ID OPENVAS:1361412562310862493 Type openvas Reporter Copyright (c) 2010 Greenbone Networks GmbH Modified 2017-12-29T00:00:00
Description
Check for the Version of cvs
###############################################################################
# OpenVAS Vulnerability Test
#
# Fedora Update for cvs FEDORA-2010-16600
#
# Authors:
# System Generated Check
#
# Copyright:
# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2
# (or any later version), as published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################
include("revisions-lib.inc");
tag_insight = "CVS (Concurrent Versions System) is a version control system that can
record the history of your files (usually, but not always, source
code). CVS only stores the differences between versions, instead of
every version of every file you have ever created. CVS also keeps a log
of who, when, and why changes occurred.
CVS is very helpful for managing releases and controlling the
concurrent editing of source files among multiple authors. Instead of
providing version control for a collection of files in a single
directory, CVS provides version control for a hierarchical collection
of directories consisting of revision controlled files. These
directories and files can then be combined together to form a software
release.";
tag_solution = "Please Install the Updated Packages.";
tag_affected = "cvs on Fedora 13";
if(description)
{
script_xref(name : "URL" , value : "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/050090.html");
script_oid("1.3.6.1.4.1.25623.1.0.862493");
script_version("$Revision: 8258 $");
script_tag(name:"last_modification", value:"$Date: 2017-12-29 08:28:57 +0100 (Fri, 29 Dec 2017) $");
script_tag(name:"creation_date", value:"2010-11-04 12:09:38 +0100 (Thu, 04 Nov 2010)");
script_xref(name: "FEDORA", value: "2010-16600");
script_tag(name:"cvss_base", value:"6.9");
script_tag(name:"cvss_base_vector", value:"AV:L/AC:M/Au:N/C:C/I:C/A:C");
script_cve_id("CVE-2010-3846");
script_name("Fedora Update for cvs FEDORA-2010-16600");
script_tag(name: "summary" , value: "Check for the Version of cvs");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (c) 2010 Greenbone Networks GmbH");
script_family("Fedora Local Security Checks");
script_dependencies("gather-package-list.nasl");
script_mandatory_keys("ssh/login/fedora", "ssh/login/rpms");
script_tag(name : "affected" , value : tag_affected);
script_tag(name : "insight" , value : tag_insight);
script_tag(name : "solution" , value : tag_solution);
script_tag(name:"qod_type", value:"package");
script_tag(name:"solution_type", value:"VendorFix");
exit(0);
}
include("pkg-lib-rpm.inc");
release = get_kb_item("ssh/login/release");
res = "";
if(release == NULL){
exit(0);
}
if(release == "FC13")
{
if ((res = isrpmvuln(pkg:"cvs", rpm:"cvs~1.11.23~10.fc13", rls:"FC13")) != NULL)
{
security_message(data:res);
exit(0);
}
if (__pkg_match) exit(99); # Not vulnerable.
exit(0);
}
{"id": "OPENVAS:1361412562310862493", "type": "openvas", "bulletinFamily": "scanner", "title": "Fedora Update for cvs FEDORA-2010-16600", "description": "Check for the Version of cvs", "published": "2010-11-04T00:00:00", "modified": "2017-12-29T00:00:00", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310862493", "reporter": "Copyright (c) 2010 Greenbone Networks GmbH", "references": ["http://lists.fedoraproject.org/pipermail/package-announce/2010-October/050090.html", "2010-16600"], "cvelist": ["CVE-2010-3846"], "lastseen": "2018-01-02T10:54:01", "viewCount": 0, "enchantments": {"score": {"value": 6.2, "vector": "NONE", "modified": "2018-01-02T10:54:01", "rev": 2}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2010-3846"]}, {"type": "openvas", "idList": ["OPENVAS:862493", "OPENVAS:862514", "OPENVAS:1361412562310862653", "OPENVAS:862653", "OPENVAS:1361412562311220191455", "OPENVAS:1361412562310122259", "OPENVAS:1361412562310862514"]}, {"type": "nessus", "idList": ["REDHAT-RHSA-2010-0918.NASL", "ORACLELINUX_ELSA-2010-0918.NASL", "SL_20101129_CVS_ON_SL6_X.NASL", "FEDORA_2010-16600.NASL", "EULEROS_SA-2019-1455.NASL", "FEDORA_2010-16721.NASL", "FEDORA_2010-16599.NASL"]}, {"type": "redhat", "idList": ["RHSA-2010:0918"]}, {"type": "oraclelinux", "idList": ["ELSA-2010-0918"]}], "modified": "2018-01-02T10:54:01", "rev": 2}, "vulnersScore": 6.2}, "pluginID": "1361412562310862493", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for cvs FEDORA-2010-16600\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"CVS (Concurrent Versions System) is a version control system that can\n record the history of your files (usually, but not always, source\n code). CVS only stores the differences between versions, instead of\n every version of every file you have ever created. CVS also keeps a log\n of who, when, and why changes occurred.\n\n CVS is very helpful for managing releases and controlling the\n concurrent editing of source files among multiple authors. Instead of\n providing version control for a collection of files in a single\n directory, CVS provides version control for a hierarchical collection\n of directories consisting of revision controlled files. These\n directories and files can then be combined together to form a software\n release.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"cvs on Fedora 13\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2010-October/050090.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.862493\");\n script_version(\"$Revision: 8258 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-29 08:28:57 +0100 (Fri, 29 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-11-04 12:09:38 +0100 (Thu, 04 Nov 2010)\");\n script_xref(name: \"FEDORA\", value: \"2010-16600\");\n script_tag(name:\"cvss_base\", value:\"6.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_cve_id(\"CVE-2010-3846\");\n script_name(\"Fedora Update for cvs FEDORA-2010-16600\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of cvs\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC13\")\n{\n\n if ((res = isrpmvuln(pkg:\"cvs\", rpm:\"cvs~1.11.23~10.fc13\", rls:\"FC13\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "naslFamily": "Fedora Local Security Checks"}
{"cve": [{"lastseen": "2021-02-02T05:45:03", "description": "Array index error in the apply_rcs_change function in rcs.c in CVS 1.11.23 allows local users to gain privileges via an RCS file containing crafted delta fragment changes that trigger a heap-based buffer overflow.", "edition": 4, "cvss3": {}, "published": "2010-11-05T17:00:00", "title": "CVE-2010-3846", "type": "cve", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 6.9, "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-3846"], "modified": "2017-08-17T01:33:00", "cpe": ["cpe:/a:nongnu:cvs:1.11.23"], "id": "CVE-2010-3846", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3846", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:nongnu:cvs:1.11.23:*:*:*:*:*:*:*"]}], "openvas": [{"lastseen": "2018-01-19T15:05:02", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-3846"], "description": "Check for the Version of cvs", "modified": "2018-01-18T00:00:00", "published": "2010-11-16T00:00:00", "id": "OPENVAS:1361412562310862514", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310862514", "type": "openvas", "title": "Fedora Update for cvs FEDORA-2010-16599", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for cvs FEDORA-2010-16599\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"CVS (Concurrent Versions System) is a version control system that can\n record the history of your files (usually, but not always, source\n code). CVS only stores the differences between versions, instead of\n every version of every file you have ever created. CVS also keeps a log\n of who, when, and why changes occurred.\n\n CVS is very helpful for managing releases and controlling the\n concurrent editing of source files among multiple authors. Instead of\n providing version control for a collection of files in a single\n directory, CVS provides version control for a hierarchical collection\n of directories consisting of revision controlled files. These\n directories and files can then be combined together to form a software\n release.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"cvs on Fedora 12\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050212.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.862514\");\n script_version(\"$Revision: 8457 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-18 08:58:32 +0100 (Thu, 18 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2010-11-16 14:49:48 +0100 (Tue, 16 Nov 2010)\");\n script_xref(name: \"FEDORA\", value: \"2010-16599\");\n script_tag(name:\"cvss_base\", value:\"6.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_cve_id(\"CVE-2010-3846\");\n script_name(\"Fedora Update for cvs FEDORA-2010-16599\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of cvs\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC12\")\n{\n\n if ((res = isrpmvuln(pkg:\"cvs\", rpm:\"cvs~1.11.23~9.fc12\", rls:\"FC12\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-01-23T13:05:28", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-3846"], "description": "Check for the Version of cvs", "modified": "2018-01-23T00:00:00", "published": "2010-12-02T00:00:00", "id": "OPENVAS:1361412562310862653", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310862653", "type": "openvas", "title": "Fedora Update for cvs FEDORA-2010-16721", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for cvs FEDORA-2010-16721\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"CVS (Concurrent Versions System) is a version control system that can\n record the history of your files (usually, but not always, source\n code). CVS only stores the differences between versions, instead of\n every version of every file you have ever created. CVS also keeps a log\n of who, when, and why changes occurred.\n\n CVS is very helpful for managing releases and controlling the\n concurrent editing of source files among multiple authors. Instead of\n providing version control for a collection of files in a single\n directory, CVS provides version control for a hierarchical collection\n of directories consisting of revision controlled files. These\n directories and files can then be combined together to form a software\n release.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"cvs on Fedora 14\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050287.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.862653\");\n script_version(\"$Revision: 8495 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-23 08:57:49 +0100 (Tue, 23 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2010-12-02 08:39:14 +0100 (Thu, 02 Dec 2010)\");\n script_tag(name:\"cvss_base\", value:\"6.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"FEDORA\", value: \"2010-16721\");\n script_cve_id(\"CVE-2010-3846\");\n script_name(\"Fedora Update for cvs FEDORA-2010-16721\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of cvs\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC14\")\n{\n\n if ((res = isrpmvuln(pkg:\"cvs\", rpm:\"cvs~1.11.23~11.fc14\", rls:\"FC14\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-01-02T10:54:20", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-3846"], "description": "Check for the Version of cvs", "modified": "2017-12-22T00:00:00", "published": "2010-12-02T00:00:00", "id": "OPENVAS:862653", "href": "http://plugins.openvas.org/nasl.php?oid=862653", "type": "openvas", "title": "Fedora Update for cvs FEDORA-2010-16721", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for cvs FEDORA-2010-16721\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"CVS (Concurrent Versions System) is a version control system that can\n record the history of your files (usually, but not always, source\n code). CVS only stores the differences between versions, instead of\n every version of every file you have ever created. CVS also keeps a log\n of who, when, and why changes occurred.\n\n CVS is very helpful for managing releases and controlling the\n concurrent editing of source files among multiple authors. Instead of\n providing version control for a collection of files in a single\n directory, CVS provides version control for a hierarchical collection\n of directories consisting of revision controlled files. These\n directories and files can then be combined together to form a software\n release.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"cvs on Fedora 14\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050287.html\");\n script_id(862653);\n script_version(\"$Revision: 8226 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-22 07:30:26 +0100 (Fri, 22 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-12-02 08:39:14 +0100 (Thu, 02 Dec 2010)\");\n script_tag(name:\"cvss_base\", value:\"6.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"FEDORA\", value: \"2010-16721\");\n script_cve_id(\"CVE-2010-3846\");\n script_name(\"Fedora Update for cvs FEDORA-2010-16721\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of cvs\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC14\")\n{\n\n if ((res = isrpmvuln(pkg:\"cvs\", rpm:\"cvs~1.11.23~11.fc14\", rls:\"FC14\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-12-14T11:48:23", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-3846"], "description": "Check for the Version of cvs", "modified": "2017-12-14T00:00:00", "published": "2010-11-04T00:00:00", "id": "OPENVAS:862493", "href": "http://plugins.openvas.org/nasl.php?oid=862493", "type": "openvas", "title": "Fedora Update for cvs FEDORA-2010-16600", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for cvs FEDORA-2010-16600\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"CVS (Concurrent Versions System) is a version control system that can\n record the history of your files (usually, but not always, source\n code). CVS only stores the differences between versions, instead of\n every version of every file you have ever created. CVS also keeps a log\n of who, when, and why changes occurred.\n\n CVS is very helpful for managing releases and controlling the\n concurrent editing of source files among multiple authors. Instead of\n providing version control for a collection of files in a single\n directory, CVS provides version control for a hierarchical collection\n of directories consisting of revision controlled files. These\n directories and files can then be combined together to form a software\n release.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"cvs on Fedora 13\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2010-October/050090.html\");\n script_id(862493);\n script_version(\"$Revision: 8109 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-14 07:31:15 +0100 (Thu, 14 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-11-04 12:09:38 +0100 (Thu, 04 Nov 2010)\");\n script_xref(name: \"FEDORA\", value: \"2010-16600\");\n script_tag(name:\"cvss_base\", value:\"6.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_cve_id(\"CVE-2010-3846\");\n script_name(\"Fedora Update for cvs FEDORA-2010-16600\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of cvs\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC13\")\n{\n\n if ((res = isrpmvuln(pkg:\"cvs\", rpm:\"cvs~1.11.23~10.fc13\", rls:\"FC13\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:36:23", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-3846"], "description": "Oracle Linux Local Security Checks ELSA-2010-0918", "modified": "2018-09-28T00:00:00", "published": "2015-10-06T00:00:00", "id": "OPENVAS:1361412562310122259", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310122259", "type": "openvas", "title": "Oracle Linux Local Check: ELSA-2010-0918", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2010-0918.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.122259\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-06 14:15:35 +0300 (Tue, 06 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2010-0918\");\n script_tag(name:\"insight\", value:\"ELSA-2010-0918 - cvs security update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2010-0918\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2010-0918.html\");\n script_cve_id(\"CVE-2010-3846\");\n script_tag(name:\"cvss_base\", value:\"6.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux6\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux6\")\n{\n if ((res = isrpmvuln(pkg:\"cvs\", rpm:\"cvs~1.11.23~11.el6_0.1\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2017-12-21T11:33:01", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-3846"], "description": "Check for the Version of cvs", "modified": "2017-12-20T00:00:00", "published": "2010-11-16T00:00:00", "id": "OPENVAS:862514", "href": "http://plugins.openvas.org/nasl.php?oid=862514", "type": "openvas", "title": "Fedora Update for cvs FEDORA-2010-16599", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for cvs FEDORA-2010-16599\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"CVS (Concurrent Versions System) is a version control system that can\n record the history of your files (usually, but not always, source\n code). CVS only stores the differences between versions, instead of\n every version of every file you have ever created. CVS also keeps a log\n of who, when, and why changes occurred.\n\n CVS is very helpful for managing releases and controlling the\n concurrent editing of source files among multiple authors. Instead of\n providing version control for a collection of files in a single\n directory, CVS provides version control for a hierarchical collection\n of directories consisting of revision controlled files. These\n directories and files can then be combined together to form a software\n release.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"cvs on Fedora 12\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050212.html\");\n script_id(862514);\n script_version(\"$Revision: 8186 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-20 07:30:34 +0100 (Wed, 20 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-11-16 14:49:48 +0100 (Tue, 16 Nov 2010)\");\n script_xref(name: \"FEDORA\", value: \"2010-16599\");\n script_tag(name:\"cvss_base\", value:\"6.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_cve_id(\"CVE-2010-3846\");\n script_name(\"Fedora Update for cvs FEDORA-2010-16599\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of cvs\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC12\")\n{\n\n if ((res = isrpmvuln(pkg:\"cvs\", rpm:\"cvs~1.11.23~9.fc12\", rls:\"FC12\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2020-01-27T18:36:52", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-3846"], "description": "The remote host is missing an update for the Huawei EulerOS\n ", "modified": "2020-01-23T00:00:00", "published": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220191455", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220191455", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for cvs (EulerOS-SA-2019-1455)", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2019.1455\");\n script_version(\"2020-01-23T11:47:57+0000\");\n script_cve_id(\"CVE-2010-3846\");\n script_tag(name:\"cvss_base\", value:\"6.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 11:47:57 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 11:47:57 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for cvs (EulerOS-SA-2019-1455)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROSVIRT-3\\.0\\.1\\.0\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2019-1455\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1455\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'cvs' package(s) announced via the EulerOS-SA-2019-1455 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Array index error in the apply_rcs_change function in rcs.c in CVS 1.11.23 allows local users to gain privileges via an RCS file containing crafted delta fragment changes that trigger a heap-based buffer overflow.(CVE-2010-3846)\");\n\n script_tag(name:\"affected\", value:\"'cvs' package(s) on Huawei EulerOS Virtualization 3.0.1.0.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROSVIRT-3.0.1.0\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"cvs\", rpm:\"cvs~1.11.23~35.eulerosv2r7\", rls:\"EULEROSVIRT-3.0.1.0\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}], "oraclelinux": [{"lastseen": "2019-05-29T18:34:47", "bulletinFamily": "unix", "cvelist": ["CVE-2010-3846"], "description": "[1.11.23-11.el6_0.1]\n- Fix CVE-2010-3846 (Resolves: #644813)", "edition": 4, "modified": "2011-02-10T00:00:00", "published": "2011-02-10T00:00:00", "id": "ELSA-2010-0918", "href": "http://linux.oracle.com/errata/ELSA-2010-0918.html", "title": "cvs security update", "type": "oraclelinux", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}], "redhat": [{"lastseen": "2019-08-13T18:47:02", "bulletinFamily": "unix", "cvelist": ["CVE-2010-3846"], "description": "Concurrent Version System (CVS) is a version control system that can record\nthe history of your files.\n\nAn array index error, leading to a heap-based buffer overflow, was found in\nthe way CVS applied certain delta fragment changes from input files in the\nRCS (Revision Control System file) format. If an attacker in control of a\nCVS repository stored a specially-crafted RCS file in that repository, and\nthen tricked a remote victim into checking out (updating their CVS\nrepository tree) a revision containing that file, it could lead to\narbitrary code execution with the privileges of the CVS server process\non the system hosting the CVS repository. (CVE-2010-3846)\n\nRed Hat would like to thank Ralph Loader for reporting this issue.\n\nAll users of cvs are advised to upgrade to this updated package, which\ncontains a backported patch to correct this issue.\n", "modified": "2018-06-06T20:24:31", "published": "2010-11-29T05:00:00", "id": "RHSA-2010:0918", "href": "https://access.redhat.com/errata/RHSA-2010:0918", "type": "redhat", "title": "(RHSA-2010:0918) Moderate: cvs security update", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}], "nessus": [{"lastseen": "2021-01-07T08:55:51", "description": "According to the version of the cvs package installed, the EulerOS\nVirtualization installation on the remote host is affected by the\nfollowing vulnerability :\n\n - Array index error in the apply_rcs_change function in\n rcs.c in CVS 1.11.23 allows local users to gain\n privileges via an RCS file containing crafted delta\n fragment changes that trigger a heap-based buffer\n overflow.(CVE-2010-3846)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 17, "published": "2019-05-14T00:00:00", "title": "EulerOS Virtualization 3.0.1.0 : cvs (EulerOS-SA-2019-1455)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-3846"], "modified": "2019-05-14T00:00:00", "cpe": ["cpe:/o:huawei:euleros:uvp:3.0.1.0", "p-cpe:/a:huawei:euleros:cvs"], "id": "EULEROS_SA-2019-1455.NASL", "href": "https://www.tenable.com/plugins/nessus/124958", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(124958);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2010-3846\"\n );\n script_bugtraq_id(\n 44528\n );\n\n script_name(english:\"EulerOS Virtualization 3.0.1.0 : cvs (EulerOS-SA-2019-1455)\");\n script_summary(english:\"Checks the rpm output for the updated package.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the version of the cvs package installed, the EulerOS\nVirtualization installation on the remote host is affected by the\nfollowing vulnerability :\n\n - Array index error in the apply_rcs_change function in\n rcs.c in CVS 1.11.23 allows local users to gain\n privileges via an RCS file containing crafted delta\n fragment changes that trigger a heap-based buffer\n overflow.(CVE-2010-3846)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1455\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?ecf94914\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected cvs package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:ND\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/05/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/05/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:cvs\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:3.0.1.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"3.0.1.0\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 3.0.1.0\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"cvs-1.11.23-35.eulerosv2r7\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"cvs\");\n}\n", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-12T10:08:15", "description": " - Thu Oct 21 2010 Petr Pisar <ppisar at redhat.com> -\n 1.11.23-9\n\n - Fix CVE-2010-3846 (bug #645386)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 23, "published": "2010-11-02T00:00:00", "title": "Fedora 12 : cvs-1.11.23-9.fc12 (2010-16599)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-3846"], "modified": "2010-11-02T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:cvs", "cpe:/o:fedoraproject:fedora:12"], "id": "FEDORA_2010-16599.NASL", "href": "https://www.tenable.com/plugins/nessus/50440", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2010-16599.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(50440);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2010-3846\");\n script_bugtraq_id(44528);\n script_xref(name:\"FEDORA\", value:\"2010-16599\");\n\n script_name(english:\"Fedora 12 : cvs-1.11.23-9.fc12 (2010-16599)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - Thu Oct 21 2010 Petr Pisar <ppisar at redhat.com> -\n 1.11.23-9\n\n - Fix CVE-2010-3846 (bug #645386)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=642146\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2010-November/050212.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?42639cc3\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected cvs package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:ND\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:cvs\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:12\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/10/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/11/02\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^12([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 12.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC12\", reference:\"cvs-1.11.23-9.fc12\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"cvs\");\n}\n", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-12T10:08:15", "description": " - Thu Oct 21 2010 Petr Pisar <ppisar at redhat.com> -\n 1.11.23-10\n\n - Fix CVE-2010-3846 (bug #645386)\n\n - Tue Jan 12 2010 Jiri Moskovcak <jmoskovc at\n redhat.com> 1.11.23-9\n\n - spec file fixes based on review\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 24, "published": "2010-10-29T00:00:00", "title": "Fedora 13 : cvs-1.11.23-10.fc13 (2010-16600)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-3846"], "modified": "2010-10-29T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:cvs", "cpe:/o:fedoraproject:fedora:13"], "id": "FEDORA_2010-16600.NASL", "href": "https://www.tenable.com/plugins/nessus/50398", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2010-16600.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(50398);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2010-3846\");\n script_xref(name:\"FEDORA\", value:\"2010-16600\");\n\n script_name(english:\"Fedora 13 : cvs-1.11.23-10.fc13 (2010-16600)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - Thu Oct 21 2010 Petr Pisar <ppisar at redhat.com> -\n 1.11.23-10\n\n - Fix CVE-2010-3846 (bug #645386)\n\n - Tue Jan 12 2010 Jiri Moskovcak <jmoskovc at\n redhat.com> 1.11.23-9\n\n - spec file fixes based on review\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=642146\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2010-October/050090.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?1174f400\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected cvs package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:cvs\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:13\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/10/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/10/29\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^13([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 13.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC13\", reference:\"cvs-1.11.23-10.fc13\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"cvs\");\n}\n", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-12T10:08:18", "description": " - Thu Oct 21 2010 Petr Pisar <ppisar at redhat.com> -\n 1.11.23-11\n\n - Fix CVE-2010-3846 (bug #645386)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 23, "published": "2010-11-05T00:00:00", "title": "Fedora 14 : cvs-1.11.23-11.fc14 (2010-16721)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-3846"], "modified": "2010-11-05T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:cvs", "cpe:/o:fedoraproject:fedora:14"], "id": "FEDORA_2010-16721.NASL", "href": "https://www.tenable.com/plugins/nessus/50481", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2010-16721.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(50481);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2010-3846\");\n script_bugtraq_id(44528);\n script_xref(name:\"FEDORA\", value:\"2010-16721\");\n\n script_name(english:\"Fedora 14 : cvs-1.11.23-11.fc14 (2010-16721)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - Thu Oct 21 2010 Petr Pisar <ppisar at redhat.com> -\n 1.11.23-11\n\n - Fix CVE-2010-3846 (bug #645386)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=642146\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2010-November/050287.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?2805786e\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected cvs package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:ND\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:cvs\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:14\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/10/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/11/05\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^14([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 14.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC14\", reference:\"cvs-1.11.23-11.fc14\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"cvs\");\n}\n", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-17T13:45:16", "description": "An array index error, leading to a heap-based buffer overflow, was\nfound in the way CVS applied certain delta fragment changes from input\nfiles in the RCS (Revision Control System file) format. If an attacker\nin control of a CVS repository stored a specially crafted RCS file in\nthat repository, and then tricked a remote victim into checking out\n(updating their CVS repository tree) a revision containing that file,\nit could lead to arbitrary code execution with the privileges of the\nCVS server process on the system hosting the CVS repository.\n(CVE-2010-3846)", "edition": 24, "published": "2012-08-01T00:00:00", "title": "Scientific Linux Security Update : cvs on SL6.x i386/x86_64", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-3846"], "modified": "2012-08-01T00:00:00", "cpe": ["x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20101129_CVS_ON_SL6_X.NASL", "href": "https://www.tenable.com/plugins/nessus/60907", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(60907);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2010-3846\");\n\n script_name(english:\"Scientific Linux Security Update : cvs on SL6.x i386/x86_64\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Scientific Linux host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An array index error, leading to a heap-based buffer overflow, was\nfound in the way CVS applied certain delta fragment changes from input\nfiles in the RCS (Revision Control System file) format. If an attacker\nin control of a CVS repository stored a specially crafted RCS file in\nthat repository, and then tricked a remote victim into checking out\n(updating their CVS repository tree) a revision containing that file,\nit could lead to arbitrary code execution with the privileges of the\nCVS server process on the system hosting the CVS repository.\n(CVE-2010-3846)\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1103&L=scientific-linux-errata&T=0&P=4061\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?91d0bee9\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected cvs package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/11/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/08/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL6\", reference:\"cvs-1.11.23-11.el6_0.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-17T12:45:30", "description": "From Red Hat Security Advisory 2010:0918 :\n\nAn updated cvs package that fixes one security issue is now available\nfor Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. A Common Vulnerability Scoring System (CVSS)\nbase score, which gives a detailed severity rating, is available from\nthe CVE link in the References section.\n\nConcurrent Version System (CVS) is a version control system that can\nrecord the history of your files.\n\nAn array index error, leading to a heap-based buffer overflow, was\nfound in the way CVS applied certain delta fragment changes from input\nfiles in the RCS (Revision Control System file) format. If an attacker\nin control of a CVS repository stored a specially crafted RCS file in\nthat repository, and then tricked a remote victim into checking out\n(updating their CVS repository tree) a revision containing that file,\nit could lead to arbitrary code execution with the privileges of the\nCVS server process on the system hosting the CVS repository.\n(CVE-2010-3846)\n\nRed Hat would like to thank Ralph Loader for reporting this issue.\n\nAll users of cvs are advised to upgrade to this updated package, which\ncontains a backported patch to correct this issue.", "edition": 23, "published": "2013-07-12T00:00:00", "title": "Oracle Linux 6 : cvs (ELSA-2010-0918)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-3846"], "modified": "2013-07-12T00:00:00", "cpe": ["cpe:/o:oracle:linux:6", "p-cpe:/a:oracle:linux:cvs"], "id": "ORACLELINUX_ELSA-2010-0918.NASL", "href": "https://www.tenable.com/plugins/nessus/68149", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2010:0918 and \n# Oracle Linux Security Advisory ELSA-2010-0918 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(68149);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2010-3846\");\n script_bugtraq_id(44528);\n script_xref(name:\"RHSA\", value:\"2010:0918\");\n\n script_name(english:\"Oracle Linux 6 : cvs (ELSA-2010-0918)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2010:0918 :\n\nAn updated cvs package that fixes one security issue is now available\nfor Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. A Common Vulnerability Scoring System (CVSS)\nbase score, which gives a detailed severity rating, is available from\nthe CVE link in the References section.\n\nConcurrent Version System (CVS) is a version control system that can\nrecord the history of your files.\n\nAn array index error, leading to a heap-based buffer overflow, was\nfound in the way CVS applied certain delta fragment changes from input\nfiles in the RCS (Revision Control System file) format. If an attacker\nin control of a CVS repository stored a specially crafted RCS file in\nthat repository, and then tricked a remote victim into checking out\n(updating their CVS repository tree) a revision containing that file,\nit could lead to arbitrary code execution with the privileges of the\nCVS server process on the system hosting the CVS repository.\n(CVE-2010-3846)\n\nRed Hat would like to thank Ralph Loader for reporting this issue.\n\nAll users of cvs are advised to upgrade to this updated package, which\ncontains a backported patch to correct this issue.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2011-February/001842.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected cvs package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:ND\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:cvs\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2010/11/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/02/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 6\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL6\", reference:\"cvs-1.11.23-11.el6_0.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"cvs\");\n}\n", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-17T13:08:34", "description": "An updated cvs package that fixes one security issue is now available\nfor Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. A Common Vulnerability Scoring System (CVSS)\nbase score, which gives a detailed severity rating, is available from\nthe CVE link in the References section.\n\nConcurrent Version System (CVS) is a version control system that can\nrecord the history of your files.\n\nAn array index error, leading to a heap-based buffer overflow, was\nfound in the way CVS applied certain delta fragment changes from input\nfiles in the RCS (Revision Control System file) format. If an attacker\nin control of a CVS repository stored a specially crafted RCS file in\nthat repository, and then tricked a remote victim into checking out\n(updating their CVS repository tree) a revision containing that file,\nit could lead to arbitrary code execution with the privileges of the\nCVS server process on the system hosting the CVS repository.\n(CVE-2010-3846)\n\nRed Hat would like to thank Ralph Loader for reporting this issue.\n\nAll users of cvs are advised to upgrade to this updated package, which\ncontains a backported patch to correct this issue.", "edition": 26, "published": "2010-11-30T00:00:00", "title": "RHEL 6 : cvs (RHSA-2010:0918)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-3846"], "modified": "2010-11-30T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:cvs", "p-cpe:/a:redhat:enterprise_linux:cvs-debuginfo", "cpe:/o:redhat:enterprise_linux:6", "cpe:/o:redhat:enterprise_linux:6.0"], "id": "REDHAT-RHSA-2010-0918.NASL", "href": "https://www.tenable.com/plugins/nessus/50840", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2010:0918. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(50840);\n script_version(\"1.19\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2010-3846\");\n script_bugtraq_id(44528);\n script_xref(name:\"RHSA\", value:\"2010:0918\");\n\n script_name(english:\"RHEL 6 : cvs (RHSA-2010:0918)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An updated cvs package that fixes one security issue is now available\nfor Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. A Common Vulnerability Scoring System (CVSS)\nbase score, which gives a detailed severity rating, is available from\nthe CVE link in the References section.\n\nConcurrent Version System (CVS) is a version control system that can\nrecord the history of your files.\n\nAn array index error, leading to a heap-based buffer overflow, was\nfound in the way CVS applied certain delta fragment changes from input\nfiles in the RCS (Revision Control System file) format. If an attacker\nin control of a CVS repository stored a specially crafted RCS file in\nthat repository, and then tricked a remote victim into checking out\n(updating their CVS repository tree) a revision containing that file,\nit could lead to arbitrary code execution with the privileges of the\nCVS server process on the system hosting the CVS repository.\n(CVE-2010-3846)\n\nRed Hat would like to thank Ralph Loader for reporting this issue.\n\nAll users of cvs are advised to upgrade to this updated package, which\ncontains a backported patch to correct this issue.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-3846\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2010:0918\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected cvs and / or cvs-debuginfo packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:ND\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:cvs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:cvs-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2010/11/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/11/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/11/30\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2010:0918\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"cvs-1.11.23-11.el6_0.1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"cvs-1.11.23-11.el6_0.1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"cvs-1.11.23-11.el6_0.1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"cvs-debuginfo-1.11.23-11.el6_0.1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"cvs-debuginfo-1.11.23-11.el6_0.1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"cvs-debuginfo-1.11.23-11.el6_0.1\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"cvs / cvs-debuginfo\");\n }\n}\n", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}], "fedora": [{"lastseen": "2020-12-21T08:17:50", "bulletinFamily": "unix", "cvelist": ["CVE-2010-3846"], "description": "CVS (Concurrent Versions System) is a version control system that can record the history of your files (usually, but not always, source code). CVS only stores the differences between versions, instead of every version of every file you have ever created. CVS also keeps a log of who, when, and why changes occurred. CVS is very helpful for managing releases and controlling the concurrent editing of source files among multiple authors. Instead of providing version control for a collection of files in a single directory, CVS provides version control for a hierarchical collection of directories consisting of revision controlled files. These directories and files can then be combined together to form a software release. ", "modified": "2010-11-01T20:56:14", "published": "2010-11-01T20:56:14", "id": "FEDORA:BBC90111043", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 12 Update: cvs-1.11.23-9.fc12", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:50", "bulletinFamily": "unix", "cvelist": ["CVE-2010-3846"], "description": "CVS (Concurrent Versions System) is a version control system that can record the history of your files (usually, but not always, source code). CVS only stores the differences between versions, instead of every version of every file you have ever created. CVS also keeps a log of who, when, and why changes occurred. CVS is very helpful for managing releases and controlling the concurrent editing of source files among multiple authors. Instead of providing version control for a collection of files in a single directory, CVS provides version control for a hierarchical collection of directories consisting of revision controlled files. These directories and files can then be combined together to form a software release. ", "modified": "2010-10-28T22:21:07", "published": "2010-10-28T22:21:07", "id": "FEDORA:EF637110675", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 13 Update: cvs-1.11.23-10.fc13", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:50", "bulletinFamily": "unix", "cvelist": ["CVE-2010-3846"], "description": "CVS (Concurrent Versions System) is a version control system that can record the history of your files (usually, but not always, source code). CVS only stores the differences between versions, instead of every version of every file you have ever created. CVS also keeps a log of who, when, and why changes occurred. CVS is very helpful for managing releases and controlling the concurrent editing of source files among multiple authors. Instead of providing version control for a collection of files in a single directory, CVS provides version control for a hierarchical collection of directories consisting of revision controlled files. These directories and files can then be combined together to form a software release. ", "modified": "2010-11-04T23:32:29", "published": "2010-11-04T23:32:29", "id": "FEDORA:E0E231116D7", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 14 Update: cvs-1.11.23-11.fc14", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}]}
