Lucene search
Copyright (C) 2011 Greenbone AGOPENVAS:1361412562310831362HistoryApr 06, 2011 - 12:00 a.m.
Mandriva Update for xmlsec1 MDVSA-2011:063 (xmlsec1)
2011-04-0600:00:00
Copyright (C) 2011 Greenbone AG
plugins.openvas.org
7
8.1 High
AI Score
Confidence
High
5.1 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
HIGH
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:H/Au:N/C:P/I:P/A:P
0.012 Low
EPSS
Percentile
85.4%
The remote host is missing an update for the
# SPDX-FileCopyrightText: 2011 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only
if(description)
{
script_xref(name:"URL", value:"http://lists.mandriva.com/security-announce/2011-04/msg00005.php");
script_oid("1.3.6.1.4.1.25623.1.0.831362");
script_version("2023-07-14T16:09:26+0000");
script_tag(name:"last_modification", value:"2023-07-14 16:09:26 +0000 (Fri, 14 Jul 2023)");
script_tag(name:"creation_date", value:"2011-04-06 16:20:31 +0200 (Wed, 06 Apr 2011)");
script_tag(name:"cvss_base", value:"5.1");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:H/Au:N/C:P/I:P/A:P");
script_xref(name:"MDVSA", value:"2011:063");
script_cve_id("CVE-2011-1425");
script_name("Mandriva Update for xmlsec1 MDVSA-2011:063 (xmlsec1)");
script_tag(name:"summary", value:"The remote host is missing an update for the 'xmlsec1'
package(s) announced via the referenced advisory.");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2011 Greenbone AG");
script_family("Mandrake Local Security Checks");
script_dependencies("gather-package-list.nasl");
script_mandatory_keys("ssh/login/mandriva_mandrake_linux", "ssh/login/release", re:"ssh/login/release=MNDK_(mes5|2010\.0|2009\.0)");
script_tag(name:"affected", value:"xmlsec1 on Mandriva Linux 2009.0,
Mandriva Linux 2009.0/X86_64,
Mandriva Linux 2010.0,
Mandriva Linux 2010.0/X86_64,
Mandriva Enterprise Server 5,
Mandriva Enterprise Server 5/X86_64");
script_tag(name:"insight", value:"A vulnerability was discovered and corrected in xmlsec1:
xslt.c in XML Security Library (aka xmlsec) before 1.2.17, as
used in WebKit and other products, when XSLT is enabled, allows
remote attackers to create or overwrite arbitrary files via vectors
involving the libxslt output extension and a ds:Transform element
during signature verification (CVE-2011-1425).
Packages for 2009.0 are provided as of the Extended Maintenance
Program. The updated packages have been patched to correct this issue.");
script_tag(name:"solution", value:"Please Install the Updated Packages.");
script_tag(name:"qod_type", value:"package");
script_tag(name:"solution_type", value:"VendorFix");
script_xref(name:"URL", value:"http://store.mandriva.com/product_info.php?cPath=149&products_id=490");
exit(0);
}
include("revisions-lib.inc");
include("pkg-lib-rpm.inc");
release = rpm_get_ssh_release();
if(!release) exit(0);
res = "";
if(release == "MNDK_mes5")
{
if ((res = isrpmvuln(pkg:"libxmlsec1-1", rpm:"libxmlsec1-1~1.2.10~7.3mdvmes5.2", rls:"MNDK_mes5")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"libxmlsec1-devel", rpm:"libxmlsec1-devel~1.2.10~7.3mdvmes5.2", rls:"MNDK_mes5")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"libxmlsec1-gnutls1", rpm:"libxmlsec1-gnutls1~1.2.10~7.3mdvmes5.2", rls:"MNDK_mes5")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"libxmlsec1-gnutls-devel", rpm:"libxmlsec1-gnutls-devel~1.2.10~7.3mdvmes5.2", rls:"MNDK_mes5")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"libxmlsec1-nss1", rpm:"libxmlsec1-nss1~1.2.10~7.3mdvmes5.2", rls:"MNDK_mes5")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"libxmlsec1-nss-devel", rpm:"libxmlsec1-nss-devel~1.2.10~7.3mdvmes5.2", rls:"MNDK_mes5")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"libxmlsec1-openssl1", rpm:"libxmlsec1-openssl1~1.2.10~7.3mdvmes5.2", rls:"MNDK_mes5")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"libxmlsec1-openssl-devel", rpm:"libxmlsec1-openssl-devel~1.2.10~7.3mdvmes5.2", rls:"MNDK_mes5")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"xmlsec1", rpm:"xmlsec1~1.2.10~7.3mdvmes5.2", rls:"MNDK_mes5")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"lib64xmlsec1-1", rpm:"lib64xmlsec1-1~1.2.10~7.3mdvmes5.2", rls:"MNDK_mes5")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"lib64xmlsec1-devel", rpm:"lib64xmlsec1-devel~1.2.10~7.3mdvmes5.2", rls:"MNDK_mes5")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"lib64xmlsec1-gnutls1", rpm:"lib64xmlsec1-gnutls1~1.2.10~7.3mdvmes5.2", rls:"MNDK_mes5")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"lib64xmlsec1-gnutls-devel", rpm:"lib64xmlsec1-gnutls-devel~1.2.10~7.3mdvmes5.2", rls:"MNDK_mes5")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"lib64xmlsec1-nss1", rpm:"lib64xmlsec1-nss1~1.2.10~7.3mdvmes5.2", rls:"MNDK_mes5")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"lib64xmlsec1-nss-devel", rpm:"lib64xmlsec1-nss-devel~1.2.10~7.3mdvmes5.2", rls:"MNDK_mes5")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"lib64xmlsec1-openssl1", rpm:"lib64xmlsec1-openssl1~1.2.10~7.3mdvmes5.2", rls:"MNDK_mes5")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"lib64xmlsec1-openssl-devel", rpm:"lib64xmlsec1-openssl-devel~1.2.10~7.3mdvmes5.2", rls:"MNDK_mes5")) != NULL)
{
security_message(data:res);
exit(0);
}
if (__pkg_match) exit(99);
exit(0);
}
if(release == "MNDK_2010.0")
{
if ((res = isrpmvuln(pkg:"libxmlsec1-1", rpm:"libxmlsec1-1~1.2.13~1.2mdv2010.0", rls:"MNDK_2010.0")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"libxmlsec1-devel", rpm:"libxmlsec1-devel~1.2.13~1.2mdv2010.0", rls:"MNDK_2010.0")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"libxmlsec1-gnutls1", rpm:"libxmlsec1-gnutls1~1.2.13~1.2mdv2010.0", rls:"MNDK_2010.0")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"libxmlsec1-gnutls-devel", rpm:"libxmlsec1-gnutls-devel~1.2.13~1.2mdv2010.0", rls:"MNDK_2010.0")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"libxmlsec1-nss1", rpm:"libxmlsec1-nss1~1.2.13~1.2mdv2010.0", rls:"MNDK_2010.0")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"libxmlsec1-nss-devel", rpm:"libxmlsec1-nss-devel~1.2.13~1.2mdv2010.0", rls:"MNDK_2010.0")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"libxmlsec1-openssl1", rpm:"libxmlsec1-openssl1~1.2.13~1.2mdv2010.0", rls:"MNDK_2010.0")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"libxmlsec1-openssl-devel", rpm:"libxmlsec1-openssl-devel~1.2.13~1.2mdv2010.0", rls:"MNDK_2010.0")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"xmlsec1", rpm:"xmlsec1~1.2.13~1.2mdv2010.0", rls:"MNDK_2010.0")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"lib64xmlsec1-1", rpm:"lib64xmlsec1-1~1.2.13~1.2mdv2010.0", rls:"MNDK_2010.0")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"lib64xmlsec1-devel", rpm:"lib64xmlsec1-devel~1.2.13~1.2mdv2010.0", rls:"MNDK_2010.0")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"lib64xmlsec1-gnutls1", rpm:"lib64xmlsec1-gnutls1~1.2.13~1.2mdv2010.0", rls:"MNDK_2010.0")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"lib64xmlsec1-gnutls-devel", rpm:"lib64xmlsec1-gnutls-devel~1.2.13~1.2mdv2010.0", rls:"MNDK_2010.0")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"lib64xmlsec1-nss1", rpm:"lib64xmlsec1-nss1~1.2.13~1.2mdv2010.0", rls:"MNDK_2010.0")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"lib64xmlsec1-nss-devel", rpm:"lib64xmlsec1-nss-devel~1.2.13~1.2mdv2010.0", rls:"MNDK_2010.0")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"lib64xmlsec1-openssl1", rpm:"lib64xmlsec1-openssl1~1.2.13~1.2mdv2010.0", rls:"MNDK_2010.0")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"lib64xmlsec1-openssl-devel", rpm:"lib64xmlsec1-openssl-devel~1.2.13~1.2mdv2010.0", rls:"MNDK_2010.0")) != NULL)
{
security_message(data:res);
exit(0);
}
if (__pkg_match) exit(99);
exit(0);
}
if(release == "MNDK_2009.0")
{
if ((res = isrpmvuln(pkg:"libxmlsec1-1", rpm:"libxmlsec1-1~1.2.10~7.3mdv2009.0", rls:"MNDK_2009.0")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"libxmlsec1-devel", rpm:"libxmlsec1-devel~1.2.10~7.3mdv2009.0", rls:"MNDK_2009.0")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"libxmlsec1-gnutls1", rpm:"libxmlsec1-gnutls1~1.2.10~7.3mdv2009.0", rls:"MNDK_2009.0")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"libxmlsec1-gnutls-devel", rpm:"libxmlsec1-gnutls-devel~1.2.10~7.3mdv2009.0", rls:"MNDK_2009.0")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"libxmlsec1-nss1", rpm:"libxmlsec1-nss1~1.2.10~7.3mdv2009.0", rls:"MNDK_2009.0")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"libxmlsec1-nss-devel", rpm:"libxmlsec1-nss-devel~1.2.10~7.3mdv2009.0", rls:"MNDK_2009.0")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"libxmlsec1-openssl1", rpm:"libxmlsec1-openssl1~1.2.10~7.3mdv2009.0", rls:"MNDK_2009.0")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"libxmlsec1-openssl-devel", rpm:"libxmlsec1-openssl-devel~1.2.10~7.3mdv2009.0", rls:"MNDK_2009.0")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"xmlsec1", rpm:"xmlsec1~1.2.10~7.3mdv2009.0", rls:"MNDK_2009.0")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"lib64xmlsec1-1", rpm:"lib64xmlsec1-1~1.2.10~7.3mdv2009.0", rls:"MNDK_2009.0")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"lib64xmlsec1-devel", rpm:"lib64xmlsec1-devel~1.2.10~7.3mdv2009.0", rls:"MNDK_2009.0")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"lib64xmlsec1-gnutls1", rpm:"lib64xmlsec1-gnutls1~1.2.10~7.3mdv2009.0", rls:"MNDK_2009.0")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"lib64xmlsec1-gnutls-devel", rpm:"lib64xmlsec1-gnutls-devel~1.2.10~7.3mdv2009.0", rls:"MNDK_2009.0")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"lib64xmlsec1-nss1", rpm:"lib64xmlsec1-nss1~1.2.10~7.3mdv2009.0", rls:"MNDK_2009.0")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"lib64xmlsec1-nss-devel", rpm:"lib64xmlsec1-nss-devel~1.2.10~7.3mdv2009.0", rls:"MNDK_2009.0")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"lib64xmlsec1-openssl1", rpm:"lib64xmlsec1-openssl1~1.2.10~7.3mdv2009.0", rls:"MNDK_2009.0")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"lib64xmlsec1-openssl-devel", rpm:"lib64xmlsec1-openssl-devel~1.2.10~7.3mdv2009.0", rls:"MNDK_2009.0")) != NULL)
{
security_message(data:res);
exit(0);
}
if (__pkg_match) exit(99);
exit(0);
}
Related
oraclelinux
oraclelinux
xmlsec1 security and bug fix update
2011-05-04 00:00:00
ubuntucve
ubuntucve
CVE-2011-1425
2011-04-04 00:00:00
CVE-2011-1774
2011-07-21 00:00:00
cve
cve
CVE-2011-1425
2011-04-04 12:27:00
CVE-2011-1774
2011-07-21 23:55:00
openvas
openvas
Debian: Security Advisory (DSA-2219-1)
2011-05-12 00:00:00
Debian Security Advisory DSA 2219-1 (xmlsec1)
2011-05-12 00:00:00
CentOS Update for xmlsec1 CESA-2011:0486 centos4 i386
2011-08-09 00:00:00
nessus
nessus
Oracle Linux 4 / 5 : xmlsec1 (ELSA-2011-0486)
2013-07-12 00:00:00
RHEL 4 / 5 : xmlsec1 (RHSA-2011:0486)
2011-05-05 00:00:00
Debian DSA-2219-1 : xmlsec1 - arbitrary file overwrite
2011-04-19 00:00:00
redhat
redhat
(RHSA-2011:0486) Moderate: xmlsec1 security and bug fix update
2011-05-04 00:00:00
debiancve
debiancve
CVE-2011-1425
2011-04-04 12:27:00
securityvulns
securityvulns
[ MDVSA-2011:063 ] xmlsec1
2011-04-05 00:00:00
xmlsec library unauthorized access
2011-04-05 00:00:00
debian
debian
[SECURITY] [DSA 2219-1] xmlsec1 security update
2011-04-18 21:02:18
centos
centos
xmlsec1 security update
2011-05-05 03:26:09
cvelist
cvelist
CVE-2011-1425
2011-04-03 01:00:00
CVE-2011-1774
2011-07-21 23:00:00
prion
prion
Code injection
2011-04-04 12:27:00
Design/Logic Flaw
2011-07-21 23:55:00
freebsd
freebsd
databases/postgresql*-server -- multiple vulnerabilities
2012-08-17 00:00:00
gentoo
gentoo
Multiple packages, Multiple vulnerabilities fixed in 2011
2014-12-11 00:00:00
8.1 High
AI Score
Confidence
High
5.1 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
HIGH
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:H/Au:N/C:P/I:P/A:P
0.012 Low
EPSS
Percentile
85.4%
Related for OPENVAS:1361412562310831362