Mandriva Update for freeciv MDVSA-2010:205 (freeciv)
2010-10-19T00:00:00
ID OPENVAS:1361412562310831209 Type openvas Reporter Copyright (c) 2010 Greenbone Networks GmbH Modified 2018-01-25T00:00:00
Description
Check for the Version of freeciv
###############################################################################
# OpenVAS Vulnerability Test
#
# Mandriva Update for freeciv MDVSA-2010:205 (freeciv)
#
# Authors:
# System Generated Check
#
# Copyright:
# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2
# (or any later version), as published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################
include("revisions-lib.inc");
tag_insight = "A vulnerability was discovered and corrected in freeciv:
freeciv 2.2 before 2.2.1 and 2.3 before 2.3.0 allows attackers to
read arbitrary files or execute arbitrary commands via scenario
that contains Lua functionality, related to the (1) os, (2) io, (3)
package, (4) dofile, (5) loadfile, (6) loadlib, (7) module, and (8)
require modules or functions (CVE-2010-2445).
The updated packages have been upgraded to v2.2.1 which is not
vulnerable to this issue.";
tag_solution = "Please Install the Updated Packages.";
tag_affected = "freeciv on Mandriva Linux 2010.0,
Mandriva Linux 2010.0/X86_64,
Mandriva Linux 2010.1,
Mandriva Linux 2010.1/X86_64";
if(description)
{
script_xref(name : "URL" , value : "http://lists.mandriva.com/security-announce/2010-10/msg00026.php");
script_oid("1.3.6.1.4.1.25623.1.0.831209");
script_version("$Revision: 8528 $");
script_tag(name:"last_modification", value:"$Date: 2018-01-25 08:57:36 +0100 (Thu, 25 Jan 2018) $");
script_tag(name:"creation_date", value:"2010-10-19 15:54:15 +0200 (Tue, 19 Oct 2010)");
script_tag(name:"cvss_base", value:"10.0");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:C/I:C/A:C");
script_xref(name: "MDVSA", value: "2010:205");
script_cve_id("CVE-2010-2445");
script_name("Mandriva Update for freeciv MDVSA-2010:205 (freeciv)");
script_tag(name: "summary" , value: "Check for the Version of freeciv");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (c) 2010 Greenbone Networks GmbH");
script_family("Mandrake Local Security Checks");
script_dependencies("gather-package-list.nasl");
script_mandatory_keys("ssh/login/mandriva_mandrake_linux", "ssh/login/release");
script_tag(name : "affected" , value : tag_affected);
script_tag(name : "insight" , value : tag_insight);
script_tag(name : "solution" , value : tag_solution);
script_tag(name:"qod_type", value:"package");
script_tag(name:"solution_type", value:"VendorFix");
exit(0);
}
include("pkg-lib-rpm.inc");
release = get_kb_item("ssh/login/release");
res = "";
if(release == NULL){
exit(0);
}
if(release == "MNDK_2010.1")
{
if ((res = isrpmvuln(pkg:"freeciv-client", rpm:"freeciv-client~2.2.1~0.1mdv2010.1", rls:"MNDK_2010.1")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"freeciv-data", rpm:"freeciv-data~2.2.1~0.1mdv2010.1", rls:"MNDK_2010.1")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"freeciv-server", rpm:"freeciv-server~2.2.1~0.1mdv2010.1", rls:"MNDK_2010.1")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"freeciv", rpm:"freeciv~2.2.1~0.1mdv2010.1", rls:"MNDK_2010.1")) != NULL)
{
security_message(data:res);
exit(0);
}
if (__pkg_match) exit(99); # Not vulnerable.
exit(0);
}
if(release == "MNDK_2010.0")
{
if ((res = isrpmvuln(pkg:"freeciv-client", rpm:"freeciv-client~2.2.1~0.1mdv2010.0", rls:"MNDK_2010.0")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"freeciv-data", rpm:"freeciv-data~2.2.1~0.1mdv2010.0", rls:"MNDK_2010.0")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"freeciv-server", rpm:"freeciv-server~2.2.1~0.1mdv2010.0", rls:"MNDK_2010.0")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"freeciv", rpm:"freeciv~2.2.1~0.1mdv2010.0", rls:"MNDK_2010.0")) != NULL)
{
security_message(data:res);
exit(0);
}
if (__pkg_match) exit(99); # Not vulnerable.
exit(0);
}
{"id": "OPENVAS:1361412562310831209", "type": "openvas", "bulletinFamily": "scanner", "title": "Mandriva Update for freeciv MDVSA-2010:205 (freeciv)", "description": "Check for the Version of freeciv", "published": "2010-10-19T00:00:00", "modified": "2018-01-25T00:00:00", "cvss": {"vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/", "score": 10.0}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310831209", "reporter": "Copyright (c) 2010 Greenbone Networks GmbH", "references": ["http://lists.mandriva.com/security-announce/2010-10/msg00026.php", "2010:205"], "cvelist": ["CVE-2010-2445"], "lastseen": "2018-01-26T11:06:02", "viewCount": 1, "enchantments": {"score": {"value": 6.4, "vector": "NONE", "modified": "2018-01-26T11:06:02", "rev": 2}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2010-2445"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310862321", "OPENVAS:1361412562310862691", "OPENVAS:862691", "OPENVAS:831209", "OPENVAS:1361412562310121138", "OPENVAS:862325", "OPENVAS:862321", "OPENVAS:1361412562310862325"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:11202", "SECURITYVULNS:DOC:24936"]}, {"type": "nessus", "idList": ["MANDRIVA_MDVSA-2010-205.NASL", "FEDORA_2010-12371.NASL", "GENTOO_GLSA-201402-07.NASL", "FEDORA_2010-12256.NASL", "FEDORA_2010-12262.NASL"]}, {"type": "gentoo", "idList": ["GLSA-201402-07"]}], "modified": "2018-01-26T11:06:02", "rev": 2}, "vulnersScore": 6.4}, "pluginID": "1361412562310831209", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for freeciv MDVSA-2010:205 (freeciv)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"A vulnerability was discovered and corrected in freeciv:\n\n freeciv 2.2 before 2.2.1 and 2.3 before 2.3.0 allows attackers to\n read arbitrary files or execute arbitrary commands via scenario\n that contains Lua functionality, related to the (1) os, (2) io, (3)\n package, (4) dofile, (5) loadfile, (6) loadlib, (7) module, and (8)\n require modules or functions (CVE-2010-2445).\n \n The updated packages have been upgraded to v2.2.1 which is not\n vulnerable to this issue.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"freeciv on Mandriva Linux 2010.0,\n Mandriva Linux 2010.0/X86_64,\n Mandriva Linux 2010.1,\n Mandriva Linux 2010.1/X86_64\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.mandriva.com/security-announce/2010-10/msg00026.php\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.831209\");\n script_version(\"$Revision: 8528 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-25 08:57:36 +0100 (Thu, 25 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2010-10-19 15:54:15 +0200 (Tue, 19 Oct 2010)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"MDVSA\", value: \"2010:205\");\n script_cve_id(\"CVE-2010-2445\");\n script_name(\"Mandriva Update for freeciv MDVSA-2010:205 (freeciv)\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of freeciv\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"MNDK_2010.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"freeciv-client\", rpm:\"freeciv-client~2.2.1~0.1mdv2010.1\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"freeciv-data\", rpm:\"freeciv-data~2.2.1~0.1mdv2010.1\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"freeciv-server\", rpm:\"freeciv-server~2.2.1~0.1mdv2010.1\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"freeciv\", rpm:\"freeciv~2.2.1~0.1mdv2010.1\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_2010.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"freeciv-client\", rpm:\"freeciv-client~2.2.1~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"freeciv-data\", rpm:\"freeciv-data~2.2.1~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"freeciv-server\", rpm:\"freeciv-server~2.2.1~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"freeciv\", rpm:\"freeciv~2.2.1~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "naslFamily": "Mandrake Local Security Checks"}
{"cve": [{"lastseen": "2021-02-02T05:44:59", "description": "freeciv 2.2 before 2.2.1 and 2.3 before 2.3.0 allows attackers to read arbitrary files or execute arbitrary commands via a scenario that contains Lua functionality, related to the (1) os, (2) io, (3) package, (4) dofile, (5) loadfile, (6) loadlib, (7) module, and (8) require modules or functions.", "edition": 4, "cvss3": {}, "published": "2010-07-08T12:54:00", "title": "CVE-2010-2445", "type": "cve", "cwe": ["CWE-78"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-2445"], "modified": "2010-11-06T04:00:00", "cpe": ["cpe:/a:freeciv:freeciv:2.3.0", "cpe:/a:freeciv:freeciv:2.2.0"], "id": "CVE-2010-2445", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2445", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:freeciv:freeciv:2.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:freeciv:freeciv:2.2.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:freeciv:freeciv:2.2.0:beta3:*:*:*:*:*:*", "cpe:2.3:a:freeciv:freeciv:2.3.0:dev:*:*:*:*:*:*", "cpe:2.3:a:freeciv:freeciv:2.2.0:beta2:*:*:*:*:*:*", "cpe:2.3:a:freeciv:freeciv:2.2.0:beta1:*:*:*:*:*:*"]}], "openvas": [{"lastseen": "2017-12-14T11:48:54", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-2445"], "description": "Check for the Version of freeciv", "modified": "2017-12-13T00:00:00", "published": "2010-08-20T00:00:00", "id": "OPENVAS:862325", "href": "http://plugins.openvas.org/nasl.php?oid=862325", "type": "openvas", "title": "Fedora Update for freeciv FEDORA-2010-12262", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for freeciv FEDORA-2010-12262\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"freeciv on Fedora 12\";\ntag_insight = \"Freeciv is a turn-based, multi-player, X based strategy game. Freeciv\n is generally comparable to, and has compatible rules with, the\n Civilization II(R) game by Microprose(R). In Freeciv, each player is\n the leader of a civilization, and is competing with the other players\n in order to become the leader of the greatest civilization.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2010-August/045854.html\");\n script_id(862325);\n script_version(\"$Revision: 8092 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-13 07:31:16 +0100 (Wed, 13 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-08-20 14:57:11 +0200 (Fri, 20 Aug 2010)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"FEDORA\", value: \"2010-12262\");\n script_cve_id(\"CVE-2010-2445\");\n script_name(\"Fedora Update for freeciv FEDORA-2010-12262\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of freeciv\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC12\")\n{\n\n if ((res = isrpmvuln(pkg:\"freeciv\", rpm:\"freeciv~2.2.2~1.fc12\", rls:\"FC12\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:36:51", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-2445"], "description": "Gentoo Linux Local Security Checks GLSA 201402-07", "modified": "2018-10-26T00:00:00", "published": "2015-09-29T00:00:00", "id": "OPENVAS:1361412562310121138", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310121138", "type": "openvas", "title": "Gentoo Security Advisory GLSA 201402-07", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: glsa-201402-07.nasl 12128 2018-10-26 13:35:25Z cfischer $\n#\n# Gentoo Linux security check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.121138\");\n script_version(\"$Revision: 12128 $\");\n script_tag(name:\"creation_date\", value:\"2015-09-29 11:26:50 +0300 (Tue, 29 Sep 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-26 15:35:25 +0200 (Fri, 26 Oct 2018) $\");\n script_name(\"Gentoo Security Advisory GLSA 201402-07\");\n script_tag(name:\"insight\", value:\"The Lua component of Freeciv does not restrict which modules may be loaded by scenario scripts.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://security.gentoo.org/glsa/201402-07\");\n script_cve_id(\"CVE-2010-2445\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"summary\", value:\"Gentoo Linux Local Security Checks GLSA 201402-07\");\n script_copyright(\"Eero Volotinen\");\n script_family(\"Gentoo Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-gentoo.inc\");\n\nres = \"\";\nreport = \"\";\n\nif((res=ispkgvuln(pkg:\"games-strategy/freeciv\", unaffected: make_list(\"ge 2.2.1\"), vulnerable: make_list(\"lt 2.2.1\"))) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2018-01-03T10:55:08", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-2445"], "description": "Check for the Version of freeciv", "modified": "2018-01-02T00:00:00", "published": "2010-08-20T00:00:00", "id": "OPENVAS:1361412562310862321", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310862321", "type": "openvas", "title": "Fedora Update for freeciv FEDORA-2010-12256", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for freeciv FEDORA-2010-12256\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"freeciv on Fedora 13\";\ntag_insight = \"Freeciv is a turn-based, multi-player, X based strategy game. Freeciv\n is generally comparable to, and has compatible rules with, the\n Civilization II(R) game by Microprose(R). In Freeciv, each player is\n the leader of a civilization, and is competing with the other players\n in order to become the leader of the greatest civilization.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2010-August/045953.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.862321\");\n script_version(\"$Revision: 8269 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-02 08:28:22 +0100 (Tue, 02 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2010-08-20 14:57:11 +0200 (Fri, 20 Aug 2010)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"FEDORA\", value: \"2010-12256\");\n script_cve_id(\"CVE-2010-2445\");\n script_name(\"Fedora Update for freeciv FEDORA-2010-12256\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of freeciv\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC13\")\n{\n\n if ((res = isrpmvuln(pkg:\"freeciv\", rpm:\"freeciv~2.2.2~1.fc13\", rls:\"FC13\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-01-02T10:54:45", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-2445"], "description": "Check for the Version of freeciv", "modified": "2017-12-26T00:00:00", "published": "2010-08-20T00:00:00", "id": "OPENVAS:1361412562310862325", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310862325", "type": "openvas", "title": "Fedora Update for freeciv FEDORA-2010-12262", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for freeciv FEDORA-2010-12262\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"freeciv on Fedora 12\";\ntag_insight = \"Freeciv is a turn-based, multi-player, X based strategy game. Freeciv\n is generally comparable to, and has compatible rules with, the\n Civilization II(R) game by Microprose(R). In Freeciv, each player is\n the leader of a civilization, and is competing with the other players\n in order to become the leader of the greatest civilization.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2010-August/045854.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.862325\");\n script_version(\"$Revision: 8246 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-26 08:29:20 +0100 (Tue, 26 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-08-20 14:57:11 +0200 (Fri, 20 Aug 2010)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"FEDORA\", value: \"2010-12262\");\n script_cve_id(\"CVE-2010-2445\");\n script_name(\"Fedora Update for freeciv FEDORA-2010-12262\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of freeciv\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC12\")\n{\n\n if ((res = isrpmvuln(pkg:\"freeciv\", rpm:\"freeciv~2.2.2~1.fc12\", rls:\"FC12\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-01-23T13:05:57", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-2445"], "description": "Check for the Version of freeciv", "modified": "2018-01-23T00:00:00", "published": "2010-12-02T00:00:00", "id": "OPENVAS:1361412562310862691", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310862691", "type": "openvas", "title": "Fedora Update for freeciv FEDORA-2010-12371", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for freeciv FEDORA-2010-12371\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"freeciv on Fedora 14\";\ntag_insight = \"Freeciv is a turn-based, multi-player, X based strategy game. Freeciv\n is generally comparable to, and has compatible rules with, the\n Civilization II(R) game by Microprose(R). In Freeciv, each player is\n the leader of a civilization, and is competing with the other players\n in order to become the leader of the greatest civilization.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2010-August/045658.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.862691\");\n script_version(\"$Revision: 8495 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-23 08:57:49 +0100 (Tue, 23 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2010-12-02 08:39:14 +0100 (Thu, 02 Dec 2010)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"FEDORA\", value: \"2010-12371\");\n script_cve_id(\"CVE-2010-2445\");\n script_name(\"Fedora Update for freeciv FEDORA-2010-12371\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of freeciv\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC14\")\n{\n\n if ((res = isrpmvuln(pkg:\"freeciv\", rpm:\"freeciv~2.2.2~1.fc14\", rls:\"FC14\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-01-02T10:54:50", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-2445"], "description": "Check for the Version of freeciv", "modified": "2017-12-26T00:00:00", "published": "2010-10-19T00:00:00", "id": "OPENVAS:831209", "href": "http://plugins.openvas.org/nasl.php?oid=831209", "type": "openvas", "title": "Mandriva Update for freeciv MDVSA-2010:205 (freeciv)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for freeciv MDVSA-2010:205 (freeciv)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"A vulnerability was discovered and corrected in freeciv:\n\n freeciv 2.2 before 2.2.1 and 2.3 before 2.3.0 allows attackers to\n read arbitrary files or execute arbitrary commands via scenario\n that contains Lua functionality, related to the (1) os, (2) io, (3)\n package, (4) dofile, (5) loadfile, (6) loadlib, (7) module, and (8)\n require modules or functions (CVE-2010-2445).\n \n The updated packages have been upgraded to v2.2.1 which is not\n vulnerable to this issue.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"freeciv on Mandriva Linux 2010.0,\n Mandriva Linux 2010.0/X86_64,\n Mandriva Linux 2010.1,\n Mandriva Linux 2010.1/X86_64\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.mandriva.com/security-announce/2010-10/msg00026.php\");\n script_id(831209);\n script_version(\"$Revision: 8245 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-26 07:29:59 +0100 (Tue, 26 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-10-19 15:54:15 +0200 (Tue, 19 Oct 2010)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"MDVSA\", value: \"2010:205\");\n script_cve_id(\"CVE-2010-2445\");\n script_name(\"Mandriva Update for freeciv MDVSA-2010:205 (freeciv)\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of freeciv\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"MNDK_2010.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"freeciv-client\", rpm:\"freeciv-client~2.2.1~0.1mdv2010.1\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"freeciv-data\", rpm:\"freeciv-data~2.2.1~0.1mdv2010.1\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"freeciv-server\", rpm:\"freeciv-server~2.2.1~0.1mdv2010.1\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"freeciv\", rpm:\"freeciv~2.2.1~0.1mdv2010.1\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_2010.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"freeciv-client\", rpm:\"freeciv-client~2.2.1~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"freeciv-data\", rpm:\"freeciv-data~2.2.1~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"freeciv-server\", rpm:\"freeciv-server~2.2.1~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"freeciv\", rpm:\"freeciv~2.2.1~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-01-02T10:54:50", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-2445"], "description": "Check for the Version of freeciv", "modified": "2017-12-25T00:00:00", "published": "2010-12-02T00:00:00", "id": "OPENVAS:862691", "href": "http://plugins.openvas.org/nasl.php?oid=862691", "type": "openvas", "title": "Fedora Update for freeciv FEDORA-2010-12371", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for freeciv FEDORA-2010-12371\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"freeciv on Fedora 14\";\ntag_insight = \"Freeciv is a turn-based, multi-player, X based strategy game. Freeciv\n is generally comparable to, and has compatible rules with, the\n Civilization II(R) game by Microprose(R). In Freeciv, each player is\n the leader of a civilization, and is competing with the other players\n in order to become the leader of the greatest civilization.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2010-August/045658.html\");\n script_id(862691);\n script_version(\"$Revision: 8243 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-25 07:30:04 +0100 (Mon, 25 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-12-02 08:39:14 +0100 (Thu, 02 Dec 2010)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"FEDORA\", value: \"2010-12371\");\n script_cve_id(\"CVE-2010-2445\");\n script_name(\"Fedora Update for freeciv FEDORA-2010-12371\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of freeciv\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC14\")\n{\n\n if ((res = isrpmvuln(pkg:\"freeciv\", rpm:\"freeciv~2.2.2~1.fc14\", rls:\"FC14\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-12-15T11:58:26", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-2445"], "description": "Check for the Version of freeciv", "modified": "2017-12-15T00:00:00", "published": "2010-08-20T00:00:00", "id": "OPENVAS:862321", "href": "http://plugins.openvas.org/nasl.php?oid=862321", "type": "openvas", "title": "Fedora Update for freeciv FEDORA-2010-12256", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for freeciv FEDORA-2010-12256\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"freeciv on Fedora 13\";\ntag_insight = \"Freeciv is a turn-based, multi-player, X based strategy game. Freeciv\n is generally comparable to, and has compatible rules with, the\n Civilization II(R) game by Microprose(R). In Freeciv, each player is\n the leader of a civilization, and is competing with the other players\n in order to become the leader of the greatest civilization.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2010-August/045953.html\");\n script_id(862321);\n script_version(\"$Revision: 8130 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-15 07:31:09 +0100 (Fri, 15 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-08-20 14:57:11 +0200 (Fri, 20 Aug 2010)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"FEDORA\", value: \"2010-12256\");\n script_cve_id(\"CVE-2010-2445\");\n script_name(\"Fedora Update for freeciv FEDORA-2010-12256\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of freeciv\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC13\")\n{\n\n if ((res = isrpmvuln(pkg:\"freeciv\", rpm:\"freeciv~2.2.2~1.fc13\", rls:\"FC13\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "gentoo": [{"lastseen": "2016-09-06T19:46:13", "bulletinFamily": "unix", "cvelist": ["CVE-2010-2445"], "description": "### Background\n\nFreeciv is an open-source empire building strategy game.\n\n### Description\n\nThe Lua component of Freeciv does not restrict which modules may be loaded by scenario scripts. \n\n### Impact\n\nA remote attacker could entice a user to open a specially crafted scenario file, possibly resulting in execution of arbitrary code or reading of arbitrary files with the privileges of the process. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll Freeciv users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=games-strategy/freeciv-2.2.1\"\n \n\nNOTE: This is a legacy GLSA. Updates for all affected architectures are available since July 26, 2010. It is likely that your system is already no longer affected by this issue.", "edition": 1, "modified": "2014-02-06T00:00:00", "published": "2014-02-06T00:00:00", "id": "GLSA-201402-07", "href": "https://security.gentoo.org/glsa/201402-07", "type": "gentoo", "title": "Freeciv: User-assisted execution of arbitrary code", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "nessus": [{"lastseen": "2021-01-07T10:55:32", "description": "The remote host is affected by the vulnerability described in GLSA-201402-07\n(Freeciv: User-assisted execution of arbitrary code)\n\n The Lua component of Freeciv does not restrict which modules may be\n loaded by scenario scripts.\n \nImpact :\n\n A remote attacker could entice a user to open a specially crafted\n scenario file, possibly resulting in execution of arbitrary code or\n reading of arbitrary files with the privileges of the process.\n \nWorkaround :\n\n There is no known workaround at this time.", "edition": 21, "published": "2014-02-07T00:00:00", "title": "GLSA-201402-07 : Freeciv: User-assisted execution of arbitrary code", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-2445"], "modified": "2014-02-07T00:00:00", "cpe": ["cpe:/o:gentoo:linux", "p-cpe:/a:gentoo:linux:freeciv"], "id": "GENTOO_GLSA-201402-07.NASL", "href": "https://www.tenable.com/plugins/nessus/72384", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 201402-07.\n#\n# The advisory text is Copyright (C) 2001-2015 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(72384);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2010-2445\");\n script_bugtraq_id(40598);\n script_xref(name:\"GLSA\", value:\"201402-07\");\n\n script_name(english:\"GLSA-201402-07 : Freeciv: User-assisted execution of arbitrary code\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-201402-07\n(Freeciv: User-assisted execution of arbitrary code)\n\n The Lua component of Freeciv does not restrict which modules may be\n loaded by scenario scripts.\n \nImpact :\n\n A remote attacker could entice a user to open a specially crafted\n scenario file, possibly resulting in execution of arbitrary code or\n reading of arbitrary files with the privileges of the process.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/201402-07\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All Freeciv users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=games-strategy/freeciv-2.2.1'\n NOTE: This is a legacy GLSA. Updates for all affected architectures are\n available since July 26, 2010. It is likely that your system is already\n no longer affected by this issue.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:freeciv\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/02/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/02/07\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"games-strategy/freeciv\", unaffected:make_list(\"ge 2.2.1\"), vulnerable:make_list(\"lt 2.2.1\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"Freeciv\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-07T11:52:50", "description": "A vulnerability was discovered and corrected in freeciv :\n\nfreeciv 2.2 before 2.2.1 and 2.3 before 2.3.0 allows attackers to read\narbitrary files or execute arbitrary commands via scenario that\ncontains Lua functionality, related to the (1) os, (2) io, (3)\npackage, (4) dofile, (5) loadfile, (6) loadlib, (7) module, and (8)\nrequire modules or functions (CVE-2010-2445).\n\nThe updated packages have been upgraded to v2.2.1 which is not\nvulnerable to this issue.", "edition": 24, "published": "2010-10-18T00:00:00", "title": "Mandriva Linux Security Advisory : freeciv (MDVSA-2010:205)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-2445"], "modified": "2010-10-18T00:00:00", "cpe": ["p-cpe:/a:mandriva:linux:freeciv-server", "p-cpe:/a:mandriva:linux:freeciv-client", "cpe:/o:mandriva:linux:2010.1", "cpe:/o:mandriva:linux:2010.0", "p-cpe:/a:mandriva:linux:freeciv-data"], "id": "MANDRIVA_MDVSA-2010-205.NASL", "href": "https://www.tenable.com/plugins/nessus/50008", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2010:205. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(50008);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2010-2445\");\n script_bugtraq_id(40598);\n script_xref(name:\"MDVSA\", value:\"2010:205\");\n\n script_name(english:\"Mandriva Linux Security Advisory : freeciv (MDVSA-2010:205)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A vulnerability was discovered and corrected in freeciv :\n\nfreeciv 2.2 before 2.2.1 and 2.3 before 2.3.0 allows attackers to read\narbitrary files or execute arbitrary commands via scenario that\ncontains Lua functionality, related to the (1) os, (2) io, (3)\npackage, (4) dofile, (5) loadfile, (6) loadlib, (7) module, and (8)\nrequire modules or functions (CVE-2010-2445).\n\nThe updated packages have been upgraded to v2.2.1 which is not\nvulnerable to this issue.\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected freeciv-client, freeciv-data and / or\nfreeciv-server packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:freeciv-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:freeciv-data\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:freeciv-server\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2010.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2010.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/10/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/10/18\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK2010.0\", reference:\"freeciv-client-2.2.1-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"freeciv-data-2.2.1-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"freeciv-server-2.2.1-0.1mdv2010.0\", yank:\"mdv\")) flag++;\n\nif (rpm_check(release:\"MDK2010.1\", reference:\"freeciv-client-2.2.1-0.1mdv2010.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"freeciv-data-2.2.1-0.1mdv2010.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"freeciv-server-2.2.1-0.1mdv2010.1\", yank:\"mdv\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-12T10:07:55", "description": "A lot of fixes and updates, including a security fix. Fixes #612296\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 25, "published": "2010-08-20T00:00:00", "title": "Fedora 12 : freeciv-2.2.2-1.fc12 (2010-12262)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-2445"], "modified": "2010-08-20T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:freeciv", "cpe:/o:fedoraproject:fedora:12"], "id": "FEDORA_2010-12262.NASL", "href": "https://www.tenable.com/plugins/nessus/48378", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2010-12262.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(48378);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2010-2445\");\n script_bugtraq_id(40598);\n script_xref(name:\"FEDORA\", value:\"2010-12262\");\n\n script_name(english:\"Fedora 12 : freeciv-2.2.2-1.fc12 (2010-12262)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A lot of fixes and updates, including a security fix. Fixes #612296\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=612296\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2010-August/045854.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?94d7bb51\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected freeciv package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:freeciv\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:12\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/08/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/08/20\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^12([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 12.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC12\", reference:\"freeciv-2.2.2-1.fc12\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"freeciv\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-12T10:07:54", "description": "A lot of fixes and updates, including a security fix. Fixes #612296\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 25, "published": "2010-08-20T00:00:00", "title": "Fedora 13 : freeciv-2.2.2-1.fc13 (2010-12256)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-2445"], "modified": "2010-08-20T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:13", "p-cpe:/a:fedoraproject:fedora:freeciv"], "id": "FEDORA_2010-12256.NASL", "href": "https://www.tenable.com/plugins/nessus/48377", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2010-12256.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(48377);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2010-2445\");\n script_bugtraq_id(40598);\n script_xref(name:\"FEDORA\", value:\"2010-12256\");\n\n script_name(english:\"Fedora 13 : freeciv-2.2.2-1.fc13 (2010-12256)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A lot of fixes and updates, including a security fix. Fixes #612296\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=612296\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2010-August/045953.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?fc9f8c21\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected freeciv package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:freeciv\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:13\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/08/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/08/20\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^13([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 13.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC13\", reference:\"freeciv-2.2.2-1.fc13\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"freeciv\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-12T10:07:55", "description": "A lot of fixes and updates, including a security fix. Fixes #612296\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 23, "published": "2010-08-19T00:00:00", "title": "Fedora 14 : freeciv-2.2.2-1.fc14 (2010-12371)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-2445"], "modified": "2010-08-19T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:14", "p-cpe:/a:fedoraproject:fedora:freeciv"], "id": "FEDORA_2010-12371.NASL", "href": "https://www.tenable.com/plugins/nessus/48365", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2010-12371.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(48365);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2010-2445\");\n script_bugtraq_id(40598);\n script_xref(name:\"FEDORA\", value:\"2010-12371\");\n\n script_name(english:\"Fedora 14 : freeciv-2.2.2-1.fc14 (2010-12371)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A lot of fixes and updates, including a security fix. Fixes #612296\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=612296\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2010-August/045658.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?30a007a7\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected freeciv package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:freeciv\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:14\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/08/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/08/19\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^14([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 14.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC14\", reference:\"freeciv-2.2.2-1.fc14\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"freeciv\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:37", "bulletinFamily": "software", "cvelist": ["CVE-2010-2445"], "description": "-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n _______________________________________________________________________\r\n\r\n Mandriva Linux Security Advisory MDVSA-2010:205\r\n http://www.mandriva.com/security/\r\n _______________________________________________________________________\r\n\r\n Package : freeciv\r\n Date : October 15, 2010\r\n Affected: 2010.0, 2010.1\r\n _______________________________________________________________________\r\n\r\n Problem Description:\r\n\r\n A vulnerability was discovered and corrected in freeciv:\r\n \r\n freeciv 2.2 before 2.2.1 and 2.3 before 2.3.0 allows attackers to\r\n read arbitrary files or execute arbitrary commands via scenario\r\n that contains Lua functionality, related to the (1) os, (2) io, (3)\r\n package, (4) dofile, (5) loadfile, (6) loadlib, (7) module, and (8)\r\n require modules or functions (CVE-2010-2445).\r\n \r\n The updated packages have been upgraded to v2.2.1 which is not\r\n vulnerable to this issue.\r\n _______________________________________________________________________\r\n\r\n References:\r\n\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2445\r\n _______________________________________________________________________\r\n\r\n Updated Packages:\r\n\r\n Mandriva Linux 2010.0:\r\n f2e462016bfa51641c707193f15050b4 2010.0/i586/freeciv-client-2.2.1-0.1mdv2010.0.i586.rpm\r\n 7e28a7979376addeac1ece3abcd00865 2010.0/i586/freeciv-data-2.2.1-0.1mdv2010.0.i586.rpm\r\n ed7806f924cc1ecaf780ab6a73484b86 2010.0/i586/freeciv-server-2.2.1-0.1mdv2010.0.i586.rpm \r\n 9447db00f5008ab4373bd4c03af7bc4b 2010.0/SRPMS/freeciv-2.2.1-0.1mdv2010.0.src.rpm\r\n\r\n Mandriva Linux 2010.0/X86_64:\r\n 8f268efc340ce284141c20a1fb345df8 2010.0/x86_64/freeciv-client-2.2.1-0.1mdv2010.0.x86_64.rpm\r\n eaeb56096e20284e194ee28f212deb05 2010.0/x86_64/freeciv-data-2.2.1-0.1mdv2010.0.x86_64.rpm\r\n aa1376b65f2c4e2577dfcebbb6818894 2010.0/x86_64/freeciv-server-2.2.1-0.1mdv2010.0.x86_64.rpm \r\n 9447db00f5008ab4373bd4c03af7bc4b 2010.0/SRPMS/freeciv-2.2.1-0.1mdv2010.0.src.rpm\r\n\r\n Mandriva Linux 2010.1:\r\n 2d1e4377d45abcc5665c26f02d4307aa 2010.1/i586/freeciv-client-2.2.1-0.1mdv2010.1.i586.rpm\r\n 3ca4f6fc9f371c8d5582a1b8ad4b6287 2010.1/i586/freeciv-data-2.2.1-0.1mdv2010.1.i586.rpm\r\n 374b4e4171e1616443c9c02bf6fbfe6d 2010.1/i586/freeciv-server-2.2.1-0.1mdv2010.1.i586.rpm \r\n 00d1331c2e1cf23b38fb97fb461d2329 2010.1/SRPMS/freeciv-2.2.1-0.1mdv2010.1.src.rpm\r\n\r\n Mandriva Linux 2010.1/X86_64:\r\n 745e0b2e0766e83df352579cc233aae4 2010.1/x86_64/freeciv-client-2.2.1-0.1mdv2010.1.x86_64.rpm\r\n c6d9f073d456bb7970a27352eb613d6b 2010.1/x86_64/freeciv-data-2.2.1-0.1mdv2010.1.x86_64.rpm\r\n d4557ce2c4772e5da2457f6f38a8b37a 2010.1/x86_64/freeciv-server-2.2.1-0.1mdv2010.1.x86_64.rpm \r\n 00d1331c2e1cf23b38fb97fb461d2329 2010.1/SRPMS/freeciv-2.2.1-0.1mdv2010.1.src.rpm\r\n _______________________________________________________________________\r\n\r\n To upgrade automatically use MandrivaUpdate or urpmi. The verification\r\n of md5 checksums and GPG signatures is performed automatically for you.\r\n\r\n All packages are signed by Mandriva for security. You can obtain the\r\n GPG public key of the Mandriva Security Team by executing:\r\n\r\n gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\r\n\r\n You can view other update advisories for Mandriva Linux at:\r\n\r\n http://www.mandriva.com/security/advisories\r\n\r\n If you want to report vulnerabilities, please contact\r\n\r\n security_(at)_mandriva.com\r\n _______________________________________________________________________\r\n\r\n Type Bits/KeyID Date User ID\r\n pub 1024D/22458A98 2000-07-10 Mandriva Security Team\r\n <security*mandriva.com>\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.9 (GNU/Linux)\r\n\r\niD8DBQFMuCVXmqjQ0CJFipgRAjmyAJ9O8CcnkJ9IBNEL6rlSc2C/+H6tkwCfWsOj\r\n4EvFV7Efhy5TCTSqyYhN9lg=\r\n=NK6h\r\n-----END PGP SIGNATURE-----", "edition": 1, "modified": "2010-10-16T00:00:00", "published": "2010-10-16T00:00:00", "id": "SECURITYVULNS:DOC:24936", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:24936", "title": "[ MDVSA-2010:205 ] freeciv", "type": "securityvulns", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:09:38", "bulletinFamily": "software", "cvelist": ["CVE-2010-2445"], "description": "It's possible to access files and execute commands via scenario.", "edition": 1, "modified": "2010-10-16T00:00:00", "published": "2010-10-16T00:00:00", "id": "SECURITYVULNS:VULN:11202", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:11202", "title": "freeciv unauthorized access", "type": "securityvulns", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "fedora": [{"lastseen": "2020-12-21T08:17:50", "bulletinFamily": "unix", "cvelist": ["CVE-2010-2445"], "description": "Freeciv is a turn-based, multi-player, X based strategy game. Freeciv is generally comparable to, and has compatible rules with, the Civilization II(R) game by Microprose(R). In Freeciv, each player is the leader of a civilization, and is competing with the other players in order to become the leader of the greatest civilization. ", "modified": "2010-08-19T01:11:39", "published": "2010-08-19T01:11:39", "id": "FEDORA:46B0C1113E5", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 14 Update: freeciv-2.2.2-1.fc14", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:50", "bulletinFamily": "unix", "cvelist": ["CVE-2010-2445"], "description": "Freeciv is a turn-based, multi-player, X based strategy game. Freeciv is generally comparable to, and has compatible rules with, the Civilization II(R) game by Microprose(R). In Freeciv, each player is the leader of a civilization, and is competing with the other players in order to become the leader of the greatest civilization. ", "modified": "2010-08-20T02:24:32", "published": "2010-08-20T02:24:32", "id": "FEDORA:F3A1D110745", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 13 Update: freeciv-2.2.2-1.fc13", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:50", "bulletinFamily": "unix", "cvelist": ["CVE-2010-2445"], "description": "Freeciv is a turn-based, multi-player, X based strategy game. Freeciv is generally comparable to, and has compatible rules with, the Civilization II(R) game by Microprose(R). In Freeciv, each player is the leader of a civilization, and is competing with the other players in order to become the leader of the greatest civilization. ", "modified": "2010-08-20T01:31:06", "published": "2010-08-20T01:31:06", "id": "FEDORA:E0CF9110BC8", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 12 Update: freeciv-2.2.2-1.fc12", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}]}
