Search...

Fedora Update for mod_mono FEDORA-2010-10332

2010-07-16T00:00:00

ID OPENVAS:1361412562310862240
Type openvas
Reporter Copyright (c) 2010 Greenbone Networks GmbH
Modified 2018-01-19T00:00:00

Description

Check for the Version of mod_mono

                                        
                                            ###############################################################################
# OpenVAS Vulnerability Test
#
# Fedora Update for mod_mono FEDORA-2010-10332
#
# Authors:
# System Generated Check
#
# Copyright:
# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2
# (or any later version), as published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################

include("revisions-lib.inc");
tag_affected = "mod_mono on Fedora 13";
tag_insight = "mod_mono allows Apache to serve ASP.NET pages by proxying the requests
  to a slightly modified version of the XSP server, called mod-mono-server,
  that is installed along with XSP";
tag_solution = "Please Install the Updated Packages.";


if(description)
{
  script_xref(name : "URL" , value : "http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044055.html");
  script_oid("1.3.6.1.4.1.25623.1.0.862240");
  script_version("$Revision: 8469 $");
  script_tag(name:"last_modification", value:"$Date: 2018-01-19 08:58:21 +0100 (Fri, 19 Jan 2018) $");
  script_tag(name:"creation_date", value:"2010-07-16 10:40:49 +0200 (Fri, 16 Jul 2010)");
  script_tag(name:"cvss_base", value:"4.3");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:M/Au:N/C:N/I:P/A:N");
  script_xref(name: "FEDORA", value: "2010-10332");
  script_cve_id("CVE-2010-1459");
  script_name("Fedora Update for mod_mono FEDORA-2010-10332");

  script_tag(name: "summary" , value: "Check for the Version of mod_mono");
  script_category(ACT_GATHER_INFO);
  script_copyright("Copyright (c) 2010 Greenbone Networks GmbH");
  script_family("Fedora Local Security Checks");
  script_dependencies("gather-package-list.nasl");
  script_mandatory_keys("ssh/login/fedora", "ssh/login/rpms");
  script_tag(name : "affected" , value : tag_affected);
  script_tag(name : "insight" , value : tag_insight);
  script_tag(name : "solution" , value : tag_solution);
  script_tag(name:"qod_type", value:"package");
  script_tag(name:"solution_type", value:"VendorFix");
  exit(0);
}


include("pkg-lib-rpm.inc");

release = get_kb_item("ssh/login/release");


res = "";
if(release == NULL){
  exit(0);
}

if(release == "FC13")
{

  if ((res = isrpmvuln(pkg:"mod_mono", rpm:"mod_mono~2.6.3~1.fc13", rls:"FC13")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if (__pkg_match) exit(99); # Not vulnerable.
  exit(0);
}

JSON Vulners Source

Initial Source

{"pluginID": "1361412562310862240", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for mod_mono FEDORA-2010-10332\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"mod_mono on Fedora 13\";\ntag_insight = \"mod_mono allows Apache to serve ASP.NET pages by proxying the requests\n to a slightly modified version of the XSP server, called mod-mono-server,\n that is installed along with XSP\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044055.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.862240\");\n script_version(\"$Revision: 8469 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-19 08:58:21 +0100 (Fri, 19 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2010-07-16 10:40:49 +0200 (Fri, 16 Jul 2010)\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_xref(name: \"FEDORA\", value: \"2010-10332\");\n script_cve_id(\"CVE-2010-1459\");\n script_name(\"Fedora Update for mod_mono FEDORA-2010-10332\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of mod_mono\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC13\")\n{\n\n if ((res = isrpmvuln(pkg:\"mod_mono\", rpm:\"mod_mono~2.6.3~1.fc13\", rls:\"FC13\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "history": [], "description": "Check for the Version of mod_mono", "reporter": "Copyright (c) 2010 Greenbone Networks GmbH", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310862240", "type": "openvas", "hashmap": [{"key": "bulletinFamily", "hash": "bbdaea376f500d25f6b0c1050311dd07"}, {"key": "cvelist", "hash": "9362aa4ff32d69e45472bdc392e458ec"}, {"key": "cvss", "hash": "6e9bdd2021503689a2ad9254c9cdf2b3"}, {"key": "description", "hash": "bf19d706d3fb9f0c6908e77afed6ae7c"}, {"key": "href", "hash": "e7da6ffb02eb686d61032f320967d10d"}, {"key": "modified", "hash": "8acef1c33f73aafdb7cffe84eda8c2b1"}, {"key": "naslFamily", "hash": "be931514784f88df80712740ad2723e7"}, {"key": "pluginID", "hash": "b59e76c81ebe34849814ec239b96afd3"}, {"key": "published", "hash": "8944c63abe92e62b91d35c6686db2060"}, {"key": "references", "hash": "908e1a59b563d18100fbb17832e6b035"}, {"key": "reporter", "hash": "82db6d7eefdc19955bb78be9fb178ae1"}, {"key": "sourceData", "hash": "8bd9e4e3fc41d9993a43ac56052cd118"}, {"key": "title", "hash": "24ee174bdd657a917ea910b241cd0032"}, {"key": "type", "hash": "47c1f692ea47a21f716dad07043ade01"}], "viewCount": 0, "references": ["http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044055.html", "2010-10332"], "lastseen": "2018-01-19T15:04:41", "published": "2010-07-16T00:00:00", "naslFamily": "Fedora Local Security Checks", "objectVersion": "1.3", "cvelist": ["CVE-2010-1459"], "id": "OPENVAS:1361412562310862240", "hash": "b4aabafdae492deb55b65a000cdea34a5a8b78afb6230f524e289450652a46d7", "modified": "2018-01-19T00:00:00", "title": "Fedora Update for mod_mono FEDORA-2010-10332", "edition": 1, "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "bulletinFamily": "scanner", "enchantments": {"score": {"vector": "NONE", "value": 7.5}, "vulnersScore": 7.5}}

{"cve": [{"lastseen": "2016-09-03T13:47:53", "references": ["http://www.mono-project.com/Vulnerabilities#ASP.NET_View_State_Cross-Site_Scripting", "http://www.communities.hp.com/securitysoftware/blogs/spilabs/archive/2010/04/29/asp-net-cross-site-scripting-followup-mono.aspx", "http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html", "http://www.securityfocus.com/bid/40351", "http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html", "http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00002.html"], "edition": 1, "description": "The default configuration of ASP.NET in Mono before 2.6.4 has a value of FALSE for the EnableViewStateMac property, which allows remote attackers to conduct cross-site scripting (XSS) attacks, as demonstrated by the __VIEWSTATE parameter to 2.0/menu/menu1.aspx in the XSP sample project.", "reporter": "NVD", "published": "2010-05-27T15:00:00", "type": "cve", "title": "CVE-2010-1459", "enchantments": {"score": {"modified": "2016-09-03T13:47:53", "vector": "NONE", "value": 4.3}}, "assessment": {"system": "", "name": "", "href": ""}, "bulletinFamily": "NVD", "cvelist": ["CVE-2010-1459"], "scanner": [], "modified": "2010-09-09T01:41:26", "cpe": ["cpe:/a:mono:mono:1.1.1", "cpe:/a:mono:mono:1.1.9.1", "cpe:/a:mono:mono:1.9.1", "cpe:/a:mono:mono:1.1.13.8.1", "cpe:/a:mono:mono:1.1.9.2", "cpe:/a:mono:mono:1.0.6", "cpe:/a:mono:mono:1.1.2", "cpe:/a:mono:mono:1.1.16", "cpe:/a:mono:mono:1.0.1", "cpe:/a:mono:mono:1.2.3.1", "cpe:/a:mono:mono:1.1.8", "cpe:/a:mono:mono:1.1.3", "cpe:/a:mono:mono:2.4", "cpe:/a:mono:mono:1.2.4", "cpe:/a:mono:mono:1.1.13.2", "cpe:/a:mono:mono:1.1.13.6", "cpe:/a:mono:mono:1.1.13.4", "cpe:/a:mono:mono:2.0", "cpe:/a:mono:mono:1.2.5", "cpe:/a:mono:mono:1.1.16.1", "cpe:/a:mono:mono:2.4.2", "cpe:/a:mono:mono:1.2.3", "cpe:/a:mono:mono:1.1.13.5", "cpe:/a:mono:mono:1.1.17.2", "cpe:/a:mono:mono:1.0.2", "cpe:/a:mono:mono:1.2.6", "cpe:/a:mono:mono:1.1.17.1", "cpe:/a:mono:mono:1.2.2.1", "cpe:/a:mono:mono:1.1.10", "cpe:/a:mono:mono:2.2", "cpe:/a:mono:mono:1.1.14", "cpe:/a:mono:mono:1.1.13.7", "cpe:/a:mono:mono:1.2.5.1", "cpe:/a:mono:mono:1.1.13.8", "cpe:/a:mono:mono:1.0.5", "cpe:/a:mono:mono:1.1.17", "cpe:/a:mono:mono:1.0", "cpe:/a:mono:mono:1.1.10.1", "cpe:/a:mono:mono:1.1.18", "cpe:/a:mono:mono:2.0.1", "cpe:/a:mono:mono:1.1.15", "cpe:/a:mono:mono:1.1.4", "cpe:/a:mono:mono:1.2", "cpe:/a:mono:mono:1.9", "cpe:/a:mono:mono:1.2.1", "cpe:/a:mono:mono:2.4.3", "cpe:/a:mono:mono:2.4.2.3", "cpe:/a:mono:mono:1.1.7", "cpe:/a:mono:mono:1.1.8.3", "cpe:/a:mono:mono:1.1.11", "cpe:/a:mono:mono:1.1.6", "cpe:/a:mono:mono:2.4.2.1", "cpe:/a:mono:mono:1.2.2", "cpe:/a:mono:mono:1.1.13", "cpe:/a:mono:mono:2.4.2.2", "cpe:/a:mono:mono:1.1.12.1", "cpe:/a:mono:mono:1.2.5.2", "cpe:/a:mono:mono:1.1.9", "cpe:/a:mono:mono:1.0.4", "cpe:/a:mono:mono:1.1.8.1", "cpe:/a:mono:mono:1.1.5", "cpe:/a:mono:mono:1.1.12"], "id": "CVE-2010-1459", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-1459", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}], "openvas": [{"lastseen": "2017-12-15T11:58:09", "references": ["http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044051.html", "2010-10433"], "pluginID": "862246", "description": "Check for the Version of mono", "edition": 3, "reporter": "Copyright (c) 2010 Greenbone Networks GmbH", "published": "2010-07-16T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "title": "Fedora Update for mono FEDORA-2010-10433", "type": "openvas", "naslFamily": "Fedora Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-1459"], "modified": "2017-12-15T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=862246", "id": "OPENVAS:862246", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for mono FEDORA-2010-10433\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"mono on Fedora 12\";\ntag_insight = \"The Mono runtime implements a JIT engine for the ECMA CLI\n virtual machine (as well as a byte code interpreter, the\n class loader, the garbage collector, threading system and\n metadata access libraries.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044051.html\");\n script_id(862246);\n script_version(\"$Revision: 8130 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-15 07:31:09 +0100 (Fri, 15 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-07-16 10:40:49 +0200 (Fri, 16 Jul 2010)\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_xref(name: \"FEDORA\", value: \"2010-10433\");\n script_cve_id(\"CVE-2010-1459\");\n script_name(\"Fedora Update for mono FEDORA-2010-10433\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of mono\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC12\")\n{\n\n if ((res = isrpmvuln(pkg:\"mono\", rpm:\"mono~2.4.3.1~2.fc12\", rls:\"FC12\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-01-17T11:05:57", "references": ["2010-10332", "http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044052.html"], "pluginID": "1361412562310862249", "description": "Check for the Version of gtksourceview-sharp", "edition": 1, "reporter": "Copyright (c) 2010 Greenbone Networks GmbH", "published": "2010-07-16T00:00:00", "type": "openvas", "title": "Fedora Update for gtksourceview-sharp FEDORA-2010-10332", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Fedora Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-1459"], "modified": "2018-01-16T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310862249", "id": "OPENVAS:1361412562310862249", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for gtksourceview-sharp FEDORA-2010-10332\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"gtksourceview-sharp on Fedora 13\";\ntag_insight = \"gtksourceview-sharp is a C sharp binder for gtksourceview\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044052.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.862249\");\n script_version(\"$Revision: 8438 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-16 18:38:23 +0100 (Tue, 16 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2010-07-16 10:40:49 +0200 (Fri, 16 Jul 2010)\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_xref(name: \"FEDORA\", value: \"2010-10332\");\n script_cve_id(\"CVE-2010-1459\");\n script_name(\"Fedora Update for gtksourceview-sharp FEDORA-2010-10332\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of gtksourceview-sharp\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC13\")\n{\n\n if ((res = isrpmvuln(pkg:\"gtksourceview-sharp\", rpm:\"gtksourceview-sharp~2.0.12~11.fc13\", rls:\"FC13\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-01-06T13:05:13", "references": ["2010-10332", "http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044054.html"], "pluginID": "1361412562310862242", "description": "Check for the Version of mono-basic", "edition": 1, "reporter": "Copyright (c) 2010 Greenbone Networks GmbH", "published": "2010-07-16T00:00:00", "type": "openvas", "title": "Fedora Update for mono-basic FEDORA-2010-10332", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Fedora Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-1459"], "modified": "2018-01-04T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310862242", "id": "OPENVAS:1361412562310862242", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for mono-basic FEDORA-2010-10332\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"mono-basic on Fedora 13\";\ntag_insight = \"This package contains the Visual Basic .NET compiler and language\n runtime. This allows you to compile and run VB.NET application and\n assemblies.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044054.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.862242\");\n script_version(\"$Revision: 8287 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-04 08:28:11 +0100 (Thu, 04 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2010-07-16 10:40:49 +0200 (Fri, 16 Jul 2010)\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_xref(name: \"FEDORA\", value: \"2010-10332\");\n script_cve_id(\"CVE-2010-1459\");\n script_name(\"Fedora Update for mono-basic FEDORA-2010-10332\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of mono-basic\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC13\")\n{\n\n if ((res = isrpmvuln(pkg:\"mono-basic\", rpm:\"mono-basic~2.6.2~1.fc13\", rls:\"FC13\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-01-02T10:54:09", "references": ["2010-10332", "http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044047.html"], "pluginID": "862251", "description": "Check for the Version of gnome-sharp", "edition": 3, "reporter": "Copyright (c) 2010 Greenbone Networks GmbH", "published": "2010-07-16T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "title": "Fedora Update for gnome-sharp FEDORA-2010-10332", "type": "openvas", "naslFamily": "Fedora Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-1459"], "modified": "2017-12-25T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=862251", "id": "OPENVAS:862251", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for gnome-sharp FEDORA-2010-10332\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"gnome-sharp on Fedora 13\";\ntag_insight = \"This package provides a library that allows you to build\n fully native graphical GNOME applications using Mono. gnome-sharp\n extends gtk-sharp2 and adds bindings for gconf, libgnome, gnome-vfs,\n libart, gtkhtml, librsvg, and vte.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044047.html\");\n script_id(862251);\n script_version(\"$Revision: 8243 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-25 07:30:04 +0100 (Mon, 25 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-07-16 10:40:49 +0200 (Fri, 16 Jul 2010)\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_xref(name: \"FEDORA\", value: \"2010-10332\");\n script_cve_id(\"CVE-2010-1459\");\n script_name(\"Fedora Update for gnome-sharp FEDORA-2010-10332\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of gnome-sharp\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC13\")\n{\n\n if ((res = isrpmvuln(pkg:\"gnome-sharp\", rpm:\"gnome-sharp~2.24.1~1.fc13\", rls:\"FC13\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2017-12-21T11:32:36", "references": ["http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044055.html", "2010-10332"], "pluginID": "862240", "description": "Check for the Version of mod_mono", "edition": 3, "reporter": "Copyright (c) 2010 Greenbone Networks GmbH", "published": "2010-07-16T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "title": "Fedora Update for mod_mono FEDORA-2010-10332", "type": "openvas", "naslFamily": "Fedora Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-1459"], "modified": "2017-12-21T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=862240", "id": "OPENVAS:862240", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for mod_mono FEDORA-2010-10332\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"mod_mono on Fedora 13\";\ntag_insight = \"mod_mono allows Apache to serve ASP.NET pages by proxying the requests\n to a slightly modified version of the XSP server, called mod-mono-server,\n that is installed along with XSP\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044055.html\");\n script_id(862240);\n script_version(\"$Revision: 8205 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-21 07:30:37 +0100 (Thu, 21 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-07-16 10:40:49 +0200 (Fri, 16 Jul 2010)\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_xref(name: \"FEDORA\", value: \"2010-10332\");\n script_cve_id(\"CVE-2010-1459\");\n script_name(\"Fedora Update for mod_mono FEDORA-2010-10332\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of mod_mono\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC13\")\n{\n\n if ((res = isrpmvuln(pkg:\"mod_mono\", rpm:\"mod_mono~2.6.3~1.fc13\", rls:\"FC13\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2017-12-15T11:58:13", "references": ["2010-10332", "http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044054.html"], "pluginID": "862242", "description": "Check for the Version of mono-basic", "edition": 3, "reporter": "Copyright (c) 2010 Greenbone Networks GmbH", "published": "2010-07-16T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "title": "Fedora Update for mono-basic FEDORA-2010-10332", "type": "openvas", "naslFamily": "Fedora Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-1459"], "modified": "2017-12-15T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=862242", "id": "OPENVAS:862242", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for mono-basic FEDORA-2010-10332\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"mono-basic on Fedora 13\";\ntag_insight = \"This package contains the Visual Basic .NET compiler and language\n runtime. This allows you to compile and run VB.NET application and\n assemblies.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044054.html\");\n script_id(862242);\n script_version(\"$Revision: 8130 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-15 07:31:09 +0100 (Fri, 15 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-07-16 10:40:49 +0200 (Fri, 16 Jul 2010)\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_xref(name: \"FEDORA\", value: \"2010-10332\");\n script_cve_id(\"CVE-2010-1459\");\n script_name(\"Fedora Update for mono-basic FEDORA-2010-10332\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of mono-basic\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC13\")\n{\n\n if ((res = isrpmvuln(pkg:\"mono-basic\", rpm:\"mono-basic~2.6.2~1.fc13\", rls:\"FC13\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-01-02T10:54:44", "references": ["http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044049.html", "2010-10332"], "pluginID": "862243", "description": "Check for the Version of mono", "edition": 3, "reporter": "Copyright (c) 2010 Greenbone Networks GmbH", "published": "2010-07-16T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "title": "Fedora Update for mono FEDORA-2010-10332", "type": "openvas", "naslFamily": "Fedora Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-1459"], "modified": "2017-12-22T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=862243", "id": "OPENVAS:862243", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for mono FEDORA-2010-10332\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"mono on Fedora 13\";\ntag_insight = \"The Mono runtime implements a JIT engine for the ECMA CLI\n virtual machine (as well as a byte code interpreter, the\n class loader, the garbage collector, threading system and\n metadata access libraries.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044049.html\");\n script_id(862243);\n script_version(\"$Revision: 8226 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-22 07:30:26 +0100 (Fri, 22 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-07-16 10:40:49 +0200 (Fri, 16 Jul 2010)\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_xref(name: \"FEDORA\", value: \"2010-10332\");\n script_cve_id(\"CVE-2010-1459\");\n script_name(\"Fedora Update for mono FEDORA-2010-10332\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of mono\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC13\")\n{\n\n if ((res = isrpmvuln(pkg:\"mono\", rpm:\"mono~2.6.4~1.fc13\", rls:\"FC13\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-01-19T15:04:29", "references": ["2010-10332", "http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044048.html"], "pluginID": "1361412562310862244", "description": "Check for the Version of mono-tools", "edition": 1, "reporter": "Copyright (c) 2010 Greenbone Networks GmbH", "published": "2010-07-16T00:00:00", "title": "Fedora Update for mono-tools FEDORA-2010-10332", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Fedora Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-1459"], "modified": "2018-01-19T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310862244", "id": "OPENVAS:1361412562310862244", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for mono-tools FEDORA-2010-10332\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"mono-tools on Fedora 13\";\ntag_insight = \"Monotools are a number of tools for mono such as allowing monodoc to be run\n independently of monodevelop\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044048.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.862244\");\n script_version(\"$Revision: 8469 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-19 08:58:21 +0100 (Fri, 19 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2010-07-16 10:40:49 +0200 (Fri, 16 Jul 2010)\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_xref(name: \"FEDORA\", value: \"2010-10332\");\n script_cve_id(\"CVE-2010-1459\");\n script_name(\"Fedora Update for mono-tools FEDORA-2010-10332\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of mono-tools\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC13\")\n{\n\n if ((res = isrpmvuln(pkg:\"mono-tools\", rpm:\"mono-tools~2.6.2~1.fc13\", rls:\"FC13\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-01-25T10:54:53", "references": ["2010-10332", "http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044047.html"], "pluginID": "1361412562310862251", "description": "Check for the Version of gnome-sharp", "edition": 1, "reporter": "Copyright (c) 2010 Greenbone Networks GmbH", "published": "2010-07-16T00:00:00", "type": "openvas", "title": "Fedora Update for gnome-sharp FEDORA-2010-10332", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Fedora Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-1459"], "modified": "2018-01-24T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310862251", "id": "OPENVAS:1361412562310862251", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for gnome-sharp FEDORA-2010-10332\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"gnome-sharp on Fedora 13\";\ntag_insight = \"This package provides a library that allows you to build\n fully native graphical GNOME applications using Mono. gnome-sharp\n extends gtk-sharp2 and adds bindings for gconf, libgnome, gnome-vfs,\n libart, gtkhtml, librsvg, and vte.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044047.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.862251\");\n script_version(\"$Revision: 8510 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-24 08:57:42 +0100 (Wed, 24 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2010-07-16 10:40:49 +0200 (Fri, 16 Jul 2010)\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_xref(name: \"FEDORA\", value: \"2010-10332\");\n script_cve_id(\"CVE-2010-1459\");\n script_name(\"Fedora Update for gnome-sharp FEDORA-2010-10332\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of gnome-sharp\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC13\")\n{\n\n if ((res = isrpmvuln(pkg:\"gnome-sharp\", rpm:\"gnome-sharp~2.24.1~1.fc13\", rls:\"FC13\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-01-23T13:05:52", "references": ["http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044049.html", "2010-10332"], "pluginID": "1361412562310862243", "description": "Check for the Version of mono", "edition": 1, "reporter": "Copyright (c) 2010 Greenbone Networks GmbH", "published": "2010-07-16T00:00:00", "title": "Fedora Update for mono FEDORA-2010-10332", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Fedora Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-1459"], "modified": "2018-01-23T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310862243", "id": "OPENVAS:1361412562310862243", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for mono FEDORA-2010-10332\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"mono on Fedora 13\";\ntag_insight = \"The Mono runtime implements a JIT engine for the ECMA CLI\n virtual machine (as well as a byte code interpreter, the\n class loader, the garbage collector, threading system and\n metadata access libraries.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044049.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.862243\");\n script_version(\"$Revision: 8495 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-23 08:57:49 +0100 (Tue, 23 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2010-07-16 10:40:49 +0200 (Fri, 16 Jul 2010)\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_xref(name: \"FEDORA\", value: \"2010-10332\");\n script_cve_id(\"CVE-2010-1459\");\n script_name(\"Fedora Update for mono FEDORA-2010-10332\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of mono\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC13\")\n{\n\n if ((res = isrpmvuln(pkg:\"mono\", rpm:\"mono~2.6.4~1.fc13\", rls:\"FC13\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}], "nessus": [{"lastseen": "2018-09-01T23:56:23", "references": ["http://anonsvn.mono-project.com/viewvc?view=revision&revision=156450", "http://www.nessus.org/u?2dc66b36", "https://bugzilla.redhat.com/show_bug.cgi?id=598155"], "pluginID": "47720", "description": "- Thu Jun 24 2010 Christian Krause <chkr at fedoraproject.org> - 2.4.3.1-2\n\n - Add upstream patch for CVE-2010-1459:\n http://anonsvn.mono-project.com/viewvc?view=revision&r evision=156450\n\n - Wed Jan 13 2010 Christian Krause <chkr at fedoraproject.org> - 2.4.3.1-1\n\n - Update to 2.4.3.1\n\n - Wed Dec 23 2009 Christian Krause <chkr at fedoraproject.org> - 2.4.3-1\n\n - Update to 2.4.3\n\n - Drop mono-242-metadata-appconf.patch (fixed upstream)\n\n - package mono.snk for packages without bundled keys to use\n\n - put mono.snk in /etc/pki/mono/\n\n - package /etc/pki/mono/* in mono-devel\n\n - change %gac_dll macro to be more specific about the files to package (necessary to correctly select all files for the moonlight subpackage without any dangling symlinks)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "edition": 6, "reporter": "Tenable", "published": "2010-07-14T00:00:00", "title": "Fedora 12 : mono-2.4.3.1-2.fc12 (2010-10433)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "Fedora Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-1459"], "modified": "2018-07-12T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:mono", "cpe:/o:fedoraproject:fedora:12"], "id": "FEDORA_2010-10433.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=47720", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2010-10433.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(47720);\n script_version(\"1.10\");\n script_cvs_date(\"Date: 2018/07/12 15:01:51\");\n\n script_cve_id(\"CVE-2010-1459\");\n script_bugtraq_id(40351);\n script_xref(name:\"FEDORA\", value:\"2010-10433\");\n\n script_name(english:\"Fedora 12 : mono-2.4.3.1-2.fc12 (2010-10433)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - Thu Jun 24 2010 Christian Krause <chkr at\n fedoraproject.org> - 2.4.3.1-2\n\n - Add upstream patch for CVE-2010-1459:\n http://anonsvn.mono-project.com/viewvc?view=revision&r\n evision=156450\n\n - Wed Jan 13 2010 Christian Krause <chkr at\n fedoraproject.org> - 2.4.3.1-1\n\n - Update to 2.4.3.1\n\n - Wed Dec 23 2009 Christian Krause <chkr at\n fedoraproject.org> - 2.4.3-1\n\n - Update to 2.4.3\n\n - Drop mono-242-metadata-appconf.patch (fixed upstream)\n\n - package mono.snk for packages without bundled keys to\n use\n\n - put mono.snk in /etc/pki/mono/\n\n - package /etc/pki/mono/* in mono-devel\n\n - change %gac_dll macro to be more specific about the\n files to package (necessary to correctly select all\n files for the moonlight subpackage without any\n dangling symlinks)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://anonsvn.mono-project.com/viewvc?view=revision&revision=156450\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=598155\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2010-July/044051.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?2dc66b36\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected mono package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:mono\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:12\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/06/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/07/14\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^12([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 12.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC12\", reference:\"mono-2.4.3.1-2.fc12\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"mono\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-09-01T23:48:32", "references": ["https://bugzilla.novell.com/show_bug.cgi?id=592428", "http://support.novell.com/security/cve/CVE-2010-1459.html"], "pluginID": "50892", "description": "Mono's ASP.NET implementation did not set the 'EnableViewStateMac' property by default. Attackers could exploit that to conduct cross-site scripting (XSS) attacks.", "edition": 4, "reporter": "Tenable", "published": "2010-12-02T00:00:00", "title": "SuSE 11 / 11.1 Security Update : mono-core / Mono (SAT Patch Numbers 2326 / 2474)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "SuSE Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-1459"], "modified": "2013-10-25T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:11:mono-data-sybase", "p-cpe:/a:novell:suse_linux:11:mono-winforms", "p-cpe:/a:novell:suse_linux:11:mono-jscript", "p-cpe:/a:novell:suse_linux:11:mono-locale-extras", "p-cpe:/a:novell:suse_linux:11:mono-data-postgresql", "p-cpe:/a:novell:suse_linux:11:mono-data-sqlite", "cpe:/o:novell:suse_linux:11", "p-cpe:/a:novell:suse_linux:11:ibm-data-db2", "p-cpe:/a:novell:suse_linux:11:mono-data", "p-cpe:/a:novell:suse_linux:11:mono-extras", "p-cpe:/a:novell:suse_linux:11:bytefx-data-mysql", "p-cpe:/a:novell:suse_linux:11:mono-web", "p-cpe:/a:novell:suse_linux:11:mono-core", "p-cpe:/a:novell:suse_linux:11:mono-data-firebird", "p-cpe:/a:novell:suse_linux:11:mono-devel", "p-cpe:/a:novell:suse_linux:11:mono-nunit", "p-cpe:/a:novell:suse_linux:11:mono-data-oracle"], "id": "SUSE_11_BYTEFX-DATA-MYSQL-100422.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=50892", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from SuSE 11 update information. The text itself is\n# copyright (C) Novell, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(50892);\n script_version(\"$Revision: 1.7 $\");\n script_cvs_date(\"$Date: 2013/10/25 23:41:52 $\");\n\n script_cve_id(\"CVE-2010-1459\");\n\n script_name(english:\"SuSE 11 / 11.1 Security Update : mono-core / Mono (SAT Patch Numbers 2326 / 2474)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 11 host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Mono's ASP.NET implementation did not set the 'EnableViewStateMac'\nproperty by default. Attackers could exploit that to conduct\ncross-site scripting (XSS) attacks.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=592428\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-1459.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Apply SAT patch number 2326 / 2474 as appropriate.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:bytefx-data-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:ibm-data-db2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:mono-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:mono-data\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:mono-data-firebird\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:mono-data-oracle\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:mono-data-postgresql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:mono-data-sqlite\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:mono-data-sybase\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:mono-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:mono-extras\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:mono-jscript\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:mono-locale-extras\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:mono-nunit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:mono-web\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:mono-winforms\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/04/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/12/02\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2013 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)11\") audit(AUDIT_OS_NOT, \"SuSE 11\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SuSE 11\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"i586\", reference:\"bytefx-data-mysql-2.0.1-1.26.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"i586\", reference:\"ibm-data-db2-2.0.1-1.26.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"i586\", reference:\"mono-core-2.0.1-1.26.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"i586\", reference:\"mono-data-2.0.1-1.26.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"i586\", reference:\"mono-data-firebird-2.0.1-1.26.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"i586\", reference:\"mono-data-oracle-2.0.1-1.26.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"i586\", reference:\"mono-data-postgresql-2.0.1-1.26.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"i586\", reference:\"mono-data-sqlite-2.0.1-1.26.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"i586\", reference:\"mono-data-sybase-2.0.1-1.26.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"i586\", reference:\"mono-devel-2.0.1-1.26.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"i586\", reference:\"mono-extras-2.0.1-1.26.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"i586\", reference:\"mono-jscript-2.0.1-1.26.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"i586\", reference:\"mono-locale-extras-2.0.1-1.26.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"i586\", reference:\"mono-nunit-2.0.1-1.26.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"i586\", reference:\"mono-web-2.0.1-1.26.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"i586\", reference:\"mono-winforms-2.0.1-1.26.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"x86_64\", reference:\"bytefx-data-mysql-2.0.1-1.26.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"x86_64\", reference:\"ibm-data-db2-2.0.1-1.26.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"x86_64\", reference:\"mono-core-2.0.1-1.26.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"x86_64\", reference:\"mono-data-2.0.1-1.26.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"x86_64\", reference:\"mono-data-firebird-2.0.1-1.26.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"x86_64\", reference:\"mono-data-oracle-2.0.1-1.26.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"x86_64\", reference:\"mono-data-postgresql-2.0.1-1.26.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"x86_64\", reference:\"mono-data-sqlite-2.0.1-1.26.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"x86_64\", reference:\"mono-data-sybase-2.0.1-1.26.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"x86_64\", reference:\"mono-devel-2.0.1-1.26.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"x86_64\", reference:\"mono-extras-2.0.1-1.26.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"x86_64\", reference:\"mono-jscript-2.0.1-1.26.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"x86_64\", reference:\"mono-locale-extras-2.0.1-1.26.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"x86_64\", reference:\"mono-nunit-2.0.1-1.26.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"x86_64\", reference:\"mono-web-2.0.1-1.26.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"x86_64\", reference:\"mono-winforms-2.0.1-1.26.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"bytefx-data-mysql-2.0.1-1.26.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"ibm-data-db2-2.0.1-1.26.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"mono-core-2.0.1-1.26.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"mono-data-2.0.1-1.26.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"mono-data-firebird-2.0.1-1.26.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"mono-data-oracle-2.0.1-1.26.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"mono-data-postgresql-2.0.1-1.26.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"mono-data-sqlite-2.0.1-1.26.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"mono-data-sybase-2.0.1-1.26.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"mono-devel-2.0.1-1.26.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"mono-extras-2.0.1-1.26.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"mono-jscript-2.0.1-1.26.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"mono-locale-extras-2.0.1-1.26.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"mono-nunit-2.0.1-1.26.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"mono-web-2.0.1-1.26.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"mono-winforms-2.0.1-1.26.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"bytefx-data-mysql-2.0.1-1.26.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"ibm-data-db2-2.0.1-1.26.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"mono-core-2.0.1-1.26.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"mono-data-2.0.1-1.26.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"mono-data-firebird-2.0.1-1.26.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"mono-data-oracle-2.0.1-1.26.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"mono-data-postgresql-2.0.1-1.26.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"mono-data-sqlite-2.0.1-1.26.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"mono-data-sybase-2.0.1-1.26.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"mono-devel-2.0.1-1.26.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"mono-extras-2.0.1-1.26.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"mono-jscript-2.0.1-1.26.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"mono-locale-extras-2.0.1-1.26.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"mono-nunit-2.0.1-1.26.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"mono-web-2.0.1-1.26.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"mono-winforms-2.0.1-1.26.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, reference:\"mono-core-2.0.1-1.26.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, reference:\"mono-data-2.0.1-1.26.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, reference:\"mono-data-postgresql-2.0.1-1.26.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, reference:\"mono-data-sqlite-2.0.1-1.26.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, reference:\"mono-locale-extras-2.0.1-1.26.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, reference:\"mono-nunit-2.0.1-1.26.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, reference:\"mono-web-2.0.1-1.26.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, reference:\"mono-winforms-2.0.1-1.26.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"mono-core-2.0.1-1.26.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"mono-data-2.0.1-1.26.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"mono-data-postgresql-2.0.1-1.26.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"mono-data-sqlite-2.0.1-1.26.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"mono-locale-extras-2.0.1-1.26.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"mono-nunit-2.0.1-1.26.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"mono-web-2.0.1-1.26.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"mono-winforms-2.0.1-1.26.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-09-01T23:52:25", "references": ["http://lists.opensuse.org/opensuse-updates/2010-06/msg00010.html", "https://bugzilla.novell.com/show_bug.cgi?id=592428"], "pluginID": "47569", "description": "Mono's ASP.NET implementation did not set the 'EnableViewStateMac' property by default. Attackers could exploit that to conduct cross-site-scripting (XSS) attacks.", "edition": 4, "reporter": "Tenable", "published": "2010-07-01T00:00:00", "title": "openSUSE Security Update : bytefx-data-mysql (openSUSE-SU-2010:0342-1)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "SuSE Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-1459"], "modified": "2014-06-13T00:00:00", "cpe": ["cpe:/o:novell:opensuse:11.0", "p-cpe:/a:novell:opensuse:mono-data-oracle", "p-cpe:/a:novell:opensuse:mono-data-sqlite", "p-cpe:/a:novell:opensuse:mono-nunit", "p-cpe:/a:novell:opensuse:mono-data-sybase", "p-cpe:/a:novell:opensuse:mono-core-32bit", "p-cpe:/a:novell:opensuse:mono-web", "p-cpe:/a:novell:opensuse:mono-jscript", "p-cpe:/a:novell:opensuse:mono-complete", "p-cpe:/a:novell:opensuse:mono-data-firebird", "p-cpe:/a:novell:opensuse:mono-data-postgresql", "p-cpe:/a:novell:opensuse:ibm-data-db2", "p-cpe:/a:novell:opensuse:mono-core", "p-cpe:/a:novell:opensuse:mono-data", "p-cpe:/a:novell:opensuse:mono-locale-extras", "p-cpe:/a:novell:opensuse:mono-extras", "p-cpe:/a:novell:opensuse:bytefx-data-mysql", "p-cpe:/a:novell:opensuse:monodoc-core", "p-cpe:/a:novell:opensuse:mono-winforms", "p-cpe:/a:novell:opensuse:mono-devel"], "id": "SUSE_11_0_BYTEFX-DATA-MYSQL-100422.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=47569", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update bytefx-data-mysql-2384.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(47569);\n script_version(\"$Revision: 1.4 $\");\n script_cvs_date(\"$Date: 2014/06/13 19:38:12 $\");\n\n script_cve_id(\"CVE-2010-1459\");\n\n script_name(english:\"openSUSE Security Update : bytefx-data-mysql (openSUSE-SU-2010:0342-1)\");\n script_summary(english:\"Check for the bytefx-data-mysql-2384 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Mono's ASP.NET implementation did not set the 'EnableViewStateMac'\nproperty by default. Attackers could exploit that to conduct\ncross-site-scripting (XSS) attacks.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://lists.opensuse.org/opensuse-updates/2010-06/msg00010.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=592428\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected bytefx-data-mysql packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:bytefx-data-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ibm-data-db2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mono-complete\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mono-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mono-core-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mono-data\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mono-data-firebird\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mono-data-oracle\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mono-data-postgresql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mono-data-sqlite\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mono-data-sybase\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mono-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mono-extras\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mono-jscript\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mono-locale-extras\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mono-nunit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mono-web\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mono-winforms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:monodoc-core\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/04/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/07/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2014 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.0)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.0\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.0\", reference:\"bytefx-data-mysql-1.9.1-6.8\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"ibm-data-db2-1.9.1-6.8\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"mono-complete-1.9.1-6.8\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"mono-core-1.9.1-6.8\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"mono-data-1.9.1-6.8\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"mono-data-firebird-1.9.1-6.8\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"mono-data-oracle-1.9.1-6.8\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"mono-data-postgresql-1.9.1-6.8\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"mono-data-sqlite-1.9.1-6.8\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"mono-data-sybase-1.9.1-6.8\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"mono-devel-1.9.1-6.8\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"mono-extras-1.9.1-6.8\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"mono-jscript-1.9.1-6.8\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"mono-locale-extras-1.9.1-6.8\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"mono-nunit-1.9.1-6.8\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"mono-web-1.9.1-6.8\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"mono-winforms-1.9.1-6.8\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"monodoc-core-1.9-18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", cpu:\"x86_64\", reference:\"mono-core-32bit-1.9.1-6.8\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"bytefx-data-mysql / ibm-data-db2 / mono-complete / mono-core / etc\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-09-02T00:02:18", "references": ["http://lists.opensuse.org/opensuse-updates/2010-06/msg00010.html", "https://bugzilla.novell.com/show_bug.cgi?id=592428"], "pluginID": "47571", "description": "Mono's ASP.NET implementation did not set the 'EnableViewStateMac' property by default. Attackers could exploit that to conduct cross-site-scripting (XSS) attacks.", "edition": 4, "reporter": "Tenable", "published": "2010-07-01T00:00:00", "title": "openSUSE Security Update : bytefx-data-mysql (openSUSE-SU-2010:0342-1)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "SuSE Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-1459"], "modified": "2014-06-13T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:mono-data-oracle", "p-cpe:/a:novell:opensuse:mono-data-sqlite", "p-cpe:/a:novell:opensuse:mono-nunit", "p-cpe:/a:novell:opensuse:mono-data-sybase", "p-cpe:/a:novell:opensuse:mono-core-32bit", "cpe:/o:novell:opensuse:11.1", "p-cpe:/a:novell:opensuse:mono-web", "p-cpe:/a:novell:opensuse:mono-jscript", "p-cpe:/a:novell:opensuse:mono-complete", "p-cpe:/a:novell:opensuse:mono-data-firebird", "p-cpe:/a:novell:opensuse:mono-data-postgresql", "p-cpe:/a:novell:opensuse:ibm-data-db2", "p-cpe:/a:novell:opensuse:mono-core", "p-cpe:/a:novell:opensuse:mono-data", "p-cpe:/a:novell:opensuse:mono-locale-extras", "p-cpe:/a:novell:opensuse:mono-extras", "p-cpe:/a:novell:opensuse:bytefx-data-mysql", "p-cpe:/a:novell:opensuse:monodoc-core", "p-cpe:/a:novell:opensuse:mono-winforms", "p-cpe:/a:novell:opensuse:mono-devel"], "id": "SUSE_11_1_BYTEFX-DATA-MYSQL-100422.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=47571", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update bytefx-data-mysql-2384.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(47571);\n script_version(\"$Revision: 1.4 $\");\n script_cvs_date(\"$Date: 2014/06/13 19:49:33 $\");\n\n script_cve_id(\"CVE-2010-1459\");\n\n script_name(english:\"openSUSE Security Update : bytefx-data-mysql (openSUSE-SU-2010:0342-1)\");\n script_summary(english:\"Check for the bytefx-data-mysql-2384 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Mono's ASP.NET implementation did not set the 'EnableViewStateMac'\nproperty by default. Attackers could exploit that to conduct\ncross-site-scripting (XSS) attacks.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://lists.opensuse.org/opensuse-updates/2010-06/msg00010.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=592428\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected bytefx-data-mysql packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:bytefx-data-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ibm-data-db2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mono-complete\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mono-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mono-core-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mono-data\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mono-data-firebird\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mono-data-oracle\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mono-data-postgresql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mono-data-sqlite\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mono-data-sybase\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mono-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mono-extras\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mono-jscript\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mono-locale-extras\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mono-nunit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mono-web\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mono-winforms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:monodoc-core\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/04/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/07/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2014 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.1\", reference:\"bytefx-data-mysql-2.0.1-1.23.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"ibm-data-db2-2.0.1-1.23.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"mono-complete-2.0.1-1.23.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"mono-core-2.0.1-1.23.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"mono-data-2.0.1-1.23.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"mono-data-firebird-2.0.1-1.23.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"mono-data-oracle-2.0.1-1.23.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"mono-data-postgresql-2.0.1-1.23.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"mono-data-sqlite-2.0.1-1.23.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"mono-data-sybase-2.0.1-1.23.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"mono-devel-2.0.1-1.23.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"mono-extras-2.0.1-1.23.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"mono-jscript-2.0.1-1.23.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"mono-locale-extras-2.0.1-1.23.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"mono-nunit-2.0.1-1.23.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"mono-web-2.0.1-1.23.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"mono-winforms-2.0.1-1.23.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"monodoc-core-2.0-1.42.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", cpu:\"x86_64\", reference:\"mono-core-32bit-2.0.1-1.23.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"bytefx-data-mysql / ibm-data-db2 / mono-complete / mono-core / etc\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-09-01T23:59:09", "references": ["http://lists.opensuse.org/opensuse-updates/2010-06/msg00010.html", "https://bugzilla.novell.com/show_bug.cgi?id=592428"], "pluginID": "47573", "description": "Mono's ASP.NET implementation did not set the 'EnableViewStateMac' property by default. Attackers could exploit that to conduct cross-site-scripting (XSS) attacks.", "edition": 4, "reporter": "Tenable", "published": "2010-07-01T00:00:00", "title": "openSUSE Security Update : bytefx-data-mysql (openSUSE-SU-2010:0342-1)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "SuSE Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-1459"], "modified": "2014-06-13T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:mono-data-oracle", "p-cpe:/a:novell:opensuse:mono-data-sqlite", "p-cpe:/a:novell:opensuse:mono-nunit", "p-cpe:/a:novell:opensuse:mono-data-sybase", "p-cpe:/a:novell:opensuse:mono-web", "p-cpe:/a:novell:opensuse:mono-jscript", "cpe:/o:novell:opensuse:11.2", "p-cpe:/a:novell:opensuse:mono-complete", "p-cpe:/a:novell:opensuse:mono-data-firebird", "p-cpe:/a:novell:opensuse:mono-data-postgresql", "p-cpe:/a:novell:opensuse:ibm-data-db2", "p-cpe:/a:novell:opensuse:mono-core", "p-cpe:/a:novell:opensuse:mono-wcf", "p-cpe:/a:novell:opensuse:mono-data", "p-cpe:/a:novell:opensuse:mono-locale-extras", "p-cpe:/a:novell:opensuse:mono-extras", "p-cpe:/a:novell:opensuse:bytefx-data-mysql", "p-cpe:/a:novell:opensuse:monodoc-core", "p-cpe:/a:novell:opensuse:mono-winforms", "p-cpe:/a:novell:opensuse:mono-devel"], "id": "SUSE_11_2_BYTEFX-DATA-MYSQL-100426.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=47573", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update bytefx-data-mysql-2384.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(47573);\n script_version(\"$Revision: 1.4 $\");\n script_cvs_date(\"$Date: 2014/06/13 19:55:06 $\");\n\n script_cve_id(\"CVE-2010-1459\");\n\n script_name(english:\"openSUSE Security Update : bytefx-data-mysql (openSUSE-SU-2010:0342-1)\");\n script_summary(english:\"Check for the bytefx-data-mysql-2384 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Mono's ASP.NET implementation did not set the 'EnableViewStateMac'\nproperty by default. Attackers could exploit that to conduct\ncross-site-scripting (XSS) attacks.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://lists.opensuse.org/opensuse-updates/2010-06/msg00010.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=592428\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected bytefx-data-mysql packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:bytefx-data-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ibm-data-db2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mono-complete\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mono-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mono-data\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mono-data-firebird\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mono-data-oracle\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mono-data-postgresql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mono-data-sqlite\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mono-data-sybase\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mono-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mono-extras\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mono-jscript\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mono-locale-extras\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mono-nunit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mono-wcf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mono-web\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mono-winforms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:monodoc-core\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/04/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/07/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2014 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.2\", reference:\"bytefx-data-mysql-2.4.2.3-2.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"ibm-data-db2-2.4.2.3-2.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"mono-complete-2.4.2.3-2.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"mono-core-2.4.2.3-2.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"mono-data-2.4.2.3-2.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"mono-data-firebird-2.4.2.3-2.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"mono-data-oracle-2.4.2.3-2.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"mono-data-postgresql-2.4.2.3-2.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"mono-data-sqlite-2.4.2.3-2.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"mono-data-sybase-2.4.2.3-2.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"mono-devel-2.4.2.3-2.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"mono-extras-2.4.2.3-2.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"mono-jscript-2.4.2.3-2.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"mono-locale-extras-2.4.2.3-2.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"mono-nunit-2.4.2.3-2.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"mono-wcf-2.4.2.3-2.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"mono-web-2.4.2.3-2.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"mono-winforms-2.4.2.3-2.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"monodoc-core-2.4.2.3-2.7.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"bytefx-data-mysql / ibm-data-db2 / mono-complete / mono-core / etc\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-09-01T23:55:10", "references": ["http://www.nessus.org/u?bc5ac0da", "http://www.nessus.org/u?b52c25ed", "http://www.nessus.org/u?55461ebe", "http://www.nessus.org/u?15b75f01", "http://www.nessus.org/u?1750e472", "http://www.nessus.org/u?3ec80b03", "http://www.nessus.org/u?0ff9dfa1", "https://bugzilla.redhat.com/show_bug.cgi?id=598155", "http://www.nessus.org/u?e856b116"], "pluginID": "47719", "description": "- update the mono stack to release 2.6.4\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "edition": 4, "reporter": "Tenable", "published": "2010-07-14T00:00:00", "title": "Fedora 13 : gnome-sharp-2.24.1-1.fc13 / gtksourceview-sharp-2.0.12-11.fc13 / libgdiplus-2.6.4-1.fc13 / etc (2010-10332)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Fedora Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-1459"], "modified": "2016-05-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:gnome-sharp", "p-cpe:/a:fedoraproject:fedora:mono", "p-cpe:/a:fedoraproject:fedora:mono-basic", "cpe:/o:fedoraproject:fedora:13", "p-cpe:/a:fedoraproject:fedora:mono-tools", "p-cpe:/a:fedoraproject:fedora:xsp", "p-cpe:/a:fedoraproject:fedora:gtksourceview-sharp", "p-cpe:/a:fedoraproject:fedora:libgdiplus", "p-cpe:/a:fedoraproject:fedora:mod_mono"], "id": "FEDORA_2010-10332.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=47719", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2010-10332.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(47719);\n script_version(\"$Revision: 1.10 $\");\n script_cvs_date(\"$Date: 2016/05/11 13:16:08 $\");\n\n script_cve_id(\"CVE-2010-1459\");\n script_bugtraq_id(40351);\n script_xref(name:\"FEDORA\", value:\"2010-10332\");\n\n script_name(english:\"Fedora 13 : gnome-sharp-2.24.1-1.fc13 / gtksourceview-sharp-2.0.12-11.fc13 / libgdiplus-2.6.4-1.fc13 / etc (2010-10332)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - update the mono stack to release 2.6.4\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=598155\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2010-July/044047.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?55461ebe\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2010-July/044048.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?15b75f01\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2010-July/044049.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?3ec80b03\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2010-July/044050.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?e856b116\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2010-July/044052.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?b52c25ed\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2010-July/044054.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?1750e472\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2010-July/044055.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?0ff9dfa1\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2010-July/044057.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?bc5ac0da\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:gnome-sharp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:gtksourceview-sharp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:libgdiplus\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:mod_mono\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:mono\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:mono-basic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:mono-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:xsp\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:13\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/06/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/07/14\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2016 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^13([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 13.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC13\", reference:\"gnome-sharp-2.24.1-1.fc13\")) flag++;\nif (rpm_check(release:\"FC13\", reference:\"gtksourceview-sharp-2.0.12-11.fc13\")) flag++;\nif (rpm_check(release:\"FC13\", reference:\"libgdiplus-2.6.4-1.fc13\")) flag++;\nif (rpm_check(release:\"FC13\", reference:\"mod_mono-2.6.3-1.fc13\")) flag++;\nif (rpm_check(release:\"FC13\", reference:\"mono-2.6.4-1.fc13\")) flag++;\nif (rpm_check(release:\"FC13\", reference:\"mono-basic-2.6.2-1.fc13\")) flag++;\nif (rpm_check(release:\"FC13\", reference:\"mono-tools-2.6.2-1.fc13\")) flag++;\nif (rpm_check(release:\"FC13\", reference:\"xsp-2.6.4-1.fc13\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"gnome-sharp / gtksourceview-sharp / libgdiplus / mod_mono / mono / etc\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-09-01T23:48:23", "references": [], "pluginID": "60126", "description": "It was discovered that the Mono System.Web library incorrectly filtered certain error messages related to forbidden files. If a user were tricked into opening a specially crafted URL, an attacker could possibly exploit this to conduct cross-site scripting (XSS) attacks.\n(CVE-2012-3382)\n\nIt was discovered that the Mono System.Web library incorrectly handled the EnableViewStateMac property. If a user were tricked into opening a specially crafted URL, an attacker could possibly exploit this to conduct cross-site scripting (XSS) attacks. This issue only affected Ubuntu 10.04 LTS. (CVE-2010-4159).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "edition": 5, "reporter": "Tenable", "published": "2012-07-26T00:00:00", "title": "Ubuntu 10.04 LTS / 11.04 / 11.10 / 12.04 LTS : mono vulnerabilities (USN-1517-1)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "Ubuntu Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-4159", "CVE-2012-3382", "CVE-2010-1459"], "modified": "2018-08-01T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:libmono-system-web2.0-cil", "cpe:/o:canonical:ubuntu_linux:11.10", "p-cpe:/a:canonical:ubuntu_linux:libmono-system-web4.0-cil", "cpe:/o:canonical:ubuntu_linux:11.04", "cpe:/o:canonical:ubuntu_linux:10.04:-:lts", "p-cpe:/a:canonical:ubuntu_linux:libmono-system-web1.0-cil", "cpe:/o:canonical:ubuntu_linux:12.04:-:lts"], "id": "UBUNTU_USN-1517-1.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=60126", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-1517-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(60126);\n script_version(\"1.6\");\n script_cvs_date(\"Date: 2018/08/01 17:36:14\");\n\n script_cve_id(\"CVE-2010-1459\", \"CVE-2010-4159\", \"CVE-2012-3382\");\n script_bugtraq_id(40351, 54344);\n script_xref(name:\"USN\", value:\"1517-1\");\n\n script_name(english:\"Ubuntu 10.04 LTS / 11.04 / 11.10 / 12.04 LTS : mono vulnerabilities (USN-1517-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that the Mono System.Web library incorrectly\nfiltered certain error messages related to forbidden files. If a user\nwere tricked into opening a specially crafted URL, an attacker could\npossibly exploit this to conduct cross-site scripting (XSS) attacks.\n(CVE-2012-3382)\n\nIt was discovered that the Mono System.Web library incorrectly handled\nthe EnableViewStateMac property. If a user were tricked into opening a\nspecially crafted URL, an attacker could possibly exploit this to\nconduct cross-site scripting (XSS) attacks. This issue only affected\nUbuntu 10.04 LTS. (CVE-2010-4159).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected libmono-system-web1.0-cil,\nlibmono-system-web2.0-cil and / or libmono-system-web4.0-cil packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libmono-system-web1.0-cil\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libmono-system-web2.0-cil\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libmono-system-web4.0-cil\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:10.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:11.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:11.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:12.04:-:lts\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/07/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/07/26\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2012-2018 Canonical, Inc. / NASL script (C) 2012-2016 Tenable Network Security, Inc.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! ereg(pattern:\"^(10\\.04|11\\.04|11\\.10|12\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 10.04 / 11.04 / 11.10 / 12.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"10.04\", pkgname:\"libmono-system-web1.0-cil\", pkgver:\"2.4.4~svn151842-1ubuntu4.1\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"libmono-system-web2.0-cil\", pkgver:\"2.4.4~svn151842-1ubuntu4.1\")) flag++;\nif (ubuntu_check(osver:\"11.04\", pkgname:\"libmono-system-web1.0-cil\", pkgver:\"2.6.7-5ubuntu3.1\")) flag++;\nif (ubuntu_check(osver:\"11.04\", pkgname:\"libmono-system-web2.0-cil\", pkgver:\"2.6.7-5ubuntu3.1\")) flag++;\nif (ubuntu_check(osver:\"11.10\", pkgname:\"libmono-system-web2.0-cil\", pkgver:\"2.10.5-1ubuntu0.1\")) flag++;\nif (ubuntu_check(osver:\"11.10\", pkgname:\"libmono-system-web4.0-cil\", pkgver:\"2.10.5-1ubuntu0.1\")) flag++;\nif (ubuntu_check(osver:\"12.04\", pkgname:\"libmono-system-web2.0-cil\", pkgver:\"2.10.8.1-1ubuntu2.2\")) flag++;\nif (ubuntu_check(osver:\"12.04\", pkgname:\"libmono-system-web4.0-cil\", pkgver:\"2.10.8.1-1ubuntu2.2\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libmono-system-web1.0-cil / libmono-system-web2.0-cil / etc\");\n}\n", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}