ID OPENVAS:1361412562310862240 Type openvas Reporter Copyright (c) 2010 Greenbone Networks GmbH Modified 2018-01-19T00:00:00
Description
Check for the Version of mod_mono
###############################################################################
# OpenVAS Vulnerability Test
#
# Fedora Update for mod_mono FEDORA-2010-10332
#
# Authors:
# System Generated Check
#
# Copyright:
# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2
# (or any later version), as published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################
include("revisions-lib.inc");
tag_affected = "mod_mono on Fedora 13";
tag_insight = "mod_mono allows Apache to serve ASP.NET pages by proxying the requests
to a slightly modified version of the XSP server, called mod-mono-server,
that is installed along with XSP";
tag_solution = "Please Install the Updated Packages.";
if(description)
{
script_xref(name : "URL" , value : "http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044055.html");
script_oid("1.3.6.1.4.1.25623.1.0.862240");
script_version("$Revision: 8469 $");
script_tag(name:"last_modification", value:"$Date: 2018-01-19 08:58:21 +0100 (Fri, 19 Jan 2018) $");
script_tag(name:"creation_date", value:"2010-07-16 10:40:49 +0200 (Fri, 16 Jul 2010)");
script_tag(name:"cvss_base", value:"4.3");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:M/Au:N/C:N/I:P/A:N");
script_xref(name: "FEDORA", value: "2010-10332");
script_cve_id("CVE-2010-1459");
script_name("Fedora Update for mod_mono FEDORA-2010-10332");
script_tag(name: "summary" , value: "Check for the Version of mod_mono");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (c) 2010 Greenbone Networks GmbH");
script_family("Fedora Local Security Checks");
script_dependencies("gather-package-list.nasl");
script_mandatory_keys("ssh/login/fedora", "ssh/login/rpms");
script_tag(name : "affected" , value : tag_affected);
script_tag(name : "insight" , value : tag_insight);
script_tag(name : "solution" , value : tag_solution);
script_tag(name:"qod_type", value:"package");
script_tag(name:"solution_type", value:"VendorFix");
exit(0);
}
include("pkg-lib-rpm.inc");
release = get_kb_item("ssh/login/release");
res = "";
if(release == NULL){
exit(0);
}
if(release == "FC13")
{
if ((res = isrpmvuln(pkg:"mod_mono", rpm:"mod_mono~2.6.3~1.fc13", rls:"FC13")) != NULL)
{
security_message(data:res);
exit(0);
}
if (__pkg_match) exit(99); # Not vulnerable.
exit(0);
}
{"id": "OPENVAS:1361412562310862240", "bulletinFamily": "scanner", "title": "Fedora Update for mod_mono FEDORA-2010-10332", "description": "Check for the Version of mod_mono", "published": "2010-07-16T00:00:00", "modified": "2018-01-19T00:00:00", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310862240", "reporter": "Copyright (c) 2010 Greenbone Networks GmbH", "references": ["http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044055.html", "2010-10332"], "cvelist": ["CVE-2010-1459"], "type": "openvas", "lastseen": "2018-01-19T15:04:41", "history": [], "edition": 1, "hashmap": [{"key": "bulletinFamily", "hash": "bbdaea376f500d25f6b0c1050311dd07"}, {"key": "cvelist", "hash": "9362aa4ff32d69e45472bdc392e458ec"}, {"key": "cvss", "hash": "6e9bdd2021503689a2ad9254c9cdf2b3"}, {"key": "description", "hash": "bf19d706d3fb9f0c6908e77afed6ae7c"}, {"key": "href", "hash": "e7da6ffb02eb686d61032f320967d10d"}, {"key": "modified", "hash": "8acef1c33f73aafdb7cffe84eda8c2b1"}, {"key": "naslFamily", "hash": "be931514784f88df80712740ad2723e7"}, {"key": "pluginID", "hash": "b59e76c81ebe34849814ec239b96afd3"}, {"key": "published", "hash": "8944c63abe92e62b91d35c6686db2060"}, {"key": "references", "hash": "908e1a59b563d18100fbb17832e6b035"}, {"key": "reporter", "hash": "82db6d7eefdc19955bb78be9fb178ae1"}, {"key": "sourceData", "hash": "8bd9e4e3fc41d9993a43ac56052cd118"}, {"key": "title", "hash": "24ee174bdd657a917ea910b241cd0032"}, {"key": "type", "hash": "47c1f692ea47a21f716dad07043ade01"}], "hash": "b4aabafdae492deb55b65a000cdea34a5a8b78afb6230f524e289450652a46d7", "viewCount": 0, "enchantments": {"vulnersScore": 4.0}, "objectVersion": "1.3", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for mod_mono FEDORA-2010-10332\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"mod_mono on Fedora 13\";\ntag_insight = \"mod_mono allows Apache to serve ASP.NET pages by proxying the requests\n to a slightly modified version of the XSP server, called mod-mono-server,\n that is installed along with XSP\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044055.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.862240\");\n script_version(\"$Revision: 8469 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-19 08:58:21 +0100 (Fri, 19 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2010-07-16 10:40:49 +0200 (Fri, 16 Jul 2010)\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_xref(name: \"FEDORA\", value: \"2010-10332\");\n script_cve_id(\"CVE-2010-1459\");\n script_name(\"Fedora Update for mod_mono FEDORA-2010-10332\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of mod_mono\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC13\")\n{\n\n if ((res = isrpmvuln(pkg:\"mod_mono\", rpm:\"mod_mono~2.6.3~1.fc13\", rls:\"FC13\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "naslFamily": "Fedora Local Security Checks", "pluginID": "1361412562310862240"}
{"result": {"cve": [{"id": "CVE-2010-1459", "type": "cve", "title": "CVE-2010-1459", "description": "The default configuration of ASP.NET in Mono before 2.6.4 has a value of FALSE for the EnableViewStateMac property, which allows remote attackers to conduct cross-site scripting (XSS) attacks, as demonstrated by the __VIEWSTATE parameter to 2.0/menu/menu1.aspx in the XSP sample project.", "published": "2010-05-27T15:00:00", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-1459", "cvelist": ["CVE-2010-1459"], "lastseen": "2016-09-03T13:47:53"}], "openvas": [{"id": "OPENVAS:862240", "type": "openvas", "title": "Fedora Update for mod_mono FEDORA-2010-10332", "description": "Check for the Version of mod_mono", "published": "2010-07-16T00:00:00", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=862240", "cvelist": ["CVE-2010-1459"], "lastseen": "2017-12-21T11:32:36"}, {"id": "OPENVAS:862251", "type": "openvas", "title": "Fedora Update for gnome-sharp FEDORA-2010-10332", "description": "Check for the Version of gnome-sharp", "published": "2010-07-16T00:00:00", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=862251", "cvelist": ["CVE-2010-1459"], "lastseen": "2018-01-02T10:54:09"}, {"id": "OPENVAS:862243", "type": "openvas", "title": "Fedora Update for mono FEDORA-2010-10332", "description": "Check for the Version of mono", "published": "2010-07-16T00:00:00", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=862243", "cvelist": ["CVE-2010-1459"], "lastseen": "2018-01-02T10:54:44"}, {"id": "OPENVAS:862242", "type": "openvas", "title": "Fedora Update for mono-basic FEDORA-2010-10332", "description": "Check for the Version of mono-basic", "published": "2010-07-16T00:00:00", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=862242", "cvelist": ["CVE-2010-1459"], "lastseen": "2017-12-15T11:58:13"}, {"id": "OPENVAS:1361412562310862244", "type": "openvas", "title": "Fedora Update for mono-tools FEDORA-2010-10332", "description": "Check for the Version of mono-tools", "published": "2010-07-16T00:00:00", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310862244", "cvelist": ["CVE-2010-1459"], "lastseen": "2018-01-19T15:04:29"}, {"id": "OPENVAS:862244", "type": "openvas", "title": "Fedora Update for mono-tools FEDORA-2010-10332", "description": "Check for the Version of mono-tools", "published": "2010-07-16T00:00:00", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=862244", "cvelist": ["CVE-2010-1459"], "lastseen": "2017-12-21T11:32:21"}, {"id": "OPENVAS:862252", "type": "openvas", "title": "Fedora Update for libgdiplus FEDORA-2010-10332", "description": "Check for the Version of libgdiplus", "published": "2010-07-16T00:00:00", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=862252", "cvelist": ["CVE-2010-1459"], "lastseen": "2018-01-02T10:54:06"}, {"id": "OPENVAS:1361412562310862251", "type": "openvas", "title": "Fedora Update for gnome-sharp FEDORA-2010-10332", "description": "Check for the Version of gnome-sharp", "published": "2010-07-16T00:00:00", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310862251", "cvelist": ["CVE-2010-1459"], "lastseen": "2018-01-25T10:54:53"}, {"id": "OPENVAS:1361412562310862243", "type": "openvas", "title": "Fedora Update for mono FEDORA-2010-10332", "description": "Check for the Version of mono", "published": "2010-07-16T00:00:00", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310862243", "cvelist": ["CVE-2010-1459"], "lastseen": "2018-01-23T13:05:52"}, {"id": "OPENVAS:1361412562310862252", "type": "openvas", "title": "Fedora Update for libgdiplus FEDORA-2010-10332", "description": "Check for the Version of libgdiplus", "published": "2010-07-16T00:00:00", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310862252", "cvelist": ["CVE-2010-1459"], "lastseen": "2018-01-22T13:05:33"}], "nessus": [{"id": "SUSE_11_0_BYTEFX-DATA-MYSQL-100422.NASL", "type": "nessus", "title": "openSUSE Security Update : bytefx-data-mysql (openSUSE-SU-2010:0342-1)", "description": "Mono's ASP.NET implementation did not set the 'EnableViewStateMac' property by default. Attackers could exploit that to conduct cross-site-scripting (XSS) attacks.", "published": "2010-07-01T00:00:00", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=47569", "cvelist": ["CVE-2010-1459"], "lastseen": "2017-10-29T13:40:10"}, {"id": "SUSE_11_1_BYTEFX-DATA-MYSQL-100422.NASL", "type": "nessus", "title": "openSUSE Security Update : bytefx-data-mysql (openSUSE-SU-2010:0342-1)", "description": "Mono's ASP.NET implementation did not set the 'EnableViewStateMac' property by default. Attackers could exploit that to conduct cross-site-scripting (XSS) attacks.", "published": "2010-07-01T00:00:00", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=47571", "cvelist": ["CVE-2010-1459"], "lastseen": "2017-10-29T13:43:08"}, {"id": "SUSE_11_BYTEFX-DATA-MYSQL-100422.NASL", "type": "nessus", "title": "SuSE 11 / 11.1 Security Update : mono-core / Mono (SAT Patch Numbers 2326 / 2474)", "description": "Mono's ASP.NET implementation did not set the 'EnableViewStateMac' property by default. Attackers could exploit that to conduct cross-site scripting (XSS) attacks.", "published": "2010-12-02T00:00:00", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=50892", "cvelist": ["CVE-2010-1459"], "lastseen": "2017-10-29T13:38:46"}, {"id": "FEDORA_2010-10433.NASL", "type": "nessus", "title": "Fedora 12 : mono-2.4.3.1-2.fc12 (2010-10433)", "description": "- Thu Jun 24 2010 Christian Krause <chkr at fedoraproject.org> - 2.4.3.1-2\n\n - Add upstream patch for CVE-2010-1459:\n http://anonsvn.mono-project.com/viewvc?view=revision&r evision=156450\n\n - Wed Jan 13 2010 Christian Krause <chkr at fedoraproject.org> - 2.4.3.1-1\n\n - Update to 2.4.3.1\n\n - Wed Dec 23 2009 Christian Krause <chkr at fedoraproject.org> - 2.4.3-1\n\n - Update to 2.4.3\n\n - Drop mono-242-metadata-appconf.patch (fixed upstream)\n\n - package mono.snk for packages without bundled keys to use\n\n - put mono.snk in /etc/pki/mono/\n\n - package /etc/pki/mono/* in mono-devel\n\n - change %gac_dll macro to be more specific about the files to package (necessary to correctly select all files for the moonlight subpackage without any dangling symlinks)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "published": "2010-07-14T00:00:00", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=47720", "cvelist": ["CVE-2010-1459"], "lastseen": "2017-10-29T13:41:22"}, {"id": "FEDORA_2010-10332.NASL", "type": "nessus", "title": "Fedora 13 : gnome-sharp-2.24.1-1.fc13 / gtksourceview-sharp-2.0.12-11.fc13 / libgdiplus-2.6.4-1.fc13 / etc (2010-10332)", "description": "- update the mono stack to release 2.6.4\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "published": "2010-07-14T00:00:00", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=47719", "cvelist": ["CVE-2010-1459"], "lastseen": "2017-10-29T13:41:02"}, {"id": "SUSE_11_2_BYTEFX-DATA-MYSQL-100426.NASL", "type": "nessus", "title": "openSUSE Security Update : bytefx-data-mysql (openSUSE-SU-2010:0342-1)", "description": "Mono's ASP.NET implementation did not set the 'EnableViewStateMac' property by default. Attackers could exploit that to conduct cross-site-scripting (XSS) attacks.", "published": "2010-07-01T00:00:00", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=47573", "cvelist": ["CVE-2010-1459"], "lastseen": "2017-10-29T13:42:13"}, {"id": "UBUNTU_USN-1517-1.NASL", "type": "nessus", "title": "Ubuntu 10.04 LTS / 11.04 / 11.10 / 12.04 LTS : mono vulnerabilities (USN-1517-1)", "description": "It was discovered that the Mono System.Web library incorrectly filtered certain error messages related to forbidden files. If a user were tricked into opening a specially crafted URL, an attacker could possibly exploit this to conduct cross-site scripting (XSS) attacks.\n(CVE-2012-3382)\n\nIt was discovered that the Mono System.Web library incorrectly handled the EnableViewStateMac property. If a user were tricked into opening a specially crafted URL, an attacker could possibly exploit this to conduct cross-site scripting (XSS) attacks. This issue only affected Ubuntu 10.04 LTS. (CVE-2010-4159).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "published": "2012-07-26T00:00:00", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=60126", "cvelist": ["CVE-2010-4159", "CVE-2012-3382", "CVE-2010-1459"], "lastseen": "2017-10-29T13:38:44"}]}}