Search...

Fedora Update for zarafa FEDORA-2015-8479

2015-06-09T00:00:00

ID OPENVAS:1361412562310869404
Type openvas
Reporter Copyright (C) 2015 Greenbone Networks GmbH
Modified 2019-03-15T00:00:00

Description

The remote host is missing an update for the

                                        
                                            ###############################################################################
# OpenVAS Vulnerability Test
#
# Fedora Update for zarafa FEDORA-2015-8479
#
# Authors:
# System Generated Check
#
# Copyright:
# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2
# (or any later version), as published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################

if(description)
{
  script_oid("1.3.6.1.4.1.25623.1.0.869404");
  script_version("$Revision: 14223 $");
  script_tag(name:"last_modification", value:"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $");
  script_tag(name:"creation_date", value:"2015-06-09 10:53:06 +0200 (Tue, 09 Jun 2015)");
  script_cve_id("CVE-2015-3436", "CVE-2014-0103");
  script_tag(name:"cvss_base", value:"6.6");
  script_tag(name:"cvss_base_vector", value:"AV:L/AC:L/Au:N/C:N/I:C/A:C");
  script_tag(name:"qod_type", value:"package");
  script_name("Fedora Update for zarafa FEDORA-2015-8479");
  script_tag(name:"summary", value:"The remote host is missing an update for the 'zarafa'
  package(s) announced via the referenced advisory.");
  script_tag(name:"vuldetect", value:"Checks if a vulnerable version is present on the target host.");
  script_tag(name:"affected", value:"zarafa on Fedora 20");
  script_tag(name:"solution", value:"Please install the updated package(s).");
  script_xref(name:"FEDORA", value:"2015-8479");
  script_xref(name:"URL", value:"https://lists.fedoraproject.org/pipermail/package-announce/2015-June/159455.html");
  script_tag(name:"solution_type", value:"VendorFix");
  script_category(ACT_GATHER_INFO);
  script_copyright("Copyright (C) 2015 Greenbone Networks GmbH");
  script_family("Fedora Local Security Checks");
  script_dependencies("gather-package-list.nasl");
  script_mandatory_keys("ssh/login/fedora", "ssh/login/rpms", re:"ssh/login/release=FC20");

  exit(0);
}

include("revisions-lib.inc");
include("pkg-lib-rpm.inc");

release = rpm_get_ssh_release();
if(!release)
  exit(0);

res = "";

if(release == "FC20")
{

  if ((res = isrpmvuln(pkg:"zarafa", rpm:"zarafa~7.1.12~2.fc20", rls:"FC20")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if (__pkg_match) exit(99);
  exit(0);
}

JSON Vulners Source

Initial Source

{"id": "OPENVAS:1361412562310869404", "type": "openvas", "bulletinFamily": "scanner", "title": "Fedora Update for zarafa FEDORA-2015-8479", "description": "The remote host is missing an update for the ", "published": "2015-06-09T00:00:00", "modified": "2019-03-15T00:00:00", "cvss": {"score": 6.6, "vector": "AV:L/AC:L/Au:N/C:N/I:C/A:C"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310869404", "reporter": "Copyright (C) 2015 Greenbone Networks GmbH", "references": ["https://lists.fedoraproject.org/pipermail/package-announce/2015-June/159455.html", "2015-8479"], "cvelist": ["CVE-2014-0103", "CVE-2015-3436"], "lastseen": "2019-05-29T18:36:06", "viewCount": 0, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2015-8479", "CVE-2014-0103", "CVE-2015-3436"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310869306", "OPENVAS:1361412562310868041", "OPENVAS:1361412562310869303", "OPENVAS:1361412562310868032", "OPENVAS:1361412562310805708", "OPENVAS:1361412562310869400"]}, {"type": "fedora", "idList": ["FEDORA:EC1F3214B6", "FEDORA:CE83721CC0", "FEDORA:EB89060918C0", "FEDORA:D87F26092044", "FEDORA:36E57601502F", "FEDORA:9D65960BA910"]}, {"type": "nessus", "idList": ["FEDORA_2014-7889.NASL", "MANDRIVA_MDVSA-2014-182.NASL", "FEDORA_2015-8487.NASL", "FEDORA_2015-8479.NASL", "FEDORA_2014-7896.NASL"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:14008", "SECURITYVULNS:DOC:31201"]}], "modified": "2019-05-29T18:36:06", "rev": 2}, "score": {"value": 6.7, "vector": "NONE", "modified": "2019-05-29T18:36:06", "rev": 2}, "vulnersScore": 6.7}, "pluginID": "1361412562310869404", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for zarafa FEDORA-2015-8479\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.869404\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2015-06-09 10:53:06 +0200 (Tue, 09 Jun 2015)\");\n script_cve_id(\"CVE-2015-3436\", \"CVE-2014-0103\");\n script_tag(name:\"cvss_base\", value:\"6.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:N/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for zarafa FEDORA-2015-8479\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'zarafa'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"zarafa on Fedora 20\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2015-8479\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2015-June/159455.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC20\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC20\")\n{\n\n if ((res = isrpmvuln(pkg:\"zarafa\", rpm:\"zarafa~7.1.12~2.fc20\", rls:\"FC20\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "naslFamily": "Fedora Local Security Checks"}

{"cve": [{"lastseen": "2021-02-02T06:21:24", "description": "provider/server/ECServer.cpp in Zarafa Collaboration Platform (ZCP) before 7.1.13 and 7.2.x before 7.2.1 allows local users to write to arbitrary files via a symlink attack on /tmp/zarafa-upgrade-lock.", "edition": 6, "cvss3": {}, "published": "2015-06-09T14:59:00", "title": "CVE-2015-3436", "type": "cve", "cwe": ["CWE-59"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 6.6, "vectorString": "AV:L/AC:L/Au:N/C:N/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 9.2, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-3436"], "modified": "2016-12-06T03:00:00", "cpe": ["cpe:/a:zarafa:zarafa_collaboration_platform:7.2.0", "cpe:/a:zarafa:zarafa_collaboration_platform:7.1.12"], "id": "CVE-2015-3436", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-3436", "cvss": {"score": 6.6, "vector": "AV:L/AC:L/Au:N/C:N/I:C/A:C"}, "cpe23": ["cpe:2.3:a:zarafa:zarafa_collaboration_platform:7.1.12:*:*:*:*:*:*:*", "cpe:2.3:a:zarafa:zarafa_collaboration_platform:7.2.0:*:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T06:14:24", "description": "WebAccess in Zarafa before 7.1.10 and WebApp before 1.6 stores credentials in cleartext, which allows local Apache users to obtain sensitive information by reading the PHP session files.", "edition": 6, "cvss3": {}, "published": "2014-07-29T14:55:00", "title": "CVE-2014-0103", "type": "cve", "cwe": ["CWE-310"], "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-0103"], "modified": "2015-11-04T17:35:00", "cpe": ["cpe:/a:zarafa:zarafa:7.0.4", "cpe:/a:zarafa:zarafa:7.1.0", "cpe:/a:zarafa:zarafa:7.1.4", "cpe:/a:zarafa:zarafa:7.0", "cpe:/o:fedoraproject:fedora:19", "cpe:/a:zarafa:zarafa:7.0.7", "cpe:/a:zarafa:webapp:1.5", "cpe:/a:zarafa:zarafa:7.0.11", "cpe:/a:zarafa:zarafa:7.1.3", "cpe:/a:zarafa:zarafa:7.1.8", "cpe:/a:zarafa:zarafa:7.0.3", "cpe:/a:zarafa:zarafa:7.0.2", "cpe:/a:zarafa:zarafa:7.0.8", "cpe:/a:zarafa:zarafa:7.1.2", "cpe:/o:fedoraproject:fedora:20", "cpe:/a:zarafa:zarafa:7.0.13", "cpe:/a:zarafa:zarafa:7.0.5", "cpe:/a:zarafa:zarafa:7.0.12", "cpe:/a:zarafa:zarafa:7.1.1", "cpe:/a:zarafa:zarafa:7.0.6", "cpe:/a:zarafa:zarafa:7.0.9", "cpe:/a:zarafa:zarafa:7.0.1", "cpe:/a:zarafa:zarafa:7.0.10", "cpe:/a:zarafa:zarafa:7.1.9"], "id": "CVE-2014-0103", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0103", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:o:fedoraproject:fedora:19:*:*:*:*:*:*:*", "cpe:2.3:o:fedoraproject:fedora:20:*:*:*:*:*:*:*", "cpe:2.3:a:zarafa:zarafa:7.0.12:*:*:*:*:*:*:*", "cpe:2.3:a:zarafa:zarafa:7.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:zarafa:webapp:1.5:*:*:*:*:*:*:*", "cpe:2.3:a:zarafa:zarafa:7.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:zarafa:zarafa:7.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:zarafa:zarafa:7.0.11:*:*:*:*:*:*:*", "cpe:2.3:a:zarafa:zarafa:7.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:zarafa:zarafa:7.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:zarafa:zarafa:7.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:zarafa:zarafa:7.1.9:*:*:*:*:*:*:*", "cpe:2.3:a:zarafa:zarafa:7.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:zarafa:zarafa:7.0.13:*:*:*:*:*:*:*", "cpe:2.3:a:zarafa:zarafa:7.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:zarafa:zarafa:7.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:zarafa:zarafa:7.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:zarafa:zarafa:7.0.10:*:*:*:*:*:*:*", "cpe:2.3:a:zarafa:zarafa:7.0:*:*:*:*:*:*:*", "cpe:2.3:a:zarafa:zarafa:7.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:zarafa:zarafa:7.1.8:*:*:*:*:*:*:*", "cpe:2.3:a:zarafa:zarafa:7.1.4:*:*:*:*:*:*:*", "cpe:2.3:a:zarafa:zarafa:7.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:zarafa:zarafa:7.1.3:*:*:*:*:*:*:*"]}], "fedora": [{"lastseen": "2020-12-21T08:17:53", "bulletinFamily": "unix", "cvelist": ["CVE-2014-0103", "CVE-2015-3436"], "description": "The Zarafa Collaboration Platform is a Microsoft Exchange replacement. The Open Source Collaboration provides an integration with your existing Linux mail server, native mobile phone support by ActiveSync compatibility and a webaccess with 'Look & Feel' similar to Outlook using Ajax. Including an IMAP and a POP3 gateway as well as an iCal/CalDAV gateway, the Zarafa Open Source Collaboration can combine the usability with the stability and the flexibility of a Linux server. The proven Zarafa groupware solution is using MAPI objects, provides a MAPI client library as well as programming interfaces for C++, PHP and Python. The other Zarafa related packages need to be installed to gain all features and benefits of the Zarafa Collaboration Platform (ZCP). ", "modified": "2015-06-05T23:41:43", "published": "2015-06-05T23:41:43", "id": "FEDORA:D87F26092044", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 20 Update: zarafa-7.1.12-2.fc20", "cvss": {"score": 6.6, "vector": "AV:L/AC:L/Au:N/C:N/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:53", "bulletinFamily": "unix", "cvelist": ["CVE-2014-0103", "CVE-2015-3436"], "description": "The Zarafa Collaboration Platform is a Microsoft Exchange replacement. The Open Source Collaboration provides an integration with your existing Linux mail server, native mobile phone support by ActiveSync compatibility and a webaccess with 'Look & Feel' similar to Outlook using Ajax. Including an IMAP and a POP3 gateway as well as an iCal/CalDAV gateway, the Zarafa Open Source Collaboration can combine the usability with the stability and the flexibility of a Linux server. The proven Zarafa groupware solution is using MAPI objects, provides a MAPI client library as well as programming interfaces for C++, PHP and Python. The other Zarafa related packages need to be installed to gain all features and benefits of the Zarafa Collaboration Platform (ZCP). ", "modified": "2015-06-05T23:48:16", "published": "2015-06-05T23:48:16", "id": "FEDORA:9D65960BA910", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 21 Update: zarafa-7.1.12-2.fc21", "cvss": {"score": 6.6, "vector": "AV:L/AC:L/Au:N/C:N/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:52", "bulletinFamily": "unix", "cvelist": ["CVE-2014-0103"], "description": "The Zarafa Collaboration Platform is a Microsoft Exchange replacement. The Open Source Collaboration provides an integration with your existing Linux mail server, native mobile phone support by ActiveSync compatibility and a webaccess with 'Look & Feel' similar to Outlook using Ajax. Including an IMAP and a POP3 gateway as well as an iCal/CalDAV gateway, the Zarafa Open Source Collaboration can combine the usability with the stability and the flexibility of a Linux server. The proven Zarafa groupware solution is using MAPI objects, provides a MAPI client library as well as programming interfaces for C++, PHP and Python. The other Zarafa related packages need to be installed to gain all features and benefits of the Zarafa Collaboration Platform (ZCP). ", "modified": "2014-07-28T03:24:40", "published": "2014-07-28T03:24:40", "id": "FEDORA:EC1F3214B6", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 20 Update: zarafa-7.1.10-2.fc20", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2020-12-21T08:17:52", "bulletinFamily": "unix", "cvelist": ["CVE-2014-0103"], "description": "The Zarafa Collaboration Platform is a Microsoft Exchange replacement. The Open Source Collaboration provides an integration with your existing Linux mail server, native mobile phone support by ActiveSync compatibility and a webaccess with 'Look & Feel' similar to Outlook using Ajax. Including an IMAP and a POP3 gateway as well as an iCal/CalDAV gateway, the Zarafa Open Source Collaboration can combine the usability with the stability and the flexibility of a Linux server. The proven Zarafa groupware solution is using MAPI objects, provides a MAPI client library as well as programming interfaces for C++, PHP and Python. The other Zarafa related packages need to be installed to gain all features and benefits of the Zarafa Collaboration Platform (ZCP). ", "modified": "2014-07-28T03:25:29", "published": "2014-07-28T03:25:29", "id": "FEDORA:CE83721CC0", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 19 Update: zarafa-7.1.10-2.fc19", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2020-12-21T08:17:52", "bulletinFamily": "unix", "cvelist": ["CVE-2014-0103", "CVE-2014-9465"], "description": "The Zarafa Collaboration Platform is a Microsoft Exchange replacement. The Open Source Collaboration provides an integration with your existing Linux mail server, native mobile phone support by ActiveSync compatibility and a webaccess with 'Look & Feel' similar to Outlook using Ajax. Including an IMAP and a POP3 gateway as well as an iCal/CalDAV gateway, the Zarafa Open Source Collaboration can combine the usability with the stability and the flexibility of a Linux server. The proven Zarafa groupware solution is using MAPI objects, provides a MAPI client library as well as programming interfaces for C++, PHP and Python. The other Zarafa related packages need to be installed to gain all features and benefits of the Zarafa Collaboration Platform (ZCP). ", "modified": "2015-04-27T08:38:20", "published": "2015-04-27T08:38:20", "id": "FEDORA:36E57601502F", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 21 Update: zarafa-7.1.12-1.fc21", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-12-21T08:17:52", "bulletinFamily": "unix", "cvelist": ["CVE-2014-0103", "CVE-2014-9465"], "description": "The Zarafa Collaboration Platform is a Microsoft Exchange replacement. The Open Source Collaboration provides an integration with your existing Linux mail server, native mobile phone support by ActiveSync compatibility and a webaccess with 'Look & Feel' similar to Outlook using Ajax. Including an IMAP and a POP3 gateway as well as an iCal/CalDAV gateway, the Zarafa Open Source Collaboration can combine the usability with the stability and the flexibility of a Linux server. The proven Zarafa groupware solution is using MAPI objects, provides a MAPI client library as well as programming interfaces for C++, PHP and Python. The other Zarafa related packages need to be installed to gain all features and benefits of the Zarafa Collaboration Platform (ZCP). ", "modified": "2015-04-27T08:48:07", "published": "2015-04-27T08:48:07", "id": "FEDORA:EB89060918C0", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 20 Update: zarafa-7.1.12-1.fc20", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "openvas": [{"lastseen": "2019-05-29T18:36:21", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-0103", "CVE-2015-3436"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2015-06-09T00:00:00", "id": "OPENVAS:1361412562310869400", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310869400", "type": "openvas", "title": "Fedora Update for zarafa FEDORA-2015-8487", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for zarafa FEDORA-2015-8487\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.869400\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2015-06-09 10:51:34 +0200 (Tue, 09 Jun 2015)\");\n script_cve_id(\"CVE-2015-3436\", \"CVE-2014-0103\");\n script_tag(name:\"cvss_base\", value:\"6.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:N/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for zarafa FEDORA-2015-8487\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'zarafa'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"zarafa on Fedora 21\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2015-8487\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2015-June/159497.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC21\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC21\")\n{\n\n if ((res = isrpmvuln(pkg:\"zarafa\", rpm:\"zarafa~7.1.12~2.fc21\", rls:\"FC21\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.6, "vector": "AV:L/AC:L/Au:N/C:N/I:C/A:C"}}, {"lastseen": "2019-05-29T18:37:14", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-0103"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2014-07-28T00:00:00", "id": "OPENVAS:1361412562310868041", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310868041", "type": "openvas", "title": "Fedora Update for zarafa FEDORA-2014-7896", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for zarafa FEDORA-2014-7896\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.868041\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2014-07-28 16:28:12 +0530 (Mon, 28 Jul 2014)\");\n script_cve_id(\"CVE-2014-0103\");\n script_tag(name:\"cvss_base\", value:\"2.1\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:P/I:N/A:N\");\n script_name(\"Fedora Update for zarafa FEDORA-2014-7896\");\n script_tag(name:\"affected\", value:\"zarafa on Fedora 20\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"FEDORA\", value:\"2014-7896\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2014-July/136033.html\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'zarafa'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC20\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC20\")\n{\n\n if ((res = isrpmvuln(pkg:\"zarafa\", rpm:\"zarafa~7.1.10~2.fc20\", rls:\"FC20\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2019-05-29T18:37:26", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-0103"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2014-07-28T00:00:00", "id": "OPENVAS:1361412562310868032", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310868032", "type": "openvas", "title": "Fedora Update for zarafa FEDORA-2014-7889", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for zarafa FEDORA-2014-7889\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.868032\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2014-07-28 16:27:34 +0530 (Mon, 28 Jul 2014)\");\n script_cve_id(\"CVE-2014-0103\");\n script_tag(name:\"cvss_base\", value:\"2.1\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:P/I:N/A:N\");\n script_name(\"Fedora Update for zarafa FEDORA-2014-7889\");\n script_tag(name:\"affected\", value:\"zarafa on Fedora 19\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"FEDORA\", value:\"2014-7889\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2014-July/136044.html\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'zarafa'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC19\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC19\")\n{\n\n if ((res = isrpmvuln(pkg:\"zarafa\", rpm:\"zarafa~7.1.10~2.fc19\", rls:\"FC19\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2019-05-29T18:36:24", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-3436"], "description": "This host is installed with Zarafa\n Collaboration Platform and is prone to a arbitrary file access\n vulnerability.", "modified": "2018-10-12T00:00:00", "published": "2015-07-03T00:00:00", "id": "OPENVAS:1361412562310805708", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310805708", "type": "openvas", "title": "Zarafa Collaboration Platform Arbitrary File Access Vulnerability", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_zarafa_collab_plat_arbit_file_acc_vuln.nasl 2015-06-25 10:20:28 +0530 Jun$\n#\n# Zarafa Collaboration Platform Arbitrary File Access Vulnerability\n#\n# Authors:\n# Deependra Bapna <bdeepednra@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2015 Greenbone Networks GmbH http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:zarafa:zarafa_collaboration_platform\";\n\nif (description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.805708\");\n script_version(\"$Revision: 11872 $\");\n script_tag(name:\"cvss_base\", value:\"6.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:N/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-12 13:22:41 +0200 (Fri, 12 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2015-07-03 15:19:25 +0530 (Fri, 03 Jul 2015)\");\n script_tag(name:\"qod_type\", value:\"remote_banner\");\n script_cve_id(\"CVE-2015-3436\");\n script_name(\"Zarafa Collaboration Platform Arbitrary File Access Vulnerability\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Zarafa\n Collaboration Platform and is prone to a arbitrary file access\n vulnerability.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The flaw is due to\n 'provider/server/ECServer.cpp' allows local users to write to arbitrary\n files via a symlink attack on '/tmp/zarafa-upgrade-lock'\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow an\n attacker to retrieve or delete arbitrary files, which may aid in further\n attacks.\");\n\n script_tag(name:\"affected\", value:\"Zarafa Collaboration Platform (ZCP)\n before 7.1.13 and 7.2.x before 7.2.1\");\n\n script_tag(name:\"solution\", value:\"Upgrade to 7.1.13 or 7.2.1 or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name:\"URL\", value:\"https://jira.zarafa.com/browse/ZCP-13282\");\n script_xref(name:\"URL\", value:\"http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159497.html\");\n\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_category(ACT_GATHER_INFO);\n script_family(\"Web application abuses\");\n script_dependencies(\"gb_zarafa_webapp_detect.nasl\");\n script_require_ports(\"Services/www\", 80);\n script_mandatory_keys(\"zarafa_zcp/installed\");\n\n script_xref(name:\"URL\", value:\"https://www.zarafa.com\");\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!zcpPort = get_app_port(cpe:CPE)){\n exit(0);\n}\n\nif(!zcpVer = get_app_version(cpe:CPE, port:zcpPort)){\n exit(0);\n}\n\nif(version_is_less(version:zcpVer, test_version:\"7.1.13\"))\n{\n fix = \"7.1.13\";\n vuln = TRUE;\n}\n\nif(zcpVer =~ \"^7\\.2\")\n{\n if(version_is_less(version:zcpVer, test_version:\"7.2.1\"))\n {\n fix = \"7.2.1\";\n vuln = TRUE;\n }\n}\n\nif(vuln)\n{\n report = 'Installed Version: ' + zcpVer + '\\n' +\n 'Fixed Version: ' + fix + '\\n';\n security_message(data:report, port:zcpPort);\n exit(0);\n}\n\nexit(99);", "cvss": {"score": 6.6, "vector": "AV:L/AC:L/Au:N/C:N/I:C/A:C"}}, {"lastseen": "2019-05-29T18:36:25", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-0103", "CVE-2014-9465"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2015-04-28T00:00:00", "id": "OPENVAS:1361412562310869303", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310869303", "type": "openvas", "title": "Fedora Update for zarafa FEDORA-2015-5823", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for zarafa FEDORA-2015-5823\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.869303\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2015-04-28 05:16:24 +0200 (Tue, 28 Apr 2015)\");\n script_cve_id(\"CVE-2014-0103\", \"CVE-2014-9465\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for zarafa FEDORA-2015-5823\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'zarafa'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"zarafa on Fedora 21\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2015-5823\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2015-April/156112.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC21\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC21\")\n{\n\n if ((res = isrpmvuln(pkg:\"zarafa\", rpm:\"zarafa~7.1.12~1.fc21\", rls:\"FC21\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:36:19", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-0103", "CVE-2014-9465"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2015-04-28T00:00:00", "id": "OPENVAS:1361412562310869306", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310869306", "type": "openvas", "title": "Fedora Update for zarafa FEDORA-2015-5864", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for zarafa FEDORA-2015-5864\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.869306\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2015-04-28 05:16:32 +0200 (Tue, 28 Apr 2015)\");\n script_cve_id(\"CVE-2014-0103\", \"CVE-2014-9465\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for zarafa FEDORA-2015-5864\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'zarafa'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"zarafa on Fedora 20\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2015-5864\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2015-April/156228.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC20\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC20\")\n{\n\n if ((res = isrpmvuln(pkg:\"zarafa\", rpm:\"zarafa~7.1.12~1.fc20\", rls:\"FC20\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "nessus": [{"lastseen": "2021-01-12T10:12:58", "description": "Zarafa Collaboration Platform 7.1.10 final [44973]\n==================================================\n\nGeneral\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 13, "published": "2014-07-28T00:00:00", "title": "Fedora 20 : zarafa-7.1.10-2.fc20 (2014-7896)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-0103"], "modified": "2014-07-28T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:20", "p-cpe:/a:fedoraproject:fedora:zarafa"], "id": "FEDORA_2014-7896.NASL", "href": "https://www.tenable.com/plugins/nessus/76860", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2014-7896.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(76860);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2014-0103\");\n script_bugtraq_id(68247);\n script_xref(name:\"FEDORA\", value:\"2014-7896\");\n\n script_name(english:\"Fedora 20 : zarafa-7.1.10-2.fc20 (2014-7896)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Zarafa Collaboration Platform 7.1.10 final [44973]\n==================================================\n\nGeneral\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1073618\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2014-July/136033.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?3483339c\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected zarafa package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:zarafa\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:20\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/06/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/07/28\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^20([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 20.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC20\", reference:\"zarafa-7.1.10-2.fc20\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_note(port:0, extra:rpm_report_get());\n else security_note(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"zarafa\");\n}\n", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-01-12T10:12:58", "description": "Zarafa Collaboration Platform 7.1.10 final [44973]\n==================================================\n\nGeneral\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 13, "published": "2014-07-28T00:00:00", "title": "Fedora 19 : zarafa-7.1.10-2.fc19 (2014-7889)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-0103"], "modified": "2014-07-28T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:19", "p-cpe:/a:fedoraproject:fedora:zarafa"], "id": "FEDORA_2014-7889.NASL", "href": "https://www.tenable.com/plugins/nessus/76859", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2014-7889.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(76859);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2014-0103\");\n script_bugtraq_id(68247);\n script_xref(name:\"FEDORA\", value:\"2014-7889\");\n\n script_name(english:\"Fedora 19 : zarafa-7.1.10-2.fc19 (2014-7889)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Zarafa Collaboration Platform 7.1.10 final [44973]\n==================================================\n\nGeneral\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1073618\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2014-July/136044.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?c64d3fcb\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected zarafa package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:zarafa\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:19\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/06/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/07/28\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^19([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 19.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC19\", reference:\"zarafa-7.1.10-2.fc19\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_note(port:0, extra:rpm_report_get());\n else security_note(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"zarafa\");\n}\n", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-01-12T10:13:48", "description": " - Upgrade to 7.1.12 (re-released)\n\n - Backported patch from Zarafa 7.2 to fix CVE-2015-3436\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 17, "published": "2015-06-09T00:00:00", "title": "Fedora 20 : zarafa-7.1.12-2.fc20 (2015-8479)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-3436"], "modified": "2015-06-09T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:20", "p-cpe:/a:fedoraproject:fedora:zarafa"], "id": "FEDORA_2015-8479.NASL", "href": "https://www.tenable.com/plugins/nessus/84027", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2015-8479.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(84027);\n script_version(\"2.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2015-3436\");\n script_xref(name:\"FEDORA\", value:\"2015-8479\");\n\n script_name(english:\"Fedora 20 : zarafa-7.1.12-2.fc20 (2015-8479)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - Upgrade to 7.1.12 (re-released)\n\n - Backported patch from Zarafa 7.2 to fix CVE-2015-3436\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1222151\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2015-June/159455.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?53367ce3\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected zarafa package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:N/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:zarafa\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:20\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/05/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/06/09\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^20([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 20.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC20\", reference:\"zarafa-7.1.12-2.fc20\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"zarafa\");\n}\n", "cvss": {"score": 6.6, "vector": "AV:L/AC:L/Au:N/C:N/I:C/A:C"}}, {"lastseen": "2021-01-12T10:13:48", "description": " - Upgrade to 7.1.12 (re-released)\n\n - Backported patch from Zarafa 7.2 to fix CVE-2015-3436\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 17, "published": "2015-06-09T00:00:00", "title": "Fedora 21 : zarafa-7.1.12-2.fc21 (2015-8487)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-3436"], "modified": "2015-06-09T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:21", "p-cpe:/a:fedoraproject:fedora:zarafa"], "id": "FEDORA_2015-8487.NASL", "href": "https://www.tenable.com/plugins/nessus/84028", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2015-8487.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(84028);\n script_version(\"2.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2015-3436\");\n script_xref(name:\"FEDORA\", value:\"2015-8487\");\n\n script_name(english:\"Fedora 21 : zarafa-7.1.12-2.fc21 (2015-8487)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - Upgrade to 7.1.12 (re-released)\n\n - Backported patch from Zarafa 7.2 to fix CVE-2015-3436\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1222151\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2015-June/159497.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?baf229ee\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected zarafa package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:N/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:zarafa\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:21\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/05/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/06/09\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^21([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 21.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC21\", reference:\"zarafa-7.1.12-2.fc21\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"zarafa\");\n}\n", "cvss": {"score": 6.6, "vector": "AV:L/AC:L/Au:N/C:N/I:C/A:C"}}, {"lastseen": "2021-01-07T11:54:44", "description": "Updated zarafa packages fix security vulnerabilities :\n\nRobert Scheck reported that Zarafa's WebAccess stored session\ninformation, including login credentials, on-disk in PHP session\nfiles. This session file would contain a user's username and password\nto the Zarafa IMAP server (CVE-2014-0103).\n\nRobert Scheck discovered that the Zarafa Collaboration Platform has\nmultiple incorrect default permissions (CVE-2014-5447, CVE-2014-5448,\nCVE-2014-5449, CVE-2014-5450).", "edition": 25, "published": "2014-09-25T00:00:00", "title": "Mandriva Linux Security Advisory : zarafa (MDVSA-2014:182)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-5450", "CVE-2014-0103", "CVE-2014-5447", "CVE-2014-5449", "CVE-2014-5448"], "modified": "2014-09-25T00:00:00", "cpe": ["p-cpe:/a:mandriva:linux:zarafa-dagent", "p-cpe:/a:mandriva:linux:zarafa-common", "p-cpe:/a:mandriva:linux:zarafa-ical", "cpe:/o:mandriva:business_server:1", "p-cpe:/a:mandriva:linux:zarafa-indexer", "p-cpe:/a:mandriva:linux:zarafa-server", "p-cpe:/a:mandriva:linux:zarafa-client", "p-cpe:/a:mandriva:linux:lib64zarafa-devel", "p-cpe:/a:mandriva:linux:zarafa-spooler", "p-cpe:/a:mandriva:linux:zarafa-monitor", "p-cpe:/a:mandriva:linux:python-MAPI", "p-cpe:/a:mandriva:linux:zarafa", "p-cpe:/a:mandriva:linux:lib64zarafa0", "p-cpe:/a:mandriva:linux:zarafa-archiver", "p-cpe:/a:mandriva:linux:zarafa-webaccess", "p-cpe:/a:mandriva:linux:php-mapi", "p-cpe:/a:mandriva:linux:zarafa-gateway", "p-cpe:/a:mandriva:linux:zarafa-caldav", "p-cpe:/a:mandriva:linux:zarafa-utils"], "id": "MANDRIVA_MDVSA-2014-182.NASL", "href": "https://www.tenable.com/plugins/nessus/77839", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2014:182. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(77839);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2014-0103\", \"CVE-2014-5447\", \"CVE-2014-5448\", \"CVE-2014-5449\", \"CVE-2014-5450\");\n script_bugtraq_id(68247, 69362, 69365, 69369, 69370);\n script_xref(name:\"MDVSA\", value:\"2014:182\");\n\n script_name(english:\"Mandriva Linux Security Advisory : zarafa (MDVSA-2014:182)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated zarafa packages fix security vulnerabilities :\n\nRobert Scheck reported that Zarafa's WebAccess stored session\ninformation, including login credentials, on-disk in PHP session\nfiles. This session file would contain a user's username and password\nto the Zarafa IMAP server (CVE-2014-0103).\n\nRobert Scheck discovered that the Zarafa Collaboration Platform has\nmultiple incorrect default permissions (CVE-2014-5447, CVE-2014-5448,\nCVE-2014-5449, CVE-2014-5450).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://advisories.mageia.org/MGASA-2014-0380.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64zarafa-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64zarafa0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-mapi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:python-MAPI\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:zarafa\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:zarafa-archiver\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:zarafa-caldav\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:zarafa-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:zarafa-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:zarafa-dagent\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:zarafa-gateway\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:zarafa-ical\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:zarafa-indexer\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:zarafa-monitor\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:zarafa-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:zarafa-spooler\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:zarafa-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:zarafa-webaccess\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:business_server:1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/09/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/09/25\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"lib64zarafa-devel-7.1.8-1.1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"lib64zarafa0-7.1.8-1.1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"php-mapi-7.1.8-1.1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"python-MAPI-7.1.8-1.1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"zarafa-7.1.8-1.1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"zarafa-archiver-7.1.8-1.1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"zarafa-caldav-7.1.8-1.1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"zarafa-client-7.1.8-1.1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"zarafa-common-7.1.8-1.1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"zarafa-dagent-7.1.8-1.1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"zarafa-gateway-7.1.8-1.1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"zarafa-ical-7.1.8-1.1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"zarafa-indexer-7.1.8-1.1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"zarafa-monitor-7.1.8-1.1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"zarafa-server-7.1.8-1.1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"zarafa-spooler-7.1.8-1.1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"zarafa-utils-7.1.8-1.1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", reference:\"zarafa-webaccess-7.1.8-1.1.mbs1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_note(port:0, extra:rpm_report_get());\n else security_note(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:54", "bulletinFamily": "software", "cvelist": ["CVE-2014-5450", "CVE-2014-0103", "CVE-2014-5447", "CVE-2014-5449", "CVE-2014-5448"], "description": "\r\n\r\n-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n _______________________________________________________________________\r\n\r\n Mandriva Linux Security Advisory MDVSA-2014:182\r\n http://www.mandriva.com/en/support/security/\r\n _______________________________________________________________________\r\n\r\n Package : zarafa\r\n Date : September 24, 2014\r\n Affected: Business Server 1.0\r\n _______________________________________________________________________\r\n\r\n Problem Description:\r\n\r\n Updated zarafa packages fix security vulnerabilities:\r\n \r\n Robert Scheck reported that Zarafa's WebAccess stored session\r\n information, including login credentials, on-disk in PHP session\r\n files. This session file would contain a user's username and password\r\n to the Zarafa IMAP server (CVE-2014-0103).\r\n \r\n Robert Scheck discovered that the Zarafa Collaboration Platform has\r\n multiple incorrect default permissions (CVE-2014-5447, CVE-2014-5448,\r\n CVE-2014-5449, CVE-2014-5450).\r\n _______________________________________________________________________\r\n\r\n References:\r\n\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0103\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5447\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5448\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5449\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5450\r\n http://advisories.mageia.org/MGASA-2014-0380.html\r\n _______________________________________________________________________\r\n\r\n Updated Packages:\r\n\r\n Mandriva Business Server 1/X86_64:\r\n b574e9d3829a2083e0ab6f18f0c03d6e mbs1/x86_64/lib64zarafa0-7.1.8-1.1.mbs1.x86_64.rpm\r\n 3428bccf076a0415a5fcd3a8711d954c mbs1/x86_64/lib64zarafa-devel-7.1.8-1.1.mbs1.x86_64.rpm\r\n 3008870b6138647ece3e000f36b6e964 mbs1/x86_64/php-mapi-7.1.8-1.1.mbs1.x86_64.rpm\r\n e40348366d018a89a729ee4301c957c4 mbs1/x86_64/python-MAPI-7.1.8-1.1.mbs1.x86_64.rpm\r\n 48d737652190a274fabdcf2f6d2718ff mbs1/x86_64/zarafa-7.1.8-1.1.mbs1.x86_64.rpm\r\n 6e19f61e06ea0636e60457557217780e mbs1/x86_64/zarafa-archiver-7.1.8-1.1.mbs1.x86_64.rpm\r\n dd43d8a343ca593d19c38bfd99b4a933 mbs1/x86_64/zarafa-caldav-7.1.8-1.1.mbs1.x86_64.rpm\r\n 07caaec38f12734fa485ec5ac58108f2 mbs1/x86_64/zarafa-client-7.1.8-1.1.mbs1.x86_64.rpm\r\n 8201924f8a2021a34bf74ccfd6ec576f mbs1/x86_64/zarafa-common-7.1.8-1.1.mbs1.x86_64.rpm\r\n 066260bb283e280e1d2674047816b30b mbs1/x86_64/zarafa-dagent-7.1.8-1.1.mbs1.x86_64.rpm\r\n e583d4796a6d98723b4f18bca47744b3 mbs1/x86_64/zarafa-gateway-7.1.8-1.1.mbs1.x86_64.rpm\r\n 8b41c886437edce1eb583b91a43971f8 mbs1/x86_64/zarafa-ical-7.1.8-1.1.mbs1.x86_64.rpm\r\n 1347c9d77b5ea8a72ddc13cb94ddb3c1 mbs1/x86_64/zarafa-indexer-7.1.8-1.1.mbs1.x86_64.rpm\r\n 581ffb74503a3303782a10935ccc27e0 mbs1/x86_64/zarafa-monitor-7.1.8-1.1.mbs1.x86_64.rpm\r\n ee7a4afd5c4d9a13bc63922555c507e7 mbs1/x86_64/zarafa-server-7.1.8-1.1.mbs1.x86_64.rpm\r\n 415c6fac59aff2dbfbe61087242d1aa6 mbs1/x86_64/zarafa-spooler-7.1.8-1.1.mbs1.x86_64.rpm\r\n 1c3d37d1beea23d73b84fd76bce47fdc mbs1/x86_64/zarafa-utils-7.1.8-1.1.mbs1.x86_64.rpm\r\n d31a060121669abda9d720f4991094bf mbs1/x86_64/zarafa-webaccess-7.1.8-1.1.mbs1.noarch.rpm \r\n 00d2043f190032f6a624e0721d29242f mbs1/SRPMS/zarafa-7.1.8-1.1.mbs1.src.rpm\r\n _______________________________________________________________________\r\n\r\n To upgrade automatically use MandrivaUpdate or urpmi. The verification\r\n of md5 checksums and GPG signatures is performed automatically for you.\r\n\r\n All packages are signed by Mandriva for security. You can obtain the\r\n GPG public key of the Mandriva Security Team by executing:\r\n\r\n gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\r\n\r\n You can view other update advisories for Mandriva Linux at:\r\n\r\n http://www.mandriva.com/en/support/security/advisories/\r\n\r\n If you want to report vulnerabilities, please contact\r\n\r\n security_(at)_mandriva.com\r\n _______________________________________________________________________\r\n\r\n Type Bits/KeyID Date User ID\r\n pub 1024D/22458A98 2000-07-10 Mandriva Security Team\r\n <security*mandriva.com>\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.12 (GNU/Linux)\r\n\r\niD8DBQFUIs4hmqjQ0CJFipgRAvRCAJ4wDpxAVuBlFOSSzqskGMG6pKHOzACcDNzl\r\n52oiDTAmeLxW4yTgFVIANrM=\r\n=/D7b\r\n-----END PGP SIGNATURE-----\r\n\r\n", "edition": 1, "modified": "2014-10-14T00:00:00", "published": "2014-10-14T00:00:00", "id": "SECURITYVULNS:DOC:31201", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:31201", "title": "[ MDVSA-2014:182 ] zarafa", "type": "securityvulns", "cvss": {"score": 2.1, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2018-08-31T11:09:57", "bulletinFamily": "software", "cvelist": ["CVE-2014-4958", "CVE-2014-5450", "CVE-2014-4737", "CVE-2014-5516", "CVE-2014-5375", "CVE-2014-7138", "CVE-2014-5258", "CVE-2014-6035", "CVE-2014-4735", "CVE-2014-6300", "CVE-2014-4954", "CVE-2014-4986", "CVE-2014-0103", "CVE-2014-5447", "CVE-2014-6034", "CVE-2014-4955", "CVE-2014-5451", "CVE-2014-5259", "CVE-2014-4348", "CVE-2014-4349", "CVE-2014-6036", "CVE-2014-7217", "CVE-2014-6243", "CVE-2014-6242", "CVE-2014-5376", "CVE-2014-1608", "CVE-2014-5273", "CVE-2014-5300", "CVE-2014-6315", "CVE-2014-5297", "CVE-2014-5449", "CVE-2014-5448", "CVE-2014-5460", "CVE-2014-4987", "CVE-2014-7295", "CVE-2014-1609", "CVE-2014-5274", "CVE-2014-7139", "CVE-2014-5298"], "description": "PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.", "edition": 1, "modified": "2014-10-14T00:00:00", "published": "2014-10-14T00:00:00", "id": "SECURITYVULNS:VULN:14008", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:14008", "title": "Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)", "type": "securityvulns", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}]}