Gentoo Security Advisory GLSA 200604-05 (doomsday)

Gentoo Security Advisory GLSA 200604-05 (doomsday) Format string vulnerabilities in Doomsday may lead to the execution of arbitrary code. Doomsday has been masked in Portage pending the resolution of these issues. All Doomsday users are advised to uninstall the package until further notice

Reporter	Title	Published	Views	Family All 7
CVE	CVE-2006-1618	5 Apr 200610:00	–	cve
Cvelist	CVE-2006-1618	5 Apr 200610:00	–	cvelist
Tenable Nessus	GLSA-200604-05 : Doomsday: Format string vulnerability	8 Apr 200600:00	–	nessus
Gentoo Linux	Doomsday: Format string vulnerability	6 Apr 200600:00	–	gentoo
NVD	CVE-2006-1618	5 Apr 200610:04	–	nvd
OpenVAS	Gentoo Security Advisory GLSA 200604-05 (doomsday)	24 Sep 200800:00	–	openvas
Prion	Format string	5 Apr 200610:04	–	prion

# OpenVAS Vulnerability Test
# $
# Description: Auto generated from Gentoo's XML based advisory
#
# Authors:
# Thomas Reinke <[email protected]>
#
# Copyright:
# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com
# Text descriptions are largely excerpted from the referenced
# advisories, and are Copyright (c) the respective author(s)
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2,
# as published by the Free Software Foundation
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
#

include("revisions-lib.inc");
tag_insight = "Format string vulnerabilities in Doomsday may lead to the execution of
arbitrary code.";
tag_solution = "Doomsday has been masked in Portage pending the resolution of these issues.
All Doomsday users are advised to uninstall the package until further
notice.

    # emerge --ask --verbose --unmerge games-fps/doomsday

http://www.securityspace.com/smysecure/catid.html?in=GLSA%20200604-05
http://bugs.gentoo.org/show_bug.cgi?id=128690
http://aluigi.altervista.org/adv/doomsdayfs-adv.txt";
tag_summary = "The remote host is missing updates announced in
advisory GLSA 200604-05.";

                                                                                

if(description)
{
 script_id(56559);
 script_version("$Revision: 6596 $");
 script_tag(name:"last_modification", value:"$Date: 2017-07-07 11:21:37 +0200 (Fri, 07 Jul 2017) $");
 script_tag(name:"creation_date", value:"2008-09-24 21:14:03 +0200 (Wed, 24 Sep 2008)");
 script_bugtraq_id(17369);
 script_cve_id("CVE-2006-1618");
 script_tag(name:"cvss_base", value:"7.5");
 script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:P/I:P/A:P");
 script_name("Gentoo Security Advisory GLSA 200604-05 (doomsday)");



 script_category(ACT_GATHER_INFO);

 script_copyright("Copyright (c) 2006 E-Soft Inc. http://www.securityspace.com");
 script_family("Gentoo Local Security Checks");
 script_dependencies("gather-package-list.nasl");
 script_mandatory_keys("ssh/login/gentoo", "ssh/login/pkg");
 script_tag(name : "insight" , value : tag_insight);
 script_tag(name : "solution" , value : tag_solution);
 script_tag(name : "summary" , value : tag_summary);
 script_tag(name:"qod_type", value:"package");
 script_tag(name:"solution_type", value:"VendorFix");
 exit(0);
}

#
# The script code starts here
#

include("pkg-lib-gentoo.inc");

res = "";
report = "";
if ((res = ispkgvuln(pkg:"games-fps/doomsday", unaffected: make_list(), vulnerable: make_list("le 1.8.6-r1"))) != NULL) {
    report += res;
}

if (report != "") {
    security_message(data:report);
} else if (__pkg_match) {
    exit(99); # Not vulnerable.
}

07 Jul 2017 00:00Current

0.1Low risk

Vulners AI Score0.1

EPSS0.26404