SuSE Security Summary SUSE-SR:2009:018

2009-11-11T00:00:00

Description

The remote host is missing updates announced in advisory SUSE-SR:2009:018. SuSE Security Summaries are short on detail when it comes to the names of packages affected by a particular bug. Because of this, while this test will detect out of date packages, it cannot tell you what bugs impact which packages, or vice versa.

{"id": "OPENVAS:66215", "vendorId": null, "type": "openvas", "bulletinFamily": "scanner", "title": "SuSE Security Summary SUSE-SR:2009:018", "description": "The remote host is missing updates announced in\nadvisory SUSE-SR:2009:018. SuSE Security Summaries are short\non detail when it comes to the names of packages affected by\na particular bug. Because of this, while this test will detect\nout of date packages, it cannot tell you what bugs impact\nwhich packages, or vice versa.", "published": "2009-11-11T00:00:00", "modified": "2017-07-11T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "cvss2": {}, "cvss3": {}, "href": "http://plugins.openvas.org/nasl.php?oid=66215", "reporter": "Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com", "references": [], "cvelist": ["CVE-2009-3608", "CVE-2009-3603", "CVE-2009-3606", "CVE-2009-2408", "CVE-2009-3111", "CVE-2009-3604", "CVE-2009-3605", "CVE-2009-0689", "CVE-2008-5519", "CVE-2009-3609", "CVE-2009-3235", "CVE-2009-2473", "CVE-2009-3720", "CVE-2009-2661"], "immutableFields": [], "lastseen": "2017-07-26T08:55:30", "viewCount": 4, "enchantments": {"score": {"value": 1.4, "vector": "NONE"}, "dependencies": {"references": [{"type": "aix", "idList": ["SENDMAIL_ADVISORY.ASC"]}, {"type": "amazon", "idList": ["ALAS-2013-220", "ALAS-2013-224", "ALAS-2013-241"]}, {"type": "apple", "idList": ["APPLE:198F1AB81F91F2CEB090B4B4D49C57AD", "APPLE:9A0B3B0DFCDD94CAF1819BEC271E3754", "APPLE:HT207598", "APPLE:HT207599"]}, {"type": "centos", "idList": ["CESA-2009:0458", "CESA-2009:0480", "CESA-2009:1432", "CESA-2009:1451", "CESA-2009:1452", "CESA-2009:1459", "CESA-2009:1500", "CESA-2009:1501", "CESA-2009:1502", "CESA-2009:1503", "CESA-2009:1504", "CESA-2009:1512", "CESA-2009:1513", "CESA-2009:1530", "CESA-2009:1531", "CESA-2009:1572", "CESA-2009:1601", "CESA-2009:1625", "CESA-2010:0002", "CESA-2010:0153", "CESA-2010:0154", "CESA-2010:0399", "CESA-2010:0400", "CESA-2010:0401", "CESA-2010:0755", "CESA-2011:0491", "CESA-2011:0492", "CESA-2013:0131", "CESA-2014:0311"]}, {"type": "checkpoint_advisories", "idList": ["CPAI-2009-129", "CPAI-2009-299", "CPAI-2009-419"]}, {"type": "chrome", "idList": ["GCSA-8063279317770394009"]}, {"type": "cve", "idList": ["CVE-2008-5519", "CVE-2009-0689", "CVE-2009-1563", "CVE-2009-2408", "CVE-2009-2417", "CVE-2009-2473", "CVE-2009-2474", "CVE-2009-2510", "CVE-2009-2645", "CVE-2009-2661", "CVE-2009-2666", "CVE-2009-2700", "CVE-2009-2702", "CVE-2009-2825", "CVE-2009-3111", "CVE-2009-3235", "CVE-2009-3455", "CVE-2009-3456", "CVE-2009-3475", "CVE-2009-3477", "CVE-2009-3490", "CVE-2009-3560", "CVE-2009-3603", "CVE-2009-3604", "CVE-2009-3605", "CVE-2009-3606", "CVE-2009-3608", "CVE-2009-3609", "CVE-2009-3639", "CVE-2009-3720", "CVE-2009-3765", "CVE-2009-3767", "CVE-2009-3906", "CVE-2009-3908", "CVE-2009-3941", "CVE-2009-3942", "CVE-2009-4034", "CVE-2009-4481", "CVE-2009-4565", "CVE-2010-1192", "CVE-2010-2074", "CVE-2013-4073", "CVE-2013-4238", "CVE-2013-4248"]}, {"type": "debian", "idList": ["DEBIAN:1FAA35413D3EE8056D0787429672FFB3:8D7CC", "DEBIAN:56C805B941600C7D24189CA65B1A3471:E7DF7", "DEBIAN:779C372FA915304EFB66BDC406B3D840:AD41A", "DEBIAN:AD69D85E405F79E2E52198EA6C566B0E:8D7CC", "DEBIAN:AD69D85E405F79E2E52198EA6C566B0E:FEF73", "DEBIAN:C3198C7038C741D18B1B552AA2E029E6:20DB3", "DEBIAN:C3198C7038C741D18B1B552AA2E029E6:E7DF7", "DEBIAN:DLA-1564-1:0F78A", "DEBIAN:DLA-1564-1:E9D51", "DEBIAN:DLA-376-1:93013", "DEBIAN:DSA-1810-1:1786E", "DEBIAN:DSA-1874-1:56C30", "DEBIAN:DSA-1892-1:C9D08", "DEBIAN:DSA-1893-1:C2284", "DEBIAN:DSA-1899-1:BBC82", "DEBIAN:DSA-1977-1:4A5F0", "DEBIAN:DSA-1998-1:6C47A", "DEBIAN:DSA-2025-1:6CC79", "DEBIAN:DSA-2028-1:2EE25", "DEBIAN:DSA-2050-1:A72F5", "DEBIAN:F48D57A4E2376B98436012DB92F17BAF:AD41A"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2008-5519", "DEBIANCVE:CVE-2009-0689", "DEBIANCVE:CVE-2009-2408", "DEBIANCVE:CVE-2009-2417", "DEBIANCVE:CVE-2009-2473", "DEBIANCVE:CVE-2009-2474", "DEBIANCVE:CVE-2009-2661", "DEBIANCVE:CVE-2009-2666", "DEBIANCVE:CVE-2009-2700", "DEBIANCVE:CVE-2009-2702", "DEBIANCVE:CVE-2009-3111", "DEBIANCVE:CVE-2009-3235", "DEBIANCVE:CVE-2009-3456", "DEBIANCVE:CVE-2009-3475", "DEBIANCVE:CVE-2009-3490", "DEBIANCVE:CVE-2009-3560", "DEBIANCVE:CVE-2009-3603", "DEBIANCVE:CVE-2009-3604", "DEBIANCVE:CVE-2009-3605", "DEBIANCVE:CVE-2009-3606", "DEBIANCVE:CVE-2009-3608", "DEBIANCVE:CVE-2009-3609", "DEBIANCVE:CVE-2009-3639", "DEBIANCVE:CVE-2009-3720", "DEBIANCVE:CVE-2009-3765", "DEBIANCVE:CVE-2009-3767", "DEBIANCVE:CVE-2009-3941", "DEBIANCVE:CVE-2009-3942", "DEBIANCVE:CVE-2009-4565", "DEBIANCVE:CVE-2010-1192", "DEBIANCVE:CVE-2010-2074", "DEBIANCVE:CVE-2013-4073", "DEBIANCVE:CVE-2013-4238"]}, {"type": "exploitdb", "idList": ["EDB-ID:10184", "EDB-ID:10185", "EDB-ID:10186", "EDB-ID:10187", "EDB-ID:10380", "EDB-ID:33128"]}, {"type": "exploitpack", "idList": ["EXPLOITPACK:16C37B6C3C517D65315351878DA06F27", "EXPLOITPACK:32D2B684D6A2AB9F4EF85B2B51DAB5DC", "EXPLOITPACK:A769E84172D8627C1FB28EFC5E28E482", "EXPLOITPACK:BAEE9A0461F7CC4E4B3568E7D096BEFB", "EXPLOITPACK:D2EA9682808108DB6E2405A3FC3A4AF3"]}, {"type": "f5", "idList": ["F5:K15638", "F5:K15683", "F5:K15905", "SOL14909", "SOL15638", "SOL15683", "SOL15905"]}, {"type": "fedora", "idList": ["FEDORA:002871104A0", "FEDORA:067BC10F88E", "FEDORA:0750910F814", "FEDORA:096CB10F88B", "FEDORA:1D7C611126A", "FEDORA:27ADB10F885", "FEDORA:2AC0B10F98C", "FEDORA:3115B10F9B9", "FEDORA:447B610F919", "FEDORA:44C9610F91D", "FEDORA:4E92510F874", "FEDORA:54FFE110AAC", "FEDORA:596C8110E3F", "FEDORA:67F5610F898", "FEDORA:69BB010F888", "FEDORA:76AB410F802", "FEDORA:8C35F110968", "FEDORA:8FE6710FD45", "FEDORA:91ED410F800", "FEDORA:98D276087D46", "FEDORA:A359510F87F", "FEDORA:A6F52110B4B", "FEDORA:ADC92111243", "FEDORA:BE58D110C28", "FEDORA:BFD9E10F895", "FEDORA:C45A9110AD4", "FEDORA:C7D41110595", "FEDORA:D011110F883", "FEDORA:D9DCC10F898", "FEDORA:E114F10F87E", "FEDORA:E652B10F802", "FEDORA:EADAD10F8A3", "FEDORA:ED89410F854"]}, {"type": "freebsd", "idList": ["18449F92-AB39-11E6-8011-005056925DB4", "1B3F854B-E4BD-11DE-B276-000D8787E1BE", "49E8F2EE-8147-11DE-A994-0030843D3802", "4B3A7E70-AFCE-11E5-B864-14DAE9D210B8", "56CFE192-329F-11DF-ABB2-000F20797EDE", "5F030587-E39A-11DE-881E-001AA0166822", "6431C4DB-DEB4-11DE-9078-0030843D3802", "DD943FBB-D0FE-11DF-95A8-00219B0FC4D8", "E7BC5600-EAA0-11DE-BD9C-00215C6A37BB"]}, {"type": "gentoo", "idList": ["GLSA-200906-04", "GLSA-201110-04", "GLSA-201209-06", "GLSA-201301-01", "GLSA-201310-03"]}, {"type": "hackerone", "idList": ["H1:499"]}, {"type": "httpd", "idList": ["HTTPD:6D37F924288E2D149DC3C52135232B6E", "HTTPD:CE69C4ECDA46256846F1C251D5FB13D9"]}, {"type": "ibm", "idList": ["2D7C485C705EF6647EC2ADDB5048FDAE46343DAD18C74DA4CF56006EB314660D", "EF6337B3BE8850DC5B93DC33DA6E2610AE8AC00F05BFD07EB43C35AAAB391818"]}, {"type": "kaspersky", "idList": ["KLA10066"]}, {"type": "mageia", "idList": ["MGASA-2016-0013"]}, {"type": "mozilla", "idList": ["MFSA2009-59"]}, {"type": "nessus", "idList": ["4984.PRM", "5113.PRM", "5152.PRM", "5193.PASL", "5227.PRM", "5241.PRM", "5353.PRM", "5479.PRM", "5480.PRM", "5489.PRM", "5578.PRM", "5705.PRM", "6793.PRM", "800577.PRM", "800771.PRM", "800791.PRM", "800795.PRM", "800847.PRM", "801235.PRM", "801349.PRM", "AIX_IZ70637.NASL", "AIX_IZ72510.NASL", "AIX_IZ72515.NASL", "AIX_IZ72528.NASL", "AIX_IZ72834.NASL", "AIX_IZ72835.NASL", "AIX_IZ72836.NASL", "AIX_IZ72837.NASL", "ALA_ALAS-2013-220.NASL", "ALA_ALAS-2013-224.NASL", "ALA_ALAS-2013-241.NASL", "APACHE_2_0_64.NASL", "APACHE_2_2_17.NASL", "CENTOS_RHSA-2009-0458.NASL", "CENTOS_RHSA-2009-0480.NASL", "CENTOS_RHSA-2009-1138.NASL", "CENTOS_RHSA-2009-1431.NASL", "CENTOS_RHSA-2009-1432.NASL", "CENTOS_RHSA-2009-1451.NASL", "CENTOS_RHSA-2009-1452.NASL", "CENTOS_RHSA-2009-1459.NASL", "CENTOS_RHSA-2009-1500.NASL", "CENTOS_RHSA-2009-1501.NASL", "CENTOS_RHSA-2009-1502.NASL", "CENTOS_RHSA-2009-1503.NASL", "CENTOS_RHSA-2009-1504.NASL", "CENTOS_RHSA-2009-1512.NASL", "CENTOS_RHSA-2009-1513.NASL", "CENTOS_RHSA-2009-1530.NASL", "CENTOS_RHSA-2009-1531.NASL", "CENTOS_RHSA-2009-1572.NASL", "CENTOS_RHSA-2009-1601.NASL", "CENTOS_RHSA-2009-1625.NASL", "CENTOS_RHSA-2010-0002.NASL", "CENTOS_RHSA-2010-0153.NASL", "CENTOS_RHSA-2010-0154.NASL", "CENTOS_RHSA-2010-0399.NASL", "CENTOS_RHSA-2010-0400.NASL", "CENTOS_RHSA-2010-0401.NASL", "CENTOS_RHSA-2010-0755.NASL", "CENTOS_RHSA-2011-0491.NASL", "CENTOS_RHSA-2011-0492.NASL", "CENTOS_RHSA-2013-0131.NASL", "CENTOS_RHSA-2014-0311.NASL", "DEBIAN_DLA-1564.NASL", "DEBIAN_DLA-376.NASL", "DEBIAN_DSA-1810.NASL", "DEBIAN_DSA-1874.NASL", "DEBIAN_DSA-1892.NASL", "DEBIAN_DSA-1893.NASL", "DEBIAN_DSA-1899.NASL", "DEBIAN_DSA-1931.NASL", "DEBIAN_DSA-1941.NASL", "DEBIAN_DSA-1977.NASL", "DEBIAN_DSA-1998.NASL", "DEBIAN_DSA-2025.NASL", "DEBIAN_DSA-2028.NASL", "DEBIAN_DSA-2050.NASL", "F5_BIGIP_SOL15905.NASL", "FEDORA_2009-10648.NASL", "FEDORA_2009-10694.NASL", "FEDORA_2009-10823.NASL", "FEDORA_2009-10845.NASL", "FEDORA_2009-10878.NASL", "FEDORA_2009-10949.NASL", "FEDORA_2009-10956.NASL", "FEDORA_2009-10972.NASL", "FEDORA_2009-10981.NASL", "FEDORA_2009-10987.NASL", "FEDORA_2009-11029.NASL", "FEDORA_2009-11030.NASL", "FEDORA_2009-12690.NASL", "FEDORA_2009-12737.NASL", "FEDORA_2009-12753.NASL", "FEDORA_2009-8794.NASL", "FEDORA_2009-8815.NASL", "FEDORA_2009-9559.NASL", "FEDORA_2009-9869.NASL", "FEDORA_2009-9901.NASL", "FEDORA_2010-1377.NASL", "FEDORA_2010-17720.NASL", "FEDORA_2010-17732.NASL", "FEDORA_2010-17762.NASL", "FEDORA_2010-17807.NASL", "FEDORA_2010-17819.NASL", "FEDORA_2010-1805.NASL", "FEDORA_2010-1842.NASL", "FEDORA_2010-7100.NASL", "FEDORA_2011-2794.NASL", "FEDORA_2011-2801.NASL", "FEDORA_2011-3097.NASL", "FEDORA_2011-5727.NASL", "FEDORA_2011-5744.NASL", "FEDORA_2011-5777.NASL", "FEDORA_2015-6DEC4E6D5F.NASL", "FREEBSD_PKG_18449F92AB3911E68011005056925DB4.NASL", "FREEBSD_PKG_1B3F854BE4BD11DEB276000D8787E1BE.NASL", "FREEBSD_PKG_49E8F2EE814711DEA9940030843D3802.NASL", "FREEBSD_PKG_4B3A7E70AFCE11E5B86414DAE9D210B8.NASL", "FREEBSD_PKG_56CFE192329F11DFABB2000F20797EDE.NASL", "FREEBSD_PKG_5F030587E39A11DE881E001AA0166822.NASL", "FREEBSD_PKG_6431C4DBDEB411DE90780030843D3802.NASL", "FREEBSD_PKG_C87AA2D2C3C411DEAB08000F20797EDE.NASL", "FREEBSD_PKG_DD943FBBD0FE11DF95A800219B0FC4D8.NASL", "FREEBSD_PKG_E7BC5600EAA011DEBD9C00215C6A37BB.NASL", "GENTOO_GLSA-200906-04.NASL", "GENTOO_GLSA-201110-04.NASL", "GENTOO_GLSA-201209-06.NASL", "GENTOO_GLSA-201301-01.NASL", "GENTOO_GLSA-201310-03.NASL", "GOOGLE_CHROME_3_0_195_24.NASL", "ITUNES_12_6.NASL", "ITUNES_12_6_BANNER.NASL", "MACOSX_10_6_2.NASL", "MACOSX_10_6_3.NASL", "MACOSX_10_6_5.NASL", "MACOSX_SECUPD2009-006.NASL", "MACOSX_SECUPD2010-002.NASL", "MACOS_ITUNES_12_6.NASL", "MANDRIVA_MDVSA-2009-197.NASL", "MANDRIVA_MDVSA-2009-198.NASL", "MANDRIVA_MDVSA-2009-201.NASL", "MANDRIVA_MDVSA-2009-203.NASL", "MANDRIVA_MDVSA-2009-206.NASL", "MANDRIVA_MDVSA-2009-211.NASL", "MANDRIVA_MDVSA-2009-212.NASL", "MANDRIVA_MDVSA-2009-213.NASL", "MANDRIVA_MDVSA-2009-214.NASL", "MANDRIVA_MDVSA-2009-215.NASL", "MANDRIVA_MDVSA-2009-217.NASL", "MANDRIVA_MDVSA-2009-218.NASL", "MANDRIVA_MDVSA-2009-219.NASL", "MANDRIVA_MDVSA-2009-220.NASL", "MANDRIVA_MDVSA-2009-221.NASL", "MANDRIVA_MDVSA-2009-225.NASL", "MANDRIVA_MDVSA-2009-227.NASL", "MANDRIVA_MDVSA-2009-242.NASL", "MANDRIVA_MDVSA-2009-280.NASL", "MANDRIVA_MDVSA-2009-282.NASL", "MANDRIVA_MDVSA-2009-287.NASL", "MANDRIVA_MDVSA-2009-288.NASL", "MANDRIVA_MDVSA-2009-290.NASL", "MANDRIVA_MDVSA-2009-294.NASL", "MANDRIVA_MDVSA-2009-315.NASL", "MANDRIVA_MDVSA-2009-316.NASL", "MANDRIVA_MDVSA-2009-336.NASL", "MANDRIVA_MDVSA-2009-346.NASL", "MANDRIVA_MDVSA-2010-003.NASL", "MANDRIVA_MDVSA-2010-026.NASL", "MANDRIVA_MDVSA-2010-027.NASL", "MANDRIVA_MDVSA-2010-028.NASL", "MANDRIVA_MDVSA-2010-055.NASL", "MANDRIVA_MDVSA-2010-071.NASL", "MANDRIVA_MDVSA-2010-094.NASL", "MANDRIVA_MDVSA-2010-195.NASL", "MANDRIVA_MDVSA-2010-196.NASL", "MANDRIVA_MDVSA-2011-162.NASL", "MANDRIVA_MDVSA-2013-221.NASL", "MANDRIVA_MDVSA-2014-014.NASL", "MOD_JK_1_2_27.NASL", "MOZILLA_FIREFOX_3013.NASL", "MOZILLA_FIREFOX_3015.NASL", "MOZILLA_FIREFOX_354.NASL", "MOZILLA_THUNDERBIRD_20023.NASL", "MOZILLA_THUNDERBIRD_20024.NASL", "NEWSTART_CGSL_NS-SA-2019-0008_PYTHON.NASL", "OPERA_1010.NASL", "ORACLELINUX_ELSA-2009-0458.NASL", "ORACLELINUX_ELSA-2009-0480.NASL", "ORACLELINUX_ELSA-2009-1138.NASL", "ORACLELINUX_ELSA-2009-1184.NASL", "ORACLELINUX_ELSA-2009-1431.NASL", "ORACLELINUX_ELSA-2009-1432.NASL", "ORACLELINUX_ELSA-2009-1451.NASL", "ORACLELINUX_ELSA-2009-1452.NASL", "ORACLELINUX_ELSA-2009-1459.NASL", "ORACLELINUX_ELSA-2009-1500.NASL", "ORACLELINUX_ELSA-2009-1501.NASL", "ORACLELINUX_ELSA-2009-1503.NASL", "ORACLELINUX_ELSA-2009-1504.NASL", "ORACLELINUX_ELSA-2009-1512.NASL", "ORACLELINUX_ELSA-2009-1513.NASL", "ORACLELINUX_ELSA-2009-1530.NASL", "ORACLELINUX_ELSA-2009-1531.NASL", "ORACLELINUX_ELSA-2009-1572.NASL", "ORACLELINUX_ELSA-2009-1601.NASL", "ORACLELINUX_ELSA-2009-1625.NASL", "ORACLELINUX_ELSA-2010-0002.NASL", "ORACLELINUX_ELSA-2010-0154.NASL", "ORACLELINUX_ELSA-2010-0399.NASL", "ORACLELINUX_ELSA-2010-0400.NASL", "ORACLELINUX_ELSA-2010-0401.NASL", "ORACLELINUX_ELSA-2010-0755.NASL", "ORACLELINUX_ELSA-2011-0491.NASL", "ORACLELINUX_ELSA-2011-0492.NASL", "ORACLELINUX_ELSA-2013-0131.NASL", "ORACLELINUX_ELSA-2014-0311.NASL", "REDHAT-RHSA-2009-0458.NASL", "REDHAT-RHSA-2009-0480.NASL", "REDHAT-RHSA-2009-1138.NASL", "REDHAT-RHSA-2009-1184.NASL", "REDHAT-RHSA-2009-1186.NASL", "REDHAT-RHSA-2009-1190.NASL", "REDHAT-RHSA-2009-1207.NASL", "REDHAT-RHSA-2009-1431.NASL", "REDHAT-RHSA-2009-1432.NASL", "REDHAT-RHSA-2009-1451.NASL", "REDHAT-RHSA-2009-1452.NASL", "REDHAT-RHSA-2009-1459.NASL", "REDHAT-RHSA-2009-1500.NASL", "REDHAT-RHSA-2009-1501.NASL", "REDHAT-RHSA-2009-1502.NASL", "REDHAT-RHSA-2009-1503.NASL", "REDHAT-RHSA-2009-1504.NASL", "REDHAT-RHSA-2009-1512.NASL", "REDHAT-RHSA-2009-1513.NASL", "REDHAT-RHSA-2009-1530.NASL", "REDHAT-RHSA-2009-1531.NASL", "REDHAT-RHSA-2009-1572.NASL", "REDHAT-RHSA-2009-1601.NASL", "REDHAT-RHSA-2009-1618.NASL", "REDHAT-RHSA-2009-1625.NASL", "REDHAT-RHSA-2010-0002.NASL", "REDHAT-RHSA-2010-0153.NASL", "REDHAT-RHSA-2010-0154.NASL", "REDHAT-RHSA-2010-0399.NASL", "REDHAT-RHSA-2010-0400.NASL", "REDHAT-RHSA-2010-0401.NASL", "REDHAT-RHSA-2010-0755.NASL", "REDHAT-RHSA-2011-0491.NASL", "REDHAT-RHSA-2011-0492.NASL", "REDHAT-RHSA-2013-0131.NASL", "REDHAT-RHSA-2014-0311.NASL", "REDHAT-RHSA-2014-0312.NASL", "SEAMONKEY_1118.NASL", "SEAMONKEY_1119.NASL", "SLACKWARE_SSA_2009-302-01.NASL", "SLACKWARE_SSA_2009-302-02.NASL", "SLACKWARE_SSA_2011-041-02.NASL", "SLACKWARE_SSA_2011-041-03.NASL", "SL_20090731_NSPR_AND_NSS_FOR_SL_4_X.NASL", "SL_20090731_NSPR_AND_NSS_FOR_SL_5_X.NASL", "SL_20090909_SEAMONKEY_ON_SL3_X.NASL", "SL_20090917_FREERADIUS_ON_SL5_X.NASL", "SL_20090921_NEON_ON_SL4_X.NASL", "SL_20090923_CYRUS_IMAPD_ON_SL4_X.NASL", "SL_20091015_CUPS_ON_SL5_X.NASL", "SL_20091015_GPDF_ON_SL4_X.NASL", "SL_20091015_KDEGRAPHICS_ON_SL4_X.NASL", "SL_20091015_POPPLER_ON_SL5_X.NASL", "SL_20091015_XPDF_ON_SL3_X.NASL", "SL_20091027_FIREFOX_ON_SL4_X.NASL", "SL_20091027_SEAMONKEY_ON_SL3_X.NASL", "SL_20091110_4SUITE_ON_SL3_X.NASL", "SL_20091124_KDELIBS_ON_SL4_X.NASL", "SL_20091207_EXPAT_ON_SL3_X.NASL", "SL_20100104_PYXML_ON_SL4_X.NASL", "SL_20100317_THUNDERBIRD_ON_SL4_X.NASL", "SL_20100506_TETEX_ON_SL3_X.NASL", "SL_20100506_TETEX_ON_SL4_X.NASL", "SL_20100506_TETEX_ON_SL5_X.NASL", "SL_20101007_CUPS_ON_SL3_X.NASL", "SL_20110505_PYTHON_ON_SL4_X.NASL", "SL_20130108_GNOME_VFS2_ON_SL5_X.NASL", "SL_20140318_PHP_ON_SL5_X.NASL", "SOLARIS10_122911-32.NASL", "SOLARIS10_122911-33.NASL", "SOLARIS10_122911-34.NASL", "SOLARIS10_122911-35.NASL", "SOLARIS10_122911-36.NASL", "SOLARIS10_122911-37.NASL", "SOLARIS10_122911.NASL", "SOLARIS10_X86_122912-32.NASL", "SOLARIS10_X86_122912-33.NASL", "SOLARIS10_X86_122912-34.NASL", "SOLARIS10_X86_122912-35.NASL", "SOLARIS10_X86_122912-36.NASL", "SOLARIS10_X86_122912-37.NASL", "SOLARIS10_X86_122912.NASL", "SOLARIS11_PHP_20140401.NASL", "SOLARIS11_PHP_20140522.NASL", "SOLARIS11_RUBY_20130924.NASL", "SOLARIS9_114016.NASL", "SOLARIS9_X86_114017.NASL", "SUSE9_12503.NASL", "SUSE9_12505.NASL", "SUSE9_12506.NASL", "SUSE9_12507.NASL", "SUSE9_12520.NASL", "SUSE9_12521.NASL", "SUSE9_12529.NASL", "SUSE9_12561.NASL", "SUSE9_12563.NASL", "SUSE9_12591.NASL", "SUSE9_12600.NASL", "SUSE9_12616.NASL", "SUSE_11_0_APACHE2-MOD_JK-091028.NASL", "SUSE_11_0_CYRUS-IMAPD-090924.NASL", "SUSE_11_0_DOVECOT-091007.NASL", "SUSE_11_0_EXPAT-091030.NASL", "SUSE_11_0_KDEGRAPHICS3-PDF-091110.NASL", "SUSE_11_0_KDELIBS3-091202.NASL", "SUSE_11_0_LIBFREEBL3-090812.NASL", "SUSE_11_0_LIBLDAP-2_4-2-090909.NASL", "SUSE_11_0_LIBNEON-DEVEL-091012.NASL", "SUSE_11_0_LIBPOPPLER-DEVEL-091223.NASL", "SUSE_11_0_LIBPYTHON2_6-1_0-100328.NASL", "SUSE_11_0_MOZILLA-NSPR-091104.NASL", "SUSE_11_0_MOZILLAFIREFOX-091103.NASL", "SUSE_11_0_MOZILLATHUNDERBIRD-090914.NASL", "SUSE_11_0_MOZILLATHUNDERBIRD-100324.NASL", "SUSE_11_0_MUTT-090909.NASL", "SUSE_11_0_OPENSWAN-090908.NASL", "SUSE_11_0_OPERA-091125.NASL", "SUSE_11_0_PYXML-091210.NASL", "SUSE_11_0_SEAMONKEY-091007.NASL", "SUSE_11_0_SEAMONKEY-100430.NASL", "SUSE_11_0_STRONGSWAN-090906.NASL", "SUSE_11_0_XPDF-091023.NASL", "SUSE_11_1_APACHE2-MOD_JK-091028.NASL", "SUSE_11_1_CYRUS-IMAPD-090924.NASL", "SUSE_11_1_DOVECOT-091008.NASL", "SUSE_11_1_EXPAT-091030.NASL", "SUSE_11_1_KDEGRAPHICS3-PDF-091110.NASL", "SUSE_11_1_KDELIBS3-091202.NASL", "SUSE_11_1_LIBFREEBL3-090812.NASL", "SUSE_11_1_LIBLDAP-2_4-2-090909.NASL", "SUSE_11_1_LIBNEON-DEVEL-091012.NASL", "SUSE_11_1_LIBPOPPLER-DEVEL-091222.NASL", "SUSE_11_1_LIBPYTHON2_6-1_0-100330.NASL", "SUSE_11_1_MOZILLA-NSPR-091104.NASL", "SUSE_11_1_MOZILLAFIREFOX-091102.NASL", "SUSE_11_1_MOZILLATHUNDERBIRD-090914.NASL", "SUSE_11_1_MOZILLATHUNDERBIRD-100324.NASL", "SUSE_11_1_MUTT-090909.NASL", "SUSE_11_1_OPENSWAN-090909.NASL", "SUSE_11_1_OPERA-091125.NASL", "SUSE_11_1_PYXML-091210.NASL", "SUSE_11_1_SEAMONKEY-091007.NASL", "SUSE_11_1_SEAMONKEY-100430.NASL", "SUSE_11_1_STRONGSWAN-090908.NASL", "SUSE_11_1_XPDF-091024.NASL", "SUSE_11_2_KDELIBS3-091204.NASL", "SUSE_11_2_LIBPOPPLER-DEVEL-091222.NASL", "SUSE_11_2_LIBPOPPLER-DEVEL-100111.NASL", "SUSE_11_2_LIBPYTHON2_6-1_0-100329.NASL", "SUSE_11_2_OPERA-091125.NASL", "SUSE_11_2_PYXML-091210.NASL", "SUSE_11_CYRUS-IMAPD-090924.NASL", "SUSE_11_EXPAT-091030.NASL", "SUSE_11_KDELIBS3-091202.NASL", "SUSE_11_KDELIBS4-100107.NASL", "SUSE_11_LIBFREEBL3-090812.NASL", "SUSE_11_LIBLDAP-2_4-2-090915.NASL", "SUSE_11_LIBNEON-DEVEL-091012.NASL", "SUSE_11_LIBPOPPLER-DEVEL-091221.NASL", "SUSE_11_LIBPYTHON2_6-1_0-100323.NASL", "SUSE_11_MOZILLA-NSPR-091103.NASL", "SUSE_11_MOZILLA-XULRUNNER190-091030.NASL", "SUSE_11_MOZILLAFIREFOX-091030.NASL", "SUSE_11_MOZILLATHUNDERBIRD-090915.NASL", "SUSE_11_MUTT-090909.NASL", "SUSE_11_OPENSWAN-090909.NASL", "SUSE_11_PYXML-091211.NASL", "SUSE_11_RUBY-131125.NASL", "SUSE_11_STRONGSWAN-090908.NASL", "SUSE_APACHE2-MOD_JK-6599.NASL", "SUSE_CUPS-6565.NASL", "SUSE_CUPS-6720.NASL", "SUSE_CUPS-6721.NASL", "SUSE_CYRUS-IMAPD-6509.NASL", "SUSE_CYRUS-IMAPD-6511.NASL", "SUSE_CYRUS-IMAPD-6521.NASL", "SUSE_DOVECOT-6539.NASL", "SUSE_EXPAT-6613.NASL", "SUSE_EXPAT-6618.NASL", "SUSE_EXPAT-6619.NASL", "SUSE_FREERADIUS-6496.NASL", "SUSE_FREERADIUS-6499.NASL", "SUSE_FREERADIUS-6528.NASL", "SUSE_KDEGRAPHICS3-PDF-6652.NASL", "SUSE_KDEGRAPHICS3-PDF-6653.NASL", "SUSE_KDELIBS3-6691.NASL", "SUSE_KDELIBS3-6692.NASL", "SUSE_LIBFREEBL3-6494.NASL", "SUSE_LIBICECORE-6857.NASL", "SUSE_LIBICECORE-6862.NASL", "SUSE_LIBLDAP-2_4-2-6488.NASL", "SUSE_LIBNEON-DEVEL-6550.NASL", "SUSE_MOZILLA-NSPR-6541.NASL", "SUSE_MOZILLA-NSPR-6630.NASL", "SUSE_MOZILLA-NSPR-6631.NASL", "SUSE_MOZILLA-XULRUNNER190-6616.NASL", "SUSE_MOZILLA-XULRUNNER190-6617.NASL", "SUSE_MOZILLAFIREFOX-6606.NASL", "SUSE_MOZILLAFIREFOX-6609.NASL", "SUSE_MOZILLATHUNDERBIRD-6493.NASL", "SUSE_MUTT-6484.NASL", "SUSE_MUTT-6487.NASL", "SUSE_NEON-6548.NASL", "SUSE_NEON-6549.NASL", "SUSE_OPENLDAP2-6485.NASL", "SUSE_OPENLDAP2-6598.NASL", "SUSE_OPENSWAN-6478.NASL", "SUSE_OPENSWAN-6481.NASL", "SUSE_POPPLER-6743.NASL", "SUSE_POPPLER-6751.NASL", "SUSE_PYTHON-6946.NASL", "SUSE_PYXML-6714.NASL", "SUSE_PYXML-6715.NASL", "SUSE_SEAMONKEY-6538.NASL", "SUSE_STRONGSWAN-6480.NASL", "SUSE_STRONGSWAN-6529.NASL", "SUSE_SU-2016-0257-1.NASL", "SUSE_SU-2016-2958-1.NASL", "SUSE_XPDF-6556.NASL", "SUSE_XPDF-6558.NASL", "SUSE_XPDF-6560.NASL", "UBUNTU_USN-810-1.NASL", "UBUNTU_USN-810-2.NASL", "UBUNTU_USN-810-3.NASL", "UBUNTU_USN-832-1.NASL", "UBUNTU_USN-838-1.NASL", "UBUNTU_USN-850-1.NASL", "UBUNTU_USN-850-2.NASL", "UBUNTU_USN-850-3.NASL", "UBUNTU_USN-853-1.NASL", "UBUNTU_USN-853-2.NASL", "UBUNTU_USN-871-1.NASL", "UBUNTU_USN-890-1.NASL", "UBUNTU_USN-890-2.NASL", "UBUNTU_USN-890-3.NASL", "UBUNTU_USN-890-4.NASL", "UBUNTU_USN-890-5.NASL", "UBUNTU_USN-890-6.NASL", "UBUNTU_USN-915-1.NASL", "UBUNTU_USN-973-1.NASL", "VMWARE_ESXI_5_0_BUILD_608089_REMOTE.NASL", "VMWARE_VMSA-2010-0001.NASL", "VMWARE_VMSA-2010-0001_REMOTE.NASL", "VMWARE_VMSA-2010-0004.NASL", "VMWARE_VMSA-2010-0004_REMOTE.NASL", "VMWARE_VMSA-2012-0001.NASL", "VMWARE_VMSA-2012-0001_REMOTE.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:102038", "OPENVAS:102039", "OPENVAS:103448", "OPENVAS:1361412562310102038", "OPENVAS:1361412562310102039", "OPENVAS:1361412562310103448", "OPENVAS:1361412562310120120", "OPENVAS:1361412562310120376", "OPENVAS:1361412562310120380", "OPENVAS:1361412562310121000", "OPENVAS:1361412562310121041", "OPENVAS:1361412562310122181", "OPENVAS:1361412562310122360", "OPENVAS:1361412562310122405", "OPENVAS:1361412562310122412", "OPENVAS:1361412562310122417", "OPENVAS:1361412562310122426", "OPENVAS:1361412562310122427", "OPENVAS:1361412562310122436", "OPENVAS:1361412562310122437", "OPENVAS:1361412562310122438", "OPENVAS:1361412562310122461", "OPENVAS:1361412562310122465", "OPENVAS:1361412562310122485", "OPENVAS:1361412562310123444", "OPENVAS:1361412562310123751", "OPENVAS:1361412562310131176", "OPENVAS:136141256231063870", "OPENVAS:136141256231064193", "OPENVAS:136141256231064362", "OPENVAS:136141256231064508", "OPENVAS:136141256231064510", "OPENVAS:136141256231064513", "OPENVAS:136141256231064577", "OPENVAS:136141256231064597", "OPENVAS:136141256231064604", "OPENVAS:136141256231064607", "OPENVAS:136141256231064609", "OPENVAS:136141256231064657", "OPENVAS:136141256231064675", "OPENVAS:136141256231064678", "OPENVAS:136141256231064688", "OPENVAS:136141256231064689", "OPENVAS:136141256231064693", "OPENVAS:136141256231064713", "OPENVAS:136141256231064719", "OPENVAS:136141256231064758", "OPENVAS:136141256231064834", "OPENVAS:136141256231064836", "OPENVAS:136141256231064841", "OPENVAS:136141256231064842", "OPENVAS:136141256231064902", "OPENVAS:136141256231064905", "OPENVAS:136141256231064941", "OPENVAS:136141256231064944", "OPENVAS:136141256231064952", "OPENVAS:136141256231064953", "OPENVAS:136141256231064963", "OPENVAS:136141256231064965", "OPENVAS:136141256231064977", "OPENVAS:136141256231064978", "OPENVAS:136141256231064986", "OPENVAS:136141256231064989", "OPENVAS:136141256231065006", "OPENVAS:136141256231065117", "OPENVAS:136141256231065253", "OPENVAS:136141256231065427", "OPENVAS:136141256231065505", "OPENVAS:136141256231065705", "OPENVAS:136141256231065720", "OPENVAS:136141256231065721", "OPENVAS:136141256231065722", "OPENVAS:136141256231065724", "OPENVAS:136141256231065736", "OPENVAS:136141256231065737", "OPENVAS:136141256231065799", "OPENVAS:136141256231065821", "OPENVAS:136141256231065823", "OPENVAS:136141256231065858", "OPENVAS:136141256231065900", "OPENVAS:136141256231066012", "OPENVAS:136141256231066013", "OPENVAS:136141256231066014", "OPENVAS:136141256231066015", "OPENVAS:136141256231066016", "OPENVAS:136141256231066017", "OPENVAS:136141256231066018", "OPENVAS:136141256231066059", "OPENVAS:136141256231066066", "OPENVAS:136141256231066067", "OPENVAS:136141256231066068", "OPENVAS:136141256231066069", "OPENVAS:136141256231066072", "OPENVAS:136141256231066076", "OPENVAS:136141256231066083", "OPENVAS:136141256231066084", "OPENVAS:136141256231066085", "OPENVAS:136141256231066087", "OPENVAS:136141256231066090", "OPENVAS:136141256231066091", "OPENVAS:136141256231066092", "OPENVAS:136141256231066094", "OPENVAS:136141256231066104", "OPENVAS:136141256231066116", "OPENVAS:136141256231066120", "OPENVAS:136141256231066121", "OPENVAS:136141256231066125", "OPENVAS:136141256231066139", "OPENVAS:136141256231066140", "OPENVAS:136141256231066144", "OPENVAS:136141256231066150", "OPENVAS:136141256231066151", "OPENVAS:136141256231066159", "OPENVAS:136141256231066162", "OPENVAS:136141256231066163", "OPENVAS:136141256231066165", "OPENVAS:136141256231066166", "OPENVAS:136141256231066167", "OPENVAS:136141256231066172", "OPENVAS:136141256231066189", "OPENVAS:136141256231066190", "OPENVAS:136141256231066193", "OPENVAS:136141256231066194", "OPENVAS:136141256231066195", "OPENVAS:136141256231066198", "OPENVAS:136141256231066199", "OPENVAS:136141256231066211", "OPENVAS:136141256231066214", "OPENVAS:136141256231066215", "OPENVAS:136141256231066222", "OPENVAS:136141256231066225", "OPENVAS:136141256231066226", "OPENVAS:136141256231066228", "OPENVAS:136141256231066229", "OPENVAS:136141256231066231", "OPENVAS:136141256231066232", "OPENVAS:136141256231066233", "OPENVAS:136141256231066234", "OPENVAS:136141256231066235", "OPENVAS:136141256231066236", "OPENVAS:136141256231066237", "OPENVAS:136141256231066239", "OPENVAS:136141256231066273", "OPENVAS:136141256231066282", "OPENVAS:136141256231066309", "OPENVAS:136141256231066311", "OPENVAS:136141256231066314", "OPENVAS:136141256231066316", "OPENVAS:136141256231066332", "OPENVAS:136141256231066357", "OPENVAS:136141256231066361", "OPENVAS:136141256231066362", "OPENVAS:136141256231066374", "OPENVAS:136141256231066376", "OPENVAS:136141256231066381", "OPENVAS:136141256231066383", "OPENVAS:136141256231066384", "OPENVAS:136141256231066385", "OPENVAS:136141256231066388", "OPENVAS:136141256231066389", "OPENVAS:136141256231066391", "OPENVAS:136141256231066396", "OPENVAS:136141256231066408", "OPENVAS:136141256231066410", "OPENVAS:136141256231066446", "OPENVAS:136141256231066447", "OPENVAS:136141256231066448", "OPENVAS:136141256231066465", "OPENVAS:136141256231066467", "OPENVAS:136141256231066468", "OPENVAS:136141256231066477", "OPENVAS:136141256231066492", "OPENVAS:136141256231066530", "OPENVAS:136141256231066544", "OPENVAS:136141256231066546", "OPENVAS:136141256231066611", "OPENVAS:136141256231066614", "OPENVAS:136141256231066952", "OPENVAS:136141256231067138", "OPENVAS:136141256231067209", "OPENVAS:136141256231067264", "OPENVAS:136141256231067403", "OPENVAS:136141256231068152", "OPENVAS:136141256231068922", "OPENVAS:136141256231068923", "OPENVAS:136141256231070767", "OPENVAS:136141256231072423", "OPENVAS:1361412562310800277", "OPENVAS:1361412562310800673", "OPENVAS:1361412562310800915", "OPENVAS:1361412562310801130", "OPENVAS:1361412562310801131", "OPENVAS:1361412562310802144", "OPENVAS:1361412562310810724", "OPENVAS:1361412562310810725", "OPENVAS:1361412562310830781", "OPENVAS:1361412562310830782", "OPENVAS:1361412562310830784", "OPENVAS:1361412562310830786", "OPENVAS:1361412562310830798", "OPENVAS:1361412562310830820", "OPENVAS:1361412562310830846", "OPENVAS:1361412562310830852", "OPENVAS:1361412562310830855", "OPENVAS:1361412562310830923", "OPENVAS:1361412562310830924", "OPENVAS:1361412562310830925", "OPENVAS:1361412562310830932", "OPENVAS:1361412562310830933", "OPENVAS:1361412562310830947", "OPENVAS:1361412562310831037", "OPENVAS:1361412562310831195", "OPENVAS:1361412562310831197", "OPENVAS:1361412562310831482", "OPENVAS:1361412562310831494", "OPENVAS:1361412562310835253", "OPENVAS:1361412562310840375", "OPENVAS:1361412562310840376", "OPENVAS:1361412562310840377", "OPENVAS:1361412562310840380", "OPENVAS:1361412562310840391", "OPENVAS:1361412562310840402", "OPENVAS:1361412562310840422", "OPENVAS:1361412562310840481", "OPENVAS:1361412562310855645", "OPENVAS:1361412562310855677", "OPENVAS:1361412562310855695", "OPENVAS:1361412562310855719", "OPENVAS:1361412562310855723", "OPENVAS:1361412562310855731", "OPENVAS:1361412562310855737", "OPENVAS:1361412562310855812", "OPENVAS:1361412562310855821", "OPENVAS:1361412562310861624", "OPENVAS:1361412562310861687", "OPENVAS:1361412562310861922", "OPENVAS:1361412562310862561", "OPENVAS:1361412562310862567", "OPENVAS:1361412562310862572", "OPENVAS:1361412562310862594", "OPENVAS:1361412562310862599", "OPENVAS:1361412562310862919", "OPENVAS:1361412562310862928", "OPENVAS:1361412562310863062", "OPENVAS:1361412562310863066", "OPENVAS:1361412562310870202", "OPENVAS:1361412562310870234", "OPENVAS:1361412562310870262", "OPENVAS:1361412562310870265", "OPENVAS:1361412562310870266", "OPENVAS:1361412562310870332", "OPENVAS:1361412562310870428", "OPENVAS:1361412562310870430", "OPENVAS:1361412562310870884", "OPENVAS:1361412562310871140", "OPENVAS:1361412562310880340", "OPENVAS:1361412562310880343", "OPENVAS:1361412562310880375", "OPENVAS:1361412562310880396", "OPENVAS:1361412562310880397", "OPENVAS:1361412562310880436", "OPENVAS:1361412562310880500", "OPENVAS:1361412562310880556", "OPENVAS:1361412562310880598", "OPENVAS:1361412562310880625", "OPENVAS:1361412562310880629", "OPENVAS:1361412562310880670", "OPENVAS:1361412562310880700", "OPENVAS:1361412562310880713", "OPENVAS:1361412562310880719", "OPENVAS:1361412562310880723", "OPENVAS:1361412562310880742", "OPENVAS:1361412562310880757", "OPENVAS:1361412562310880758", "OPENVAS:1361412562310880786", "OPENVAS:1361412562310880807", "OPENVAS:1361412562310880821", "OPENVAS:1361412562310880824", "OPENVAS:1361412562310880832", "OPENVAS:1361412562310880839", "OPENVAS:1361412562310880851", "OPENVAS:1361412562310880859", "OPENVAS:1361412562310880864", "OPENVAS:1361412562310880874", "OPENVAS:1361412562310880905", "OPENVAS:1361412562310880906", "OPENVAS:1361412562310880909", "OPENVAS:1361412562310880912", "OPENVAS:1361412562310880913", "OPENVAS:1361412562310881282", "OPENVAS:1361412562310881427", "OPENVAS:1361412562310881571", "OPENVAS:1361412562310881904", "OPENVAS:1361412562310891564", "OPENVAS:1361412562310900828", "OPENVAS:1361412562310900856", "OPENVAS:1361412562310901026", "OPENVAS:1361412562311220191428", "OPENVAS:1361412562311220191434", "OPENVAS:1361412562311220191544", "OPENVAS:63870", "OPENVAS:64193", "OPENVAS:64362", "OPENVAS:64508", "OPENVAS:64510", "OPENVAS:64513", "OPENVAS:64573", "OPENVAS:64574", "OPENVAS:64577", "OPENVAS:64597", "OPENVAS:64604", "OPENVAS:64607", "OPENVAS:64609", "OPENVAS:64657", "OPENVAS:64675", "OPENVAS:64678", "OPENVAS:64688", "OPENVAS:64689", "OPENVAS:64693", "OPENVAS:64713", "OPENVAS:64719", "OPENVAS:64758", "OPENVAS:64834", "OPENVAS:64836", "OPENVAS:64841", "OPENVAS:64842", "OPENVAS:64902", "OPENVAS:64905", "OPENVAS:64926", "OPENVAS:64941", "OPENVAS:64944", "OPENVAS:64952", "OPENVAS:64953", "OPENVAS:64963", "OPENVAS:64965", "OPENVAS:64977", "OPENVAS:64978", "OPENVAS:64986", "OPENVAS:64989", "OPENVAS:65006", "OPENVAS:65010", "OPENVAS:65117", "OPENVAS:65253", "OPENVAS:65427", "OPENVAS:65505", "OPENVAS:65705", "OPENVAS:65720", "OPENVAS:65721", "OPENVAS:65722", "OPENVAS:65724", "OPENVAS:65736", "OPENVAS:65737", "OPENVAS:65799", "OPENVAS:65821", "OPENVAS:65823", "OPENVAS:65858", "OPENVAS:65900", "OPENVAS:66012", "OPENVAS:66013", "OPENVAS:66014", "OPENVAS:66015", "OPENVAS:66016", "OPENVAS:66017", "OPENVAS:66018", "OPENVAS:66059", "OPENVAS:66066", "OPENVAS:66067", "OPENVAS:66068", "OPENVAS:66069", "OPENVAS:66072", "OPENVAS:66076", "OPENVAS:66083", "OPENVAS:66084", "OPENVAS:66085", "OPENVAS:66087", "OPENVAS:66090", "OPENVAS:66091", "OPENVAS:66092", "OPENVAS:66094", "OPENVAS:66104", "OPENVAS:66111", "OPENVAS:66113", "OPENVAS:66116", "OPENVAS:66120", "OPENVAS:66121", "OPENVAS:66125", "OPENVAS:66139", "OPENVAS:66140", "OPENVAS:66144", "OPENVAS:66150", "OPENVAS:66151", "OPENVAS:66159", "OPENVAS:66162", "OPENVAS:66163", "OPENVAS:66165", "OPENVAS:66166", "OPENVAS:66167", "OPENVAS:66172", "OPENVAS:66189", "OPENVAS:66190", "OPENVAS:66193", "OPENVAS:66194", "OPENVAS:66195", "OPENVAS:66198", "OPENVAS:66199", "OPENVAS:66211", "OPENVAS:66214", "OPENVAS:66222", "OPENVAS:66225", "OPENVAS:66226", "OPENVAS:66228", "OPENVAS:66229", "OPENVAS:66231", "OPENVAS:66232", "OPENVAS:66233", "OPENVAS:66234", "OPENVAS:66235", "OPENVAS:66236", "OPENVAS:66237", "OPENVAS:66239", "OPENVAS:66273", "OPENVAS:66282", "OPENVAS:66304", "OPENVAS:66308", "OPENVAS:66309", "OPENVAS:66311", "OPENVAS:66314", "OPENVAS:66316", "OPENVAS:66332", "OPENVAS:66357", "OPENVAS:66361", "OPENVAS:66362", "OPENVAS:66374", "OPENVAS:66376", "OPENVAS:66381", "OPENVAS:66383", "OPENVAS:66384", "OPENVAS:66385", "OPENVAS:66388", "OPENVAS:66389", "OPENVAS:66391", "OPENVAS:66396", "OPENVAS:66408", "OPENVAS:66410", "OPENVAS:66446", "OPENVAS:66447", "OPENVAS:66448", "OPENVAS:66465", "OPENVAS:66467", "OPENVAS:66468", "OPENVAS:66477", "OPENVAS:66492", "OPENVAS:66530", "OPENVAS:66544", "OPENVAS:66546", "OPENVAS:66611", "OPENVAS:66614", "OPENVAS:66952", "OPENVAS:67138", "OPENVAS:67209", "OPENVAS:67264", "OPENVAS:67403", "OPENVAS:68152", "OPENVAS:68922", "OPENVAS:68923", "OPENVAS:70767", "OPENVAS:72423", "OPENVAS:800277", "OPENVAS:800673", "OPENVAS:800915", "OPENVAS:801130", "OPENVAS:801131", "OPENVAS:802144", "OPENVAS:830781", "OPENVAS:830782", "OPENVAS:830784", "OPENVAS:830786", "OPENVAS:830798", "OPENVAS:830820", "OPENVAS:830846", "OPENVAS:830852", "OPENVAS:830855", "OPENVAS:830923", "OPENVAS:830924", "OPENVAS:830925", "OPENVAS:830932", "OPENVAS:830933", "OPENVAS:830947", "OPENVAS:831037", "OPENVAS:831195", "OPENVAS:831197", "OPENVAS:831482", "OPENVAS:831494", "OPENVAS:835253", "OPENVAS:840375", "OPENVAS:840376", "OPENVAS:840377", "OPENVAS:840380", "OPENVAS:840391", "OPENVAS:840402", "OPENVAS:840422", "OPENVAS:840481", "OPENVAS:855645", "OPENVAS:855677", "OPENVAS:855695", "OPENVAS:855719", "OPENVAS:855723", "OPENVAS:855731", "OPENVAS:855737", "OPENVAS:855812", "OPENVAS:855821", "OPENVAS:861624", "OPENVAS:861687", "OPENVAS:861922", "OPENVAS:862561", "OPENVAS:862567", "OPENVAS:862572", "OPENVAS:862594", "OPENVAS:862599", "OPENVAS:862919", "OPENVAS:862928", "OPENVAS:863062", "OPENVAS:863066", "OPENVAS:870202", "OPENVAS:870234", "OPENVAS:870262", "OPENVAS:870265", "OPENVAS:870266", "OPENVAS:870332", "OPENVAS:870428", "OPENVAS:870430", "OPENVAS:870884", "OPENVAS:871140", "OPENVAS:880340", "OPENVAS:880343", "OPENVAS:880375", "OPENVAS:880396", "OPENVAS:880397", "OPENVAS:880436", "OPENVAS:880500", "OPENVAS:880556", "OPENVAS:880598", "OPENVAS:880625", "OPENVAS:880629", "OPENVAS:880670", "OPENVAS:880700", "OPENVAS:880713", "OPENVAS:880719", "OPENVAS:880723", "OPENVAS:880742", "OPENVAS:880757", "OPENVAS:880758", "OPENVAS:880786", "OPENVAS:880807", "OPENVAS:880821", "OPENVAS:880824", "OPENVAS:880832", "OPENVAS:880839", "OPENVAS:880851", "OPENVAS:880859", "OPENVAS:880864", "OPENVAS:880874", "OPENVAS:880905", "OPENVAS:880906", "OPENVAS:880909", "OPENVAS:880912", "OPENVAS:880913", "OPENVAS:881282", "OPENVAS:881427", "OPENVAS:881571", "OPENVAS:881904", "OPENVAS:900828", "OPENVAS:900856", "OPENVAS:901026"]}, {"type": "opera", "idList": ["OPERA:942"]}, {"type": "oraclelinux", "idList": ["ELSA-2009-0458", "ELSA-2009-0480", "ELSA-2009-1184", "ELSA-2009-1186", "ELSA-2009-1451", "ELSA-2009-1452", "ELSA-2009-1459", "ELSA-2009-1501", "ELSA-2009-1503", "ELSA-2009-1504", "ELSA-2009-1512", "ELSA-2009-1513", "ELSA-2009-1572", "ELSA-2009-1601", "ELSA-2009-1625", "ELSA-2010-0002", "ELSA-2010-0154", "ELSA-2010-0399", "ELSA-2010-0400", "ELSA-2010-0401", "ELSA-2010-0755", "ELSA-2011-0491", "ELSA-2011-0492", "ELSA-2013-0131", "ELSA-2014-0311"]}, {"type": "osv", "idList": ["OSV:DLA-1564-1", "OSV:DLA-376-1", "OSV:DSA-1810-1", "OSV:DSA-1874-1", "OSV:DSA-1892-1", "OSV:DSA-1893-1", "OSV:DSA-1899-1", "OSV:DSA-1921-1", "OSV:DSA-1931-1", "OSV:DSA-1941-1", "OSV:DSA-1977-1", "OSV:DSA-1998-1", "OSV:DSA-2025-1", "OSV:DSA-2028-1", "OSV:DSA-2050-1"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:81198", "PACKETSTORM:82821", "PACKETSTORM:82822", "PACKETSTORM:82823", "PACKETSTORM:82824", "PACKETSTORM:83737", "PACKETSTORM:83738", "PACKETSTORM:83739", "PACKETSTORM:83740", "PACKETSTORM:84943", "PACKETSTORM:84946", "PACKETSTORM:84952", "PACKETSTORM:88859", "PACKETSTORM:89801"]}, {"type": "redhat", "idList": ["RHSA-2009:0446", "RHSA-2009:0458", "RHSA-2009:0480", "RHSA-2009:1087", "RHSA-2009:1184", "RHSA-2009:1186", "RHSA-2009:1190", "RHSA-2009:1207", "RHSA-2009:1432", "RHSA-2009:1451", "RHSA-2009:1452", "RHSA-2009:1459", "RHSA-2009:1500", "RHSA-2009:1501", "RHSA-2009:1502", "RHSA-2009:1503", "RHSA-2009:1504", "RHSA-2009:1512", "RHSA-2009:1513", "RHSA-2009:1530", "RHSA-2009:1531", "RHSA-2009:1572", "RHSA-2009:1601", "RHSA-2009:1618", "RHSA-2009:1625", "RHSA-2009:1692", "RHSA-2010:0002", "RHSA-2010:0153", "RHSA-2010:0154", "RHSA-2010:0399", "RHSA-2010:0400", "RHSA-2010:0401", "RHSA-2010:0755", "RHSA-2011:0491", "RHSA-2011:0492", "RHSA-2013:0131", "RHSA-2014:0311", "RHSA-2014:0312", "RHSA-2017:3239"]}, {"type": "rubygems", "idList": ["RUBY:RUBY-2013-4073-94628"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:21596", "SECURITYVULNS:DOC:22093", "SECURITYVULNS:DOC:22253", "SECURITYVULNS:DOC:22276", "SECURITYVULNS:DOC:22330", "SECURITYVULNS:DOC:22379", "SECURITYVULNS:DOC:22430", "SECURITYVULNS:DOC:22450", "SECURITYVULNS:DOC:22544", "SECURITYVULNS:DOC:22659", "SECURITYVULNS:DOC:22668", "SECURITYVULNS:DOC:22669", "SECURITYVULNS:DOC:22812", "SECURITYVULNS:DOC:22813", "SECURITYVULNS:DOC:22814", "SECURITYVULNS:DOC:22815", "SECURITYVULNS:DOC:22816", "SECURITYVULNS:DOC:22932", "SECURITYVULNS:DOC:22933", "SECURITYVULNS:DOC:23025", "SECURITYVULNS:DOC:23050", "SECURITYVULNS:DOC:23936", "SECURITYVULNS:DOC:24857", "SECURITYVULNS:DOC:25153", "SECURITYVULNS:DOC:29719", "SECURITYVULNS:DOC:30264", "SECURITYVULNS:VULN:10021", "SECURITYVULNS:VULN:10121", "SECURITYVULNS:VULN:10154", "SECURITYVULNS:VULN:10183", "SECURITYVULNS:VULN:10230", "SECURITYVULNS:VULN:10280", "SECURITYVULNS:VULN:10333", "SECURITYVULNS:VULN:10356", "SECURITYVULNS:VULN:13257", "SECURITYVULNS:VULN:9802"]}, {"type": "seebug", "idList": ["SSV:11711", "SSV:11950", "SSV:12116", "SSV:12447", "SSV:14525", "SSV:14959", "SSV:14969", "SSV:18280", "SSV:18281", "SSV:18282", "SSV:18283", "SSV:18465", "SSV:19689", "SSV:5023", "SSV:67074", "SSV:67075", "SSV:67076", "SSV:67154", "SSV:96525"]}, {"type": "slackware", "idList": ["SSA-2009-302-01", "SSA-2009-302-02", "SSA-2011-041-02", "SSA-2011-041-03"]}, {"type": "suse", "idList": ["SUSE-SA:2009:048", "SUSE-SU-2013:1828-1"]}, {"type": "talos", "idList": ["TALOS-2017-0294"]}, {"type": "threatpost", "idList": ["THREATPOST:4F867C686B7E31697E158FBD04A5DD35", "THREATPOST:DF62052EA2F1372006ACE34D8541F7DB", "THREATPOST:E8934170DFDD56E0C8B8F5EA86038B74"]}, {"type": "tomcat", "idList": ["TOMCAT:7E0C6D8D804804E75EAC0A86D340A828"]}, {"type": "ubuntu", "idList": ["USN-810-1", "USN-810-2", "USN-810-3", "USN-832-1", "USN-838-1", "USN-850-1", "USN-850-2", "USN-850-3", "USN-871-1", "USN-890-1", "USN-890-2", "USN-890-3", "USN-890-4", "USN-890-5", "USN-890-6", "USN-915-1", "USN-973-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2008-5519", "UB:CVE-2009-0689", "UB:CVE-2009-2408", "UB:CVE-2009-2417", "UB:CVE-2009-2473", "UB:CVE-2009-2474", "UB:CVE-2009-2625", "UB:CVE-2009-2661", "UB:CVE-2009-2666", "UB:CVE-2009-2700", "UB:CVE-2009-2702", "UB:CVE-2009-3111", "UB:CVE-2009-3235", "UB:CVE-2009-3475", "UB:CVE-2009-3490", "UB:CVE-2009-3560", "UB:CVE-2009-3603", "UB:CVE-2009-3604", "UB:CVE-2009-3605", "UB:CVE-2009-3606", "UB:CVE-2009-3608", "UB:CVE-2009-3609", "UB:CVE-2009-3639", "UB:CVE-2009-3720", "UB:CVE-2009-3765", "UB:CVE-2009-3767", "UB:CVE-2009-3941", "UB:CVE-2009-3942", "UB:CVE-2009-4034", "UB:CVE-2009-4565", "UB:CVE-2010-1192", "UB:CVE-2010-2074", "UB:CVE-2013-4073", "UB:CVE-2013-4238", "UB:CVE-2013-4248"]}, {"type": "veracode", "idList": ["VERACODE:23605", "VERACODE:23694", "VERACODE:23808", "VERACODE:23862", "VERACODE:23864", "VERACODE:23865", "VERACODE:23904", "VERACODE:24486"]}, {"type": "vmware", "idList": ["VMSA-2010-0001", "VMSA-2010-0001.1", "VMSA-2010-0004", "VMSA-2010-0004.5", "VMSA-2012-0001", "VMSA-2012-0001.2"]}]}, "backreferences": {"references": [{"type": "aix", "idList": ["SENDMAIL_ADVISORY.ASC"]}, {"type": "amazon", "idList": ["ALAS-2013-224"]}, {"type": "apple", "idList": ["APPLE:9A0B3B0DFCDD94CAF1819BEC271E3754"]}, {"type": "centos", "idList": ["CESA-2009:0458", "CESA-2009:0480", "CESA-2009:1432", "CESA-2009:1451", "CESA-2009:1452", "CESA-2009:1459", "CESA-2009:1500", "CESA-2009:1501", "CESA-2009:1502", "CESA-2009:1503", "CESA-2009:1504", "CESA-2009:1512", "CESA-2009:1513", "CESA-2009:1530", "CESA-2009:1531", "CESA-2009:1572", "CESA-2009:1601", "CESA-2009:1625", "CESA-2010:0002", "CESA-2010:0153", "CESA-2010:0154", "CESA-2010:0399", "CESA-2010:0400", "CESA-2010:0401", "CESA-2010:0755", "CESA-2011:0491", "CESA-2011:0492", "CESA-2013:0131", "CESA-2014:0311"]}, {"type": "checkpoint_advisories", "idList": ["CPAI-2009-129"]}, {"type": "chrome", "idList": ["GCSA-8063279317770394009"]}, {"type": "cve", "idList": ["CVE-2008-5519"]}, {"type": "debian", "idList": ["DEBIAN:56C805B941600C7D24189CA65B1A3471:E7DF7", "DEBIAN:DLA-376-1:93013", "DEBIAN:DSA-1899-1:BBC82"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2009-2661", "DEBIANCVE:CVE-2009-3609", "DEBIANCVE:CVE-2009-3720"]}, {"type": "exploitdb", "idList": ["EDB-ID:10184", "EDB-ID:10185"]}, {"type": "exploitpack", "idList": ["EXPLOITPACK:16C37B6C3C517D65315351878DA06F27", "EXPLOITPACK:BAEE9A0461F7CC4E4B3568E7D096BEFB"]}, {"type": "f5", "idList": ["SOL14909", "SOL15638", "SOL15683", "SOL15905"]}, {"type": "fedora", "idList": ["FEDORA:1D7C611126A", "FEDORA:98D276087D46"]}, {"type": "freebsd", "idList": ["1B3F854B-E4BD-11DE-B276-000D8787E1BE", "49E8F2EE-8147-11DE-A994-0030843D3802", "4B3A7E70-AFCE-11E5-B864-14DAE9D210B8", "56CFE192-329F-11DF-ABB2-000F20797EDE", "5F030587-E39A-11DE-881E-001AA0166822", "6431C4DB-DEB4-11DE-9078-0030843D3802", "DD943FBB-D0FE-11DF-95A8-00219B0FC4D8", "E7BC5600-EAA0-11DE-BD9C-00215C6A37BB"]}, {"type": "httpd", "idList": ["HTTPD:CE69C4ECDA46256846F1C251D5FB13D9"]}, {"type": "kaspersky", "idList": ["KLA10066"]}, {"type": "metasploit", "idList": ["MSF:ILITIES/FREEBSD-VID-5179D85C-8683-11DE-91B9-0022157515B2/"]}, {"type": "mozilla", "idList": ["MFSA2009-59"]}, {"type": "nessus", "idList": ["5578.PRM", "800847.PRM", "CENTOS_RHSA-2009-1451.NASL", "CENTOS_RHSA-2009-1503.NASL", "CENTOS_RHSA-2009-1504.NASL", "CENTOS_RHSA-2009-1513.NASL", "CENTOS_RHSA-2009-1572.NASL", "DEBIAN_DLA-376.NASL", "FEDORA_2009-10648.NASL", "FEDORA_2009-9901.NASL", "FEDORA_2010-1377.NASL", "FEDORA_2011-2801.NASL", "FEDORA_2011-5777.NASL", "FREEBSD_PKG_4B3A7E70AFCE11E5B86414DAE9D210B8.NASL", "FREEBSD_PKG_6431C4DBDEB411DE90780030843D3802.NASL", "FREEBSD_PKG_DD943FBBD0FE11DF95A800219B0FC4D8.NASL", "GENTOO_GLSA-201209-06.NASL", "MANDRIVA_MDVSA-2009-198.NASL", "MANDRIVA_MDVSA-2009-211.NASL", "MANDRIVA_MDVSA-2009-212.NASL", "MANDRIVA_MDVSA-2009-215.NASL", "MOZILLA_FIREFOX_3015.NASL", "MOZILLA_THUNDERBIRD_20023.NASL", "OPERA_1010.NASL", "ORACLELINUX_ELSA-2009-0480.NASL", "ORACLELINUX_ELSA-2009-1138.NASL", "ORACLELINUX_ELSA-2009-1601.NASL", "ORACLELINUX_ELSA-2011-0492.NASL", "REDHAT-RHSA-2009-0458.NASL", "REDHAT-RHSA-2009-0480.NASL", "REDHAT-RHSA-2009-1184.NASL", "REDHAT-RHSA-2009-1459.NASL", "SLACKWARE_SSA_2011-041-02.NASL", "SL_20090731_NSPR_AND_NSS_FOR_SL_4_X.NASL", "SL_20100104_PYXML_ON_SL4_X.NASL", "SUSE9_12520.NASL", "SUSE_11_1_SEAMONKEY-100430.NASL", "SUSE_11_CYRUS-IMAPD-090924.NASL", "SUSE_11_LIBNEON-DEVEL-091012.NASL", "SUSE_11_MOZILLA-NSPR-091103.NASL", "SUSE_11_MUTT-090909.NASL", "SUSE_11_RUBY-131125.NASL", "SUSE_CUPS-6565.NASL", "SUSE_CYRUS-IMAPD-6511.NASL", "SUSE_FREERADIUS-6496.NASL", "SUSE_XPDF-6558.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:102039", "OPENVAS:1361412562310103448", "OPENVAS:1361412562310122465", "OPENVAS:136141256231064577", "OPENVAS:136141256231064678", "OPENVAS:136141256231064989", "OPENVAS:136141256231065117", "OPENVAS:136141256231066013", "OPENVAS:136141256231066084", "OPENVAS:136141256231066162", "OPENVAS:136141256231066225", "OPENVAS:136141256231066229", "OPENVAS:136141256231066231", "OPENVAS:136141256231066314", "OPENVAS:136141256231066396", "OPENVAS:136141256231066448", "OPENVAS:136141256231066465", "OPENVAS:136141256231068923", "OPENVAS:136141256231072423", "OPENVAS:1361412562310830782", "OPENVAS:1361412562310830933", "OPENVAS:1361412562310831494", "OPENVAS:1361412562310855695", "OPENVAS:1361412562310880500", "OPENVAS:1361412562310880625", "OPENVAS:1361412562310880713", "OPENVAS:1361412562310880839", "OPENVAS:1361412562310880905", "OPENVAS:1361412562310881282", "OPENVAS:1361412562311220191428", "OPENVAS:1361412562311220191544", "OPENVAS:64713", "OPENVAS:65006", "OPENVAS:65722", "OPENVAS:66083", "OPENVAS:66167", "OPENVAS:66189", "OPENVAS:66190", "OPENVAS:66235", "OPENVAS:66381", "OPENVAS:66391", "OPENVAS:66396", "OPENVAS:66465", "OPENVAS:66468", "OPENVAS:66530", "OPENVAS:830781", "OPENVAS:830820", "OPENVAS:830925", "OPENVAS:830947", "OPENVAS:831494", "OPENVAS:840391", "OPENVAS:855737", "OPENVAS:855812", "OPENVAS:862599", "OPENVAS:863062", "OPENVAS:880375", "OPENVAS:880397", "OPENVAS:880436", "OPENVAS:880723", "OPENVAS:880832", "OPENVAS:880839"]}, {"type": "oraclelinux", "idList": ["ELSA-2009-1452", "ELSA-2009-1501", "ELSA-2009-1503", "ELSA-2009-1504", "ELSA-2009-1512", "ELSA-2009-1513", "ELSA-2009-1601", "ELSA-2010-0002", "ELSA-2010-0401", "ELSA-2013-0131"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:82822", "PACKETSTORM:82823", "PACKETSTORM:84946", "PACKETSTORM:84952", "PACKETSTORM:89801"]}, {"type": "redhat", "idList": ["RHSA-2009:0458", "RHSA-2009:1452", "RHSA-2009:1501", "RHSA-2009:1502", "RHSA-2009:1503", "RHSA-2009:1504", "RHSA-2009:1513", "RHSA-2009:1530", "RHSA-2009:1572", "RHSA-2009:1601", "RHSA-2009:1692", "RHSA-2010:0002", "RHSA-2011:0491", "RHSA-2013:0131"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:22932", "SECURITYVULNS:VULN:10280"]}, {"type": "seebug", "idList": ["SSV:18280", "SSV:5023"]}, {"type": "slackware", "idList": ["SSA-2011-041-02"]}, {"type": "suse", "idList": ["SUSE-SA:2009:048"]}, {"type": "talos", "idList": ["TALOS-2017-0294"]}, {"type": "threatpost", "idList": ["THREATPOST:E8934170DFDD56E0C8B8F5EA86038B74"]}, {"type": "ubuntu", "idList": ["USN-810-1", "USN-810-2", "USN-810-3", "USN-850-3", "USN-871-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2009-0689", "UB:CVE-2009-3720"]}, {"type": "vmware", "idList": ["VMSA-2012-0001"]}]}, "exploitation": null, "epss": [{"cve": "CVE-2009-3608", "epss": "0.057230000", "percentile": "0.921280000", "modified": "2023-03-15"}, {"cve": "CVE-2009-3603", "epss": "0.054000000", "percentile": "0.919250000", "modified": "2023-03-15"}, {"cve": "CVE-2009-3606", "epss": "0.054000000", "percentile": "0.919250000", "modified": "2023-03-15"}, {"cve": "CVE-2009-2408", "epss": "0.005270000", "percentile": "0.734100000", "modified": "2023-03-15"}, {"cve": "CVE-2009-3111", "epss": "0.955140000", "percentile": "0.989500000", "modified": "2023-03-15"}, {"cve": "CVE-2009-3604", "epss": "0.428250000", "percentile": "0.967160000", "modified": "2023-03-15"}, {"cve": "CVE-2009-3605", "epss": "0.037190000", "percentile": "0.903510000", "modified": "2023-03-15"}, {"cve": "CVE-2009-0689", "epss": "0.972200000", "percentile": "0.996690000", "modified": "2023-03-15"}, {"cve": "CVE-2008-5519", "epss": "0.002550000", "percentile": "0.616530000", "modified": "2023-03-15"}, {"cve": "CVE-2009-3609", "epss": "0.007120000", "percentile": "0.774250000", "modified": "2023-03-15"}, {"cve": "CVE-2009-3235", "epss": "0.021230000", "percentile": "0.874330000", "modified": "2023-03-15"}, {"cve": "CVE-2009-2473", "epss": "0.002650000", "percentile": "0.623600000", "modified": "2023-03-15"}, {"cve": "CVE-2009-3720", "epss": "0.016730000", "percentile": "0.857060000", "modified": "2023-03-15"}, {"cve": "CVE-2009-2661", "epss": "0.023260000", "percentile": "0.880100000", "modified": "2023-03-15"}], "vulnersScore": 1.4}, "_state": {"dependencies": 1678915652, "score": 1683822828, "epss": 1678928294}, "_internal": {"score_hash": "53fab81e131d9dc5cf62833a5ce6ed28"}, "pluginID": "66215", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: suse_sr_2009_018.nasl 6668 2017-07-11 13:34:29Z cfischer $\n# Description: Auto-generated from advisory SUSE-SR:2009:018\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates announced in\nadvisory SUSE-SR:2009:018. SuSE Security Summaries are short\non detail when it comes to the names of packages affected by\na particular bug. Because of this, while this test will detect\nout of date packages, it cannot tell you what bugs impact\nwhich packages, or vice versa.\";\n\ntag_solution = \"Update all out of date packages.\";\n \nif(description)\n{\n script_id(66215);\n script_version(\"$Revision: 6668 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-11 15:34:29 +0200 (Tue, 11 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-11-11 15:56:44 +0100 (Wed, 11 Nov 2009)\");\n script_cve_id(\"CVE-2008-5519\", \"CVE-2009-3603\", \"CVE-2009-3605\", \"CVE-2009-0689\", \"CVE-2009-3606\", \"CVE-2009-3609\", \"CVE-2009-3608\", \"CVE-2009-3111\", \"CVE-2009-3720\", \"CVE-2009-2408\", \"CVE-2009-3235\", \"CVE-2009-2661\", \"CVE-2009-2473\", \"CVE-2009-3604\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"SuSE Security Summary SUSE-SR:2009:018\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"MozillaFirefox\", rpm:\"MozillaFirefox~3.0.15~0.1.2\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"MozillaFirefox-branding-upstream\", rpm:\"MozillaFirefox-branding-upstream~3.0.15~0.1.2\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"MozillaFirefox-translations\", rpm:\"MozillaFirefox-translations~3.0.15~0.1.2\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache2-mod_jk\", rpm:\"apache2-mod_jk~1.2.26~1.44.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"cyrus-imapd\", rpm:\"cyrus-imapd~2.3.11~60.21.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"cyrus-imapd-devel\", rpm:\"cyrus-imapd-devel~2.3.11~60.21.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"expat\", rpm:\"expat~2.0.1~88.16.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_5_0-sun\", rpm:\"java-1_5_0-sun~1.5.0_update22~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_5_0-sun-alsa\", rpm:\"java-1_5_0-sun-alsa~1.5.0_update22~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_5_0-sun-devel\", rpm:\"java-1_5_0-sun-devel~1.5.0_update22~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_5_0-sun-jdbc\", rpm:\"java-1_5_0-sun-jdbc~1.5.0_update22~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_5_0-sun-plugin\", rpm:\"java-1_5_0-sun-plugin~1.5.0_update22~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_5_0-sun-src\", rpm:\"java-1_5_0-sun-src~1.5.0_update22~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-debug\", rpm:\"kernel-debug~2.6.27.37~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-debug-base\", rpm:\"kernel-debug-base~2.6.27.37~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-debug-extra\", rpm:\"kernel-debug-extra~2.6.27.37~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-default\", rpm:\"kernel-default~2.6.27.37~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-default-base\", rpm:\"kernel-default-base~2.6.27.37~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-default-extra\", rpm:\"kernel-default-extra~2.6.27.37~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-ec2\", rpm:\"kernel-ec2~2.6.27.37~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-ec2-base\", rpm:\"kernel-ec2-base~2.6.27.37~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-ec2-extra\", rpm:\"kernel-ec2-extra~2.6.27.37~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-pae\", rpm:\"kernel-pae~2.6.27.37~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-pae-base\", rpm:\"kernel-pae-base~2.6.27.37~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-pae-extra\", rpm:\"kernel-pae-extra~2.6.27.37~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-source\", rpm:\"kernel-source~2.6.27.37~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-syms\", rpm:\"kernel-syms~2.6.27.37~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-trace\", rpm:\"kernel-trace~2.6.27.37~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-trace-base\", rpm:\"kernel-trace-base~2.6.27.37~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-trace-extra\", rpm:\"kernel-trace-extra~2.6.27.37~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-vanilla\", rpm:\"kernel-vanilla~2.6.27.37~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-xen\", rpm:\"kernel-xen~2.6.27.37~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-xen-base\", rpm:\"kernel-xen-base~2.6.27.37~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-xen-extra\", rpm:\"kernel-xen-extra~2.6.27.37~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libexpat-devel\", rpm:\"libexpat-devel~2.0.1~88.16.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libexpat1\", rpm:\"libexpat1~2.0.1~88.16.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libneon-devel\", rpm:\"libneon-devel~0.28.3~1.31.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libneon27\", rpm:\"libneon27~0.28.3~1.31.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libvirt\", rpm:\"libvirt~0.4.6~11.15.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libvirt-cim\", rpm:\"libvirt-cim~0.5.2~4.22.18\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libvirt-devel\", rpm:\"libvirt-devel~0.4.6~11.15.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libvirt-doc\", rpm:\"libvirt-doc~0.4.6~11.15.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libvirt-python\", rpm:\"libvirt-python~0.4.6~11.15.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-nspr\", rpm:\"mozilla-nspr~4.8.2~1.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-nspr-devel\", rpm:\"mozilla-nspr-devel~4.8.2~1.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-xulrunner190\", rpm:\"mozilla-xulrunner190~1.9.0.15~0.1.2\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-xulrunner190-devel\", rpm:\"mozilla-xulrunner190-devel~1.9.0.15~0.1.2\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-xulrunner190-gnomevfs\", rpm:\"mozilla-xulrunner190-gnomevfs~1.9.0.15~0.1.2\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-xulrunner190-translations\", rpm:\"mozilla-xulrunner190-translations~1.9.0.15~0.1.2\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"neon\", rpm:\"neon~0.28.3~1.31.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"opera\", rpm:\"opera~10.01~1.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"perl-Cyrus-IMAP\", rpm:\"perl-Cyrus-IMAP~2.3.11~60.21.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"perl-Cyrus-SIEVE-managesieve\", rpm:\"perl-Cyrus-SIEVE-managesieve~2.3.11~60.21.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"pinentry\", rpm:\"pinentry~0.7.5~61.18.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"pinentry-gtk2\", rpm:\"pinentry-gtk2~0.7.5~61.18.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"pinentry-qt\", rpm:\"pinentry-qt~0.7.5~61.18.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"python-xpcom190\", rpm:\"python-xpcom190~1.9.0.15~0.1.2\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"timezone\", rpm:\"timezone~2009p~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"virt-manager\", rpm:\"virt-manager~0.5.3~64.25.17\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"virt-viewer\", rpm:\"virt-viewer~0.0.3~3.29.18\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"vm-install\", rpm:\"vm-install~0.3.26~0.1.9\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xen\", rpm:\"xen~3.3.1_18546_20~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xen-devel\", rpm:\"xen-devel~3.3.1_18546_20~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xen-doc-html\", rpm:\"xen-doc-html~3.3.1_18546_20~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xen-doc-pdf\", rpm:\"xen-doc-pdf~3.3.1_18546_20~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xen-kmp-debug\", rpm:\"xen-kmp-debug~3.3.1_18546_20_2.6.27.29_0.1~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xen-kmp-default\", rpm:\"xen-kmp-default~3.3.1_18546_20_2.6.27.29_0.1~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xen-kmp-pae\", rpm:\"xen-kmp-pae~3.3.1_18546_20_2.6.27.29_0.1~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xen-kmp-trace\", rpm:\"xen-kmp-trace~3.3.1_18546_20_2.6.27.29_0.1~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xen-libs\", rpm:\"xen-libs~3.3.1_18546_20~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xen-tools\", rpm:\"xen-tools~3.3.1_18546_20~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xen-tools-domU\", rpm:\"xen-tools-domU~3.3.1_18546_20~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xpdf\", rpm:\"xpdf~3.02~97.81.3\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xpdf-tools\", rpm:\"xpdf-tools~3.02~97.81.3\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"MozillaFirefox\", rpm:\"MozillaFirefox~3.0.15~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"MozillaFirefox-translations\", rpm:\"MozillaFirefox-translations~3.0.15~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache2-mod_jk\", rpm:\"apache2-mod_jk~1.2.21~129.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"cyrus-imapd\", rpm:\"cyrus-imapd~2.3.11~31.4\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"cyrus-imapd-devel\", rpm:\"cyrus-imapd-devel~2.3.11~31.4\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"expat\", rpm:\"expat~2.0.1~62.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_5_0-sun\", rpm:\"java-1_5_0-sun~1.5.0_update22~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_5_0-sun-alsa\", rpm:\"java-1_5_0-sun-alsa~1.5.0_update22~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_5_0-sun-demo\", rpm:\"java-1_5_0-sun-demo~1.5.0_update22~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_5_0-sun-devel\", rpm:\"java-1_5_0-sun-devel~1.5.0_update22~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_5_0-sun-jdbc\", rpm:\"java-1_5_0-sun-jdbc~1.5.0_update22~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_5_0-sun-plugin\", rpm:\"java-1_5_0-sun-plugin~1.5.0_update22~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_5_0-sun-src\", rpm:\"java-1_5_0-sun-src~1.5.0_update22~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libexpat-devel\", rpm:\"libexpat-devel~2.0.1~62.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libexpat1\", rpm:\"libexpat1~2.0.1~62.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libneon-devel\", rpm:\"libneon-devel~0.28.2~17.4\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libneon27\", rpm:\"libneon27~0.28.2~17.4\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-nspr\", rpm:\"mozilla-nspr~4.8.2~1.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-nspr-devel\", rpm:\"mozilla-nspr-devel~4.8.2~1.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-xulrunner190\", rpm:\"mozilla-xulrunner190~1.9.0.15~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-xulrunner190-devel\", rpm:\"mozilla-xulrunner190-devel~1.9.0.15~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-xulrunner190-gnomevfs\", rpm:\"mozilla-xulrunner190-gnomevfs~1.9.0.15~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-xulrunner190-translations\", rpm:\"mozilla-xulrunner190-translations~1.9.0.15~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"neon\", rpm:\"neon~0.28.2~17.4\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"opera\", rpm:\"opera~10.01~1.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"perl-Cyrus-IMAP\", rpm:\"perl-Cyrus-IMAP~2.3.11~31.4\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"perl-Cyrus-SIEVE-managesieve\", rpm:\"perl-Cyrus-SIEVE-managesieve~2.3.11~31.4\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"pinentry\", rpm:\"pinentry~0.7.5~18.3\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"pinentry-gtk2\", rpm:\"pinentry-gtk2~0.7.5~14.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"pinentry-qt\", rpm:\"pinentry-qt~0.7.5~14.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"timezone\", rpm:\"timezone~2009p~1.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xpdf\", rpm:\"xpdf~3.02~95.9\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xpdf-tools\", rpm:\"xpdf-tools~3.02~95.9\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache2-mod_jk\", rpm:\"apache2-mod_jk~1.2.21~59.4\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"cyrus-imapd\", rpm:\"cyrus-imapd~2.3.8~51.4\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"cyrus-imapd-devel\", rpm:\"cyrus-imapd-devel~2.3.8~51.4\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"expat\", rpm:\"expat~2.0.1~24.2\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libexpat-devel\", rpm:\"libexpat-devel~2.0.1~24.2\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libexpat1\", rpm:\"libexpat1~2.0.1~24.2\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"neon\", rpm:\"neon~0.26.4~17.2\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"neon-devel\", rpm:\"neon-devel~0.26.4~17.2\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"perl-Cyrus-IMAP\", rpm:\"perl-Cyrus-IMAP~2.3.8~51.4\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"perl-Cyrus-SIEVE-managesieve\", rpm:\"perl-Cyrus-SIEVE-managesieve~2.3.8~51.4\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"pinentry\", rpm:\"pinentry~0.7.2~121.3\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"pinentry-gtk2\", rpm:\"pinentry-gtk2~0.7.2~14.2\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"pinentry-qt\", rpm:\"pinentry-qt~0.7.2~14.2\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"timezone\", rpm:\"timezone~2009p~1.1\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xpdf\", rpm:\"xpdf~3.02~19.13\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xpdf-tools\", rpm:\"xpdf-tools~3.02~19.13\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "naslFamily": "SuSE Local Security Checks"}

{"openvas": [{"lastseen": "2018-04-06T11:38:08", "description": "The remote host is missing updates announced in\nadvisory SUSE-SR:2009:018. SuSE Security Summaries are short\non detail when it comes to the names of packages affected by\na particular bug. Because of this, while this test will detect\nout of date packages, it cannot tell you what bugs impact\nwhich packages, or vice versa.", "cvss3": {}, "published": "2009-11-11T00:00:00", "type": "openvas", "title": "SuSE Security Summary SUSE-SR:2009:018", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-3608", "CVE-2009-3603", "CVE-2009-3606", "CVE-2009-2408", "CVE-2009-3111", "CVE-2009-3604", "CVE-2009-3605", "CVE-2009-0689", "CVE-2008-5519", "CVE-2009-3609", "CVE-2009-3235", "CVE-2009-2473", "CVE-2009-3720", "CVE-2009-2661"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:136141256231066215", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231066215", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: suse_sr_2009_018.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory SUSE-SR:2009:018\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates announced in\nadvisory SUSE-SR:2009:018. SuSE Security Summaries are short\non detail when it comes to the names of packages affected by\na particular bug. Because of this, while this test will detect\nout of date packages, it cannot tell you what bugs impact\nwhich packages, or vice versa.\";\n\ntag_solution = \"Update all out of date packages.\";\n \nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.66215\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-11-11 15:56:44 +0100 (Wed, 11 Nov 2009)\");\n script_cve_id(\"CVE-2008-5519\", \"CVE-2009-3603\", \"CVE-2009-3605\", \"CVE-2009-0689\", \"CVE-2009-3606\", \"CVE-2009-3609\", \"CVE-2009-3608\", \"CVE-2009-3111\", \"CVE-2009-3720\", \"CVE-2009-2408\", \"CVE-2009-3235\", \"CVE-2009-2661\", \"CVE-2009-2473\", \"CVE-2009-3604\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"SuSE Security Summary SUSE-SR:2009:018\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"MozillaFirefox\", rpm:\"MozillaFirefox~3.0.15~0.1.2\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"MozillaFirefox-branding-upstream\", rpm:\"MozillaFirefox-branding-upstream~3.0.15~0.1.2\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"MozillaFirefox-translations\", rpm:\"MozillaFirefox-translations~3.0.15~0.1.2\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache2-mod_jk\", rpm:\"apache2-mod_jk~1.2.26~1.44.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"cyrus-imapd\", rpm:\"cyrus-imapd~2.3.11~60.21.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"cyrus-imapd-devel\", rpm:\"cyrus-imapd-devel~2.3.11~60.21.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"expat\", rpm:\"expat~2.0.1~88.16.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_5_0-sun\", rpm:\"java-1_5_0-sun~1.5.0_update22~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_5_0-sun-alsa\", rpm:\"java-1_5_0-sun-alsa~1.5.0_update22~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_5_0-sun-devel\", rpm:\"java-1_5_0-sun-devel~1.5.0_update22~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_5_0-sun-jdbc\", rpm:\"java-1_5_0-sun-jdbc~1.5.0_update22~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_5_0-sun-plugin\", rpm:\"java-1_5_0-sun-plugin~1.5.0_update22~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_5_0-sun-src\", rpm:\"java-1_5_0-sun-src~1.5.0_update22~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-debug\", rpm:\"kernel-debug~2.6.27.37~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-debug-base\", rpm:\"kernel-debug-base~2.6.27.37~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-debug-extra\", rpm:\"kernel-debug-extra~2.6.27.37~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-default\", rpm:\"kernel-default~2.6.27.37~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-default-base\", rpm:\"kernel-default-base~2.6.27.37~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-default-extra\", rpm:\"kernel-default-extra~2.6.27.37~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-ec2\", rpm:\"kernel-ec2~2.6.27.37~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-ec2-base\", rpm:\"kernel-ec2-base~2.6.27.37~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-ec2-extra\", rpm:\"kernel-ec2-extra~2.6.27.37~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-pae\", rpm:\"kernel-pae~2.6.27.37~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-pae-base\", rpm:\"kernel-pae-base~2.6.27.37~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-pae-extra\", rpm:\"kernel-pae-extra~2.6.27.37~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-source\", rpm:\"kernel-source~2.6.27.37~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-syms\", rpm:\"kernel-syms~2.6.27.37~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-trace\", rpm:\"kernel-trace~2.6.27.37~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-trace-base\", rpm:\"kernel-trace-base~2.6.27.37~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-trace-extra\", rpm:\"kernel-trace-extra~2.6.27.37~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-vanilla\", rpm:\"kernel-vanilla~2.6.27.37~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-xen\", rpm:\"kernel-xen~2.6.27.37~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-xen-base\", rpm:\"kernel-xen-base~2.6.27.37~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kernel-xen-extra\", rpm:\"kernel-xen-extra~2.6.27.37~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libexpat-devel\", rpm:\"libexpat-devel~2.0.1~88.16.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libexpat1\", rpm:\"libexpat1~2.0.1~88.16.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libneon-devel\", rpm:\"libneon-devel~0.28.3~1.31.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libneon27\", rpm:\"libneon27~0.28.3~1.31.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libvirt\", rpm:\"libvirt~0.4.6~11.15.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libvirt-cim\", rpm:\"libvirt-cim~0.5.2~4.22.18\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libvirt-devel\", rpm:\"libvirt-devel~0.4.6~11.15.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libvirt-doc\", rpm:\"libvirt-doc~0.4.6~11.15.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libvirt-python\", rpm:\"libvirt-python~0.4.6~11.15.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-nspr\", rpm:\"mozilla-nspr~4.8.2~1.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-nspr-devel\", rpm:\"mozilla-nspr-devel~4.8.2~1.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-xulrunner190\", rpm:\"mozilla-xulrunner190~1.9.0.15~0.1.2\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-xulrunner190-devel\", rpm:\"mozilla-xulrunner190-devel~1.9.0.15~0.1.2\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-xulrunner190-gnomevfs\", rpm:\"mozilla-xulrunner190-gnomevfs~1.9.0.15~0.1.2\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-xulrunner190-translations\", rpm:\"mozilla-xulrunner190-translations~1.9.0.15~0.1.2\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"neon\", rpm:\"neon~0.28.3~1.31.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"opera\", rpm:\"opera~10.01~1.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"perl-Cyrus-IMAP\", rpm:\"perl-Cyrus-IMAP~2.3.11~60.21.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"perl-Cyrus-SIEVE-managesieve\", rpm:\"perl-Cyrus-SIEVE-managesieve~2.3.11~60.21.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"pinentry\", rpm:\"pinentry~0.7.5~61.18.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"pinentry-gtk2\", rpm:\"pinentry-gtk2~0.7.5~61.18.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"pinentry-qt\", rpm:\"pinentry-qt~0.7.5~61.18.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"python-xpcom190\", rpm:\"python-xpcom190~1.9.0.15~0.1.2\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"timezone\", rpm:\"timezone~2009p~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"virt-manager\", rpm:\"virt-manager~0.5.3~64.25.17\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"virt-viewer\", rpm:\"virt-viewer~0.0.3~3.29.18\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"vm-install\", rpm:\"vm-install~0.3.26~0.1.9\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xen\", rpm:\"xen~3.3.1_18546_20~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xen-devel\", rpm:\"xen-devel~3.3.1_18546_20~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xen-doc-html\", rpm:\"xen-doc-html~3.3.1_18546_20~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xen-doc-pdf\", rpm:\"xen-doc-pdf~3.3.1_18546_20~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xen-kmp-debug\", rpm:\"xen-kmp-debug~3.3.1_18546_20_2.6.27.29_0.1~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xen-kmp-default\", rpm:\"xen-kmp-default~3.3.1_18546_20_2.6.27.29_0.1~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xen-kmp-pae\", rpm:\"xen-kmp-pae~3.3.1_18546_20_2.6.27.29_0.1~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xen-kmp-trace\", rpm:\"xen-kmp-trace~3.3.1_18546_20_2.6.27.29_0.1~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xen-libs\", rpm:\"xen-libs~3.3.1_18546_20~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xen-tools\", rpm:\"xen-tools~3.3.1_18546_20~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xen-tools-domU\", rpm:\"xen-tools-domU~3.3.1_18546_20~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xpdf\", rpm:\"xpdf~3.02~97.81.3\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xpdf-tools\", rpm:\"xpdf-tools~3.02~97.81.3\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"MozillaFirefox\", rpm:\"MozillaFirefox~3.0.15~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"MozillaFirefox-translations\", rpm:\"MozillaFirefox-translations~3.0.15~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache2-mod_jk\", rpm:\"apache2-mod_jk~1.2.21~129.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"cyrus-imapd\", rpm:\"cyrus-imapd~2.3.11~31.4\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"cyrus-imapd-devel\", rpm:\"cyrus-imapd-devel~2.3.11~31.4\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"expat\", rpm:\"expat~2.0.1~62.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_5_0-sun\", rpm:\"java-1_5_0-sun~1.5.0_update22~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_5_0-sun-alsa\", rpm:\"java-1_5_0-sun-alsa~1.5.0_update22~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_5_0-sun-demo\", rpm:\"java-1_5_0-sun-demo~1.5.0_update22~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_5_0-sun-devel\", rpm:\"java-1_5_0-sun-devel~1.5.0_update22~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_5_0-sun-jdbc\", rpm:\"java-1_5_0-sun-jdbc~1.5.0_update22~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_5_0-sun-plugin\", rpm:\"java-1_5_0-sun-plugin~1.5.0_update22~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_5_0-sun-src\", rpm:\"java-1_5_0-sun-src~1.5.0_update22~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libexpat-devel\", rpm:\"libexpat-devel~2.0.1~62.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libexpat1\", rpm:\"libexpat1~2.0.1~62.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libneon-devel\", rpm:\"libneon-devel~0.28.2~17.4\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libneon27\", rpm:\"libneon27~0.28.2~17.4\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-nspr\", rpm:\"mozilla-nspr~4.8.2~1.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-nspr-devel\", rpm:\"mozilla-nspr-devel~4.8.2~1.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-xulrunner190\", rpm:\"mozilla-xulrunner190~1.9.0.15~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-xulrunner190-devel\", rpm:\"mozilla-xulrunner190-devel~1.9.0.15~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-xulrunner190-gnomevfs\", rpm:\"mozilla-xulrunner190-gnomevfs~1.9.0.15~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-xulrunner190-translations\", rpm:\"mozilla-xulrunner190-translations~1.9.0.15~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"neon\", rpm:\"neon~0.28.2~17.4\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"opera\", rpm:\"opera~10.01~1.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"perl-Cyrus-IMAP\", rpm:\"perl-Cyrus-IMAP~2.3.11~31.4\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"perl-Cyrus-SIEVE-managesieve\", rpm:\"perl-Cyrus-SIEVE-managesieve~2.3.11~31.4\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"pinentry\", rpm:\"pinentry~0.7.5~18.3\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"pinentry-gtk2\", rpm:\"pinentry-gtk2~0.7.5~14.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"pinentry-qt\", rpm:\"pinentry-qt~0.7.5~14.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"timezone\", rpm:\"timezone~2009p~1.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xpdf\", rpm:\"xpdf~3.02~95.9\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xpdf-tools\", rpm:\"xpdf-tools~3.02~95.9\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache2-mod_jk\", rpm:\"apache2-mod_jk~1.2.21~59.4\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"cyrus-imapd\", rpm:\"cyrus-imapd~2.3.8~51.4\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"cyrus-imapd-devel\", rpm:\"cyrus-imapd-devel~2.3.8~51.4\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"expat\", rpm:\"expat~2.0.1~24.2\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libexpat-devel\", rpm:\"libexpat-devel~2.0.1~24.2\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libexpat1\", rpm:\"libexpat1~2.0.1~24.2\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"neon\", rpm:\"neon~0.26.4~17.2\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"neon-devel\", rpm:\"neon-devel~0.26.4~17.2\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"perl-Cyrus-IMAP\", rpm:\"perl-Cyrus-IMAP~2.3.8~51.4\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"perl-Cyrus-SIEVE-managesieve\", rpm:\"perl-Cyrus-SIEVE-managesieve~2.3.8~51.4\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"pinentry\", rpm:\"pinentry~0.7.2~121.3\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"pinentry-gtk2\", rpm:\"pinentry-gtk2~0.7.2~14.2\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"pinentry-qt\", rpm:\"pinentry-qt~0.7.2~14.2\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"timezone\", rpm:\"timezone~2009p~1.1\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xpdf\", rpm:\"xpdf~3.02~19.13\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xpdf-tools\", rpm:\"xpdf-tools~3.02~19.13\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:39:00", "description": "The remote host is missing an update as announced\nvia advisory SSA:2009-302-01.", "cvss3": {}, "published": "2012-09-11T00:00:00", "type": "openvas", "title": "Slackware Advisory SSA:2009-302-01 xpdf", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-3608", "CVE-2009-3603", "CVE-2009-3606", "CVE-2009-3604", "CVE-2009-3605", "CVE-2009-3609"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:136141256231066151", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231066151", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: esoft_slk_ssa_2009_302_01.nasl 14202 2019-03-15 09:16:15Z cfischer $\n# Description: Auto-generated from the corresponding slackware advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.66151\");\n script_tag(name:\"creation_date\", value:\"2012-09-11 01:34:21 +0200 (Tue, 11 Sep 2012)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 10:16:15 +0100 (Fri, 15 Mar 2019) $\");\n script_cve_id(\"CVE-2009-3603\", \"CVE-2009-3604\", \"CVE-2009-3605\", \"CVE-2009-3606\", \"CVE-2009-3608\", \"CVE-2009-3609\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_version(\"$Revision: 14202 $\");\n script_name(\"Slackware Advisory SSA:2009-302-01 xpdf\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Slackware Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/slackware_linux\", \"ssh/login/slackpack\", re:\"ssh/login/release=SLK(9\\.1|10\\.0|10\\.1|10\\.2|11\\.0|12\\.0|12\\.1|12\\.2|13\\.0)\");\n\n script_xref(name:\"URL\", value:\"https://secure1.securityspace.com/smysecure/catid.html?in=SSA:2009-302-01\");\n\n script_tag(name:\"insight\", value:\"New xpdf packages are available for Slackware 9.1, 10.0, 10.1, 10.2, 11.0,\n12.0, 12.1, 12.2, 13.0, and -current to fix security issues.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to the new package(s).\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update as announced\nvia advisory SSA:2009-302-01.\");\n\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-slack.inc\");\n\nreport = \"\";\nres = \"\";\n\nif((res = isslkpkgvuln(pkg:\"xpdf\", ver:\"3.02pl4-i486-1_slack9.1\", rls:\"SLK9.1\")) != NULL) {\n report += res;\n}\nif((res = isslkpkgvuln(pkg:\"xpdf\", ver:\"3.02pl4-i486-1_slack10.0\", rls:\"SLK10.0\")) != NULL) {\n report += res;\n}\nif((res = isslkpkgvuln(pkg:\"xpdf\", ver:\"3.02pl4-i486-1_slack10.1\", rls:\"SLK10.1\")) != NULL) {\n report += res;\n}\nif((res = isslkpkgvuln(pkg:\"xpdf\", ver:\"3.02pl4-i486-1_slack10.2\", rls:\"SLK10.2\")) != NULL) {\n report += res;\n}\nif((res = isslkpkgvuln(pkg:\"xpdf\", ver:\"3.02pl4-i486-1_slack11.0\", rls:\"SLK11.0\")) != NULL) {\n report += res;\n}\nif((res = isslkpkgvuln(pkg:\"xpdf\", ver:\"3.02pl4-i486-1_slack12.0\", rls:\"SLK12.0\")) != NULL) {\n report += res;\n}\nif((res = isslkpkgvuln(pkg:\"xpdf\", ver:\"3.02pl4-i486-1_slack12.1\", rls:\"SLK12.1\")) != NULL) {\n report += res;\n}\nif((res = isslkpkgvuln(pkg:\"xpdf\", ver:\"3.02pl4-i486-1_slack12.2\", rls:\"SLK12.2\")) != NULL) {\n report += res;\n}\nif((res = isslkpkgvuln(pkg:\"xpdf\", ver:\"3.02pl4-i486-1_slack13.0\", rls:\"SLK13.0\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2017-07-24T12:50:35", "description": "The remote host is missing an update as announced\nvia advisory SSA:2009-302-01.", "cvss3": {}, "published": "2012-09-11T00:00:00", "type": "openvas", "title": "Slackware Advisory SSA:2009-302-01 xpdf ", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-3608", "CVE-2009-3603", "CVE-2009-3606", "CVE-2009-3604", "CVE-2009-3605", "CVE-2009-3609"], "modified": "2017-07-07T00:00:00", "id": "OPENVAS:66151", "href": "http://plugins.openvas.org/nasl.php?oid=66151", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: esoft_slk_ssa_2009_302_01.nasl 6598 2017-07-07 09:36:44Z cfischer $\n# Description: Auto-generated from the corresponding slackware advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"New xpdf packages are available for Slackware 9.1, 10.0, 10.1, 10.2, 11.0,\n12.0, 12.1, 12.2, 13.0, and -current to fix security issues.\";\ntag_summary = \"The remote host is missing an update as announced\nvia advisory SSA:2009-302-01.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=SSA:2009-302-01\";\n \nif(description)\n{\n script_id(66151);\n script_tag(name:\"creation_date\", value:\"2012-09-11 01:34:21 +0200 (Tue, 11 Sep 2012)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 11:36:44 +0200 (Fri, 07 Jul 2017) $\");\n script_cve_id(\"CVE-2009-3603\", \"CVE-2009-3604\", \"CVE-2009-3605\", \"CVE-2009-3606\", \"CVE-2009-3608\", \"CVE-2009-3609\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_version(\"$Revision: 6598 $\");\n script_name(\"Slackware Advisory SSA:2009-302-01 xpdf \");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Slackware Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/slackware_linux\", \"ssh/login/slackpack\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-slack.inc\");\nvuln = 0;\nif(isslkpkgvuln(pkg:\"xpdf\", ver:\"3.02pl4-i486-1_slack9.1\", rls:\"SLK9.1\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"xpdf\", ver:\"3.02pl4-i486-1_slack10.0\", rls:\"SLK10.0\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"xpdf\", ver:\"3.02pl4-i486-1_slack10.1\", rls:\"SLK10.1\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"xpdf\", ver:\"3.02pl4-i486-1_slack10.2\", rls:\"SLK10.2\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"xpdf\", ver:\"3.02pl4-i486-1_slack11.0\", rls:\"SLK11.0\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"xpdf\", ver:\"3.02pl4-i486-1_slack12.0\", rls:\"SLK12.0\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"xpdf\", ver:\"3.02pl4-i486-1_slack12.1\", rls:\"SLK12.1\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"xpdf\", ver:\"3.02pl4-i486-1_slack12.2\", rls:\"SLK12.2\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"xpdf\", ver:\"3.02pl4-i486-1_slack13.0\", rls:\"SLK13.0\")) {\n vuln = 1;\n}\n\nif(vuln) {\n security_message(0);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-06T11:39:43", "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n xpdf-tools\n\n\nMore details may also be found by searching for the SuSE\nEnterprise Server 10 patch database located at\nhttp://download.novell.com/patch/finder/", "cvss3": {}, "published": "2009-11-11T00:00:00", "type": "openvas", "title": "SLES10: Security update for xpdf", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-3608", "CVE-2009-3603", "CVE-2009-3606", "CVE-2009-3604", "CVE-2009-3605", "CVE-2009-3609"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:136141256231066234", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231066234", "sourceData": "#\n#VID slesp2-xpdf-6556\n# OpenVAS Vulnerability Test\n# $\n# Description: Security update for xpdf\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n xpdf-tools\n\n\nMore details may also be found by searching for the SuSE\nEnterprise Server 10 patch database located at\nhttp://download.novell.com/patch/finder/\";\n\ntag_solution = \"Please install the updates provided by SuSE.\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.66234\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-11-11 15:56:44 +0100 (Wed, 11 Nov 2009)\");\n script_cve_id(\"CVE-2009-3603\", \"CVE-2009-3604\", \"CVE-2009-3605\", \"CVE-2009-3606\", \"CVE-2009-3608\", \"CVE-2009-3609\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"SLES10: Security update for xpdf\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse_sles\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"xpdf-tools\", rpm:\"xpdf-tools~3.01~21.22.2\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:39:23", "description": "The remote host is missing an update as announced\nvia advisory SSA:2009-302-02.", "cvss3": {}, "published": "2012-09-11T00:00:00", "type": "openvas", "title": "Slackware Advisory SSA:2009-302-02 poppler", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-3608", "CVE-2009-3603", "CVE-2009-3606", "CVE-2009-3604", "CVE-2009-3605", "CVE-2009-3609"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:136141256231066150", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231066150", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: esoft_slk_ssa_2009_302_02.nasl 14202 2019-03-15 09:16:15Z cfischer $\n# Description: Auto-generated from the corresponding slackware advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.66150\");\n script_tag(name:\"creation_date\", value:\"2012-09-11 01:34:21 +0200 (Tue, 11 Sep 2012)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 10:16:15 +0100 (Fri, 15 Mar 2019) $\");\n script_cve_id(\"CVE-2009-3603\", \"CVE-2009-3604\", \"CVE-2009-3605\", \"CVE-2009-3606\", \"CVE-2009-3608\", \"CVE-2009-3609\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_version(\"$Revision: 14202 $\");\n script_name(\"Slackware Advisory SSA:2009-302-02 poppler\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Slackware Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/slackware_linux\", \"ssh/login/slackpack\", re:\"ssh/login/release=SLK(12\\.0|12\\.1|12\\.2|13\\.0)\");\n\n script_xref(name:\"URL\", value:\"https://secure1.securityspace.com/smysecure/catid.html?in=SSA:2009-302-02\");\n\n script_tag(name:\"insight\", value:\"New poppler packages are available for Slackware 12.0, 12.1, 12.2, 13.0,\nand -current to fix security issues.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to the new package(s).\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update as announced\nvia advisory SSA:2009-302-02.\");\n\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-slack.inc\");\n\nreport = \"\";\nres = \"\";\n\nif((res = isslkpkgvuln(pkg:\"poppler\", ver:\"0.6.2-i486-2_slack12.0\", rls:\"SLK12.0\")) != NULL) {\n report += res;\n}\nif((res = isslkpkgvuln(pkg:\"poppler\", ver:\"0.6.4-i486-2_slack12.1\", rls:\"SLK12.1\")) != NULL) {\n report += res;\n}\nif((res = isslkpkgvuln(pkg:\"poppler\", ver:\"0.8.5-i486-3_slack12.2\", rls:\"SLK12.2\")) != NULL) {\n report += res;\n}\nif((res = isslkpkgvuln(pkg:\"poppler\", ver:\"0.10.7-i486-2_slack13.0\", rls:\"SLK13.0\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2017-07-24T12:50:48", "description": "The remote host is missing an update as announced\nvia advisory SSA:2009-302-02.", "cvss3": {}, "published": "2012-09-11T00:00:00", "type": "openvas", "title": "Slackware Advisory SSA:2009-302-02 poppler ", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-3608", "CVE-2009-3603", "CVE-2009-3606", "CVE-2009-3604", "CVE-2009-3605", "CVE-2009-3609"], "modified": "2017-07-07T00:00:00", "id": "OPENVAS:66150", "href": "http://plugins.openvas.org/nasl.php?oid=66150", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: esoft_slk_ssa_2009_302_02.nasl 6598 2017-07-07 09:36:44Z cfischer $\n# Description: Auto-generated from the corresponding slackware advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"New poppler packages are available for Slackware 12.0, 12.1, 12.2, 13.0,\nand -current to fix security issues.\";\ntag_summary = \"The remote host is missing an update as announced\nvia advisory SSA:2009-302-02.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=SSA:2009-302-02\";\n \nif(description)\n{\n script_id(66150);\n script_tag(name:\"creation_date\", value:\"2012-09-11 01:34:21 +0200 (Tue, 11 Sep 2012)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 11:36:44 +0200 (Fri, 07 Jul 2017) $\");\n script_cve_id(\"CVE-2009-3603\", \"CVE-2009-3604\", \"CVE-2009-3605\", \"CVE-2009-3606\", \"CVE-2009-3608\", \"CVE-2009-3609\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_version(\"$Revision: 6598 $\");\n script_name(\"Slackware Advisory SSA:2009-302-02 poppler \");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Slackware Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/slackware_linux\", \"ssh/login/slackpack\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-slack.inc\");\nvuln = 0;\nif(isslkpkgvuln(pkg:\"poppler\", ver:\"0.6.2-i486-2_slack12.0\", rls:\"SLK12.0\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"poppler\", ver:\"0.6.4-i486-2_slack12.1\", rls:\"SLK12.1\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"poppler\", ver:\"0.8.5-i486-3_slack12.2\", rls:\"SLK12.2\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"poppler\", ver:\"0.10.7-i486-2_slack13.0\", rls:\"SLK13.0\")) {\n vuln = 1;\n}\n\nif(vuln) {\n security_message(0);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-26T08:56:01", "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n xpdf-tools\n\n\nMore details may also be found by searching for the SuSE\nEnterprise Server 10 patch database located at\nhttp://download.novell.com/patch/finder/", "cvss3": {}, "published": "2009-11-11T00:00:00", "type": "openvas", "title": "SLES10: Security update for xpdf", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-3608", "CVE-2009-3603", "CVE-2009-3606", "CVE-2009-3604", "CVE-2009-3605", "CVE-2009-3609"], "modified": "2017-07-11T00:00:00", "id": "OPENVAS:66234", "href": "http://plugins.openvas.org/nasl.php?oid=66234", "sourceData": "#\n#VID slesp2-xpdf-6556\n# OpenVAS Vulnerability Test\n# $\n# Description: Security update for xpdf\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n xpdf-tools\n\n\nMore details may also be found by searching for the SuSE\nEnterprise Server 10 patch database located at\nhttp://download.novell.com/patch/finder/\";\n\ntag_solution = \"Please install the updates provided by SuSE.\";\n\nif(description)\n{\n script_id(66234);\n script_version(\"$Revision: 6666 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-11 15:13:36 +0200 (Tue, 11 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-11-11 15:56:44 +0100 (Wed, 11 Nov 2009)\");\n script_cve_id(\"CVE-2009-3603\", \"CVE-2009-3604\", \"CVE-2009-3605\", \"CVE-2009-3606\", \"CVE-2009-3608\", \"CVE-2009-3609\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"SLES10: Security update for xpdf\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse_sles\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"xpdf-tools\", rpm:\"xpdf-tools~3.01~21.22.2\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-06T11:38:27", "description": "The remote host is missing an update to xpdf\nannounced via advisory FEDORA-2009-10648.", "cvss3": {}, "published": "2009-10-27T00:00:00", "type": "openvas", "title": "Fedora Core 11 FEDORA-2009-10648 (xpdf)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-3608", "CVE-2009-3603", "CVE-2009-1188", "CVE-2009-3606", "CVE-2009-3604", "CVE-2009-3605", "CVE-2009-3609"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:136141256231066092", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231066092", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: fcore_2009_10648.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory FEDORA-2009-10648 (xpdf)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Xpdf is an X Window System based viewer for Portable Document Format\n(PDF) files. Xpdf is a small and efficient program which uses\nstandard X fonts.\n\nUpdate Information:\n\n- apply xpdf-3.02pl4 security patch to fix:\n CVE-2009-1188/CVE-2009-3603, CVE-2009-3604, CVE-2009-3606,\n CVE-2009-3608, CVE-2009-3609\n\nChangeLog:\n\n* Fri Oct 16 2009 Tom spot Callaway - 1:3.02-15\n- apply xpdf-3.02pl4 security patch to fix:\nCVE-2009-3603, CVE-2009-3604, CVE-2009-3605, CVE-2009-3606\nCVE-2009-3608, CVE-2009-3609\";\ntag_solution = \"Apply the appropriate updates.\n\nThis update can be installed with the yum update program. Use \nsu -c 'yum update xpdf' at the command line.\nFor more information, refer to Managing Software with yum,\navailable at http://docs.fedoraproject.org/yum/.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2009-10648\";\ntag_summary = \"The remote host is missing an update to xpdf\nannounced via advisory FEDORA-2009-10648.\";\n\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.66092\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-27 01:37:56 +0100 (Tue, 27 Oct 2009)\");\n script_cve_id(\"CVE-2009-1188\", \"CVE-2009-3603\", \"CVE-2009-3604\", \"CVE-2009-3606\", \"CVE-2009-3608\", \"CVE-2009-3609\", \"CVE-2009-3605\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"Fedora Core 11 FEDORA-2009-10648 (xpdf)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=495907\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=526911\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=526877\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=526637\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=526893\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"xpdf\", rpm:\"xpdf~3.02~15.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xpdf-debuginfo\", rpm:\"xpdf-debuginfo~3.02~15.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-25T10:56:28", "description": "The remote host is missing an update to xpdf\nannounced via advisory FEDORA-2009-10648.", "cvss3": {}, "published": "2009-10-27T00:00:00", "type": "openvas", "title": "Fedora Core 11 FEDORA-2009-10648 (xpdf)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-3608", "CVE-2009-3603", "CVE-2009-1188", "CVE-2009-3606", "CVE-2009-3604", "CVE-2009-3605", "CVE-2009-3609"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:66092", "href": "http://plugins.openvas.org/nasl.php?oid=66092", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: fcore_2009_10648.nasl 6624 2017-07-10 06:11:55Z cfischer $\n# Description: Auto-generated from advisory FEDORA-2009-10648 (xpdf)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Xpdf is an X Window System based viewer for Portable Document Format\n(PDF) files. Xpdf is a small and efficient program which uses\nstandard X fonts.\n\nUpdate Information:\n\n- apply xpdf-3.02pl4 security patch to fix:\n CVE-2009-1188/CVE-2009-3603, CVE-2009-3604, CVE-2009-3606,\n CVE-2009-3608, CVE-2009-3609\n\nChangeLog:\n\n* Fri Oct 16 2009 Tom spot Callaway - 1:3.02-15\n- apply xpdf-3.02pl4 security patch to fix:\nCVE-2009-3603, CVE-2009-3604, CVE-2009-3605, CVE-2009-3606\nCVE-2009-3608, CVE-2009-3609\";\ntag_solution = \"Apply the appropriate updates.\n\nThis update can be installed with the yum update program. Use \nsu -c 'yum update xpdf' at the command line.\nFor more information, refer to Managing Software with yum,\navailable at http://docs.fedoraproject.org/yum/.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2009-10648\";\ntag_summary = \"The remote host is missing an update to xpdf\nannounced via advisory FEDORA-2009-10648.\";\n\n\n\nif(description)\n{\n script_id(66092);\n script_version(\"$Revision: 6624 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:11:55 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-27 01:37:56 +0100 (Tue, 27 Oct 2009)\");\n script_cve_id(\"CVE-2009-1188\", \"CVE-2009-3603\", \"CVE-2009-3604\", \"CVE-2009-3606\", \"CVE-2009-3608\", \"CVE-2009-3609\", \"CVE-2009-3605\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"Fedora Core 11 FEDORA-2009-10648 (xpdf)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=495907\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=526911\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=526877\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=526637\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=526893\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"xpdf\", rpm:\"xpdf~3.02~15.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xpdf-debuginfo\", rpm:\"xpdf-debuginfo~3.02~15.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-24T12:49:03", "description": "The remote host is missing an update to kdegraphics\nannounced via advisory DSA 2050-1.", "cvss3": {}, "published": "2010-06-03T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 2050-1 (kdegraphics)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-3608", "CVE-2009-3603", "CVE-2009-1188", "CVE-2009-3606", "CVE-2009-3604", "CVE-2009-3609"], "modified": "2017-07-07T00:00:00", "id": "OPENVAS:67403", "href": "http://plugins.openvas.org/nasl.php?oid=67403", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2050_1.nasl 6614 2017-07-07 12:09:12Z cfischer $\n# Description: Auto-generated from advisory DSA 2050-1 (kdegraphics)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Several local vulnerabilities have been discovered in KPDF, a PDF viewer\nfor KDE, which allow the execution of arbitrary code or denial of\nservice if a user is tricked into opening a crafted PDF document.\n\nFor the stable distribution (lenny), these problems have been fixed in\nversion 4:3.5.9-3+lenny3.\n\nThe unstable distribution (sid) no longer contains kpdf. It's replacement,\nOkular, links against the poppler PDF library.\n\nWe recommend that you upgrade your kdegraphics packages.\";\ntag_summary = \"The remote host is missing an update to kdegraphics\nannounced via advisory DSA 2050-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202050-1\";\n\n\nif(description)\n{\n script_id(67403);\n script_version(\"$Revision: 6614 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:09:12 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-06-03 22:55:24 +0200 (Thu, 03 Jun 2010)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_cve_id(\"CVE-2009-1188\", \"CVE-2009-3603\", \"CVE-2009-3604\", \"CVE-2009-3606\", \"CVE-2009-3608\", \"CVE-2009-3609\");\n script_name(\"Debian Security Advisory DSA 2050-1 (kdegraphics)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"kdegraphics\", ver:\"3.5.9-3+lenny3\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"kdegraphics-doc-html\", ver:\"3.5.9-3+lenny3\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"ksvg\", ver:\"3.5.9-3+lenny3\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"kuickshow\", ver:\"3.5.9-3+lenny3\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"kpovmodeler\", ver:\"3.5.9-3+lenny3\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"kdegraphics-kfile-plugins\", ver:\"3.5.9-3+lenny3\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"kruler\", ver:\"3.5.9-3+lenny3\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"kfax\", ver:\"3.5.9-3+lenny3\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"kolourpaint\", ver:\"3.5.9-3+lenny3\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"kghostview\", ver:\"3.5.9-3+lenny3\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"kfaxview\", ver:\"3.5.9-3+lenny3\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"kview\", ver:\"3.5.9-3+lenny3\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"kdvi\", ver:\"3.5.9-3+lenny3\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"kcoloredit\", ver:\"3.5.9-3+lenny3\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"kooka\", ver:\"3.5.9-3+lenny3\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"kviewshell\", ver:\"3.5.9-3+lenny3\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libkscan-dev\", ver:\"3.5.9-3+lenny3\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"kgamma\", ver:\"3.5.9-3+lenny3\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libkscan1\", ver:\"3.5.9-3+lenny3\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"ksnapshot\", ver:\"3.5.9-3+lenny3\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"kmrml\", ver:\"3.5.9-3+lenny3\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"kdegraphics-dbg\", ver:\"3.5.9-3+lenny3\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"kiconedit\", ver:\"3.5.9-3+lenny3\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"kamera\", ver:\"3.5.9-3+lenny3\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"kpdf\", ver:\"3.5.9-3+lenny3\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"kdegraphics-dev\", ver:\"3.5.9-3+lenny3\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-12-14T11:48:59", "description": "Check for the Version of pdfedit", "cvss3": {}, "published": "2010-03-02T00:00:00", "type": "openvas", "title": "Fedora Update for pdfedit FEDORA-2010-1842", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-3608", "CVE-2009-3603", "CVE-2009-1188", "CVE-2009-3606", "CVE-2009-3604", "CVE-2009-3609"], "modified": "2017-12-14T00:00:00", "id": "OPENVAS:861624", "href": "http://plugins.openvas.org/nasl.php?oid=861624", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for pdfedit FEDORA-2010-1842\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"pdfedit on Fedora 11\";\ntag_insight = \"Free pdf editing using PdfEdit. Complete editing of pdf documents is made\n possible with PDFedit. You can change either raw pdf objects (for advanced\n users) or use predefined gui functions. Functions can be easily added as\n everything is based on a script.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035399.html\");\n script_id(861624);\n script_version(\"$Revision: 8109 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-14 07:31:15 +0100 (Thu, 14 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-03-02 08:38:02 +0100 (Tue, 02 Mar 2010)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"FEDORA\", value: \"2010-1842\");\n script_cve_id(\"CVE-2009-1188\", \"CVE-2009-3603\", \"CVE-2009-3604\", \"CVE-2009-3606\", \"CVE-2009-3608\", \"CVE-2009-3609\");\n script_name(\"Fedora Update for pdfedit FEDORA-2010-1842\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of pdfedit\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC11\")\n{\n\n if ((res = isrpmvuln(pkg:\"pdfedit\", rpm:\"pdfedit~0.4.3~4.fc11\", rls:\"FC11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-24T12:57:12", "description": "The remote host is missing an update to xpdf\nannounced via advisory MDVSA-2009:287.", "cvss3": {}, "published": "2009-10-27T00:00:00", "type": "openvas", "title": "Mandrake Security Advisory MDVSA-2009:287 (xpdf)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-3608", "CVE-2009-3603", "CVE-2009-1188", "CVE-2009-3606", "CVE-2009-3604", "CVE-2009-3609"], "modified": "2017-07-06T00:00:00", "id": "OPENVAS:66090", "href": "http://plugins.openvas.org/nasl.php?oid=66090", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: mdksa_2009_287.nasl 6573 2017-07-06 13:10:50Z cfischer $\n# Description: Auto-generated from advisory MDVSA-2009:287 (xpdf)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Multiple vulnerabilities has been found and corrected in xpdf:\n\nInteger overflow in the SplashBitmap::SplashBitmap function in Xpdf 3.x\nbefore 3.02pl4 and Poppler before 0.12.1 might allow remote attackers\nto execute arbitrary code via a crafted PDF document that triggers a\nheap-based buffer overflow. NOTE: some of these details are obtained\nfrom third party information. NOTE: this issue reportedly exists\nbecause of an incomplete fix for CVE-2009-1188 (CVE-2009-3603).\n\nThe Splash::drawImage function in Splash.cc in Xpdf 2.x and 3.x\nbefore 3.02pl4, and Poppler 0.x, as used in GPdf and kdegraphics KPDF,\ndoes not properly allocate memory, which allows remote attackers to\ncause a denial of service (application crash) or possibly execute\narbitrary code via a crafted PDF document that triggers a NULL pointer\ndereference or a heap-based buffer overflow (CVE-2009-3604).\n\nInteger overflow in the PSOutputDev::doImageL1Sep function in Xpdf\nbefore 3.02pl4, and Poppler 0.x, as used in kdegraphics KPDF, might\nallow remote attackers to execute arbitrary code via a crafted PDF\ndocument that triggers a heap-based buffer overflow (CVE-2009-3606).\n\nInteger overflow in the ObjectStream::ObjectStream function in XRef.cc\nin Xpdf 3.x before 3.02pl4 and Poppler before 0.12.1, as used in\nGPdf, kdegraphics KPDF, CUPS pdftops, and teTeX, might allow remote\nattackers to execute arbitrary code via a crafted PDF document that\ntriggers a heap-based buffer overflow (CVE-2009-3608).\n\nInteger overflow in the ImageStream::ImageStream function in Stream.cc\nin Xpdf before 3.02pl4 and Poppler before 0.12.1, as used in GPdf,\nkdegraphics KPDF, and CUPS pdftops, allows remote attackers to\ncause a denial of service (application crash) via a crafted PDF\ndocument that triggers a NULL pointer dereference or buffer over-read\n(CVE-2009-3609).\n\nThis update fixes these vulnerabilities.\n\nAffected: 2009.0, Corporate 3.0, Corporate 4.0\";\ntag_solution = \"To upgrade automatically use MandrakeUpdate or urpmi. The verification\nof md5 checksums and GPG signatures is performed automatically for you.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=MDVSA-2009:287\";\ntag_summary = \"The remote host is missing an update to xpdf\nannounced via advisory MDVSA-2009:287.\";\n\n \n\nif(description)\n{\n script_id(66090);\n script_version(\"$Revision: 6573 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-06 15:10:50 +0200 (Thu, 06 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-27 01:37:56 +0100 (Tue, 27 Oct 2009)\");\n script_cve_id(\"CVE-2009-1188\", \"CVE-2009-3603\", \"CVE-2009-3604\", \"CVE-2009-3606\", \"CVE-2009-3608\", \"CVE-2009-3609\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"Mandrake Security Advisory MDVSA-2009:287 (xpdf)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"xpdf\", rpm:\"xpdf~3.02~12.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xpdf-common\", rpm:\"xpdf-common~3.02~12.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xpdf\", rpm:\"xpdf~3.02~0.3.C30mdk\", rls:\"MNDK_3.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xpdf-tools\", rpm:\"xpdf-tools~3.02~0.3.C30mdk\", rls:\"MNDK_3.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xpdf\", rpm:\"xpdf~3.02~0.3.20060mlcs4\", rls:\"MNDK_4.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xpdf-tools\", rpm:\"xpdf-tools~3.02~0.3.20060mlcs4\", rls:\"MNDK_4.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-06T11:38:20", "description": "The remote host is missing an update to poppler\nannounced via advisory FEDORA-2009-10845.", "cvss3": {}, "published": "2009-11-11T00:00:00", "type": "openvas", "title": "Fedora Core 11 FEDORA-2009-10845 (poppler)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-3608", "CVE-2009-3603", "CVE-2009-3607", "CVE-2009-3606", "CVE-2009-3604", "CVE-2009-3609"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:136141256231066140", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231066140", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: fcore_2009_10845.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory FEDORA-2009-10845 (poppler)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Update Information:\n\nThis build addresses several recent security issues.\n\nChangeLog:\n\n* Sun Oct 25 2009 Rex Dieter - 0.10.7-3\n- CVE-2009-3603 SplashBitmap::SplashBitmap integer overflow (#526915)\n- CVE-2009-3604 Splash::drawImage integer overflow and missing allocation return value check(#526911)\n- CVE-2009-3606 PSOutputDev::doImageL1Sep integer overflow (#526877)\n- CVE-2009-3607 poppler: create_surface_from_thumbnail_data integer overflow (#526924)\n- CVE-2009-3608 integer overflow in ObjectStream::ObjectStream (#526637)\n- CVE-2009-3609 ImageStream::ImageStream integer overflow (#526893)\";\ntag_solution = \"Apply the appropriate updates.\n\nThis update can be installed with the yum update program. Use \nsu -c 'yum update poppler' at the command line.\nFor more information, refer to Managing Software with yum,\navailable at http://docs.fedoraproject.org/yum/.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2009-10845\";\ntag_summary = \"The remote host is missing an update to poppler\nannounced via advisory FEDORA-2009-10845.\";\n\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.66140\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-11-11 15:56:44 +0100 (Wed, 11 Nov 2009)\");\n script_cve_id(\"CVE-2009-3603\", \"CVE-2009-3604\", \"CVE-2009-3606\", \"CVE-2009-3607\", \"CVE-2009-3608\", \"CVE-2009-3609\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"Fedora Core 11 FEDORA-2009-10845 (poppler)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=526915\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=526911\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=526877\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=526924\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=526637\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=526893\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"poppler\", rpm:\"poppler~0.10.7~3.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"poppler-devel\", rpm:\"poppler-devel~0.10.7~3.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"poppler-glib\", rpm:\"poppler-glib~0.10.7~3.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"poppler-glib-devel\", rpm:\"poppler-glib-devel~0.10.7~3.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"poppler-qt\", rpm:\"poppler-qt~0.10.7~3.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"poppler-qt-devel\", rpm:\"poppler-qt-devel~0.10.7~3.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"poppler-qt4\", rpm:\"poppler-qt4~0.10.7~3.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"poppler-qt4-devel\", rpm:\"poppler-qt4-devel~0.10.7~3.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"poppler-utils\", rpm:\"poppler-utils~0.10.7~3.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"poppler-debuginfo\", rpm:\"poppler-debuginfo~0.10.7~3.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-06T11:39:23", "description": "The remote host is missing an update to xpdf\nannounced via advisory MDVSA-2009:287-1.", "cvss3": {}, "published": "2009-12-10T00:00:00", "type": "openvas", "title": "Mandriva Security Advisory MDVSA-2009:287-1 (xpdf)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-3608", "CVE-2009-3603", "CVE-2009-1188", "CVE-2009-3606", "CVE-2009-3604", "CVE-2009-3609"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:136141256231066381", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231066381", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: mdksa_2009_287_1.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory MDVSA-2009:287-1 (xpdf)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Multiple vulnerabilities has been found and corrected in xpdf:\n\nInteger overflow in the SplashBitmap::SplashBitmap function in Xpdf 3.x\nbefore 3.02pl4 and Poppler before 0.12.1 might allow remote attackers\nto execute arbitrary code via a crafted PDF document that triggers a\nheap-based buffer overflow. NOTE: some of these details are obtained\nfrom third party information. NOTE: this issue reportedly exists\nbecause of an incomplete fix for CVE-2009-1188 (CVE-2009-3603).\n\nThe Splash::drawImage function in Splash.cc in Xpdf 2.x and 3.x\nbefore 3.02pl4, and Poppler 0.x, as used in GPdf and kdegraphics KPDF,\ndoes not properly allocate memory, which allows remote attackers to\ncause a denial of service (application crash) or possibly execute\narbitrary code via a crafted PDF document that triggers a NULL pointer\ndereference or a heap-based buffer overflow (CVE-2009-3604).\n\nInteger overflow in the PSOutputDev::doImageL1Sep function in Xpdf\nbefore 3.02pl4, and Poppler 0.x, as used in kdegraphics KPDF, might\nallow remote attackers to execute arbitrary code via a crafted PDF\ndocument that triggers a heap-based buffer overflow (CVE-2009-3606).\n\nInteger overflow in the ObjectStream::ObjectStream function in XRef.cc\nin Xpdf 3.x before 3.02pl4 and Poppler before 0.12.1, as used in\nGPdf, kdegraphics KPDF, CUPS pdftops, and teTeX, might allow remote\nattackers to execute arbitrary code via a crafted PDF document that\ntriggers a heap-based buffer overflow (CVE-2009-3608).\n\nInteger overflow in the ImageStream::ImageStream function in Stream.cc\nin Xpdf before 3.02pl4 and Poppler before 0.12.1, as used in GPdf,\nkdegraphics KPDF, and CUPS pdftops, allows remote attackers to\ncause a denial of service (application crash) via a crafted PDF\ndocument that triggers a NULL pointer dereference or buffer over-read\n(CVE-2009-3609).\n\nThis update fixes these vulnerabilities.\n\nUpdate:\n\nPackages for 2008.0 are being provided due to extended support for\nCorporate products.\n\nAffected: 2008.0\";\ntag_solution = \"To upgrade automatically use MandrakeUpdate or urpmi. The verification\nof md5 checksums and GPG signatures is performed automatically for you.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=MDVSA-2009:287-1\";\ntag_summary = \"The remote host is missing an update to xpdf\nannounced via advisory MDVSA-2009:287-1.\";\n\n \n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.66381\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-12-10 00:23:54 +0100 (Thu, 10 Dec 2009)\");\n script_cve_id(\"CVE-2009-1188\", \"CVE-2009-3603\", \"CVE-2009-3604\", \"CVE-2009-3606\", \"CVE-2009-3608\", \"CVE-2009-3609\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"Mandriva Security Advisory MDVSA-2009:287-1 (xpdf)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"xpdf\", rpm:\"xpdf~3.02~8.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xpdf-common\", rpm:\"xpdf-common~3.02~8.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xpdf-tools\", rpm:\"xpdf-tools~3.02~8.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-01-22T13:05:35", "description": "Check for the Version of pdfedit", "cvss3": {}, "published": "2010-03-02T00:00:00", "type": "openvas", "title": "Fedora Update for pdfedit FEDORA-2010-1377", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-3608", "CVE-2009-3603", "CVE-2009-1188", "CVE-2009-3606", "CVE-2009-3604", "CVE-2009-3609"], "modified": "2018-01-22T00:00:00", "id": "OPENVAS:1361412562310861687", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310861687", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for pdfedit FEDORA-2010-1377\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"pdfedit on Fedora 12\";\ntag_insight = \"Free pdf editing using PdfEdit. Complete editing of pdf documents is made\n possible with PDFedit. You can change either raw pdf objects (for advanced\n users) or use predefined gui functions. Functions can be easily added as\n everything is based on a script.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035408.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.861687\");\n script_version(\"$Revision: 8485 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-22 08:57:57 +0100 (Mon, 22 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2010-03-02 08:38:02 +0100 (Tue, 02 Mar 2010)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"FEDORA\", value: \"2010-1377\");\n script_cve_id(\"CVE-2009-1188\", \"CVE-2009-3603\", \"CVE-2009-3604\", \"CVE-2009-3606\", \"CVE-2009-3608\", \"CVE-2009-3609\");\n script_name(\"Fedora Update for pdfedit FEDORA-2010-1377\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of pdfedit\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC12\")\n{\n\n if ((res = isrpmvuln(pkg:\"pdfedit\", rpm:\"pdfedit~0.4.3~4.fc12\", rls:\"FC12\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-12-21T11:32:24", "description": "The remote host is missing an update to kdegraphics\nannounced via advisory DSA 2050-1.", "cvss3": {}, "published": "2010-06-03T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 2050-1 (kdegraphics)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-3608", "CVE-2009-3603", "CVE-2009-1188", "CVE-2009-3606", "CVE-2009-3604", "CVE-2009-3609"], "modified": "2017-12-20T00:00:00", "id": "OPENVAS:136141256231067403", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231067403", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2050_1.nasl 8187 2017-12-20 07:30:09Z teissa $\n# Description: Auto-generated from advisory DSA 2050-1 (kdegraphics)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Several local vulnerabilities have been discovered in KPDF, a PDF viewer\nfor KDE, which allow the execution of arbitrary code or denial of\nservice if a user is tricked into opening a crafted PDF document.\n\nFor the stable distribution (lenny), these problems have been fixed in\nversion 4:3.5.9-3+lenny3.\n\nThe unstable distribution (sid) no longer contains kpdf. It's replacement,\nOkular, links against the poppler PDF library.\n\nWe recommend that you upgrade your kdegraphics packages.\";\ntag_summary = \"The remote host is missing an update to kdegraphics\nannounced via advisory DSA 2050-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202050-1\";\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.67403\");\n script_version(\"$Revision: 8187 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-20 08:30:09 +0100 (Wed, 20 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-06-03 22:55:24 +0200 (Thu, 03 Jun 2010)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_cve_id(\"CVE-2009-1188\", \"CVE-2009-3603\", \"CVE-2009-3604\", \"CVE-2009-3606\", \"CVE-2009-3608\", \"CVE-2009-3609\");\n script_name(\"Debian Security Advisory DSA 2050-1 (kdegraphics)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"kdegraphics\", ver:\"3.5.9-3+lenny3\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"kdegraphics-doc-html\", ver:\"3.5.9-3+lenny3\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"ksvg\", ver:\"3.5.9-3+lenny3\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"kuickshow\", ver:\"3.5.9-3+lenny3\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"kpovmodeler\", ver:\"3.5.9-3+lenny3\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"kdegraphics-kfile-plugins\", ver:\"3.5.9-3+lenny3\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"kruler\", ver:\"3.5.9-3+lenny3\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"kfax\", ver:\"3.5.9-3+lenny3\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"kolourpaint\", ver:\"3.5.9-3+lenny3\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"kghostview\", ver:\"3.5.9-3+lenny3\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"kfaxview\", ver:\"3.5.9-3+lenny3\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"kview\", ver:\"3.5.9-3+lenny3\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"kdvi\", ver:\"3.5.9-3+lenny3\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"kcoloredit\", ver:\"3.5.9-3+lenny3\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"kooka\", ver:\"3.5.9-3+lenny3\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"kviewshell\", ver:\"3.5.9-3+lenny3\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libkscan-dev\", ver:\"3.5.9-3+lenny3\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"kgamma\", ver:\"3.5.9-3+lenny3\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libkscan1\", ver:\"3.5.9-3+lenny3\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"ksnapshot\", ver:\"3.5.9-3+lenny3\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"kmrml\", ver:\"3.5.9-3+lenny3\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"kdegraphics-dbg\", ver:\"3.5.9-3+lenny3\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"kiconedit\", ver:\"3.5.9-3+lenny3\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"kamera\", ver:\"3.5.9-3+lenny3\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"kpdf\", ver:\"3.5.9-3+lenny3\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"kdegraphics-dev\", ver:\"3.5.9-3+lenny3\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-24T12:56:48", "description": "The remote host is missing an update to xpdf\nannounced via advisory MDVSA-2009:287-1.", "cvss3": {}, "published": "2009-12-10T00:00:00", "type": "openvas", "title": "Mandriva Security Advisory MDVSA-2009:287-1 (xpdf)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-3608", "CVE-2009-3603", "CVE-2009-1188", "CVE-2009-3606", "CVE-2009-3604", "CVE-2009-3609"], "modified": "2017-07-06T00:00:00", "id": "OPENVAS:66381", "href": "http://plugins.openvas.org/nasl.php?oid=66381", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: mdksa_2009_287_1.nasl 6573 2017-07-06 13:10:50Z cfischer $\n# Description: Auto-generated from advisory MDVSA-2009:287-1 (xpdf)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Multiple vulnerabilities has been found and corrected in xpdf:\n\nInteger overflow in the SplashBitmap::SplashBitmap function in Xpdf 3.x\nbefore 3.02pl4 and Poppler before 0.12.1 might allow remote attackers\nto execute arbitrary code via a crafted PDF document that triggers a\nheap-based buffer overflow. NOTE: some of these details are obtained\nfrom third party information. NOTE: this issue reportedly exists\nbecause of an incomplete fix for CVE-2009-1188 (CVE-2009-3603).\n\nThe Splash::drawImage function in Splash.cc in Xpdf 2.x and 3.x\nbefore 3.02pl4, and Poppler 0.x, as used in GPdf and kdegraphics KPDF,\ndoes not properly allocate memory, which allows remote attackers to\ncause a denial of service (application crash) or possibly execute\narbitrary code via a crafted PDF document that triggers a NULL pointer\ndereference or a heap-based buffer overflow (CVE-2009-3604).\n\nInteger overflow in the PSOutputDev::doImageL1Sep function in Xpdf\nbefore 3.02pl4, and Poppler 0.x, as used in kdegraphics KPDF, might\nallow remote attackers to execute arbitrary code via a crafted PDF\ndocument that triggers a heap-based buffer overflow (CVE-2009-3606).\n\nInteger overflow in the ObjectStream::ObjectStream function in XRef.cc\nin Xpdf 3.x before 3.02pl4 and Poppler before 0.12.1, as used in\nGPdf, kdegraphics KPDF, CUPS pdftops, and teTeX, might allow remote\nattackers to execute arbitrary code via a crafted PDF document that\ntriggers a heap-based buffer overflow (CVE-2009-3608).\n\nInteger overflow in the ImageStream::ImageStream function in Stream.cc\nin Xpdf before 3.02pl4 and Poppler before 0.12.1, as used in GPdf,\nkdegraphics KPDF, and CUPS pdftops, allows remote attackers to\ncause a denial of service (application crash) via a crafted PDF\ndocument that triggers a NULL pointer dereference or buffer over-read\n(CVE-2009-3609).\n\nThis update fixes these vulnerabilities.\n\nUpdate:\n\nPackages for 2008.0 are being provided due to extended support for\nCorporate products.\n\nAffected: 2008.0\";\ntag_solution = \"To upgrade automatically use MandrakeUpdate or urpmi. The verification\nof md5 checksums and GPG signatures is performed automatically for you.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=MDVSA-2009:287-1\";\ntag_summary = \"The remote host is missing an update to xpdf\nannounced via advisory MDVSA-2009:287-1.\";\n\n \n\nif(description)\n{\n script_id(66381);\n script_version(\"$Revision: 6573 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-06 15:10:50 +0200 (Thu, 06 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-12-10 00:23:54 +0100 (Thu, 10 Dec 2009)\");\n script_cve_id(\"CVE-2009-1188\", \"CVE-2009-3603\", \"CVE-2009-3604\", \"CVE-2009-3606\", \"CVE-2009-3608\", \"CVE-2009-3609\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"Mandriva Security Advisory MDVSA-2009:287-1 (xpdf)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"xpdf\", rpm:\"xpdf~3.02~8.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xpdf-common\", rpm:\"xpdf-common~3.02~8.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xpdf-tools\", rpm:\"xpdf-tools~3.02~8.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-02T21:14:11", "description": "The remote host is missing an update to the system\nas announced in the referenced advisory.", "cvss3": {}, "published": "2009-10-27T00:00:00", "type": "openvas", "title": "FreeBSD Ports: xpdf", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-3608", "CVE-2009-3603", "CVE-2009-1188", "CVE-2009-3606", "CVE-2009-3604", "CVE-2009-3609"], "modified": "2016-12-28T00:00:00", "id": "OPENVAS:66116", "href": "http://plugins.openvas.org/nasl.php?oid=66116", "sourceData": "#\n#VID 8581189c-bd5f-11de-8709-0017a4cccfc6\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from VID 8581189c-bd5f-11de-8709-0017a4cccfc6\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The following package is affected: xpdf\";\ntag_solution = \"Update your system with the appropriate patches or\nsoftware upgrades.\n\nhttp://www.securityfocus.com/archive/1/507261\nhttp://secunia.com/advisories/37053/\nhttp://www.vuxml.org/freebsd/8581189c-bd5f-11de-8709-0017a4cccfc6.html\";\ntag_summary = \"The remote host is missing an update to the system\nas announced in the referenced advisory.\";\n\n\n\nif(description)\n{\n script_id(66116);\n script_version(\"$Revision: 4865 $\");\n script_cve_id(\"CVE-2009-1188\", \"CVE-2009-3603\", \"CVE-2009-3604\", \"CVE-2009-3606\",\n \"CVE-2009-3608\", \"CVE-2009-3609\");\n script_bugtraq_id(36703, 34568);\n script_tag(name:\"last_modification\", value:\"$Date: 2016-12-28 17:16:43 +0100 (Wed, 28 Dec 2016) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-27 01:37:56 +0100 (Tue, 27 Oct 2009)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"FreeBSD Ports: xpdf\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"FreeBSD Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/freebsdrel\", \"login/SSH/success\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-bsd.inc\");\n\ntxt = \"\";\nvuln = 0;\nbver = portver(pkg:\"xpdf\");\nif(!isnull(bver) && revcomp(a:bver, b:\"3.02_11\")<0) {\n txt += 'Package xpdf version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\n\nif(vuln) {\n security_message(data:string(txt));\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-06T11:40:35", "description": "The remote host is missing an update to xpdf\nannounced via advisory MDVSA-2009:287.", "cvss3": {}, "published": "2009-10-27T00:00:00", "type": "openvas", "title": "Mandrake Security Advisory MDVSA-2009:287 (xpdf)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-3608", "CVE-2009-3603", "CVE-2009-1188", "CVE-2009-3606", "CVE-2009-3604", "CVE-2009-3609"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:136141256231066090", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231066090", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: mdksa_2009_287.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory MDVSA-2009:287 (xpdf)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Multiple vulnerabilities has been found and corrected in xpdf:\n\nInteger overflow in the SplashBitmap::SplashBitmap function in Xpdf 3.x\nbefore 3.02pl4 and Poppler before 0.12.1 might allow remote attackers\nto execute arbitrary code via a crafted PDF document that triggers a\nheap-based buffer overflow. NOTE: some of these details are obtained\nfrom third party information. NOTE: this issue reportedly exists\nbecause of an incomplete fix for CVE-2009-1188 (CVE-2009-3603).\n\nThe Splash::drawImage function in Splash.cc in Xpdf 2.x and 3.x\nbefore 3.02pl4, and Poppler 0.x, as used in GPdf and kdegraphics KPDF,\ndoes not properly allocate memory, which allows remote attackers to\ncause a denial of service (application crash) or possibly execute\narbitrary code via a crafted PDF document that triggers a NULL pointer\ndereference or a heap-based buffer overflow (CVE-2009-3604).\n\nInteger overflow in the PSOutputDev::doImageL1Sep function in Xpdf\nbefore 3.02pl4, and Poppler 0.x, as used in kdegraphics KPDF, might\nallow remote attackers to execute arbitrary code via a crafted PDF\ndocument that triggers a heap-based buffer overflow (CVE-2009-3606).\n\nInteger overflow in the ObjectStream::ObjectStream function in XRef.cc\nin Xpdf 3.x before 3.02pl4 and Poppler before 0.12.1, as used in\nGPdf, kdegraphics KPDF, CUPS pdftops, and teTeX, might allow remote\nattackers to execute arbitrary code via a crafted PDF document that\ntriggers a heap-based buffer overflow (CVE-2009-3608).\n\nInteger overflow in the ImageStream::ImageStream function in Stream.cc\nin Xpdf before 3.02pl4 and Poppler before 0.12.1, as used in GPdf,\nkdegraphics KPDF, and CUPS pdftops, allows remote attackers to\ncause a denial of service (application crash) via a crafted PDF\ndocument that triggers a NULL pointer dereference or buffer over-read\n(CVE-2009-3609).\n\nThis update fixes these vulnerabilities.\n\nAffected: 2009.0, Corporate 3.0, Corporate 4.0\";\ntag_solution = \"To upgrade automatically use MandrakeUpdate or urpmi. The verification\nof md5 checksums and GPG signatures is performed automatically for you.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=MDVSA-2009:287\";\ntag_summary = \"The remote host is missing an update to xpdf\nannounced via advisory MDVSA-2009:287.\";\n\n \n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.66090\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-27 01:37:56 +0100 (Tue, 27 Oct 2009)\");\n script_cve_id(\"CVE-2009-1188\", \"CVE-2009-3603\", \"CVE-2009-3604\", \"CVE-2009-3606\", \"CVE-2009-3608\", \"CVE-2009-3609\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"Mandrake Security Advisory MDVSA-2009:287 (xpdf)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"xpdf\", rpm:\"xpdf~3.02~12.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xpdf-common\", rpm:\"xpdf-common~3.02~12.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xpdf\", rpm:\"xpdf~3.02~0.3.C30mdk\", rls:\"MNDK_3.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xpdf-tools\", rpm:\"xpdf-tools~3.02~0.3.C30mdk\", rls:\"MNDK_3.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xpdf\", rpm:\"xpdf~3.02~0.3.20060mlcs4\", rls:\"MNDK_4.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xpdf-tools\", rpm:\"xpdf-tools~3.02~0.3.20060mlcs4\", rls:\"MNDK_4.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-24T12:49:07", "description": "The remote host is missing an update to xpdf\nannounced via advisory DSA 2028-1.", "cvss3": {}, "published": "2010-04-21T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 2028-1 (xpdf)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-3608", "CVE-2009-3603", "CVE-2009-1188", "CVE-2009-3606", "CVE-2009-3604", "CVE-2009-3609"], "modified": "2017-07-07T00:00:00", "id": "OPENVAS:67264", "href": "http://plugins.openvas.org/nasl.php?oid=67264", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2028_1.nasl 6614 2017-07-07 12:09:12Z cfischer $\n# Description: Auto-generated from advisory DSA 2028-1 (xpdf)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Several vulnerabilities have been identified in xpdf, a suite of tools for\nviewing and converting Portable Document Format (PDF) files.\n\nThe Common Vulnerabilities and Exposures project identifies the following\nproblems:\n\nCVE-2009-1188 and CVE-2009-3603\n\nInteger overflow in SplashBitmap::SplashBitmap which might allow remote\nattackers to execute arbitrary code or an application crash via a crafted\nPDF document.\n\nCVE-2009-3604\n\nNULL pointer dereference or heap-based buffer overflow in\nSplash::drawImage which might allow remote attackers to cause a denial\nof service (application crash) or possibly execute arbitrary code via\na crafted PDF document.\n\nCVE-2009-3606\n\nInteger overflow in the PSOutputDev::doImageL1Sep which might allow\nremote attackers to execute arbitrary code via a crafted PDF document.\n\nCVE-2009-3608\n\nInteger overflow in the ObjectStream::ObjectStream which might allow\nremote attackers to execute arbitrary code via a crafted PDF document.\n\nCVE-2009-3609\n\nInteger overflow in the ImageStream::ImageStream which might allow\nremote attackers to cause a denial of service via a crafted PDF\ndocument.\n\n\nFor the stable distribution (lenny), this problem has been fixed in\nversion 3.02-1.4+lenny2.\n\nFor the testing distribution (squeeze), this problem will be fixed soon.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 3.02-2.\";\ntag_summary = \"The remote host is missing an update to xpdf\nannounced via advisory DSA 2028-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202028-1\";\n\n\nif(description)\n{\n script_id(67264);\n script_version(\"$Revision: 6614 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:09:12 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-04-21 03:31:17 +0200 (Wed, 21 Apr 2010)\");\n script_cve_id(\"CVE-2009-1188\", \"CVE-2009-3603\", \"CVE-2009-3604\", \"CVE-2009-3606\", \"CVE-2009-3608\", \"CVE-2009-3609\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"Debian Security Advisory DSA 2028-1 (xpdf)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"xpdf\", ver:\"3.02-1.4+lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"xpdf-common\", ver:\"3.02-1.4+lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"xpdf-reader\", ver:\"3.02-1.4+lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"xpdf-utils\", ver:\"3.02-1.4+lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-06T11:39:49", "description": "The remote host is missing an update to the system\nas announced in the referenced advisory.", "cvss3": {}, "published": "2009-10-27T00:00:00", "type": "openvas", "title": "FreeBSD Ports: xpdf", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-3608", "CVE-2009-3603", "CVE-2009-1188", "CVE-2009-3606", "CVE-2009-3604", "CVE-2009-3609"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:136141256231066116", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231066116", "sourceData": "#\n#VID 8581189c-bd5f-11de-8709-0017a4cccfc6\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from VID 8581189c-bd5f-11de-8709-0017a4cccfc6\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The following package is affected: xpdf\";\ntag_solution = \"Update your system with the appropriate patches or\nsoftware upgrades.\n\nhttp://www.securityfocus.com/archive/1/507261\nhttp://secunia.com/advisories/37053/\nhttp://www.vuxml.org/freebsd/8581189c-bd5f-11de-8709-0017a4cccfc6.html\";\ntag_summary = \"The remote host is missing an update to the system\nas announced in the referenced advisory.\";\n\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.66116\");\n script_version(\"$Revision: 9350 $\");\n script_cve_id(\"CVE-2009-1188\", \"CVE-2009-3603\", \"CVE-2009-3604\", \"CVE-2009-3606\",\n \"CVE-2009-3608\", \"CVE-2009-3609\");\n script_bugtraq_id(36703, 34568);\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-27 01:37:56 +0100 (Tue, 27 Oct 2009)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"FreeBSD Ports: xpdf\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"FreeBSD Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/freebsdrel\", \"login/SSH/success\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-bsd.inc\");\n\ntxt = \"\";\nvuln = 0;\nbver = portver(pkg:\"xpdf\");\nif(!isnull(bver) && revcomp(a:bver, b:\"3.02_11\")<0) {\n txt += 'Package xpdf version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\n\nif(vuln) {\n security_message(data:string(txt));\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-01-02T10:54:52", "description": "Check for the Version of pdfedit", "cvss3": {}, "published": "2010-03-02T00:00:00", "type": "openvas", "title": "Fedora Update for pdfedit FEDORA-2010-1842", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-3608", "CVE-2009-3603", "CVE-2009-1188", "CVE-2009-3606", "CVE-2009-3604", "CVE-2009-3609"], "modified": "2017-12-27T00:00:00", "id": "OPENVAS:1361412562310861624", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310861624", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for pdfedit FEDORA-2010-1842\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"pdfedit on Fedora 11\";\ntag_insight = \"Free pdf editing using PdfEdit. Complete editing of pdf documents is made\n possible with PDFedit. You can change either raw pdf objects (for advanced\n users) or use predefined gui functions. Functions can be easily added as\n everything is based on a script.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035399.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.861624\");\n script_version(\"$Revision: 8250 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-27 08:29:15 +0100 (Wed, 27 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-03-02 08:38:02 +0100 (Tue, 02 Mar 2010)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"FEDORA\", value: \"2010-1842\");\n script_cve_id(\"CVE-2009-1188\", \"CVE-2009-3603\", \"CVE-2009-3604\", \"CVE-2009-3606\", \"CVE-2009-3608\", \"CVE-2009-3609\");\n script_name(\"Fedora Update for pdfedit FEDORA-2010-1842\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of pdfedit\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC11\")\n{\n\n if ((res = isrpmvuln(pkg:\"pdfedit\", rpm:\"pdfedit~0.4.3~4.fc11\", rls:\"FC11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-06T11:39:06", "description": "The remote host is missing an update to poppler\nannounced via advisory FEDORA-2009-10823.", "cvss3": {}, "published": "2009-11-11T00:00:00", "type": "openvas", "title": "Fedora Core 10 FEDORA-2009-10823 (poppler)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-3608", "CVE-2009-3603", "CVE-2009-3607", "CVE-2009-3606", "CVE-2009-3604", "CVE-2009-3609"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:136141256231066139", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231066139", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: fcore_2009_10823.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory FEDORA-2009-10823 (poppler)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Update Information:\n\nThis build addresses several recent security issues.\n\nChangeLog:\n\n* Sun Oct 25 2009 Rex Dieter - 0.8.8-7\n- CVE-2009-3603 SplashBitmap::SplashBitmap integer overflow (#526915)\n- CVE-2009-3604 Splash::drawImage integer overflow and missing allocation\n return value check(#526911)\n- CVE-2009-3606 PSOutputDev::doImageL1Sep integer overflow (#526877)\n- CVE-2009-3607 create_surface_from_thumbnail_data integer overflow (#526924)\n- CVE-2009-3608 integer overflow in ObjectStream::ObjectStream (#526637)\n- CVE-2009-3609 ImageStream::ImageStream integer overflow (#526893)\";\ntag_solution = \"Apply the appropriate updates.\n\nThis update can be installed with the yum update program. Use \nsu -c 'yum update poppler' at the command line.\nFor more information, refer to Managing Software with yum,\navailable at http://docs.fedoraproject.org/yum/.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2009-10823\";\ntag_summary = \"The remote host is missing an update to poppler\nannounced via advisory FEDORA-2009-10823.\";\n\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.66139\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-11-11 15:56:44 +0100 (Wed, 11 Nov 2009)\");\n script_cve_id(\"CVE-2009-3603\", \"CVE-2009-3604\", \"CVE-2009-3606\", \"CVE-2009-3607\", \"CVE-2009-3608\", \"CVE-2009-3609\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"Fedora Core 10 FEDORA-2009-10823 (poppler)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=526915\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=526911\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=526877\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=526924\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=526637\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=526893\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"poppler\", rpm:\"poppler~0.8.7~7.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"poppler-devel\", rpm:\"poppler-devel~0.8.7~7.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"poppler-glib\", rpm:\"poppler-glib~0.8.7~7.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"poppler-glib-devel\", rpm:\"poppler-glib-devel~0.8.7~7.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"poppler-qt\", rpm:\"poppler-qt~0.8.7~7.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"poppler-qt-devel\", rpm:\"poppler-qt-devel~0.8.7~7.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"poppler-qt4\", rpm:\"poppler-qt4~0.8.7~7.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"poppler-qt4-devel\", rpm:\"poppler-qt4-devel~0.8.7~7.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"poppler-utils\", rpm:\"poppler-utils~0.8.7~7.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"poppler-debuginfo\", rpm:\"poppler-debuginfo~0.8.7~7.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-01-02T10:54:08", "description": "Check for the Version of pdfedit", "cvss3": {}, "published": "2010-03-02T00:00:00", "type": "openvas", "title": "Fedora Update for pdfedit FEDORA-2010-1377", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-3608", "CVE-2009-3603", "CVE-2009-1188", "CVE-2009-3606", "CVE-2009-3604", "CVE-2009-3609"], "modified": "2017-12-22T00:00:00", "id": "OPENVAS:861687", "href": "http://plugins.openvas.org/nasl.php?oid=861687", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for pdfedit FEDORA-2010-1377\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"pdfedit on Fedora 12\";\ntag_insight = \"Free pdf editing using PdfEdit. Complete editing of pdf documents is made\n possible with PDFedit. You can change either raw pdf objects (for advanced\n users) or use predefined gui functions. Functions can be easily added as\n everything is based on a script.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035408.html\");\n script_id(861687);\n script_version(\"$Revision: 8226 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-22 07:30:26 +0100 (Fri, 22 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-03-02 08:38:02 +0100 (Tue, 02 Mar 2010)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"FEDORA\", value: \"2010-1377\");\n script_cve_id(\"CVE-2009-1188\", \"CVE-2009-3603\", \"CVE-2009-3604\", \"CVE-2009-3606\", \"CVE-2009-3608\", \"CVE-2009-3609\");\n script_name(\"Fedora Update for pdfedit FEDORA-2010-1377\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of pdfedit\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC12\")\n{\n\n if ((res = isrpmvuln(pkg:\"pdfedit\", rpm:\"pdfedit~0.4.3~4.fc12\", rls:\"FC12\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-25T10:56:41", "description": "The remote host is missing an update to poppler\nannounced via advisory FEDORA-2009-10823.", "cvss3": {}, "published": "2009-11-11T00:00:00", "type": "openvas", "title": "Fedora Core 10 FEDORA-2009-10823 (poppler)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-3608", "CVE-2009-3603", "CVE-2009-3607", "CVE-2009-3606", "CVE-2009-3604", "CVE-2009-3609"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:66139", "href": "http://plugins.openvas.org/nasl.php?oid=66139", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: fcore_2009_10823.nasl 6624 2017-07-10 06:11:55Z cfischer $\n# Description: Auto-generated from advisory FEDORA-2009-10823 (poppler)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Update Information:\n\nThis build addresses several recent security issues.\n\nChangeLog:\n\n* Sun Oct 25 2009 Rex Dieter - 0.8.8-7\n- CVE-2009-3603 SplashBitmap::SplashBitmap integer overflow (#526915)\n- CVE-2009-3604 Splash::drawImage integer overflow and missing allocation\n return value check(#526911)\n- CVE-2009-3606 PSOutputDev::doImageL1Sep integer overflow (#526877)\n- CVE-2009-3607 create_surface_from_thumbnail_data integer overflow (#526924)\n- CVE-2009-3608 integer overflow in ObjectStream::ObjectStream (#526637)\n- CVE-2009-3609 ImageStream::ImageStream integer overflow (#526893)\";\ntag_solution = \"Apply the appropriate updates.\n\nThis update can be installed with the yum update program. Use \nsu -c 'yum update poppler' at the command line.\nFor more information, refer to Managing Software with yum,\navailable at http://docs.fedoraproject.org/yum/.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2009-10823\";\ntag_summary = \"The remote host is missing an update to poppler\nannounced via advisory FEDORA-2009-10823.\";\n\n\n\nif(description)\n{\n script_id(66139);\n script_version(\"$Revision: 6624 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:11:55 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-11-11 15:56:44 +0100 (Wed, 11 Nov 2009)\");\n script_cve_id(\"CVE-2009-3603\", \"CVE-2009-3604\", \"CVE-2009-3606\", \"CVE-2009-3607\", \"CVE-2009-3608\", \"CVE-2009-3609\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"Fedora Core 10 FEDORA-2009-10823 (poppler)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=526915\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=526911\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=526877\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=526924\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=526637\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=526893\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"poppler\", rpm:\"poppler~0.8.7~7.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"poppler-devel\", rpm:\"poppler-devel~0.8.7~7.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"poppler-glib\", rpm:\"poppler-glib~0.8.7~7.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"poppler-glib-devel\", rpm:\"poppler-glib-devel~0.8.7~7.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"poppler-qt\", rpm:\"poppler-qt~0.8.7~7.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"poppler-qt-devel\", rpm:\"poppler-qt-devel~0.8.7~7.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"poppler-qt4\", rpm:\"poppler-qt4~0.8.7~7.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"poppler-qt4-devel\", rpm:\"poppler-qt4-devel~0.8.7~7.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"poppler-utils\", rpm:\"poppler-utils~0.8.7~7.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"poppler-debuginfo\", rpm:\"poppler-debuginfo~0.8.7~7.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-25T10:56:26", "description": "The remote host is missing an update to poppler\nannounced via advisory FEDORA-2009-10845.", "cvss3": {}, "published": "2009-11-11T00:00:00", "type": "openvas", "title": "Fedora Core 11 FEDORA-2009-10845 (poppler)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-3608", "CVE-2009-3603", "CVE-2009-3607", "CVE-2009-3606", "CVE-2009-3604", "CVE-2009-3609"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:66140", "href": "http://plugins.openvas.org/nasl.php?oid=66140", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: fcore_2009_10845.nasl 6624 2017-07-10 06:11:55Z cfischer $\n# Description: Auto-generated from advisory FEDORA-2009-10845 (poppler)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Update Information:\n\nThis build addresses several recent security issues.\n\nChangeLog:\n\n* Sun Oct 25 2009 Rex Dieter - 0.10.7-3\n- CVE-2009-3603 SplashBitmap::SplashBitmap integer overflow (#526915)\n- CVE-2009-3604 Splash::drawImage integer overflow and missing allocation return value check(#526911)\n- CVE-2009-3606 PSOutputDev::doImageL1Sep integer overflow (#526877)\n- CVE-2009-3607 poppler: create_surface_from_thumbnail_data integer overflow (#526924)\n- CVE-2009-3608 integer overflow in ObjectStream::ObjectStream (#526637)\n- CVE-2009-3609 ImageStream::ImageStream integer overflow (#526893)\";\ntag_solution = \"Apply the appropriate updates.\n\nThis update can be installed with the yum update program. Use \nsu -c 'yum update poppler' at the command line.\nFor more information, refer to Managing Software with yum,\navailable at http://docs.fedoraproject.org/yum/.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2009-10845\";\ntag_summary = \"The remote host is missing an update to poppler\nannounced via advisory FEDORA-2009-10845.\";\n\n\n\nif(description)\n{\n script_id(66140);\n script_version(\"$Revision: 6624 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:11:55 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-11-11 15:56:44 +0100 (Wed, 11 Nov 2009)\");\n script_cve_id(\"CVE-2009-3603\", \"CVE-2009-3604\", \"CVE-2009-3606\", \"CVE-2009-3607\", \"CVE-2009-3608\", \"CVE-2009-3609\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"Fedora Core 11 FEDORA-2009-10845 (poppler)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=526915\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=526911\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=526877\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=526924\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=526637\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=526893\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"poppler\", rpm:\"poppler~0.10.7~3.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"poppler-devel\", rpm:\"poppler-devel~0.10.7~3.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"poppler-glib\", rpm:\"poppler-glib~0.10.7~3.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"poppler-glib-devel\", rpm:\"poppler-glib-devel~0.10.7~3.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"poppler-qt\", rpm:\"poppler-qt~0.10.7~3.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"poppler-qt-devel\", rpm:\"poppler-qt-devel~0.10.7~3.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"poppler-qt4\", rpm:\"poppler-qt4~0.10.7~3.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"poppler-qt4-devel\", rpm:\"poppler-qt4-devel~0.10.7~3.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"poppler-utils\", rpm:\"poppler-utils~0.10.7~3.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"poppler-debuginfo\", rpm:\"poppler-debuginfo~0.10.7~3.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-01-08T12:53:44", "description": "The remote host is missing an update to xpdf\nannounced via advisory DSA 2028-1.", "cvss3": {}, "published": "2010-04-21T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 2028-1 (xpdf)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-3608", "CVE-2009-3603", "CVE-2009-1188", "CVE-2009-3606", "CVE-2009-3604", "CVE-2009-3609"], "modified": "2018-01-08T00:00:00", "id": "OPENVAS:136141256231067264", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231067264", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2028_1.nasl 8314 2018-01-08 08:01:01Z teissa $\n# Description: Auto-generated from advisory DSA 2028-1 (xpdf)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Several vulnerabilities have been identified in xpdf, a suite of tools for\nviewing and converting Portable Document Format (PDF) files.\n\nThe Common Vulnerabilities and Exposures project identifies the following\nproblems:\n\nCVE-2009-1188 and CVE-2009-3603\n\nInteger overflow in SplashBitmap::SplashBitmap which might allow remote\nattackers to execute arbitrary code or an application crash via a crafted\nPDF document.\n\nCVE-2009-3604\n\nNULL pointer dereference or heap-based buffer overflow in\nSplash::drawImage which might allow remote attackers to cause a denial\nof service (application crash) or possibly execute arbitrary code via\na crafted PDF document.\n\nCVE-2009-3606\n\nInteger overflow in the PSOutputDev::doImageL1Sep which might allow\nremote attackers to execute arbitrary code via a crafted PDF document.\n\nCVE-2009-3608\n\nInteger overflow in the ObjectStream::ObjectStream which might allow\nremote attackers to execute arbitrary code via a crafted PDF document.\n\nCVE-2009-3609\n\nInteger overflow in the ImageStream::ImageStream which might allow\nremote attackers to cause a denial of service via a crafted PDF\ndocument.\n\n\nFor the stable distribution (lenny), this problem has been fixed in\nversion 3.02-1.4+lenny2.\n\nFor the testing distribution (squeeze), this problem will be fixed soon.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 3.02-2.\";\ntag_summary = \"The remote host is missing an update to xpdf\nannounced via advisory DSA 2028-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202028-1\";\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.67264\");\n script_version(\"$Revision: 8314 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-08 09:01:01 +0100 (Mon, 08 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2010-04-21 03:31:17 +0200 (Wed, 21 Apr 2010)\");\n script_cve_id(\"CVE-2009-1188\", \"CVE-2009-3603\", \"CVE-2009-3604\", \"CVE-2009-3606\", \"CVE-2009-3608\", \"CVE-2009-3609\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"Debian Security Advisory DSA 2028-1 (xpdf)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"xpdf\", ver:\"3.02-1.4+lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"xpdf-common\", ver:\"3.02-1.4+lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"xpdf-reader\", ver:\"3.02-1.4+lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"xpdf-utils\", ver:\"3.02-1.4+lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-12-04T11:27:55", "description": "The remote host is missing an update to poppler\nannounced via advisory USN-850-1.", "cvss3": {}, "published": "2009-10-27T00:00:00", "type": "openvas", "title": "Ubuntu USN-850-1 (poppler)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-3608", "CVE-2009-3603", "CVE-2009-3607", "CVE-2009-0755", "CVE-2009-3604", "CVE-2009-3605", "CVE-2009-3609"], "modified": "2017-12-01T00:00:00", "id": "OPENVAS:66111", "href": "http://plugins.openvas.org/nasl.php?oid=66111", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: ubuntu_850_1.nasl 7969 2017-12-01 09:23:16Z santu $\n# $Id: ubuntu_850_1.nasl 7969 2017-12-01 09:23:16Z santu $\n# Description: Auto-generated from advisory USN-850-1 (poppler)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_solution = \"The problem can be corrected by upgrading your system to the\n following package versions:\n\nUbuntu 6.06 LTS:\n libpoppler1 0.5.1-0ubuntu7.6\n libpoppler1-glib 0.5.1-0ubuntu7.6\n\nUbuntu 8.04 LTS:\n libpoppler-glib2 0.6.4-1ubuntu3.3\n libpoppler2 0.6.4-1ubuntu3.3\n\nUbuntu 8.10:\n libpoppler-glib3 0.8.7-1ubuntu0.4\n libpoppler3 0.8.7-1ubuntu0.4\n\nUbuntu 9.04:\n libpoppler-glib4 0.10.5-1ubuntu2.4\n libpoppler4 0.10.5-1ubuntu2.4\n\nIn general, a standard system upgrade is sufficient to effect the\nnecessary changes.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=USN-850-1\";\n\ntag_insight = \"It was discovered that poppler contained multiple security issues when\nparsing malformed PDF documents. If a user or automated system were tricked\ninto opening a crafted PDF file, an attacker could cause a denial of\nservice or execute arbitrary code with privileges of the user invoking the\nprogram.\";\ntag_summary = \"The remote host is missing an update to poppler\nannounced via advisory USN-850-1.\";\n\n \n\n\nif(description)\n{\n script_id(66111);\n script_version(\"$Revision: 7969 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-01 10:23:16 +0100 (Fri, 01 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-27 01:37:56 +0100 (Tue, 27 Oct 2009)\");\n script_cve_id(\"CVE-2009-0755\", \"CVE-2009-3603\", \"CVE-2009-3604\", \"CVE-2009-3605\", \"CVE-2009-3607\", \"CVE-2009-3608\", \"CVE-2009-3609\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"Ubuntu USN-850-1 (poppler)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-850-1/\");\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"libpoppler-dev\", ver:\"0.5.1-0ubuntu7.6\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libpoppler-glib-dev\", ver:\"0.5.1-0ubuntu7.6\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libpoppler-qt-dev\", ver:\"0.5.1-0ubuntu7.6\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libpoppler1-glib\", ver:\"0.5.1-0ubuntu7.6\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libpoppler1-qt\", ver:\"0.5.1-0ubuntu7.6\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libpoppler1\", ver:\"0.5.1-0ubuntu7.6\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"poppler-utils\", ver:\"0.5.1-0ubuntu7.6\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libpoppler-dev\", ver:\"0.6.4-1ubuntu3.3\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libpoppler-glib-dev\", ver:\"0.6.4-1ubuntu3.3\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libpoppler-glib2\", ver:\"0.6.4-1ubuntu3.3\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libpoppler-qt-dev\", ver:\"0.6.4-1ubuntu3.3\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libpoppler-qt2\", ver:\"0.6.4-1ubuntu3.3\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libpoppler-qt4-2\", ver:\"0.6.4-1ubuntu3.3\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libpoppler-qt4-dev\", ver:\"0.6.4-1ubuntu3.3\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libpoppler2\", ver:\"0.6.4-1ubuntu3.3\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"poppler-utils\", ver:\"0.6.4-1ubuntu3.3\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libpoppler-dev\", ver:\"0.8.7-1ubuntu0.4\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libpoppler-glib-dev\", ver:\"0.8.7-1ubuntu0.4\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libpoppler-glib3\", ver:\"0.8.7-1ubuntu0.4\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libpoppler-qt-dev\", ver:\"0.8.7-1ubuntu0.4\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libpoppler-qt2\", ver:\"0.8.7-1ubuntu0.4\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libpoppler-qt4-3\", ver:\"0.8.7-1ubuntu0.4\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libpoppler-qt4-dev\", ver:\"0.8.7-1ubuntu0.4\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libpoppler3\", ver:\"0.8.7-1ubuntu0.4\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"poppler-dbg\", ver:\"0.8.7-1ubuntu0.4\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"poppler-utils\", ver:\"0.8.7-1ubuntu0.4\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libpoppler-dev\", ver:\"0.10.5-1ubuntu2.4\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libpoppler-glib-dev\", ver:\"0.10.5-1ubuntu2.4\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libpoppler-glib4\", ver:\"0.10.5-1ubuntu2.4\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libpoppler-qt-dev\", ver:\"0.10.5-1ubuntu2.4\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libpoppler-qt2\", ver:\"0.10.5-1ubuntu2.4\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libpoppler-qt4-3\", ver:\"0.10.5-1ubuntu2.4\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libpoppler-qt4-dev\", ver:\"0.10.5-1ubuntu2.4\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libpoppler4\", ver:\"0.10.5-1ubuntu2.4\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"poppler-dbg\", ver:\"0.10.5-1ubuntu2.4\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"poppler-utils\", ver:\"0.10.5-1ubuntu2.4\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-12-04T11:27:49", "description": "The remote host is missing an update to poppler\nannounced via advisory USN-850-3.", "cvss3": {}, "published": "2009-11-23T00:00:00", "type": "openvas", "title": "Ubuntu USN-850-3 (poppler)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-3608", "CVE-2009-3603", "CVE-2009-3607", "CVE-2009-3604", "CVE-2009-3609"], "modified": "2017-12-01T00:00:00", "id": "OPENVAS:66308", "href": "http://plugins.openvas.org/nasl.php?oid=66308", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: ubuntu_850_3.nasl 7969 2017-12-01 09:23:16Z santu $\n# $Id: ubuntu_850_3.nasl 7969 2017-12-01 09:23:16Z santu $\n# Description: Auto-generated from advisory USN-850-3 (poppler)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_solution = \"The problem can be corrected by upgrading your system to the\n following package versions:\n\nUbuntu 9.10:\n libpoppler-glib4 0.12.0-0ubuntu2.1\n libpoppler5 0.12.0-0ubuntu2.1\n\nIn general, a standard system upgrade is sufficient to effect the\nnecessary changes.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=USN-850-3\";\n\ntag_insight = \"USN-850-1 fixed vulnerabilities in poppler. This update provides the\ncorresponding updates for Ubuntu 9.10.\n\nOriginal advisory details:\n\n It was discovered that poppler contained multiple security issues when\n parsing malformed PDF documents. If a user or automated system were tricked\n into opening a crafted PDF file, an attacker could cause a denial of\n service or execute arbitrary code with privileges of the user invoking the\n program.\";\ntag_summary = \"The remote host is missing an update to poppler\nannounced via advisory USN-850-3.\";\n\n \n\n\nif(description)\n{\n script_id(66308);\n script_version(\"$Revision: 7969 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-01 10:23:16 +0100 (Fri, 01 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-11-23 20:51:51 +0100 (Mon, 23 Nov 2009)\");\n script_cve_id(\"CVE-2009-3603\", \"CVE-2009-3604\", \"CVE-2009-3607\", \"CVE-2009-3608\", \"CVE-2009-3609\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"Ubuntu USN-850-3 (poppler)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-850-3/\");\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"libpoppler-dev\", ver:\"0.12.0-0ubuntu2.1\", rls:\"UBUNTU9.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libpoppler-glib-dev\", ver:\"0.12.0-0ubuntu2.1\", rls:\"UBUNTU9.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libpoppler-glib4\", ver:\"0.12.0-0ubuntu2.1\", rls:\"UBUNTU9.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libpoppler-qt-dev\", ver:\"0.12.0-0ubuntu2.1\", rls:\"UBUNTU9.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libpoppler-qt2\", ver:\"0.12.0-0ubuntu2.1\", rls:\"UBUNTU9.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libpoppler-qt4-3\", ver:\"0.12.0-0ubuntu2.1\", rls:\"UBUNTU9.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libpoppler-qt4-dev\", ver:\"0.12.0-0ubuntu2.1\", rls:\"UBUNTU9.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libpoppler5\", ver:\"0.12.0-0ubuntu2.1\", rls:\"UBUNTU9.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"poppler-dbg\", ver:\"0.12.0-0ubuntu2.1\", rls:\"UBUNTU9.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"poppler-utils\", ver:\"0.12.0-0ubuntu2.1\", rls:\"UBUNTU9.10\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:39:45", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2011-08-09T00:00:00", "type": "openvas", "title": "CentOS Update for poppler CESA-2009:1504 centos5 i386", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-3608", "CVE-2009-3603", "CVE-2009-3609"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310880859", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310880859", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for poppler CESA-2009:1504 centos5 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2009-October/016271.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.880859\");\n script_version(\"$Revision: 14222 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 13:50:48 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-08-09 08:20:34 +0200 (Tue, 09 Aug 2011)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name:\"CESA\", value:\"2009:1504\");\n script_cve_id(\"CVE-2009-3603\", \"CVE-2009-3608\", \"CVE-2009-3609\");\n script_name(\"CentOS Update for poppler CESA-2009:1504 centos5 i386\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'poppler'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS5\");\n script_tag(name:\"affected\", value:\"poppler on CentOS 5\");\n script_tag(name:\"insight\", value:\"Poppler is a Portable Document Format (PDF) rendering library, used by\n applications such as Evince.\n\n Multiple integer overflow flaws were found in poppler. An attacker could\n create a malicious PDF file that would cause applications that use poppler\n (such as Evince) to crash or, potentially, execute arbitrary code when\n opened. (CVE-2009-3603, CVE-2009-3608, CVE-2009-3609)\n\n Red Hat would like to thank Chris Rohlf for reporting the CVE-2009-3608\n issue.\n\n This update also corrects a regression introduced in the previous poppler\n security update, RHSA-2009:0480, that prevented poppler from rendering\n certain PDF documents correctly. (BZ#528147)\n\n Users are advised to upgrade to these updated packages, which contain\n backported patches to resolve these issues.\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"poppler\", rpm:\"poppler~0.5.4~4.4.el5_4.11\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"poppler-devel\", rpm:\"poppler-devel~0.5.4~4.4.el5_4.11\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"poppler-utils\", rpm:\"poppler-utils~0.5.4~4.4.el5_4.11\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2018-04-06T11:40:47", "description": "The remote host is missing updates to poppler announced in\nadvisory CESA-2009:1504.", "cvss3": {}, "published": "2009-11-11T00:00:00", "type": "openvas", "title": "CentOS Security Advisory CESA-2009:1504 (poppler)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-3608", "CVE-2009-3603", "CVE-2009-3609"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:136141256231066172", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231066172", "sourceData": "#CESA-2009:1504 66172 2\n# $Id: ovcesa2009_1504.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory CESA-2009:1504 (poppler)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"For details on the issues addressed in this update,\nplease visit the referenced security advisories.\";\ntag_solution = \"Update the appropriate packages on your system.\n\nhttp://www.securityspace.com/smysecure/catid.html?in=CESA-2009:1504\nhttp://www.securityspace.com/smysecure/catid.html?in=RHSA-2009:1504\nhttps://rhn.redhat.com/errata/RHSA-2009-1504.html\";\ntag_summary = \"The remote host is missing updates to poppler announced in\nadvisory CESA-2009:1504.\";\n\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.66172\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-11-11 15:56:44 +0100 (Wed, 11 Nov 2009)\");\n script_cve_id(\"CVE-2009-3603\", \"CVE-2009-3608\", \"CVE-2009-3609\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"CentOS Security Advisory CESA-2009:1504 (poppler)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"poppler\", rpm:\"poppler~0.5.4~4.4.el5_4.11\", rls:\"CentOS5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"poppler-devel\", rpm:\"poppler-devel~0.5.4~4.4.el5_4.11\", rls:\"CentOS5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"poppler-utils\", rpm:\"poppler-utils~0.5.4~4.4.el5_4.11\", rls:\"CentOS5\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-25T10:55:26", "description": "Check for the Version of poppler", "cvss3": {}, "published": "2011-08-09T00:00:00", "type": "openvas", "title": "CentOS Update for poppler CESA-2009:1504 centos5 i386", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-3608", "CVE-2009-3603", "CVE-2009-3609"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:880859", "href": "http://plugins.openvas.org/nasl.php?oid=880859", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for poppler CESA-2009:1504 centos5 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Poppler is a Portable Document Format (PDF) rendering library, used by\n applications such as Evince.\n\n Multiple integer overflow flaws were found in poppler. An attacker could\n create a malicious PDF file that would cause applications that use poppler\n (such as Evince) to crash or, potentially, execute arbitrary code when\n opened. (CVE-2009-3603, CVE-2009-3608, CVE-2009-3609)\n \n Red Hat would like to thank Chris Rohlf for reporting the CVE-2009-3608\n issue.\n \n This update also corrects a regression introduced in the previous poppler\n security update, RHSA-2009:0480, that prevented poppler from rendering\n certain PDF documents correctly. (BZ#528147)\n \n Users are advised to upgrade to these updated packages, which contain\n backported patches to resolve these issues.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"poppler on CentOS 5\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2009-October/016271.html\");\n script_id(880859);\n script_version(\"$Revision: 6653 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 13:46:53 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-08-09 08:20:34 +0200 (Tue, 09 Aug 2011)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"CESA\", value: \"2009:1504\");\n script_cve_id(\"CVE-2009-3603\", \"CVE-2009-3608\", \"CVE-2009-3609\");\n script_name(\"CentOS Update for poppler CESA-2009:1504 centos5 i386\");\n\n script_summary(\"Check for the Version of poppler\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"poppler\", rpm:\"poppler~0.5.4~4.4.el5_4.11\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"poppler-devel\", rpm:\"poppler-devel~0.5.4~4.4.el5_4.11\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"poppler-utils\", rpm:\"poppler-utils~0.5.4~4.4.el5_4.11\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-27T10:56:23", "description": "The remote host is missing updates announced in\nadvisory RHSA-2009:1504.\n\nPoppler is a Portable Document Format (PDF) rendering library, used by\napplications such as Evince.\n\nMultiple integer overflow flaws were found in poppler. An attacker could\ncreate a malicious PDF file that would cause applications that use poppler\n(such as Evince) to crash or, potentially, execute arbitrary code when\nopened. (CVE-2009-3603, CVE-2009-3608, CVE-2009-3609)\n\nRed Hat would like to thank Chris Rohlf for reporting the CVE-2009-3608\nissue.\n\nThis update also corrects a regression introduced in the previous poppler\nsecurity update, RHSA-2009:0480, that prevented poppler from rendering\ncertain PDF documents correctly. (BZ#528147)\n\nUsers are advised to upgrade to these updated packages, which contain\nbackported patches to resolve these issues.", "cvss3": {}, "published": "2009-10-19T00:00:00", "type": "openvas", "title": "RedHat Security Advisory RHSA-2009:1504", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-3608", "CVE-2009-3603", "CVE-2009-3609"], "modified": "2017-07-12T00:00:00", "id": "OPENVAS:66016", "href": "http://plugins.openvas.org/nasl.php?oid=66016", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: RHSA_2009_1504.nasl 6683 2017-07-12 09:41:57Z cfischer $\n# Description: Auto-generated from advisory RHSA-2009:1504 ()\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates announced in\nadvisory RHSA-2009:1504.\n\nPoppler is a Portable Document Format (PDF) rendering library, used by\napplications such as Evince.\n\nMultiple integer overflow flaws were found in poppler. An attacker could\ncreate a malicious PDF file that would cause applications that use poppler\n(such as Evince) to crash or, potentially, execute arbitrary code when\nopened. (CVE-2009-3603, CVE-2009-3608, CVE-2009-3609)\n\nRed Hat would like to thank Chris Rohlf for reporting the CVE-2009-3608\nissue.\n\nThis update also corrects a regression introduced in the previous poppler\nsecurity update, RHSA-2009:0480, that prevented poppler from rendering\ncertain PDF documents correctly. (BZ#528147)\n\nUsers are advised to upgrade to these updated packages, which contain\nbackported patches to resolve these issues.\";\n\ntag_solution = \"Please note that this update is available via\nRed Hat Network. To use Red Hat Network, launch the Red\nHat Update Agent with the following command: up2date\";\n\n\n\nif(description)\n{\n script_id(66016);\n script_version(\"$Revision: 6683 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-12 11:41:57 +0200 (Wed, 12 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-19 21:50:22 +0200 (Mon, 19 Oct 2009)\");\n script_cve_id(\"CVE-2009-3603\", \"CVE-2009-3608\", \"CVE-2009-3609\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"RedHat Security Advisory RHSA-2009:1504\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"http://rhn.redhat.com/errata/RHSA-2009-1504.html\");\n script_xref(name : \"URL\" , value : \"http://www.redhat.com/security/updates/classification/#important\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"poppler\", rpm:\"poppler~0.5.4~4.4.el5_4.11\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"poppler-debuginfo\", rpm:\"poppler-debuginfo~0.5.4~4.4.el5_4.11\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"poppler-utils\", rpm:\"poppler-utils~0.5.4~4.4.el5_4.11\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"poppler-devel\", rpm:\"poppler-devel~0.5.4~4.4.el5_4.11\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-06T11:39:23", "description": "The remote host is missing updates announced in\nadvisory RHSA-2009:1504.\n\nPoppler is a Portable Document Format (PDF) rendering library, used by\napplications such as Evince.\n\nMultiple integer overflow flaws were found in poppler. An attacker could\ncreate a malicious PDF file that would cause applications that use poppler\n(such as Evince) to crash or, potentially, execute arbitrary code when\nopened. (CVE-2009-3603, CVE-2009-3608, CVE-2009-3609)\n\nRed Hat would like to thank Chris Rohlf for reporting the CVE-2009-3608\nissue.\n\nThis update also corrects a regression introduced in the previous poppler\nsecurity update, RHSA-2009:0480, that prevented poppler from rendering\ncertain PDF documents correctly. (BZ#528147)\n\nUsers are advised to upgrade to these updated packages, which contain\nbackported patches to resolve these issues.", "cvss3": {}, "published": "2009-10-19T00:00:00", "type": "openvas", "title": "RedHat Security Advisory RHSA-2009:1504", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-3608", "CVE-2009-3603", "CVE-2009-3609"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:136141256231066016", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231066016", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: RHSA_2009_1504.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory RHSA-2009:1504 ()\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates announced in\nadvisory RHSA-2009:1504.\n\nPoppler is a Portable Document Format (PDF) rendering library, used by\napplications such as Evince.\n\nMultiple integer overflow flaws were found in poppler. An attacker could\ncreate a malicious PDF file that would cause applications that use poppler\n(such as Evince) to crash or, potentially, execute arbitrary code when\nopened. (CVE-2009-3603, CVE-2009-3608, CVE-2009-3609)\n\nRed Hat would like to thank Chris Rohlf for reporting the CVE-2009-3608\nissue.\n\nThis update also corrects a regression introduced in the previous poppler\nsecurity update, RHSA-2009:0480, that prevented poppler from rendering\ncertain PDF documents correctly. (BZ#528147)\n\nUsers are advised to upgrade to these updated packages, which contain\nbackported patches to resolve these issues.\";\n\ntag_solution = \"Please note that this update is available via\nRed Hat Network. To use Red Hat Network, launch the Red\nHat Update Agent with the following command: up2date\";\n\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.66016\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-19 21:50:22 +0200 (Mon, 19 Oct 2009)\");\n script_cve_id(\"CVE-2009-3603\", \"CVE-2009-3608\", \"CVE-2009-3609\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"RedHat Security Advisory RHSA-2009:1504\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"http://rhn.redhat.com/errata/RHSA-2009-1504.html\");\n script_xref(name : \"URL\" , value : \"http://www.redhat.com/security/updates/classification/#important\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"poppler\", rpm:\"poppler~0.5.4~4.4.el5_4.11\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"poppler-debuginfo\", rpm:\"poppler-debuginfo~0.5.4~4.4.el5_4.11\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"poppler-utils\", rpm:\"poppler-utils~0.5.4~4.4.el5_4.11\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"poppler-devel\", rpm:\"poppler-devel~0.5.4~4.4.el5_4.11\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-25T10:57:16", "description": "The remote host is missing updates to poppler announced in\nadvisory CESA-2009:1504.", "cvss3": {}, "published": "2009-11-11T00:00:00", "type": "openvas", "title": "CentOS Security Advisory CESA-2009:1504 (poppler)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-3608", "CVE-2009-3603", "CVE-2009-3609"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:66172", "href": "http://plugins.openvas.org/nasl.php?oid=66172", "sourceData": "#CESA-2009:1504 66172 2\n# $Id: ovcesa2009_1504.nasl 6650 2017-07-10 11:43:12Z cfischer $\n# Description: Auto-generated from advisory CESA-2009:1504 (poppler)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"For details on the issues addressed in this update,\nplease visit the referenced security advisories.\";\ntag_solution = \"Update the appropriate packages on your system.\n\nhttp://www.securityspace.com/smysecure/catid.html?in=CESA-2009:1504\nhttp://www.securityspace.com/smysecure/catid.html?in=RHSA-2009:1504\nhttps://rhn.redhat.com/errata/RHSA-2009-1504.html\";\ntag_summary = \"The remote host is missing updates to poppler announced in\nadvisory CESA-2009:1504.\";\n\n\n\nif(description)\n{\n script_id(66172);\n script_version(\"$Revision: 6650 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 13:43:12 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-11-11 15:56:44 +0100 (Wed, 11 Nov 2009)\");\n script_cve_id(\"CVE-2009-3603\", \"CVE-2009-3608\", \"CVE-2009-3609\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"CentOS Security Advisory CESA-2009:1504 (poppler)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"poppler\", rpm:\"poppler~0.5.4~4.4.el5_4.11\", rls:\"CentOS5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"poppler-devel\", rpm:\"poppler-devel~0.5.4~4.4.el5_4.11\", rls:\"CentOS5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"poppler-utils\", rpm:\"poppler-utils~0.5.4~4.4.el5_4.11\", rls:\"CentOS5\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:35:57", "description": "Oracle Linux Local Security Checks ELSA-2009-1504", "cvss3": {}, "published": "2015-10-08T00:00:00", "type": "openvas", "title": "Oracle Linux Local Check: ELSA-2009-1504", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-3608", "CVE-2009-3603", "CVE-2009-3609"], "modified": "2018-09-28T00:00:00", "id": "OPENVAS:1361412562310122426", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310122426", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2009-1504.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.122426\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-08 14:45:11 +0300 (Thu, 08 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2009-1504\");\n script_tag(name:\"insight\", value:\"ELSA-2009-1504 - poppler security and bug fix update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2009-1504\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2009-1504.html\");\n script_cve_id(\"CVE-2009-3603\", \"CVE-2009-3608\", \"CVE-2009-3609\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux5\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux5\")\n{\n if ((res = isrpmvuln(pkg:\"poppler\", rpm:\"poppler~0.5.4~4.4.el5_4.11\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"poppler-devel\", rpm:\"poppler-devel~0.5.4~4.4.el5_4.11\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"poppler-utils\", rpm:\"poppler-utils~0.5.4~4.4.el5_4.11\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:39:58", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2011-08-09T00:00:00", "type": "openvas", "title": "CentOS Update for kdegraphics CESA-2009:1502 centos5 i386", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-3608", "CVE-2009-1188", "CVE-2009-0791", "CVE-2009-3606", "CVE-2009-3604", "CVE-2009-3609"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310880758", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310880758", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for kdegraphics CESA-2009:1502 centos5 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2009-October/016232.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.880758\");\n script_version(\"$Revision: 14222 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 13:50:48 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-08-09 08:20:34 +0200 (Tue, 09 Aug 2011)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name:\"CESA\", value:\"2009:1502\");\n script_cve_id(\"CVE-2009-0791\", \"CVE-2009-1188\", \"CVE-2009-3604\", \"CVE-2009-3606\", \"CVE-2009-3608\", \"CVE-2009-3609\");\n script_name(\"CentOS Update for kdegraphics CESA-2009:1502 centos5 i386\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'kdegraphics'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS5\");\n script_tag(name:\"affected\", value:\"kdegraphics on CentOS 5\");\n script_tag(name:\"insight\", value:\"The kdegraphics packages contain applications for the K Desktop\n Environment, including KPDF, a viewer for Portable Document Format (PDF)\n files.\n\n Multiple integer overflow flaws were found in KPDF. An attacker could\n create a malicious PDF file that would cause KPDF to crash or, potentially,\n execute arbitrary code when opened. (CVE-2009-0791, CVE-2009-1188,\n CVE-2009-3604, CVE-2009-3606, CVE-2009-3608, CVE-2009-3609)\n\n Red Hat would like to thank Adam Zabrocki for reporting the CVE-2009-3604\n issue, and Chris Rohlf for reporting the CVE-2009-3608 issue.\n\n Users are advised to upgrade to these updated packages, which contain a\n backported patch to resolve these issues.\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"kdegraphics\", rpm:\"kdegraphics~3.5.4~15.el5_4.2\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kdegraphics-devel\", rpm:\"kdegraphics-devel~3.5.4~15.el5_4.2\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2018-04-06T11:38:05", "description": "The remote host is missing updates to xpdf announced in\nadvisory CESA-2009:1501.", "cvss3": {}, "published": "2009-10-19T00:00:00", "type": "openvas", "title": "CentOS Security Advisory CESA-2009:1501 (xpdf)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-3608", "CVE-2009-1188", "CVE-2009-0791", "CVE-2009-3606", "CVE-2009-3604", "CVE-2009-3609"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:136141256231066067", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231066067", "sourceData": "#CESA-2009:1501 66067 2\n# $Id: ovcesa2009_1501.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory CESA-2009:1501 (xpdf)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"For details on the issues addressed in this update,\nplease visit the referenced security advisories.\";\ntag_solution = \"Update the appropriate packages on your system.\n\nhttp://www.securityspace.com/smysecure/catid.html?in=CESA-2009:1501\nhttp://www.securityspace.com/smysecure/catid.html?in=RHSA-2009:1501\";\ntag_summary = \"The remote host is missing updates to xpdf announced in\nadvisory CESA-2009:1501.\";\n\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.66067\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-19 21:50:22 +0200 (Mon, 19 Oct 2009)\");\n script_cve_id(\"CVE-2009-0791\", \"CVE-2009-1188\", \"CVE-2009-3604\", \"CVE-2009-3606\", \"CVE-2009-3608\", \"CVE-2009-3609\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"CentOS Security Advisory CESA-2009:1501 (xpdf)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"xpdf\", rpm:\"xpdf~3.00~22.el4_8.1\", rls:\"CentOS4\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-27T10:56:15", "description": "The remote host is missing updates announced in\nadvisory RHSA-2009:1501.\n\nXpdf is an X Window System based viewer for Portable Document Format (PDF)\nfiles.\n\nMultiple integer overflow flaws were found in Xpdf. An attacker could\ncreate a malicious PDF file that would cause Xpdf to crash or, potentially,\nexecute arbitrary code when opened. (CVE-2009-0791, CVE-2009-1188,\nCVE-2009-3604, CVE-2009-3606, CVE-2009-3608, CVE-2009-3609)\n\nRed Hat would like to thank Adam Zabrocki for reporting the CVE-2009-3604\nissue, and Chris Rohlf for reporting the CVE-2009-3608 issue.\n\nUsers are advised to upgrade to this updated package, which contains a\nbackported patch to correct these issues.", "cvss3": {}, "published": "2009-10-19T00:00:00", "type": "openvas", "title": "RedHat Security Advisory RHSA-2009:1501", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-3608", "CVE-2009-1188", "CVE-2009-0791", "CVE-2009-3606", "CVE-2009-3604", "CVE-2009-3609"], "modified": "2017-07-12T00:00:00", "id": "OPENVAS:66013", "href": "http://plugins.openvas.org/nasl.php?oid=66013", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: RHSA_2009_1501.nasl 6683 2017-07-12 09:41:57Z cfischer $\n# Description: Auto-generated from advisory RHSA-2009:1501 ()\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates announced in\nadvisory RHSA-2009:1501.\n\nXpdf is an X Window System based viewer for Portable Document Format (PDF)\nfiles.\n\nMultiple integer overflow flaws were found in Xpdf. An attacker could\ncreate a malicious PDF file that would cause Xpdf to crash or, potentially,\nexecute arbitrary code when opened. (CVE-2009-0791, CVE-2009-1188,\nCVE-2009-3604, CVE-2009-3606, CVE-2009-3608, CVE-2009-3609)\n\nRed Hat would like to thank Adam Zabrocki for reporting the CVE-2009-3604\nissue, and Chris Rohlf for reporting the CVE-2009-3608 issue.\n\nUsers are advised to upgrade to this updated package, which contains a\nbackported patch to correct these issues.\";\n\ntag_solution = \"Please note that this update is available via\nRed Hat Network. To use Red Hat Network, launch the Red\nHat Update Agent with the following command: up2date\";\n\n\n\nif(description)\n{\n script_id(66013);\n script_version(\"$Revision: 6683 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-12 11:41:57 +0200 (Wed, 12 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-19 21:50:22 +0200 (Mon, 19 Oct 2009)\");\n script_cve_id(\"CVE-2009-0791\", \"CVE-2009-1188\", \"CVE-2009-3604\", \"CVE-2009-3606\", \"CVE-2009-3608\", \"CVE-2009-3609\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"RedHat Security Advisory RHSA-2009:1501\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"http://rhn.redhat.com/errata/RHSA-2009-1501.html\");\n script_xref(name : \"URL\" , value : \"http://www.redhat.com/security/updates/classification/#important\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"xpdf\", rpm:\"xpdf~3.00~22.el4_8.1\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xpdf-debuginfo\", rpm:\"xpdf-debuginfo~3.00~22.el4_8.1\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-06T11:38:59", "description": "The remote host is missing updates announced in\nadvisory RHSA-2009:1501.\n\nXpdf is an X Window System based viewer for Portable Document Format (PDF)\nfiles.\n\nMultiple integer overflow flaws were found in Xpdf. An attacker could\ncreate a malicious PDF file that would cause Xpdf to crash or, potentially,\nexecute arbitrary code when opened. (CVE-2009-0791, CVE-2009-1188,\nCVE-2009-3604, CVE-2009-3606, CVE-2009-3608, CVE-2009-3609)\n\nRed Hat would like to thank Adam Zabrocki for reporting the CVE-2009-3604\nissue, and Chris Rohlf for reporting the CVE-2009-3608 issue.\n\nUsers are advised to upgrade to this updated package, which contains a\nbackported patch to correct these issues.", "cvss3": {}, "published": "2009-10-19T00:00:00", "type": "openvas", "title": "RedHat Security Advisory RHSA-2009:1501", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-3608", "CVE-2009-1188", "CVE-2009-0791", "CVE-2009-3606", "CVE-2009-3604", "CVE-2009-3609"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:136141256231066013", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231066013", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: RHSA_2009_1501.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory RHSA-2009:1501 ()\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates announced in\nadvisory RHSA-2009:1501.\n\nXpdf is an X Window System based viewer for Portable Document Format (PDF)\nfiles.\n\nMultiple integer overflow flaws were found in Xpdf. An attacker could\ncreate a malicious PDF file that would cause Xpdf to crash or, potentially,\nexecute arbitrary code when opened. (CVE-2009-0791, CVE-2009-1188,\nCVE-2009-3604, CVE-2009-3606, CVE-2009-3608, CVE-2009-3609)\n\nRed Hat would like to thank Adam Zabrocki for reporting the CVE-2009-3604\nissue, and Chris Rohlf for reporting the CVE-2009-3608 issue.\n\nUsers are advised to upgrade to this updated package, which contains a\nbackported patch to correct these issues.\";\n\ntag_solution = \"Please note that this update is available via\nRed Hat Network. To use Red Hat Network, launch the Red\nHat Update Agent with the following command: up2date\";\n\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.66013\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-19 21:50:22 +0200 (Mon, 19 Oct 2009)\");\n script_cve_id(\"CVE-2009-0791\", \"CVE-2009-1188\", \"CVE-2009-3604\", \"CVE-2009-3606\", \"CVE-2009-3608\", \"CVE-2009-3609\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"RedHat Security Advisory RHSA-2009:1501\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"http://rhn.redhat.com/errata/RHSA-2009-1501.html\");\n script_xref(name : \"URL\" , value : \"http://www.redhat.com/security/updates/classification/#important\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"xpdf\", rpm:\"xpdf~3.00~22.el4_8.1\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xpdf-debuginfo\", rpm:\"xpdf-debuginfo~3.00~22.el4_8.1\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-06T11:38:10", "description": "The remote host is missing updates announced in\nadvisory RHSA-2009:1502.\n\nThe kdegraphics packages contain applications for the K Desktop\nEnvironment, including KPDF, a viewer for Portable Document Format (PDF)\nfiles.\n\nMultiple integer overflow flaws were found in KPDF. An attacker could\ncreate a malicious PDF file that would cause KPDF to crash or, potentially,\nexecute arbitrary code when opened. (CVE-2009-0791, CVE-2009-1188,\nCVE-2009-3604, CVE-2009-3606, CVE-2009-3608, CVE-2009-3609)\n\nRed Hat would like to thank Adam Zabrocki for reporting the CVE-2009-3604\nissue, and Chris Rohlf for reporting the CVE-2009-3608 issue.\n\nUsers are advised to upgrade to these updated packages, which contain a\nbackported patch to resolve these issues.", "cvss3": {}, "published": "2009-10-19T00:00:00", "type": "openvas", "title": "RedHat Security Advisory RHSA-2009:1502", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-3608", "CVE-2009-1188", "CVE-2009-0791", "CVE-2009-3606", "CVE-2009-3604", "CVE-2009-3609"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:136141256231066014", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231066014", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: RHSA_2009_1502.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory RHSA-2009:1502 ()\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates announced in\nadvisory RHSA-2009:1502.\n\nThe kdegraphics packages contain applications for the K Desktop\nEnvironment, including KPDF, a viewer for Portable Document Format (PDF)\nfiles.\n\nMultiple integer overflow flaws were found in KPDF. An attacker could\ncreate a malicious PDF file that would cause KPDF to crash or, potentially,\nexecute arbitrary code when opened. (CVE-2009-0791, CVE-2009-1188,\nCVE-2009-3604, CVE-2009-3606, CVE-2009-3608, CVE-2009-3609)\n\nRed Hat would like to thank Adam Zabrocki for reporting the CVE-2009-3604\nissue, and Chris Rohlf for reporting the CVE-2009-3608 issue.\n\nUsers are advised to upgrade to these updated packages, which contain a\nbackported patch to resolve these issues.\";\n\ntag_solution = \"Please note that this update is available via\nRed Hat Network. To use Red Hat Network, launch the Red\nHat Update Agent with the following command: up2date\";\n\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.66014\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-19 21:50:22 +0200 (Mon, 19 Oct 2009)\");\n script_cve_id(\"CVE-2009-0791\", \"CVE-2009-1188\", \"CVE-2009-3604\", \"CVE-2009-3606\", \"CVE-2009-3608\", \"CVE-2009-3609\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"RedHat Security Advisory RHSA-2009:1502\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"http://rhn.redhat.com/errata/RHSA-2009-1502.html\");\n script_xref(name : \"URL\" , value : \"http://www.redhat.com/security/updates/classification/#important\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"kdegraphics\", rpm:\"kdegraphics~3.5.4~15.el5_4.2\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kdegraphics-debuginfo\", rpm:\"kdegraphics-debuginfo~3.5.4~15.el5_4.2\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kdegraphics-devel\", rpm:\"kdegraphics-devel~3.5.4~15.el5_4.2\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-06T11:40:33", "description": "The remote host is missing updates to kdegraphics announced in\nadvisory CESA-2009:1502.", "cvss3": {}, "published": "2009-11-11T00:00:00", "type": "openvas", "title": "CentOS Security Advisory CESA-2009:1502 (kdegraphics)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-3608", "CVE-2009-1188", "CVE-2009-0791", "CVE-2009-3606", "CVE-2009-3604", "CVE-2009-3609"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:136141256231066167", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231066167", "sourceData": "#CESA-2009:1502 66167 2\n# $Id: ovcesa2009_1502.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory CESA-2009:1502 (kdegraphics)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"For details on the issues addressed in this update,\nplease visit the referenced security advisories.\";\ntag_solution = \"Update the appropriate packages on your system.\n\nhttp://www.securityspace.com/smysecure/catid.html?in=CESA-2009:1502\nhttp://www.securityspace.com/smysecure/catid.html?in=RHSA-2009:1502\nhttps://rhn.redhat.com/errata/RHSA-2009-1502.html\";\ntag_summary = \"The remote host is missing updates to kdegraphics announced in\nadvisory CESA-2009:1502.\";\n\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.66167\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-11-11 15:56:44 +0100 (Wed, 11 Nov 2009)\");\n script_cve_id(\"CVE-2009-0791\", \"CVE-2009-1188\", \"CVE-2009-3604\", \"CVE-2009-3606\", \"CVE-2009-3608\", \"CVE-2009-3609\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"CentOS Security Advisory CESA-2009:1502 (kdegraphics)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"kdegraphics\", rpm:\"kdegraphics~3.5.4~15.el5_4.2\", rls:\"CentOS5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kdegraphics-devel\", rpm:\"kdegraphics-devel~3.5.4~15.el5_4.2\", rls:\"CentOS5\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-27T10:55:58", "description": "The remote host is missing updates announced in\nadvisory RHSA-2009:1502.\n\nThe kdegraphics packages contain applications for the K Desktop\nEnvironment, including KPDF, a viewer for Portable Document Format (PDF)\nfiles.\n\nMultiple integer overflow flaws were found in KPDF. An attacker could\ncreate a malicious PDF file that would cause KPDF to crash or, potentially,\nexecute arbitrary code when opened. (CVE-2009-0791, CVE-2009-1188,\nCVE-2009-3604, CVE-2009-3606, CVE-2009-3608, CVE-2009-3609)\n\nRed Hat would like to thank Adam Zabrocki for reporting the CVE-2009-3604\nissue, and Chris Rohlf for reporting the CVE-2009-3608 issue.\n\nUsers are advised to upgrade to these updated packages, which contain a\nbackported patch to resolve these issues.", "cvss3": {}, "published": "2009-10-19T00:00:00", "type": "openvas", "title": "RedHat Security Advisory RHSA-2009:1502", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-3608", "CVE-2009-1188", "CVE-2009-0791", "CVE-2009-3606", "CVE-2009-3604", "CVE-2009-3609"], "modified": "2017-07-12T00:00:00", "id": "OPENVAS:66014", "href": "http://plugins.openvas.org/nasl.php?oid=66014", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: RHSA_2009_1502.nasl 6683 2017-07-12 09:41:57Z cfischer $\n# Description: Auto-generated from advisory RHSA-2009:1502 ()\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates announced in\nadvisory RHSA-2009:1502.\n\nThe kdegraphics packages contain applications for the K Desktop\nEnvironment, including KPDF, a viewer for Portable Document Format (PDF)\nfiles.\n\nMultiple integer overflow flaws were found in KPDF. An attacker could\ncreate a malicious PDF file that would cause KPDF to crash or, potentially,\nexecute arbitrary code when opened. (CVE-2009-0791, CVE-2009-1188,\nCVE-2009-3604, CVE-2009-3606, CVE-2009-3608, CVE-2009-3609)\n\nRed Hat would like to thank Adam Zabrocki for reporting the CVE-2009-3604\nissue, and Chris Rohlf for reporting the CVE-2009-3608 issue.\n\nUsers are advised to upgrade to these updated packages, which contain a\nbackported patch to resolve these issues.\";\n\ntag_solution = \"Please note that this update is available via\nRed Hat Network. To use Red Hat Network, launch the Red\nHat Update Agent with the following command: up2date\";\n\n\n\nif(description)\n{\n script_id(66014);\n script_version(\"$Revision: 6683 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-12 11:41:57 +0200 (Wed, 12 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-19 21:50:22 +0200 (Mon, 19 Oct 2009)\");\n script_cve_id(\"CVE-2009-0791\", \"CVE-2009-1188\", \"CVE-2009-3604\", \"CVE-2009-3606\", \"CVE-2009-3608\", \"CVE-2009-3609\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"RedHat Security Advisory RHSA-2009:1502\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"http://rhn.redhat.com/errata/RHSA-2009-1502.html\");\n script_xref(name : \"URL\" , value : \"http://www.redhat.com/security/updates/classification/#important\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"kdegraphics\", rpm:\"kdegraphics~3.5.4~15.el5_4.2\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kdegraphics-debuginfo\", rpm:\"kdegraphics-debuginfo~3.5.4~15.el5_4.2\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kdegraphics-devel\", rpm:\"kdegraphics-devel~3.5.4~15.el5_4.2\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-25T10:55:41", "description": "Check for the Version of kdegraphics", "cvss3": {}, "published": "2011-08-09T00:00:00", "type": "openvas", "title": "CentOS Update for kdegraphics CESA-2009:1502 centos5 i386", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-3608", "CVE-2009-1188", "CVE-2009-0791", "CVE-2009-3606", "CVE-2009-3604", "CVE-2009-3609"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:880758", "href": "http://plugins.openvas.org/nasl.php?oid=880758", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for kdegraphics CESA-2009:1502 centos5 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The kdegraphics packages contain applications for the K Desktop\n Environment, including KPDF, a viewer for Portable Document Format (PDF)\n files.\n\n Multiple integer overflow flaws were found in KPDF. An attacker could\n create a malicious PDF file that would cause KPDF to crash or, potentially,\n execute arbitrary code when opened. (CVE-2009-0791, CVE-2009-1188,\n CVE-2009-3604, CVE-2009-3606, CVE-2009-3608, CVE-2009-3609)\n \n Red Hat would like to thank Adam Zabrocki for reporting the CVE-2009-3604\n issue, and Chris Rohlf for reporting the CVE-2009-3608 issue.\n \n Users are advised to upgrade to these updated packages, which contain a\n backported patch to resolve these issues.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"kdegraphics on CentOS 5\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2009-October/016232.html\");\n script_id(880758);\n script_version(\"$Revision: 6653 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 13:46:53 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-08-09 08:20:34 +0200 (Tue, 09 Aug 2011)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"CESA\", value: \"2009:1502\");\n script_cve_id(\"CVE-2009-0791\", \"CVE-2009-1188\", \"CVE-2009-3604\", \"CVE-2009-3606\", \"CVE-2009-3608\", \"CVE-2009-3609\");\n script_name(\"CentOS Update for kdegraphics CESA-2009:1502 centos5 i386\");\n\n script_summary(\"Check for the Version of kdegraphics\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"kdegraphics\", rpm:\"kdegraphics~3.5.4~15.el5_4.2\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kdegraphics-devel\", rpm:\"kdegraphics-devel~3.5.4~15.el5_4.2\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:39:59", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2011-08-09T00:00:00", "type": "openvas", "title": "CentOS Update for xpdf CESA-2009:1501 centos4 i386", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-3608", "CVE-2009-1188", "CVE-2009-0791", "CVE-2009-3606", "CVE-2009-3604", "CVE-2009-3609"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310880912", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310880912", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for xpdf CESA-2009:1501 centos4 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2009-October/016190.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.880912\");\n script_version(\"$Revision: 14222 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 13:50:48 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-08-09 08:20:34 +0200 (Tue, 09 Aug 2011)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name:\"CESA\", value:\"2009:1501\");\n script_cve_id(\"CVE-2009-0791\", \"CVE-2009-1188\", \"CVE-2009-3604\", \"CVE-2009-3606\", \"CVE-2009-3608\", \"CVE-2009-3609\");\n script_name(\"CentOS Update for xpdf CESA-2009:1501 centos4 i386\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'xpdf'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS4\");\n script_tag(name:\"affected\", value:\"xpdf on CentOS 4\");\n script_tag(name:\"insight\", value:\"Xpdf is an X Window System based viewer for Portable Document Format (PDF)\n files.\n\n Multiple integer overflow flaws were found in Xpdf. An attacker could\n create a malicious PDF file that would cause Xpdf to crash or, potentially,\n execute arbitrary code when opened. (CVE-2009-0791, CVE-2009-1188,\n CVE-2009-3604, CVE-2009-3606, CVE-2009-3608, CVE-2009-3609)\n\n Red Hat would like to thank Adam Zabrocki for reporting the CVE-2009-3604\n issue, and Chris Rohlf for reporting the CVE-2009-3608 issue.\n\n Users are advised to upgrade to this updated package, which contains a\n backported patch to correct these issues.\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS4\")\n{\n\n if ((res = isrpmvuln(pkg:\"xpdf\", rpm:\"xpdf~3.00~22.el4_8.1\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2017-07-25T10:57:11", "description": "The remote host is missing updates to kdegraphics announced in\nadvisory CESA-2009:1502.", "cvss3": {}, "published": "2009-11-11T00:00:00", "type": "openvas", "title": "CentOS Security Advisory CESA-2009:1502 (kdegraphics)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-3608", "CVE-2009-1188", "CVE-2009-0791", "CVE-2009-3606", "CVE-2009-3604", "CVE-2009-3609"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:66167", "href": "http://plugins.openvas.org/nasl.php?oid=66167", "sourceData": "#CESA-2009:1502 66167 2\n# $Id: ovcesa2009_1502.nasl 6650 2017-07-10 11:43:12Z cfischer $\n# Description: Auto-generated from advisory CESA-2009:1502 (kdegraphics)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"For details on the issues addressed in this update,\nplease visit the referenced security advisories.\";\ntag_solution = \"Update the appropriate packages on your system.\n\nhttp://www.securityspace.com/smysecure/catid.html?in=CESA-2009:1502\nhttp://www.securityspace.com/smysecure/catid.html?in=RHSA-2009:1502\nhttps://rhn.redhat.com/errata/RHSA-2009-1502.html\";\ntag_summary = \"The remote host is missing updates to kdegraphics announced in\nadvisory CESA-2009:1502.\";\n\n\n\nif(description)\n{\n script_id(66167);\n script_version(\"$Revision: 6650 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 13:43:12 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-11-11 15:56:44 +0100 (Wed, 11 Nov 2009)\");\n script_cve_id(\"CVE-2009-0791\", \"CVE-2009-1188\", \"CVE-2009-3604\", \"CVE-2009-3606\", \"CVE-2009-3608\", \"CVE-2009-3609\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"CentOS Security Advisory CESA-2009:1502 (kdegraphics)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"kdegraphics\", rpm:\"kdegraphics~3.5.4~15.el5_4.2\", rls:\"CentOS5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kdegraphics-devel\", rpm:\"kdegraphics-devel~3.5.4~15.el5_4.2\", rls:\"CentOS5\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-25T10:56:20", "description": "The remote host is missing updates to xpdf announced in\nadvisory CESA-2009:1501.", "cvss3": {}, "published": "2009-10-19T00:00:00", "type": "openvas", "title": "CentOS Security Advisory CESA-2009:1501 (xpdf)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-3608", "CVE-2009-1188", "CVE-2009-0791", "CVE-2009-3606", "CVE-2009-3604", "CVE-2009-3609"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:66067", "href": "http://plugins.openvas.org/nasl.php?oid=66067", "sourceData": "#CESA-2009:1501 66067 2\n# $Id: ovcesa2009_1501.nasl 6650 2017-07-10 11:43:12Z cfischer $\n# Description: Auto-generated from advisory CESA-2009:1501 (xpdf)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"For details on the issues addressed in this update,\nplease visit the referenced security advisories.\";\ntag_solution = \"Update the appropriate packages on your system.\n\nhttp://www.securityspace.com/smysecure/catid.html?in=CESA-2009:1501\nhttp://www.securityspace.com/smysecure/catid.html?in=RHSA-2009:1501\";\ntag_summary = \"The remote host is missing updates to xpdf announced in\nadvisory CESA-2009:1501.\";\n\n\n\nif(description)\n{\n script_id(66067);\n script_version(\"$Revision: 6650 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 13:43:12 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-19 21:50:22 +0200 (Mon, 19 Oct 2009)\");\n script_cve_id(\"CVE-2009-0791\", \"CVE-2009-1188\", \"CVE-2009-3604\", \"CVE-2009-3606\", \"CVE-2009-3608\", \"CVE-2009-3609\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"CentOS Security Advisory CESA-2009:1501 (xpdf)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"xpdf\", rpm:\"xpdf~3.00~22.el4_8.1\", rls:\"CentOS4\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-25T10:55:51", "description": "Check for the Version of xpdf", "cvss3": {}, "published": "2011-08-09T00:00:00", "type": "openvas", "title": "CentOS Update for xpdf CESA-2009:1501 centos4 i386", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-3608", "CVE-2009-1188", "CVE-2009-0791", "CVE-2009-3606", "CVE-2009-3604", "CVE-2009-3609"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:880912", "href": "http://plugins.openvas.org/nasl.php?oid=880912", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for xpdf CESA-2009:1501 centos4 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Xpdf is an X Window System based viewer for Portable Document Format (PDF)\n files.\n\n Multiple integer overflow flaws were found in Xpdf. An attacker could\n create a malicious PDF file that would cause Xpdf to crash or, potentially,\n execute arbitrary code when opened. (CVE-2009-0791, CVE-2009-1188,\n CVE-2009-3604, CVE-2009-3606, CVE-2009-3608, CVE-2009-3609)\n \n Red Hat would like to thank Adam Zabrocki for reporting the CVE-2009-3604\n issue, and Chris Rohlf for reporting the CVE-2009-3608 issue.\n \n Users are advised to upgrade to this updated package, which contains a\n backported patch to correct these issues.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"xpdf on CentOS 4\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2009-October/016190.html\");\n script_id(880912);\n script_version(\"$Revision: 6653 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 13:46:53 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-08-09 08:20:34 +0200 (Tue, 09 Aug 2011)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"CESA\", value: \"2009:1501\");\n script_cve_id(\"CVE-2009-0791\", \"CVE-2009-1188\", \"CVE-2009-3604\", \"CVE-2009-3606\", \"CVE-2009-3608\", \"CVE-2009-3609\");\n script_name(\"CentOS Update for xpdf CESA-2009:1501 centos4 i386\");\n\n script_summary(\"Check for the Version of xpdf\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS4\")\n{\n\n if ((res = isrpmvuln(pkg:\"xpdf\", rpm:\"xpdf~3.00~22.el4_8.1\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-06T11:38:10", "description": "The remote host is missing an update to poppler\nannounced via advisory MDVSA-2009:334.", "cvss3": {}, "published": "2009-12-30T00:00:00", "type": "openvas", "title": "Mandriva Security Advisory MDVSA-2009:334 (poppler)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-3608", "CVE-2009-0791", "CVE-2009-3605", "CVE-2009-3609"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:136141256231066544", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231066544", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: mdksa_2009_334.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory MDVSA-2009:334 (poppler)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Affected: Corporate 4.0\";\ntag_solution = \"To upgrade automatically use MandrakeUpdate or urpmi. The verification\nof md5 checksums and GPG signatures is performed automatically for you.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=MDVSA-2009:334\";\ntag_summary = \"The remote host is missing an update to poppler\nannounced via advisory MDVSA-2009:334.\";\n\n \n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.66544\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-12-30 21:58:43 +0100 (Wed, 30 Dec 2009)\");\n script_cve_id(\"CVE-2009-0791\", \"CVE-2009-3605\", \"CVE-2009-3608\", \"CVE-2009-3609\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"Mandriva Security Advisory MDVSA-2009:334 (poppler)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"libpoppler0\", rpm:\"libpoppler0~0.4.1~3.10.20060mlcs4\", rls:\"MNDK_4.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libpoppler0-devel\", rpm:\"libpoppler0-devel~0.4.1~3.10.20060mlcs4\", rls:\"MNDK_4.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libpoppler-qt0\", rpm:\"libpoppler-qt0~0.4.1~3.10.20060mlcs4\", rls:\"MNDK_4.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libpoppler-qt0-devel\", rpm:\"libpoppler-qt0-devel~0.4.1~3.10.20060mlcs4\", rls:\"MNDK_4.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64poppler0\", rpm:\"lib64poppler0~0.4.1~3.10.20060mlcs4\", rls:\"MNDK_4.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64poppler0-devel\", rpm:\"lib64poppler0-devel~0.4.1~3.10.20060mlcs4\", rls:\"MNDK_4.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64poppler-qt0\", rpm:\"lib64poppler-qt0~0.4.1~3.10.20060mlcs4\", rls:\"MNDK_4.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64poppler-qt0-devel\", rpm:\"lib64poppler-qt0-devel~0.4.1~3.10.20060mlcs4\", rls:\"MNDK_4.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-24T12:56:23", "description": "The remote host is missing an update to poppler\nannounced via advisory MDVSA-2009:334.", "cvss3": {}, "published": "2009-12-30T00:00:00", "type": "openvas", "title": "Mandriva Security Advisory MDVSA-2009:334 (poppler)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-3608", "CVE-2009-0791", "CVE-2009-3605", "CVE-2009-3609"], "modified": "2017-07-07T00:00:00", "id": "OPENVAS:66544", "href": "http://plugins.openvas.org/nasl.php?oid=66544", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: mdksa_2009_334.nasl 6587 2017-07-07 06:35:35Z cfischer $\n# Description: Auto-generated from advisory MDVSA-2009:334 (poppler)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Affected: Corporate 4.0\";\ntag_solution = \"To upgrade automatically use MandrakeUpdate or urpmi. The verification\nof md5 checksums and GPG signatures is performed automatically for you.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=MDVSA-2009:334\";\ntag_summary = \"The remote host is missing an update to poppler\nannounced via advisory MDVSA-2009:334.\";\n\n \n\nif(description)\n{\n script_id(66544);\n script_version(\"$Revision: 6587 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 08:35:35 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-12-30 21:58:43 +0100 (Wed, 30 Dec 2009)\");\n script_cve_id(\"CVE-2009-0791\", \"CVE-2009-3605\", \"CVE-2009-3608\", \"CVE-2009-3609\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"Mandriva Security Advisory MDVSA-2009:334 (poppler)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"libpoppler0\", rpm:\"libpoppler0~0.4.1~3.10.20060mlcs4\", rls:\"MNDK_4.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libpoppler0-devel\", rpm:\"libpoppler0-devel~0.4.1~3.10.20060mlcs4\", rls:\"MNDK_4.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libpoppler-qt0\", rpm:\"libpoppler-qt0~0.4.1~3.10.20060mlcs4\", rls:\"MNDK_4.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libpoppler-qt0-devel\", rpm:\"libpoppler-qt0-devel~0.4.1~3.10.20060mlcs4\", rls:\"MNDK_4.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64poppler0\", rpm:\"lib64poppler0~0.4.1~3.10.20060mlcs4\", rls:\"MNDK_4.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64poppler0-devel\", rpm:\"lib64poppler0-devel~0.4.1~3.10.20060mlcs4\", rls:\"MNDK_4.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64poppler-qt0\", rpm:\"lib64poppler-qt0~0.4.1~3.10.20060mlcs4\", rls:\"MNDK_4.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64poppler-qt0-devel\", rpm:\"lib64poppler-qt0-devel~0.4.1~3.10.20060mlcs4\", rls:\"MNDK_4.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-25T10:56:24", "description": "The remote host is missing updates to xpdf announced in\nadvisory CESA-2009:1500.", "cvss3": {}, "published": "2009-10-19T00:00:00", "type": "openvas", "title": "CentOS Security Advisory CESA-2009:1500 (xpdf)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-0791", "CVE-2009-3606", "CVE-2009-3604", "CVE-2009-3609"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:66066", "href": "http://plugins.openvas.org/nasl.php?oid=66066", "sourceData": "#CESA-2009:1500 66066 2\n# $Id: ovcesa2009_1500.nasl 6650 2017-07-10 11:43:12Z cfischer $\n# Description: Auto-generated from advisory CESA-2009:1500 (xpdf)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"For details on the issues addressed in this update,\nplease visit the referenced security advisories.\";\ntag_solution = \"Update the appropriate packages on your system.\n\nhttp://www.securityspace.com/smysecure/catid.html?in=CESA-2009:1500\nhttp://www.securityspace.com/smysecure/catid.html?in=RHSA-2009:1500\nhttps://rhn.redhat.com/errata/RHSA-2009-1500.html\";\ntag_summary = \"The remote host is missing updates to xpdf announced in\nadvisory CESA-2009:1500.\";\n\n\n\nif(description)\n{\n script_id(66066);\n script_version(\"$Revision: 6650 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 13:43:12 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-19 21:50:22 +0200 (Mon, 19 Oct 2009)\");\n script_cve_id(\"CVE-2009-0791\", \"CVE-2009-3604\", \"CVE-2009-3606\", \"CVE-2009-3609\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"CentOS Security Advisory CESA-2009:1500 (xpdf)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"xpdf\", rpm:\"xpdf~2.02~17.el3\", rls:\"CentOS3\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:39:51", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2011-08-09T00:00:00", "type": "openvas", "title": "CentOS Update for xpdf CESA-2009:1500 centos3 i386", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-0791", "CVE-2009-3606", "CVE-2009-3604", "CVE-2009-3609"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310880700", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310880700", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for xpdf CESA-2009:1500 centos3 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2009-October/016188.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.880700\");\n script_version(\"$Revision: 14222 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 13:50:48 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-08-09 08:20:34 +0200 (Tue, 09 Aug 2011)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name:\"CESA\", value:\"2009:1500\");\n script_cve_id(\"CVE-2009-0791\", \"CVE-2009-3604\", \"CVE-2009-3606\", \"CVE-2009-3609\");\n script_name(\"CentOS Update for xpdf CESA-2009:1500 centos3 i386\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'xpdf'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS3\");\n script_tag(name:\"affected\", value:\"xpdf on CentOS 3\");\n script_tag(name:\"insight\", value:\"Xpdf is an X Window System based viewer for Portable Document Format (PDF)\n files.\n\n Multiple integer overflow flaws were found in Xpdf. An attacker could\n create a malicious PDF file that would cause Xpdf to crash or, potentially,\n execute arbitrary code when opened. (CVE-2009-0791, CVE-2009-3604,\n CVE-2009-3606, CVE-2009-3609)\n\n Red Hat would like to thank Adam Zabrocki for reporting the CVE-2009-3604\n issue.\n\n Users are advised to upgrade to this updated package, which contains a\n backported patch to correct these issues.\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS3\")\n{\n\n if ((res = isrpmvuln(pkg:\"xpdf\", rpm:\"xpdf~2.02~17.el3\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2018-04-06T11:40:41", "description": "The remote host is missing updates announced in\nadvisory RHSA-2009:1500.\n\nXpdf is an X Window System based viewer for Portable Document Format (PDF)\nfiles.\n\nMultiple integer overflow flaws were found in Xpdf. An attacker could\ncreate a malicious PDF file that would cause Xpdf to crash or, potentially,\nexecute arbitrary code when opened. (CVE-2009-0791, CVE-2009-3604,\nCVE-2009-3606, CVE-2009-3609)\n\nRed Hat would like to thank Adam Zabrocki for reporting the CVE-2009-3604\nissue.\n\nUsers are advised to upgrade to this updated package, which contains a\nbackported patch to correct these issues.", "cvss3": {}, "published": "2009-10-19T00:00:00", "type": "openvas", "title": "RedHat Security Advisory RHSA-2009:1500", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-0791", "CVE-2009-3606", "CVE-2009-3604", "CVE-2009-3609"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:136141256231066012", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231066012", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: RHSA_2009_1500.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory RHSA-2009:1500 ()\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates announced in\nadvisory RHSA-2009:1500.\n\nXpdf is an X Window System based viewer for Portable Document Format (PDF)\nfiles.\n\nMultiple integer overflow flaws were found in Xpdf. An attacker could\ncreate a malicious PDF file that would cause Xpdf to crash or, potentially,\nexecute arbitrary code when opened. (CVE-2009-0791, CVE-2009-3604,\nCVE-2009-3606, CVE-2009-3609)\n\nRed Hat would like to thank Adam Zabrocki for reporting the CVE-2009-3604\nissue.\n\nUsers are advised to upgrade to this updated package, which contains a\nbackported patch to correct these issues.\";\n\ntag_solution = \"Please note that this update is available via\nRed Hat Network. To use Red Hat Network, launch the Red\nHat Update Agent with the following command: up2date\";\n\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.66012\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-19 21:50:22 +0200 (Mon, 19 Oct 2009)\");\n script_cve_id(\"CVE-2009-0791\", \"CVE-2009-3604\", \"CVE-2009-3606\", \"CVE-2009-3609\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"RedHat Security Advisory RHSA-2009:1500\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"http://rhn.redhat.com/errata/RHSA-2009-1500.html\");\n script_xref(name : \"URL\" , value : \"http://www.redhat.com/security/updates/classification/#important\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"xpdf\", rpm:\"xpdf~2.02~17.el3\", rls:\"RHENT_3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xpdf-debuginfo\", rpm:\"xpdf-debuginfo~2.02~17.el3\", rls:\"RHENT_3\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-25T10:55:56", "description": "Check for the Version of xpdf", "cvss3": {}, "published": "2011-08-09T00:00:00", "type": "openvas", "title": "CentOS Update for xpdf CESA-2009:1500 centos3 i386", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-0791", "CVE-2009-3606", "CVE-2009-3604", "CVE-2009-3609"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:880700", "href": "http://plugins.openvas.org/nasl.php?oid=880700", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for xpdf CESA-2009:1500 centos3 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Xpdf is an X Window System based viewer for Portable Document Format (PDF)\n files.\n\n Multiple integer overflow flaws were found in Xpdf. An attacker could\n create a malicious PDF file that would cause Xpdf to crash or, potentially,\n execute arbitrary code when opened. (CVE-2009-0791, CVE-2009-3604,\n CVE-2009-3606, CVE-2009-3609)\n \n Red Hat would like to thank Adam Zabrocki for reporting the CVE-2009-3604\n issue.\n \n Users are advised to upgrade to this updated package, which contains a\n backported patch to correct these issues.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"xpdf on CentOS 3\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2009-October/016188.html\");\n script_id(880700);\n script_version(\"$Revision: 6653 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 13:46:53 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-08-09 08:20:34 +0200 (Tue, 09 Aug 2011)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"CESA\", value: \"2009:1500\");\n script_cve_id(\"CVE-2009-0791\", \"CVE-2009-3604\", \"CVE-2009-3606\", \"CVE-2009-3609\");\n script_name(\"CentOS Update for xpdf CESA-2009:1500 centos3 i386\");\n\n script_summary(\"Check for the Version of xpdf\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS3\")\n{\n\n if ((res = isrpmvuln(pkg:\"xpdf\", rpm:\"xpdf~2.02~17.el3\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-06T11:38:16", "description": "The remote host is missing updates to xpdf announced in\nadvisory CESA-2009:1500.", "cvss3": {}, "published": "2009-10-19T00:00:00", "type": "openvas", "title": "CentOS Security Advisory CESA-2009:1500 (xpdf)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-0791", "CVE-2009-3606", "CVE-2009-3604", "CVE-2009-3609"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:136141256231066066", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231066066", "sourceData": "#CESA-2009:1500 66066 2\n# $Id: ovcesa2009_1500.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory CESA-2009:1500 (xpdf)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"For details on the issues addressed in this update,\nplease visit the referenced security advisories.\";\ntag_solution = \"Update the appropriate packages on your system.\n\nhttp://www.securityspace.com/smysecure/catid.html?in=CESA-2009:1500\nhttp://www.securityspace.com/smysecure/catid.html?in=RHSA-2009:1500\nhttps://rhn.redhat.com/errata/RHSA-2009-1500.html\";\ntag_summary = \"The remote host is missing updates to xpdf announced in\nadvisory CESA-2009:1500.\";\n\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.66066\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-19 21:50:22 +0200 (Mon, 19 Oct 2009)\");\n script_cve_id(\"CVE-2009-0791\", \"CVE-2009-3604\", \"CVE-2009-3606\", \"CVE-2009-3609\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"CentOS Security Advisory CESA-2009:1500 (xpdf)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"xpdf\", rpm:\"xpdf~2.02~17.el3\", rls:\"CentOS3\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-27T10:56:51", "description": "The remote host is missing updates announced in\nadvisory RHSA-2009:1500.\n\nXpdf is an X Window System based viewer for Portable Document Format (PDF)\nfiles.\n\nMultiple integer overflow flaws were found in Xpdf. An attacker could\ncreate a malicious PDF file that would cause Xpdf to crash or, potentially,\nexecute arbitrary code when opened. (CVE-2009-0791, CVE-2009-3604,\nCVE-2009-3606, CVE-2009-3609)\n\nRed Hat would like to thank Adam Zabrocki for reporting the CVE-2009-3604\nissue.\n\nUsers are advised to upgrade to this updated package, which contains a\nbackported patch to correct these issues.", "cvss3": {}, "published": "2009-10-19T00:00:00", "type": "openvas", "title": "RedHat Security Advisory RHSA-2009:1500", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-0791", "CVE-2009-3606", "CVE-2009-3604", "CVE-2009-3609"], "modified": "2017-07-12T00:00:00", "id": "OPENVAS:66012", "href": "http://plugins.openvas.org/nasl.php?oid=66012", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: RHSA_2009_1500.nasl 6683 2017-07-12 09:41:57Z cfischer $\n# Description: Auto-generated from advisory RHSA-2009:1500 ()\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates announced in\nadvisory RHSA-2009:1500.\n\nXpdf is an X Window System based viewer for Portable Document Format (PDF)\nfiles.\n\nMultiple integer overflow flaws were found in Xpdf. An attacker could\ncreate a malicious PDF file that would cause Xpdf to crash or, potentially,\nexecute arbitrary code when opened. (CVE-2009-0791, CVE-2009-3604,\nCVE-2009-3606, CVE-2009-3609)\n\nRed Hat would like to thank Adam Zabrocki for reporting the CVE-2009-3604\nissue.\n\nUsers are advised to upgrade to this updated package, which contains a\nbackported patch to correct these issues.\";\n\ntag_solution = \"Please note that this update is available via\nRed Hat Network. To use Red Hat Network, launch the Red\nHat Update Agent with the following command: up2date\";\n\n\n\nif(description)\n{\n script_id(66012);\n script_version(\"$Revision: 6683 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-12 11:41:57 +0200 (Wed, 12 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-19 21:50:22 +0200 (Mon, 19 Oct 2009)\");\n script_cve_id(\"CVE-2009-0791\", \"CVE-2009-3604\", \"CVE-2009-3606\", \"CVE-2009-3609\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"RedHat Security Advisory RHSA-2009:1500\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"http://rhn.redhat.com/errata/RHSA-2009-1500.html\");\n script_xref(name : \"URL\" , value : \"http://www.redhat.com/security/updates/classification/#important\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"xpdf\", rpm:\"xpdf~2.02~17.el3\", rls:\"RHENT_3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xpdf-debuginfo\", rpm:\"xpdf-debuginfo~2.02~17.el3\", rls:\"RHENT_3\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-06T11:38:33", "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n neon\n\n\nMore details may also be found by searching for the SuSE\nEnterprise Server 10 patch database located at\nhttp://download.novell.com/patch/finder/", "cvss3": {}, "published": "2009-11-11T00:00:00", "type": "openvas", "title": "SLES10: Security update for neon", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-2408", "CVE-2009-2473"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:136141256231066235", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231066235", "sourceData": "#\n#VID slesp2-neon-6548\n# OpenVAS Vulnerability Test\n# $\n# Description: Security update for neon\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n neon\n\n\nMore details may also be found by searching for the SuSE\nEnterprise Server 10 patch database located at\nhttp://download.novell.com/patch/finder/\";\n\ntag_solution = \"Please install the updates provided by SuSE.\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.66235\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-11-11 15:56:44 +0100 (Wed, 11 Nov 2009)\");\n script_cve_id(\"CVE-2009-2408\", \"CVE-2009-2473\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_name(\"SLES10: Security update for neon\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse_sles\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"neon\", rpm:\"neon~0.24.7~20.8.1\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-04-06T11:37:13", "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n libneon27\n neon\n\n\nMore details may also be found by searching for the SuSE\nEnterprise Server 11 patch database located at\nhttp://download.novell.com/patch/finder/", "cvss3": {}, "published": "2009-11-11T00:00:00", "type": "openvas", "title": "SLES11: Security update for libneon", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-2408", "CVE-2009-2473"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:136141256231066225", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231066225", "sourceData": "#\n#VID db036d6c88b93b6c89d6d75d9b617dce\n# OpenVAS Vulnerability Test\n# $\n# Description: Security update for libneon\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n libneon27\n neon\n\n\nMore details may also be found by searching for the SuSE\nEnterprise Server 11 patch database located at\nhttp://download.novell.com/patch/finder/\";\n\ntag_solution = \"Please install the updates provided by SuSE.\";\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://bugzilla.novell.com/show_bug.cgi?id=528370\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.novell.com/show_bug.cgi?id=532345\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.66225\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-11-11 15:56:44 +0100 (Wed, 11 Nov 2009)\");\n script_cve_id(\"CVE-2009-2408\", \"CVE-2009-2473\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_name(\"SLES11: Security update for libneon\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse_sles\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"libneon27\", rpm:\"libneon27~0.28.3~2.12.1\", rls:\"SLES11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"neon\", rpm:\"neon~0.28.3~2.12.1\", rls:\"SLES11.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-26T08:55:39", "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n neon\n\n\nMore details may also be found by searching for the SuSE\nEnterprise Server 10 patch database located at\nhttp://download.novell.com/patch/finder/", "cvss3": {}, "published": "2009-11-11T00:00:00", "type": "openvas", "title": "SLES10: Security update for neon", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-2408", "CVE-2009-2473"], "modified": "2017-07-11T00:00:00", "id": "OPENVAS:66235", "href": "http://plugins.openvas.org/nasl.php?oid=66235", "sourceData": "#\n#VID slesp2-neon-6548\n# OpenVAS Vulnerability Test\n# $\n# Description: Security update for neon\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n neon\n\n\nMore details may also be found by searching for the SuSE\nEnterprise Server 10 patch database located at\nhttp://download.novell.com/patch/finder/\";\n\ntag_solution = \"Please install the updates provided by SuSE.\";\n\nif(description)\n{\n script_id(66235);\n script_version(\"$Revision: 6666 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-11 15:13:36 +0200 (Tue, 11 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-11-11 15:56:44 +0100 (Wed, 11 Nov 2009)\");\n script_cve_id(\"CVE-2009-2408\", \"CVE-2009-2473\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_name(\"SLES10: Security update for neon\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse_sles\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"neon\", rpm:\"neon~0.24.7~20.8.1\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-26T08:55:11", "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n libneon27\n neon\n\n\nMore details may also be found by searching for the SuSE\nEnterprise Server 11 patch database located at\nhttp://download.novell.com/patch/finder/", "cvss3": {}, "published": "2009-11-11T00:00:00", "type": "openvas", "title": "SLES11: Security update for libneon", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-2408", "CVE-2009-2473"], "modified": "2017-07-11T00:00:00", "id": "OPENVAS:66225", "href": "http://plugins.openvas.org/nasl.php?oid=66225", "sourceData": "#\n#VID db036d6c88b93b6c89d6d75d9b617dce\n# OpenVAS Vulnerability Test\n# $\n# Description: Security update for libneon\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n libneon27\n neon\n\n\nMore details may also be found by searching for the SuSE\nEnterprise Server 11 patch database located at\nhttp://download.novell.com/patch/finder/\";\n\ntag_solution = \"Please install the updates provided by SuSE.\";\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://bugzilla.novell.com/show_bug.cgi?id=528370\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.novell.com/show_bug.cgi?id=532345\");\n script_id(66225);\n script_version(\"$Revision: 6666 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-11 15:13:36 +0200 (Tue, 11 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-11-11 15:56:44 +0100 (Wed, 11 Nov 2009)\");\n script_cve_id(\"CVE-2009-2408\", \"CVE-2009-2473\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_name(\"SLES11: Security update for libneon\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse_sles\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"libneon27\", rpm:\"libneon27~0.28.3~2.12.1\", rls:\"SLES11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"neon\", rpm:\"neon~0.28.3~2.12.1\", rls:\"SLES11.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-27T10:55:44", "description": "The remote host is missing updates announced in\nadvisory RHSA-2009:1513.\n\nThe Common UNIX Printing System (CUPS) provides a portable printing layer\nfor UNIX operating systems. The CUPS pdftops filter converts Portable\nDocument Format (PDF) files to PostScript.\n\nTwo integer overflow flaws were found in the CUPS pdftops filter. An\nattacker could create a malicious PDF file that would cause pdftops to\ncrash or, potentially, execute arbitrary code as the lp user if the file\nwas printed. (CVE-2009-3608, CVE-2009-3609)\n\nRed Hat would like to thank Chris Rohlf for reporting the CVE-2009-3608\nissue.\n\nUsers of cups are advised to upgrade to these updated packages, which\ncontain a backported patch to correct these issues. After installing the\nupdate, the cupsd daemon will be restarted automatically.", "cvss3": {}, "published": "2009-10-19T00:00:00", "type": "openvas", "title": "RedHat Security Advisory RHSA-2009:1513", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-3608", "CVE-2009-3609"], "modified": "2017-07-12T00:00:00", "id": "OPENVAS:66018", "href": "http://plugins.openvas.org/nasl.php?oid=66018", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: RHSA_2009_1513.nasl 6683 2017-07-12 09:41:57Z cfischer $\n# Description: Auto-generated from advisory RHSA-2009:1513 ()\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates announced in\nadvisory RHSA-2009:1513.\n\nThe Common UNIX Printing System (CUPS) provides a portable printing layer\nfor UNIX operating systems. The CUPS pdftops filter converts Portable\nDocument Format (PDF) files to PostScript.\n\nTwo integer overflow flaws were found in the CUPS pdftops filter. An\nattacker could create a malicious PDF file that would cause pdftops to\ncrash or, potentially, execute arbitrary code as the lp user if the file\nwas printed. (CVE-2009-3608, CVE-2009-3609)\n\nRed Hat would like to thank Chris Rohlf for reporting the CVE-2009-3608\nissue.\n\nUsers of cups are advised to upgrade to these updated packages, which\ncontain a backported patch to correct these issues. After installing the\nupdate, the cupsd daemon will be restarted automatically.\";\n\ntag_solution = \"Please note that this update is available via\nRed Hat Network. To use Red Hat Network, launch the Red\nHat Update Agent with the following command: up2date\";\n\n\n\nif(description)\n{\n script_id(66018);\n script_version(\"$Revision: 6683 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-12 11:41:57 +0200 (Wed, 12 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-19 21:50:22 +0200 (Mon, 19 Oct 2009)\");\n script_cve_id(\"CVE-2009-3608\", \"CVE-2009-3609\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"RedHat Security Advisory RHSA-2009:1513\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"http://rhn.redhat.com/errata/RHSA-2009-1513.html\");\n script_xref(name : \"URL\" , value : \"http://www.redhat.com/security/updates/classification/#moderate\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"cups\", rpm:\"cups~1.3.7~11.el5_4.3\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"cups-debuginfo\", rpm:\"cups-debuginfo~1.3.7~11.el5_4.3\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"cups-libs\", rpm:\"cups-libs~1.3.7~11.el5_4.3\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"cups-lpd\", rpm:\"cups-lpd~1.3.7~11.el5_4.3\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"cups-devel\", rpm:\"cups-devel~1.3.7~11.el5_4.3\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-06T11:38:18", "description": "The remote host is missing an update to cups\nannounced via advisory MDVSA-2009:280.", "cvss3": {}, "published": "2009-10-27T00:00:00", "type": "openvas", "title": "Mandrake Security Advisory MDVSA-2009:280 (cups)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-3608", "CVE-2009-3609"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:136141256231066085", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231066085", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: mdksa_2009_280.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory MDVSA-2009:280 (cups)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Two integer overflow flaws were found in the CUPS pdftops filter. An\nattacker could create a malicious PDF file that would cause pdftops\nto crash or, potentially, execute arbitrary code as the lp user if\nthe file was printed. (CVE-2009-3608, CVE-2009-3609)\n\nThis update corrects the problem.\n\nAffected: 2009.1\";\ntag_solution = \"To upgrade automatically use MandrakeUpdate or urpmi. The verification\nof md5 checksums and GPG signatures is performed automatically for you.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=MDVSA-2009:280\";\ntag_summary = \"The remote host is missing an update to cups\nannounced via advisory MDVSA-2009:280.\";\n\n \n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.66085\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-27 01:37:56 +0100 (Tue, 27 Oct 2009)\");\n script_cve_id(\"CVE-2009-3608\", \"CVE-2009-3609\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"Mandrake Security Advisory MDVSA-2009:280 (cups)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"libpoppler4\", rpm:\"libpoppler4~0.10.6~1.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libpoppler-devel\", rpm:\"libpoppler-devel~0.10.6~1.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libpoppler-glib4\", rpm:\"libpoppler-glib4~0.10.6~1.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libpoppler-glib-devel\", rpm:\"libpoppler-glib-devel~0.10.6~1.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libpoppler-qt2\", rpm:\"libpoppler-qt2~0.10.6~1.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libpoppler-qt4-3\", rpm:\"libpoppler-qt4-3~0.10.6~1.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libpoppler-qt4-devel\", rpm:\"libpoppler-qt4-devel~0.10.6~1.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libpoppler-qt-devel\", rpm:\"libpoppler-qt-devel~0.10.6~1.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"poppler\", rpm:\"poppler~0.10.6~1.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64poppler4\", rpm:\"lib64poppler4~0.10.6~1.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64poppler-devel\", rpm:\"lib64poppler-devel~0.10.6~1.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64poppler-glib4\", rpm:\"lib64poppler-glib4~0.10.6~1.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64poppler-glib-devel\", rpm:\"lib64poppler-glib-devel~0.10.6~1.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64poppler-qt2\", rpm:\"lib64poppler-qt2~0.10.6~1.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64poppler-qt4-3\", rpm:\"lib64poppler-qt4-3~0.10.6~1.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64poppler-qt4-devel\", rpm:\"lib64poppler-qt4-devel~0.10.6~1.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64poppler-qt-devel\", rpm:\"lib64poppler-qt-devel~0.10.6~1.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-01-03T10:54:27", "description": "Check for the Version of irqbalance", "cvss3": {}, "published": "2010-03-12T00:00:00", "type": "openvas", "title": "Mandriva Update for irqbalance MDVA-2010:086 (irqbalance)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-3608", "CVE-2009-3609"], "modified": "2018-01-02T00:00:00", "id": "OPENVAS:1361412562310830933", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310830933", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for irqbalance MDVA-2010:086 (irqbalance)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"irqbalance on Mandriva Linux 2009.0,\n Mandriva Linux 2009.0/X86_64,\n Mandriva Linux 2009.1,\n Mandriva Linux 2009.1/X86_64,\n Mandriva Linux 2010.0,\n Mandriva Linux 2010.0/X86_64\";\ntag_insight = \"This update fixes a bug in irqbalance that makes it to fail to spread\n IRQs in a SMP or a muli core machine (#57523)\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.mandriva.com/security-announce/2010-03/msg00000.php\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.830933\");\n script_version(\"$Revision: 8269 $\");\n script_cve_id(\"CVE-2009-3608\", \"CVE-2009-3609\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-02 08:28:22 +0100 (Tue, 02 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2010-03-12 17:02:32 +0100 (Fri, 12 Mar 2010)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"MDVA\", value: \"2010:086\");\n script_name(\"Mandriva Update for irqbalance MDVA-2010:086 (irqbalance)\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of irqbalance\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"MNDK_2010.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"irqbalance\", rpm:\"irqbalance~0.55~9.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_2009.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"irqbalance\", rpm:\"irqbalance~0.55~9.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_2009.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"irqbalance\", rpm:\"irqbalance~0.55~9.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-06T11:38:09", "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n kdegraphics3-pdf\n\n\nMore details may also be found by searching for the SuSE\nEnterprise Server 10 patch database located at\nhttp://download.novell.com/patch/finder/", "cvss3": {}, "published": "2009-11-17T00:00:00", "type": "openvas", "title": "SLES10: Security update for kdegraphics3-pdf", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-3608", "CVE-2009-3609"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:136141256231066282", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231066282", "sourceData": "#\n#VID slesp2-kdegraphics3-pdf-6653\n# OpenVAS Vulnerability Test\n# $\n# Description: Security update for kdegraphics3-pdf\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n kdegraphics3-pdf\n\n\nMore details may also be found by searching for the SuSE\nEnterprise Server 10 patch database located at\nhttp://download.novell.com/patch/finder/\";\n\ntag_solution = \"Please install the updates provided by SuSE.\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.66282\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-11-17 21:42:12 +0100 (Tue, 17 Nov 2009)\");\n script_cve_id(\"CVE-2009-3608\", \"CVE-2009-3609\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"SLES10: Security update for kdegraphics3-pdf\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse_sles\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"kdegraphics3-pdf\", rpm:\"kdegraphics3-pdf~3.5.1~23.26.2\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:36:07", "description": "Oracle Linux Local Security Checks ELSA-2009-1513", "cvss3": {}, "published": "2015-10-08T00:00:00", "type": "openvas", "title": "Oracle Linux Local Check: ELSA-2009-1513", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-3608", "CVE-2009-3609"], "modified": "2018-09-28T00:00:00", "id": "OPENVAS:1361412562310122427", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310122427", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2009-1513.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.122427\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-08 14:45:12 +0300 (Thu, 08 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2009-1513\");\n script_tag(name:\"insight\", value:\"ELSA-2009-1513 - cups security update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2009-1513\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2009-1513.html\");\n script_cve_id(\"CVE-2009-3608\", \"CVE-2009-3609\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux5\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux5\")\n{\n if ((res = isrpmvuln(pkg:\"cups\", rpm:\"cups~1.3.7~11.el5_4.3\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"cups-devel\", rpm:\"cups-devel~1.3.7~11.el5_4.3\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"cups-libs\", rpm:\"cups-libs~1.3.7~11.el5_4.3\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"cups-lpd\", rpm:\"cups-lpd~1.3.7~11.el5_4.3\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2018-04-06T11:37:48", "description": "The remote host is missing updates to cups announced in\nadvisory CESA-2009:1513.", "cvss3": {}, "published": "2009-11-11T00:00:00", "type": "openvas", "title": "CentOS Security Advisory CESA-2009:1513 (cups)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-3608", "CVE-2009-3609"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:136141256231066165", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231066165", "sourceData": "#CESA-2009:1513 66165 2\n# $Id: ovcesa2009_1513.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory CESA-2009:1513 (cups)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"For details on the issues addressed in this update,\nplease visit the referenced security advisories.\";\ntag_solution = \"Update the appropriate packages on your system.\n\nhttp://www.securityspace.com/smysecure/catid.html?in=CESA-2009:1513\nhttp://www.securityspace.com/smysecure/catid.html?in=RHSA-2009:1513\nhttps://rhn.redhat.com/errata/RHSA-2009-1513.html\";\ntag_summary = \"The remote host is missing updates to cups announced in\nadvisory CESA-2009:1513.\";\n\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.66165\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-11-11 15:56:44 +0100 (Wed, 11 Nov 2009)\");\n script_cve_id(\"CVE-2009-3608\", \"CVE-2009-3609\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"CentOS Security Advisory CESA-2009:1513 (cups)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"cups\", rpm:\"cups~1.3.7~11.el5_4.3\", rls:\"CentOS5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"cups-devel\", rpm:\"cups-devel~1.3.7~11.el5_4.3\", rls:\"CentOS5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"cups-libs\", rpm:\"cups-libs~1.3.7~11.el5_4.3\", rls:\"CentOS5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"cups-lpd\", rpm:\"cups-lpd~1.3.7~11.el5_4.3\", rls:\"CentOS5\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-12-15T11:57:51", "description": "Check for the Version of irqbalance", "cvss3": {}, "published": "2010-03-12T00:00:00", "type": "openvas", "title": "Mandriva Update for irqbalance MDVA-2010:086 (irqbalance)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-3608", "CVE-2009-3609"], "modified": "2017-12-15T00:00:00", "id": "OPENVAS:830933", "href": "http://plugins.openvas.org/nasl.php?oid=830933", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for irqbalance MDVA-2010:086 (irqbalance)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"irqbalance on Mandriva Linux 2009.0,\n Mandriva Linux 2009.0/X86_64,\n Mandriva Linux 2009.1,\n Mandriva Linux 2009.1/X86_64,\n Mandriva Linux 2010.0,\n Mandriva Linux 2010.0/X86_64\";\ntag_insight = \"This update fixes a bug in irqbalance that makes it to fail to spread\n IRQs in a SMP or a muli core machine (#57523)\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.mandriva.com/security-announce/2010-03/msg00000.php\");\n script_id(830933);\n script_version(\"$Revision: 8130 $\");\n script_cve_id(\"CVE-2009-3608\", \"CVE-2009-3609\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-15 07:31:09 +0100 (Fri, 15 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-03-12 17:02:32 +0100 (Fri, 12 Mar 2010)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"MDVA\", value: \"2010:086\");\n script_name(\"Mandriva Update for irqbalance MDVA-2010:086 (irqbalance)\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of irqbalance\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"MNDK_2010.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"irqbalance\", rpm:\"irqbalance~0.55~9.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_2009.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"irqbalance\", rpm:\"irqbalance~0.55~9.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_2009.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"irqbalance\", rpm:\"irqbalance~0.55~9.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-26T08:55:30", "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n kdegraphics3-pdf\n\n\nMore details may also be found by searching for the SuSE\nEnterprise Server 10 patch database located at\nhttp://download.novell.com/patch/finder/", "cvss3": {}, "published": "2009-11-17T00:00:00", "type": "openvas", "title": "SLES10: Security update for kdegraphics3-pdf", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-3608", "CVE-2009-3609"], "modified": "2017-07-11T00:00:00", "id": "OPENVAS:66282", "href": "http://plugins.openvas.org/nasl.php?oid=66282", "sourceData": "#\n#VID slesp2-kdegraphics3-pdf-6653\n# OpenVAS Vulnerability Test\n# $\n# Description: Security update for kdegraphics3-pdf\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n kdegraphics3-pdf\n\n\nMore details may also be found by searching for the SuSE\nEnterprise Server 10 patch database located at\nhttp://download.novell.com/patch/finder/\";\n\ntag_solution = \"Please install the updates provided by SuSE.\";\n\nif(description)\n{\n script_id(66282);\n script_version(\"$Revision: 6666 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-11 15:13:36 +0200 (Tue, 11 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-11-17 21:42:12 +0100 (Tue, 17 Nov 2009)\");\n script_cve_id(\"CVE-2009-3608\", \"CVE-2009-3609\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"SLES10: Security update for kdegraphics3-pdf\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse_sles\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"kdegraphics3-pdf\", rpm:\"kdegraphics3-pdf~3.5.1~23.26.2\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:39:43", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2011-08-09T00:00:00", "type": "openvas", "title": "CentOS Update for cups CESA-2009:1513 centos5 i386", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-3608", "CVE-2009-3609"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310880874", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310880874", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for cups CESA-2009:1513 centos5 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2009-October/016218.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.880874\");\n script_version(\"$Revision: 14222 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 13:50:48 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-08-09 08:20:34 +0200 (Tue, 09 Aug 2011)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name:\"CESA\", value:\"2009:1513\");\n script_cve_id(\"CVE-2009-3608\", \"CVE-2009-3609\");\n script_name(\"CentOS Update for cups CESA-2009:1513 centos5 i386\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'cups'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS5\");\n script_tag(name:\"affected\", value:\"cups on CentOS 5\");\n script_tag(name:\"insight\", value:\"The Common UNIX Printing System (CUPS) provides a portable printing layer\n for UNIX operating systems. The CUPS 'pdftops' filter converts Portable\n Document Format (PDF) files to PostScript.\n\n Two integer overflow flaws were found in the CUPS 'pdftops' filter. An\n attacker could create a malicious PDF file that would cause 'pdftops' to\n crash or, potentially, execute arbitrary code as the 'lp' user if the file\n was printed. (CVE-2009-3608, CVE-2009-3609)\n\n Red Hat would like to thank Chris Rohlf for reporting the CVE-2009-3608\n issue.\n\n Users of cups are advised to upgrade to these updated packages, which\n contain a backported patch to correct these issues. After installing the\n update, the cupsd daemon will be restarted automatically.\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"cups\", rpm:\"cups~1.3.7~11.el5_4.3\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"cups-devel\", rpm:\"cups-devel~1.3.7~11.el5_4.3\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"cups-libs\", rpm:\"cups-libs~1.3.7~11.el5_4.3\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"cups-lpd\", rpm:\"cups-lpd~1.3.7~11.el5_4.3\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2017-07-25T10:55:25", "description": "Check for the Version of cups", "cvss3": {}, "published": "2011-08-09T00:00:00", "type": "openvas", "title": "CentOS Update for cups CESA-2009:1513 centos5 i386", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-3608", "CVE-2009-3609"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:880874", "href": "http://plugins.openvas.org/nasl.php?oid=880874", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for cups CESA-2009:1513 centos5 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The Common UNIX Printing System (CUPS) provides a portable printing layer\n for UNIX operating systems. The CUPS "pdftops" filter converts Portable\n Document Format (PDF) files to PostScript.\n\n Two integer overflow flaws were found in the CUPS "pdftops" filter. An\n attacker could create a malicious PDF file that would cause "pdftops" to\n crash or, potentially, execute arbitrary code as the "lp" user if the file\n was printed. (CVE-2009-3608, CVE-2009-3609)\n \n Red Hat would like to thank Chris Rohlf for reporting the CVE-2009-3608\n issue.\n \n Users of cups are advised to upgrade to these updated packages, which\n contain a backported patch to correct these issues. After installing the\n update, the cupsd daemon will be restarted automatically.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"cups on CentOS 5\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2009-October/016218.html\");\n script_id(880874);\n script_version(\"$Revision: 6653 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 13:46:53 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-08-09 08:20:34 +0200 (Tue, 09 Aug 2011)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"CESA\", value: \"2009:1513\");\n script_cve_id(\"CVE-2009-3608\", \"CVE-2009-3609\");\n script_name(\"CentOS Update for cups CESA-2009:1513 centos5 i386\");\n\n script_summary(\"Check for the Version of cups\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"cups\", rpm:\"cups~1.3.7~11.el5_4.3\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"cups-devel\", rpm:\"cups-devel~1.3.7~11.el5_4.3\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"cups-libs\", rpm:\"cups-libs~1.3.7~11.el5_4.3\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"cups-lpd\", rpm:\"cups-lpd~1.3.7~11.el5_4.3\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-06T11:37:33", "description": "The remote host is missing updates announced in\nadvisory RHSA-2009:1513.\n\nThe Common UNIX Printing System (CUPS) provides a portable printing layer\nfor UNIX operating systems. The CUPS pdftops filter converts Portable\nDocument Format (PDF) files to PostScript.\n\nTwo integer overflow flaws were found in the CUPS pdftops filter. An\nattacker could create a malicious PDF file that would cause pdftops to\ncrash or, potentially, execute arbitrary code as the lp user if the file\nwas printed. (CVE-2009-3608, CVE-2009-3609)\n\nRed Hat would like to thank Chris Rohlf for reporting the CVE-2009-3608\nissue.\n\nUsers of cups are advised to upgrade to these updated packages, which\ncontain a backported patch to correct these issues. After installing the\nupdate, the cupsd daemon will be restarted automatically.", "cvss3": {}, "published": "2009-10-19T00:00:00", "type": "openvas", "title": "RedHat Security Advisory RHSA-2009:1513", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-3608", "CVE-2009-3609"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:136141256231066018", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231066018", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: RHSA_2009_1513.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory RHSA-2009:1513 ()\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates announced in\nadvisory RHSA-2009:1513.\n\nThe Common UNIX Printing System (CUPS) provides a portable printing layer\nfor UNIX operating systems. The CUPS pdftops filter converts Portable\nDocument Format (PDF) files to PostScript.\n\nTwo integer overflow flaws were found in the CUPS pdftops filter. An\nattacker could create a malicious PDF file that would cause pdftops to\ncrash or, potentially, execute arbitrary code as the lp user if the file\nwas printed. (CVE-2009-3608, CVE-2009-3609)\n\nRed Hat would like to thank Chris Rohlf for reporting the CVE-2009-3608\nissue.\n\nUsers of cups are advised to upgrade to these updated packages, which\ncontain a backported patch to correct these issues. After installing the\nupdate, the cupsd daemon will be restarted automatically.\";\n\ntag_solution = \"Please note that this update is available via\nRed Hat Network. To use Red Hat Network, launch the Red\nHat Update Agent with the following command: up2date\";\n\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.66018\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-19 21:50:22 +0200 (Mon, 19 Oct 2009)\");\n script_cve_id(\"CVE-2009-3608\", \"CVE-2009-3609\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"RedHat Security Advisory RHSA-2009:1513\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"http://rhn.redhat.com/errata/RHSA-2009-1513.html\");\n script_xref(name : \"URL\" , value : \"http://www.redhat.com/security/updates/classification/#moderate\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"cups\", rpm:\"cups~1.3.7~11.el5_4.3\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"cups-debuginfo\", rpm:\"cups-debuginfo~1.3.7~11.el5_4.3\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"cups-libs\", rpm:\"cups-libs~1.3.7~11.el5_4.3\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"cups-lpd\", rpm:\"cups-lpd~1.3.7~11.el5_4.3\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"cups-devel\", rpm:\"cups-devel~1.3.7~11.el5_4.3\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-25T10:56:14", "description": "The remote host is missing updates to cups announced in\nadvisory CESA-2009:1513.", "cvss3": {}, "published": "2009-11-11T00:00:00", "type": "openvas", "title": "CentOS Security Advisory CESA-2009:1513 (cups)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-3608", "CVE-2009-3609"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:66165", "href": "http://plugins.openvas.org/nasl.php?oid=66165", "sourceData": "#CESA-2009:1513 66165 2\n# $Id: ovcesa2009_1513.nasl 6650 2017-07-10 11:43:12Z cfischer $\n# Description: Auto-generated from advisory CESA-2009:1513 (cups)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"For details on the issues addressed in this update,\nplease visit the referenced security advisories.\";\ntag_solution = \"Update the appropriate packages on your system.\n\nhttp://www.securityspace.com/smysecure/catid.html?in=CESA-2009:1513\nhttp://www.securityspace.com/smysecure/catid.html?in=RHSA-2009:1513\nhttps://rhn.redhat.com/errata/RHSA-2009-1513.html\";\ntag_summary = \"The remote host is missing updates to cups announced in\nadvisory CESA-2009:1513.\";\n\n\n\nif(description)\n{\n script_id(66165);\n script_version(\"$Revision: 6650 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 13:43:12 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-11-11 15:56:44 +0100 (Wed, 11 Nov 2009)\");\n script_cve_id(\"CVE-2009-3608\", \"CVE-2009-3609\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"CentOS Security Advisory CESA-2009:1513 (cups)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"cups\", rpm:\"cups~1.3.7~11.el5_4.3\", rls:\"CentOS5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"cups-devel\", rpm:\"cups-devel~1.3.7~11.el5_4.3\", rls:\"CentOS5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"cups-libs\", rpm:\"cups-libs~1.3.7~11.el5_4.3\", rls:\"CentOS5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"cups-lpd\", rpm:\"cups-lpd~1.3.7~11.el5_4.3\", rls:\"CentOS5\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-24T12:56:26", "description": "The remote host is missing an update to cups\nannounced via advisory MDVSA-2009:280.", "cvss3": {}, "published": "2009-10-27T00:00:00", "type": "openvas", "title": "Mandrake Security Advisory MDVSA-2009:280 (cups)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-3608", "CVE-2009-3609"], "modified": "2017-07-06T00:00:00", "id": "OPENVAS:66085", "href": "http://plugins.openvas.org/nasl.php?oid=66085", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: mdksa_2009_280.nasl 6573 2017-07-06 13:10:50Z cfischer $\n# Description: Auto-generated from advisory MDVSA-2009:280 (cups)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Two integer overflow flaws were found in the CUPS pdftops filter. An\nattacker could create a malicious PDF file that would cause pdftops\nto crash or, potentially, execute arbitrary code as the lp user if\nthe file was printed. (CVE-2009-3608, CVE-2009-3609)\n\nThis update corrects the problem.\n\nAffected: 2009.1\";\ntag_solution = \"To upgrade automatically use MandrakeUpdate or urpmi. The verification\nof md5 checksums and GPG signatures is performed automatically for you.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=MDVSA-2009:280\";\ntag_summary = \"The remote host is missing an update to cups\nannounced via advisory MDVSA-2009:280.\";\n\n \n\nif(description)\n{\n script_id(66085);\n script_version(\"$Revision: 6573 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-06 15:10:50 +0200 (Thu, 06 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-27 01:37:56 +0100 (Tue, 27 Oct 2009)\");\n script_cve_id(\"CVE-2009-3608\", \"CVE-2009-3609\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"Mandrake Security Advisory MDVSA-2009:280 (cups)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"libpoppler4\", rpm:\"libpoppler4~0.10.6~1.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libpoppler-devel\", rpm:\"libpoppler-devel~0.10.6~1.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libpoppler-glib4\", rpm:\"libpoppler-glib4~0.10.6~1.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libpoppler-glib-devel\", rpm:\"libpoppler-glib-devel~0.10.6~1.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libpoppler-qt2\", rpm:\"libpoppler-qt2~0.10.6~1.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libpoppler-qt4-3\", rpm:\"libpoppler-qt4-3~0.10.6~1.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libpoppler-qt4-devel\", rpm:\"libpoppler-qt4-devel~0.10.6~1.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libpoppler-qt-devel\", rpm:\"libpoppler-qt-devel~0.10.6~1.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"poppler\", rpm:\"poppler~0.10.6~1.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64poppler4\", rpm:\"lib64poppler4~0.10.6~1.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64poppler-devel\", rpm:\"lib64poppler-devel~0.10.6~1.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64poppler-glib4\", rpm:\"lib64poppler-glib4~0.10.6~1.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64poppler-glib-devel\", rpm:\"lib64poppler-glib-devel~0.10.6~1.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64poppler-qt2\", rpm:\"lib64poppler-qt2~0.10.6~1.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64poppler-qt4-3\", rpm:\"lib64poppler-qt4-3~0.10.6~1.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64poppler-qt4-devel\", rpm:\"lib64poppler-qt4-devel~0.10.6~1.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64poppler-qt-devel\", rpm:\"lib64poppler-qt-devel~0.10.6~1.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-06T11:37:44", "description": "The remote host is missing an update to koffice\nannounced via advisory MDVSA-2009:336.", "cvss3": {}, "published": "2009-12-30T00:00:00", "type": "openvas", "title": "Mandriva Security Advisory MDVSA-2009:336 (koffice)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-3606", "CVE-2009-3609"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:136141256231066546", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231066546", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: mdksa_2009_336.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory MDVSA-2009:336 (koffice)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Security vulnerabilities have been discovered and fixed in pdf\nprocessing code embedded in koffice package (CVE-2009-3606 and\nCVE-2009-3609).\n\nThis update fixes these vulnerabilities.\n\nPackages for 2008.0 are being provided due to extended support for\nCorporate products.\n\nAffected: 2008.0\";\ntag_solution = \"To upgrade automatically use MandrakeUpdate or urpmi. The verification\nof md5 checksums and GPG signatures is performed automatically for you.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=MDVSA-2009:336\";\ntag_summary = \"The remote host is missing an update to koffice\nannounced via advisory MDVSA-2009:336.\";\n\n \n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.66546\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-12-30 21:58:43 +0100 (Wed, 30 Dec 2009)\");\n script_cve_id(\"CVE-2009-3606\", \"CVE-2009-3609\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"Mandriva Security Advisory MDVSA-2009:336 (koffice)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"koffice\", rpm:\"koffice~1.6.3~9.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"koffice-karbon\", rpm:\"koffice-karbon~1.6.3~9.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"koffice-kexi\", rpm:\"koffice-kexi~1.6.3~9.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"koffice-kformula\", rpm:\"koffice-kformula~1.6.3~9.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"koffice-kivio\", rpm:\"koffice-kivio~1.6.3~9.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"koffice-koshell\", rpm:\"koffice-koshell~1.6.3~9.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"koffice-kplato\", rpm:\"koffice-kplato~1.6.3~9.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"koffice-kpresenter\", rpm:\"koffice-kpresenter~1.6.3~9.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"koffice-krita\", rpm:\"koffice-krita~1.6.3~9.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"koffice-kspread\", rpm:\"koffice-kspread~1.6.3~9.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"koffice-kugar\", rpm:\"koffice-kugar~1.6.3~9.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"koffice-kword\", rpm:\"koffice-kword~1.6.3~9.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"koffice-progs\", rpm:\"koffice-progs~1.6.3~9.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libkoffice2-karbon\", rpm:\"libkoffice2-karbon~1.6.3~9.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libkoffice2-karbon-devel\", rpm:\"libkoffice2-karbon-devel~1.6.3~9.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libkoffice2-kexi\", rpm:\"libkoffice2-kexi~1.6.3~9.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libkoffice2-kexi-devel\", rpm:\"libkoffice2-kexi-devel~1.6.3~9.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libkoffice2-kformula\", rpm:\"libkoffice2-kformula~1.6.3~9.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libkoffice2-kformula-devel\", rpm:\"libkoffice2-kformula-devel~1.6.3~9.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libkoffice2-kivio\", rpm:\"libkoffice2-kivio~1.6.3~9.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libkoffice2-kivio-devel\", rpm:\"libkoffice2-kivio-devel~1.6.3~9.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libkoffice2-koshell\", rpm:\"libkoffice2-koshell~1.6.3~9.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libkoffice2-kplato\", rpm:\"libkoffice2-kplato~1.6.3~9.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libkoffice2-kpresenter\", rpm:\"libkoffice2-kpresenter~1.6.3~9.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libkoffice2-kpresenter-devel\", rpm:\"libkoffice2-kpresenter-devel~1.6.3~9.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libkoffice2-krita\", rpm:\"libkoffice2-krita~1.6.3~9.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libkoffice2-krita-devel\", rpm:\"libkoffice2-krita-devel~1.6.3~9.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libkoffice2-kspread\", rpm:\"libkoffice2-kspread~1.6.3~9.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libkoffice2-kspread-devel\", rpm:\"libkoffice2-kspread-devel~1.6.3~9.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libkoffice2-kugar\", rpm:\"libkoffice2-kugar~1.6.3~9.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libkoffice2-kugar-devel\", rpm:\"libkoffice2-kugar-devel~1.6.3~9.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libkoffice2-kword\", rpm:\"libkoffice2-kword~1.6.3~9.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libkoffice2-kword-devel\", rpm:\"libkoffice2-kword-devel~1.6.3~9.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libkoffice2-progs\", rpm:\"libkoffice2-progs~1.6.3~9.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libkoffice2-progs-devel\", rpm:\"libkoffice2-progs-devel~1.6.3~9.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64koffice2-karbon\", rpm:\"lib64koffice2-karbon~1.6.3~9.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64koffice2-karbon-devel\", rpm:\"lib64koffice2-karbon-devel~1.6.3~9.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64koffice2-kexi\", rpm:\"lib64koffice2-kexi~1.6.3~9.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64koffice2-kexi-devel\", rpm:\"lib64koffice2-kexi-devel~1.6.3~9.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64koffice2-kformula\", rpm:\"lib64koffice2-kformula~1.6.3~9.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64koffice2-kformula-devel\", rpm:\"lib64koffice2-kformula-devel~1.6.3~9.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64koffice2-kivio\", rpm:\"lib64koffice2-kivio~1.6.3~9.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64koffice2-kivio-devel\", rpm:\"lib64koffice2-kivio-devel~1.6.3~9.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64koffice2-koshell\", rpm:\"lib64koffice2-koshell~1.6.3~9.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64koffice2-kplato\", rpm:\"lib64koffice2-kplato~1.6.3~9.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64koffice2-kpresenter\", rpm:\"lib64koffice2-kpresenter~1.6.3~9.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64koffice2-kpresenter-devel\", rpm:\"lib64koffice2-kpresenter-devel~1.6.3~9.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64koffice2-krita\", rpm:\"lib64koffice2-krita~1.6.3~9.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64koffice2-krita-devel\", rpm:\"lib64koffice2-krita-devel~1.6.3~9.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64koffice2-kspread\", rpm:\"lib64koffice2-kspread~1.6.3~9.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64koffice2-kspread-devel\", rpm:\"lib64koffice2-kspread-devel~1.6.3~9.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64koffice2-kugar\", rpm:\"lib64koffice2-kugar~1.6.3~9.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64koffice2-kugar-devel\", rpm:\"lib64koffice2-kugar-devel~1.6.3~9.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64koffice2-kword\", rpm:\"lib64koffice2-kword~1.6.3~9.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64koffice2-kword-devel\", rpm:\"lib64koffice2-kword-devel~1.6.3~9.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64koffice2-progs\", rpm:\"lib64koffice2-progs~1.6.3~9.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64koffice2-progs-devel\", rpm:\"lib64koffice2-progs-devel~1.6.3~9.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-24T12:56:12", "description": "The remote host is missing an update to koffice\nannounced via advisory MDVSA-2009:336.", "cvss3": {}, "published": "2009-12-30T00:00:00", "type": "openvas", "title": "Mandriva Security Advisory MDVSA-2009:336 (koffice)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-3606", "CVE-2009-3609"], "modified": "2017-07-06T00:00:00", "id": "OPENVAS:66546", "href": "http://plugins.openvas.org/nasl.php?oid=66546", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: mdksa_2009_336.nasl 6573 2017-07-06 13:10:50Z cfischer $\n# Description: Auto-generated from advisory MDVSA-2009:336 (koffice)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Security vulnerabilities have been discovered and fixed in pdf\nprocessing code embedded in koffice package (CVE-2009-3606 and\nCVE-2009-3609).\n\nThis update fixes these vulnerabilities.\n\nPackages for 2008.0 are being provided due to extended support for\nCorporate products.\n\nAffected: 2008.0\";\ntag_solution = \"To upgrade automatically use MandrakeUpdate or urpmi. The verification\nof md5 checksums and GPG signatures is performed automatically for you.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=MDVSA-2009:336\";\ntag_summary = \"The remote host is missing an update to koffice\nannounced via advisory MDVSA-2009:336.\";\n\n \n\nif(description)\n{\n script_id(66546);\n script_version(\"$Revision: 6573 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-06 15:10:50 +0200 (Thu, 06 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-12-30 21:58:43 +0100 (Wed, 30 Dec 2009)\");\n script_cve_id(\"CVE-2009-3606\", \"CVE-2009-3609\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"Mandriva Security Advisory MDVSA-2009:336 (koffice)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"koffice\", rpm:\"koffice~1.6.3~9.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"koffice-karbon\", rpm:\"koffice-karbon~1.6.3~9.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"koffice-kexi\", rpm:\"koffice-kexi~1.6.3~9.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"koffice-kformula\", rpm:\"koffice-kformula~1.6.3~9.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"koffice-kivio\", rpm:\"koffice-kivio~1.6.3~9.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"koffice-koshell\", rpm:\"koffice-koshell~1.6.3~9.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"koffice-kplato\", rpm:\"koffice-kplato~1.6.3~9.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"koffice-kpresenter\", rpm:\"koffice-kpresenter~1.6.3~9.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"koffice-krita\", rpm:\"koffice-krita~1.6.3~9.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"koffice-kspread\", rpm:\"koffice-kspread~1.6.3~9.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"koffice-kugar\", rpm:\"koffice-kugar~1.6.3~9.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"koffice-kword\", rpm:\"koffice-kword~1.6.3~9.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"koffice-progs\", rpm:\"koffice-progs~1.6.3~9.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libkoffice2-karbon\", rpm:\"libkoffice2-karbon~1.6.3~9.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libkoffice2-karbon-devel\", rpm:\"libkoffice2-karbon-devel~1.6.3~9.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libkoffice2-kexi\", rpm:\"libkoffice2-kexi~1.6.3~9.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libkoffice2-kexi-devel\", rpm:\"libkoffice2-kexi-devel~1.6.3~9.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libkoffice2-kformula\", rpm:\"libkoffice2-kformula~1.6.3~9.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libkoffice2-kformula-devel\", rpm:\"libkoffice2-kformula-devel~1.6.3~9.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libkoffice2-kivio\", rpm:\"libkoffice2-kivio~1.6.3~9.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libkoffice2-kivio-devel\", rpm:\"libkoffice2-kivio-devel~1.6.3~9.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libkoffice2-koshell\", rpm:\"libkoffice2-koshell~1.6.3~9.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libkoffice2-kplato\", rpm:\"libkoffice2-kplato~1.6.3~9.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libkoffice2-kpresenter\", rpm:\"libkoffice2-kpresenter~1.6.3~9.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libkoffice2-kpresenter-devel\", rpm:\"libkoffice2-kpresenter-devel~1.6.3~9.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libkoffice2-krita\", rpm:\"libkoffice2-krita~1.6.3~9.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libkoffice2-krita-devel\", rpm:\"libkoffice2-krita-devel~1.6.3~9.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libkoffice2-kspread\", rpm:\"libkoffice2-kspread~1.6.3~9.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libkoffice2-kspread-devel\", rpm:\"libkoffice2-kspread-devel~1.6.3~9.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libkoffice2-kugar\", rpm:\"libkoffice2-kugar~1.6.3~9.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libkoffice2-kugar-devel\", rpm:\"libkoffice2-kugar-devel~1.6.3~9.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libkoffice2-kword\", rpm:\"libkoffice2-kword~1.6.3~9.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libkoffice2-kword-devel\", rpm:\"libkoffice2-kword-devel~1.6.3~9.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libkoffice2-progs\", rpm:\"libkoffice2-progs~1.6.3~9.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libkoffice2-progs-devel\", rpm:\"libkoffice2-progs-devel~1.6.3~9.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64koffice2-karbon\", rpm:\"lib64koffice2-karbon~1.6.3~9.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64koffice2-karbon-devel\", rpm:\"lib64koffice2-karbon-devel~1.6.3~9.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64koffice2-kexi\", rpm:\"lib64koffice2-kexi~1.6.3~9.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64koffice2-kexi-devel\", rpm:\"lib64koffice2-kexi-devel~1.6.3~9.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64koffice2-kformula\", rpm:\"lib64koffice2-kformula~1.6.3~9.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64koffice2-kformula-devel\", rpm:\"lib64koffice2-kformula-devel~1.6.3~9.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64koffice2-kivio\", rpm:\"lib64koffice2-kivio~1.6.3~9.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64koffice2-kivio-devel\", rpm:\"lib64koffice2-kivio-devel~1.6.3~9.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64koffice2-koshell\", rpm:\"lib64koffice2-koshell~1.6.3~9.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64koffice2-kplato\", rpm:\"lib64koffice2-kplato~1.6.3~9.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64koffice2-kpresenter\", rpm:\"lib64koffice2-kpresenter~1.6.3~9.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64koffice2-kpresenter-devel\", rpm:\"lib64koffice2-kpresenter-devel~1.6.3~9.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64koffice2-krita\", rpm:\"lib64koffice2-krita~1.6.3~9.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64koffice2-krita-devel\", rpm:\"lib64koffice2-krita-devel~1.6.3~9.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64koffice2-kspread\", rpm:\"lib64koffice2-kspread~1.6.3~9.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64koffice2-kspread-devel\", rpm:\"lib64koffice2-kspread-devel~1.6.3~9.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64koffice2-kugar\", rpm:\"lib64koffice2-kugar~1.6.3~9.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64koffice2-kugar-devel\", rpm:\"lib64koffice2-kugar-devel~1.6.3~9.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64koffice2-kword\", rpm:\"lib64koffice2-kword~1.6.3~9.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64koffice2-kword-devel\", rpm:\"lib64koffice2-kword-devel~1.6.3~9.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64koffice2-progs\", rpm:\"lib64koffice2-progs~1.6.3~9.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64koffice2-progs-devel\", rpm:\"lib64koffice2-progs-devel~1.6.3~9.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-06T11:39:42", "description": "The remote host is missing updates announced in\nadvisory RHSA-2009:1512.\n\nThe kdegraphics packages contain applications for the K Desktop\nEnvironment, including KPDF, a viewer for Portable Document Format (PDF)\nfiles.\n\nMultiple integer overflow flaws were found in KPDF. An attacker could\ncreate a malicious PDF file that would cause KPDF to crash or, potentially,\nexecute arbitrary code when opened. (CVE-2009-0791, CVE-2009-1188,\nCVE-2009-3604, CVE-2009-3608, CVE-2009-3609)\n\nRed Hat would like to thank Adam Zabrocki for reporting the CVE-2009-3604\nissue, and Chris Rohlf for reporting the CVE-2009-3608 issue.\n\nUsers are advised to upgrade to these updated packages, which contain a\nbackported patch to resolve these issues.", "cvss3": {}, "published": "2009-10-19T00:00:00", "type": "openvas", "title": "RedHat Security Advisory RHSA-2009:1512", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-3608", "CVE-2009-1188", "CVE-2009-0791", "CVE-2009-3604", "CVE-2009-3609"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:136141256231066017", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231066017", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: RHSA_2009_1512.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory RHSA-2009:1512 ()\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates announced in\nadvisory RHSA-2009:1512.\n\nThe kdegraphics packages contain applications for the K Desktop\nEnvironment, including KPDF, a viewer for Portable Document Format (PDF)\nfiles.\n\nMultiple integer overflow flaws were found in KPDF. An attacker could\ncreate a malicious PDF file that would cause KPDF to crash or, potentially,\nexecute arbitrary code when opened. (CVE-2009-0791, CVE-2009-1188,\nCVE-2009-3604, CVE-2009-3608, CVE-2009-3609)\n\nRed Hat would like to thank Adam Zabrocki for reporting the CVE-2009-3604\nissue, and Chris Rohlf for reporting the CVE-2009-3608 issue.\n\nUsers are advised to upgrade to these updated packages, which contain a\nbackported patch to resolve these issues.\";\n\ntag_solution = \"Please note that this update is available via\nRed Hat Network. To use Red Hat Network, launch the Red\nHat Update Agent with the following command: up2date\";\n\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.66017\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-19 21:50:22 +0200 (Mon, 19 Oct 2009)\");\n script_cve_id(\"CVE-2009-0791\", \"CVE-2009-1188\", \"CVE-2009-3604\", \"CVE-2009-3608\", \"CVE-2009-3609\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"RedHat Security Advisory RHSA-2009:1512\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"http://rhn.redhat.com/errata/RHSA-2009-1512.html\");\n script_xref(name : \"URL\" , value : \"http://www.redhat.com/security/updates/classification/#important\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"kdegraphics\", rpm:\"kdegraphics~3.3.1~15.el4_8.2\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kdegraphics-debuginfo\", rpm:\"kdegraphics-debuginfo~3.3.1~15.el4_8.2\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kdegraphics-devel\", rpm:\"kdegraphics-devel~3.3.1~15.el4_8.2\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-06T11:39:50", "description": "The remote host is missing updates to kdegraphics announced in\nadvisory CESA-2009:1512.", "cvss3": {}, "published": "2009-10-19T00:00:00", "type": "openvas", "title": "CentOS Security Advisory CESA-2009:1512 (kdegraphics)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-3608", "CVE-2009-1188", "CVE-2009-0791", "CVE-2009-3604", "CVE-2009-3609"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:136141256231066069", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231066069", "sourceData": "#CESA-2009:1512 66069 2\n# $Id: ovcesa2009_1512.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory CESA-2009:1512 (kdegraphics)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"For details on the issues addressed in this update,\nplease visit the referenced security advisories.\";\ntag_solution = \"Update the appropriate packages on your system.\n\nhttp://www.securityspace.com/smysecure/catid.html?in=CESA-2009:1512\nhttp://www.securityspace.com/smysecure/catid.html?in=RHSA-2009:1512\";\ntag_summary = \"The remote host is missing updates to kdegraphics announced in\nadvisory CESA-2009:1512.\";\n\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.66069\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-19 21:50:22 +0200 (Mon, 19 Oct 2009)\");\n script_cve_id(\"CVE-2009-0791\", \"CVE-2009-1188\", \"CVE-2009-3604\", \"CVE-2009-3608\", \"CVE-2009-3609\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"CentOS Security Advisory CESA-2009:1512 (kdegraphics)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"kdegraphics\", rpm:\"kdegraphics~3.3.1~15.el4_8.2\", rls:\"CentOS4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kdegraphics-devel\", rpm:\"kdegraphics-devel~3.3.1~15.el4_8.2\", rls:\"CentOS4\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-25T10:56:56", "description": "The remote host is missing updates to kdegraphics announced in\nadvisory CESA-2009:1512.", "cvss3": {}, "published": "2009-10-19T00:00:00", "type": "openvas", "title": "CentOS Security Advisory CESA-2009:1512 (kdegraphics)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-3608", "CVE-2009-1188", "CVE-2009-0791", "CVE-2009-3604", "CVE-2009-3609"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:66069", "href": "http://plugins.openvas.org/nasl.php?oid=66069", "sourceData": "#CESA-2009:1512 66069 2\n# $Id: ovcesa2009_1512.nasl 6650 2017-07-10 11:43:12Z cfischer $\n# Description: Auto-generated from advisory CESA-2009:1512 (kdegraphics)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"For details on the issues addressed in this update,\nplease visit the referenced security advisories.\";\ntag_solution = \"Update the appropriate packages on your system.\n\nhttp://www.securityspace.com/smysecure/catid.html?in=CESA-2009:1512\nhttp://www.securityspace.com/smysecure/catid.html?in=RHSA-2009:1512\";\ntag_summary = \"The remote host is missing updates to kdegraphics announced in\nadvisory CESA-2009:1512.\";\n\n\n\nif(description)\n{\n script_id(66069);\n script_version(\"$Revision: 6650 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 13:43:12 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-19 21:50:22 +0200 (Mon, 19 Oct 2009)\");\n script_cve_id(\"CVE-2009-0791\", \"CVE-2009-1188\", \"CVE-2009-3604\", \"CVE-2009-3608\", \"CVE-2009-3609\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"CentOS Security Advisory CESA-2009:1512 (kdegraphics)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"kdegraphics\", rpm:\"kdegraphics~3.3.1~15.el4_8.2\", rls:\"CentOS4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kdegraphics-devel\", rpm:\"kdegraphics-devel~3.3.1~15.el4_8.2\", rls:\"CentOS4\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-27T10:56:52", "description": "The remote host is missing updates announced in\nadvisory RHSA-2009:1503.\n\nGPdf is a viewer for Portable Document Format (PDF) files.\n\nMultiple integer overflow flaws were found in GPdf. An attacker could\ncreate a malicious PDF file that would cause GPdf to crash or, potentially,\nexecute arbitrary code when opened. (CVE-2009-0791, CVE-2009-1188,\nCVE-2009-3604, CVE-2009-3608, CVE-2009-3609)\n\nRed Hat would like to thank Adam Zabrocki for reporting the CVE-2009-3604\nissue, and Chris Rohlf for reporting the CVE-2009-3608 issue.\n\nUsers are advised to upgrade to this updated package, which contains a\nbackported patch to correct these issues.", "cvss3": {}, "published": "2009-10-19T00:00:00", "type": "openvas", "title": "RedHat Security Advisory RHSA-2009:1503", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-3608", "CVE-2009-1188", "CVE-2009-0791", "CVE-2009-3604", "CVE-2009-3609"], "modified": "2017-07-12T00:00:00", "id": "OPENVAS:66015", "href": "http://plugins.openvas.org/nasl.php?oid=66015", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: RHSA_2009_1503.nasl 6683 2017-07-12 09:41:57Z cfischer $\n# Description: Auto-generated from advisory RHSA-2009:1503 ()\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates announced in\nadvisory RHSA-2009:1503.\n\nGPdf is a viewer for Portable Document Format (PDF) files.\n\nMultiple integer overflow flaws were found in GPdf. An attacker could\ncreate a malicious PDF file that would cause GPdf to crash or, potentially,\nexecute arbitrary code when opened. (CVE-2009-0791, CVE-2009-1188,\nCVE-2009-3604, CVE-2009-3608, CVE-2009-3609)\n\nRed Hat would like to thank Adam Zabrocki for reporting the CVE-2009-3604\nissue, and Chris Rohlf for reporting the CVE-2009-3608 issue.\n\nUsers are advised to upgrade to this updated package, which contains a\nbackported patch to correct these issues.\";\n\ntag_solution = \"Please note that this update is available via\nRed Hat Network. To use Red Hat Network, launch the Red\nHat Update Agent with the following command: up2date\";\n\n\n\nif(description)\n{\n script_id(66015);\n script_version(\"$Revision: 6683 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-12 11:41:57 +0200 (Wed, 12 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-19 21:50:22 +0200 (Mon, 19 Oct 2009)\");\n script_cve_id(\"CVE-2009-0791\", \"CVE-2009-1188\", \"CVE-2009-3604\", \"CVE-2009-3608\", \"CVE-2009-3609\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"RedHat Security Advisory RHSA-2009:1503\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"http://rhn.redhat.com/errata/RHSA-2009-1503.html\");\n script_xref(name : \"URL\" , value : \"http://www.redhat.com/security/updates/classification/#important\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"gpdf\", rpm:\"gpdf~2.8.2~7.7.2.el4_8.5\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"gpdf-debuginfo\", rpm:\"gpdf-debuginfo~2.8.2~7.7.2.el4_8.5\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-25T10:55:22", "description": "Check for the Version of gpdf", "cvss3": {}, "published": "2011-08-09T00:00:00", "type": "openvas", "title": "CentOS Update for gpdf CESA-2009:1503 centos4 i386", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-3608", "CVE-2009-1188", "CVE-2009-0791", "CVE-2009-3604", "CVE-2009-3609"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:880909", "href": "http://plugins.openvas.org/nasl.php?oid=880909", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for gpdf CESA-2009:1503 centos4 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"GPdf is a viewer for Portable Document Format (PDF) files.\n\n Multiple integer overflow flaws were found in GPdf. An attacker could\n create a malicious PDF file that would cause GPdf to crash or, potentially,\n execute arbitrary code when opened. (CVE-2009-0791, CVE-2009-1188,\n CVE-2009-3604, CVE-2009-3608, CVE-2009-3609)\n \n Red Hat would like to thank Adam Zabrocki for reporting the CVE-2009-3604\n issue, and Chris Rohlf for reporting the CVE-2009-3608 issue.\n \n Users are advised to upgrade to this updated package, which contains a\n backported patch to correct these issues.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"gpdf on CentOS 4\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2009-October/016191.html\");\n script_id(880909);\n script_version(\"$Revision: 6653 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 13:46:53 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-08-09 08:20:34 +0200 (Tue, 09 Aug 2011)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"CESA\", value: \"2009:1503\");\n script_cve_id(\"CVE-2009-0791\", \"CVE-2009-1188\", \"CVE-2009-3604\", \"CVE-2009-3608\", \"CVE-2009-3609\");\n script_name(\"CentOS Update for gpdf CESA-2009:1503 centos4 i386\");\n\n script_summary(\"Check for the Version of gpdf\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS4\")\n{\n\n if ((res = isrpmvuln(pkg:\"gpdf\", rpm:\"gpdf~2.8.2~7.7.2.el4_8.5\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-25T10:56:15", "description": "The remote host is missing updates to gpdf announced in\nadvisory CESA-2009:1503.", "cvss3": {}, "published": "2009-10-19T00:00:00", "type": "openvas", "title": "CentOS Security Advisory CESA-2009:1503 (gpdf)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-3608", "CVE-2009-1188", "CVE-2009-0791", "CVE-2009-3604", "CVE-2009-3609"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:66068", "href": "http://plugins.openvas.org/nasl.php?oid=66068", "sourceData": "#CESA-2009:1503 66068 2\n# $Id: ovcesa2009_1503.nasl 6650 2017-07-10 11:43:12Z cfischer $\n# Description: Auto-generated from advisory CESA-2009:1503 (gpdf)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"For details on the issues addressed in this update,\nplease visit the referenced security advisories.\";\ntag_solution = \"Update the appropriate packages on your system.\n\nhttp://www.securityspace.com/smysecure/catid.html?in=CESA-2009:1503\nhttp://www.securityspace.com/smysecure/catid.html?in=RHSA-2009:1503\";\ntag_summary = \"The remote host is missing updates to gpdf announced in\nadvisory CESA-2009:1503.\";\n\n\n\nif(description)\n{\n script_id(66068);\n script_version(\"$Revision: 6650 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 13:43:12 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-19 21:50:22 +0200 (Mon, 19 Oct 2009)\");\n script_cve_id(\"CVE-2009-0791\", \"CVE-2009-1188\", \"CVE-2009-3604\", \"CVE-2009-3608\", \"CVE-2009-3609\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"CentOS Security Advisory CESA-2009:1503 (gpdf)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"gpdf\", rpm:\"gpdf~2.8.2~7.7.2.el4_8.5\", rls:\"CentOS4\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-27T10:56:29", "description": "The remote host is missing updates announced in\nadvisory RHSA-2009:1512.\n\nThe kdegraphics packages contain applications for the K Desktop\nEnvironment, including KPDF, a viewer for Portable Document Format (PDF)\nfiles.\n\nMultiple integer overflow flaws were found in KPDF. An attacker could\ncreate a malicious PDF file that would cause KPDF to crash or, potentially,\nexecute arbitrary code when opened. (CVE-2009-0791, CVE-2009-1188,\nCVE-2009-3604, CVE-2009-3608, CVE-2009-3609)\n\nRed Hat would like to thank Adam Zabrocki for reporting the CVE-2009-3604\nissue, and Chris Rohlf for reporting the CVE-2009-3608 issue.\n\nUsers are advised to upgrade to these updated packages, which contain a\nbackported patch to resolve these issues.", "cvss3": {}, "published": "2009-10-19T00:00:00", "type": "openvas", "title": "RedHat Security Advisory RHSA-2009:1512", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-3608", "CVE-2009-1188", "CVE-2009-0791", "CVE-2009-3604", "CVE-2009-3609"], "modified": "2017-07-12T00:00:00", "id": "OPENVAS:66017", "href": "http://plugins.openvas.org/nasl.php?oid=66017", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: RHSA_2009_1512.nasl 6683 2017-07-12 09:41:57Z cfischer $\n# Description: Auto-generated from advisory RHSA-2009:1512 ()\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates announced in\nadvisory RHSA-2009:1512.\n\nThe kdegraphics packages contain applications for the K Desktop\nEnvironment, including KPDF, a viewer for Portable Document Format (PDF)\nfiles.\n\nMultiple integer overflow flaws were found in KPDF. An attacker could\ncreate a malicious PDF file that would cause KPDF to crash or, potentially,\nexecute arbitrary code when opened. (CVE-2009-0791, CVE-2009-1188,\nCVE-2009-3604, CVE-2009-3608, CVE-2009-3609)\n\nRed Hat would like to thank Adam Zabrocki for reporting the CVE-2009-3604\nissue, and Chris Rohlf for reporting the CVE-2009-3608 issue.\n\nUsers are advised to upgrade to these updated packages, which contain a\nbackported patch to resolve these issues.\";\n\ntag_solution = \"Please note that this update is available via\nRed Hat Network. To use Red Hat Network, launch the Red\nHat Update Agent with the following command: up2date\";\n\n\n\nif(description)\n{\n script_id(66017);\n script_version(\"$Revision: 6683 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-12 11:41:57 +0200 (Wed, 12 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-19 21:50:22 +0200 (Mon, 19 Oct 2009)\");\n script_cve_id(\"CVE-2009-0791\", \"CVE-2009-1188\", \"CVE-2009-3604\", \"CVE-2009-3608\", \"CVE-2009-3609\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"RedHat Security Advisory RHSA-2009:1512\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"http://rhn.redhat.com/errata/RHSA-2009-1512.html\");\n script_xref(name : \"URL\" , value : \"http://www.redhat.com/security/updates/classification/#important\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"kdegraphics\", rpm:\"kdegraphics~3.3.1~15.el4_8.2\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kdegraphics-debuginfo\", rpm:\"kdegraphics-debuginfo~3.3.1~15.el4_8.2\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kdegraphics-devel\", rpm:\"kdegraphics-devel~3.3.1~15.el4_8.2\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:39:42", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2011-08-09T00:00:00", "type": "openvas", "title": "CentOS Update for kdegraphics CESA-2009:1512 centos4 i386", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-3608", "CVE-2009-1188", "CVE-2009-0791", "CVE-2009-3604", "CVE-2009-3609"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310880906", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310880906", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for kdegraphics CESA-2009:1512 centos4 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2009-October/016193.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.880906\");\n script_version(\"$Revision: 14222 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 13:50:48 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-08-09 08:20:34 +0200 (Tue, 09 Aug 2011)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name:\"CESA\", value:\"2009:1512\");\n script_cve_id(\"CVE-2009-0791\", \"CVE-2009-1188\", \"CVE-2009-3604\", \"CVE-2009-3608\", \"CVE-2009-3609\");\n script_name(\"CentOS Update for kdegraphics CESA-2009:1512 centos4 i386\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'kdegraphics'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS4\");\n script_tag(name:\"affected\", value:\"kdegraphics on CentOS 4\");\n script_tag(name:\"insight\", value:\"The kdegraphics packages contain applications for the K Desktop\n Environment, including KPDF, a viewer for Portable Document Format (PDF)\n files.\n\n Multiple integer overflow flaws were found in KPDF. An attacker could\n create a malicious PDF file that would cause KPDF to crash or, potentially,\n execute arbitrary code when opened. (CVE-2009-0791, CVE-2009-1188,\n CVE-2009-3604, CVE-2009-3608, CVE-2009-3609)\n\n Red Hat would like to thank Adam Zabrocki for reporting the CVE-2009-3604\n issue, and Chris Rohlf for reporting the CVE-2009-3608 issue.\n\n Users are advised to upgrade to these updated packages, which contain a\n backported patch to resolve these issues.\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS4\")\n{\n\n if ((res = isrpmvuln(pkg:\"kdegraphics\", rpm:\"kdegraphics~3.3.1~15.el4_8.2\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kdegraphics-devel\", rpm:\"kdegraphics-devel~3.3.1~15.el4_8.2\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:39:39", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2011-08-09T00:00:00", "type": "openvas", "title": "CentOS Update for gpdf CESA-2009:1503 centos4 i386", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-3608", "CVE-2009-1188", "CVE-2009-0791", "CVE-2009-3604", "CVE-2009-3609"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310880909", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310880909", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for gpdf CESA-2009:1503 centos4 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2009-October/016191.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.880909\");\n script_version(\"$Revision: 14222 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 13:50:48 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-08-09 08:20:34 +0200 (Tue, 09 Aug 2011)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name:\"CESA\", value:\"2009:1503\");\n script_cve_id(\"CVE-2009-0791\", \"CVE-2009-1188\", \"CVE-2009-3604\", \"CVE-2009-3608\", \"CVE-2009-3609\");\n script_name(\"CentOS Update for gpdf CESA-2009:1503 centos4 i386\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'gpdf'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS4\");\n script_tag(name:\"affected\", value:\"gpdf on CentOS 4\");\n script_tag(name:\"insight\", value:\"GPdf is a viewer for Portable Document Format (PDF) files.\n\n Multiple integer overflow flaws were found in GPdf. An attacker could\n create a malicious PDF file that would cause GPdf to crash or, potentially,\n execute arbitrary code when opened. (CVE-2009-0791, CVE-2009-1188,\n CVE-2009-3604, CVE-2009-3608, CVE-2009-3609)\n\n Red Hat would like to thank Adam Zabrocki for reporting the CVE-2009-3604\n issue, and Chris Rohlf for reporting the CVE-2009-3608 issue.\n\n Users are advised to upgrade to this updated package, which contains a\n backported patch to correct these issues.\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS4\")\n{\n\n if ((res = isrpmvuln(pkg:\"gpdf\", rpm:\"gpdf~2.8.2~7.7.2.el4_8.5\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2017-07-25T10:55:21", "description": "Check for the Version of kdegraphics", "cvss3": {}, "published": "2011-08-09T00:00:00", "type": "openvas", "title": "CentOS Update for kdegraphics CESA-2009:1512 centos4 i386", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-3608", "CVE-2009-1188", "CVE-2009-0791", "CVE-2009-3604", "CVE-2009-3609"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:880906", "href": "http://plugins.openvas.org/nasl.php?oid=880906", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for kdegraphics CESA-2009:1512 centos4 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The kdegraphics packages contain applications for the K Desktop\n Environment, including KPDF, a viewer for Portable Document Format (PDF)\n files.\n\n Multiple integer overflow flaws were found in KPDF. An attacker could\n create a malicious PDF file that would cause KPDF to crash or, potentially,\n execute arbitrary code when opened. (CVE-2009-0791, CVE-2009-1188,\n CVE-2009-3604, CVE-2009-3608, CVE-2009-3609)\n \n Red Hat would like to thank Adam Zabrocki for reporting the CVE-2009-3604\n issue, and Chris Rohlf for reporting the CVE-2009-3608 issue.\n \n Users are advised to upgrade to these updated packages, which contain a\n backported patch to resolve these issues.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"kdegraphics on CentOS 4\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2009-October/016193.html\");\n script_id(880906);\n script_version(\"$Revision: 6653 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 13:46:53 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-08-09 08:20:34 +0200 (Tue, 09 Aug 2011)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"CESA\", value: \"2009:1512\");\n script_cve_id(\"CVE-2009-0791\", \"CVE-2009-1188\", \"CVE-2009-3604\", \"CVE-2009-3608\", \"CVE-2009-3609\");\n script_name(\"CentOS Update for kdegraphics CESA-2009:1512 centos4 i386\");\n\n script_summary(\"Check for the Version of kdegraphics\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS4\")\n{\n\n if ((res = isrpmvuln(pkg:\"kdegraphics\", rpm:\"kdegraphics~3.3.1~15.el4_8.2\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kdegraphics-devel\", rpm:\"kdegraphics-devel~3.3.1~15.el4_8.2\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-06T11:37:49", "description": "The remote host is missing updates to gpdf announced in\nadvisory CESA-2009:1503.", "cvss3": {}, "published": "2009-10-19T00:00:00", "type": "openvas", "title": "CentOS Security Advisory CESA-2009:1503 (gpdf)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-3608", "CVE-2009-1188", "CVE-2009-0791", "CVE-2009-3604", "CVE-2009-3609"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:136141256231066068", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231066068", "sourceData": "#CESA-2009:1503 66068 2\n# $Id: ovcesa2009_1503.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory CESA-2009:1503 (gpdf)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"For details on the issues addressed in this update,\nplease visit the referenced security advisories.\";\ntag_solution = \"Update the appropriate packages on your system.\n\nhttp://www.securityspace.com/smysecure/catid.html?in=CESA-2009:1503\nhttp://www.securityspace.com/smysecure/catid.html?in=RHSA-2009:1503\";\ntag_summary = \"The remote host is missing updates to gpdf announced in\nadvisory CESA-2009:1503.\";\n\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.66068\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-19 21:50:22 +0200 (Mon, 19 Oct 2009)\");\n script_cve_id(\"CVE-2009-0791\", \"CVE-2009-1188\", \"CVE-2009-3604\", \"CVE-2009-3608\", \"CVE-2009-3609\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"CentOS Security Advisory CESA-2009:1503 (gpdf)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"gpdf\", rpm:\"gpdf~2.8.2~7.7.2.el4_8.5\", rls:\"CentOS4\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-06T11:40:46", "description": "The remote host is missing updates announced in\nadvisory RHSA-2009:1503.\n\nGPdf is a viewer for Portable Document Format (PDF) files.\n\nMultiple integer overflow flaws were found in GPdf. An attacker could\ncreate a malicious PDF file that would cause GPdf to crash or, potentially,\nexecute arbitrary code when opened. (CVE-2009-0791, CVE-2009-1188,\nCVE-2009-3604, CVE-2009-3608, CVE-2009-3609)\n\nRed Hat would like to thank Adam Zabrocki for reporting the CVE-2009-3604\nissue, and Chris Rohlf for reporting the CVE-2009-3608 issue.\n\nUsers are advised to upgrade to this updated package, which contains a\nbackported patch to correct these issues.", "cvss3": {}, "published": "2009-10-19T00:00:00", "type": "openvas", "title": "RedHat Security Advisory RHSA-2009:1503", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-3608", "CVE-2009-1188", "CVE-2009-0791", "CVE-2009-3604", "CVE-2009-3609"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:136141256231066015", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231066015", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: RHSA_2009_1503.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory RHSA-2009:1503 ()\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates announced in\nadvisory RHSA-2009:1503.\n\nGPdf is a viewer for Portable Document Format (PDF) files.\n\nMultiple integer overflow flaws were found in GPdf. An attacker could\ncreate a malicious PDF file that would cause GPdf to crash or, potentially,\nexecute arbitrary code when opened. (CVE-2009-0791, CVE-2009-1188,\nCVE-2009-3604, CVE-2009-3608, CVE-2009-3609)\n\nRed Hat would like to thank Adam Zabrocki for reporting the CVE-2009-3604\nissue, and Chris Rohlf for reporting the CVE-2009-3608 issue.\n\nUsers are advised to upgrade to this updated package, which contains a\nbackported patch to correct these issues.\";\n\ntag_solution = \"Please note that this update is available via\nRed Hat Network. To use Red Hat Network, launch the Red\nHat Update Agent with the following command: up2date\";\n\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.66015\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-19 21:50:22 +0200 (Mon, 19 Oct 2009)\");\n script_cve_id(\"CVE-2009-0791\", \"CVE-2009-1188\", \"CVE-2009-3604\", \"CVE-2009-3608\", \"CVE-2009-3609\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"RedHat Security Advisory RHSA-2009:1503\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"http://rhn.redhat.com/errata/RHSA-2009-1503.html\");\n script_xref(name : \"URL\" , value : \"http://www.redhat.com/security/updates/classification/#important\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"gpdf\", rpm:\"gpdf~2.8.2~7.7.2.el4_8.5\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"gpdf-debuginfo\", rpm:\"gpdf-debuginfo~2.8.2~7.7.2.el4_8.5\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-06T11:39:39", "description": "The remote host is missing an update to xpdf\nannounced via advisory FEDORA-2009-10694.", "cvss3": {}, "published": "2009-10-27T00:00:00", "type": "openvas", "title": "Fedora Core 10 FEDORA-2009-10694 (xpdf)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-3608", "CVE-2009-3603", "CVE-2009-1181", "CVE-2009-1188", "CVE-2009-1180", "CVE-2009-3606", "CVE-2009-0799", "CVE-2009-1182", "CVE-2009-3604", "CVE-2009-3605", "CVE-2009-3609", "CVE-2009-1183", "CVE-2009-0800", "CVE-2009-1179"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:136141256231066094", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231066094", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: fcore_2009_10694.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory FEDORA-2009-10694 (xpdf)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Update Information:\n\n- apply xpdf-3.02pl4 security patch to fix: CVE-2009-1188/CVE-2009-3603,\nCVE-2009-3604, CVE-2009-3606, CVE-2009-3608, CVE-2009-3609\n\nChangeLog:\n\n* Fri Oct 16 2009 Tom spot Callaway - 1:3.02-15\n- apply xpdf-3.02pl4 security patch to fix:\nCVE-2009-3603, CVE-2009-3604, CVE-2009-3605, CVE-2009-3606\nCVE-2009-3608, CVE-2009-3609\";\ntag_solution = \"Apply the appropriate updates.\n\nThis update can be installed with the yum update program. Use \nsu -c 'yum update xpdf' at the command line.\nFor more information, refer to Managing Software with yum,\navailable at http://docs.fedoraproject.org/yum/.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2009-10694\";\ntag_summary = \"The remote host is missing an update to xpdf\nannounced via advisory FEDORA-2009-10694.\";\n\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.66094\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-27 01:37:56 +0100 (Tue, 27 Oct 2009)\");\n script_cve_id(\"CVE-2009-1188\", \"CVE-2009-3603\", \"CVE-2009-3604\", \"CVE-2009-3606\", \"CVE-2009-3608\", \"CVE-2009-3609\", \"CVE-2009-3605\", \"CVE-2009-0799\", \"CVE-2009-0800\", \"CVE-2009-1179\", \"CVE-2009-1180\", \"CVE-2009-1181\", \"CVE-2009-1182\", \"CVE-2009-1183\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"Fedora Core 10 FEDORA-2009-10694 (xpdf)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=495907\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=526911\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=526877\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=526637\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=526893\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"xpdf\", rpm:\"xpdf~3.02~15.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xpdf-debuginfo\", rpm:\"xpdf-debuginfo~3.02~15.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-25T10:56:52", "description": "The remote host is missing an update to xpdf\nannounced via advisory FEDORA-2009-10694.", "cvss3": {}, "published": "2009-10-27T00:00:00", "type": "openvas", "title": "Fedora Core 10 FEDORA-2009-10694 (xpdf)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-3608", "CVE-2009-3603", "CVE-2009-1181", "CVE-2009-1188", "CVE-2009-1180", "CVE-2009-3606", "CVE-2009-0799", "CVE-2009-1182", "CVE-2009-3604", "CVE-2009-3605", "CVE-2009-3609", "CVE-2009-1183", "CVE-2009-0800", "CVE-2009-1179"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:66094", "href": "http://plugins.openvas.org/nasl.php?oid=66094", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: fcore_2009_10694.nasl 6624 2017-07-10 06:11:55Z cfischer $\n# Description: Auto-generated from advisory FEDORA-2009-10694 (xpdf)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Update Information:\n\n- apply xpdf-3.02pl4 security patch to fix: CVE-2009-1188/CVE-2009-3603,\nCVE-2009-3604, CVE-2009-3606, CVE-2009-3608, CVE-2009-3609\n\nChangeLog:\n\n* Fri Oct 16 2009 Tom spot Callaway - 1:3.02-15\n- apply xpdf-3.02pl4 security patch to fix:\nCVE-2009-3603, CVE-2009-3604, CVE-2009-3605, CVE-2009-3606\nCVE-2009-3608, CVE-2009-3609\";\ntag_solution = \"Apply the appropriate updates.\n\nThis update can be installed with the yum update program. Use \nsu -c 'yum update xpdf' at the command line.\nFor more information, refer to Managing Software with yum,\navailable at http://docs.fedoraproject.org/yum/.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2009-10694\";\ntag_summary = \"The remote host is missing an update to xpdf\nannounced via advisory FEDORA-2009-10694.\";\n\n\n\nif(description)\n{\n script_id(66094);\n script_version(\"$Revision: 6624 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:11:55 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-27 01:37:56 +0100 (Tue, 27 Oct 2009)\");\n script_cve_id(\"CVE-2009-1188\", \"CVE-2009-3603\", \"CVE-2009-3604\", \"CVE-2009-3606\", \"CVE-2009-3608\", \"CVE-2009-3609\", \"CVE-2009-3605\", \"CVE-2009-0799\", \"CVE-2009-0800\", \"CVE-2009-1179\", \"CVE-2009-1180\", \"CVE-2009-1181\", \"CVE-2009-1182\", \"CVE-2009-1183\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"Fedora Core 10 FEDORA-2009-10694 (xpdf)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=495907\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=526911\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=526877\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=526637\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=526893\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"xpdf\", rpm:\"xpdf~3.02~15.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xpdf-debuginfo\", rpm:\"xpdf-debuginfo~3.02~15.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-24T12:56:52", "description": "The remote host is missing an update to mozilla-thunderbird\nannounced via advisory MDVSA-2009:217-3.", "cvss3": {}, "published": "2009-12-10T00:00:00", "type": "openvas", "title": "Mandriva Security Advisory MDVSA-2009:217-3 (mozilla-thunderbird)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-2625", "CVE-2009-2408", "CVE-2009-3720"], "modified": "2017-07-06T00:00:00", "id": "OPENVAS:66361", "href": "http://plugins.openvas.org/nasl.php?oid=66361", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: mdksa_2009_217_3.nasl 6573 2017-07-06 13:10:50Z cfischer $\n# Description: Auto-generated from advisory MDVSA-2009:217-3 (mozilla-thunderbird)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"A number of security vulnerabilities have been discovered in Mozilla\nThunderbird:\n\nSecurity issues in thunderbird could lead to a man-in-the-middle\nattack via a spoofed X.509 certificate (CVE-2009-2408).\n\nA vulnerability was found in xmltok_impl.c (expat) that with\nspecially crafted XML could be exploited and lead to a denial of\nservice attack. Related to CVE-2009-2625 (CVE-2009-3720).\n\nThis update provides the latest version of Thunderbird which are not\nvulnerable to these issues.\n\nUpdate:\n\nPackages for 2008.0 are being provided due to extended support for\nCorporate products.\n\nAffected: 2008.0\";\ntag_solution = \"To upgrade automatically use MandrakeUpdate or urpmi. The verification\nof md5 checksums and GPG signatures is performed automatically for you.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=MDVSA-2009:217-3\nhttp://www.mozilla.org/security/announce/2009/mfsa2009-42.html\";\ntag_summary = \"The remote host is missing an update to mozilla-thunderbird\nannounced via advisory MDVSA-2009:217-3.\";\n\n \n\nif(description)\n{\n script_id(66361);\n script_version(\"$Revision: 6573 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-06 15:10:50 +0200 (Thu, 06 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-12-10 00:23:54 +0100 (Thu, 10 Dec 2009)\");\n script_cve_id(\"CVE-2009-2408\", \"CVE-2009-2625\", \"CVE-2009-3720\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_name(\"Mandriva Security Advisory MDVSA-2009:217-3 (mozilla-thunderbird)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"mozilla-thunderbird\", rpm:\"mozilla-thunderbird~2.0.0.23~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-thunderbird-af\", rpm:\"mozilla-thunderbird-af~2.0.0.23~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-thunderbird-be\", rpm:\"mozilla-thunderbird-be~2.0.0.23~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-thunderbird-bg\", rpm:\"mozilla-thunderbird-bg~2.0.0.23~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-thunderbird-ca\", rpm:\"mozilla-thunderbird-ca~2.0.0.23~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-thunderbird-cs\", rpm:\"mozilla-thunderbird-cs~2.0.0.23~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-thunderbird-da\", rpm:\"mozilla-thunderbird-da~2.0.0.23~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-thunderbird-de\", rpm:\"mozilla-thunderbird-de~2.0.0.23~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-thunderbird-devel\", rpm:\"mozilla-thunderbird-devel~2.0.0.23~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-thunderbird-el\", rpm:\"mozilla-thunderbird-el~2.0.0.23~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-thunderbird-en_GB\", rpm:\"mozilla-thunderbird-en_GB~2.0.0.23~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-thunderbird-enigmail\", rpm:\"mozilla-thunderbird-enigmail~2.0.0.23~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-thunderbird-enigmail-ar\", rpm:\"mozilla-thunderbird-enigmail-ar~2.0.0.23~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-thunderbird-enigmail-ca\", rpm:\"mozilla-thunderbird-enigmail-ca~2.0.0.23~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-thunderbird-enigmail-cs\", rpm:\"mozilla-thunderbird-enigmail-cs~2.0.0.23~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-thunderbird-enigmail-de\", rpm:\"mozilla-thunderbird-enigmail-de~2.0.0.23~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-thunderbird-enigmail-el\", rpm:\"mozilla-thunderbird-enigmail-el~2.0.0.23~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-thunderbird-enigmail-es\", rpm:\"mozilla-thunderbird-enigmail-es~2.0.0.23~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-thunderbird-enigmail-es_AR\", rpm:\"mozilla-thunderbird-enigmail-es_AR~2.0.0.23~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-thunderbird-enigmail-fi\", rpm:\"mozilla-thunderbird-enigmail-fi~2.0.0.23~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-thunderbird-enigmail-fr\", rpm:\"mozilla-thunderbird-enigmail-fr~2.0.0.23~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-thunderbird-enigmail-hu\", rpm:\"mozilla-thunderbird-enigmail-hu~2.0.0.23~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-thunderbird-enigmail-it\", rpm:\"mozilla-thunderbird-enigmail-it~2.0.0.23~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-thunderbird-enigmail-ja\", rpm:\"mozilla-thunderbird-enigmail-ja~2.0.0.23~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-thunderbird-enigmail-ko\", rpm:\"mozilla-thunderbird-enigmail-ko~2.0.0.23~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-thunderbird-enigmail-nb\", rpm:\"mozilla-thunderbird-enigmail-nb~2.0.0.23~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-thunderbird-enigmail-nl\", rpm:\"mozilla-thunderbird-enigmail-nl~2.0.0.23~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-thunderbird-enigmail-pl\", rpm:\"mozilla-thunderbird-enigmail-pl~2.0.0.23~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-thunderbird-enigmail-pt\", rpm:\"mozilla-thunderbird-enigmail-pt~2.0.0.23~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-thunderbird-enigmail-pt_BR\", rpm:\"mozilla-thunderbird-enigmail-pt_BR~2.0.0.23~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-thunderbird-enigmail-ro\", rpm:\"mozilla-thunderbird-enigmail-ro~2.0.0.23~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-thunderbird-enigmail-ru\", rpm:\"mozilla-thunderbird-enigmail-ru~2.0.0.23~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-thunderbird-enigmail-sk\", rpm:\"mozilla-thunderbird-enigmail-sk~2.0.0.23~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-thunderbird-enigmail-sl\", rpm:\"mozilla-thunderbird-enigmail-sl~2.0.0.23~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-thunderbird-enigmail-sv\", rpm:\"mozilla-thunderbird-enigmail-sv~2.0.0.23~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-thunderbird-enigmail-tr\", rpm:\"mozilla-thunderbird-enigmail-tr~2.0.0.23~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-thunderbird-enigmail-zh_CN\", rpm:\"mozilla-thunderbird-enigmail-zh_CN~2.0.0.23~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-thunderbird-enigmail-zh_TW\", rpm:\"mozilla-thunderbird-enigmail-zh_TW~2.0.0.23~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-thunderbird-es_AR\", rpm:\"mozilla-thunderbird-es_AR~2.0.0.23~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-thunderbird-es_ES\", rpm:\"mozilla-thunderbird-es_ES~2.0.0.23~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-thunderbird-et_EE\", rpm:\"mozilla-thunderbird-et_EE~2.0.0.23~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-thunderbird-eu\", rpm:\"mozilla-thunderbird-eu~2.0.0.23~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-thunderbird-fi\", rpm:\"mozilla-thunderbird-fi~2.0.0.23~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-thunderbird-fr\", rpm:\"mozilla-thunderbird-fr~2.0.0.23~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-thunderbird-gu_IN\", rpm:\"mozilla-thunderbird-gu_IN~2.0.0.23~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-thunderbird-he\", rpm:\"mozilla-thunderbird-he~2.0.0.23~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-thunderbird-hu\", rpm:\"mozilla-thunderbird-hu~2.0.0.23~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-thunderbird-it\", rpm:\"mozilla-thunderbird-it~2.0.0.23~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-thunderbird-ja\", rpm:\"mozilla-thunderbird-ja~2.0.0.23~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-thunderbird-ko\", rpm:\"mozilla-thunderbird-ko~2.0.0.23~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-thunderbird-lt\", rpm:\"mozilla-thunderbird-lt~2.0.0.23~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-thunderbird-mk\", rpm:\"mozilla-thunderbird-mk~2.0.0.23~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-thunderbird-moztraybiff\", rpm:\"mozilla-thunderbird-moztraybiff~1.2.3~4.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-thunderbird-nb_NO\", rpm:\"mozilla-thunderbird-nb_NO~2.0.0.23~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-thunderbird-nl\", rpm:\"mozilla-thunderbird-nl~2.0.0.23~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-thunderbird-nn_NO\", rpm:\"mozilla-thunderbird-nn_NO~2.0.0.23~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-thunderbird-pa_IN\", rpm:\"mozilla-thunderbird-pa_IN~2.0.0.23~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-thunderbird-pl\", rpm:\"mozilla-thunderbird-pl~2.0.0.23~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-thunderbird-pt_BR\", rpm:\"mozilla-thunderbird-pt_BR~2.0.0.23~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-thunderbird-pt_PT\", rpm:\"mozilla-thunderbird-pt_PT~2.0.0.23~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-thunderbird-ru\", rpm:\"mozilla-thunderbird-ru~2.0.0.23~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-thunderbird-sk\", rpm:\"mozilla-thunderbird-sk~2.0.0.23~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-thunderbird-sl\", rpm:\"mozilla-thunderbird-sl~2.0.0.23~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-thunderbird-sv_SE\", rpm:\"mozilla-thunderbird-sv_SE~2.0.0.23~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-thunderbird-tr\", rpm:\"mozilla-thunderbird-tr~2.0.0.23~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-thunderbird-uk\", rpm:\"mozilla-thunderbird-uk~2.0.0.23~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-thunderbird-zh_CN\", rpm:\"mozilla-thunderbird-zh_CN~2.0.0.23~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-thunderbird-zh_TW\", rpm:\"mozilla-thunderbird-zh_TW~2.0.0.23~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"nsinstall\", rpm:\"nsinstall~2.0.0.23~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-04-06T11:39:35", "description": "The remote host is missing an update to mozilla-thunderbird\nannounced via advisory MDVSA-2009:217-3.", "cvss3": {}, "published": "2009-12-10T00:00:00", "type": "openvas", "title": "Mandriva Security Advisory MDVSA-2009:217-3 (mozilla-thunderbird)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-2625", "CVE-2009-2408", "CVE-2009-3720"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:136141256231066361", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231066361", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: mdksa_2009_217_3.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory MDVSA-2009:217-3 (mozilla-thunderbird)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"A number of security vulnerabilities have been discovered in Mozilla\nThunderbird:\n\nSecurity issues in thunderbird could lead to a man-in-the-middle\nattack via a spoofed X.509 certificate (CVE-2009-2408).\n\nA vulnerability was found in xmltok_impl.c (expat) that with\nspecially crafted XML could be exploited and lead to a denial of\nservice attack. Related to CVE-2009-2625 (CVE-2009-3720).\n\nThis update provides the latest version of Thunderbird which are not\nvulnerable to these issues.\n\nUpdate:\n\nPackages for 2008.0 are being provided due to extended support for\nCorporate products.\n\nAffected: 2008.0\";\ntag_solution = \"To upgrade automatically use MandrakeUpdate or urpmi. The verification\nof md5 checksums and GPG signatures is performed automatically for you.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=MDVSA-2009:217-3\nhttp://www.mozilla.org/security/announce/2009/mfsa2009-42.html\";\ntag_summary = \"The remote host is missing an update to mozilla-thunderbird\nannounced via advisory MDVSA-2009:217-3.\";\n\n \n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.66361\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-12-10 00:23:54 +0100 (Thu, 10 Dec 2009)\");\n script_cve_id(\"CVE-2009-2408\", \"CVE-2009-2625\", \"CVE-2009-3720\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_name(\"Mandriva Security Advisory MDVSA-2009:217-3 (mozilla-thunderbird)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"mozilla-thunderbird\", rpm:\"mozilla-thunderbird~2.0.0.23~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-thunderbird-af\", rpm:\"mozilla-thunderbird-af~2.0.0.23~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-thunderbird-be\", rpm:\"mozilla-thunderbird-be~2.0.0.23~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-thunderbird-bg\", rpm:\"mozilla-thunderbird-bg~2.0.0.23~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-thunderbird-ca\", rpm:\"mozilla-thunderbird-ca~2.0.0.23~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-thunderbird-cs\", rpm:\"mozilla-thunderbird-cs~2.0.0.23~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-thunderbird-da\", rpm:\"mozilla-thunderbird-da~2.0.0.23~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-thunderbird-de\", rpm:\"mozilla-thunderbird-de~2.0.0.23~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-thunderbird-devel\", rpm:\"mozilla-thunderbird-devel~2.0.0.23~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-thunderbird-el\", rpm:\"mozilla-thunderbird-el~2.0.0.23~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-thunderbird-en_GB\", rpm:\"mozilla-thunderbird-en_GB~2.0.0.23~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-thunderbird-enigmail\", rpm:\"mozilla-thunderbird-enigmail~2.0.0.23~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-thunderbird-enigmail-ar\", rpm:\"mozilla-thunderbird-enigmail-ar~2.0.0.23~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-thunderbird-enigmail-ca\", rpm:\"mozilla-thunderbird-enigmail-ca~2.0.0.23~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-thunderbird-enigmail-cs\", rpm:\"mozilla-thunderbird-enigmail-cs~2.0.0.23~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-thunderbird-enigmail-de\", rpm:\"mozilla-thunderbird-enigmail-de~2.0.0.23~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-thunderbird-enigmail-el\", rpm:\"mozilla-thunderbird-enigmail-el~2.0.0.23~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-thunderbird-enigmail-es\", rpm:\"mozilla-thunderbird-enigmail-es~2.0.0.23~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-thunderbird-enigmail-es_AR\", rpm:\"mozilla-thunderbird-enigmail-es_AR~2.0.0.23~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-thunderbird-enigmail-fi\", rpm:\"mozilla-thunderbird-enigmail-fi~2.0.0.23~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-thunderbird-enigmail-fr\", rpm:\"mozilla-thunderbird-enigmail-fr~2.0.0.23~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-thunderbird-enigmail-hu\", rpm:\"mozilla-thunderbird-enigmail-hu~2.0.0.23~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-thunderbird-enigmail-it\", rpm:\"mozilla-thunderbird-enigmail-it~2.0.0.23~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-thunderbird-enigmail-ja\", rpm:\"mozilla-thunderbird-enigmail-ja~2.0.0.23~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-thunderbird-enigmail-ko\", rpm:\"mozilla-thunderbird-enigmail-ko~2.0.0.23~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-thunderbird-enigmail-nb\", rpm:\"mozilla-thunderbird-enigmail-nb~2.0.0.23~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-thunderbird-enigmail-nl\", rpm:\"mozilla-thunderbird-enigmail-nl~2.0.0.23~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-thunderbird-enigmail-pl\", rpm:\"mozilla-thunderbird-enigmail-pl~2.0.0.23~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-thunderbird-enigmail-pt\", rpm:\"mozilla-thunderbird-enigmail-pt~2.0.0.23~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-thunderbird-enigmail-pt_BR\", rpm:\"mozilla-thunderbird-enigmail-pt_BR~2.0.0.23~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-thunderbird-enigmail-ro\", rpm:\"mozilla-thunderbird-enigmail-ro~2.0.0.23~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-thunderbird-enigmail-ru\", rpm:\"mozilla-thunderbird-enigmail-ru~2.0.0.23~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-thunderbird-enigmail-sk\", rpm:\"mozilla-thunderbird-enigmail-sk~2.0.0.23~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-thunderbird-enigmail-sl\", rpm:\"mozilla-thunderbird-enigmail-sl~2.0.0.23~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-thunderbird-enigmail-sv\", rpm:\"mozilla-thunderbird-enigmail-sv~2.0.0.23~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-thunderbird-enigmail-tr\", rpm:\"mozilla-thunderbird-enigmail-tr~2.0.0.23~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-thunderbird-enigmail-zh_CN\", rpm:\"mozilla-thunderbird-enigmail-zh_CN~2.0.0.23~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-thunderbird-enigmail-zh_TW\", rpm:\"mozilla-thunderbird-enigmail-zh_TW~2.0.0.23~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-thunderbird-es_AR\", rpm:\"mozilla-thunderbird-es_AR~2.0.0.23~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-thunderbird-es_ES\", rpm:\"mozilla-thunderbird-es_ES~2.0.0.23~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-thunderbird-et_EE\", rpm:\"mozilla-thunderbird-et_EE~2.0.0.23~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-thunderbird-eu\", rpm:\"mozilla-thunderbird-eu~2.0.0.23~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-thunderbird-fi\", rpm:\"mozilla-thunderbird-fi~2.0.0.23~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-thunderbird-fr\", rpm:\"mozilla-thunderbird-fr~2.0.0.23~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-thunderbird-gu_IN\", rpm:\"mozilla-thunderbird-gu_IN~2.0.0.23~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-thunderbird-he\", rpm:\"mozilla-thunderbird-he~2.0.0.23~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-thunderbird-hu\", rpm:\"mozilla-thunderbird-hu~2.0.0.23~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-thunderbird-it\", rpm:\"mozilla-thunderbird-it~2.0.0.23~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-thunderbird-ja\", rpm:\"mozilla-thunderbird-ja~2.0.0.23~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-thunderbird-ko\", rpm:\"mozilla-thunderbird-ko~2.0.0.23~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-thunderbird-lt\", rpm:\"mozilla-thunderbird-lt~2.0.0.23~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-thunderbird-mk\", rpm:\"mozilla-thunderbird-mk~2.0.0.23~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-thunderbird-moztraybiff\", rpm:\"mozilla-thunderbird-moztraybiff~1.2.3~4.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-thunderbird-nb_NO\", rpm:\"mozilla-thunderbird-nb_NO~2.0.0.23~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-thunderbird-nl\", rpm:\"mozilla-thunderbird-nl~2.0.0.23~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-thunderbird-nn_NO\", rpm:\"mozilla-thunderbird-nn_NO~2.0.0.23~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-thunderbird-pa_IN\", rpm:\"mozilla-thunderbird-pa_IN~2.0.0.23~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-thunderbird-pl\", rpm:\"mozilla-thunderbird-pl~2.0.0.23~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-thunderbird-pt_BR\", rpm:\"mozilla-thunderbird-pt_BR~2.0.0.23~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-thunderbird-pt_PT\", rpm:\"mozilla-thunderbird-pt_PT~2.0.0.23~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-thunderbird-ru\", rpm:\"mozilla-thunderbird-ru~2.0.0.23~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-thunderbird-sk\", rpm:\"mozilla-thunderbird-sk~2.0.0.23~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-thunderbird-sl\", rpm:\"mozilla-thunderbird-sl~2.0.0.23~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-thunderbird-sv_SE\", rpm:\"mozilla-thunderbird-sv_SE~2.0.0.23~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-thunderbird-tr\", rpm:\"mozilla-thunderbird-tr~2.0.0.23~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-thunderbird-uk\", rpm:\"mozilla-thunderbird-uk~2.0.0.23~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-thunderbird-zh_CN\", rpm:\"mozilla-thunderbird-zh_CN~2.0.0.23~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-thunderbird-zh_TW\", rpm:\"mozilla-thunderbird-zh_TW~2.0.0.23~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"nsinstall\", rpm:\"nsinstall~2.0.0.23~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-24T12:55:36", "description": "Check for the Version of poppler", "cvss3": {}, "published": "2011-11-18T00:00:00", "type": "openvas", "title": "Mandriva Update for poppler MDVSA-2011:175 (poppler)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-3608", "CVE-2009-3603", "CVE-2009-1181", "CVE-2009-3607", "CVE-2009-1188", "CVE-2009-0791", "CVE-2009-1180", "CVE-2009-3606", "CVE-2009-0799", "CVE-2009-1182", "CVE-2009-3604", "CVE-2009-3605", "CVE-2009-3609", "CVE-2009-3938", "CVE-2009-1187", "CVE-2009-1183", "CVE-2009-0800", "CVE-2009-1179"], "modified": "2017-07-06T00:00:00", "id": "OPENVAS:831494", "href": "http://plugins.openvas.org/nasl.php?oid=831494", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for poppler MDVSA-2011:175 (poppler)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Multiple security vulnerabilities has been discovered and corrected\n in poppler:\n\n An out-of-bounds reading flaw in the JBIG2 decoder allows remote\n attackers to cause a denial of service (crash) via a crafted PDF file\n (CVE-2009-0799).\n\n Multiple input validation flaws in the JBIG2 decoder allows\n remote attackers to execute arbitrary code via a crafted PDF file\n (CVE-2009-0800).\n\n An integer overflow in the JBIG2 decoder allows remote attackers to\n execute arbitrary code via a crafted PDF file (CVE-2009-1179).\n\n A free of invalid data flaw in the JBIG2 decoder allows remote\n attackers to execute arbitrary code via a crafted PDF (CVE-2009-1180).\n\n A NULL pointer dereference flaw in the JBIG2 decoder allows remote\n attackers to cause denial of service (crash) via a crafted PDF file\n (CVE-2009-1181).\n\n Multiple buffer overflows in the JBIG2 MMR decoder allows remote\n attackers to cause denial of service or to execute arbitrary code\n via a crafted PDF file (CVE-2009-1182, CVE-2009-1183).\n\n An integer overflow in the JBIG2 decoding feature allows remote\n attackers to cause a denial of service (crash) and possibly execute\n arbitrary code via vectors related to CairoOutputDev (CVE-2009-1187).\n\n An integer overflow in the JBIG2 decoding feature allows remote\n attackers to execute arbitrary code or cause a denial of service\n (application crash) via a crafted PDF document (CVE-2009-1188).\n\n Integer overflow in the SplashBitmap::SplashBitmap function in Xpdf 3.x\n before 3.02pl4 and Poppler before 0.12.1 might allow remote attackers\n to execute arbitrary code via a crafted PDF document that triggers a\n heap-based buffer overflow. NOTE: some of these details are obtained\n from third party information. NOTE: this issue reportedly exists\n because of an incomplete fix for CVE-2009-1188 (CVE-2009-3603).\n\n The Splash::drawImage function in Splash.cc in Xpdf 2.x and 3.x\n before 3.02pl4, and Poppler 0.x, as used in GPdf and kdegraphics KPDF,\n does not properly allocate memory, which allows remote attackers to\n cause a denial of service (application crash) or possibly execute\n arbitrary code via a crafted PDF document that triggers a NULL pointer\n dereference or a heap-based buffer overflow (CVE-2009-3604).\n\n Multiple integer overflows allow remote attackers to cause a denial\n of service (application crash) or possibly execute arbitrary code\n via a crafted PDF file, related to (1) glib/poppler-page.cc; (2)\n ArthurOutputDev.cc, (3) CairoOutputDev.cc, (4) GfxState.cc, (5)\n JBIG2Stream.cc, (6) PSO ...\n\n Description truncated, for more information please check the Reference URL\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"poppler on Mandriva Enterprise Server 5,\n Mandriva Enterprise Server 5/X86_64\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.mandriva.com/security-announce/2011-11/msg00029.php\");\n script_id(831494);\n script_version(\"$Revision: 6565 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-06 14:56:06 +0200 (Thu, 06 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-11-18 09:47:30 +0530 (Fri, 18 Nov 2011)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"MDVSA\", value: \"2011:175\");\n script_cve_id(\"CVE-2009-0799\", \"CVE-2009-0800\", \"CVE-2009-1179\", \"CVE-2009-1180\",\n \"CVE-2009-1181\", \"CVE-2009-1182\", \"CVE-2009-1183\", \"CVE-2009-1187\",\n \"CVE-2009-1188\", \"CVE-2009-3603\", \"CVE-2009-3604\", \"CVE-2009-0791\",\n \"CVE-2009-3605\", \"CVE-2009-3606\", \"CVE-2009-3607\", \"CVE-2009-3608\",\n \"CVE-2009-3609\", \"CVE-2009-3938\");\n script_name(\"Mandriva Update for poppler MDVSA-2011:175 (poppler)\");\n\n script_summary(\"Check for the Version of poppler\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"MNDK_mes5\")\n{\n\n if ((res = isrpmvuln(pkg:\"libpoppler3\", rpm:\"libpoppler3~0.8.7~2.5mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libpoppler-devel\", rpm:\"libpoppler-devel~0.8.7~2.5mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libpoppler-glib3\", rpm:\"libpoppler-glib3~0.8.7~2.5mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libpoppler-glib-devel\", rpm:\"libpoppler-glib-devel~0.8.7~2.5mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libpoppler-qt2\", rpm:\"libpoppler-qt2~0.8.7~2.5mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libpoppler-qt4-3\", rpm:\"libpoppler-qt4-3~0.8.7~2.5mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libpoppler-qt4-devel\", rpm:\"libpoppler-qt4-devel~0.8.7~2.5mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libpoppler-qt-devel\", rpm:\"libpoppler-qt-devel~0.8.7~2.5mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"poppler\", rpm:\"poppler~0.8.7~2.5mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64poppler3\", rpm:\"lib64poppler3~0.8.7~2.5mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64poppler-devel\", rpm:\"lib64poppler-devel~0.8.7~2.5mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64poppler-glib3\", rpm:\"lib64poppler-glib3~0.8.7~2.5mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64poppler-glib-devel\", rpm:\"lib64poppler-glib-devel~0.8.7~2.5mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64poppler-qt2\", rpm:\"lib64poppler-qt2~0.8.7~2.5mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64poppler-qt4-3\", rpm:\"lib64poppler-qt4-3~0.8.7~2.5mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64poppler-qt4-devel\", rpm:\"lib64poppler-qt4-devel~0.8.7~2.5mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64poppler-qt-devel\", rpm:\"lib64poppler-qt-devel~0.8.7~2.5mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-12-21T11:32:59", "description": "Check for the Version of poppler", "cvss3": {}, "published": "2010-03-12T00:00:00", "type": "openvas", "title": "Mandriva Update for poppler MDVSA-2010:055 (poppler)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-3608", "CVE-2009-3603", "CVE-2009-1181", "CVE-2009-3607", "CVE-2009-1188", "CVE-2009-0791", "CVE-2009-1180", "CVE-2009-3606", "CVE-2009-0799", "CVE-2009-1182", "CVE-2009-3604", "CVE-2009-3605", "CVE-2009-3609", "CVE-2009-3938", "CVE-2009-1187", "CVE-2009-1183", "CVE-2009-0800", "CVE-2009-1179"], "modified": "2017-12-20T00:00:00", "id": "OPENVAS:830932", "href": "http://plugins.openvas.org/nasl.php?oid=830932", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for poppler MDVSA-2010:055 (poppler)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"An out-of-bounds reading flaw in the JBIG2 decoder allows remote\n attackers to cause a denial of service (crash) via a crafted PDF file\n (CVE-2009-0799).\n\n Multiple input validation flaws in the JBIG2 decoder allows\n remote attackers to execute arbitrary code via a crafted PDF file\n (CVE-2009-0800).\n \n An integer overflow in the JBIG2 decoder allows remote attackers to\n execute arbitrary code via a crafted PDF file (CVE-2009-1179).\n \n A free of invalid data flaw in the JBIG2 decoder allows remote\n attackers to execute arbitrary code via a crafted PDF (CVE-2009-1180).\n \n A NULL pointer dereference flaw in the JBIG2 decoder allows remote\n attackers to cause denial of service (crash) via a crafted PDF file\n (CVE-2009-1181).\n \n Multiple buffer overflows in the JBIG2 MMR decoder allows remote\n attackers to cause denial of service or to execute arbitrary code\n via a crafted PDF file (CVE-2009-1182, CVE-2009-1183).\n \n An integer overflow in the JBIG2 decoding feature allows remote\n attackers to cause a denial of service (crash) and possibly execute\n arbitrary code via vectors related to CairoOutputDev (CVE-2009-1187).\n \n An integer overflow in the JBIG2 decoding feature allows remote\n attackers to execute arbitrary code or cause a denial of service\n (application crash) via a crafted PDF document (CVE-2009-1188).\n \n Integer overflow in the SplashBitmap::SplashBitmap function in Xpdf 3.x\n before 3.02pl4 and Poppler before 0.12.1 might allow remote attackers\n to execute arbitrary code via a crafted PDF document that triggers a\n heap-based buffer overflow. NOTE: some of these details are obtained\n from third party information. NOTE: this issue reportedly exists\n because of an incomplete fix for CVE-2009-1188 (CVE-2009-3603).\n \n The Splash::drawImage function in Splash.cc in Xpdf 2.x and 3.x\n before 3.02pl4, and Poppler 0.x, as used in GPdf and kdegraphics KPDF,\n does not properly allocate memory, which allows remote attackers to\n cause a denial of service (application crash) or possibly execute\n arbitrary code via a crafted PDF document that triggers a NULL pointer\n dereference or a heap-based buffer overflow (CVE-2009-3604).\n \n Multiple integer overflows allow remote attackers to cause a denial\n of service (application crash) or possibly execute arbitrary code\n via a crafted PDF file, related to (1) glib/poppler-page.cc; (2)\n ArthurOutputDev.cc, (3) CairoOutputDev.cc, (4) GfxState.cc, (5)\n JBIG2Stream.cc, (6) PSOutputDev.cc, and (7) SplashOutputDev.cc\n in poppler/; and (8) SplashBitmap.cc, (9) Splash.cc, and (1 ... \n\n Description truncated, for more information please check the Reference URL\";\n\ntag_affected = \"poppler on Mandriva Linux 2008.0,\n Mandriva Linux 2008.0/X86_64\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.mandriva.com/security-announce/2010-03/msg00015.php\");\n script_id(830932);\n script_version(\"$Revision: 8186 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-20 07:30:34 +0100 (Wed, 20 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-03-12 17:02:32 +0100 (Fri, 12 Mar 2010)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"MDVSA\", value: \"2010:055\");\n script_cve_id(\"CVE-2009-0799\", \"CVE-2009-0800\", \"CVE-2009-1179\", \"CVE-2009-1180\", \"CVE-2009-1181\", \"CVE-2009-1182\", \"CVE-2009-1183\", \"CVE-2009-1187\", \"CVE-2009-1188\", \"CVE-2009-3603\", \"CVE-2009-3604\", \"CVE-2009-0791\", \"CVE-2009-3605\", \"CVE-2009-3606\", \"CVE-2009-3607\", \"CVE-2009-3608\", \"CVE-2009-3609\", \"CVE-2009-3938\");\n script_name(\"Mandriva Update for poppler MDVSA-2010:055 (poppler)\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of poppler\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"MNDK_2008.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"libpoppler3\", rpm:\"libpoppler3~0.8.7~2.4mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libpoppler-devel\", rpm:\"libpoppler-devel~0.8.7~2.4mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libpoppler-glib3\", rpm:\"libpoppler-glib3~0.8.7~2.4mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libpoppler-glib-devel\", rpm:\"libpoppler-glib-devel~0.8.7~2.4mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libpoppler-qt2\", rpm:\"libpoppler-qt2~0.8.7~2.4mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libpoppler-qt4-3\", rpm:\"libpoppler-qt4-3~0.8.7~2.4mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libpoppler-qt4-devel\", rpm:\"libpoppler-qt4-devel~0.8.7~2.4mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libpoppler-qt-devel\", rpm:\"libpoppler-qt-devel~0.8.7~2.4mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"poppler\", rpm:\"poppler~0.8.7~2.4mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64poppler3\", rpm:\"lib64poppler3~0.8.7~2.4mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64poppler-devel\", rpm:\"lib64poppler-devel~0.8.7~2.4mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64poppler-glib3\", rpm:\"lib64poppler-glib3~0.8.7~2.4mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64poppler-glib-devel\", rpm:\"lib64poppler-glib-devel~0.8.7~2.4mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64poppler-qt2\", rpm:\"lib64poppler-qt2~0.8.7~2.4mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64poppler-qt4-3\", rpm:\"lib64poppler-qt4-3~0.8.7~2.4mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64poppler-qt4-devel\", rpm:\"lib64poppler-qt4-devel~0.8.7~2.4mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64poppler-qt-devel\", rpm:\"lib64poppler-qt-devel~0.8.7~2.4mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:39:53", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2011-11-18T00:00:00", "type": "openvas", "title": "Mandriva Update for poppler MDVSA-2011:175 (poppler)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-3608", "CVE-2009-3603", "CVE-2009-1181", "CVE-2009-3607", "CVE-2009-1188", "CVE-2009-0791", "CVE-2009-1180", "CVE-2009-3606", "CVE-2009-0799", "CVE-2009-1182", "CVE-2009-3604", "CVE-2009-3605", "CVE-2009-3609", "CVE-2009-3938", "CVE-2009-1187", "CVE-2009-1183", "CVE-2009-0800", "CVE-2009-1179"], "modified": "2019-03-12T00:00:00", "id": "OPENVAS:1361412562310831494", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310831494", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for poppler MDVSA-2011:175 (poppler)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.mandriva.com/security-announce/2011-11/msg00029.php\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.831494\");\n script_version(\"$Revision: 14114 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-12 12:48:52 +0100 (Tue, 12 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-11-18 09:47:30 +0530 (Fri, 18 Nov 2011)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name:\"MDVSA\", value:\"2011:175\");\n script_cve_id(\"CVE-2009-0799\", \"CVE-2009-0800\", \"CVE-2009-1179\", \"CVE-2009-1180\",\n \"CVE-2009-1181\", \"CVE-2009-1182\", \"CVE-2009-1183\", \"CVE-2009-1187\",\n \"CVE-2009-1188\", \"CVE-2009-3603\", \"CVE-2009-3604\", \"CVE-2009-0791\",\n \"CVE-2009-3605\", \"CVE-2009-3606\", \"CVE-2009-3607\", \"CVE-2009-3608\",\n \"CVE-2009-3609\", \"CVE-2009-3938\");\n script_name(\"Mandriva Update for poppler MDVSA-2011:175 (poppler)\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'poppler'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\", re:\"ssh/login/release=MNDK_mes5\");\n script_tag(name:\"affected\", value:\"poppler on Mandriva Enterprise Server 5,\n Mandriva Enterprise Server 5/X86_64\");\n script_tag(name:\"insight\", value:\"Multiple security vulnerabilities has been discovered and corrected\n in poppler:\n\n An out-of-bounds reading flaw in the JBIG2 decoder allows remote\n attackers to cause a denial of service (crash) via a crafted PDF file\n (CVE-2009-0799).\n\n Multiple input validation flaws in the JBIG2 decoder allows\n remote attackers to execute arbitrary code via a crafted PDF file\n (CVE-2009-0800).\n\n An integer overflow in the JBIG2 decoder allows remote attackers to\n execute arbitrary code via a crafted PDF file (CVE-2009-1179).\n\n A free of invalid data flaw in the JBIG2 decoder allows remote\n attackers to execute arbitrary code via a crafted PDF (CVE-2009-1180).\n\n A NULL pointer dereference flaw in the JBIG2 decoder allows remote\n attackers to cause denial of service (crash) via a crafted PDF file\n (CVE-2009-1181).\n\n Multiple buffer overflows in the JBIG2 MMR decoder allows remote\n attackers to cause denial of service or to execute arbitrary code\n via a crafted PDF file (CVE-2009-1182, CVE-2009-1183).\n\n An integer overflow in the JBIG2 decoding feature allows remote\n attackers to cause a denial of service (crash) and possibly execute\n arbitrary code via vectors related to CairoOutputDev (CVE-2009-1187).\n\n An integer overflow in the JBIG2 decoding feature allows remote\n attackers to execute arbitrary code or cause a denial of service\n (application crash) via a crafted PDF document (CVE-2009-1188).\n\n Integer overflow in the SplashBitmap::SplashBitmap function in Xpdf 3.x\n before 3.02pl4 and Poppler before 0.12.1 might allow remote attackers\n to execute arbitrary code via a crafted PDF document that triggers a\n heap-based buffer overflow. NOTE: some of these details are obtained\n from third party information. NOTE: this issue reportedly exists\n because of an incomplete fix for CVE-2009-1188 (CVE-2009-3603).\n\n The Splash::drawImage function in Splash.cc in Xpdf 2.x and 3.x\n before 3.02pl4, and Poppler 0.x, as used in GPdf and kdegraphics KPDF,\n does not properly allocate memory, which allows remote attackers to\n cause a denial of service (application crash) or possibly execute\n arbitrary code via a crafted PDF document that triggers a NULL pointer\n dereference or a heap-based buffer overflow (CVE-2009-3604).\n\n Multiple integer overflows allow remote attackers to cause a denial\n of service (application crash) or possibly execute arbitrary code\n via a crafted PDF file, related to (1) glib/poppler-page.cc, (2)\n ArthurOutputDev.cc, (3) CairoOutputDev.cc, (4) GfxState.cc, (5)\n JBIG2Stream.cc, (6) PSO ...\n\n Description truncated, please see the referenced URL(s) for more information.\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"MNDK_mes5\")\n{\n\n if ((res = isrpmvuln(pkg:\"libpoppler3\", rpm:\"libpoppler3~0.8.7~2.5mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libpoppler-devel\", rpm:\"libpoppler-devel~0.8.7~2.5mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libpoppler-glib3\", rpm:\"libpoppler-glib3~0.8.7~2.5mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libpoppler-glib-devel\", rpm:\"libpoppler-glib-devel~0.8.7~2.5mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libpoppler-qt2\", rpm:\"libpoppler-qt2~0.8.7~2.5mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libpoppler-qt4-3\", rpm:\"libpoppler-qt4-3~0.8.7~2.5mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libpoppler-qt4-devel\", rpm:\"libpoppler-qt4-devel~0.8.7~2.5mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libpoppler-qt-devel\", rpm:\"libpoppler-qt-devel~0.8.7~2.5mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"poppler\", rpm:\"poppler~0.8.7~2.5mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64poppler3\", rpm:\"lib64poppler3~0.8.7~2.5mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64poppler-devel\", rpm:\"lib64poppler-devel~0.8.7~2.5mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64poppler-glib3\", rpm:\"lib64poppler-glib3~0.8.7~2.5mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64poppler-glib-devel\", rpm:\"lib64poppler-glib-devel~0.8.7~2.5mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64poppler-qt2\", rpm:\"lib64poppler-qt2~0.8.7~2.5mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64poppler-qt4-3\", rpm:\"lib64poppler-qt4-3~0.8.7~2.5mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64poppler-qt4-devel\", rpm:\"lib64poppler-qt4-devel~0.8.7~2.5mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64poppler-qt-devel\", rpm:\"lib64poppler-qt-devel~0.8.7~2.5mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2018-01-19T15:05:00", "description": "Check for the Version of poppler", "cvss3": {}, "published": "2010-03-12T00:00:00", "type": "openvas", "title": "Mandriva Update for poppler MDVSA-2010:055 (poppler)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-3608", "CVE-2009-3603", "CVE-2009-1181", "CVE-2009-3607", "CVE-2009-1188", "CVE-2009-0791", "CVE-2009-1180", "CVE-2009-3606", "CVE-2009-0799", "CVE-2009-1182", "CVE-2009-3604", "CVE-2009-3605", "CVE-2009-3609", "CVE-2009-3938", "CVE-2009-1187", "CVE-2009-1183", "CVE-2009-0800", "CVE-2009-1179"], "modified": "2018-01-18T00:00:00", "id": "OPENVAS:1361412562310830932", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310830932", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for poppler MDVSA-2010:055 (poppler)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"An out-of-bounds reading flaw in the JBIG2 decoder allows remote\n attackers to cause a denial of service (crash) via a crafted PDF file\n (CVE-2009-0799).\n\n Multiple input validation flaws in the JBIG2 decoder allows\n remote attackers to execute arbitrary code via a crafted PDF file\n (CVE-2009-0800).\n \n An integer overflow in the JBIG2 decoder allows remote attackers to\n execute arbitrary code via a crafted PDF file (CVE-2009-1179).\n \n A free of invalid data flaw in the JBIG2 decoder allows remote\n attackers to execute arbitrary code via a crafted PDF (CVE-2009-1180).\n \n A NULL pointer dereference flaw in the JBIG2 decoder allows remote\n attackers to cause denial of service (crash) via a crafted PDF file\n (CVE-2009-1181).\n \n Multiple buffer overflows in the JBIG2 MMR decoder allows remote\n attackers to cause denial of service or to execute arbitrary code\n via a crafted PDF file (CVE-2009-1182, CVE-2009-1183).\n \n An integer overflow in the JBIG2 decoding feature allows remote\n attackers to cause a denial of service (crash) and possibly execute\n arbitrary code via vectors related to CairoOutputDev (CVE-2009-1187).\n \n An integer overflow in the JBIG2 decoding feature allows remote\n attackers to execute arbitrary code or cause a denial of service\n (application crash) via a crafted PDF document (CVE-2009-1188).\n \n Integer overflow in the SplashBitmap::SplashBitmap function in Xpdf 3.x\n before 3.02pl4 and Poppler before 0.12.1 might allow remote attackers\n to execute arbitrary code via a crafted PDF document that triggers a\n heap-based buffer overflow. NOTE: some of these details are obtained\n from third party information. NOTE: this issue reportedly exists\n because of an incomplete fix for CVE-2009-1188 (CVE-2009-3603).\n \n The Splash::drawImage function in Splash.cc in Xpdf 2.x and 3.x\n before 3.02pl4, and Poppler 0.x, as used in GPdf and kdegraphics KPDF,\n does not properly allocate memory, which allows remote attackers to\n cause a denial of service (application crash) or possibly execute\n arbitrary code via a crafted PDF document that triggers a NULL pointer\n dereference or a heap-based buffer overflow (CVE-2009-3604).\n \n Multiple integer overflows allow remote attackers to cause a denial\n of service (application crash) or possibly execute arbitrary code\n via a crafted PDF file, related to (1) glib/poppler-page.cc; (2)\n ArthurOutputDev.cc, (3) CairoOutputDev.cc, (4) GfxState.cc, (5)\n JBIG2Stream.cc, (6) PSOutputDev.cc, and (7) SplashOutputDev.cc\n in poppler/; and (8) SplashBitmap.cc, (9) Splash.cc, and (1 ... \n\n Description truncated, for more information please check the Reference URL\";\n\ntag_affected = \"poppler on Mandriva Linux 2008.0,\n Mandriva Linux 2008.0/X86_64\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.mandriva.com/security-announce/2010-03/msg00015.php\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.830932\");\n script_version(\"$Revision: 8457 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-18 08:58:32 +0100 (Thu, 18 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2010-03-12 17:02:32 +0100 (Fri, 12 Mar 2010)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"MDVSA\", value: \"2010:055\");\n script_cve_id(\"CVE-2009-0799\", \"CVE-2009-0800\", \"CVE-2009-1179\", \"CVE-2009-1180\", \"CVE-2009-1181\", \"CVE-2009-1182\", \"CVE-2009-1183\", \"CVE-2009-1187\", \"CVE-2009-1188\", \"CVE-2009-3603\", \"CVE-2009-3604\", \"CVE-2009-0791\", \"CVE-2009-3605\", \"CVE-2009-3606\", \"CVE-2009-3607\", \"CVE-2009-3608\", \"CVE-2009-3609\", \"CVE-2009-3938\");\n script_name(\"Mandriva Update for poppler MDVSA-2010:055 (poppler)\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of poppler\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"MNDK_2008.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"libpoppler3\", rpm:\"libpoppler3~0.8.7~2.4mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libpoppler-devel\", rpm:\"libpoppler-devel~0.8.7~2.4mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libpoppler-glib3\", rpm:\"libpoppler-glib3~0.8.7~2.4mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libpoppler-glib-devel\", rpm:\"libpoppler-glib-devel~0.8.7~2.4mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libpoppler-qt2\", rpm:\"libpoppler-qt2~0.8.7~2.4mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libpoppler-qt4-3\", rpm:\"libpoppler-qt4-3~0.8.7~2.4mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libpoppler-qt4-devel\", rpm:\"libpoppler-qt4-devel~0.8.7~2.4mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libpoppler-qt-devel\", rpm:\"libpoppler-qt-devel~0.8.7~2.4mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"poppler\", rpm:\"poppler~0.8.7~2.4mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64poppler3\", rpm:\"lib64poppler3~0.8.7~2.4mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64poppler-devel\", rpm:\"lib64poppler-devel~0.8.7~2.4mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64poppler-glib3\", rpm:\"lib64poppler-glib3~0.8.7~2.4mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64poppler-glib-devel\", rpm:\"lib64poppler-glib-devel~0.8.7~2.4mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64poppler-qt2\", rpm:\"lib64poppler-qt2~0.8.7~2.4mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64poppler-qt4-3\", rpm:\"lib64poppler-qt4-3~0.8.7~2.4mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64poppler-qt4-devel\", rpm:\"lib64poppler-qt4-devel~0.8.7~2.4mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64poppler-qt-devel\", rpm:\"lib64poppler-qt-devel~0.8.7~2.4mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-24T12:56:42", "description": "The remote host is missing an update to libneon0.27\nannounced via advisory MDVSA-2009:221.", "cvss3": {}, "published": "2009-09-02T00:00:00", "type": "openvas", "title": "Mandrake Security Advisory MDVSA-2009:221 (libneon0.27)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-2408", "CVE-2009-2473", "CVE-2009-2474", "CVE-2003-1564"], "modified": "2017-07-06T00:00:00", "id": "OPENVAS:64693", "href": "http://plugins.openvas.org/nasl.php?oid=64693", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: mdksa_2009_221.nasl 6573 2017-07-06 13:10:50Z cfischer $\n# Description: Auto-generated from advisory MDVSA-2009:221 (libneon0.27)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Multiple vulnerabilities has been found and corrected in libneon0.27:\n\nneon before 0.28.6, when expat is used, does not properly detect\nrecursion during entity expansion, which allows context-dependent\nattackers to cause a denial of service (memory and CPU consumption)\nvia a crafted XML document containing a large number of nested entity\nreferences, a similar issue to CVE-2003-1564 (CVE-2009-2473).\n\nneon before 0.28.6, when OpenSSL is used, does not properly handle a\n'\\0' (NUL) character in a domain name in the subject's Common Name\n(CN) field of an X.509 certificate, which allows man-in-the-middle\nattackers to spoof arbitrary SSL servers via a crafted certificate\nissued by a legitimate Certification Authority, a related issue to\nCVE-2009-2408 (CVE-2009-2474).\n\nThis update provides a solution to these vulnerabilities.\n\nAffected: 2008.1, 2009.0, 2009.1, Corporate 4.0, Enterprise Server 5.0\";\ntag_solution = \"To upgrade automatically use MandrakeUpdate or urpmi. The verification\nof md5 checksums and GPG signatures is performed automatically for you.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=MDVSA-2009:221\";\ntag_summary = \"The remote host is missing an update to libneon0.27\nannounced via advisory MDVSA-2009:221.\";\n\n \n\nif(description)\n{\n script_id(64693);\n script_version(\"$Revision: 6573 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-06 15:10:50 +0200 (Thu, 06 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-09-02 04:58:39 +0200 (Wed, 02 Sep 2009)\");\n script_cve_id(\"CVE-2003-1564\", \"CVE-2009-2473\", \"CVE-2009-2408\", \"CVE-2009-2474\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"Mandrake Security Advisory MDVSA-2009:221 (libneon0.27)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"libneon0.27\", rpm:\"libneon0.27~0.28.3~0.2mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libneon0.27-devel\", rpm:\"libneon0.27-devel~0.28.3~0.2mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libneon0.27-static-devel\", rpm:\"libneon0.27-static-devel~0.28.3~0.2mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64neon0.27\", rpm:\"lib64neon0.27~0.28.3~0.2mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64neon0.27-devel\", rpm:\"lib64neon0.27-devel~0.28.3~0.2mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64neon0.27-static-devel\", rpm:\"lib64neon0.27-static-devel~0.28.3~0.2mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libneon0.27\", rpm:\"libneon0.27~0.28.3~1.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libneon0.27-devel\", rpm:\"libneon0.27-devel~0.28.3~1.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libneon0.27-static-devel\", rpm:\"libneon0.27-static-devel~0.28.3~1.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64neon0.27\", rpm:\"lib64neon0.27~0.28.3~1.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64neon0.27-devel\", rpm:\"lib64neon0.27-devel~0.28.3~1.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64neon0.27-static-devel\", rpm:\"lib64neon0.27-static-devel~0.28.3~1.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libneon0.27\", rpm:\"libneon0.27~0.28.3~2.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libneon0.27-devel\", rpm:\"libneon0.27-devel~0.28.3~2.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libneon0.27-static-devel\", rpm:\"libneon0.27-static-devel~0.28.3~2.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64neon0.27\", rpm:\"lib64neon0.27~0.28.3~2.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64neon0.27-devel\", rpm:\"lib64neon0.27-devel~0.28.3~2.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64neon0.27-static-devel\", rpm:\"lib64neon0.27-static-devel~0.28.3~2.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libneon0.27\", rpm:\"libneon0.27~0.28.3~0.2.20060mlcs4\", rls:\"MNDK_4.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libneon0.27-devel\", rpm:\"libneon0.27-devel~0.28.3~0.2.20060mlcs4\", rls:\"MNDK_4.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libneon0.27-static-devel\", rpm:\"libneon0.27-static-devel~0.28.3~0.2.20060mlcs4\", rls:\"MNDK_4.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64neon0.27\", rpm:\"lib64neon0.27~0.28.3~0.2.20060mlcs4\", rls:\"MNDK_4.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64neon0.27-devel\", rpm:\"lib64neon0.27-devel~0.28.3~0.2.20060mlcs4\", rls:\"MNDK_4.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64neon0.27-static-devel\", rpm:\"lib64neon0.27-static-devel~0.28.3~0.2.20060mlcs4\", rls:\"MNDK_4.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libneon0.27\", rpm:\"libneon0.27~0.28.3~1.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libneon0.27-devel\", rpm:\"libneon0.27-devel~0.28.3~1.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libneon0.27-static-devel\", rpm:\"libneon0.27-static-devel~0.28.3~1.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64neon0.27\", rpm:\"lib64neon0.27~0.28.3~1.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64neon0.27-devel\", rpm:\"lib64neon0.27-devel~0.28.3~1.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64neon0.27-static-devel\", rpm:\"lib64neon0.27-static-devel~0.28.3~1.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-06T11:39:05", "description": "The remote host is missing an update to libneon0.27\nannounced via advisory MDVSA-2009:221.", "cvss3": {}, "published": "2009-09-02T00:00:00", "type": "openvas", "title": "Mandrake Security Advisory MDVSA-2009:221 (libneon0.27)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-2408", "CVE-2009-2473", "CVE-2009-2474", "CVE-2003-1564"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:136141256231064693", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231064693", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: mdksa_2009_221.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory MDVSA-2009:221 (libneon0.27)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Multiple vulnerabilities has been found and corrected in libneon0.27:\n\nneon before 0.28.6, when expat is used, does not properly detect\nrecursion during entity expansion, which allows context-dependent\nattackers to cause a denial of service (memory and CPU consumption)\nvia a crafted XML document containing a large number of nested entity\nreferences, a similar issue to CVE-2003-1564 (CVE-2009-2473).\n\nneon before 0.28.6, when OpenSSL is used, does not properly handle a\n'\\0' (NUL) character in a domain name in the subject's Common Name\n(CN) field of an X.509 certificate, which allows man-in-the-middle\nattackers to spoof arbitrary SSL servers via a crafted certificate\nissued by a legitimate Certification Authority, a related issue to\nCVE-2009-2408 (CVE-2009-2474).\n\nThis update provides a solution to these vulnerabilities.\n\nAffected: 2008.1, 2009.0, 2009.1, Corporate 4.0, Enterprise Server 5.0\";\ntag_solution = \"To upgrade automatically use MandrakeUpdate or urpmi. The verification\nof md5 checksums and GPG signatures is performed automatically for you.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=MDVSA-2009:221\";\ntag_summary = \"The remote host is missing an update to libneon0.27\nannounced via advisory MDVSA-2009:221.\";\n\n \n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.64693\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-09-02 04:58:39 +0200 (Wed, 02 Sep 2009)\");\n script_cve_id(\"CVE-2003-1564\", \"CVE-2009-2473\", \"CVE-2009-2408\", \"CVE-2009-2474\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"Mandrake Security Advisory MDVSA-2009:221 (libneon0.27)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"libneon0.27\", rpm:\"libneon0.27~0.28.3~0.2mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libneon0.27-devel\", rpm:\"libneon0.27-devel~0.28.3~0.2mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libneon0.27-static-devel\", rpm:\"libneon0.27-static-devel~0.28.3~0.2mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64neon0.27\", rpm:\"lib64neon0.27~0.28.3~0.2mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64neon0.27-devel\", rpm:\"lib64neon0.27-devel~0.28.3~0.2mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64neon0.27-static-devel\", rpm:\"lib64neon0.27-static-devel~0.28.3~0.2mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libneon0.27\", rpm:\"libneon0.27~0.28.3~1.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libneon0.27-devel\", rpm:\"libneon0.27-devel~0.28.3~1.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libneon0.27-static-devel\", rpm:\"libneon0.27-static-devel~0.28.3~1.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64neon0.27\", rpm:\"lib64neon0.27~0.28.3~1.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64neon0.27-devel\", rpm:\"lib64neon0.27-devel~0.28.3~1.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64neon0.27-static-devel\", rpm:\"lib64neon0.27-static-devel~0.28.3~1.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libneon0.27\", rpm:\"libneon0.27~0.28.3~2.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libneon0.27-devel\", rpm:\"libneon0.27-devel~0.28.3~2.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libneon0.27-static-devel\", rpm:\"libneon0.27-static-devel~0.28.3~2.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64neon0.27\", rpm:\"lib64neon0.27~0.28.3~2.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64neon0.27-devel\", rpm:\"lib64neon0.27-devel~0.28.3~2.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64neon0.27-static-devel\", rpm:\"lib64neon0.27-static-devel~0.28.3~2.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libneon0.27\", rpm:\"libneon0.27~0.28.3~0.2.20060mlcs4\", rls:\"MNDK_4.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libneon0.27-devel\", rpm:\"libneon0.27-devel~0.28.3~0.2.20060mlcs4\", rls:\"MNDK_4.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libneon0.27-static-devel\", rpm:\"libneon0.27-static-devel~0.28.3~0.2.20060mlcs4\", rls:\"MNDK_4.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64neon0.27\", rpm:\"lib64neon0.27~0.28.3~0.2.20060mlcs4\", rls:\"MNDK_4.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64neon0.27-devel\", rpm:\"lib64neon0.27-devel~0.28.3~0.2.20060mlcs4\", rls:\"MNDK_4.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64neon0.27-static-devel\", rpm:\"lib64neon0.27-static-devel~0.28.3~0.2.20060mlcs4\", rls:\"MNDK_4.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libneon0.27\", rpm:\"libneon0.27~0.28.3~1.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libneon0.27-devel\", rpm:\"libneon0.27-devel~0.28.3~1.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libneon0.27-static-devel\", rpm:\"libneon0.27-static-devel~0.28.3~1.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64neon0.27\", rpm:\"lib64neon0.27~0.28.3~1.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64neon0.27-devel\", rpm:\"lib64neon0.27-devel~0.28.3~1.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64neon0.27-static-devel\", rpm:\"lib64neon0.27-static-devel~0.28.3~1.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2020-03-12T19:07:18", "description": "This host is running Apache Tomcat with mod_jk Module and is prone to\n an information disclosure vulnerability.", "cvss3": {}, "published": "2009-04-17T00:00:00", "type": "openvas", "title": "Apache Tomcat mod_jk Information Disclosure Vulnerability", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-5519"], "modified": "2020-03-11T00:00:00", "id": "OPENVAS:1361412562310800277", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310800277", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Apache Tomcat mod_jk Information Disclosure Vulnerability\n#\n# Authors:\n# Sujit Ghosal <sghosal@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:apache:mod_jk\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.800277\");\n script_version(\"2020-03-11T09:57:55+0000\");\n script_tag(name:\"last_modification\", value:\"2020-03-11 09:57:55 +0000 (Wed, 11 Mar 2020)\");\n script_tag(name:\"creation_date\", value:\"2009-04-17 09:00:01 +0200 (Fri, 17 Apr 2009)\");\n script_tag(name:\"cvss_base\", value:\"2.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:H/Au:N/C:P/I:N/A:N\");\n script_cve_id(\"CVE-2008-5519\");\n script_bugtraq_id(34412);\n\n script_name(\"Apache Tomcat mod_jk Information Disclosure Vulnerability\");\n\n script_tag(name:\"qod_type\", value:\"remote_banner\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Web application abuses\");\n script_dependencies(\"gb_apache_mod_jk_detect.nasl\");\n script_mandatory_keys(\"apache_modjk/detected\");\n\n script_tag(name:\"impact\", value:\"This issue can be exploited to disclose response data associated with the\n request of a different user via specially crafted HTTP requests and to gain\n sensitive information about the remote host.\");\n\n script_tag(name:\"affected\", value:\"Apache Tomcat mod_jk version 1.2.0 to 1.2.26.\");\n\n script_tag(name:\"insight\", value:\"This flaw is due to\n\n - an error when handling empty POST requests with a non-zero 'Content-Length' header.\n\n - an error while handling multiple noncompliant AJP protocol related requests.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_tag(name:\"solution\", value:\"Upgrade to mod_jk 1.2.27 or later.\");\n\n script_tag(name:\"summary\", value:\"This host is running Apache Tomcat with mod_jk Module and is prone to\n an information disclosure vulnerability.\");\n\n script_xref(name:\"URL\", value:\"http://secunia.com/advisories/34621\");\n script_xref(name:\"URL\", value:\"http://marc.info/?l=tomcat-dev&m=123913700700879\");\n script_xref(name:\"URL\", value:\"http://securitytracker.com/alerts/2009/Apr/1022001.html\");\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif (!port = get_app_port(cpe: CPE))\n exit(0);\n\nif (!version = get_app_version(cpe: CPE, port: port))\n exit(0);\n\nif (version_in_range(version: version, test_version: \"1.2.0\", test_version2: \"1.2.26\")) {\n report = report_fixed_ver(installed_version: version, fixed_version: \"1.2.27\");\n security_message(port: port, data: report);\n exit(0);\n}\n\nexit(99);\n", "cvss": {"score": 2.6, "vector": "AV:N/AC:H/Au:N/C:P/I:N/A:N"}}], "slackware": [{"lastseen": "2019-05-30T07:37:27", "description": "New xpdf packages are available for Slackware 9.1, 10.0, 10.1, 10.2, 11.0,\n12.0, 12.1, 12.2, 13.0, and -current to fix security issues.\n\nMore details about the issues may be found in the Common\nVulnerabilities and Exposures (CVE) database:\n\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3603\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3604\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3605\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3606\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3608\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3609\n\n\nHere are the details from the Slackware 13.0 ChangeLog:\n\npatches/packages/xpdf-3.02pl4-i486-1_slack13.0.tgz: Upgraded.\n This update fixes several security issues that could lead to an\n application crash, or execution of arbitrary code.\n For more information, see:\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3603\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3604\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3605\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3606\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3608\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3609\n (* Security fix *)\n\nWhere to find the new packages:\n\nHINT: Getting slow download speeds from ftp.slackware.com?\nGive slackware.osuosl.org a try. This is another primary FTP site\nfor Slackware that can be considerably faster than downloading\ndirectly from ftp.slackware.com.\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating additional FTP and rsync hosting\nto the Slackware project! :-)\n\nAlso see the "Get Slack" section on http://slackware.com for\nadditional mirror sites near you.\n\nUpdated package for Slackware 9.1:\nftp://ftp.slackware.com/pub/slackware/slackware-9.1/patches/packages/xpdf-3.02pl4-i486-1_slack9.1.tgz\n\nUpdated package for Slackware 10.0:\nftp://ftp.slackware.com/pub/slackware/slackware-10.0/patches/packages/xpdf-3.02pl4-i486-1_slack10.0.tgz\n\nUpdated package for Slackware 10.1:\nftp://ftp.slackware.com/pub/slackware/slackware-10.1/patches/packages/xpdf-3.02pl4-i486-1_slack10.1.tgz\n\nUpdated package for Slackware 10.2:\nftp://ftp.slackware.com/pub/slackware/slackware-10.2/patches/packages/xpdf-3.02pl4-i486-1_slack10.2.tgz\n\nUpdated package for Slackware 11.0:\nftp://ftp.slackware.com/pub/slackware/slackware-11.0/patches/packages/xpdf-3.02pl4-i486-1_slack11.0.tgz\n\nUpdated package for Slackware 12.0:\nftp://ftp.slackware.com/pub/slackware/slackware-12.0/patches/packages/xpdf-3.02pl4-i486-1_slack12.0.tgz\n\nUpdated package for Slackware 12.1:\nftp://ftp.slackware.com/pub/slackware/slackware-12.1/patches/packages/xpdf-3.02pl4-i486-1_slack12.1.tgz\n\nUpdated package for Slackware 12.2:\nftp://ftp.slackware.com/pub/slackware/slackware-12.2/patches/packages/xpdf-3.02pl4-i486-1_slack12.2.tgz\n\nUpdated package for Slackware 13.0:\nftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/xpdf-3.02pl4-i486-1_slack13.0.txz\n\nUpdated package for Slackware x86_64 13.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/xpdf-3.02pl4-x86_64-1_slack13.0.txz\n\nUpdated package for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/xap/xpdf-3.02pl4-i486-1.txz\n\nUpdated package for Slackware x86_64 -current:\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/xap/xpdf-3.02pl4-x86_64-1.txz\n\n\nMD5 signatures:\n\nSlackware 9.1 package:\nfd58cae84772ed2c03ca720b0a71ef49 xpdf-3.02pl4-i486-1_slack9.1.tgz\n\nSlackware 10.0 package:\n37cf2a9f5c02b6585d622374cd9a8756 xpdf-3.02pl4-i486-1_slack10.0.tgz\n\nSlackware 10.1 package:\na3e2b22532f7a0190782590ee5310b4b xpdf-3.02pl4-i486-1_slack10.1.tgz\n\nSlackware 10.2 package:\n78d27cc6c8a33f21d7e5f21d90aa0c43 xpdf-3.02pl4-i486-1_slack10.2.tgz\n\nSlackware 11.0 package:\nda0134b674360e0509689ad68877a21c xpdf-3.02pl4-i486-1_slack11.0.tgz\n\nSlackware 12.0 package:\ne3a10ebf3f499882a8a364963d6287f9 xpdf-3.02pl4-i486-1_slack12.0.tgz\n\nSlackware 12.1 package:\n83b8a9b89877987c65f9c1bf3a01b321 xpdf-3.02pl4-i486-1_slack12.1.tgz\n\nSlackware 12.2 package:\nddfd41747e7f76e20a8a39911d0080ac xpdf-3.02pl4-i486-1_slack12.2.tgz\n\nSlackware 13.0 package:\n4e42d51c18a7e354e961857096e09140 xpdf-3.02pl4-i486-1_slack13.0.txz\n\nSlackware x86_64 13.0 package:\n977dfd83fdb4c1af3d68ffa12c882424 xpdf-3.02pl4-x86_64-1_slack13.0.txz\n\nSlackware -current package:\n3c756246f0db86bea9f9f127f1461e8f xpdf-3.02pl4-i486-1.txz\n\nSlackware x86_64 -current package:\nf8f257349bad0cdf7d0bada5654b0190 xpdf-3.02pl4-x86_64-1.txz\n\n\nInstallation instructions:\n\nUpgrade the package as root:\n > upgradepkg xpdf-3.02pl4-i486-1_slack13.0.txz", "cvss3": {}, "published": "2009-10-28T23:28:02", "type": "slackware", "title": "xpdf", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2009-3608", "CVE-2009-3603", "CVE-2009-3606", "CVE-2009-3604", "CVE-2009-3605", "CVE-2009-3609"], "modified": "2009-10-28T23:28:02", "id": "SSA-2009-302-01", "href": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.585854", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-30T07:37:02", "description": "New poppler packages are available for Slackware 12.0, 12.1, 12.2, 13.0,\nand -current to fix security issues.\n\nMore details about this issue may be found in the Common\nVulnerabilities and Exposures (CVE) database:\n\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3603\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3604\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3605\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3606\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3608\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3609\n\n\nHere are the details from the Slackware 13.0 ChangeLog:\n\npatches/packages/poppler-0.10.7-i486-2_slack13.0.txz: Rebuilt.\n This updated package includes patches based on xpdf 3.02pl4.\n For more information, see:\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3603\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3604\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3605\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3606\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3608\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3609\n (* Security fix *)\n\nWhere to find the new packages:\n\nHINT: Getting slow download speeds from ftp.slackware.com?\nGive slackware.osuosl.org a try. This is another primary FTP site\nfor Slackware that can be considerably faster than downloading\ndirectly from ftp.slackware.com.\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating additional FTP and rsync hosting\nto the Slackware project! :-)\n\nAlso see the "Get Slack" section on http://slackware.com for\nadditional mirror sites near you.\n\nUpdated package for Slackware 12.0:\nftp://ftp.slackware.com/pub/slackware/slackware-12.0/patches/packages/poppler-0.6.2-i486-2_slack12.0.tgz\n\nUpdated package for Slackware 12.1:\nftp://ftp.slackware.com/pub/slackware/slackware-12.1/patches/packages/poppler-0.6.4-i486-2_slack12.1.tgz\n\nUpdated package for Slackware 12.2:\nftp://ftp.slackware.com/pub/slackware/slackware-12.2/patches/packages/poppler-0.8.5-i486-3_slack12.2.tgz\n\nUpdated package for Slackware 13.0:\nftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/poppler-0.10.7-i486-2_slack13.0.txz\n\nUpdated package for Slackware x86_64 13.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/poppler-0.10.7-x86_64-2_slack13.0.txz\n\nUpdated packages for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/l/poppler-0.12.1-i486-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/l/poppler-data-0.3.0-noarch-1.txz\n\nUpdated packages for Slackware x86_64 -current:\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/l/poppler-0.12.1-x86_64-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/l/poppler-data-0.3.0-noarch-1.txz\n\n\nMD5 signatures:\n\nSlackware 12.0 package:\nb084a88ec1c9e5f1402fccb897040576 poppler-0.6.2-i486-2_slack12.0.tgz\n\nSlackware 12.1 package:\n090431253d54585f5aa4276521c4ba7e poppler-0.6.4-i486-2_slack12.1.tgz\n\nSlackware 12.2 package:\nf68a76fa4c24a6d2c201734a30d66008 poppler-0.8.5-i486-3_slack12.2.tgz\n\nSlackware 13.0 package:\nb107cf8a1b87cf068567a7523b2ed095 poppler-0.10.7-i486-2_slack13.0.txz\n\nSlackware x86_64 13.0 package:\n00db7f2b403b75c41e9845af9fb5acf9 poppler-0.10.7-x86_64-2_slack13.0.txz\n\nSlackware -current packages:\n44884e2ac09419ef8d3da49b2e754ee8 poppler-0.12.1-i486-1.txz\n6eb0574ab09269d8789c4b64a56d6692 poppler-data-0.3.0-noarch-1.txz\n\nSlackware x86_64 -current packages:\nc90a9e6dfa090c0098ca45e5e14f0892 poppler-0.12.1-x86_64-1.txz\n28ac087f83577b39cbed515e501ee447 poppler-data-0.3.0-noarch-1.txz\n\n\nInstallation instructions:\n\nUpgrade the package as root:\n > upgradepkg poppler-0.10.7-i486-2_slack13.0.txz", "cvss3": {}, "published": "2009-10-28T23:28:23", "type": "slackware", "title": "poppler", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2009-3608", "CVE-2009-3603", "CVE-2009-3606", "CVE-2009-3604", "CVE-2009-3605", "CVE-2009-3609"], "modified": "2009-10-28T23:28:23", "id": "SSA-2009-302-02", "href": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.518348", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "altlinux": [{"lastseen": "2023-03-31T19:21:48", "description": "Nov. 15, 2009 Victor Forsyuk 3.02-alt7\n \n \n - Apply xpdf-3.02pl4 security patch to fix:\n CVE-2009-3603, CVE-2009-3604, CVE-2009-3605, CVE-2009-3606,\n CVE-2009-3608, CVE-2009-3609.\n", "cvss3": {}, "published": "2009-11-15T00:00:00", "type": "altlinux", "title": "Security fix for the ALT Linux 5 package xpdf version 3.02-alt7", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2009-3603", "CVE-2009-3604", "CVE-2009-3605", "CVE-2009-3606", "CVE-2009-3608", "CVE-2009-3609"], "modified": "2009-11-15T00:00:00", "id": "36F80C0801153AA342537AD3817BBA85", "href": "https://packages.altlinux.org/en/p5/srpms/xpdf/", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "nessus": [{"lastseen": "2023-05-18T14:27:51", "description": "Specially crafted PDF files could cause buffer overflows in xpdf when viewing such a document (CVE-2009-3603, CVE-2009-3604, CVE-2009-3605, CVE-2009-3606, CVE-2009-3608, CVE-2009-3609).", "cvss3": {}, "published": "2009-11-09T00:00:00", "type": "nessus", "title": "openSUSE 10 Security Update : xpdf (xpdf-6558)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-3603", "CVE-2009-3604", "CVE-2009-3605", "CVE-2009-3606", "CVE-2009-3608", "CVE-2009-3609"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:xpdf", "p-cpe:/a:novell:opensuse:xpdf-tools", "cpe:/o:novell:opensuse:10.3"], "id": "SUSE_XPDF-6558.NASL", "href": "https://www.tenable.com/plugins/nessus/42422", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update xpdf-6558.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(42422);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2009-3603\", \"CVE-2009-3604\", \"CVE-2009-3605\", \"CVE-2009-3606\", \"CVE-2009-3608\", \"CVE-2009-3609\");\n\n script_name(english:\"openSUSE 10 Security Update : xpdf (xpdf-6558)\");\n script_summary(english:\"Check for the xpdf-6558 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Specially crafted PDF files could cause buffer overflows in xpdf when\nviewing such a document (CVE-2009-3603, CVE-2009-3604, CVE-2009-3605,\nCVE-2009-3606, CVE-2009-3608, CVE-2009-3609).\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected xpdf packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_cwe_id(189, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xpdf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xpdf-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:10.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/10/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/11/09\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE10\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"10.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE10.3\", reference:\"xpdf-3.02-19.13\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"xpdf-tools-3.02-19.13\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"xpdf / xpdf-tools\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:27:33", "description": "Specially crafted PDF files could cause buffer overflows in xpdf when viewing such a document (CVE-2009-3603, CVE-2009-3604, CVE-2009-3605, CVE-2009-3606, CVE-2009-3608, CVE-2009-3609).", "cvss3": {}, "published": "2009-11-09T00:00:00", "type": "nessus", "title": "openSUSE Security Update : xpdf (xpdf-1397)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-3603", "CVE-2009-3604", "CVE-2009-3605", "CVE-2009-3606", "CVE-2009-3608", "CVE-2009-3609"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:xpdf", "p-cpe:/a:novell:opensuse:xpdf-tools", "cpe:/o:novell:opensuse:11.1"], "id": "SUSE_11_1_XPDF-091024.NASL", "href": "https://www.tenable.com/plugins/nessus/42419", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update xpdf-1397.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(42419);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2009-3603\", \"CVE-2009-3604\", \"CVE-2009-3605\", \"CVE-2009-3606\", \"CVE-2009-3608\", \"CVE-2009-3609\");\n\n script_name(english:\"openSUSE Security Update : xpdf (xpdf-1397)\");\n script_summary(english:\"Check for the xpdf-1397 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Specially crafted PDF files could cause buffer overflows in xpdf when\nviewing such a document (CVE-2009-3603, CVE-2009-3604, CVE-2009-3605,\nCVE-2009-3606, CVE-2009-3608, CVE-2009-3609).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=534764\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=539875\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=543410\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected xpdf packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_cwe_id(189, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xpdf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xpdf-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/10/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/11/09\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.1\", reference:\"xpdf-3.02-97.81.3\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"xpdf-tools-3.02-97.81.3\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"xpdf / xpdf-tools\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-17T15:52:24", "description": "Specially crafted PDF files could cause buffer overflows in xpdf when viewing such a document. (CVE-2009-3603 / CVE-2009-3604 / CVE-2009-3605 / CVE-2009-3606 / CVE-2009-3608 / CVE-2009-3609)", "cvss3": {}, "published": "2010-10-11T00:00:00", "type": "nessus", "title": "SuSE 10 Security Update : xpdf (ZYPP Patch Number 6560)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-3603", "CVE-2009-3604", "CVE-2009-3605", "CVE-2009-3606", "CVE-2009-3608", "CVE-2009-3609"], "modified": "2021-01-14T00:00:00", "cpe": ["cpe:/o:suse:suse_linux"], "id": "SUSE_XPDF-6560.NASL", "href": "https://www.tenable.com/plugins/nessus/49935", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(49935);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2009-3603\", \"CVE-2009-3604\", \"CVE-2009-3605\", \"CVE-2009-3606\", \"CVE-2009-3608\", \"CVE-2009-3609\");\n\n script_name(english:\"SuSE 10 Security Update : xpdf (ZYPP Patch Number 6560)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 10 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Specially crafted PDF files could cause buffer overflows in xpdf when\nviewing such a document. (CVE-2009-3603 / CVE-2009-3604 /\nCVE-2009-3605 / CVE-2009-3606 / CVE-2009-3608 / CVE-2009-3609)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-3603.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-3604.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-3605.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-3606.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-3608.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-3609.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply ZYPP patch number 6560.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_cwe_id(189, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/10/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/10/11\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 10 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED10\", sp:3, reference:\"xpdf-tools-3.01-21.23.2\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, reference:\"xpdf-tools-3.01-21.23.2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-19T14:19:07", "description": "New xpdf packages are available for Slackware 9.1, 10.0, 10.1, 10.2, 11.0, 12.0, 12.1, 12.2, 13.0, and -current to fix security issues.", "cvss3": {}, "published": "2009-10-29T00:00:00", "type": "nessus", "title": "Slackware 10.0 / 10.1 / 10.2 / 11.0 / 12.0 / 12.1 / 12.2 / 13.0 / 9.1 / current : xpdf (SSA:2009-302-01)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-3603", "CVE-2009-3604", "CVE-2009-3605", "CVE-2009-3606", "CVE-2009-3608", "CVE-2009-3609"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:slackware:slackware_linux:xpdf", "cpe:/o:slackware:slackware_linux", "cpe:/o:slackware:slackware_linux:10.0", "cpe:/o:slackware:slackware_linux:10.1", "cpe:/o:slackware:slackware_linux:10.2", "cpe:/o:slackware:slackware_linux:11.0", "cpe:/o:slackware:slackware_linux:12.0", "cpe:/o:slackware:slackware_linux:12.1", "cpe:/o:slackware:slackware_linux:12.2", "cpe:/o:slackware:slackware_linux:13.0", "cpe:/o:slackware:slackware_linux:9.1"], "id": "SLACKWARE_SSA_2009-302-01.NASL", "href": "https://www.tenable.com/plugins/nessus/42293", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Slackware Security Advisory 2009-302-01. The text \n# itself is copyright (C) Slackware Linux, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(42293);\n script_version(\"1.18\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2009-3603\", \"CVE-2009-3604\", \"CVE-2009-3605\", \"CVE-2009-3606\", \"CVE-2009-3608\", \"CVE-2009-3609\");\n script_bugtraq_id(36703);\n script_xref(name:\"SSA\", value:\"2009-302-01\");\n\n script_name(english:\"Slackware 10.0 / 10.1 / 10.2 / 11.0 / 12.0 / 12.1 / 12.2 / 13.0 / 9.1 / current : xpdf (SSA:2009-302-01)\");\n script_summary(english:\"Checks for updated package in /var/log/packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Slackware host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"New xpdf packages are available for Slackware 9.1, 10.0, 10.1, 10.2,\n11.0, 12.0, 12.1, 12.2, 13.0, and -current to fix security issues.\"\n );\n # http://www.slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.585854\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?e3495990\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected xpdf package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(189, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:slackware:slackware_linux:xpdf\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:10.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:10.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:10.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:11.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:12.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:12.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:12.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:13.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:9.1\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2009/10/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/10/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/10/29\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Slackware Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Slackware/release\", \"Host/Slackware/packages\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"slackware.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Slackware/release\")) audit(AUDIT_OS_NOT, \"Slackware\");\nif (!get_kb_item(\"Host/Slackware/packages\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Slackware\", cpu);\n\n\nflag = 0;\nif (slackware_check(osver:\"9.1\", pkgname:\"xpdf\", pkgver:\"3.02pl4\", pkgarch:\"i486\", pkgnum:\"1_slack9.1\")) flag++;\n\nif (slackware_check(osver:\"10.0\", pkgname:\"xpdf\", pkgver:\"3.02pl4\", pkgarch:\"i486\", pkgnum:\"1_slack10.0\")) flag++;\n\nif (slackware_check(osver:\"10.1\", pkgname:\"xpdf\", pkgver:\"3.02pl4\", pkgarch:\"i486\", pkgnum:\"1_slack10.1\")) flag++;\n\nif (slackware_check(osver:\"10.2\", pkgname:\"xpdf\", pkgver:\"3.02pl4\", pkgarch:\"i486\", pkgnum:\"1_slack10.2\")) flag++;\n\nif (slackware_check(osver:\"11.0\", pkgname:\"xpdf\", pkgver:\"3.02pl4\", pkgarch:\"i486\", pkgnum:\"1_slack11.0\")) flag++;\n\nif (slackware_check(osver:\"12.0\", pkgname:\"xpdf\", pkgver:\"3.02pl4\", pkgarch:\"i486\", pkgnum:\"1_slack12.0\")) flag++;\n\nif (slackware_check(osver:\"12.1\", pkgname:\"xpdf\", pkgver:\"3.02pl4\", pkgarch:\"i486\", pkgnum:\"1_slack12.1\")) flag++;\n\nif (slackware_check(osver:\"12.2\", pkgname:\"xpdf\", pkgver:\"3.02pl4\", pkgarch:\"i486\", pkgnum:\"1_slack12.2\")) flag++;\n\nif (slackware_check(osver:\"13.0\", pkgname:\"xpdf\", pkgver:\"3.02pl4\", pkgarch:\"i486\", pkgnum:\"1_slack13.0\")) flag++;\nif (slackware_check(osver:\"13.0\", arch:\"x86_64\", pkgname:\"xpdf\", pkgver:\"3.02pl4\", pkgarch:\"x86_64\", pkgnum:\"1_slack13.0\")) flag++;\n\nif (slackware_check(osver:\"current\", pkgname:\"xpdf\", pkgver:\"3.02pl4\", pkgarch:\"i486\", pkgnum:\"1\")) flag++;\nif (slackware_check(osver:\"current\", arch:\"x86_64\", pkgname:\"xpdf\", pkgver:\"3.02pl4\", pkgarch:\"x86_64\", pkgnum:\"1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:slackware_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:28:02", "description": "Specially crafted PDF files could cause buffer overflows in xpdf when viewing such a document. (CVE-2009-3603 / CVE-2009-3604 / CVE-2009-3605 / CVE-2009-3606 / CVE-2009-3608 / CVE-2009-3609)", "cvss3": {}, "published": "2009-11-06T00:00:00", "type": "nessus", "title": "SuSE 10 Security Update : xpdf (ZYPP Patch Number 6556)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-3603", "CVE-2009-3604", "CVE-2009-3605", "CVE-2009-3606", "CVE-2009-3608", "CVE-2009-3609"], "modified": "2021-01-14T00:00:00", "cpe": ["cpe:/o:suse:suse_linux"], "id": "SUSE_XPDF-6556.NASL", "href": "https://www.tenable.com/plugins/nessus/42406", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(42406);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2009-3603\", \"CVE-2009-3604\", \"CVE-2009-3605\", \"CVE-2009-3606\", \"CVE-2009-3608\", \"CVE-2009-3609\");\n\n script_name(english:\"SuSE 10 Security Update : xpdf (ZYPP Patch Number 6556)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 10 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Specially crafted PDF files could cause buffer overflows in xpdf when\nviewing such a document. (CVE-2009-3603 / CVE-2009-3604 /\nCVE-2009-3605 / CVE-2009-3606 / CVE-2009-3608 / CVE-2009-3609)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-3603.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-3604.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-3605.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-3606.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-3608.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-3609.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply ZYPP patch number 6556.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_cwe_id(189, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/10/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/11/06\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 10 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED10\", sp:2, reference:\"xpdf-tools-3.01-21.22.2\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, reference:\"xpdf-tools-3.01-21.22.2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:27:32", "description": "Specially crafted PDF files could cause buffer overflows in xpdf when viewing such a document (CVE-2009-3603, CVE-2009-3604, CVE-2009-3605, CVE-2009-3606, CVE-2009-3608, CVE-2009-3609).", "cvss3": {}, "published": "2009-11-09T00:00:00", "type": "nessus", "title": "openSUSE Security Update : xpdf (xpdf-1397)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-3603", "CVE-2009-3604", "CVE-2009-3605", "CVE-2009-3606", "CVE-2009-3608", "CVE-2009-3609"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:xpdf", "p-cpe:/a:novell:opensuse:xpdf-tools", "cpe:/o:novell:opensuse:11.0"], "id": "SUSE_11_0_XPDF-091023.NASL", "href": "https://www.tenable.com/plugins/nessus/42417", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update xpdf-1397.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(42417);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2009-3603\", \"CVE-2009-3604\", \"CVE-2009-3605\", \"CVE-2009-3606\", \"CVE-2009-3608\", \"CVE-2009-3609\");\n\n script_name(english:\"openSUSE Security Update : xpdf (xpdf-1397)\");\n script_summary(english:\"Check for the xpdf-1397 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Specially crafted PDF files could cause buffer overflows in xpdf when\nviewing such a document (CVE-2009-3603, CVE-2009-3604, CVE-2009-3605,\nCVE-2009-3606, CVE-2009-3608, CVE-2009-3609).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=534764\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=539875\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=543410\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected xpdf packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_cwe_id(189, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xpdf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xpdf-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/10/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/11/09\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.0)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.0\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.0\", reference:\"xpdf-3.02-95.9\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"xpdf-tools-3.02-95.9\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"xpdf / xpdf-tools\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-19T14:19:07", "description": "New poppler packages are available for Slackware 12.0, 12.1, 12.2, 13.0, and -current to fix security issues.", "cvss3": {}, "published": "2009-10-29T00:00:00", "type": "nessus", "title": "Slackware 12.0 / 12.1 / 12.2 / 13.0 / current : poppler (SSA:2009-302-02)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-3603", "CVE-2009-3604", "CVE-2009-3605", "CVE-2009-3606", "CVE-2009-3608", "CVE-2009-3609"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:slackware:slackware_linux:poppler", "p-cpe:/a:slackware:slackware_linux:poppler-data", "cpe:/o:slackware:slackware_linux", "cpe:/o:slackware:slackware_linux:12.0", "cpe:/o:slackware:slackware_linux:12.1", "cpe:/o:slackware:slackware_linux:12.2", "cpe:/o:slackware:slackware_linux:13.0"], "id": "SLACKWARE_SSA_2009-302-02.NASL", "href": "https://www.tenable.com/plugins/nessus/42294", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Slackware Security Advisory 2009-302-02. The text \n# itself is copyright (C) Slackware Linux, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(42294);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2009-3603\", \"CVE-2009-3604\", \"CVE-2009-3605\", \"CVE-2009-3606\", \"CVE-2009-3608\", \"CVE-2009-3609\");\n script_bugtraq_id(36703);\n script_xref(name:\"SSA\", value:\"2009-302-02\");\n\n script_name(english:\"Slackware 12.0 / 12.1 / 12.2 / 13.0 / current : poppler (SSA:2009-302-02)\");\n script_summary(english:\"Checks for updated packages in /var/log/packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Slackware host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"New poppler packages are available for Slackware 12.0, 12.1, 12.2,\n13.0, and -current to fix security issues.\"\n );\n # http://www.slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.518348\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?dba4f1ad\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected poppler and / or poppler-data packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(189, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:slackware:slackware_linux:poppler\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:slackware:slackware_linux:poppler-data\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:12.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:12.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:12.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:13.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2009/10/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/10/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/10/29\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Slackware Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Slackware/release\", \"Host/Slackware/packages\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"slackware.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Slackware/release\")) audit(AUDIT_OS_NOT, \"Slackware\");\nif (!get_kb_item(\"Host/Slackware/packages\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Slackware\", cpu);\n\n\nflag = 0;\nif (slackware_check(osver:\"12.0\", pkgname:\"poppler\", pkgver:\"0.6.2\", pkgarch:\"i486\", pkgnum:\"2_slack12.0\")) flag++;\n\nif (slackware_check(osver:\"12.1\", pkgname:\"poppler\", pkgver:\"0.6.4\", pkgarch:\"i486\", pkgnum:\"2_slack12.1\")) flag++;\n\nif (slackware_check(osver:\"12.2\", pkgname:\"poppler\", pkgver:\"0.8.5\", pkgarch:\"i486\", pkgnum:\"3_slack12.2\")) flag++;\n\nif (slackware_check(osver:\"13.0\", pkgname:\"poppler\", pkgver:\"0.10.7\", pkgarch:\"i486\", pkgnum:\"2_slack13.0\")) flag++;\nif (slackware_check(osver:\"13.0\", arch:\"x86_64\", pkgname:\"poppler\", pkgver:\"0.10.7\", pkgarch:\"x86_64\", pkgnum:\"2_slack13.0\")) flag++;\n\nif (slackware_check(osver:\"current\", pkgname:\"poppler\", pkgver:\"0.12.1\", pkgarch:\"i486\", pkgnum:\"1\")) flag++;\nif (slackware_check(osver:\"current\", pkgname:\"poppler-data\", pkgver:\"0.3.0\", pkgarch:\"noarch\", pkgnum:\"1\")) flag++;\nif (slackware_check(osver:\"current\", arch:\"x86_64\", pkgname:\"poppler\", pkgver:\"0.12.1\", pkgarch:\"x86_64\", pkgnum:\"1\")) flag++;\nif (slackware_check(osver:\"current\", arch:\"x86_64\", pkgname:\"poppler-data\", pkgver:\"0.3.0\", pkgarch:\"noarch\", pkgnum:\"1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:slackware_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:27:27", "description": "This build addresses several recent security issues.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2009-10-28T00:00:00", "type": "nessus", "title": "Fedora 11 : poppler-0.10.7-3.fc11 (2009-10845)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-3603", "CVE-2009-3604", "CVE-2009-3606", "CVE-2009-3607", "CVE-2009-3608", "CVE-2009-3609"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:poppler", "cpe:/o:fedoraproject:fedora:11"], "id": "FEDORA_2009-10845.NASL", "href": "https://www.tenable.com/plugins/nessus/42280", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2009-10845.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(42280);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2009-3603\", \"CVE-2009-3604\", \"CVE-2009-3606\", \"CVE-2009-3607\", \"CVE-2009-3608\", \"CVE-2009-3609\");\n script_bugtraq_id(36703, 36718);\n script_xref(name:\"FEDORA\", value:\"2009-10845\");\n\n script_name(english:\"Fedora 11 : poppler-0.10.7-3.fc11 (2009-10845)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This build addresses several recent security issues.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=526637\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=526877\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=526893\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=526911\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=526915\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=526924\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2009-October/030415.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?40b9b183\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected poppler package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(189, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:poppler\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/10/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/10/28\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^11([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 11.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC11\", reference:\"poppler-0.10.7-3.fc11\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"poppler\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:27:12", "description": "- apply xpdf-3.02pl4 security patch to fix:\n CVE-2009-1188/CVE-2009-3603, CVE-2009-3604, CVE-2009-3606, CVE-2009-3608, CVE-2009-3609\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2009-10-22T00:00:00", "type": "nessus", "title": "Fedora 10 : xpdf-3.02-15.fc10 (2009-10694)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1188", "CVE-2009-3603", "CVE-2009-3604", "CVE-2009-3606", "CVE-2009-3608", "CVE-2009-3609"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:xpdf", "cpe:/o:fedoraproject:fedora:10"], "id": "FEDORA_2009-10694.NASL", "href": "https://www.tenable.com/plugins/nessus/42194", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2009-10694.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(42194);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2009-1188\", \"CVE-2009-3604\", \"CVE-2009-3606\", \"CVE-2009-3608\", \"CVE-2009-3609\");\n script_bugtraq_id(34568, 36703);\n script_xref(name:\"FEDORA\", value:\"2009-10694\");\n\n script_name(english:\"Fedora 10 : xpdf-3.02-15.fc10 (2009-10694)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - apply xpdf-3.02pl4 security patch to fix:\n CVE-2009-1188/CVE-2009-3603, CVE-2009-3604,\n CVE-2009-3606, CVE-2009-3608, CVE-2009-3609\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=495907\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=526637\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=526877\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=526893\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=526911\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2009-October/030228.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?5ce6013f\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected xpdf package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(189, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:xpdf\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:10\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/10/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/10/22\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^10([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 10.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC10\", reference:\"xpdf-3.02-15.fc10\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"xpdf\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-19T14:19:07", "description": "This build addresses several recent security issues.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2009-10-28T00:00:00", "type": "nessus", "title": "Fedora 10 : poppler-0.8.7-7.fc10 (2009-10823)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-3603", "CVE-2009-3604", "CVE-2009-3606", "CVE-2009-3607", "CVE-2009-3608", "CVE-2009-3609"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:poppler", "cpe:/o:fedoraproject:fedora:10"], "id": "FEDORA_2009-10823.NASL", "href": "https://www.tenable.com/plugins/nessus/42279", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2009-10823.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(42279);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2009-3603\", \"CVE-2009-3604\", \"CVE-2009-3606\", \"CVE-2009-3607\", \"CVE-2009-3608\", \"CVE-2009-3609\");\n script_bugtraq_id(36703, 36718);\n script_xref(name:\"FEDORA\", value:\"2009-10823\");\n\n script_name(english:\"Fedora 10 : poppler-0.8.7-7.fc10 (2009-10823)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This build addresses several recent security issues.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=526637\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=526877\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=526893\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=526911\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=526915\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=526924\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2009-October/030381.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?c04429f4\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected poppler package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(189, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:poppler\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:10\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/10/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/10/28\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^10([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 10.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC10\", reference:\"poppler-0.8.7-7.fc10\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"poppler\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-17T15:46:43", "description": "Several vulnerabilities have been identified in xpdf, a suite of tools for viewing and converting Portable Document Format (PDF) files.\n\nThe Common Vulnerabilities and Exposures project identifies the following problems :\n\n - CVE-2009-1188 and CVE-2009-3603 Integer overflow in SplashBitmap::SplashBitmap which might allow remote attackers to execute arbitrary code or an application crash via a crafted PDF document.\n\n - CVE-2009-3604 NULL pointer dereference or heap-based buffer overflow in Splash::drawImage which might allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PDF document.\n\n - CVE-2009-3606 Integer overflow in the PSOutputDev::doImageL1Sep which might allow remote attackers to execute arbitrary code via a crafted PDF document.\n\n - CVE-2009-3608 Integer overflow in the ObjectStream::ObjectStream which might allow remote attackers to execute arbitrary code via a crafted PDF document.\n\n - CVE-2009-3609 Integer overflow in the ImageStream::ImageStream which might allow remote attackers to cause a denial of service via a crafted PDF document.", "cvss3": {}, "published": "2010-04-06T00:00:00", "type": "nessus", "title": "Debian DSA-2028-1 : xpdf - multiple vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1188", "CVE-2009-3603", "CVE-2009-3604", "CVE-2009-3606", "CVE-2009-3608", "CVE-2009-3609"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:xpdf", "cpe:/o:debian:debian_linux:5.0"], "id": "DEBIAN_DSA-2028.NASL", "href": "https://www.tenable.com/plugins/nessus/45427", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-2028. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(45427);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2009-1188\", \"CVE-2009-3603\", \"CVE-2009-3604\", \"CVE-2009-3606\", \"CVE-2009-3608\", \"CVE-2009-3609\");\n script_bugtraq_id(34568, 36703);\n script_xref(name:\"DSA\", value:\"2028\");\n\n script_name(english:\"Debian DSA-2028-1 : xpdf - multiple vulnerabilities\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several vulnerabilities have been identified in xpdf, a suite of tools\nfor viewing and converting Portable Document Format (PDF) files.\n\nThe Common Vulnerabilities and Exposures project identifies the\nfollowing problems :\n\n - CVE-2009-1188 and CVE-2009-3603\n Integer overflow in SplashBitmap::SplashBitmap which\n might allow remote attackers to execute arbitrary code\n or an application crash via a crafted PDF document.\n\n - CVE-2009-3604\n NULL pointer dereference or heap-based buffer overflow\n in Splash::drawImage which might allow remote attackers\n to cause a denial of service (application crash) or\n possibly execute arbitrary code via a crafted PDF\n document.\n\n - CVE-2009-3606\n Integer overflow in the PSOutputDev::doImageL1Sep which\n might allow remote attackers to execute arbitrary code\n via a crafted PDF document.\n\n - CVE-2009-3608\n Integer overflow in the ObjectStream::ObjectStream which\n might allow remote attackers to execute arbitrary code\n via a crafted PDF document.\n\n - CVE-2009-3609\n Integer overflow in the ImageStream::ImageStream which\n might allow remote attackers to cause a denial of\n service via a crafted PDF document.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=551287\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2009-1188\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2009-3603\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2009-3604\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2009-3606\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2009-3608\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2009-3609\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2010/dsa-2028\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"For the stable distribution (lenny), this problem has been fixed in\nversion 3.02-1.4+lenny2.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(189, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:xpdf\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:5.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/04/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/04/06\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"5.0\", prefix:\"xpdf\", reference:\"3.02-1.4+lenny2\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"xpdf-common\", reference:\"3.02-1.4+lenny2\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"xpdf-reader\", reference:\"3.02-1.4+lenny2\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"xpdf-utils\", reference:\"3.02-1.4+lenny2\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-17T15:47:55", "description": "Several local vulnerabilities have been discovered in KPDF, a PDF viewer for KDE, which allow the execution of arbitrary code or denial of service if a user is tricked into opening a crafted PDF document.", "cvss3": {}, "published": "2010-05-25T00:00:00", "type": "nessus", "title": "Debian DSA-2050-1 : kdegraphics - several vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1188", "CVE-2009-3603", "CVE-2009-3604", "CVE-2009-3606", "CVE-2009-3608", "CVE-2009-3609"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:kdegraphics", "cpe:/o:debian:debian_linux:5.0"], "id": "DEBIAN_DSA-2050.NASL", "href": "https://www.tenable.com/plugins/nessus/46709", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-2050. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(46709);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2009-1188\", \"CVE-2009-3603\", \"CVE-2009-3604\", \"CVE-2009-3606\", \"CVE-2009-3608\", \"CVE-2009-3609\");\n script_bugtraq_id(34568, 36703);\n script_xref(name:\"DSA\", value:\"2050\");\n\n script_name(english:\"Debian DSA-2050-1 : kdegraphics - several vulnerabilities\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several local vulnerabilities have been discovered in KPDF, a PDF\nviewer for KDE, which allow the execution of arbitrary code or denial\nof service if a user is tricked into opening a crafted PDF document.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2010/dsa-2050\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the kdegraphics packages.\n\nFor the stable distribution (lenny), these problems have been fixed in\nversion 4:3.5.9-3+lenny3.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(189, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:kdegraphics\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:5.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/05/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/05/25\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"5.0\", prefix:\"kamera\", reference:\"4:3.5.9-3+lenny3\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"kcoloredit\", reference:\"4:3.5.9-3+lenny3\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"kdegraphics\", reference:\"4:3.5.9-3+lenny3\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"kdegraphics-dbg\", reference:\"4:3.5.9-3+lenny3\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"kdegraphics-dev\", reference:\"4:3.5.9-3+lenny3\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"kdegraphics-doc-html\", reference:\"4:3.5.9-3+lenny3\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"kdegraphics-kfile-plugins\", reference:\"4:3.5.9-3+lenny3\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"kdvi\", reference:\"4:3.5.9-3+lenny3\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"kfax\", reference:\"4:3.5.9-3+lenny3\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"kfaxview\", reference:\"4:3.5.9-3+lenny3\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"kgamma\", reference:\"4:3.5.9-3+lenny3\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"kghostview\", reference:\"4:3.5.9-3+lenny3\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"kiconedit\", reference:\"4:3.5.9-3+lenny3\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"kmrml\", reference:\"4:3.5.9-3+lenny3\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"kolourpaint\", reference:\"4:3.5.9-3+lenny3\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"kooka\", reference:\"4:3.5.9-3+lenny3\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"kpdf\", reference:\"4:3.5.9-3+lenny3\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"kpovmodeler\", reference:\"4:3.5.9-3+lenny3\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"kruler\", reference:\"4:3.5.9-3+lenny3\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"ksnapshot\", reference:\"4:3.5.9-3+lenny3\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"ksvg\", reference:\"4:3.5.9-3+lenny3\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"kuickshow\", reference:\"4:3.5.9-3+lenny3\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"kview\", reference:\"4:3.5.9-3+lenny3\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"kviewshell\", reference:\"4:3.5.9-3+lenny3\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"libkscan-dev\", reference:\"4:3.5.9-3+lenny3\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"libkscan1\", reference:\"4:3.5.9-3+lenny3\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-17T15:48:10", "description": "Add patch from upstream to fix several security issues in xpdf code:\nCVE-2009-1188/CVE-2009-3603, CVE-2009-3604, CVE-2009-3606, CVE-2009-3608, CVE-2009-3609\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2010-07-01T00:00:00", "type": "nessus", "title": "Fedora 12 : pdfedit-0.4.3-4.fc12 (2010-1377)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1188", "CVE-2009-3603", "CVE-2009-3604", "CVE-2009-3606", "CVE-2009-3608", "CVE-2009-3609"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:pdfedit", "cpe:/o:fedoraproject:fedora:12"], "id": "FEDORA_2010-1377.NASL", "href": "https://www.tenable.com/plugins/nessus/47251", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2010-1377.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(47251);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2009-1188\", \"CVE-2009-3603\", \"CVE-2009-3604\", \"CVE-2009-3606\", \"CVE-2009-3608\", \"CVE-2009-3609\");\n script_bugtraq_id(34568, 36703);\n script_xref(name:\"FEDORA\", value:\"2010-1377\");\n\n script_name(english:\"Fedora 12 : pdfedit-0.4.3-4.fc12 (2010-1377)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Add patch from upstream to fix several security issues in xpdf code:\nCVE-2009-1188/CVE-2009-3603, CVE-2009-3604, CVE-2009-3606,\nCVE-2009-3608, CVE-2009-3609\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=495907\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=526637\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=526877\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=526893\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=526911\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2010-February/035408.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?fc076e6b\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected pdfedit package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(189, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:pdfedit\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:12\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/02/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/07/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^12([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 12.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC12\", reference:\"pdfedit-0.4.3-4.fc12\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"pdfedit\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-19T14:19:07", "description": "- apply xpdf-3.02pl4 security patch to fix:\n CVE-2009-1188/CVE-2009-3603, CVE-2009-3604, CVE-2009-3606, CVE-2009-3608, CVE-2009-3609\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2009-10-22T00:00:00", "type": "nessus", "title": "Fedora 11 : xpdf-3.02-15.fc11 (2009-10648)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1188", "CVE-2009-3603", "CVE-2009-3604", "CVE-2009-3606", "CVE-2009-3608", "CVE-2009-3609"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:xpdf", "cpe:/o:fedoraproject:fedora:11"], "id": "FEDORA_2009-10648.NASL", "href": "https://www.tenable.com/plugins/nessus/42192", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2009-10648.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(42192);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2009-1188\", \"CVE-2009-3604\", \"CVE-2009-3606\", \"CVE-2009-3608\", \"CVE-2009-3609\");\n script_bugtraq_id(34568, 36703);\n script_xref(name:\"FEDORA\", value:\"2009-10648\");\n\n script_name(english:\"Fedora 11 : xpdf-3.02-15.fc11 (2009-10648)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - apply xpdf-3.02pl4 security patch to fix:\n CVE-2009-1188/CVE-2009-3603, CVE-2009-3604,\n CVE-2009-3606, CVE-2009-3608, CVE-2009-3609\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=495907\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=526637\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=526877\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=526893\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=526911\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2009-October/030196.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?755b9a3b\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected xpdf package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(189, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:xpdf\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/10/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/10/22\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^11([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 11.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC11\", reference:\"xpdf-3.02-15.fc11\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"xpdf\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-17T15:48:12", "description": "Add patch from upstream to fix several security issues in xpdf code:\nCVE-2009-1188/CVE-2009-3603, CVE-2009-3604, CVE-2009-3606, CVE-2009-3608, CVE-2009-3609\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2010-07-01T00:00:00", "type": "nessus", "title": "Fedora 11 : pdfedit-0.4.3-4.fc11 (2010-1842)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1188", "CVE-2009-3603", "CVE-2009-3604", "CVE-2009-3606", "CVE-2009-3608", "CVE-2009-3609"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:pdfedit", "cpe:/o:fedoraproject:fedora:11"], "id": "FEDORA_2010-1842.NASL", "href": "https://www.tenable.com/plugins/nessus/47275", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2010-1842.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(47275);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2009-1188\", \"CVE-2009-3603\", \"CVE-2009-3604\", \"CVE-2009-3606\", \"CVE-2009-3608\", \"CVE-2009-3609\");\n script_bugtraq_id(34568, 36703);\n script_xref(name:\"FEDORA\", value:\"2010-1842\");\n\n script_name(english:\"Fedora 11 : pdfedit-0.4.3-4.fc11 (2010-1842)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Add patch from upstream to fix several security issues in xpdf code:\nCVE-2009-1188/CVE-2009-3603, CVE-2009-3604, CVE-2009-3606,\nCVE-2009-3608, CVE-2009-3609\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=495907\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=526637\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=526877\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=526893\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=526911\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2010-February/035399.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?5d88b089\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected pdfedit package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(189, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:pdfedit\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/02/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/07/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^11([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 11.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC11\", reference:\"pdfedit-0.4.3-4.fc11\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"pdfedit\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-17T15:48:28", "description": "Add patch from upstream to fix several security issues in xpdf code:\nCVE-2009-1188/CVE-2009-3603, CVE-2009-3604, CVE-2009-3606, CVE-2009-3608, CVE-2009-3609\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2010-07-01T00:00:00", "type": "nessus", "title": "Fedora 13 : pdfedit-0.4.3-4.fc13 (2010-1805)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1188", "CVE-2009-3603", "CVE-2009-3604", "CVE-2009-3606", "CVE-2009-3608", "CVE-2009-3609"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:pdfedit", "cpe:/o:fedoraproject:fedora:13"], "id": "FEDORA_2010-1805.NASL", "href": "https://www.tenable.com/plugins/nessus/47272", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2010-1805.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(47272);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2009-1188\", \"CVE-2009-3603\", \"CVE-2009-3604\", \"CVE-2009-3606\", \"CVE-2009-3608\", \"CVE-2009-3609\");\n script_bugtraq_id(34568, 36703);\n script_xref(name:\"FEDORA\", value:\"2010-1805\");\n\n script_name(english:\"Fedora 13 : pdfedit-0.4.3-4.fc13 (2010-1805)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Add patch from upstream to fix several security issues in xpdf code:\nCVE-2009-1188/CVE-2009-3603, CVE-2009-3604, CVE-2009-3606,\nCVE-2009-3608, CVE-2009-3609\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=495907\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=526637\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=526877\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=526893\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=526911\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2010-February/035340.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?19943eef\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected pdfedit package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(189, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_att