Search...

Google Chrome Multiple Vulnerabilities (win)

2010-04-13T00:00:00

ID OPENVAS:801312
Type openvas
Reporter Copyright (c) 2010 Greenbone Networks GmbH
Modified 2017-02-16T00:00:00

Description

This host is installed with Google Chrome Web Browser and is prone to multiple vulnerabilities.

                                        
                                            ###############################################################################
# OpenVAS Vulnerability Test
# $Id: gb_google_chrome_mult_vuln_apr10.nasl 5306 2017-02-16 09:00:16Z teissa $
#
# Google Chrome Multiple Vulnerabilities (win)
#
# Authors:
# Antu Sanadi &lt;santu@secpod.com&gt;
#
# Copyright:
# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2
# (or any later version), as published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################

tag_impact = "Successful exploitation will let the attacker execute arbitrary code, bypass
  security restrictions, sensitive information disclosure, and can cause other
  attacks.
  Impact Level: Application";
tag_affected = "Google Chrome version prior to 4.1.249.1036 on Windows.";
tag_insight = "Multiple flaws are due to:
  - An error in handling 'SVG' document.
  - Multiple race conditions in the 'sandbox' infrastructure.
  - An error in 'sandbox' infrastructure which does not properly use pointers.
  - An error in proceesing of 'HTTP' headers, processes HTTP headers before
    invoking the SafeBrowsing feature.
  - not having the expected behavior for attempts to delete Web SQL
    Databases and clear the 'Strict Transport Security (STS)' state.
  - An error in processing of 'HTTP Basic Authentication dialog'.
  - Multiple integer overflows errors when processing 'WebKit JavaScript'
    objects.
  - not properly restricting cross-origin operations, which has unspecified
    impact and remote attack vectors.";
tag_solution = "Upgrade to the version 4.1.249.1036 or later,
  For updates refer to http://www.google.com/chrome";
tag_summary = "This host is installed with Google Chrome Web Browser and is prone to
  multiple vulnerabilities.";

if(description)
{
  script_id(801312);
  script_version("$Revision: 5306 $");
  script_tag(name:"last_modification", value:"$Date: 2017-02-16 10:00:16 +0100 (Thu, 16 Feb 2017) $");
  script_tag(name:"creation_date", value:"2010-04-13 16:55:19 +0200 (Tue, 13 Apr 2010)");
  script_cve_id("CVE-2010-1228", "CVE-2010-1229", "CVE-2010-1230", "CVE-2010-1231",
                "CVE-2010-1232", "CVE-2010-1233", "CVE-2010-1234", "CVE-2010-1235",
                "CVE-2010-1236",  "CVE-2010-1237");
  script_tag(name:"cvss_base", value:"10.0");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_name("Google Chrome Multiple Vulnerabilities (win)");
  script_xref(name : "URL" , value : "http://code.google.com/p/chromium/issues/detail?id=37061");
  script_xref(name : "URL" , value : "http://googlechromereleases.blogspot.com/2010/03/stable-channel-update.html");

  script_category(ACT_GATHER_INFO);
  script_tag(name:"qod_type", value:"executable_version");
  script_copyright("Copyright (c) 2010 Greenbone Networks GmbH");
  script_family("General");
  script_dependencies("gb_google_chrome_detect_win.nasl");
  script_require_keys("GoogleChrome/Win/Ver");
  script_tag(name : "impact" , value : tag_impact);
  script_tag(name : "affected" , value : tag_affected);
  script_tag(name : "insight" , value : tag_insight);
  script_tag(name : "solution" , value : tag_solution);
  script_tag(name : "summary" , value : tag_summary);
  exit(0);
}


include("version_func.inc");

gcVer = get_kb_item("GoogleChrome/Win/Ver");
if(!gcVer){
  exit(0);
}

# Check for google chrome Version less than 4.1.249.1036
if(version_is_less(version:gcVer, test_version:"4.1.249.1036")){
  security_message(0);
}

JSON Vulners Source

Initial Source

{"bulletinFamily": "scanner", "viewCount": 0, "naslFamily": "General", "reporter": "Copyright (c) 2010 Greenbone Networks GmbH", "references": ["http://googlechromereleases.blogspot.com/2010/03/stable-channel-update.html", "http://code.google.com/p/chromium/issues/detail?id=37061"], "description": "This host is installed with Google Chrome Web Browser and is prone to\n multiple vulnerabilities.", "hashmap": [{"key": "bulletinFamily", "hash": "bbdaea376f500d25f6b0c1050311dd07"}, {"key": "cvelist", "hash": "0059a9d96f48cab147e83a5fafaaa219"}, {"key": "cvss", "hash": "2bdabeb49c44761f9565717ab0e38165"}, {"key": "description", "hash": "00697ce683005d2334ad2757433531fa"}, {"key": "href", "hash": "0fea975fa9c5bb435dfe81c207322ec9"}, {"key": "modified", "hash": "f48b2af0bd81c0460d2e005d8c33ee02"}, {"key": "naslFamily", "hash": "0db377921f4ce762c62526131097968f"}, {"key": "pluginID", "hash": "27dd183dcff3a5cdbc331679564fe03d"}, {"key": "published", "hash": "32792082efb06ce75d2f682a53d656c6"}, {"key": "references", "hash": "4923be15e588537e3f35c58c889ca17e"}, {"key": "reporter", "hash": "82db6d7eefdc19955bb78be9fb178ae1"}, {"key": "sourceData", "hash": "177c5aa19aa3db6f3882efa882305d75"}, {"key": "title", "hash": "4d9ac6e6f69f68fdec1cd9e598747c25"}, {"key": "type", "hash": "47c1f692ea47a21f716dad07043ade01"}], "href": "http://plugins.openvas.org/nasl.php?oid=801312", "modified": "2017-02-16T00:00:00", "objectVersion": "1.3", "enchantments": {"score": {"value": 8.9, "vector": "NONE", "modified": "2017-07-02T21:09:51"}, "dependencies": {"references": [{"type": "nessus", "idList": ["GOOGLE_CHROME_4_1_249_1036.NASL", "SUSE_11_3_LIBWEBKIT-110104.NASL", "SUSE_11_2_LIBWEBKIT-110111.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310801312"]}, {"type": "cve", "idList": ["CVE-2010-1231", "CVE-2010-1229", "CVE-2010-1230", "CVE-2010-1228", "CVE-2010-1234", "CVE-2010-1233", "CVE-2010-1237", "CVE-2010-1236", "CVE-2010-1235", "CVE-2010-1232"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:24775", "SECURITYVULNS:VULN:11154"]}], "modified": "2017-07-02T21:09:51"}, "vulnersScore": 8.9}, "id": "OPENVAS:801312", "title": "Google Chrome Multiple Vulnerabilities (win)", "hash": "3575cafd8257f48f303f89a1e3fb62471cc189c1f1e53757f11c4860ff9a8a9a", "edition": 1, "published": "2010-04-13T00:00:00", "type": "openvas", "history": [], "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "cvelist": ["CVE-2010-1237", "CVE-2010-1228", "CVE-2010-1232", "CVE-2010-1229", "CVE-2010-1231", "CVE-2010-1235", "CVE-2010-1234", "CVE-2010-1236", "CVE-2010-1233", "CVE-2010-1230"], "lastseen": "2017-07-02T21:09:51", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_google_chrome_mult_vuln_apr10.nasl 5306 2017-02-16 09:00:16Z teissa $\n#\n# Google Chrome Multiple Vulnerabilities (win)\n#\n# Authors:\n# Antu Sanadi <santu@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_impact = \"Successful exploitation will let the attacker execute arbitrary code, bypass\n security restrictions, sensitive information disclosure, and can cause other\n attacks.\n Impact Level: Application\";\ntag_affected = \"Google Chrome version prior to 4.1.249.1036 on Windows.\";\ntag_insight = \"Multiple flaws are due to:\n - An error in handling 'SVG' document.\n - Multiple race conditions in the 'sandbox' infrastructure.\n - An error in 'sandbox' infrastructure which does not properly use pointers.\n - An error in proceesing of 'HTTP' headers, processes HTTP headers before\n invoking the SafeBrowsing feature.\n - not having the expected behavior for attempts to delete Web SQL\n Databases and clear the 'Strict Transport Security (STS)' state.\n - An error in processing of 'HTTP Basic Authentication dialog'.\n - Multiple integer overflows errors when processing 'WebKit JavaScript'\n objects.\n - not properly restricting cross-origin operations, which has unspecified\n impact and remote attack vectors.\";\ntag_solution = \"Upgrade to the version 4.1.249.1036 or later,\n For updates refer to http://www.google.com/chrome\";\ntag_summary = \"This host is installed with Google Chrome Web Browser and is prone to\n multiple vulnerabilities.\";\n\nif(description)\n{\n script_id(801312);\n script_version(\"$Revision: 5306 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-02-16 10:00:16 +0100 (Thu, 16 Feb 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-04-13 16:55:19 +0200 (Tue, 13 Apr 2010)\");\n script_cve_id(\"CVE-2010-1228\", \"CVE-2010-1229\", \"CVE-2010-1230\", \"CVE-2010-1231\",\n \"CVE-2010-1232\", \"CVE-2010-1233\", \"CVE-2010-1234\", \"CVE-2010-1235\",\n \"CVE-2010-1236\", \"CVE-2010-1237\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Google Chrome Multiple Vulnerabilities (win)\");\n script_xref(name : \"URL\" , value : \"http://code.google.com/p/chromium/issues/detail?id=37061\");\n script_xref(name : \"URL\" , value : \"http://googlechromereleases.blogspot.com/2010/03/stable-channel-update.html\");\n\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_google_chrome_detect_win.nasl\");\n script_require_keys(\"GoogleChrome/Win/Ver\");\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n exit(0);\n}\n\n\ninclude(\"version_func.inc\");\n\ngcVer = get_kb_item(\"GoogleChrome/Win/Ver\");\nif(!gcVer){\n exit(0);\n}\n\n# Check for google chrome Version less than 4.1.249.1036\nif(version_is_less(version:gcVer, test_version:\"4.1.249.1036\")){\n security_message(0);\n}\n", "pluginID": "801312"}

{"nessus": [{"lastseen": "2019-11-01T02:43:54", "bulletinFamily": "scanner", "description": "The version of Google Chrome installed on the remote host is prior to\n4.1.249.1036. It is, therefore, affected by multiple vulnerabilities :\n\n - Multiple race conditions and pointer errors in the\n sandbox infrastructure. (Issue #28804, #31880)\n\n - An error relating to persisted metadata such as Web\n Databases and STS. (Issue #20801, #33445)\n\n - HTTP headers are processed before the SafeBrowsing\n check. (Issue #33572)\n\n - A memory error with malformed SVG. (Issue #34978)\n\n - Multiple integer overflows in WebKit JavaScript objects.\n (Issue #35724)\n\n - The HTTP basic auth dialog truncates URLs.\n (Issue #36772)\n\n - It is possible to bypass the download warning dialog.\n (Issue #37007)\n\n - An unspecified cross-origin bypass vulnerability.\n (Issue #37383)\n\n - A memory error relating to empty SVG elements. Note\n that this only affects Chrome Beta versions.\n (Issue #37061)", "modified": "2019-11-02T00:00:00", "id": "GOOGLE_CHROME_4_1_249_1036.NASL", "href": "https://www.tenable.com/plugins/nessus/45086", "published": "2010-03-18T00:00:00", "title": "Google Chrome < 4.1.249.1036 Multiple Vulnerabilities", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(45086);\n script_version(\"1.19\");\n script_cvs_date(\"Date: 2018/11/15 20:50:27\");\n\n script_cve_id(\n \"CVE-2010-1229\",\n \"CVE-2010-1230\",\n \"CVE-2010-1231\",\n \"CVE-2010-1232\",\n \"CVE-2010-1233\",\n \"CVE-2010-1234\",\n \"CVE-2010-1235\",\n \"CVE-2010-1236\",\n \"CVE-2010-1237\"\n );\n script_bugtraq_id(\n 38829,\n 73629,\n 73673\n );\n script_xref(name:\"Secunia\", value:\"39029\");\n\n script_name(english:\"Google Chrome < 4.1.249.1036 Multiple Vulnerabilities\");\n script_summary(english:\"Checks the version number of Google Chrome.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host contains a web browser that is affected by multiple\nvulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Google Chrome installed on the remote host is prior to\n4.1.249.1036. It is, therefore, affected by multiple vulnerabilities :\n\n - Multiple race conditions and pointer errors in the\n sandbox infrastructure. (Issue #28804, #31880)\n\n - An error relating to persisted metadata such as Web\n Databases and STS. (Issue #20801, #33445)\n\n - HTTP headers are processed before the SafeBrowsing\n check. (Issue #33572)\n\n - A memory error with malformed SVG. (Issue #34978)\n\n - Multiple integer overflows in WebKit JavaScript objects.\n (Issue #35724)\n\n - The HTTP basic auth dialog truncates URLs.\n (Issue #36772)\n\n - It is possible to bypass the download warning dialog.\n (Issue #37007)\n\n - An unspecified cross-origin bypass vulnerability.\n (Issue #37383)\n\n - A memory error relating to empty SVG elements. Note\n that this only affects Chrome Beta versions.\n (Issue #37061)\");\n\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?0ec0e092\");\n script_set_attribute(attribute:\"solution\", value:\"Upgrade to Google Chrome 4.1.249.1036 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2010/03/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/03/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/03/18\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:google:chrome\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2010-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"google_chrome_installed.nasl\");\n script_require_keys(\"SMB/Google_Chrome/Installed\");\n\n exit(0);\n}\n\n\ninclude(\"google_chrome_version.inc\");\n\nget_kb_item_or_exit(\"SMB/Google_Chrome/Installed\");\n\ninstalls = get_kb_list(\"SMB/Google_Chrome/*\");\ngoogle_chrome_check_version(installs:installs, fix:'4.1.249.1036', severity:SECURITY_HOLE);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-11-03T12:17:39", "bulletinFamily": "scanner", "description": "Various bugs in webkit have been fixed. The CVE id", "modified": "2019-11-02T00:00:00", "id": "SUSE_11_3_LIBWEBKIT-110104.NASL", "href": "https://www.tenable.com/plugins/nessus/75629", "published": "2014-06-13T00:00:00", "title": "openSUSE Security Update : libwebkit (openSUSE-SU-2011:0024-1)", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update libwebkit-3787.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(75629);\n script_version(\"1.5\");\n script_cvs_date(\"Date: 2019/10/25 13:36:41\");\n\n script_cve_id(\"CVE-2009-0945\", \"CVE-2009-1681\", \"CVE-2009-1684\", \"CVE-2009-1685\", \"CVE-2009-1686\", \"CVE-2009-1687\", \"CVE-2009-1688\", \"CVE-2009-1689\", \"CVE-2009-1690\", \"CVE-2009-1691\", \"CVE-2009-1692\", \"CVE-2009-1693\", \"CVE-2009-1694\", \"CVE-2009-1695\", \"CVE-2009-1696\", \"CVE-2009-1697\", \"CVE-2009-1698\", \"CVE-2009-1699\", \"CVE-2009-1700\", \"CVE-2009-1701\", \"CVE-2009-1702\", \"CVE-2009-1703\", \"CVE-2009-1709\", \"CVE-2009-1710\", \"CVE-2009-1711\", \"CVE-2009-1712\", \"CVE-2009-1713\", \"CVE-2009-1714\", \"CVE-2009-1715\", \"CVE-2009-1718\", \"CVE-2009-1724\", \"CVE-2009-1725\", \"CVE-2009-2195\", \"CVE-2009-2199\", \"CVE-2009-2200\", \"CVE-2009-2419\", \"CVE-2009-2797\", \"CVE-2009-2816\", \"CVE-2009-2841\", \"CVE-2009-3272\", \"CVE-2009-3384\", \"CVE-2009-3933\", \"CVE-2009-3934\", \"CVE-2010-0046\", \"CVE-2010-0047\", \"CVE-2010-0048\", \"CVE-2010-0049\", \"CVE-2010-0050\", \"CVE-2010-0051\", \"CVE-2010-0052\", \"CVE-2010-0053\", \"CVE-2010-0054\", \"CVE-2010-0315\", \"CVE-2010-0647\", \"CVE-2010-0650\", \"CVE-2010-0651\", \"CVE-2010-0656\", \"CVE-2010-0659\", \"CVE-2010-0661\", \"CVE-2010-1029\", \"CVE-2010-1126\", \"CVE-2010-1233\", \"CVE-2010-1236\", \"CVE-2010-1386\", \"CVE-2010-1387\", \"CVE-2010-1388\", \"CVE-2010-1389\", \"CVE-2010-1390\", \"CVE-2010-1391\", \"CVE-2010-1392\", \"CVE-2010-1393\", \"CVE-2010-1394\", \"CVE-2010-1395\", \"CVE-2010-1396\", \"CVE-2010-1397\", \"CVE-2010-1398\", \"CVE-2010-1399\", \"CVE-2010-1400\", \"CVE-2010-1401\", \"CVE-2010-1402\", \"CVE-2010-1403\", \"CVE-2010-1404\", \"CVE-2010-1405\", \"CVE-2010-1406\", \"CVE-2010-1407\", \"CVE-2010-1408\", \"CVE-2010-1409\", \"CVE-2010-1410\", \"CVE-2010-1412\", \"CVE-2010-1413\", \"CVE-2010-1414\", \"CVE-2010-1415\", \"CVE-2010-1416\", \"CVE-2010-1417\", \"CVE-2010-1418\", \"CVE-2010-1419\", \"CVE-2010-1421\", \"CVE-2010-1422\", \"CVE-2010-1729\", \"CVE-2010-1749\", \"CVE-2010-1757\", \"CVE-2010-1758\", \"CVE-2010-1759\", \"CVE-2010-1760\", \"CVE-2010-1761\", \"CVE-2010-1762\", \"CVE-2010-1763\", \"CVE-2010-1764\", \"CVE-2010-1766\", \"CVE-2010-1767\", \"CVE-2010-1769\", \"CVE-2010-1770\", \"CVE-2010-1771\", \"CVE-2010-1772\", \"CVE-2010-1773\", \"CVE-2010-1774\", \"CVE-2010-1780\", \"CVE-2010-1781\", \"CVE-2010-1782\", \"CVE-2010-1783\", \"CVE-2010-1784\", \"CVE-2010-1785\", \"CVE-2010-1786\", \"CVE-2010-1787\", \"CVE-2010-1788\", \"CVE-2010-1789\", \"CVE-2010-1790\", \"CVE-2010-1791\", \"CVE-2010-1792\", \"CVE-2010-1793\", \"CVE-2010-1807\", \"CVE-2010-1812\", \"CVE-2010-1813\", \"CVE-2010-1814\", \"CVE-2010-1815\", \"CVE-2010-1822\", \"CVE-2010-1823\", \"CVE-2010-1824\", \"CVE-2010-1825\", \"CVE-2010-2264\", \"CVE-2010-2295\", \"CVE-2010-2297\", \"CVE-2010-2300\", \"CVE-2010-2301\", \"CVE-2010-2302\", \"CVE-2010-2441\", \"CVE-2010-3116\", \"CVE-2010-3257\", \"CVE-2010-3259\", \"CVE-2010-3312\", \"CVE-2010-3803\", \"CVE-2010-3804\", \"CVE-2010-3805\", \"CVE-2010-3808\", \"CVE-2010-3809\", \"CVE-2010-3810\", \"CVE-2010-3811\", \"CVE-2010-3812\", \"CVE-2010-3813\", \"CVE-2010-3816\", \"CVE-2010-3817\", \"CVE-2010-3818\", \"CVE-2010-3819\", \"CVE-2010-3820\", \"CVE-2010-3821\", \"CVE-2010-3822\", \"CVE-2010-3823\", \"CVE-2010-3824\", \"CVE-2010-3826\", \"CVE-2010-3829\", \"CVE-2010-3900\");\n\n script_name(english:\"openSUSE Security Update : libwebkit (openSUSE-SU-2011:0024-1)\");\n script_summary(english:\"Check for the libwebkit-3787 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Various bugs in webkit have been fixed. The CVE id's are :\n\nCVE-2009-0945, CVE-2009-1681, CVE-2009-1684, CVE-2009-1685,\nCVE-2009-1686, CVE-2009-1687, CVE-2009-1688, CVE-2009-1689,\nCVE-2009-1691, CVE-2009-1690, CVE-2009-1692, CVE-2009-1693,\nCVE-2009-1694, CVE-2009-1695, CVE-2009-1696, CVE-2009-1697,\nCVE-2009-1698, CVE-2009-1699, CVE-2009-1700, CVE-2009-1701,\nCVE-2009-1702, CVE-2009-1703, CVE-2009-1709, CVE-2009-1710,\nCVE-2009-1711, CVE-2009-1712, CVE-2009-1713, CVE-2009-1714,\nCVE-2009-1715, CVE-2009-1718, CVE-2009-1724, CVE-2009-1725,\nCVE-2009-2195, CVE-2009-2199, CVE-2009-2200, CVE-2009-2419,\nCVE-2009-2797, CVE-2009-2816, CVE-2009-2841, CVE-2009-3272,\nCVE-2009-3384, CVE-2009-3933, CVE-2009-3934, CVE-2010-0046,\nCVE-2010-0047, CVE-2010-0048, CVE-2010-0049, CVE-2010-0050,\nCVE-2010-0052, CVE-2010-0053, CVE-2010-0054, CVE-2010-0315,\nCVE-2010-0647, CVE-2010-0051, CVE-2010-0650, CVE-2010-0651,\nCVE-2010-0656, CVE-2010-0659, CVE-2010-0661, CVE-2010-1029,\nCVE-2010-1126, CVE-2010-1233, CVE-2010-1236, CVE-2010-1386,\nCVE-2010-1387, CVE-2010-1388, CVE-2010-1389, CVE-2010-1390,\nCVE-2010-1391, CVE-2010-1392, CVE-2010-1393, CVE-2010-1394,\nCVE-2010-1395, CVE-2010-1396, CVE-2010-1397, CVE-2010-1398,\nCVE-2010-1399, CVE-2010-1400, CVE-2010-1401, CVE-2010-1402,\nCVE-2010-1403, CVE-2010-1404, CVE-2010-1405, CVE-2010-1406,\nCVE-2010-1407, CVE-2010-1408, CVE-2010-1409, CVE-2010-1410,\nCVE-2010-1412, CVE-2010-1413, CVE-2010-1414, CVE-2010-1415,\nCVE-2010-1416, CVE-2010-1417, CVE-2010-1418, CVE-2010-1419,\nCVE-2010-1421, CVE-2010-1422, CVE-2010-1729, CVE-2010-1749,\nCVE-2010-1757, CVE-2010-1758, CVE-2010-1759, CVE-2010-1760,\nCVE-2010-1761, CVE-2010-1762, CVE-2010-1763, CVE-2010-1764,\nCVE-2010-1766, CVE-2010-1767, CVE-2010-1769, CVE-2010-1770,\nCVE-2010-1771, CVE-2010-1772, CVE-2010-1773, CVE-2010-1774,\nCVE-2010-1780, CVE-2010-1781, CVE-2010-1782, CVE-2010-1783,\nCVE-2010-1784, CVE-2010-1785, CVE-2010-1786, CVE-2010-1787,\nCVE-2010-1788, CVE-2010-1789, CVE-2010-1790, CVE-2010-1791,\nCVE-2010-1792, CVE-2010-1793, CVE-2010-1807, CVE-2010-1812,\nCVE-2010-1813, CVE-2010-1814, CVE-2010-1815, CVE-2010-1822,\nCVE-2010-1823, CVE-2010-1824, CVE-2010-1825, CVE-2010-2264,\nCVE-2010-2295, CVE-2010-2297, CVE-2010-2300, CVE-2010-2301,\nCVE-2010-2302, CVE-2010-2441, CVE-2010-3116, CVE-2010-3257,\nCVE-2010-3259, CVE-2010-3312, CVE-2010-3803, CVE-2010-3804,\nCVE-2010-3805, CVE-2010-3808, CVE-2010-3809, CVE-2010-3810,\nCVE-2010-3811, CVE-2010-3812, CVE-2010-3813, CVE-2010-3816,\nCVE-2010-3817, CVE-2010-3818, CVE-2010-3819, CVE-2010-3820,\nCVE-2010-3821, CVE-2010-3822, CVE-2010-3823, CVE-2010-3824,\nCVE-2010-3826, CVE-2010-3829, CVE-2010-3900, CVE-2010-4040\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=601349\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2011-01/msg00013.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libwebkit packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n script_cwe_id(20, 79, 94, 119, 189, 200, 264, 310, 352, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libwebkit-1_0-2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libwebkit-1_0-2-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libwebkit-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libwebkit-lang\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:webkit-jsc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/01/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.3\", reference:\"libwebkit-1_0-2-1.2.6-0.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"libwebkit-devel-1.2.6-0.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"libwebkit-lang-1.2.6-0.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"webkit-jsc-1.2.6-0.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", cpu:\"x86_64\", reference:\"libwebkit-1_0-2-32bit-1.2.6-0.2.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libwebkit-1_0-2 / libwebkit-1_0-2-32bit / libwebkit-devel / etc\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-11-03T12:17:34", "bulletinFamily": "scanner", "description": "Various bugs in webkit have been fixed. The CVE id", "modified": "2019-11-02T00:00:00", "id": "SUSE_11_2_LIBWEBKIT-110111.NASL", "href": "https://www.tenable.com/plugins/nessus/53764", "published": "2011-05-05T00:00:00", "title": "openSUSE Security Update : libwebkit (openSUSE-SU-2011:0024-1)", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update libwebkit-3787.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(53764);\n script_version(\"1.8\");\n script_cvs_date(\"Date: 2019/10/25 13:36:41\");\n\n script_cve_id(\"CVE-2009-0945\", \"CVE-2009-1681\", \"CVE-2009-1684\", \"CVE-2009-1685\", \"CVE-2009-1686\", \"CVE-2009-1687\", \"CVE-2009-1688\", \"CVE-2009-1689\", \"CVE-2009-1690\", \"CVE-2009-1691\", \"CVE-2009-1692\", \"CVE-2009-1693\", \"CVE-2009-1694\", \"CVE-2009-1695\", \"CVE-2009-1696\", \"CVE-2009-1697\", \"CVE-2009-1698\", \"CVE-2009-1699\", \"CVE-2009-1700\", \"CVE-2009-1701\", \"CVE-2009-1702\", \"CVE-2009-1703\", \"CVE-2009-1709\", \"CVE-2009-1710\", \"CVE-2009-1711\", \"CVE-2009-1712\", \"CVE-2009-1713\", \"CVE-2009-1714\", \"CVE-2009-1715\", \"CVE-2009-1718\", \"CVE-2009-1724\", \"CVE-2009-1725\", \"CVE-2009-2195\", \"CVE-2009-2199\", \"CVE-2009-2200\", \"CVE-2009-2419\", \"CVE-2009-2797\", \"CVE-2009-2816\", \"CVE-2009-2841\", \"CVE-2009-3272\", \"CVE-2009-3384\", \"CVE-2009-3933\", \"CVE-2009-3934\", \"CVE-2010-0046\", \"CVE-2010-0047\", \"CVE-2010-0048\", \"CVE-2010-0049\", \"CVE-2010-0050\", \"CVE-2010-0051\", \"CVE-2010-0052\", \"CVE-2010-0053\", \"CVE-2010-0054\", \"CVE-2010-0315\", \"CVE-2010-0647\", \"CVE-2010-0650\", \"CVE-2010-0651\", \"CVE-2010-0656\", \"CVE-2010-0659\", \"CVE-2010-0661\", \"CVE-2010-1029\", \"CVE-2010-1126\", \"CVE-2010-1233\", \"CVE-2010-1236\", \"CVE-2010-1386\", \"CVE-2010-1387\", \"CVE-2010-1388\", \"CVE-2010-1389\", \"CVE-2010-1390\", \"CVE-2010-1391\", \"CVE-2010-1392\", \"CVE-2010-1393\", \"CVE-2010-1394\", \"CVE-2010-1395\", \"CVE-2010-1396\", \"CVE-2010-1397\", \"CVE-2010-1398\", \"CVE-2010-1399\", \"CVE-2010-1400\", \"CVE-2010-1401\", \"CVE-2010-1402\", \"CVE-2010-1403\", \"CVE-2010-1404\", \"CVE-2010-1405\", \"CVE-2010-1406\", \"CVE-2010-1407\", \"CVE-2010-1408\", \"CVE-2010-1409\", \"CVE-2010-1410\", \"CVE-2010-1412\", \"CVE-2010-1413\", \"CVE-2010-1414\", \"CVE-2010-1415\", \"CVE-2010-1416\", \"CVE-2010-1417\", \"CVE-2010-1418\", \"CVE-2010-1419\", \"CVE-2010-1421\", \"CVE-2010-1422\", \"CVE-2010-1729\", \"CVE-2010-1749\", \"CVE-2010-1757\", \"CVE-2010-1758\", \"CVE-2010-1759\", \"CVE-2010-1760\", \"CVE-2010-1761\", \"CVE-2010-1762\", \"CVE-2010-1763\", \"CVE-2010-1764\", \"CVE-2010-1766\", \"CVE-2010-1767\", \"CVE-2010-1769\", \"CVE-2010-1770\", \"CVE-2010-1771\", \"CVE-2010-1772\", \"CVE-2010-1773\", \"CVE-2010-1774\", \"CVE-2010-1780\", \"CVE-2010-1781\", \"CVE-2010-1782\", \"CVE-2010-1783\", \"CVE-2010-1784\", \"CVE-2010-1785\", \"CVE-2010-1786\", \"CVE-2010-1787\", \"CVE-2010-1788\", \"CVE-2010-1789\", \"CVE-2010-1790\", \"CVE-2010-1791\", \"CVE-2010-1792\", \"CVE-2010-1793\", \"CVE-2010-1807\", \"CVE-2010-1812\", \"CVE-2010-1813\", \"CVE-2010-1814\", \"CVE-2010-1815\", \"CVE-2010-1822\", \"CVE-2010-1823\", \"CVE-2010-1824\", \"CVE-2010-1825\", \"CVE-2010-2264\", \"CVE-2010-2295\", \"CVE-2010-2297\", \"CVE-2010-2300\", \"CVE-2010-2301\", \"CVE-2010-2302\", \"CVE-2010-2441\", \"CVE-2010-3116\", \"CVE-2010-3257\", \"CVE-2010-3259\", \"CVE-2010-3312\", \"CVE-2010-3803\", \"CVE-2010-3804\", \"CVE-2010-3805\", \"CVE-2010-3808\", \"CVE-2010-3809\", \"CVE-2010-3810\", \"CVE-2010-3811\", \"CVE-2010-3812\", \"CVE-2010-3813\", \"CVE-2010-3816\", \"CVE-2010-3817\", \"CVE-2010-3818\", \"CVE-2010-3819\", \"CVE-2010-3820\", \"CVE-2010-3821\", \"CVE-2010-3822\", \"CVE-2010-3823\", \"CVE-2010-3824\", \"CVE-2010-3826\", \"CVE-2010-3829\", \"CVE-2010-3900\");\n\n script_name(english:\"openSUSE Security Update : libwebkit (openSUSE-SU-2011:0024-1)\");\n script_summary(english:\"Check for the libwebkit-3787 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Various bugs in webkit have been fixed. The CVE id's are :\n\nCVE-2009-0945, CVE-2009-1681, CVE-2009-1684, CVE-2009-1685,\nCVE-2009-1686, CVE-2009-1687, CVE-2009-1688, CVE-2009-1689,\nCVE-2009-1691, CVE-2009-1690, CVE-2009-1692, CVE-2009-1693,\nCVE-2009-1694, CVE-2009-1695, CVE-2009-1696, CVE-2009-1697,\nCVE-2009-1698, CVE-2009-1699, CVE-2009-1700, CVE-2009-1701,\nCVE-2009-1702, CVE-2009-1703, CVE-2009-1709, CVE-2009-1710,\nCVE-2009-1711, CVE-2009-1712, CVE-2009-1713, CVE-2009-1714,\nCVE-2009-1715, CVE-2009-1718, CVE-2009-1724, CVE-2009-1725,\nCVE-2009-2195, CVE-2009-2199, CVE-2009-2200, CVE-2009-2419,\nCVE-2009-2797, CVE-2009-2816, CVE-2009-2841, CVE-2009-3272,\nCVE-2009-3384, CVE-2009-3933, CVE-2009-3934, CVE-2010-0046,\nCVE-2010-0047, CVE-2010-0048, CVE-2010-0049, CVE-2010-0050,\nCVE-2010-0052, CVE-2010-0053, CVE-2010-0054, CVE-2010-0315,\nCVE-2010-0647, CVE-2010-0051, CVE-2010-0650, CVE-2010-0651,\nCVE-2010-0656, CVE-2010-0659, CVE-2010-0661, CVE-2010-1029,\nCVE-2010-1126, CVE-2010-1233, CVE-2010-1236, CVE-2010-1386,\nCVE-2010-1387, CVE-2010-1388, CVE-2010-1389, CVE-2010-1390,\nCVE-2010-1391, CVE-2010-1392, CVE-2010-1393, CVE-2010-1394,\nCVE-2010-1395, CVE-2010-1396, CVE-2010-1397, CVE-2010-1398,\nCVE-2010-1399, CVE-2010-1400, CVE-2010-1401, CVE-2010-1402,\nCVE-2010-1403, CVE-2010-1404, CVE-2010-1405, CVE-2010-1406,\nCVE-2010-1407, CVE-2010-1408, CVE-2010-1409, CVE-2010-1410,\nCVE-2010-1412, CVE-2010-1413, CVE-2010-1414, CVE-2010-1415,\nCVE-2010-1416, CVE-2010-1417, CVE-2010-1418, CVE-2010-1419,\nCVE-2010-1421, CVE-2010-1422, CVE-2010-1729, CVE-2010-1749,\nCVE-2010-1757, CVE-2010-1758, CVE-2010-1759, CVE-2010-1760,\nCVE-2010-1761, CVE-2010-1762, CVE-2010-1763, CVE-2010-1764,\nCVE-2010-1766, CVE-2010-1767, CVE-2010-1769, CVE-2010-1770,\nCVE-2010-1771, CVE-2010-1772, CVE-2010-1773, CVE-2010-1774,\nCVE-2010-1780, CVE-2010-1781, CVE-2010-1782, CVE-2010-1783,\nCVE-2010-1784, CVE-2010-1785, CVE-2010-1786, CVE-2010-1787,\nCVE-2010-1788, CVE-2010-1789, CVE-2010-1790, CVE-2010-1791,\nCVE-2010-1792, CVE-2010-1793, CVE-2010-1807, CVE-2010-1812,\nCVE-2010-1813, CVE-2010-1814, CVE-2010-1815, CVE-2010-1822,\nCVE-2010-1823, CVE-2010-1824, CVE-2010-1825, CVE-2010-2264,\nCVE-2010-2295, CVE-2010-2297, CVE-2010-2300, CVE-2010-2301,\nCVE-2010-2302, CVE-2010-2441, CVE-2010-3116, CVE-2010-3257,\nCVE-2010-3259, CVE-2010-3312, CVE-2010-3803, CVE-2010-3804,\nCVE-2010-3805, CVE-2010-3808, CVE-2010-3809, CVE-2010-3810,\nCVE-2010-3811, CVE-2010-3812, CVE-2010-3813, CVE-2010-3816,\nCVE-2010-3817, CVE-2010-3818, CVE-2010-3819, CVE-2010-3820,\nCVE-2010-3821, CVE-2010-3822, CVE-2010-3823, CVE-2010-3824,\nCVE-2010-3826, CVE-2010-3829, CVE-2010-3900, CVE-2010-4040\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=601349\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2011-01/msg00013.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libwebkit packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n script_cwe_id(20, 79, 94, 119, 189, 200, 264, 310, 352, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libwebkit-1_0-2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libwebkit-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libwebkit-lang\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:webkit-jsc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/01/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/05/05\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.2\", reference:\"libwebkit-1_0-2-1.2.6-0.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"libwebkit-devel-1.2.6-0.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"libwebkit-lang-1.2.6-0.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"webkit-jsc-1.2.6-0.5.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libwebkit-1_0-2 / libwebkit-devel / libwebkit-lang / webkit-jsc\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "openvas": [{"lastseen": "2019-07-19T22:17:41", "bulletinFamily": "scanner", "description": "This host is installed with Google Chrome Web Browser and is prone to\n multiple vulnerabilities.", "modified": "2019-07-17T00:00:00", "published": "2010-04-13T00:00:00", "id": "OPENVAS:1361412562310801312", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310801312", "title": "Google Chrome Multiple Vulnerabilities (win)", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Google Chrome Multiple Vulnerabilities (win)\n#\n# Authors:\n# Antu Sanadi <santu@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.801312\");\n script_version(\"2019-07-17T08:15:16+0000\");\n script_tag(name:\"last_modification\", value:\"2019-07-17 08:15:16 +0000 (Wed, 17 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2010-04-13 16:55:19 +0200 (Tue, 13 Apr 2010)\");\n script_cve_id(\"CVE-2010-1228\", \"CVE-2010-1229\", \"CVE-2010-1230\", \"CVE-2010-1231\",\n \"CVE-2010-1232\", \"CVE-2010-1233\", \"CVE-2010-1234\", \"CVE-2010-1235\",\n \"CVE-2010-1236\", \"CVE-2010-1237\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Google Chrome Multiple Vulnerabilities (win)\");\n script_xref(name:\"URL\", value:\"http://code.google.com/p/chromium/issues/detail?id=37061\");\n script_xref(name:\"URL\", value:\"http://googlechromereleases.blogspot.com/2010/03/stable-channel-update.html\");\n\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_google_chrome_detect_portable_win.nasl\");\n script_mandatory_keys(\"GoogleChrome/Win/Ver\");\n script_tag(name:\"impact\", value:\"Successful exploitation will let the attacker execute arbitrary code, bypass\n security restrictions, sensitive information disclosure, and can cause other\n attacks.\");\n script_tag(name:\"affected\", value:\"Google Chrome version prior to 4.1.249.1036 on Windows.\");\n script_tag(name:\"insight\", value:\"Multiple flaws are due to:\n\n - An error in handling 'SVG' document.\n\n - Multiple race conditions in the 'sandbox' infrastructure.\n\n - An error in 'sandbox' infrastructure which does not properly use pointers.\n\n - An error in proceesing of 'HTTP' headers, processes HTTP headers before\n invoking the SafeBrowsing feature.\n\n - not having the expected behavior for attempts to delete Web SQL\n Databases and clear the 'Strict Transport Security (STS)' state.\n\n - An error in processing of 'HTTP Basic Authentication dialog'.\n\n - Multiple integer overflows errors when processing 'WebKit JavaScript'\n objects.\n\n - not properly restricting cross-origin operations, which has unspecified\n impact and remote attack vectors.\");\n script_tag(name:\"solution\", value:\"Upgrade to the version 4.1.249.1036 or later.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"This host is installed with Google Chrome Web Browser and is prone to\n multiple vulnerabilities.\");\n\n exit(0);\n}\n\n\ninclude(\"version_func.inc\");\n\ngcVer = get_kb_item(\"GoogleChrome/Win/Ver\");\nif(!gcVer){\n exit(0);\n}\n\nif(version_is_less(version:gcVer, test_version:\"4.1.249.1036\")){\n security_message( port: 0, data: \"The target host was found to be vulnerable\" );\n exit(0);\n}\n\nexit(99);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "cve": [{"lastseen": "2019-05-29T18:10:27", "bulletinFamily": "NVD", "description": "Google Chrome before 4.1.249.1036 processes HTTP headers before invoking the SafeBrowsing feature, which allows remote attackers to have an unspecified impact via crafted headers.", "modified": "2017-09-19T01:30:00", "id": "CVE-2010-1231", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-1231", "published": "2010-04-01T22:30:00", "title": "CVE-2010-1231", "type": "cve", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:10:27", "bulletinFamily": "NVD", "description": "The sandbox infrastructure in Google Chrome before 4.1.249.1036 does not properly use pointers, which has unspecified impact and attack vectors.", "modified": "2017-09-19T01:30:00", "id": "CVE-2010-1229", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-1229", "published": "2010-04-01T22:30:00", "title": "CVE-2010-1229", "type": "cve", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:10:27", "bulletinFamily": "NVD", "description": "Google Chrome before 4.1.249.1036 does not have the expected behavior for attempts to delete Web SQL Databases and clear the Strict Transport Security (STS) state, which has unspecified impact and attack vectors.", "modified": "2018-11-16T16:28:00", "id": "CVE-2010-1230", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-1230", "published": "2010-04-01T22:30:00", "title": "CVE-2010-1230", "type": "cve", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:10:27", "bulletinFamily": "NVD", "description": "Multiple race conditions in the sandbox infrastructure in Google Chrome before 4.1.249.1036 have unspecified impact and attack vectors.", "modified": "2017-09-19T01:30:00", "id": "CVE-2010-1228", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-1228", "published": "2010-04-01T22:30:00", "title": "CVE-2010-1228", "type": "cve", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:10:27", "bulletinFamily": "NVD", "description": "Google Chrome before 4.1.249.1036 allows remote attackers to cause a denial of service (memory error) or possibly have unspecified other impact via a malformed SVG document.", "modified": "2017-09-19T01:30:00", "id": "CVE-2010-1232", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-1232", "published": "2010-04-01T22:30:00", "title": "CVE-2010-1232", "type": "cve", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:10:27", "bulletinFamily": "NVD", "description": "Unspecified vulnerability in Google Chrome before 4.1.249.1036 allows remote attackers to truncate the URL shown in the HTTP Basic Authentication dialog via unknown vectors.", "modified": "2017-09-19T01:30:00", "id": "CVE-2010-1234", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-1234", "published": "2010-04-01T22:30:00", "title": "CVE-2010-1234", "type": "cve", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:10:27", "bulletinFamily": "NVD", "description": "Google Chrome 4.1 BETA before 4.1.249.1036 allows remote attackers to cause a denial of service (memory error) or possibly have unspecified other impact via an empty SVG element.", "modified": "2017-09-19T01:30:00", "id": "CVE-2010-1237", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-1237", "published": "2010-04-01T22:30:00", "title": "CVE-2010-1237", "type": "cve", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:10:27", "bulletinFamily": "NVD", "description": "The protocolIs function in platform/KURLGoogle.cpp in WebCore in WebKit before r55822, as used in Google Chrome before 4.1.249.1036 and Flock Browser 3.x before 3.0.0.4112, does not properly handle whitespace at the beginning of a URL, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted javascript: URL, as demonstrated by a \\x00javascript:alert sequence.", "modified": "2017-09-19T01:30:00", "id": "CVE-2010-1236", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-1236", "published": "2010-04-01T22:30:00", "title": "CVE-2010-1236", "type": "cve", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2019-05-29T18:10:27", "bulletinFamily": "NVD", "description": "Multiple integer overflows in Google Chrome before 4.1.249.1036 allow remote attackers to have an unspecified impact via vectors involving WebKit JavaScript objects.", "modified": "2017-09-19T01:30:00", "id": "CVE-2010-1233", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-1233", "published": "2010-04-01T22:30:00", "title": "CVE-2010-1233", "type": "cve", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:10:27", "bulletinFamily": "NVD", "description": "Unspecified vulnerability in Google Chrome before 4.1.249.1036 allows remote attackers to trigger the omission of a download warning dialog via unknown vectors.", "modified": "2017-09-19T01:30:00", "id": "CVE-2010-1235", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-1235", "published": "2010-04-01T22:30:00", "title": "CVE-2010-1235", "type": "cve", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:36", "bulletinFamily": "software", "description": "-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\nFLOCK-SA-2010-03\r\n\r\nhttp://flock.com/security/\r\n\r\nTitle: javascript: url with a leading NULL byte can bypass\r\n cross origin protection (XSS)\r\n\r\nImpact: High\r\n\r\nAnnounced on: 2010-09-09\r\n\r\nAffected Products: Flock 3 versions prior to 3.0.0.4112\r\n\r\nCVEs (cve.mitre.org): CVE-2010-1236\r\n\r\nDetails:\r\n\r\nA javascript: url with a leading NULL byte can bypass cross origin\r\nprotection, which has unspecified impact and remote attack vectors.\r\n\r\nCredit to kuzzcc (for Chromium) and Lostmon Lords (for Flock).\r\n\r\nReferences: https://bugs.webkit.org/show_bug.cgi?id=35948\r\n http://code.google.com/p/chromium/issues/detail?id=37383\r\n\r\n\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG/MacGPG2 v2.0.14 (Darwin)\r\nComment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/\r\n\r\niQIcBAEBAgAGBQJMj6snAAoJEPzFtDWO6ceqQ9sQAJdW6oNQqL5QglNP53pQ17Be\r\nLnwWdsAQ8vNtUwlGvBJnlSbVELXtR1TnrJ8DQiUH+qgWqiiSUPQmoTb1O6wE4rXZ\r\ntyLZAmCK4vjZdonJQ4Cb2vx+QT+aSd7r+14E1JESjQBE3t8iVirFeElVNS8Jui2l\r\n/C++r3nQI0BLK6fc9eQzxHp7eBXCcu7YGw24QMA+xmkagJEI7a4Ijio36Gh7huqJ\r\n6nwzZNYccl0aziepnTN9vC1C/z8/xEVBMjJv9K3SZ3n3Xdth2LfmC9Zl+7OP57Sb\r\nLhZUgkTQsE4spsd7BFUfIkB3fbGH1m3X9SnmR6enDuN1bd0nxML95FZGz6jHnMhz\r\nKw0Gj02D/25QPe4bdwvuR5C//xxms4bd6Sku27tEaYHzfiqS3MzkAhbgiHKJtukP\r\n5qn3EmwWGVnWUnw30+jUyKfcnsKrJ2991vYseP3dOEMNL4YDz8hPnCYPxnHUDpIz\r\nYX9E8XNHOg5l6fnRLWTnRkeeQqMWZC+1XsMkoOe7Yj5Gx2aylK13N8flFx7Jk/vZ\r\nlHYSGYiymFmFqjjCIGIddXbTvW3D/rEboTxwoMkUXdq9rCwUIRHA8k8zOS709tqY\r\nlLg5+vsah2PT5WD1MJCzke3fQmr+g35Jfqppa/x9nEWhHsWBSBsZfFTCXL9lWz6w\r\nfqrdrSEPNI2jMVBTeVeC\r\n=/KZw\r\n-----END PGP SIGNATURE-----", "modified": "2010-09-17T00:00:00", "published": "2010-09-17T00:00:00", "id": "SECURITYVULNS:DOC:24775", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:24775", "title": "[FLOCK-SA-2010-03] Flock Browser: javascript: url with a leading NULL byte can bypass cross origin protection (XSS)", "type": "securityvulns", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-08-31T11:09:38", "bulletinFamily": "software", "description": "Multiple crossite scripting vulnerabilities.", "modified": "2010-09-17T00:00:00", "published": "2010-09-17T00:00:00", "id": "SECURITYVULNS:VULN:11154", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:11154", "title": "Flock browser crossite scripting", "type": "securityvulns", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}]}