Search...

Fedora Update for chicken FEDORA-2015-10333

2015-07-07T00:00:00

ID OPENVAS:1361412562310869522
Type openvas
Reporter Copyright (C) 2015 Greenbone Networks GmbH
Modified 2017-07-10T00:00:00

Description

Check the version of chicken

                                        
                                            ###############################################################################
# OpenVAS Vulnerability Test
#
# Fedora Update for chicken FEDORA-2015-10333
#
# Authors:
# System Generated Check
#
# Copyright:
# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2
# (or any later version), as published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################

if(description)
{
  script_oid("1.3.6.1.4.1.25623.1.0.869522");
  script_version("$Revision: 6630 $");
  script_tag(name:"last_modification", value:"$Date: 2017-07-10 08:34:32 +0200 (Mon, 10 Jul 2017) $");
  script_tag(name:"creation_date", value:"2015-07-07 06:22:14 +0200 (Tue, 07 Jul 2015)");
  script_cve_id("CVE-2015-4556");
  script_tag(name:"cvss_base", value:"5.0");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:N/I:N/A:P");
  script_tag(name:"qod_type", value:"package");
  script_name("Fedora Update for chicken FEDORA-2015-10333");
  script_tag(name: "summary", value: "Check the version of chicken");
  script_tag(name: "vuldetect", value: "Get the installed version with the help
of detect NVT and check if the version is vulnerable or not.");
  script_tag(name: "insight", value: "CHICKEN is a compiler for the Scheme
programming language. CHICKEN produces portable, efficient C, supports almost
all of the R5RS Scheme language standard, and includes many enhancements and
extensions.
");
  script_tag(name: "affected", value: "chicken on Fedora 22");
  script_tag(name: "solution", value: "Please Install the Updated Packages.");
  script_xref(name: "FEDORA", value: "2015-10333");
  script_xref(name: "URL" , value: "https://lists.fedoraproject.org/pipermail/package-announce/2015-June/160940.html");
  script_tag(name:"solution_type", value:"VendorFix");
  script_category(ACT_GATHER_INFO);
  script_copyright("Copyright (C) 2015 Greenbone Networks GmbH");
  script_family("Fedora Local Security Checks");
  script_dependencies("gather-package-list.nasl");
  script_mandatory_keys("ssh/login/fedora", "ssh/login/rpms");
  exit(0);
}

include("revisions-lib.inc");
include("pkg-lib-rpm.inc");

release = get_kb_item("ssh/login/release");

res = "";
if(release == NULL){
  exit(0);
}

if(release == "FC22")
{

  if ((res = isrpmvuln(pkg:"chicken", rpm:"chicken~4.9.0.1~4.fc22", rls:"FC22")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if (__pkg_match) exit(99); # Not vulnerable.
  exit(0);
}

JSON Vulners Source

Initial Source

{"bulletinFamily": "scanner", "viewCount": 0, "naslFamily": "Fedora Local Security Checks", "reporter": "Copyright (C) 2015 Greenbone Networks GmbH", "references": ["2015-10333", "https://lists.fedoraproject.org/pipermail/package-announce/2015-June/160940.html"], "description": "Check the version of chicken", "hashmap": [{"key": "bulletinFamily", "hash": "bbdaea376f500d25f6b0c1050311dd07"}, {"key": "cvelist", "hash": "79bff72ae9aa7fdd27a257ed21d070ce"}, {"key": "cvss", "hash": "84813b1457b92d6ba1174abffbb83a2f"}, {"key": "description", "hash": "bdd88f7a26720133d42056b3b1507db4"}, {"key": "href", "hash": "600ac81971da431781d6dda30b618e5e"}, {"key": "modified", "hash": "0d134bf170d66438eb1e01173ee0187f"}, {"key": "naslFamily", "hash": "be931514784f88df80712740ad2723e7"}, {"key": "pluginID", "hash": "68e1295f0f3e42ba1aab0a6a5f9b2c7c"}, {"key": "published", "hash": "98e1726588eb7bfcf1fed98c3f9b3f3e"}, {"key": "references", "hash": "d5d40e5a6b22b8db682da89fc30eb016"}, {"key": "reporter", "hash": "1e898993712db5cf9f9a110102684025"}, {"key": "sourceData", "hash": "e1138f4d8a0d4c3310e71067dce8ebd4"}, {"key": "title", "hash": "1ba18724af7388cd2941d3b8db7539ff"}, {"key": "type", "hash": "47c1f692ea47a21f716dad07043ade01"}], "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310869522", "modified": "2017-07-10T00:00:00", "objectVersion": "1.3", "enchantments": {"vulnersScore": 7.5}, "id": "OPENVAS:1361412562310869522", "title": "Fedora Update for chicken FEDORA-2015-10333", "hash": "34357ae641a7a9b246f06416f4d792a9019cab7e87a179ec1afcfef6c5792f39", "edition": 2, "published": "2015-07-07T00:00:00", "type": "openvas", "history": [{"lastseen": "2017-07-02T21:11:37", "bulletin": {"hash": "027c0d5aeebd32f660ddb7d3202ac98316db43740b2fea46513212cd9b732c9d", "viewCount": 0, "reporter": "Copyright (C) 2015 Greenbone Networks GmbH", "references": ["2015-10333", "https://lists.fedoraproject.org/pipermail/package-announce/2015-June/160940.html"], "description": "Check the version of chicken", "hashmap": [{"key": "published", "hash": "98e1726588eb7bfcf1fed98c3f9b3f3e"}, {"key": "pluginID", "hash": "68e1295f0f3e42ba1aab0a6a5f9b2c7c"}, {"key": "references", "hash": "d5d40e5a6b22b8db682da89fc30eb016"}, {"key": "title", "hash": "1ba18724af7388cd2941d3b8db7539ff"}, {"key": "sourceData", "hash": "44e46f8cc04366afddc92b37fadba8f3"}, {"key": "type", "hash": "47c1f692ea47a21f716dad07043ade01"}, {"key": "modified", "hash": "d334465e631b14419b211452e7a9902b"}, {"key": "bulletinFamily", "hash": "bbdaea376f500d25f6b0c1050311dd07"}, {"key": "naslFamily", "hash": "be931514784f88df80712740ad2723e7"}, {"key": "cvss", "hash": "84813b1457b92d6ba1174abffbb83a2f"}, {"key": "description", "hash": "bdd88f7a26720133d42056b3b1507db4"}, {"key": "reporter", "hash": "1e898993712db5cf9f9a110102684025"}, {"key": "href", "hash": "600ac81971da431781d6dda30b618e5e"}, {"key": "cvelist", "hash": "79bff72ae9aa7fdd27a257ed21d070ce"}], "naslFamily": "Fedora Local Security Checks", "modified": "2017-05-17T00:00:00", "objectVersion": "1.3", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310869522", "published": "2015-07-07T00:00:00", "enchantments": {}, "id": "OPENVAS:1361412562310869522", "title": "Fedora Update for chicken FEDORA-2015-10333", "bulletinFamily": "scanner", "edition": 1, "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for chicken FEDORA-2015-10333\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.869522\");\n script_version(\"$Revision: 6141 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-05-17 11:03:37 +0200 (Wed, 17 May 2017) $\");\n script_tag(name:\"creation_date\", value:\"2015-07-07 06:22:14 +0200 (Tue, 07 Jul 2015)\");\n script_cve_id(\"CVE-2015-4556\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for chicken FEDORA-2015-10333\");\n script_tag(name: \"summary\", value: \"Check the version of chicken\");\n script_tag(name: \"vuldetect\", value: \"Get the installed version with the help\nof detect NVT and check if the version is vulnerable or not.\");\n script_tag(name: \"insight\", value: \"CHICKEN is a compiler for the Scheme\nprogramming language. CHICKEN produces portable, efficient C, supports almost\nall of the R5RS Scheme language standard, and includes many enhancements and\nextensions.\n\");\n script_tag(name: \"affected\", value: \"chicken on Fedora 22\");\n script_tag(name: \"solution\", value: \"Please Install the Updated Packages.\");\n script_xref(name: \"FEDORA\", value: \"2015-10333\");\n script_xref(name: \"URL\" , value: \"https://lists.fedoraproject.org/pipermail/package-announce/2015-June/160940.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"HostDetails/OS/cpe:/o:fedoraproject:fedora\", \"login/SSH/success\", \"ssh/login/release\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC22\")\n{\n\n if ((res = isrpmvuln(pkg:\"chicken\", rpm:\"chicken~4.9.0.1~4.fc22\", rls:\"FC22\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "type": "openvas", "history": [], "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "cvelist": ["CVE-2015-4556"], "lastseen": "2017-07-02T21:11:37", "pluginID": "1361412562310869522"}, "differentElements": ["modified", "sourceData"], "edition": 1}], "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "cvelist": ["CVE-2015-4556"], "lastseen": "2017-07-25T10:52:31", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for chicken FEDORA-2015-10333\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.869522\");\n script_version(\"$Revision: 6630 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:34:32 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2015-07-07 06:22:14 +0200 (Tue, 07 Jul 2015)\");\n script_cve_id(\"CVE-2015-4556\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for chicken FEDORA-2015-10333\");\n script_tag(name: \"summary\", value: \"Check the version of chicken\");\n script_tag(name: \"vuldetect\", value: \"Get the installed version with the help\nof detect NVT and check if the version is vulnerable or not.\");\n script_tag(name: \"insight\", value: \"CHICKEN is a compiler for the Scheme\nprogramming language. CHICKEN produces portable, efficient C, supports almost\nall of the R5RS Scheme language standard, and includes many enhancements and\nextensions.\n\");\n script_tag(name: \"affected\", value: \"chicken on Fedora 22\");\n script_tag(name: \"solution\", value: \"Please Install the Updated Packages.\");\n script_xref(name: \"FEDORA\", value: \"2015-10333\");\n script_xref(name: \"URL\" , value: \"https://lists.fedoraproject.org/pipermail/package-announce/2015-June/160940.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC22\")\n{\n\n if ((res = isrpmvuln(pkg:\"chicken\", rpm:\"chicken~4.9.0.1~4.fc22\", rls:\"FC22\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "pluginID": "1361412562310869522"}

{"result": {"cve": [{"id": "CVE-2015-4556", "type": "cve", "title": "CVE-2015-4556", "description": "The string-translate* procedure in the data-structures unit in CHICKEN before 4.10.0 allows remote attackers to cause a denial of service (crash).", "published": "2017-03-29T10:59:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-4556", "cvelist": ["CVE-2015-4556"], "lastseen": "2017-07-01T10:43:27"}], "nessus": [{"id": "FEDORA_2015-10165.NASL", "type": "nessus", "title": "Fedora 21 : chicken-4.9.0.1-4.fc21 (2015-10165)", "description": "Apply patch to work around out of bounds bug: BZ 1231871.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "published": "2015-06-30T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=84455", "cvelist": ["CVE-2015-4556"], "lastseen": "2018-01-31T06:55:44"}, {"id": "FEDORA_2015-10333.NASL", "type": "nessus", "title": "Fedora 22 : chicken-4.9.0.1-4.fc22 (2015-10333)", "description": "Apply patch to work around out of bounds bug: BZ 1231871.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "published": "2015-06-30T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=84459", "cvelist": ["CVE-2015-4556"], "lastseen": "2018-01-31T07:06:15"}, {"id": "FREEBSD_PKG_0DA404AD189111E5A1CF002590263BF5.NASL", "type": "nessus", "title": "FreeBSD : chicken -- Potential buffer overrun in string-translate* (0da404ad-1891-11e5-a1cf-002590263bf5)", "description": "chicken developer Peter Bex reports :\n\nUsing gcc's Address Sanitizer, it was discovered that the string-translate* procedure from the data-structures unit can scan beyond the input string's length up to the length of the source strings in the map that's passed to string-translate*. This issue was fixed in master 8a46020, and it will make its way into CHICKEN 4.10.\n\nThis bug is present in all released versions of CHICKEN.", "published": "2015-06-23T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=84321", "cvelist": ["CVE-2015-4556"], "lastseen": "2018-02-01T02:57:42"}, {"id": "GENTOO_GLSA-201612-54.NASL", "type": "nessus", "title": "GLSA-201612-54 : Chicken: Multiple vulnerabilities", "description": "The remote host is affected by the vulnerability described in GLSA-201612-54 (Chicken: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in Chicken. Please review the CVE identifiers referenced below for details.\n Impact :\n\n A remote attacker could possibly execute arbitrary code with the privileges of the process, or cause a Denial of Service condition.\n Workaround :\n\n There is no known workaround at this time.", "published": "2017-01-03T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=96229", "cvelist": ["CVE-2013-2024", "CVE-2014-9651", "CVE-2014-3776", "CVE-2013-4385", "CVE-2015-4556"], "lastseen": "2018-01-27T03:03:52"}], "openvas": [{"id": "OPENVAS:1361412562310869473", "type": "openvas", "title": "Fedora Update for chicken FEDORA-2015-10165", "description": "Check the version of chicken", "published": "2015-06-30T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310869473", "cvelist": ["CVE-2015-4556"], "lastseen": "2017-07-25T10:53:26"}], "freebsd": [{"id": "0DA404AD-1891-11E5-A1CF-002590263BF5", "type": "freebsd", "title": "chicken -- Potential buffer overrun in string-translate*", "description": "\nchicken developer Peter Bex reports:\n\nUsing gcc's Address Sanitizer, it was discovered that the string-translate*\n\t procedure from the data-structures unit can scan beyond the input string's\n\t length up to the length of the source strings in the map that's passed to\n\t string-translate*.\tThis issue was fixed in master 8a46020, and it will\n\t make its way into CHICKEN 4.10.\nThis bug is present in all released versions of CHICKEN.\n\n", "published": "2015-06-15T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://vuxml.freebsd.org/freebsd/0da404ad-1891-11e5-a1cf-002590263bf5.html", "cvelist": ["CVE-2015-4556"], "lastseen": "2017-04-18T17:18:12"}], "gentoo": [{"id": "GLSA-201612-54", "type": "gentoo", "title": "Chicken: Multiple vulnerabilities", "description": "### Background\n\nChicken is a scheme interpreter and native scheme to C compiler.\n\n### Description\n\nMultiple vulnerabilities have been discovered in Chicken. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nA remote attacker could possibly execute arbitrary code with the privileges of the process, or cause a Denial of Service condition. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll Chicken users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev-scheme/chicken-4.10.0-r1\"", "published": "2016-12-31T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://security.gentoo.org/glsa/201612-54", "cvelist": ["CVE-2013-2024", "CVE-2014-9651", "CVE-2014-3776", "CVE-2013-4385", "CVE-2015-4556"], "lastseen": "2017-01-01T02:13:30"}]}}