010-2432).\n \n The LZW decompressor in the LWZReadByte function in giftoppm.c in\n the David Koblas GIF decoder in PBMPLUS, as used in the gif_read_lzw\n function in filter/image-gif.c in CUPS before 1.4.7, the LZWReadByte\n function in plug-ins/common/file-gif-load.c in GIMP 2.6.11 and earlier,\n the LZWReadByte function in img/gifread.c in XPCE in SWI-Prolog 5.10.4\n and earlier, and other products, does not properly handle code words\n that are absent from the decompression table when encountered, which\n allows remote attackers to trigger an infinite loop or a heap-based\n buffer overflow, and possibly execute arbitrary code, via a crafted\n compressed stream, a related issue to CVE-2006-1168 and CVE-2011-2895\n (CVE-2011-2896).\n \n The gif_read_lzw function in filter/image-gif.c in CUPS 1.4.8 and\n earlier does not properly handle the first code word in an LZW stream,\n which allows remote attackers to trigger a heap-based buffer overflow,\n and possibly execute arbitrary code, via a crafted stream, a different\n vulnerability than CVE-2011-2896 (CVE-2011-3170).\n \n Packages for 2009.0 are provided as of the Extended Maintenance\n Program. Please visit this link to learn more:\n http://store.mandriva.com/product_info.php?cPath=149&amp;products_id=490\n \n The updated packages have been patched to correct these issues.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"cups on Mandriva Linux 2009.0,\n Mandriva Linux 2009.0/X86_64,\n Mandriva Linux 2010.1,\n Mandriva Linux 2010.1/X86_64,\n Mandriva Enterprise Server 5,\n Mandriva Enterprise Server 5/X86_64\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.mandriva.com/security-announce/2011-10/msg00020.php\");\n script_id(831465);\n script_version(\"$Revision: 6570 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-06 15:06:35 +0200 (Thu, 06 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-10-14 14:22:41 +0200 (Fri, 14 Oct 2011)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"MDVSA\", value: \"2011:146\");\n script_cve_id(\"CVE-2010-2432\", \"CVE-2006-1168\", \"CVE-2011-2895\", \"CVE-2011-2896\", \"CVE-2011-3170\");\n script_name(\"Mandriva Update for cups MDVSA-2011:146 (cups)\");\n\n script_summary(\"Check for the Version of cups\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"MNDK_mes5\")\n{\n\n if ((res = isrpmvuln(pkg:\"cups\", rpm:\"cups~1.3.10~0.5mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"cups-common\", rpm:\"cups-common~1.3.10~0.5mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"cups-serial\", rpm:\"cups-serial~1.3.10~0.5mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libcups2\", rpm:\"libcups2~1.3.10~0.5mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libcups2-devel\", rpm:\"libcups2-devel~1.3.10~0.5mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-cups\", rpm:\"php-cups~1.3.10~0.5mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64cups2\", rpm:\"lib64cups2~1.3.10~0.5mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64cups2-devel\", rpm:\"lib64cups2-devel~1.3.10~0.5mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_2010.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"cups\", rpm:\"cups~1.4.3~3.2mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"cups-common\", rpm:\"cups-common~1.4.3~3.2mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"cups-serial\", rpm:\"cups-serial~1.4.3~3.2mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libcups2\", rpm:\"libcups2~1.4.3~3.2mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libcups2-devel\", rpm:\"libcups2-devel~1.4.3~3.2mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-cups\", rpm:\"php-cups~1.4.3~3.2mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64cups2\", rpm:\"lib64cups2~1.4.3~3.2mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64cups2-devel\", rpm:\"lib64cups2-devel~1.4.3~3.2mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_2009.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"cups\", rpm:\"cups~1.3.10~0.5mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"cups-common\", rpm:\"cups-common~1.3.10~0.5mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"cups-serial\", rpm:\"cups-serial~1.3.10~0.5mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libcups2\", rpm:\"libcups2~1.3.10~0.5mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libcups2-devel\", rpm:\"libcups2-devel~1.3.10~0.5mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-cups\", rpm:\"php-cups~1.3.10~0.5mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64cups2\", rpm:\"lib64cups2~1.3.10~0.5mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64cups2-devel\", rpm:\"lib64cups2-devel~1.3.10~0.5mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:39:39", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-3170", "CVE-2010-2432", "CVE-2006-1168", "CVE-2011-2896", "CVE-2011-2895"], "description": "The remote host is missing an update for the ", "modified": "2018-11-16T00:00:00", "published": "2011-10-14T00:00:00", "id": "OPENVAS:1361412562310831465", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310831465", "type": "openvas", "title": "Mandriva Update for cups MDVSA-2011:146 (cups)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for cups MDVSA-2011:146 (cups)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.mandriva.com/security-announce/2011-10/msg00020.php\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.831465\");\n script_version(\"$Revision: 12381 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-16 12:16:30 +0100 (Fri, 16 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2011-10-14 14:22:41 +0200 (Fri, 14 Oct 2011)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name:\"MDVSA\", value:\"2011:146\");\n script_cve_id(\"CVE-2010-2432\", \"CVE-2006-1168\", \"CVE-2011-2895\", \"CVE-2011-2896\", \"CVE-2011-3170\");\n script_name(\"Mandriva Update for cups MDVSA-2011:146 (cups)\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'cups'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\", re:\"ssh/login/release=MNDK_(mes5|2010\\.1|2009\\.0)\");\n script_tag(name:\"affected\", value:\"cups on Mandriva Linux 2009.0,\n Mandriva Linux 2009.0/X86_64,\n Mandriva Linux 2010.1,\n Mandriva Linux 2010.1/X86_64,\n Mandriva Enterprise Server 5,\n Mandriva Enterprise Server 5/X86_64\");\n script_tag(name:\"insight\", value:\"Multiple vulnerabilities has been discovered and corrected in cups:\n\n The cupsDoAuthentication function in auth.c in the client in CUPS\n before 1.4.4, when HAVE_GSSAPI is omitted, does not properly handle a\n demand for authorization, which allows remote CUPS servers to cause\n a denial of service (infinite loop) via HTTP_UNAUTHORIZED responses\n (CVE-2010-2432).\n\n The LZW decompressor in the LWZReadByte function in giftoppm.c in\n the David Koblas GIF decoder in PBMPLUS, as used in the gif_read_lzw\n function in filter/image-gif.c in CUPS before 1.4.7, the LZWReadByte\n function in plug-ins/common/file-gif-load.c in GIMP 2.6.11 and earlier,\n the LZWReadByte function in img/gifread.c in XPCE in SWI-Prolog 5.10.4\n and earlier, and other products, does not properly handle code words\n that are absent from the decompression table when encountered, which\n allows remote attackers to trigger an infinite loop or a heap-based\n buffer overflow, and possibly execute arbitrary code, via a crafted\n compressed stream, a related issue to CVE-2006-1168 and CVE-2011-2895\n (CVE-2011-2896).\n\n The gif_read_lzw function in filter/image-gif.c in CUPS 1.4.8 and\n earlier does not properly handle the first code word in an LZW stream,\n which allows remote attackers to trigger a heap-based buffer overflow,\n and possibly execute arbitrary code, via a crafted stream, a different\n vulnerability than CVE-2011-2896 (CVE-2011-3170).\n\n Packages for 2009.0 are provided as of the Extended Maintenance\n Program. The updated packages have been patched to correct these issues.\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"http://store.mandriva.com/product_info.php?cPath=149&amp;products_id=490\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"MNDK_mes5\")\n{\n\n if ((res = isrpmvuln(pkg:\"cups\", rpm:\"cups~1.3.10~0.5mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"cups-common\", rpm:\"cups-common~1.3.10~0.5mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"cups-serial\", rpm:\"cups-serial~1.3.10~0.5mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libcups2\", rpm:\"libcups2~1.3.10~0.5mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libcups2-devel\", rpm:\"libcups2-devel~1.3.10~0.5mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-cups\", rpm:\"php-cups~1.3.10~0.5mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64cups2\", rpm:\"lib64cups2~1.3.10~0.5mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64cups2-devel\", rpm:\"lib64cups2-devel~1.3.10~0.5mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"MNDK_2010.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"cups\", rpm:\"cups~1.4.3~3.2mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"cups-common\", rpm:\"cups-common~1.4.3~3.2mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"cups-serial\", rpm:\"cups-serial~1.4.3~3.2mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libcups2\", rpm:\"libcups2~1.4.3~3.2mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libcups2-devel\", rpm:\"libcups2-devel~1.4.3~3.2mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-cups\", rpm:\"php-cups~1.4.3~3.2mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64cups2\", rpm:\"lib64cups2~1.4.3~3.2mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64cups2-devel\", rpm:\"lib64cups2-devel~1.4.3~3.2mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"MNDK_2009.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"cups\", rpm:\"cups~1.3.10~0.5mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"cups-common\", rpm:\"cups-common~1.3.10~0.5mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"cups-serial\", rpm:\"cups-serial~1.3.10~0.5mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libcups2\", rpm:\"libcups2~1.3.10~0.5mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libcups2-devel\", rpm:\"libcups2-devel~1.3.10~0.5mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"php-cups\", rpm:\"php-cups~1.3.10~0.5mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64cups2\", rpm:\"lib64cups2~1.3.10~0.5mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64cups2-devel\", rpm:\"lib64cups2-devel~1.3.10~0.5mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-01-27T18:36:38", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-13720", "CVE-2017-13722", "CVE-2017-16611", "CVE-2006-1168", "CVE-2011-2896", "CVE-2011-2895"], "description": "The remote host is missing an update for the Huawei EulerOS\n ", "modified": "2020-01-23T00:00:00", "published": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220192357", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220192357", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for libXfont (EulerOS-SA-2019-2357)", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2019.2357\");\n script_version(\"2020-01-23T12:51:11+0000\");\n script_cve_id(\"CVE-2011-2895\", \"CVE-2017-13720\", \"CVE-2017-13722\", \"CVE-2017-16611\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 12:51:11 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 12:51:11 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for libXfont (EulerOS-SA-2019-2357)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP2\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2019-2357\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-2357\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'libXfont' package(s) announced via the EulerOS-SA-2019-2357 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The LZW decompressor in (1) the BufCompressedFill function in fontfile/decompress.c in X.Org libXfont before 1.4.4 and (2) compress/compress.c in 4.3BSD, as used in zopen.c in OpenBSD before 3.8, FreeBSD, NetBSD 4.0.x and 5.0.x before 5.0.3 and 5.1.x before 5.1.1, FreeType 2.1.9, and other products, does not properly handle code words that are absent from the decompression table when encountered, which allows context-dependent attackers to trigger an infinite loop or a heap-based buffer overflow, and possibly execute arbitrary code, via a crafted compressed stream, a related issue to CVE-2006-1168 and CVE-2011-2896.(CVE-2011-2895)\n\nIn the pcfGetProperties function in bitmap/pcfread.c in libXfont through 1.5.2 and 2.x before 2.0.2, a missing boundary check (for PCF files) could be used by local attackers authenticated to an Xserver for a buffer over-read, for information disclosure or a crash of the X server.(CVE-2017-13722)\n\nIn the PatternMatch function in fontfile/fontdir.c in libXfont through 1.5.2 and 2.x before 2.0.2, an attacker with access to an X connection can cause a buffer over-read during pattern matching of fonts, leading to information disclosure or a crash (denial of service). This occurs because '\\0' characters are incorrectly skipped in situations involving ? characters.(CVE-2017-13720)\n\nIn libXfont before 1.5.4 and libXfont2 before 2.0.3, a local attacker can open (but not read) files on the system as root, triggering tape rewinds, watchdogs, or similar mechanisms that can be triggered by opening files.(CVE-2017-16611)\");\n\n script_tag(name:\"affected\", value:\"'libXfont' package(s) on Huawei EulerOS V2.0SP2.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP2\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"libXfont\", rpm:\"libXfont~1.5.1~2.h2\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "nessus": [{"lastseen": "2021-01-07T11:53:28", "description": "A vulnerability has been discovered and corrected in libxfont :\n\nThe LZW decompressor in (1) the BufCompressedFill function in\nfontfile/decompress.c in X.Org libXfont before 1.4.4 and (2)\ncompress/compress.c in 4.3BSD, as used in zopen.c in OpenBSD before\n3.8, FreeBSD, NetBSD, FreeType 2.1.9, and other products, does not\nproperly handle code words that are absent from the decompression\ntable when encountered, which allows context-dependent attackers to\ntrigger an infinite loop or a heap-based buffer overflow, and possibly\nexecute arbitrary code, via a crafted compressed stream, a related\nissue to CVE-2006-1168 and CVE-2011-2896 (CVE-2011-2895).\n\nThe updated packages have been patched to correct this issue.", "edition": 24, "published": "2011-10-18T00:00:00", "title": "Mandriva Linux Security Advisory : libxfont (MDVSA-2011:153)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2006-1168", "CVE-2011-2896", "CVE-2011-2895"], "modified": "2011-10-18T00:00:00", "cpe": ["cpe:/o:mandriva:linux:2011", "p-cpe:/a:mandriva:linux:lib64xfont1-devel", "cpe:/o:mandriva:linux:2010.1", "p-cpe:/a:mandriva:linux:libxfont1", "p-cpe:/a:mandriva:linux:libxfont1-static-devel", "p-cpe:/a:mandriva:linux:lib64xfont1", "p-cpe:/a:mandriva:linux:libxfont1-devel", "p-cpe:/a:mandriva:linux:lib64xfont1-static-devel"], "id": "MANDRIVA_MDVSA-2011-153.NASL", "href": "https://www.tenable.com/plugins/nessus/56531", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2011:153. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(56531);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2011-2895\");\n script_bugtraq_id(49124);\n script_xref(name:\"MDVSA\", value:\"2011:153\");\n\n script_name(english:\"Mandriva Linux Security Advisory : libxfont (MDVSA-2011:153)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A vulnerability has been discovered and corrected in libxfont :\n\nThe LZW decompressor in (1) the BufCompressedFill function in\nfontfile/decompress.c in X.Org libXfont before 1.4.4 and (2)\ncompress/compress.c in 4.3BSD, as used in zopen.c in OpenBSD before\n3.8, FreeBSD, NetBSD, FreeType 2.1.9, and other products, does not\nproperly handle code words that are absent from the decompression\ntable when encountered, which allows context-dependent attackers to\ntrigger an infinite loop or a heap-based buffer overflow, and possibly\nexecute arbitrary code, via a crafted compressed stream, a related\nissue to CVE-2006-1168 and CVE-2011-2896 (CVE-2011-2895).\n\nThe updated packages have been patched to correct this issue.\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64xfont1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64xfont1-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64xfont1-static-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libxfont1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libxfont1-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libxfont1-static-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2010.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2011\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/10/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/10/18\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"x86_64\", reference:\"lib64xfont1-1.4.1-1.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"x86_64\", reference:\"lib64xfont1-devel-1.4.1-1.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"x86_64\", reference:\"lib64xfont1-static-devel-1.4.1-1.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"i386\", reference:\"libxfont1-1.4.1-1.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"i386\", reference:\"libxfont1-devel-1.4.1-1.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"i386\", reference:\"libxfont1-static-devel-1.4.1-1.1mdv2010.2\", yank:\"mdv\")) flag++;\n\nif (rpm_check(release:\"MDK2011\", cpu:\"x86_64\", reference:\"lib64xfont1-1.4.3-2.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", cpu:\"x86_64\", reference:\"lib64xfont1-devel-1.4.3-2.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", cpu:\"x86_64\", reference:\"lib64xfont1-static-devel-1.4.3-2.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", cpu:\"i386\", reference:\"libxfont1-1.4.3-2.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", cpu:\"i386\", reference:\"libxfont1-devel-1.4.3-2.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", cpu:\"i386\", reference:\"libxfont1-static-devel-1.4.3-2.1-mdv2011.0\", yank:\"mdv\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-07T11:53:29", "description": "A vulnerability has been discovered and corrected in gimp :\n\nThe LZW decompressor in the LWZReadByte function in giftoppm.c in the\nDavid Koblas GIF decoder in PBMPLUS, as used in the gif_read_lzw\nfunction in filter/image-gif.c in CUPS before 1.4.7, the LZWReadByte\nfunction in plug-ins/common/file-gif-load.c in GIMP 2.6.11 and\nearlier, the LZWReadByte function in img/gifread.c in XPCE in\nSWI-Prolog 5.10.4 and earlier, and other products, does not properly\nhandle code words that are absent from the decompression table when\nencountered, which allows remote attackers to trigger an infinite loop\nor a heap-based buffer overflow, and possibly execute arbitrary code,\nvia a crafted compressed stream, a related issue to CVE-2006-1168 and\nCVE-2011-2895 (CVE-2011-2896).\n\nThe updated packages have been patched to correct these issues.", "edition": 24, "published": "2011-11-07T00:00:00", "title": "Mandriva Linux Security Advisory : gimp (MDVSA-2011:167)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2006-1168", "CVE-2011-2896", "CVE-2011-2895"], "modified": "2011-11-07T00:00:00", "cpe": ["cpe:/o:mandriva:linux:2011", "p-cpe:/a:mandriva:linux:gimp-python", "p-cpe:/a:mandriva:linux:lib64gimp2.0_0", "p-cpe:/a:mandriva:linux:gimp", "cpe:/o:mandriva:linux:2010.1", "p-cpe:/a:mandriva:linux:libgimp2.0-devel", "p-cpe:/a:mandriva:linux:libgimp2.0_0", "p-cpe:/a:mandriva:linux:lib64gimp2.0-devel"], "id": "MANDRIVA_MDVSA-2011-167.NASL", "href": "https://www.tenable.com/plugins/nessus/56726", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2011:167. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(56726);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2011-2896\");\n script_bugtraq_id(49148);\n script_xref(name:\"MDVSA\", value:\"2011:167\");\n\n script_name(english:\"Mandriva Linux Security Advisory : gimp (MDVSA-2011:167)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A vulnerability has been discovered and corrected in gimp :\n\nThe LZW decompressor in the LWZReadByte function in giftoppm.c in the\nDavid Koblas GIF decoder in PBMPLUS, as used in the gif_read_lzw\nfunction in filter/image-gif.c in CUPS before 1.4.7, the LZWReadByte\nfunction in plug-ins/common/file-gif-load.c in GIMP 2.6.11 and\nearlier, the LZWReadByte function in img/gifread.c in XPCE in\nSWI-Prolog 5.10.4 and earlier, and other products, does not properly\nhandle code words that are absent from the decompression table when\nencountered, which allows remote attackers to trigger an infinite loop\nor a heap-based buffer overflow, and possibly execute arbitrary code,\nvia a crafted compressed stream, a related issue to CVE-2006-1168 and\nCVE-2011-2895 (CVE-2011-2896).\n\nThe updated packages have been patched to correct these issues.\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:gimp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:gimp-python\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64gimp2.0-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64gimp2.0_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libgimp2.0-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libgimp2.0_0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2010.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2011\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/11/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/11/07\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK2010.1\", reference:\"gimp-2.6.8-3.2mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"gimp-python-2.6.8-3.2mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"x86_64\", reference:\"lib64gimp2.0-devel-2.6.8-3.2mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"x86_64\", reference:\"lib64gimp2.0_0-2.6.8-3.2mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"i386\", reference:\"libgimp2.0-devel-2.6.8-3.2mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"i386\", reference:\"libgimp2.0_0-2.6.8-3.2mdv2010.2\", yank:\"mdv\")) flag++;\n\nif (rpm_check(release:\"MDK2011\", reference:\"gimp-2.6.11-7.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"gimp-python-2.6.11-7.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", cpu:\"x86_64\", reference:\"lib64gimp2.0-devel-2.6.11-7.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", cpu:\"x86_64\", reference:\"lib64gimp2.0_0-2.6.11-7.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", cpu:\"i386\", reference:\"libgimp2.0-devel-2.6.11-7.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", cpu:\"i386\", reference:\"libgimp2.0_0-2.6.11-7.1-mdv2011.0\", yank:\"mdv\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.1, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-07T11:53:26", "description": "Multiple vulnerabilities has been discovered and corrected in cups :\n\nThe cupsDoAuthentication function in auth.c in the client in CUPS\nbefore 1.4.4, when HAVE_GSSAPI is omitted, does not properly handle a\ndemand for authorization, which allows remote CUPS servers to cause a\ndenial of service (infinite loop) via HTTP_UNAUTHORIZED responses\n(CVE-2010-2432).\n\nThe LZW decompressor in the LWZReadByte function in giftoppm.c in the\nDavid Koblas GIF decoder in PBMPLUS, as used in the gif_read_lzw\nfunction in filter/image-gif.c in CUPS before 1.4.7, the LZWReadByte\nfunction in plug-ins/common/file-gif-load.c in GIMP 2.6.11 and\nearlier, the LZWReadByte function in img/gifread.c in XPCE in\nSWI-Prolog 5.10.4 and earlier, and other products, does not properly\nhandle code words that are absent from the decompression table when\nencountered, which allows remote attackers to trigger an infinite loop\nor a heap-based buffer overflow, and possibly execute arbitrary code,\nvia a crafted compressed stream, a related issue to CVE-2006-1168 and\nCVE-2011-2895 (CVE-2011-2896).\n\nThe gif_read_lzw function in filter/image-gif.c in CUPS 1.4.8 and\nearlier does not properly handle the first code word in an LZW stream,\nwhich allows remote attackers to trigger a heap-based buffer overflow,\nand possibly execute arbitrary code, via a crafted stream, a different\nvulnerability than CVE-2011-2896 (CVE-2011-3170).\n\nPackages for 2009.0 are provided as of the Extended Maintenance\nProgram. Please visit this link to learn more:\nhttp://store.mandriva.com/product_info.php?cPath=149 products_id=490\n\nThe updated packages have been patched to correct these issues.", "edition": 24, "published": "2011-10-11T00:00:00", "title": "Mandriva Linux Security Advisory : cups (MDVSA-2011:146)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-3170", "CVE-2010-2432", "CVE-2006-1168", "CVE-2011-2896", "CVE-2011-2895"], "modified": "2011-10-11T00:00:00", "cpe": ["p-cpe:/a:mandriva:linux:lib64cups2", "p-cpe:/a:mandriva:linux:php-cups", "cpe:/o:mandriva:linux:2009.0", "p-cpe:/a:mandriva:linux:cups-serial", "cpe:/o:mandriva:linux:2010.1", "p-cpe:/a:mandriva:linux:libcups2", "p-cpe:/a:mandriva:linux:lib64cups2-devel", "p-cpe:/a:mandriva:linux:cups", "p-cpe:/a:mandriva:linux:libcups2-devel", "p-cpe:/a:mandriva:linux:cups-common"], "id": "MANDRIVA_MDVSA-2011-146.NASL", "href": "https://www.tenable.com/plugins/nessus/56447", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2011:146. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(56447);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2010-2432\", \"CVE-2011-2896\", \"CVE-2011-3170\");\n script_bugtraq_id(41126, 49148, 49323);\n script_xref(name:\"MDVSA\", value:\"2011:146\");\n\n script_name(english:\"Mandriva Linux Security Advisory : cups (MDVSA-2011:146)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple vulnerabilities has been discovered and corrected in cups :\n\nThe cupsDoAuthentication function in auth.c in the client in CUPS\nbefore 1.4.4, when HAVE_GSSAPI is omitted, does not properly handle a\ndemand for authorization, which allows remote CUPS servers to cause a\ndenial of service (infinite loop) via HTTP_UNAUTHORIZED responses\n(CVE-2010-2432).\n\nThe LZW decompressor in the LWZReadByte function in giftoppm.c in the\nDavid Koblas GIF decoder in PBMPLUS, as used in the gif_read_lzw\nfunction in filter/image-gif.c in CUPS before 1.4.7, the LZWReadByte\nfunction in plug-ins/common/file-gif-load.c in GIMP 2.6.11 and\nearlier, the LZWReadByte function in img/gifread.c in XPCE in\nSWI-Prolog 5.10.4 and earlier, and other products, does not properly\nhandle code words that are absent from the decompression table when\nencountered, which allows remote attackers to trigger an infinite loop\nor a heap-based buffer overflow, and possibly execute arbitrary code,\nvia a crafted compressed stream, a related issue to CVE-2006-1168 and\nCVE-2011-2895 (CVE-2011-2896).\n\nThe gif_read_lzw function in filter/image-gif.c in CUPS 1.4.8 and\nearlier does not properly handle the first code word in an LZW stream,\nwhich allows remote attackers to trigger a heap-based buffer overflow,\nand possibly execute arbitrary code, via a crafted stream, a different\nvulnerability than CVE-2011-2896 (CVE-2011-3170).\n\nPackages for 2009.0 are provided as of the Extended Maintenance\nProgram. Please visit this link to learn more:\nhttp://store.mandriva.com/product_info.php?cPath=149 products_id=490\n\nThe updated packages have been patched to correct these issues.\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:cups\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:cups-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:cups-serial\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64cups2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64cups2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libcups2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libcups2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-cups\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2009.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2010.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/10/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/10/11\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK2009.0\", reference:\"cups-1.3.10-0.5mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"cups-common-1.3.10-0.5mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"cups-serial-1.3.10-0.5mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"x86_64\", reference:\"lib64cups2-1.3.10-0.5mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"x86_64\", reference:\"lib64cups2-devel-1.3.10-0.5mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"i386\", reference:\"libcups2-1.3.10-0.5mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"i386\", reference:\"libcups2-devel-1.3.10-0.5mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"php-cups-1.3.10-0.5mdv2009.0\", yank:\"mdv\")) flag++;\n\nif (rpm_check(release:\"MDK2010.1\", reference:\"cups-1.4.3-3.2mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"cups-common-1.4.3-3.2mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"cups-serial-1.4.3-3.2mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"x86_64\", reference:\"lib64cups2-1.4.3-3.2mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"x86_64\", reference:\"lib64cups2-devel-1.4.3-3.2mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"i386\", reference:\"libcups2-1.4.3-3.2mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"i386\", reference:\"libcups2-devel-1.4.3-3.2mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"php-cups-1.4.3-3.2mdv2010.2\", yank:\"mdv\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.1, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-07T09:00:37", "description": "According to the versions of the libXfont package installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - The LZW decompressor in (1) the BufCompressedFill\n function in fontfile/decompress.c in X.Org libXfont\n before 1.4.4 and (2) compress/compress.c in 4.3BSD, as\n used in zopen.c in OpenBSD before 3.8, FreeBSD, NetBSD\n 4.0.x and 5.0.x before 5.0.3 and 5.1.x before 5.1.1,\n FreeType 2.1.9, and other products, does not properly\n handle code words that are absent from the\n decompression table when encountered, which allows\n context-dependent attackers to trigger an infinite loop\n or a heap-based buffer overflow, and possibly execute\n arbitrary code, via a crafted compressed stream, a\n related issue to CVE-2006-1168 and\n CVE-2011-2896.(CVE-2011-2895)\n\n - In the pcfGetProperties function in bitmap/pcfread.c in\n libXfont through 1.5.2 and 2.x before 2.0.2, a missing\n boundary check (for PCF files) could be used by local\n attackers authenticated to an Xserver for a buffer\n over-read, for information disclosure or a crash of the\n X server.(CVE-2017-13722)\n\n - In the PatternMatch function in fontfile/fontdir.c in\n libXfont through 1.5.2 and 2.x before 2.0.2, an\n attacker with access to an X connection can cause a\n buffer over-read during pattern matching of fonts,\n leading to information disclosure or a crash (denial of\n service). This occurs because '\\0' characters are\n incorrectly skipped in situations involving ?\n characters.(CVE-2017-13720)\n\n - In libXfont before 1.5.4 and libXfont2 before 2.0.3, a\n local attacker can open (but not read) files on the\n system as root, triggering tape rewinds, watchdogs, or\n similar mechanisms that can be triggered by opening\n files.(CVE-2017-16611)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 12, "cvss3": {"score": 7.1, "vector": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H"}, "published": "2019-12-10T00:00:00", "title": "EulerOS 2.0 SP2 : libXfont (EulerOS-SA-2019-2357)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-13720", "CVE-2017-13722", "CVE-2017-16611", "CVE-2006-1168", "CVE-2011-2896", "CVE-2011-2895"], "modified": "2019-12-10T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:libXfont", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2019-2357.NASL", "href": "https://www.tenable.com/plugins/nessus/131849", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(131849);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2011-2895\",\n \"CVE-2017-13720\",\n \"CVE-2017-13722\",\n \"CVE-2017-16611\"\n );\n script_bugtraq_id(\n 49124\n );\n\n script_name(english:\"EulerOS 2.0 SP2 : libXfont (EulerOS-SA-2019-2357)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the libXfont package installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - The LZW decompressor in (1) the BufCompressedFill\n function in fontfile/decompress.c in X.Org libXfont\n before 1.4.4 and (2) compress/compress.c in 4.3BSD, as\n used in zopen.c in OpenBSD before 3.8, FreeBSD, NetBSD\n 4.0.x and 5.0.x before 5.0.3 and 5.1.x before 5.1.1,\n FreeType 2.1.9, and other products, does not properly\n handle code words that are absent from the\n decompression table when encountered, which allows\n context-dependent attackers to trigger an infinite loop\n or a heap-based buffer overflow, and possibly execute\n arbitrary code, via a crafted compressed stream, a\n related issue to CVE-2006-1168 and\n CVE-2011-2896.(CVE-2011-2895)\n\n - In the pcfGetProperties function in bitmap/pcfread.c in\n libXfont through 1.5.2 and 2.x before 2.0.2, a missing\n boundary check (for PCF files) could be used by local\n attackers authenticated to an Xserver for a buffer\n over-read, for information disclosure or a crash of the\n X server.(CVE-2017-13722)\n\n - In the PatternMatch function in fontfile/fontdir.c in\n libXfont through 1.5.2 and 2.x before 2.0.2, an\n attacker with access to an X connection can cause a\n buffer over-read during pattern matching of fonts,\n leading to information disclosure or a crash (denial of\n service). This occurs because '\\0' characters are\n incorrectly skipped in situations involving ?\n characters.(CVE-2017-13720)\n\n - In libXfont before 1.5.4 and libXfont2 before 2.0.3, a\n local attacker can open (but not read) files on the\n system as root, triggering tape rewinds, watchdogs, or\n similar mechanisms that can be triggered by opening\n files.(CVE-2017-16611)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-2357\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?4bd72a1c\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected libXfont packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/12/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/12/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libXfont\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(2)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP2\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP2\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"libXfont-1.5.1-2.h2\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"2\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libXfont\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-06T09:25:02", "description": "Updated ncompress packages that address a security issue and fix bugs\nare now available.\n\nThis update has been rated as having low security impact by the Red\nHat Security Response Team.\n\nThe ncompress package contains file compression and decompression\nutilities, which are compatible with the original UNIX compress\nutility (.Z file extensions).\n\nTavis Ormandy of the Google Security Team discovered a lack of bounds\nchecking in ncompress. An attacker could create a carefully crafted\nfile that could execute arbitrary code if uncompressed by a victim.\n(CVE-2006-1168)\n\nIn addition, two bugs that affected Red Hat Enterprise Linux 4\nncompress packages were fixed :\n\n* The display statistics and compression results in verbose mode were\nnot shown when operating on zero length files.\n\n* An attempt to compress zero length files resulted in an unexpected\nreturn code.\n\nUsers of ncompress are advised to upgrade to these updated packages,\nwhich contain backported patches to correct these issues.", "edition": 26, "published": "2006-09-14T00:00:00", "title": "CentOS 3 / 4 : ncompress (CESA-2006:0663)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2006-1168"], "modified": "2006-09-14T00:00:00", "cpe": ["cpe:/o:centos:centos:4", "p-cpe:/a:centos:centos:ncompress", "cpe:/o:centos:centos:3"], "id": "CENTOS_RHSA-2006-0663.NASL", "href": "https://www.tenable.com/plugins/nessus/22338", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2006:0663 and \n# CentOS Errata and Security Advisory 2006:0663 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(22338);\n script_version(\"1.17\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2006-1168\");\n script_bugtraq_id(19455);\n script_xref(name:\"RHSA\", value:\"2006:0663\");\n\n script_name(english:\"CentOS 3 / 4 : ncompress (CESA-2006:0663)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated ncompress packages that address a security issue and fix bugs\nare now available.\n\nThis update has been rated as having low security impact by the Red\nHat Security Response Team.\n\nThe ncompress package contains file compression and decompression\nutilities, which are compatible with the original UNIX compress\nutility (.Z file extensions).\n\nTavis Ormandy of the Google Security Team discovered a lack of bounds\nchecking in ncompress. An attacker could create a carefully crafted\nfile that could execute arbitrary code if uncompressed by a victim.\n(CVE-2006-1168)\n\nIn addition, two bugs that affected Red Hat Enterprise Linux 4\nncompress packages were fixed :\n\n* The display statistics and compression results in verbose mode were\nnot shown when operating on zero length files.\n\n* An attempt to compress zero length files resulted in an unexpected\nreturn code.\n\nUsers of ncompress are advised to upgrade to these updated packages,\nwhich contain backported patches to correct these issues.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2006-September/013219.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?4f388176\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2006-September/013222.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?22f99345\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2006-September/013234.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?42303fca\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2006-September/013235.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?917ce9cf\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2006-September/013248.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?e5d41eb6\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2006-September/013249.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?a543b4b1\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected ncompress package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:ncompress\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:4\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2006/08/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2006/09/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2006/09/14\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2006-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(3|4)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 3.x / 4.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-3\", reference:\"ncompress-4.2.4-39.rhel3\")) flag++;\n\nif (rpm_check(release:\"CentOS-4\", reference:\"ncompress-4.2.4-43.rhel4\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ncompress\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-06T09:44:40", "description": "Tavis Ormandy from the Google Security Team discovered a missing\nboundary check in ncompress, the original Lempel-Ziv compress and\nuncompress programs, which allows a specially crafted datastream to\nunderflow a buffer with attacker controlled data.", "edition": 25, "published": "2006-10-14T00:00:00", "title": "Debian DSA-1149-1 : ncompress - buffer underflow", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2006-1168"], "modified": "2006-10-14T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:ncompress", "cpe:/o:debian:debian_linux:3.1"], "id": "DEBIAN_DSA-1149.NASL", "href": "https://www.tenable.com/plugins/nessus/22691", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-1149. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(22691);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2006-1168\");\n script_xref(name:\"DSA\", value:\"1149\");\n\n script_name(english:\"Debian DSA-1149-1 : ncompress - buffer underflow\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Tavis Ormandy from the Google Security Team discovered a missing\nboundary check in ncompress, the original Lempel-Ziv compress and\nuncompress programs, which allows a specially crafted datastream to\nunderflow a buffer with attacker controlled data.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.debian.org/security/2006/dsa-1149\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the ncompress package.\n\nFor the stable distribution (sarge) this problem has been fixed in\nversion 4.2.4-15sarge2.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:ncompress\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:3.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2006/08/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2006/10/14\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2006/08/10\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2006-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"3.1\", prefix:\"ncompress\", reference:\"4.2.4-15sarge2\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-07T10:52:08", "description": "The remote host is affected by the vulnerability described in GLSA-200610-03\n(ncompress: Buffer Underflow)\n\n Tavis Ormandy of the Google Security Team discovered a static buffer\n underflow in ncompress.\n \nImpact :\n\n An attacker could create a specially crafted LZW archive, that when\n decompressed by a user or automated system would result in the\n execution of arbitrary code with the permissions of the user invoking\n the utility.\n \nWorkaround :\n\n There is no known workaround at this time.", "edition": 24, "published": "2006-10-10T00:00:00", "title": "GLSA-200610-03 : ncompress: Buffer Underflow", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2006-1168"], "modified": "2006-10-10T00:00:00", "cpe": ["p-cpe:/a:gentoo:linux:ncompress", "cpe:/o:gentoo:linux"], "id": "GENTOO_GLSA-200610-03.NASL", "href": "https://www.tenable.com/plugins/nessus/22522", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 200610-03.\n#\n# The advisory text is Copyright (C) 2001-2015 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(22522);\n script_version(\"1.17\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2006-1168\");\n script_bugtraq_id(19455);\n script_xref(name:\"GLSA\", value:\"200610-03\");\n\n script_name(english:\"GLSA-200610-03 : ncompress: Buffer Underflow\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-200610-03\n(ncompress: Buffer Underflow)\n\n Tavis Ormandy of the Google Security Team discovered a static buffer\n underflow in ncompress.\n \nImpact :\n\n An attacker could create a specially crafted LZW archive, that when\n decompressed by a user or automated system would result in the\n execution of arbitrary code with the permissions of the user invoking\n the utility.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/200610-03\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All ncompress users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=app-arch/ncompress-4.2.4.1'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:ncompress\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2006/10/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2006/10/10\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2006/08/10\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2006-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"app-arch/ncompress\", unaffected:make_list(\"ge 4.2.4.1\"), vulnerable:make_list(\"lt 4.2.4.1\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ncompress\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-07T11:51:35", "description": "Tavis Ormandy, of the Google Security Team, discovered that ncompress,\nwhen uncompressing data, performed no bounds checking, which could\nallow a specially crafted datastream to underflow a .bss buffer with\nattacker controlled data.\n\nUpdated packages have been patched to correct this issue.", "edition": 24, "published": "2006-12-16T00:00:00", "title": "Mandrake Linux Security Advisory : ncompress (MDKSA-2006:140)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2006-1168"], "modified": "2006-12-16T00:00:00", "cpe": ["p-cpe:/a:mandriva:linux:ncompress", "cpe:/o:mandriva:linux:2006"], "id": "MANDRAKE_MDKSA-2006-140.NASL", "href": "https://www.tenable.com/plugins/nessus/23889", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandrake Linux Security Advisory MDKSA-2006:140. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(23889);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2006-1168\");\n script_xref(name:\"MDKSA\", value:\"2006:140\");\n\n script_name(english:\"Mandrake Linux Security Advisory : ncompress (MDKSA-2006:140)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Mandrake Linux host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Tavis Ormandy, of the Google Security Team, discovered that ncompress,\nwhen uncompressing data, performed no bounds checking, which could\nallow a specially crafted datastream to underflow a .bss buffer with\nattacker controlled data.\n\nUpdated packages have been patched to correct this issue.\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected ncompress package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:ncompress\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2006\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2006/08/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2006/12/16\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2006-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK2006.0\", reference:\"ncompress-4.2.4-28.1.20060mdk\", yank:\"mdk\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-17T12:43:51", "description": "From Red Hat Security Advisory 2006:0663 :\n\nUpdated ncompress packages that address a security issue and fix bugs\nare now available.\n\nThis update has been rated as having low security impact by the Red\nHat Security Response Team.\n\nThe ncompress package contains file compression and decompression\nutilities, which are compatible with the original UNIX compress\nutility (.Z file extensions).\n\nTavis Ormandy of the Google Security Team discovered a lack of bounds\nchecking in ncompress. An attacker could create a carefully crafted\nfile that could execute arbitrary code if uncompressed by a victim.\n(CVE-2006-1168)\n\nIn addition, two bugs that affected Red Hat Enterprise Linux 4\nncompress packages were fixed :\n\n* The display statistics and compression results in verbose mode were\nnot shown when operating on zero length files.\n\n* An attempt to compress zero length files resulted in an unexpected\nreturn code.\n\nUsers of ncompress are advised to upgrade to these updated packages,\nwhich contain backported patches to correct these issues.", "edition": 24, "published": "2013-07-12T00:00:00", "title": "Oracle Linux 3 / 4 : ncompress (ELSA-2006-0663)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2006-1168"], "modified": "2013-07-12T00:00:00", "cpe": ["cpe:/o:oracle:linux:3", "cpe:/o:oracle:linux:4", "p-cpe:/a:oracle:linux:ncompress"], "id": "ORACLELINUX_ELSA-2006-0663.NASL", "href": "https://www.tenable.com/plugins/nessus/67406", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2006:0663 and \n# Oracle Linux Security Advisory ELSA-2006-0663 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(67406);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2006-1168\");\n script_bugtraq_id(19455);\n script_xref(name:\"RHSA\", value:\"2006:0663\");\n\n script_name(english:\"Oracle Linux 3 / 4 : ncompress (ELSA-2006-0663)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2006:0663 :\n\nUpdated ncompress packages that address a security issue and fix bugs\nare now available.\n\nThis update has been rated as having low security impact by the Red\nHat Security Response Team.\n\nThe ncompress package contains file compression and decompression\nutilities, which are compatible with the original UNIX compress\nutility (.Z file extensions).\n\nTavis Ormandy of the Google Security Team discovered a lack of bounds\nchecking in ncompress. An attacker could create a carefully crafted\nfile that could execute arbitrary code if uncompressed by a victim.\n(CVE-2006-1168)\n\nIn addition, two bugs that affected Red Hat Enterprise Linux 4\nncompress packages were fixed :\n\n* The display statistics and compression results in verbose mode were\nnot shown when operating on zero length files.\n\n* An attempt to compress zero length files resulted in an unexpected\nreturn code.\n\nUsers of ncompress are advised to upgrade to these updated packages,\nwhich contain backported patches to correct these issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2006-November/000004.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2007-March/000083.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected ncompress package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:ncompress\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:4\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2006/08/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2006/11/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(3|4)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 3 / 4\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL3\", cpu:\"i386\", reference:\"ncompress-4.2.4-39.rhel3\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"x86_64\", reference:\"ncompress-4.2.4-39.rhel3\")) flag++;\n\nif (rpm_check(release:\"EL4\", cpu:\"i386\", reference:\"ncompress-4.2.4-43.rhel4\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"x86_64\", reference:\"ncompress-4.2.4-43.rhel4\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ncompress\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-17T14:46:47", "description": "Lack of bounds checking in the decompression routine could result in a\nheap buffer underflow. Attackers could potentially exploit this to\nexecute arbitrary code by tricking users into decompressing a\nspecially crafted archive. (CVE-2006-1168)", "edition": 23, "published": "2007-12-13T00:00:00", "title": "SuSE 10 Security Update : ncompress (ZYPP Patch Number 1911)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2006-1168"], "modified": "2007-12-13T00:00:00", "cpe": ["cpe:/o:suse:suse_linux"], "id": "SUSE_NCOMPRESS-1911.NASL", "href": "https://www.tenable.com/plugins/nessus/29527", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(29527);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2006-1168\");\n\n script_name(english:\"SuSE 10 Security Update : ncompress (ZYPP Patch Number 1911)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 10 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Lack of bounds checking in the decompression routine could result in a\nheap buffer underflow. Attackers could potentially exploit this to\nexecute arbitrary code by tricking users into decompressing a\nspecially crafted archive. (CVE-2006-1168)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2006-1168.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply ZYPP patch number 1911.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2006/07/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/12/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 10 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLES10\", sp:0, reference:\"ncompress-4.2.4-15.5\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "oraclelinux": [{"lastseen": "2019-05-29T18:38:40", "bulletinFamily": "unix", "cvelist": ["CVE-2006-1168"], "description": " [4.2.4-43.rhel4]\n - display statistics when compressing 0 length files (#189215)\n - fix return code when compressing 0 length files (#189216)\n \n [4.2.4-42.rhel4]\n - fix bss buffer underflow CVE-2006-1168 (#201335) ", "edition": 4, "modified": "2006-11-30T00:00:00", "published": "2006-11-30T00:00:00", "id": "ELSA-2006-0663", "href": "http://linux.oracle.com/errata/ELSA-2006-0663.html", "title": "Low ncompress security update ", "type": "oraclelinux", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:37:28", "bulletinFamily": "unix", "cvelist": ["CVE-2011-2895"], "description": "[6.8.2-1.0.1.EL.69]\n- Add Enterprise Linux detection\n- Add XFree86-4.3.0-oracle-bug-report-address-update.patch\n[6.8.2-1.EL.69]\n- cve-2011-2895.patch: Prevent heap corruption/infinite loop (#725760)", "edition": 4, "modified": "2011-08-12T00:00:00", "published": "2011-08-12T00:00:00", "id": "ELSA-2011-1155", "href": "http://linux.oracle.com/errata/ELSA-2011-1155.html", "title": "xorg-x11 security update", "type": "oraclelinux", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:37:38", "bulletinFamily": "unix", "cvelist": ["CVE-2011-2895"], "description": "[2.1.9-19.el4]\n- Add freetype-2.1.9-CVE-2011-2895.patch\n (Prevent stackp to overflow.)\n- Resolves: #729317", "edition": 4, "modified": "2011-08-15T00:00:00", "published": "2011-08-15T00:00:00", "id": "ELSA-2011-1161", "href": "http://linux.oracle.com/errata/ELSA-2011-1161.html", "title": "freetype security update", "type": "oraclelinux", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:34:54", "bulletinFamily": "unix", "cvelist": ["CVE-2011-2895"], "description": "[1.4.1-2]\n- cve-2011-2895.patch: LZW decompression heap corruption", "edition": 4, "modified": "2011-08-11T00:00:00", "published": "2011-08-11T00:00:00", "id": "ELSA-2011-1154", "href": "http://linux.oracle.com/errata/ELSA-2011-1154.html", "title": "libXfont security update", "type": "oraclelinux", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "centos": [{"lastseen": "2019-12-20T18:25:54", "bulletinFamily": "unix", "cvelist": ["CVE-2006-1168"], "description": "**CentOS Errata and Security Advisory** CESA-2006:0663\n\n\nThe ncompress package contains file compression and decompression\r\nutilities, which are compatible with the original UNIX compress utility (.Z\r\nfile extensions).\r\n\r\nTavis Ormandy of the Google Security Team discovered a lack of bounds\r\nchecking in ncompress. An attacker could create a carefully crafted file\r\nthat could execute arbitrary code if uncompressed by a victim. (CVE-2006-1168)\r\n\r\nIn addition, two bugs that affected Red Hat Enterprise Linux 4 ncompress\r\npackages were fixed:\r\n\r\n* The display statistics and compression results in verbose mode were not\r\nshown when operating on zero length files.\r\n\r\n* An attempt to compress zero length files resulted in an unexpected return\r\ncode.\r\n\r\nUsers of ncompress are advised to upgrade to these updated packages, which\r\ncontain backported patches to correct these issues.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2006-September/025257.html\nhttp://lists.centos.org/pipermail/centos-announce/2006-September/025260.html\nhttp://lists.centos.org/pipermail/centos-announce/2006-September/025263.html\nhttp://lists.centos.org/pipermail/centos-announce/2006-September/025265.html\nhttp://lists.centos.org/pipermail/centos-announce/2006-September/025272.html\nhttp://lists.centos.org/pipermail/centos-announce/2006-September/025273.html\nhttp://lists.centos.org/pipermail/centos-announce/2006-September/025286.html\nhttp://lists.centos.org/pipermail/centos-announce/2006-September/025287.html\n\n**Affected packages:**\nncompress\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2006-0663.html", "edition": 4, "modified": "2006-09-15T16:21:05", "published": "2006-09-12T19:02:58", "href": "http://lists.centos.org/pipermail/centos-announce/2006-September/025257.html", "id": "CESA-2006:0663", "title": "ncompress security update", "type": "centos", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-12-20T18:25:57", "bulletinFamily": "unix", "cvelist": ["CVE-2006-1168"], "description": "**CentOS Errata and Security Advisory** CESA-2006:0663-01\n\n\nThe ncompress package contains file compression and decompression\r\nutilities, which are compatible with the original UNIX compress utility (.Z\r\nfile extensions).\r\n\r\nTavis Ormandy of the Google Security Team discovered a lack of bounds\r\nchecking in ncompress. An attacker could create a carefully crafted file\r\nthat could execute arbitrary code if uncompressed by a victim. (CVE-2006-1168)\r\n\r\nIn addition, two bugs that affected Red Hat Enterprise Linux 4 ncompress\r\npackages were fixed:\r\n\r\n* The display statistics and compression results in verbose mode were not\r\nshown when operating on zero length files.\r\n\r\n* An attempt to compress zero length files resulted in an unexpected return\r\ncode.\r\n\r\nUsers of ncompress are advised to upgrade to these updated packages, which\r\ncontain backported patches to correct these issues.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2006-September/025267.html\n\n**Affected packages:**\nncompress\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/rh21as-errata.html", "edition": 4, "modified": "2006-09-13T01:52:24", "published": "2006-09-13T01:52:24", "href": "http://lists.centos.org/pipermail/centos-announce/2006-September/025267.html", "id": "CESA-2006:0663-01", "title": "ncompress security update", "type": "centos", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-07-17T03:31:46", "bulletinFamily": "unix", "cvelist": ["CVE-2011-2895"], "description": "**CentOS Errata and Security Advisory** CESA-2011:1161\n\n\nFreeType is a free, high-quality, portable font engine that can open and\nmanage font files. It also loads, hints, and renders individual glyphs\nefficiently. These packages provide both the FreeType 1 and FreeType 2 font\nengines.\n\nA buffer overflow flaw was found in the way the FreeType library handled\nmalformed font files compressed using UNIX compress. If a user loaded a\nspecially-crafted compressed font file with an application linked against\nFreeType, it could cause the application to crash or, possibly, execute\narbitrary code with the privileges of the user running the application.\n(CVE-2011-2895)\n\nNote: This issue only affects the FreeType 2 font engine.\n\nUsers are advised to upgrade to these updated packages, which contain a\nbackported patch to correct this issue. The X server must be restarted (log\nout, then log back in) for this update to take effect.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2011-August/029728.html\nhttp://lists.centos.org/pipermail/centos-announce/2011-August/029729.html\n\n**Affected packages:**\nfreetype\nfreetype-demos\nfreetype-devel\nfreetype-utils\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2011-1161.html", "edition": 5, "modified": "2011-08-16T13:03:17", "published": "2011-08-16T13:02:42", "href": "http://lists.centos.org/pipermail/centos-announce/2011-August/029728.html", "id": "CESA-2011:1161", "title": "freetype security update", "type": "centos", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-12-20T18:25:49", "bulletinFamily": "unix", "cvelist": ["CVE-2011-2895"], "description": "**CentOS Errata and Security Advisory** CESA-2011:1155\n\n\nX.Org is an open source implementation of the X Window System. It provides\nthe basic low-level functionality that full-fledged graphical user\ninterfaces are designed upon. These xorg-x11 packages also provide the\nX.Org libXfont runtime library.\n\nA buffer overflow flaw was found in the way the libXfont library, used by\nthe X.Org server, handled malformed font files compressed using UNIX\ncompress. A malicious, local user could exploit this issue to potentially\nexecute arbitrary code with the privileges of the X.Org server.\n(CVE-2011-2895)\n\nUsers of xorg-x11 should upgrade to these updated packages, which contain\na backported patch to resolve this issue. All running X.Org server\ninstances must be restarted for the update to take effect.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2011-August/029699.html\nhttp://lists.centos.org/pipermail/centos-announce/2011-August/029700.html\n\n**Affected packages:**\nxorg-x11\nxorg-x11-Mesa-libGL\nxorg-x11-Mesa-libGLU\nxorg-x11-Xdmx\nxorg-x11-Xnest\nxorg-x11-Xvfb\nxorg-x11-deprecated-libs\nxorg-x11-deprecated-libs-devel\nxorg-x11-devel\nxorg-x11-doc\nxorg-x11-font-utils\nxorg-x11-libs\nxorg-x11-sdk\nxorg-x11-tools\nxorg-x11-twm\nxorg-x11-xauth\nxorg-x11-xdm\nxorg-x11-xfs\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2011-1155.html", "edition": 4, "modified": "2011-08-14T20:11:36", "published": "2011-08-14T20:09:20", "href": "http://lists.centos.org/pipermail/centos-announce/2011-August/029699.html", "id": "CESA-2011:1155", "title": "xorg security update", "type": "centos", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-10-30T13:21:00", "bulletinFamily": "unix", "cvelist": ["CVE-2011-2895"], "description": "**CentOS Errata and Security Advisory** CESA-2011:1154\n\n\nThe libXfont packages provide the X.Org libXfont runtime library. X.Org is\nan open source implementation of the X Window System.\n\nA buffer overflow flaw was found in the way the libXfont library, used by\nthe X.Org server, handled malformed font files compressed using UNIX\ncompress. A malicious, local user could exploit this issue to potentially\nexecute arbitrary code with the privileges of the X.Org server.\n(CVE-2011-2895)\n\nUsers of libXfont should upgrade to these updated packages, which contain a\nbackported patch to resolve this issue. All running X.Org server instances\nmust be restarted for the update to take effect.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2011-September/029920.html\nhttp://lists.centos.org/pipermail/centos-announce/2011-September/029921.html\nhttp://lists.centos.org/pipermail/centos-cr-announce/2011-September/006424.html\nhttp://lists.centos.org/pipermail/centos-cr-announce/2011-September/006425.html\n\n**Affected packages:**\nlibXfont\nlibXfont-devel\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2011-1154.html", "edition": 9, "modified": "2011-09-22T10:00:54", "published": "2011-09-02T16:41:15", "href": "http://lists.centos.org/pipermail/centos-cr-announce/2011-September/006424.html", "id": "CESA-2011:1154", "title": "libXfont security update", "type": "centos", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:18", "bulletinFamily": "software", "cvelist": ["CVE-2006-1168"], "description": "\r\n-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n _______________________________________________________________________\r\n \r\n Mandriva Linux Security Advisory MDKSA-2006:140\r\n http://www.mandriva.com/security/\r\n _______________________________________________________________________\r\n \r\n Package : ncompress\r\n Date : August 9, 2006\r\n Affected: 2006.0, Corporate 3.0\r\n _______________________________________________________________________\r\n \r\n Problem Description:\r\n \r\n Tavis Ormandy, of the Google Security Team, discovered that ncompress,\r\n when uncompressing data, performed no bounds checking, which could\r\n allow a specially crafted datastream to underflow a .bss buffer with\r\n attacker controlled data.\r\n \r\n Updated packages have been patched to correct this issue.\r\n _______________________________________________________________________\r\n\r\n References:\r\n \r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1168\r\n _______________________________________________________________________\r\n \r\n Updated Packages:\r\n \r\n Mandriva Linux 2006.0:\r\n a1e4fe7d74a1c8e043beb83baec7b34b 2006.0/RPMS/ncompress-4.2.4-28.1.20060mdk.i586.rpm\r\n 4b87e1b5ba659ce410067b09a75d669e 2006.0/SRPMS/ncompress-4.2.4-28.1.20060mdk.src.rpm\r\n\r\n Mandriva Linux 2006.0/X86_64:\r\n 7ce7f3a618b9c3687936145e2563733a x86_64/2006.0/RPMS/ncompress-4.2.4-28.1.20060mdk.x86_64.rpm\r\n 4b87e1b5ba659ce410067b09a75d669e x86_64/2006.0/SRPMS/ncompress-4.2.4-28.1.20060mdk.src.rpm\r\n\r\n Corporate 3.0:\r\n 30ecc6154bc75783218b82961288b085 corporate/3.0/RPMS/ncompress-4.2.4-28.1.C30mdk.i586.rpm\r\n bda272f060534aa25bebf22ed852f647 corporate/3.0/SRPMS/ncompress-4.2.4-28.1.C30mdk.src.rpm\r\n\r\n Corporate 3.0/X86_64:\r\n c9340a5c9bea0316f31fc61f6916f192 x86_64/corporate/3.0/RPMS/ncompress-4.2.4-28.1.C30mdk.x86_64.rpm\r\n bda272f060534aa25bebf22ed852f647 x86_64/corporate/3.0/SRPMS/ncompress-4.2.4-28.1.C30mdk.src.rpm\r\n _______________________________________________________________________\r\n\r\n To upgrade automatically use MandrivaUpdate or urpmi. The verification\r\n of md5 checksums and GPG signatures is performed automatically for you.\r\n\r\n All packages are signed by Mandriva for security. You can obtain the\r\n GPG public key of the Mandriva Security Team by executing:\r\n\r\n gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\r\n\r\n You can view other update advisories for Mandriva Linux at:\r\n\r\n http://www.mandriva.com/security/advisories\r\n\r\n If you want to report vulnerabilities, please contact\r\n\r\n security_(at)_mandriva.com\r\n _______________________________________________________________________\r\n\r\n Type Bits/KeyID Date User ID\r\n pub 1024D/22458A98 2000-07-10 Mandriva Security Team\r\n <security*mandriva.com>\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.2.2 (GNU/Linux)\r\n\r\niD8DBQFE2hM+mqjQ0CJFipgRAqJqAKDtkcDrEKN78rSDjBTbYYuHzLtVjACg0AMJ\r\nGA0qOfhRJ4DDBEEktUlC7Lo=\r\n=8eg9\r\n-----END PGP SIGNATURE-----\r\n", "edition": 1, "modified": "2006-08-10T00:00:00", "published": "2006-08-10T00:00:00", "id": "SECURITYVULNS:DOC:13829", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:13829", "title": "[ MDKSA-2006:140 ] - Updated ncompress packages fix vulnerability", "type": "securityvulns", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:10:41", "bulletinFamily": "software", "cvelist": ["CVE-2011-2895"], "description": "==========================================================================\r\nUbuntu Security Notice USN-1191-1\r\nAugust 15, 2011\r\n\r\nlibxfont vulnerability\r\n==========================================================================\r\n\r\nA security issue affects these releases of Ubuntu and its derivatives:\r\n\r\n- Ubuntu 11.04\r\n- Ubuntu 10.10\r\n- Ubuntu 10.04 LTS\r\n\r\nSummary:\r\n\r\nlibXfont could be made to run programs as an administrator if it opened a\r\nspecially crafted file.\r\n\r\nSoftware Description:\r\n- libxfont: X11 font rasterisation library\r\n\r\nDetails:\r\n\r\nTomas Hoger discovered that libXfont incorrectly handled certain malformed\r\ncompressed fonts. An attacker could use a specially crafted font file to\r\ncause libXfont to crash, or possibly execute arbitrary code in order to\r\ngain privileges.\r\n\r\nUpdate instructions:\r\n\r\nThe problem can be corrected by updating your system to the following\r\npackage versions:\r\n\r\nUbuntu 11.04:\r\n libxfont1 1:1.4.3-2ubuntu0.1\r\n\r\nUbuntu 10.10:\r\n libxfont1 1:1.4.2-1ubuntu0.1\r\n\r\nUbuntu 10.04 LTS:\r\n libxfont1 1:1.4.1-1ubuntu0.1\r\n\r\nAfter a standard system update you need to reboot your computer to make\r\nall the necessary changes.\r\n\r\nReferences:\r\n http://www.ubuntu.com/usn/usn-1191-1\r\n CVE-2011-2895\r\n\r\nPackage Information:\r\n https://launchpad.net/ubuntu/+source/libxfont/1:1.4.3-2ubuntu0.1\r\n https://launchpad.net/ubuntu/+source/libxfont/1:1.4.2-1ubuntu0.1\r\n https://launchpad.net/ubuntu/+source/libxfont/1:1.4.1-1ubuntu0.1\r\n\r\n", "edition": 1, "modified": "2011-08-17T00:00:00", "published": "2011-08-17T00:00:00", "id": "SECURITYVULNS:DOC:26853", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:26853", "title": "[USN-1191-1] libXfont vulnerability", "type": "securityvulns", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:09:43", "bulletinFamily": "software", "cvelist": ["CVE-2011-2895"], "description": "Memory corruption on compressed font parsing.", "edition": 1, "modified": "2013-08-17T00:00:00", "published": "2013-08-17T00:00:00", "id": "SECURITYVULNS:VULN:11864", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:11864", "title": "libXfont memory corruption", "type": "securityvulns", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "redhat": [{"lastseen": "2019-08-13T18:45:36", "bulletinFamily": "unix", "cvelist": ["CVE-2006-1168"], "description": "The ncompress package contains file compression and decompression\r\nutilities, which are compatible with the original UNIX compress utility (.Z\r\nfile extensions).\r\n\r\nTavis Ormandy of the Google Security Team discovered a lack of bounds\r\nchecking in ncompress. An attacker could create a carefully crafted file\r\nthat could execute arbitrary code if uncompressed by a victim. (CVE-2006-1168)\r\n\r\nIn addition, two bugs that affected Red Hat Enterprise Linux 4 ncompress\r\npackages were fixed:\r\n\r\n* The display statistics and compression results in verbose mode were not\r\nshown when operating on zero length files.\r\n\r\n* An attempt to compress zero length files resulted in an unexpected return\r\ncode.\r\n\r\nUsers of ncompress are advised to upgrade to these updated packages, which\r\ncontain backported patches to correct these issues.", "modified": "2019-03-22T23:43:11", "published": "2006-09-12T04:00:00", "id": "RHSA-2006:0663", "href": "https://access.redhat.com/errata/RHSA-2006:0663", "type": "redhat", "title": "(RHSA-2006:0663) ncompress security update", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-08-13T18:44:47", "bulletinFamily": "unix", "cvelist": ["CVE-2011-2895"], "description": "FreeType is a free, high-quality, portable font engine that can open and\nmanage font files. It also loads, hints, and renders individual glyphs\nefficiently. These packages provide both the FreeType 1 and FreeType 2 font\nengines.\n\nA buffer overflow flaw was found in the way the FreeType library handled\nmalformed font files compressed using UNIX compress. If a user loaded a\nspecially-crafted compressed font file with an application linked against\nFreeType, it could cause the application to crash or, possibly, execute\narbitrary code with the privileges of the user running the application.\n(CVE-2011-2895)\n\nNote: This issue only affects the FreeType 2 font engine.\n\nUsers are advised to upgrade to these updated packages, which contain a\nbackported patch to correct this issue. The X server must be restarted (log\nout, then log back in) for this update to take effect.\n", "modified": "2017-09-08T11:55:53", "published": "2011-08-15T04:00:00", "id": "RHSA-2011:1161", "href": "https://access.redhat.com/errata/RHSA-2011:1161", "type": "redhat", "title": "(RHSA-2011:1161) Moderate: freetype security update", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-08-13T18:46:24", "bulletinFamily": "unix", "cvelist": ["CVE-2011-2895"], "description": "The libXfont packages provide the X.Org libXfont runtime library. X.Org is\nan open source implementation of the X Window System.\n\nA buffer overflow flaw was found in the way the libXfont library, used by\nthe X.Org server, handled malformed font files compressed using UNIX\ncompress. A malicious, local user could exploit this issue to potentially\nexecute arbitrary code with the privileges of the X.Org server.\n(CVE-2011-2895)\n\nUsers of libXfont should upgrade to these updated packages, which contain a\nbackported patch to resolve this issue. All running X.Org server instances\nmust be restarted for the update to take effect.\n", "modified": "2017-09-08T12:17:01", "published": "2011-12-19T05:00:00", "id": "RHSA-2011:1834", "href": "https://access.redhat.com/errata/RHSA-2011:1834", "type": "redhat", "title": "(RHSA-2011:1834) Important: libXfont security update", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-08-13T18:45:35", "bulletinFamily": "unix", "cvelist": ["CVE-2011-2895"], "description": "The libXfont packages provide the X.Org libXfont runtime library. X.Org is\nan open source implementation of the X Window System.\n\nA buffer overflow flaw was found in the way the libXfont library, used by\nthe X.Org server, handled malformed font files compressed using UNIX\ncompress. A malicious, local user could exploit this issue to potentially\nexecute arbitrary code with the privileges of the X.Org server.\n(CVE-2011-2895)\n\nUsers of libXfont should upgrade to these updated packages, which contain a\nbackported patch to resolve this issue. All running X.Org server instances\nmust be restarted for the update to take effect.\n", "modified": "2018-06-06T20:24:18", "published": "2011-08-11T04:00:00", "id": "RHSA-2011:1154", "href": "https://access.redhat.com/errata/RHSA-2011:1154", "type": "redhat", "title": "(RHSA-2011:1154) Important: libXfont security update", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-08-13T18:46:33", "bulletinFamily": "unix", "cvelist": ["CVE-2011-2895"], "description": "X.Org is an open source implementation of the X Window System. It provides\nthe basic low-level functionality that full-fledged graphical user\ninterfaces are designed upon. These xorg-x11 packages also provide the\nX.Org libXfont runtime library.\n\nA buffer overflow flaw was found in the way the libXfont library, used by\nthe X.Org server, handled malformed font files compressed using UNIX\ncompress. A malicious, local user could exploit this issue to potentially\nexecute arbitrary code with the privileges of the X.Org server.\n(CVE-2011-2895)\n\nUsers of xorg-x11 should upgrade to these updated packages, which contain\na backported patch to resolve this issue. All running X.Org server\ninstances must be restarted for the update to take effect.\n", "modified": "2017-09-08T11:56:14", "published": "2011-08-11T04:00:00", "id": "RHSA-2011:1155", "href": "https://access.redhat.com/errata/RHSA-2011:1155", "type": "redhat", "title": "(RHSA-2011:1155) Important: xorg-x11 security update", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "gentoo": [{"lastseen": "2016-09-06T19:46:05", "bulletinFamily": "unix", "cvelist": ["CVE-2006-1168"], "description": "### Background\n\nncompress is a suite of utilities to create and extract Lempel-Ziff-Welch (LZW) compressed archives. \n\n### Description\n\nTavis Ormandy of the Google Security Team discovered a static buffer underflow in ncompress. \n\n### Impact\n\nAn attacker could create a specially crafted LZW archive, that when decompressed by a user or automated system would result in the execution of arbitrary code with the permissions of the user invoking the utility. \n\n### Workaround\n\nThere is no known workaround at this time. \n\n### Resolution\n\nAll ncompress users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=app-arch/ncompress-4.2.4.1\"", "edition": 1, "modified": "2006-10-06T00:00:00", "published": "2006-10-06T00:00:00", "id": "GLSA-200610-03", "href": "https://security.gentoo.org/glsa/200610-03", "type": "gentoo", "title": "ncompress: Buffer Underflow", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "osvdb": [{"lastseen": "2017-04-28T13:20:24", "bulletinFamily": "software", "cvelist": ["CVE-2006-1168"], "edition": 1, "description": "# No description provided by the source\n\n## References:\n[Vendor Specific Advisory URL](http://lists.suse.com/archive/suse-security-announce/2006-Aug/0006.html)\n[Vendor Specific Advisory URL](http://www.mandriva.com/security/advisories?name=MDKSA-2006:140)\n[Vendor Specific Advisory URL](ftp://patches.sgi.com/support/free/security/advisories/20060901-01-P.asc)\n[Vendor Specific Advisory URL](http://www.us.debian.org/security/2006/dsa-1149)\n[Vendor Specific Advisory URL](http://support.avaya.com/elmodocs2/security/ASA-2006-226.htm)\n[Secunia Advisory ID:21437](https://secuniaresearch.flexerasoftware.com/advisories/21437/)\n[Secunia Advisory ID:21880](https://secuniaresearch.flexerasoftware.com/advisories/21880/)\n[Secunia Advisory ID:22377](https://secuniaresearch.flexerasoftware.com/advisories/22377/)\n[Secunia Advisory ID:21427](https://secuniaresearch.flexerasoftware.com/advisories/21427/)\n[Secunia Advisory ID:22296](https://secuniaresearch.flexerasoftware.com/advisories/22296/)\n[Secunia Advisory ID:21467](https://secuniaresearch.flexerasoftware.com/advisories/21467/)\n[Secunia Advisory ID:22036](https://secuniaresearch.flexerasoftware.com/advisories/22036/)\n[Secunia Advisory ID:21434](https://secuniaresearch.flexerasoftware.com/advisories/21434/)\nRedHat RHSA: RHSA-2006:0663\nOther Advisory URL: http://www.gentoo.org/security/en/glsa/glsa-200610-03.xml\n[CVE-2006-1168](https://vulners.com/cve/CVE-2006-1168)\n", "modified": "2006-08-10T05:20:12", "published": "2006-08-10T05:20:12", "href": "https://vulners.com/osvdb/OSVDB:27868", "id": "OSVDB:27868", "title": "ncompress decompress() Function Datastream Handling Overflow", "type": "osvdb", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "debian": [{"lastseen": "2020-08-12T01:07:50", "bulletinFamily": "unix", "cvelist": ["CVE-2006-1168"], "description": "- --------------------------------------------------------------------------\nDebian Security Advisory DSA 1149-1 security@debian.org\nhttp://www.debian.org/security/ Martin Schulze\nAugust 10th, 2006 http://www.debian.org/security/faq\n- --------------------------------------------------------------------------\n\nPackage : ncompress\nVulnerability : buffer underflow\nProblem type : local (remote)\nDebian-specific: no\nCVE ID : CVE-2006-1168\n\nTavis Ormandy from the Google Security Team discovered a missing\nboundary check in ncompress, the original Lempel-Ziv compress and\nuncompress programs, which allows a specially crafted datastream to\nunderflow a buffer with attacker controlled data.\n\nFor the stable distribution (sarge) this problem has been fixed in\nversion 4.2.4-15sarge2.\n\nFor the unstable distribution (sid) this problem has been fixed in\nversion 4.2.4-15sarge2.\n\nWe recommend that you upgrade your ncompress package.\n\n\nUpgrade Instructions\n- --------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file.\n\nIf you are using the apt-get package manager, use the line for\nsources.list as given at the end of this advisory:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration.\n\n\nDebian GNU/Linux 3.1 alias sarge\n- --------------------------------\n\n Source archives:\n\n http://security.debian.org/pool/updates/main/n/ncompress/ncompress_4.2.4-15sarge2.dsc\n Size/MD5 checksum: 591 8fa14e666180e8a37491dcd33114dbff\n http://security.debian.org/pool/updates/main/n/ncompress/ncompress_4.2.4-15sarge2.diff.gz\n Size/MD5 checksum: 8124 1b7aa0d3079f334202df5d1c77e0f9bf\n http://security.debian.org/pool/updates/main/n/ncompress/ncompress_4.2.4.orig.tar.gz\n Size/MD5 checksum: 31765 7ef0d51aee53b6cd5c6aefe637491281\n\n Alpha architecture:\n\n http://security.debian.org/pool/updates/main/n/ncompress/ncompress_4.2.4-15sarge2_alpha.deb\n Size/MD5 checksum: 24370 72b955790079338f98afd62c49644897\n\n AMD64 architecture:\n\n http://security.debian.org/pool/updates/main/n/ncompress/ncompress_4.2.4-15sarge2_amd64.deb\n Size/MD5 checksum: 22924 58d6732c316a9317171c97e74e2cbe44\n\n ARM architecture:\n\n http://security.debian.org/pool/updates/main/n/ncompress/ncompress_4.2.4-15sarge2_arm.deb\n Size/MD5 checksum: 22522 3ec1cfdab5e4811ca5246a11b94b244d\n\n Intel IA-32 architecture:\n\n http://security.debian.org/pool/updates/main/n/ncompress/ncompress_4.2.4-15sarge2_i386.deb\n Size/MD5 checksum: 22158 a875189b26255c72ad2ec532c23eef05\n\n Intel IA-64 architecture:\n\n http://security.debian.org/pool/updates/main/n/ncompress/ncompress_4.2.4-15sarge2_ia64.deb\n Size/MD5 checksum: 26442 ef71240d1b7b4a699b5f817a46f7ead9\n\n HP Precision architecture:\n\n http://security.debian.org/pool/updates/main/n/ncompress/ncompress_4.2.4-15sarge2_hppa.deb\n Size/MD5 checksum: 24484 51c63bab7d53aa3392e268aec4d271ab\n\n Motorola 680x0 architecture:\n\n http://security.debian.org/pool/updates/main/n/ncompress/ncompress_4.2.4-15sarge2_m68k.deb\n Size/MD5 checksum: 21536 2cf5bbb67a3f32db857c75a2d352f47a\n\n Big endian MIPS architecture:\n\n http://security.debian.org/pool/updates/main/n/ncompress/ncompress_4.2.4-15sarge2_mips.deb\n Size/MD5 checksum: 23878 a71db49787837da587552030045c73c1\n\n Little endian MIPS architecture:\n\n http://security.debian.org/pool/updates/main/n/ncompress/ncompress_4.2.4-15sarge2_mipsel.deb\n Size/MD5 checksum: 23822 22ad68863b79b4bdf5302141be22deb6\n\n PowerPC architecture:\n\n http://security.debian.org/pool/updates/main/n/ncompress/ncompress_4.2.4-15sarge2_powerpc.deb\n Size/MD5 checksum: 22912 bafe112da108e4b66d64342b55ac4a47\n\n IBM S/390 architecture:\n\n http://security.debian.org/pool/updates/main/n/ncompress/ncompress_4.2.4-15sarge2_s390.deb\n Size/MD5 checksum: 22958 a8f180c5182ab1040746e66dfa99a6e1\n\n Sun Sparc architecture:\n\n http://security.debian.org/pool/updates/main/n/ncompress/ncompress_4.2.4-15sarge2_sparc.deb\n Size/MD5 checksum: 22532 db6aed643f82c6a0c0bdfded603d97be\n\n\n These files will probably be moved into the stable distribution on\n its next update.\n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>\n\n", "edition": 8, "modified": "2006-08-10T00:00:00", "published": "2006-08-10T00:00:00", "id": "DEBIAN:DSA-1149-1:C91C3", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2006/msg00238.html", "title": "[SECURITY] [DSA 1149-1] New ncompress packages fix potential code execution", "type": "debian", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-11-11T13:17:34", "bulletinFamily": "unix", "cvelist": ["CVE-2011-2895"], "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-2293-1 security@debian.org\nhttp://www.debian.org/security/ Thijs Kinkhorst\nAugust 12, 2011 http://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : libxfont\nVulnerability : buffer overflow\nProblem type : local\nDebian-specific: no\nCVE ID : CVE-2011-2895 \n\nTomas Hoger found a buffer overflow in the X.Org libXfont library,\nwhich may allow for a local privilege escalation through crafted\nfont files.\n\nFor the oldstable distribution (lenny), this problem has been fixed in\nversion 1.3.3-2.\n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 1.4.1-3.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 1.4.4-1.\n\nWe recommend that you upgrade your libxfont packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: http://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "edition": 9, "modified": "2011-08-12T14:15:46", "published": "2011-08-12T14:15:46", "id": "DEBIAN:DSA-2293-1:771F2", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2011/msg00167.html", "title": "[SECURITY] [DSA 2293-1] libxfont security update", "type": "debian", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "suse": [{"lastseen": "2016-09-04T12:42:58", "bulletinFamily": "unix", "cvelist": ["CVE-2011-2895"], "description": "Specially crafted font files could cause a buffer overflow\n in applications that use libXfont to load such files\n (CVE-2011-2895).\n", "edition": 1, "modified": "2011-09-13T17:08:18", "published": "2011-09-13T17:08:18", "id": "SUSE-SU-2011:1035-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2011-09/msg00019.html", "type": "suse", "title": "Security update for Xorg X11 (important)", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T11:41:55", "bulletinFamily": "unix", "cvelist": ["CVE-2011-2895"], "description": "Specially crafted font files could cause a buffer overflow\n in applications that use libXfont to load such files\n (CVE-2011-2895).\n\n", "edition": 1, "modified": "2011-12-05T18:08:19", "published": "2011-12-05T18:08:19", "id": "OPENSUSE-SU-2011:1299-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2011-12/msg00004.html", "title": "xorg-x11-libs (important)", "type": "suse", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T11:45:47", "bulletinFamily": "unix", "cvelist": ["CVE-2011-2895"], "description": "The following bug has been fixed:\n\n * Specially crafted font files could have caused a\n buffer overflow in applications that use libXfont to load\n such files (CVE-2011-2895).\n", "edition": 1, "modified": "2011-12-06T21:08:30", "published": "2011-12-06T21:08:30", "id": "SUSE-SU-2011:1035-2", "href": "http://lists.opensuse.org/opensuse-security-announce/2011-12/msg00006.html", "type": "suse", "title": "Security update for Xorg-X11 (important)", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "freebsd": [{"lastseen": "2019-05-29T18:33:53", "bulletinFamily": "unix", "cvelist": ["CVE-2011-2895"], "description": "\n\nProblem Description:\nThe code used to decompress a file created by compress(1) does not\n\t do sufficient boundary checks on compressed code words, allowing\n\t reference beyond the decompression table, which may result in a\n\t stack overflow or an infinite loop when the decompressor encounters\n\t a corrupted file.\n\n", "edition": 4, "modified": "2011-09-28T00:00:00", "published": "2011-09-28T00:00:00", "id": "FEE94342-4638-11E1-9F47-00E0815B8DA8", "href": "https://vuxml.freebsd.org/freebsd/fee94342-4638-11e1-9f47-00e0815b8da8.html", "title": "FreeBSD -- errors handling corrupt compress file in compress(1) and gzip(1)", "type": "freebsd", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:33:58", "bulletinFamily": "unix", "cvelist": ["CVE-2011-2895"], "description": "\nTomas Hoger reports:\n\nThe compress/ LZW decompress implentation does not correctly\n\t handle compressed streams that contain code words that were not\n\t yet added to the decompression table. This may lead to\n\t arbitrary memory corruption. Successfull exploitation may\n\t possible lead to a local privilege escalation.\n\n", "edition": 4, "modified": "2012-03-13T00:00:00", "published": "2011-07-26T00:00:00", "id": "304409C3-C3EF-11E0-8AA5-485D60CB5385", "href": "https://vuxml.freebsd.org/freebsd/304409c3-c3ef-11e0-8aa5-485d60cb5385.html", "title": "libXfont -- possible local privilege escalation", "type": "freebsd", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "ubuntu": [{"lastseen": "2020-07-09T00:23:24", "bulletinFamily": "unix", "cvelist": ["CVE-2011-2895"], "description": "Tomas Hoger discovered that libXfont incorrectly handled certain malformed \ncompressed fonts. An attacker could use a specially crafted font file to \ncause libXfont to crash, or possibly execute arbitrary code in order to \ngain privileges.", "edition": 5, "modified": "2011-08-15T00:00:00", "published": "2011-08-15T00:00:00", "id": "USN-1191-1", "href": "https://ubuntu.com/security/notices/USN-1191-1", "title": "libXfont vulnerability", "type": "ubuntu", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}]}
