ID OPENVAS:1361412562310841126 Type openvas Reporter Copyright (c) 2012 Greenbone Networks GmbH Modified 2019-03-13T00:00:00
Description
Ubuntu Update for Linux kernel vulnerabilities USN-1547-1
###############################################################################
# OpenVAS Vulnerability Test
# $Id: gb_ubuntu_USN_1547_1.nasl 14132 2019-03-13 09:25:59Z cfischer $
#
# Ubuntu Update for libgdata USN-1547-1
#
# Authors:
# System Generated Check
#
# Copyright:
# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2
# (or any later version), as published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################
if(description)
{
script_xref(name:"URL", value:"http://www.ubuntu.com/usn/usn-1547-1/");
script_oid("1.3.6.1.4.1.25623.1.0.841126");
script_version("$Revision: 14132 $");
script_tag(name:"last_modification", value:"$Date: 2019-03-13 10:25:59 +0100 (Wed, 13 Mar 2019) $");
script_tag(name:"creation_date", value:"2012-09-06 10:52:03 +0530 (Thu, 06 Sep 2012)");
script_cve_id("CVE-2012-1177");
script_tag(name:"cvss_base", value:"5.1");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:H/Au:N/C:P/I:P/A:P");
script_xref(name:"USN", value:"1547-1");
script_name("Ubuntu Update for libgdata USN-1547-1");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (c) 2012 Greenbone Networks GmbH");
script_family("Ubuntu Local Security Checks");
script_dependencies("gather-package-list.nasl");
script_mandatory_keys("ssh/login/ubuntu_linux", "ssh/login/packages", re:"ssh/login/release=UBUNTU(10\.04 LTS|11\.10|11\.04)");
script_tag(name:"summary", value:"Ubuntu Update for Linux kernel vulnerabilities USN-1547-1");
script_tag(name:"affected", value:"libgdata on Ubuntu 11.10,
Ubuntu 11.04,
Ubuntu 10.04 LTS");
script_tag(name:"solution", value:"Please Install the Updated Packages.");
script_tag(name:"insight", value:"Vreixo Formoso discovered that the libGData library, as used
by Evolution and other applications, did not properly verify SSL
certificates. A remote attacker could exploit this to perform a man
in the middle attack to view sensitive information or alter data
transmitted via the GData protocol.");
script_tag(name:"qod_type", value:"package");
script_tag(name:"solution_type", value:"VendorFix");
exit(0);
}
include("revisions-lib.inc");
include("pkg-lib-deb.inc");
release = dpkg_get_ssh_release();
if(!release)
exit(0);
res = "";
if(release == "UBUNTU10.04 LTS")
{
if ((res = isdpkgvuln(pkg:"libgdata-google1.2-1", ver:"2.28.3.1-0ubuntu6.1", rls:"UBUNTU10.04 LTS")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isdpkgvuln(pkg:"libgdata1.2-1", ver:"2.28.3.1-0ubuntu6.1", rls:"UBUNTU10.04 LTS")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isdpkgvuln(pkg:"libgdata6", ver:"0.5.2-0ubuntu1.1", rls:"UBUNTU10.04 LTS")) != NULL)
{
security_message(data:res);
exit(0);
}
if (__pkg_match) exit(99);
exit(0);
}
if(release == "UBUNTU11.10")
{
if ((res = isdpkgvuln(pkg:"libgdata13", ver:"0.9.1-0ubuntu2.1", rls:"UBUNTU11.10")) != NULL)
{
security_message(data:res);
exit(0);
}
if (__pkg_match) exit(99);
exit(0);
}
if(release == "UBUNTU11.04")
{
if ((res = isdpkgvuln(pkg:"libgdata11", ver:"0.8.0-0ubuntu1.1", rls:"UBUNTU11.04")) != NULL)
{
security_message(data:res);
exit(0);
}
if (__pkg_match) exit(99);
exit(0);
}
{"id": "OPENVAS:1361412562310841126", "type": "openvas", "bulletinFamily": "scanner", "title": "Ubuntu Update for libgdata USN-1547-1", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1547-1", "published": "2012-09-06T00:00:00", "modified": "2019-03-13T00:00:00", "cvss": {"score": 5.1, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310841126", "reporter": "Copyright (c) 2012 Greenbone Networks GmbH", "references": ["http://www.ubuntu.com/usn/usn-1547-1/", "1547-1"], "cvelist": ["CVE-2012-1177"], "lastseen": "2019-05-29T18:38:34", "viewCount": 0, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2012-1177"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:28445", "SECURITYVULNS:VULN:12556"]}, {"type": "nessus", "idList": ["UBUNTU_USN-1547-1.NASL", "MANDRIVA_MDVSA-2012-111.NASL", "OPENSUSE-2012-381.NASL", "GENTOO_GLSA-201208-06.NASL", "DEBIAN_DSA-2482.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310831701", "OPENVAS:71856", "OPENVAS:831701", "OPENVAS:841126", "OPENVAS:136141256231071856"]}, {"type": "ubuntu", "idList": ["USN-1547-1"]}, {"type": "gentoo", "idList": ["GLSA-201208-06"]}], "modified": "2019-05-29T18:38:34", "rev": 2}, "score": {"value": 5.3, "vector": "NONE", "modified": "2019-05-29T18:38:34", "rev": 2}, "vulnersScore": 5.3}, "pluginID": "1361412562310841126", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1547_1.nasl 14132 2019-03-13 09:25:59Z cfischer $\n#\n# Ubuntu Update for libgdata USN-1547-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-1547-1/\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.841126\");\n script_version(\"$Revision: 14132 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 10:25:59 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-09-06 10:52:03 +0530 (Thu, 06 Sep 2012)\");\n script_cve_id(\"CVE-2012-1177\");\n script_tag(name:\"cvss_base\", value:\"5.1\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:H/Au:N/C:P/I:P/A:P\");\n script_xref(name:\"USN\", value:\"1547-1\");\n script_name(\"Ubuntu Update for libgdata USN-1547-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(10\\.04 LTS|11\\.10|11\\.04)\");\n script_tag(name:\"summary\", value:\"Ubuntu Update for Linux kernel vulnerabilities USN-1547-1\");\n script_tag(name:\"affected\", value:\"libgdata on Ubuntu 11.10,\n Ubuntu 11.04,\n Ubuntu 10.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"insight\", value:\"Vreixo Formoso discovered that the libGData library, as used\n by Evolution and other applications, did not properly verify SSL\n certificates. A remote attacker could exploit this to perform a man\n in the middle attack to view sensitive information or alter data\n transmitted via the GData protocol.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU10.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libgdata-google1.2-1\", ver:\"2.28.3.1-0ubuntu6.1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libgdata1.2-1\", ver:\"2.28.3.1-0ubuntu6.1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libgdata6\", ver:\"0.5.2-0ubuntu1.1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU11.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libgdata13\", ver:\"0.9.1-0ubuntu2.1\", rls:\"UBUNTU11.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU11.04\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libgdata11\", ver:\"0.8.0-0ubuntu1.1\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "naslFamily": "Ubuntu Local Security Checks"}
{"cve": [{"lastseen": "2020-12-09T19:47:17", "description": "libgdata before 0.10.2 and 0.11.x before 0.11.1 does not validate SSL certificates, which allows remote attackers to obtain user names and passwords via a man-in-the-middle (MITM) attack with a spoofed certificate.", "edition": 5, "cvss3": {}, "published": "2012-08-26T20:55:00", "title": "CVE-2012-1177", "type": "cve", "cwe": ["CWE-20"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.1, "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": true}, "cvelist": ["CVE-2012-1177"], "modified": "2013-04-05T03:09:00", "cpe": ["cpe:/a:gnome:libgdata:0.10.1", "cpe:/a:gnome:libgdata:0.11.0"], "id": "CVE-2012-1177", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-1177", "cvss": {"score": 5.1, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:gnome:libgdata:0.10.1:*:*:*:*:*:*:*", "cpe:2.3:a:gnome:libgdata:0.11.0:*:*:*:*:*:*:*"]}], "ubuntu": [{"lastseen": "2020-07-08T23:40:35", "bulletinFamily": "unix", "cvelist": ["CVE-2012-1177"], "description": "Vreixo Formoso discovered that the libGData library, as used \nby Evolution and other applications, did not properly verify SSL \ncertificates. A remote attacker could exploit this to perform a man \nin the middle attack to view sensitive information or alter data \ntransmitted via the GData protocol.", "edition": 5, "modified": "2012-08-28T00:00:00", "published": "2012-08-28T00:00:00", "id": "USN-1547-1", "href": "https://ubuntu.com/security/notices/USN-1547-1", "title": "libGData, evolution-data-server vulnerability", "type": "ubuntu", "cvss": {"score": 5.1, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}}], "openvas": [{"lastseen": "2017-12-04T11:21:01", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-1177"], "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1547-1", "modified": "2017-12-01T00:00:00", "published": "2012-09-06T00:00:00", "id": "OPENVAS:841126", "href": "http://plugins.openvas.org/nasl.php?oid=841126", "type": "openvas", "title": "Ubuntu Update for libgdata USN-1547-1", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1547_1.nasl 7960 2017-12-01 06:58:16Z santu $\n#\n# Ubuntu Update for libgdata USN-1547-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Vreixo Formoso discovered that the libGData library, as used\n by Evolution and other applications, did not properly verify SSL\n certificates. A remote attacker could exploit this to perform a man\n in the middle attack to view sensitive information or alter data\n transmitted via the GData protocol.\";\n\ntag_summary = \"Ubuntu Update for Linux kernel vulnerabilities USN-1547-1\";\ntag_affected = \"libgdata on Ubuntu 11.10 ,\n Ubuntu 11.04 ,\n Ubuntu 10.04 LTS\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-1547-1/\");\n script_id(841126);\n script_version(\"$Revision: 7960 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-01 07:58:16 +0100 (Fri, 01 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-09-06 10:52:03 +0530 (Thu, 06 Sep 2012)\");\n script_cve_id(\"CVE-2012-1177\");\n script_tag(name:\"cvss_base\", value:\"5.1\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:H/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"USN\", value: \"1547-1\");\n script_name(\"Ubuntu Update for libgdata USN-1547-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU10.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libgdata-google1.2-1\", ver:\"2.28.3.1-0ubuntu6.1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libgdata1.2-1\", ver:\"2.28.3.1-0ubuntu6.1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libgdata6\", ver:\"0.5.2-0ubuntu1.1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU11.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libgdata13\", ver:\"0.9.1-0ubuntu2.1\", rls:\"UBUNTU11.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU11.04\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libgdata11\", ver:\"0.8.0-0ubuntu1.1\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 5.1, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-24T12:50:37", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-1177"], "description": "The remote host is missing updates announced in\nadvisory GLSA 201208-06.", "modified": "2017-07-07T00:00:00", "published": "2012-08-30T00:00:00", "id": "OPENVAS:71856", "href": "http://plugins.openvas.org/nasl.php?oid=71856", "type": "openvas", "title": "Gentoo Security Advisory GLSA 201208-06 (libgdata)", "sourceData": "#\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from Gentoo's XML based advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"A vulnerability in libgdata could allow remote attackers to perform\n man-in-the-middle attacks.\";\ntag_solution = \"All libgdata users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=dev-libs/libgdata-0.8.1-r2'\n \n\nhttp://www.securityspace.com/smysecure/catid.html?in=GLSA%20201208-06\nhttp://bugs.gentoo.org/show_bug.cgi?id=408245\";\ntag_summary = \"The remote host is missing updates announced in\nadvisory GLSA 201208-06.\";\n\n \n \nif(description)\n{\n script_id(71856);\n script_tag(name:\"cvss_base\", value:\"5.1\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:H/Au:N/C:P/I:P/A:P\");\n script_cve_id(\"CVE-2012-1177\");\n script_version(\"$Revision: 6589 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 10:27:50 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-08-30 11:34:52 -0400 (Thu, 30 Aug 2012)\");\n script_name(\"Gentoo Security Advisory GLSA 201208-06 (libgdata)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Gentoo Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-gentoo.inc\");\nres = \"\";\nreport = \"\";\nif((res = ispkgvuln(pkg:\"dev-libs/libgdata\", unaffected: make_list(\"ge 0.8.1-r2\"), vulnerable: make_list(\"lt 0.8.1-r2\"))) != NULL ) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 5.1, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-01-06T13:07:04", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-1177"], "description": "Check for the Version of libgdata", "modified": "2018-01-05T00:00:00", "published": "2012-07-26T00:00:00", "id": "OPENVAS:831701", "href": "http://plugins.openvas.org/nasl.php?oid=831701", "type": "openvas", "title": "Mandriva Update for libgdata MDVSA-2012:111 (libgdata)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for libgdata MDVSA-2012:111 (libgdata)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"A vulnerability has been discovered and corrected in libgdata:\n\n It was found that previously libgdata, a GLib-based library for\n accessing online service APIs using the GData protocol, did not\n perform SSL certificates validation even for secured connections. An\n application, linked against the libgdata library and holding the\n trust about the other side of the connection being the valid owner\n of the certificate, could be tricked into accepting of a spoofed SSL\n certificate by mistake (MITM attack) (CVE-2012-1177).\n\n The updated packages have been patched to correct this issue.\";\n\ntag_affected = \"libgdata on Mandriva Linux 2011.0\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://www.mandriva.com/en/support/security/advisories/?name=MDVSA-2012:111\");\n script_id(831701);\n script_version(\"$Revision: 8295 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-05 07:29:18 +0100 (Fri, 05 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-07-26 11:15:40 +0530 (Thu, 26 Jul 2012)\");\n script_cve_id(\"CVE-2012-1177\");\n script_tag(name:\"cvss_base\", value:\"5.1\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:H/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"MDVSA\", value: \"2012:111\");\n script_name(\"Mandriva Update for libgdata MDVSA-2012:111 (libgdata)\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of libgdata\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"MNDK_2011.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"libgdata7\", rpm:\"libgdata7~0.6.6~3.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libgdata-devel\", rpm:\"libgdata-devel~0.6.6~3.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libgdata-i18n\", rpm:\"libgdata-i18n~0.6.6~3.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64gdata7\", rpm:\"lib64gdata7~0.6.6~3.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64gdata-devel\", rpm:\"lib64gdata-devel~0.6.6~3.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 5.1, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:39:15", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-1177"], "description": "The remote host is missing updates announced in\nadvisory GLSA 201208-06.", "modified": "2018-10-12T00:00:00", "published": "2012-08-30T00:00:00", "id": "OPENVAS:136141256231071856", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231071856", "type": "openvas", "title": "Gentoo Security Advisory GLSA 201208-06 (libgdata)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: glsa_201208_06.nasl 11859 2018-10-12 08:53:01Z cfischer $\n#\n# Auto generated from Gentoo's XML based advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.71856\");\n script_tag(name:\"cvss_base\", value:\"5.1\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:H/Au:N/C:P/I:P/A:P\");\n script_cve_id(\"CVE-2012-1177\");\n script_version(\"$Revision: 11859 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-12 10:53:01 +0200 (Fri, 12 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-08-30 11:34:52 -0400 (Thu, 30 Aug 2012)\");\n script_name(\"Gentoo Security Advisory GLSA 201208-06 (libgdata)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Gentoo Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_tag(name:\"insight\", value:\"A vulnerability in libgdata could allow remote attackers to perform\n man-in-the-middle attacks.\");\n script_tag(name:\"solution\", value:\"All libgdata users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=dev-libs/libgdata-0.8.1-r2'\");\n\n script_xref(name:\"URL\", value:\"http://www.securityspace.com/smysecure/catid.html?in=GLSA%20201208-06\");\n script_xref(name:\"URL\", value:\"http://bugs.gentoo.org/show_bug.cgi?id=408245\");\n script_tag(name:\"summary\", value:\"The remote host is missing updates announced in\nadvisory GLSA 201208-06.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"pkg-lib-gentoo.inc\");\ninclude(\"revisions-lib.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = ispkgvuln(pkg:\"dev-libs/libgdata\", unaffected: make_list(\"ge 0.8.1-r2\"), vulnerable: make_list(\"lt 0.8.1-r2\"))) != NULL ) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}\n", "cvss": {"score": 5.1, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:38:46", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-1177"], "description": "The remote host is missing an update for the ", "modified": "2018-11-16T00:00:00", "published": "2012-07-26T00:00:00", "id": "OPENVAS:1361412562310831701", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310831701", "type": "openvas", "title": "Mandriva Update for libgdata MDVSA-2012:111 (libgdata)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for libgdata MDVSA-2012:111 (libgdata)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://www.mandriva.com/en/support/security/advisories/?name=MDVSA-2012:111\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.831701\");\n script_version(\"$Revision: 12381 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-16 12:16:30 +0100 (Fri, 16 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-07-26 11:15:40 +0530 (Thu, 26 Jul 2012)\");\n script_cve_id(\"CVE-2012-1177\");\n script_tag(name:\"cvss_base\", value:\"5.1\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:H/Au:N/C:P/I:P/A:P\");\n script_xref(name:\"MDVSA\", value:\"2012:111\");\n script_name(\"Mandriva Update for libgdata MDVSA-2012:111 (libgdata)\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'libgdata'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\", re:\"ssh/login/release=MNDK_2011\\.0\");\n script_tag(name:\"affected\", value:\"libgdata on Mandriva Linux 2011.0\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"insight\", value:\"A vulnerability has been discovered and corrected in libgdata:\n\n It was found that previously libgdata, a GLib-based library for\n accessing online service APIs using the GData protocol, did not\n perform SSL certificates validation even for secured connections. An\n application, linked against the libgdata library and holding the\n trust about the other side of the connection being the valid owner\n of the certificate, could be tricked into accepting of a spoofed SSL\n certificate by mistake (MITM attack) (CVE-2012-1177).\n\n The updated packages have been patched to correct this issue.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"MNDK_2011.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"libgdata7\", rpm:\"libgdata7~0.6.6~3.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libgdata-devel\", rpm:\"libgdata-devel~0.6.6~3.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libgdata-i18n\", rpm:\"libgdata-i18n~0.6.6~3.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64gdata7\", rpm:\"lib64gdata7~0.6.6~3.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64gdata-devel\", rpm:\"lib64gdata-devel~0.6.6~3.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.1, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}}], "securityvulns": [{"lastseen": "2018-08-31T11:09:48", "bulletinFamily": "software", "cvelist": ["CVE-2012-1177"], "description": "Certificate is not validated allowing man-in-the-middle attack.", "edition": 1, "modified": "2012-09-02T00:00:00", "published": "2012-09-02T00:00:00", "id": "SECURITYVULNS:VULN:12556", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:12556", "title": "libgdata certificate spoofing", "type": "securityvulns", "cvss": {"score": 5.1, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:10:45", "bulletinFamily": "software", "cvelist": ["CVE-2012-1177"], "description": "\r\n\r\n==========================================================================\r\nUbuntu Security Notice USN-1547-1\r\nAugust 28, 2012\r\n\r\nlibgdata, evolution-data-server vulnerability\r\n==========================================================================\r\n\r\nA security issue affects these releases of Ubuntu and its derivatives:\r\n\r\n- Ubuntu 11.10\r\n- Ubuntu 11.04\r\n- Ubuntu 10.04 LTS\r\n\r\nSummary:\r\n\r\nApplications using GData services could be made to expose sensitive\r\ninformation over the network.\r\n\r\nSoftware Description:\r\n- libgdata: Library to access GData services\r\n- evolution-data-server: Evolution suite data server\r\n\r\nDetails:\r\n\r\nVreixo Formoso discovered that the libGData library, as used\r\nby Evolution and other applications, did not properly verify SSL\r\ncertificates. A remote attacker could exploit this to perform a man\r\nin the middle attack to view sensitive information or alter data\r\ntransmitted via the GData protocol.\r\n\r\nUpdate instructions:\r\n\r\nThe problem can be corrected by updating your system to the following\r\npackage versions:\r\n\r\nUbuntu 11.10:\r\n libgdata13 0.9.1-0ubuntu2.1\r\n\r\nUbuntu 11.04:\r\n libgdata11 0.8.0-0ubuntu1.1\r\n\r\nUbuntu 10.04 LTS:\r\n libgdata-google1.2-1 2.28.3.1-0ubuntu6.1\r\n libgdata1.2-1 2.28.3.1-0ubuntu6.1\r\n libgdata6 0.5.2-0ubuntu1.1\r\n\r\nIn general, a standard system update will make all the necessary changes.\r\n\r\nReferences:\r\n http://www.ubuntu.com/usn/usn-1547-1\r\n CVE-2012-1177\r\n\r\nPackage Information:\r\n https://launchpad.net/ubuntu/+source/libgdata/0.9.1-0ubuntu2.1\r\n https://launchpad.net/ubuntu/+source/libgdata/0.8.0-0ubuntu1.1\r\n https://launchpad.net/ubuntu/+source/evolution-data-server/2.28.3.1-0ubuntu6.1\r\n https://launchpad.net/ubuntu/+source/libgdata/0.5.2-0ubuntu1.1\r\n\r\n\r\n\r\n-- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce\r\n", "edition": 1, "modified": "2012-09-02T00:00:00", "published": "2012-09-02T00:00:00", "id": "SECURITYVULNS:DOC:28445", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:28445", "title": "[USN-1547-1] libGData, evolution-data-server vulnerability", "type": "securityvulns", "cvss": {"score": 5.1, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "gentoo": [{"lastseen": "2016-09-06T19:46:26", "bulletinFamily": "unix", "cvelist": ["CVE-2012-1177"], "edition": 1, "description": "### Background\n\nlibgdata is a GLib-based library for accessing online service APIs using the GData protocol. \n\n### Description\n\nAn error in the \"_gdata_service_build_session()\" function of gdata-service.c prevents libgdata from properly validating certificates. \n\n### Impact\n\nA remote attacker could perform man-in-the-middle attacks to spoof arbitrary SSL servers via a crafted certificate. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll libgdata users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev-libs/libgdata-0.8.1-r2\"", "modified": "2012-08-14T00:00:00", "published": "2012-08-14T00:00:00", "id": "GLSA-201208-06", "href": "https://security.gentoo.org/glsa/201208-06", "type": "gentoo", "title": "libgdata: Man-in-the-Middle attack", "cvss": {"score": 5.1, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "nessus": [{"lastseen": "2021-01-07T11:53:48", "description": "A vulnerability has been discovered and corrected in libgdata :\n\nIt was found that previously libgdata, a GLib-based library for\naccessing online service APIs using the GData protocol, did not\nperform SSL certificates validation even for secured connections. An\napplication, linked against the libgdata library and holding the trust\nabout the other side of the connection being the valid owner of the\ncertificate, could be tricked into accepting of a spoofed SSL\ncertificate by mistake (MITM attack) (CVE-2012-1177).\n\nThe updated packages have been patched to correct this issue.", "edition": 24, "published": "2012-09-06T00:00:00", "title": "Mandriva Linux Security Advisory : libgdata (MDVSA-2012:111)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-1177"], "modified": "2012-09-06T00:00:00", "cpe": ["p-cpe:/a:mandriva:linux:libgdata-devel", "cpe:/o:mandriva:linux:2011", "p-cpe:/a:mandriva:linux:lib64gdata7", "p-cpe:/a:mandriva:linux:libgdata-i18n", "p-cpe:/a:mandriva:linux:lib64gdata-devel", "p-cpe:/a:mandriva:linux:libgdata7"], "id": "MANDRIVA_MDVSA-2012-111.NASL", "href": "https://www.tenable.com/plugins/nessus/61964", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2012:111. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(61964);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2012-1177\");\n script_bugtraq_id(52504, 54750);\n script_xref(name:\"MDVSA\", value:\"2012:111\");\n\n script_name(english:\"Mandriva Linux Security Advisory : libgdata (MDVSA-2012:111)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A vulnerability has been discovered and corrected in libgdata :\n\nIt was found that previously libgdata, a GLib-based library for\naccessing online service APIs using the GData protocol, did not\nperform SSL certificates validation even for secured connections. An\napplication, linked against the libgdata library and holding the trust\nabout the other side of the connection being the valid owner of the\ncertificate, could be tricked into accepting of a spoofed SSL\ncertificate by mistake (MITM attack) (CVE-2012-1177).\n\nThe updated packages have been patched to correct this issue.\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64gdata-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64gdata7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libgdata-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libgdata-i18n\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libgdata7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2011\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/07/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/09/06\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK2011\", cpu:\"x86_64\", reference:\"lib64gdata-devel-0.6.6-3.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", cpu:\"x86_64\", reference:\"lib64gdata7-0.6.6-3.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", cpu:\"i386\", reference:\"libgdata-devel-0.6.6-3.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"libgdata-i18n-0.6.6-3.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", cpu:\"i386\", reference:\"libgdata7-0.6.6-3.1-mdv2011.0\", yank:\"mdv\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.1, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-07T10:54:24", "description": "The remote host is affected by the vulnerability described in GLSA-201208-06\n(libgdata: Man-in-the-Middle attack)\n\n An error in the '_gdata_service_build_session()' function of\n gdata-service.c prevents libgdata from properly validating certificates.\n \nImpact :\n\n A remote attacker could perform man-in-the-middle attacks to spoof\n arbitrary SSL servers via a crafted certificate.\n \nWorkaround :\n\n There is no known workaround at this time.", "edition": 22, "published": "2012-08-15T00:00:00", "title": "GLSA-201208-06 : libgdata: Man-in-the-Middle attack", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-1177"], "modified": "2012-08-15T00:00:00", "cpe": ["cpe:/o:gentoo:linux", "p-cpe:/a:gentoo:linux:libgdata"], "id": "GENTOO_GLSA-201208-06.NASL", "href": "https://www.tenable.com/plugins/nessus/61545", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 201208-06.\n#\n# The advisory text is Copyright (C) 2001-2015 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(61545);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2012-1177\");\n script_bugtraq_id(52504);\n script_xref(name:\"GLSA\", value:\"201208-06\");\n\n script_name(english:\"GLSA-201208-06 : libgdata: Man-in-the-Middle attack\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-201208-06\n(libgdata: Man-in-the-Middle attack)\n\n An error in the '_gdata_service_build_session()' function of\n gdata-service.c prevents libgdata from properly validating certificates.\n \nImpact :\n\n A remote attacker could perform man-in-the-middle attacks to spoof\n arbitrary SSL servers via a crafted certificate.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/201208-06\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All libgdata users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=dev-libs/libgdata-0.8.1-r2'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:libgdata\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/08/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/08/15\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"dev-libs/libgdata\", unaffected:make_list(\"ge 0.8.1-r2\"), vulnerable:make_list(\"lt 0.8.1-r2\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:qpkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libgdata\");\n}\n", "cvss": {"score": 5.1, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-12T09:47:29", "description": "Vreixo Formoso discovered that libgdata, a library used to access\nvarious Google services, wasn't validating certificates against\ntrusted system root CAs when using an HTTPS connection.", "edition": 17, "published": "2012-06-29T00:00:00", "title": "Debian DSA-2482-1 : libgdata - insufficient certificate validation", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-1177"], "modified": "2012-06-29T00:00:00", "cpe": ["cpe:/o:debian:debian_linux:6.0", "p-cpe:/a:debian:debian_linux:libgdata"], "id": "DEBIAN_DSA-2482.NASL", "href": "https://www.tenable.com/plugins/nessus/59760", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-2482. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(59760);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2012-1177\");\n script_bugtraq_id(52504);\n script_xref(name:\"DSA\", value:\"2482\");\n\n script_name(english:\"Debian DSA-2482-1 : libgdata - insufficient certificate validation\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Vreixo Formoso discovered that libgdata, a library used to access\nvarious Google services, wasn't validating certificates against\ntrusted system root CAs when using an HTTPS connection.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=664032\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/squeeze/libgdata\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2012/dsa-2482\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the libgdata packages.\n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 0.6.4-2+squeeze1.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libgdata\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:6.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/06/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/06/29\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"6.0\", prefix:\"gir1.0-gdata-0.0\", reference:\"0.6.4-2+squeeze1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libgdata-common\", reference:\"0.6.4-2+squeeze1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libgdata-dev\", reference:\"0.6.4-2+squeeze1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libgdata-doc\", reference:\"0.6.4-2+squeeze1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libgdata7\", reference:\"0.6.4-2+squeeze1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.1, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-06-05T11:12:02", "description": "Changes in libgdata :\n\n - Add libgdata-validate-ssl-cert.patch: validate SSL\n certificates for all connections. Fix bnc#752088,\n CVE-2012-1177.\n\n - Add gnome-common BuildRequires and call\n gnome-autogen.sh: needed for above patch.\n\n - Pass --with-ca-certs=/etc/ssl/ca-bundle.pem to configure\n to let libgdata know about the location of our\n certificates.", "edition": 18, "published": "2014-06-13T00:00:00", "title": "openSUSE Security Update : libgdata (openSUSE-SU-2012:0862-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-1177"], "modified": "2014-06-13T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:libgdata-devel", "cpe:/o:novell:opensuse:12.1", "p-cpe:/a:novell:opensuse:libgdata13", "p-cpe:/a:novell:opensuse:libgdata-lang", "p-cpe:/a:novell:opensuse:libgdata13-32bit", "p-cpe:/a:novell:opensuse:libgdata13-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libgdata13-debuginfo", "p-cpe:/a:novell:opensuse:libgdata-debugsource"], "id": "OPENSUSE-2012-381.NASL", "href": "https://www.tenable.com/plugins/nessus/74676", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2012-381.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(74676);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/06/04\");\n\n script_cve_id(\"CVE-2012-1177\");\n\n script_name(english:\"openSUSE Security Update : libgdata (openSUSE-SU-2012:0862-1)\");\n script_summary(english:\"Check for the openSUSE-2012-381 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Changes in libgdata :\n\n - Add libgdata-validate-ssl-cert.patch: validate SSL\n certificates for all connections. Fix bnc#752088,\n CVE-2012-1177.\n\n - Add gnome-common BuildRequires and call\n gnome-autogen.sh: needed for above patch.\n\n - Pass --with-ca-certs=/etc/ssl/ca-bundle.pem to configure\n to let libgdata know about the location of our\n certificates.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=752088\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2012-07/msg00023.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libgdata packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libgdata-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libgdata-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libgdata-lang\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libgdata13\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libgdata13-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libgdata13-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libgdata13-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:12.1\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/08/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/07/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE12\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"12.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libgdata-debugsource-0.10.1-2.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libgdata-devel-0.10.1-2.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libgdata-lang-0.10.1-2.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libgdata13-0.10.1-2.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libgdata13-debuginfo-0.10.1-2.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"libgdata13-32bit-0.10.1-2.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"libgdata13-debuginfo-32bit-0.10.1-2.4.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libgdata\");\n}\n", "cvss": {"score": 5.1, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-01T06:38:09", "description": "Vreixo Formoso discovered that the libGData library, as used by\nEvolution and other applications, did not properly verify SSL\ncertificates. A remote attacker could exploit this to perform a man in\nthe middle attack to view sensitive information or alter data\ntransmitted via the GData protocol.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 24, "published": "2012-08-29T00:00:00", "title": "Ubuntu 10.04 LTS / 11.04 / 11.10 : libgdata, evolution-data-server vulnerability (USN-1547-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-1177"], "modified": "2021-01-02T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:libgdata-google1.2-1", "p-cpe:/a:canonical:ubuntu_linux:libgdata1.2-1", "cpe:/o:canonical:ubuntu_linux:11.10", "p-cpe:/a:canonical:ubuntu_linux:libgdata13", "cpe:/o:canonical:ubuntu_linux:11.04", "cpe:/o:canonical:ubuntu_linux:10.04:-:lts", "p-cpe:/a:canonical:ubuntu_linux:libgdata6", "p-cpe:/a:canonical:ubuntu_linux:libgdata11"], "id": "UBUNTU_USN-1547-1.NASL", "href": "https://www.tenable.com/plugins/nessus/61707", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-1547-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(61707);\n script_version(\"1.7\");\n script_cvs_date(\"Date: 2019/09/19 12:54:28\");\n\n script_cve_id(\"CVE-2012-1177\");\n script_bugtraq_id(52504);\n script_xref(name:\"USN\", value:\"1547-1\");\n\n script_name(english:\"Ubuntu 10.04 LTS / 11.04 / 11.10 : libgdata, evolution-data-server vulnerability (USN-1547-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Vreixo Formoso discovered that the libGData library, as used by\nEvolution and other applications, did not properly verify SSL\ncertificates. A remote attacker could exploit this to perform a man in\nthe middle attack to view sensitive information or alter data\ntransmitted via the GData protocol.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/1547-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libgdata-google1.2-1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libgdata1.2-1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libgdata11\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libgdata13\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libgdata6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:10.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:11.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:11.10\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/08/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/08/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/08/29\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2012-2019 Canonical, Inc. / NASL script (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(10\\.04|11\\.04|11\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 10.04 / 11.04 / 11.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"10.04\", pkgname:\"libgdata-google1.2-1\", pkgver:\"2.28.3.1-0ubuntu6.1\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"libgdata1.2-1\", pkgver:\"2.28.3.1-0ubuntu6.1\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"libgdata6\", pkgver:\"0.5.2-0ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"11.04\", pkgname:\"libgdata11\", pkgver:\"0.8.0-0ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"11.10\", pkgname:\"libgdata13\", pkgver:\"0.9.1-0ubuntu2.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libgdata-google1.2-1 / libgdata1.2-1 / libgdata11 / libgdata13 / etc\");\n}\n", "cvss": {"score": 5.1, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}}]}
